Vous êtes sur la page 1sur 76

Skill Based Elective VI:

TCP/IP and Protocol

Unit 1: Introduction, Understanding the Purpose and Function of Networking Models, Networking Model, Network Interface, Media Access Control, Network Interface Hardware/Software, OSI Model, The Microsoft Model, TCP/IP Protocol Suite.

Unit - 2: Host-to-Host Transport, Transmission Control Protocol, User Datagram Protocol, Application, NetBIOS over TCP, Windows Internet Name Service Server Message Block/Common Internet File System, Internet Printing Protocol, Windows Sockets, Telnet Dynamic Host Configuration Protocol Simple Mail Transport Protocol Post Office Protocol - Internet Message Access Protocol - Hypertext Transport Protocol Network News Transfer Protocol - File Transfer Protocol - Domain Naming System Routing Information Protocol - SNMP

Unit - 3: IP Addressing - Converting from Decimal to Binary - Network ID and Host ID - Rules for Network IDs - Rules for Host IDs - Class A - Class B - Class C - Class D and Class E

Unit - 4: Determine the Number of Host Bits to Be Used-Determine the New Sub netted Network IDs - Determine the IP Addresses for Each New Subnet Creating the Subnet Mask - Public and Private IP Addresses - Basic IP Routing - Name and Address Resolution - Host Name Resolution - How Packets Travel from Network to Network - IP Routing Tables - Route Processing - Physical Address Resolution - Inverse ARP - Proxy ARP - Static and Dynamic IP Routers Routing

Unit - 5: Exam Objectives Fast Track Self Test Example of a Simple Glassful Network Summary of Exam Objectives

References: 1) Richard Stevens, Advanced programming in the UNIX Environment, Addison Wesley, 1999. 2) Richard Stevens, UNIX Network Programming Volume 1,2, Prentice Hall International,1998. 3) William Stallings, Data and Computer Communications, 5th edition, PHI, 1997.

UNIT-I Purpose of Network Architecture:

Network architecture is making better commanication and decrease the administrative task as well as to avoid to have error and conflicte in between so it will work in healthy condition and we can provide better security for data's to avoid misuse fo data and servicess so we can architecte network in the such a way. We can implement server stucture and software deployment servicess whitch will make better and less administrative task whitch is really provide good communication and very good foult taularence and security for data mind it in any company data is the main important source it may be software code, or as accounts so network architecture is very necessory thing for this kind structures. Networking Model When dealing with networking, you may hear the terms "network model" and "network layer" used often. Network models define a set of network layers and how they interact. There are several different network models depending on what organization or company started them. The most important two are:

The TCP/IP Model - This model is sometimes called the DOD model since it was designed for the department of defense. It is also called the internet model because TCP/IP is the protocol used on the internet. OSI Network Model - The International Standards Organization (ISO) has defined a standard called the Open Systems Interconnection (OSI) reference model. This is a seven layer architecture listed in the next section.

The International Standards Organization (ISO) has defined a standard called the Open Systems Interconnection (OSI) reference model. This is a seven layer architecture listed below. Each layer is considered to be responsible for a different part of the communications. This concept was developed to accommodate changes in technology. The layers are arranged here from the lower levels starting with the physical (hardware) to the higher levels. 1. Physical Layer - The actual hardware. Concerned with the connection between the computer and the network. 2. Data Link Layer - Data transfer method (802x ethernet). Puts data in frames and ensures error free transmission. Also controls the timing of the network transmission. IEEE divided this layer into the two following sublayers. 1. Media Access Control (MAC) - Used to coordinate the sending of data between computers. The 802.3, 4, 5, and 12 standards apply to this layer. If you hear someone talking about the MAC address of a network card, they are referring to the hardware address of the card. 2. Logical Link control (LLC) - Maintains the Link between two computers by establishing Service Access Points (SAPs) which are a series of interface points. IEEE802.2. 3. Network Layer - IP network protocol. Routes messages using the best path available. Concerned with message priority, status, and data congestion. 4. Transport Layer - TCP, UDP. Provides properly sequenced and error free transmission. Recombines fragmented packets. 5. Session Layer - Determines when the session is begun or opened, how long it is used, and when it is closed. concerned with security and name recognition.

6. Presentation Layer - ASCII or EBCDEC data syntax. Makes the type of data transparent to the layers around it. Used to translate date to computer specific format such as byte ordering. It may include compression. It prepares the data, either for the network or the application depending on the direction it is going. 7. Application Layer - Provides the ability for user applications to interact with the network. Many protocol stacks overlap the borders of the seven layer model. Transmission Control Protocol (TCP) provides the function of session and some of the transport layer. The Internet Protocol (IP) provides the function of the rest of the transport and most of the network layer. Netware Core Protocol (NCP) provides the function of the application, presentation, and the session layer. When we talk about Local Area Network (LAN) technology the IEEE 802 standard may be heard. This standard defines networking connections for the interface card and the physical connections, describing how they are done. The 802 standards were published by the Institute of Electrical and Electronics Engineers (IEEE). The 802.3 standard is called Ethernet. The ethernet standard data encapsulation method is defined by RFC 894. RFC 1042 defines the IP to link layer data encapsulation for networks using the IEEE 802 standards. The 802 standards define the two lowest levels of the seven layer network model and primarily deal with the control of access to the network media. The network media is the physical means of carrying the data such as network cable. The control of access to the media is called media access control (MAC). The 802 standards are listed below:

802.1 - Internetworking 802.2 - Logical Link Control * 802.3 - Ethernet or CSMA/CD, Carrier-Sense Multiple Access with Collision detection LAN * 802.4 - Token-Bus LAN * 802.5 - Token Ring LAN * 802.6 - Metropolitan Area Network (MAN) 802.7 - Broadband Technical Advisory Group 802.8 - Fiber-Optic Technical Advisory Group 802.9 - Integrated Voice/Data Networks 802.10 - Network Security 802.11 - Wireless Networks 802.12 - Demand Priority Access LAN, 100 Base VG-AnyLAN

*The ones with stars should be remembered in order for network certification testing.

Network Access Methods

o o

Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) - Used by Ethernet Carrier-Sense Multiple Access with Collision Avoidance

Token Passing Demand Priority - Describes a method where intelligent hubs control data transmission. A computer will send a demand signal to the hub indicating that it wants to transmit. The hub will respond with an acknowledgement that will allow the computer to transmit. The hub will allow computers to transmit in turn. An example of a demand priority network is 100VG-AnyLAN (IEEE 802.12). It uses a star-bus topology.

Polling - A central controller, also called the primary device will poll computers, called secondary devices, to find out if they have data to transmit of so the central controller will allow them to transmit for a limited time, then the next device is polled.

Network interface
The most important PC device is the network interface card (NIC). Each computer on the network, including the servers, is required to have one installed. It is the NIC that provides connectivity between the PC and the network's physical medium, the copper or fiber-optic cable. NICs provide computers with a connection to the network, but they also handle an important data-conversion function. Data travels in parallel on the PCI's bus system, but the network medium demands a serial transmission. The transceiver, a transmitter and receiver, on the NIC has the ability to move data from parallel to serial and vice versa. This isn't any different than an automobiles travelling down a multi-lane superhighway where all lanes must merge into one lane. Network interface cards also have the ability of supplying a basic addressing system that can be used to get data from one computer to another on the network. The hardware or MAC address is burned into a ROM chip on the NIC. This is referred to as the MAC address because the Media Access Control (MAC) layer is acutally a sublayer of the OSI model's Data Link layer. Most of the new motherboards available today for PCs and servers have the network interface card integrated with the motherboard. Older computers and some newer computers do not provide onboard network interfaces which will equire a NIC to be added. Network interface may refer to:

Network interface controller, the device a computer uses to connect to a computer network Network interface device, a demarcation point for a telephone network

Media Access Control

The Media Access Control is often said to be a sub-layer of the OSI data Link layer. On every network interface adaptor card there is a set of computer chips that handle communication with the physical media (copper wire, fiber optic cable or the air) by controlling the communication signal (electricity, light or radio frequencies) over the physical media. In plain english, the computer chips that control the electricity transmitted and received on a copper wire are MAC-related hardware. Application Presentation Session Transport

The MAC sublayer provides the means to access the the physical medium used for Network communication. The MAC sublayer also communicates with the Logical Link Control (LLC) sub-layer above it allowing it to access and speak to the upper layer network LLC Data Link protocols such as IP. MAC MAC Addresses Physical

The MAC sub-layer must supply a 48-bit (6 byte) address. The MAC address is most frequently represented as 12 hexadecimal digits. The MAC address uniquely identifies a specific network device and MAC addresses must be unique on a given LAN. The first 12-bit portion of the MAC address identifies the vendor of the network device; the next 12-bit portion identifies the unique id of the device itself. When looking at a hexadecimal representation of the MAC address, the first six hexadecimal digits identify the vendor and the last six hexadecimal digits identify the specific network interface card.

Here are some examples of what a MAC address looks like. There is some difference in how they are displayed on different types of computers. The hexadecimal digits are the same, but they are separated or grouped differently when displayed. Different companies like to show MAC addresses different ways. MAC Address 00:00:0C:12:B1:CF 00000C-12B1CF 00-00-0C-12-B1-CF As Displayed by Vendor/Manufacturer Cisco, Unix/SUN, Linux ProCurve Switches Microsoft Command Used to display MAC ifconfig -a show bridge ipconfig /all

Manufacturers of network interface adaptor cards 'burn' a MAC address into the memory of the chips on every card they produce. The pattern of bits in the first set of 24 bits of the MAC address is assigned to a specific vendor. Cisco was assigned the hexadecimal prefix '00000C' to use on their first set of network interface adaptors. In the case of the protocols specified in the IEEE's 802.x series of documents, the first 24 bits of a MAC address identify the vendor-manufacturer of the network interface card and the last 24 bits identify the card itself, or more precisely, the last 24 bits identifies the specific host the network inteface card is attached to. The 24 bits used to identify a host allows for up to 16.7 million unique card addresses on one network. Since there are more than 16.7 million computers in the world, this clearly isn't enough addresses for every computer on earth, is it? Duplicate MAC Addresses Manufacturers re-use MAC addresses and they ship cards with duplicate addresses to different parts of the United States or the World so that there is only a very small chance two computers with network cards with the same MAC address will end up on the same network. MAC addresses are 'burned' into the Network Interface Card (NIC), and cannot be changed. See ARP and RARP on how IP addresses are tranlated into MAC addresses and vice versa. In order for a network device to be able to communicate, the MAC address it is using must be unique. No other device on that local network subnet can use that MAC address. If two devices have the same MAC address (which occurs more often than network administrators would like), neither computer can communicate properly. On an Ethernet LAN, this will cause a high number of collisions. Duplicate MAC addresses on the same LAN are a problem. Duplicate MAC addresses separated by one or more routers is not a problem since the two devices won't see each other and will use the router to communicate. MAC Frame Format Since there are various types of Network Interfaces (Ethernet, Token Ring, FDDI etc.) the MAC frame format differs by protocol according to its design. However most will have at a minimum the following fields: The MAC protocol encapsulates a SDU (payload data) by adding a 14 byte header (Protocol Control Information (PCI)) before the data and appending a 4-byte (32-bit) Cyclic Redundancy Check (CRC) after the data. The entire frame is preceded by a small idle period (the minimum inter-frame gap, 9.6 microsecond (S)) and a 8 byte preamble (including the start of frame delimiter).

MAC encapsulation of a packet of data Header The header consists of three parts:

A 6-byte destination address, which specifies either a single recipient node (unicast mode), a group of recipient nodes (multicast mode), or the set of all recipient nodes (broadcast mode). A 6-byte source address, which is set to the sender's globally unique node address. This may be used by the network layer protocol to identify the sender, but usually other mechanisms are used (e.g. arp). Its main function is to allow address learning which may be used to configure the filter tables in a bridge. A 2-byte type field, which provides a Service Access Point (SAP) to identify the type of protocol being carried

MAC Control Field or type The MAC control field contains all information used for flow control, connection establishment and teardown as well as error control. Not all protocols provide for establishment/teardown, flow control and error recovery. The content of this field is dependent upon the specified standards for that particular data link layer protocol (Ethernet, Token Ring, FDDI etc.) DESTINATION / SOURCE MAC Fields The source MAC address field contains the MAC address of the source machine--the transmitting device (since some computers with MAC addresses aren't called computers--cell phones have MAC addresses), and the destination device is the receiver. The destination MAC is closer to the 'front' (left side in the diagram) of the frame for easier scanning, mostly because it is the destination device that is important as that is the device we are trying to reach. When the receiver responds to the frame, it will use the source address to generate the destination portion of the frame it sends out. In other words, the source MAC in the frame received becomes the destination MAC in the frame transmitted as a response. LLC PDU Field When talking about network communication protocols such as Ethernet or FDDI or Token Ring, they are described as being Physical and Data Link layer protocols--they perform functions that are said to be Physical and Data Link Layer functions as listed in the OSI Model of networking. For Ethernet and Token Ring the Data Link layer is described as being broken into two sub-layers, the MAC sublayer (for the MAC address and Media Access Control functions) and the Logical Link Control sublayer LLC. The Logical Link Control Packet Data Unit field (LLC PDU) contains data from the from the LLC sub-layer of the data link layer protocol (eg. Ethernet, FDDI, Token Ring etc.). The LLC information is used to keep track of which piece of data is sent to which IP address and application. For example, the LLC information helps a web browser keep track of which data being received is part of an image in a web page, and which data is the text in the body of the web page itself. CRC Checksum Field The final field in an Ethernet MAC frame is called a 'checksum' that is the product of a Cyclic Redundancy Check (CRC check). A CRC check is a mathematical forumula that uses the data as input and produces a numeric result that is almost as unique as the input data. Using the CRC checksum value it is possible to verify the the integrity of the frame. Before transmitting the frame, the source computer calculates the checksum and places the checksum value in this field. The receiving computer looks at the same data in the frame and also calculates the checksum. If the CRC it calculates is different from the CRC checksum in the CRC checksum field, the CRC check has failed. Frames that fail this checksum test are discarded because there is a near certainty that the frame is damaged.

A 32-bit CRC provides error detection in the case where line errors (or transmission collisions in Ethernet) result in corruption of the MAC frame. Any frame with an invalid CRC is discarded by the MAC receiver without further processing. The MAC protocol does not provide any indication that a frame has been discarded due to an invalid CRC. The link layer CRC therefore protects the frame from corruption while being transmitted over the physical mediuym (cable). A new CRC is added if the packet is forwarded by the router on another Ethernet link. While the packet is being processed by the router the packet data is not protected by the CRC. Router processing errors must be detected by network or transport-layer checksums.

A Network Interface H/W

A network interface unit (NIU) (sometimes called a network interface device) is a device that serves as a common interface for various other devices within a local area network (LAN), or as an interface to allow networked computers to connect to an outside network. The NIU enables communication between devices that use different protocols by supplying a common transmission protocol, which may be used instead of the devices' own protocols, or may be used to convert the specific device protocol to the common one. To enable an interface between a LAN and another network, the NIU converts protocols and associated code and acts as a buffer between the connected hardware. A network interface card (NIC) is a type of NIU. Types of NIC Cards NIC is an acronym for Network Interface Card or Network Interface Controller. However, a NIC is actually referred to as a network adapter by most of the population. A NIC is an expansion card, a hardware device attached to a non-portable computer (like a desktop) allowing that computer some new ability. As an expansion card, the NIC specifically allows a computer the ability to connect to a network (such as Ethernet or Wi-FI). Function NIC cards serve as conduits between a computer and a network (like Internet). They translate the data on the computer into a form that is transferrable via a network cable and control the data as it is sent to other devices on the network. Configuration Types There are three different types of NIC arrangements, or configurations: jumper, software and the newest technology, Plug-and-Play (PnP). Jumper Configurable NIC Cards Jumper configurable NIC cards are efficient and easy to use for older equipment. They have physical jumpers (small devices that control computer hardware without the need for software) that determine settings for the interrupt request line, input/output address, upper memory block and type of transceiver. Software Configurable NIC Cards Software configurable NIC must be manually configured when installed, but contain a proprietary software program that allows the operator to configure the NIC via a menu, or choose the auto configuration mode that determines what configuration is most suitable. Plug-and-Play Configurable NIC Cards Most NICs today use the PnP technology as it does not have to be manually configured, though it can be. PnP NICs will auto-configure upon installation during the system boot-up sequence, but can cause conflicts with the hard drive.

Virtual Network Adapters Certain types of network adapters have no hardware component but rather consist of software only. These are often called virtual adapters in contrast to a physical adapter. Virtual adapters are commonly found in virtual private networks (VPNs). A virtual adapter may also be used with research computers or IT business servers that run virtual machine technology.

OSI model
The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a way of sub-dividing a communications system into smaller parts called layers. A layer is a collection of conceptually similar functions that provide services to the layer above it and receives services from the layer below it. On each layer an instance provides services to the instances at the layer above and requests service from the layer below. History In 1978, work on a layered model of network architecture was started and the International Organization for Standardization (ISO) began to develop its OSI framework architecture. OSI has two major components: an abstract model of networking, called the Basic Reference Model or seven-layer model, and a set of specific protocols. Data unit Layer Function

7. Application Network process to application Data Host layers 5. Session Segments 4. Transport Packet Media layers Frame Bit 3. Network 2. Data Link 1. Physical 6. Presentation Data representation, encryption and decryption, convert machine dependent data to machine independent data Interhost communication End-to-end connections and reliability, flow control Path determination and logical addressing Physical addressing Media, signal and binary transmission

Advantages of Layered Approach

The layered approach to network communications provides the following benefits: reduced complexity improved teaching and learning modular engineering accelerated evolution interoperable technology standard interfaces As the information to be sent descends through the layers of a system it looks less and less like human language and more and more like the 1s and 0s that a computer understands.

Layer 1: Physical Layer The physical layer is concerned with the interface to the transmission medium. At the physical layer, data is transmitted onto the medium (e.g. coaxial cable or optical fiber) as a stream of bits. So, the physical layer is concerned, not with networking protocols, but with the transmission media on the network. The physical layer defines the electrical, mechanical, procedural, and functional specifications for activating, maintaining, and deactivating the physical link between end systems. This layer puts 1's & 0's onto the wire. Characteristics specified by the physical layer include voltage levels timing of voltage changes physical data rates maximum transmission distances physical connectors To understand the function of the Physical Layer, contrast it with the functions of the Data Link Layer. Think of the Physical Layer as concerned primarily with the interaction of a single device with a medium, whereas the Data Link Layer is concerned more with the interactions of multiple devices (i.e., at least two) with a shared medium. The major functions and services performed by the Physical Layer are:

Establishment and termination of a connection to a communications medium. Participation in the process whereby the communication resources are effectively shared among multiple users. For example, contention resolution and flow control. Modulation, or conversion between the representation of digital data in user equipment and the corresponding signals transmitted over a communications channel. These are signals operating over the physical cabling (such as copper and optical fiber) or over a radio link.

Devices:Hubs, FDDI Hardware, Fast Ethernet, Token Ring Hardware. Layer 2: Data Link Layer The Data Link Layer provides the functional and procedural means to transfer data between network entities and to detect and possibly correct errors that may occur in the Physical Layer. Originally, this layer was intended for point-to-point and point-to-multipoint media, characteristic of wide area media in the telephone system. This layer is responsible for providing reliable transit of data across a physical link. The data-link layer is concerned with physical addressing; Bridges, Transparent Bridges, Layer 2 Switches network topology; CDP line discipline (how end systems will use the network link) error notification ordered delivery of frames flow control Frame Relay, PPP, SDLC, X.25, 802.3, 802.3, 802.5/Token Ring, FDDI. At the data-link layer, the bits that come up from the physical layer are formed into data frames, using any of a variety of data-link protocols. Frames consist of fields, containing bits. The data-link layer is subdivided into two sub layers: the logical link control (LLC) sub layer

the media access control (MAC) sub layer

Layer 3: Network Layer The Network Layer provides the functional and procedural means of transferring variable length data sequences from a source host on one network to a destination host on a different network, while maintaining the quality of service requested by the Transport Layer (in contrast to the data link layer which connects hosts within the same network). The Network Layer performs network routing functions, and might also perform fragmentation and reassembly, and report delivery errors. Routers operate at this layersending data throughout the extended network and making the Internet possible. This is a logical addressing scheme values are chosen by the network engineer. The addressing scheme is not hierarchical. Careful analysis of the Network Layer indicated that the Network Layer could have at least three sublayers: 1. Subnetwork Access - that considers protocols that deal with the interface to networks, such as X.25; 2. Subnetwork Dependent Convergence - when it is necessary to bring the level of a transit network up to the level of networks on either side; 3. Subnetwork Independent Convergence - which handles transfer across multiple networks. The network layer is the domain of routing. Routing protocols select optimal paths through the series of interconnected networks. Network layer protocols then move information along these paths. One of the functions of the network layer is "path determination". Path determination enables the router to evaluate all available paths to a destination and determine which to use. It can also establish the preferred way to handle a packet. After the router determines which path to use it can proceed with switching the packet. It takes the packet it has accepted on one interface and forwards it to another interface or port that reflects the best path to the packet's destination. Devices:IP, IPX, Routers, Routing Protocols (RIP, IGRP, OSPF, BGP etc), ARP, RARP, ICMP.

Layer 4: Transport Layer The Transport Layer provides transparent transfer of data between end users, providing reliable data transfer services to the upper layers. The Transport Layer controls the reliability of a given link through flow control, segmentation/desegmentation, and error control. Some protocols are state and connection oriented. This means that the Transport Layer can keep track of the segments and retransmit those that fail. The Transport layer also provides the acknowledgement of the successful data transmission and sends the next data if no errors occurred. You can think of the transport layer of the OSI model as a boundary between the upper and lower protocols. The transport layer provides a data transport service that shields the upper layers from transport implementation issues such as the reliability of a connection. The transport layer provides mechanisms for: multiplexing upper layer applications the establishment, maintenance, and orderly termination of virtual circuits information flow control transport fault detection and recovery Although not developed under the OSI Reference Model and not strictly conforming to the OSI definition of the Transport Layer, typical examples of Layer 4 are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). Devices:TCP, UDP, SPX and Sliding Windows.

Layer 5: Session Layer The Session Layer controls the dialogues (connections) between computers. It establishes, manages and terminates the connections between the local and remote application. It provides for full-duplex, half-duplex, or simplex operation, and establishes checkpointing, adjournment, termination, and restart procedures. Half-duplex conversations require a good deal of session layer control, because the start and end of each transmission need to be monitored. Most networks are of course capable of full-duplex transmission, but in fact many conversations are in practice half-duplex. The OSI model made this layer responsible for graceful close of sessions, which is a property of the Transmission Control Protocol, and also for session checkpointing and recovery, which is not usually used in the Internet Protocol Suite. The Session Layer is commonly implemented explicitly in application environments that use remote procedure calls. Devices:Some examples of session layer protocols and interfaces are: Concurrent database access Remote Procedure Call (RPC) NetBIOS Names AppleTalk Session Protocol (ASP) Digital Network Architecture

Layer 6: Presentation Layer The Presentation Layer establishes context between Application Layer entities, in which the higher-layer entities may use different syntax and semantics if the presentation service provides a mapping between them. If a mapping is available, presentation service data units are encapsulated into session protocol data units, and passed down the stack. This layer provides independence from data representation (e.g., encryption) by translating between application and network formats. The presentation layer transforms data into the form that the application accepts. This layer formats and encrypts data to be sent across a network. It is sometimes called the syntax layer. It provides a common format for transmitting data across various systems, so that data can be understood, regardless of the types of machines involved. The presentation layer concerns itself not only with the format and representation of actual user data, but also with data structure used by programs. Therefore, the presentation layer negotiates data transfer syntax for the application layer. Devices: Encryption EBCDIC and ASCII GIF & JPEG The original presentation structure used the basic encoding rules of Abstract Syntax Notation One (ASN.1), with capabilities such as converting an EBCDIC-coded text file to an ASCII-coded file, or serialization of objects and other data structures from and to XML.

Layer 7: Application Layer The Application Layer is the OSI layer closest to the end user, which means that both the OSI application layer and the user interact directly with the software application. This layer interacts with software applications that implement a communicating component. Such application programs fall outside the scope of the OSI model. Application layer functions typically include identifying communication partners,

determining resource availability, and synchronizing communication. When identifying communication partners, the application layer determines the identity and availability of communication partners for an application with data to transmit. When determining resource availability, the application layer must decide whether sufficient network or the requested communication exist. In synchronizing communication, all communication between applications requires cooperation that is managed by the application layer. It's services are often part of the application process. Main functions are: identifies and establishes the availability of the intended communication partner. synchronizes the sending and receiving applications. establishes agreement on procedures for error recovery and control of data integrity. determines whether sufficient resources for the intended communications exist. Some examples of application layer implementations include:

On OSI stack: o FTAM File Transfer and Access Management Protocol o X.400 Mail o Common management information protocol (CMIP) On TCP/IP stack: o Hypertext Transfer Protocol (HTTP), o File Transfer Protocol (FTP), o Simple Mail Transfer Protocol (SMTP) o Simple Network Management Protocol (SNMP)

Devices: Browsers Search engines E-mail programs Newsgroup and chat programs Transaction services Audio/video conferencing Telnet SNMP

TCP/IP Architecture and the TCP/IP Model:

TCP/IP Model Layers The TCP/IP model uses four layers that logically span the equivalent of the top six layers of the OSI reference model; this is shown in Figure 20. (The physical layer is not covered by the TCP/IP model because the data link layer is considered the point at which the interface occurs between the TCP/IP stack and the underlying networking hardware.) The following are the TCP/IP model layers, starting from the bottom. The TCP/IP architectural model has four layers that approximately match six of the seven layers in the OSI Reference Model. The TCP/IP model does not address the physical layer, which is where hardware devices reside. The next three layersnetwork interface, internet and (host-to-host) transportcorrespond to layers 2, 3 and 4 of the OSI model. The TCP/IP application layer conceptually blurs the top three OSI layers. Its also worth noting that some people consider certain aspects of the OSI session layer to be arguably part of the TCP/IP host-to-host transport layer.

Figure 20: OSI Reference Model and TCP/IP Model Layers Network Interface Layer As its name suggests, this layer represents the place where the actual TCP/IP protocols running at higher layers interface to the local network. This layer is somewhat controversial in that some people don't even consider it a legitimate part of TCP/IP. This is usually because none of the core IP protocols run at this layer. Despite this, the network interface layer is part of the architecture. It is equivalent to the data link layer (layer two) in the OSI Reference Model and is also sometimes called the link layer. You may also see the name network access layer. On many TCP/IP networks, there is no TCP/IP protocol running at all on this layer, because it is simply not needed. For example, if you run TCP/IP over an Ethernet, then Ethernet handles layer two (and layer one) functions. However, the TCP/IP standards do define protocols for TCP/IP networks that do not have their own layer two implementation. These protocols, the Serial Line Internet Protocol (SLIP) and the Point-toPoint Protocol (PPP), serve to fill the gap between the network layer and the physical layer. They are commonly used to facilitate TCP/IP over direct serial line connections (such as dial-up telephone networking) and other technologies that operate directly at the physical layer. Internet Layer This layer corresponds to the network layer in the OSI Reference Model (and for that reason is sometimes called the network layer even in TCP/IP model discussions). It is responsible for typical layer three jobs, such as logical device addressing, data packaging, manipulation and delivery, and last but not least, routing. At this layer we find the Internet Protocol (IP), arguably the heart of TCP/IP, as well as support protocols such as ICMP and the routing protocols (RIP, OSFP, BGP, etc.) The new version of IP, called IP version 6, will be used for the Internet of the future and is of course also at this layer. (Host-to-Host) Transport Layer This primary job of this layer is to facilitate end-to-end communication over an internetwork. It is in charge of allowing logical connections to be made between devices to allow data to be sent either unreliably (with no guarantee that it gets there) or reliably (where the protocol keeps track of the data sent and received to

make sure it arrives, and re-sends it if necessary). It is also here that identification of the specific source and destination application process is accomplished The formal name of this layer is often shortened to just the transport layer; the key TCP/IP protocols at this layer are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The TCP/IP transport layer corresponds to the layer of the same name in the OSI model (layer four) but includes certain elements that are arguably part of the OSI session layer. For example, TCP establishes a connection that can persist for a long period of time, which some people say makes a TCP connection more like a session. Application Layer This is the highest layer in the TCP/IP model. It is a rather broad layer, encompassing layers five through seven in the OSI model. While this seems to represent a loss of detail compared to the OSI model, I think this is probably a good thing! The TCP/IP model better reflects the blurry nature of the divisions between the functions of the higher layers in the OSI model, which in practical terms often seem rather arbitrary. It really is hard to separate some protocols in terms of which of layers five, six or seven they encompass. (I didn't even bother to try in this Guide which is why the higher-level protocols are all in the same chapter, while layers one through four have their protocols listed separately.) Numerous protocols reside at the application layer. These include application protocols such as HTTP, FTP and SMTP for providing end-user services, as well as administrative protocols like SNMP, DHCP and DNS.

The Microsoft Network Model:

Microsoft has developed an informal network model that is discussed in the Microsoft books and training materials. This informal model is never clearly stated. This model can be beneficial to people setting up local area networks (LANs) that are predominately using one of the operating systems in the Microsoft product line. The Microsoft network model attempts to simplify many concepts and in some cases this results in an incomplete and misleading understanding of the material. Focuses on the Local Area network the core areas that are discussed in Microsoft literature are

Clients and Server Network Topology Network Media Network Protocols

Network Devices (Hubs and routers) are placed outside of the core areas. Network devices are discussed in a section on "Expanding your network". This omission is probably because of the models emphasis on simplicity. As a result of not having a category for network devices, network cards are grouped along with the network media. Microsoft Model Overview Before Windows NT 3.1 was released, users had to obtain the TCP/IP protocol suite from a third party, and then install it. This was necessary for users to connect to the network, which in turn usually resulted in a number of issues. When it came to network communication, the TCP/IP software which was obtained and installed often functioned differently to that of the particular operating system. With the release of Windows NT 3.1, TCP/IP was included as a component of the operating system. Because of TCP/IP being built into the operating system, integration existed between networking functionality in the OS.

The Microsoft model modularily defines hardware and software; and the actual connections between these components that enable networking. The Microsoft model provides a standard platform for application developers and programmers that enable developers to use standard interfaces that provide specific functionality which they can use to develop applications. The Microsoft model is therefore mainly utilized by application developers and programmers. The advantages of using the Microsoft model are:

Decreased application development time Common interfaces are provided for users Simplifies application usage.

Understanding Boundary Layers Boundary layers are interfaces which exist at the boundaries of functionality. By interacting between the layer above and beneath it, the boundary layers actually provide the interfaces between layers. The Boundary layers defined in the Microsoft model are:

Network Driver Interface Specification (NDIS) Boundary layer: The Network Driver Interface Specification (NDIS) Boundary layer relates to the Network Interface layer of the DoD model, and the Data-link layer of the OSI model. The NDIS Boundary layer therefore functions at the bottom of the stack. The NDIS Boundary layer provides the following:
o o

Standard functions which enable transport protocols to utilize any network device driver which works at this layer. Programming flexibility and reliability to developers

Transport Driver Interface Boundary (TDI) Boundary layer: This is the gateway between the Transport layer and the Session layer in the OSI model. It provides the interface which developers can utilize to access functions of the Transport layer, and functions at the Session layer of the OSI model. Application Program Interface Boundary (API) Boundary layer: This is the interface that enables developers to access Application layer protocols, including:
o o o

Domain Name Service (DNS) Dynamic Host Configuration Protocol (DHCP) Windows Internet Name Service (WINS) Windows Sockets (WinSock) Messaging APIs NetBIOS Telephony

The components that perform functions at the lower layers include

o o o o

Understanding Component Layers The Component layers provide the following functionality

Network Transport Protocols: The network transport protocols enable applications to transmit and receive data across the network. Common network transport protocols include:
o o o o

TCP/IP ATM Internet Packet Exchange/Sequenced Packet Exchange (IPX/SPX) NetBEUI

o o o

AppleTalk Infrared Data Association (IrDA) SNA

NDIS Wrapper: The NDIS wrapper is implemented via the ndis.sys file. This is the software code that encircles the NDIS device drivers. The NDIS wrapper is a library of common NDIS functions which both the MAC protocols and TCP/IP can utilize. The NDIS wrapper assists in reducing platform dependencies when network interface devices are developed. File System Drivers: The file system drivers function at the Presentation layer and Session layer of the OSI model, and include the:
o o

Redirector: Requests to access a shared file is sent to the Redirector. The Redirector then chooses the proper Transport layer protocol. Server service: Requests to access a local file are sent to the Server service, which then provides the access to the local file. WinSock API: The WinSock API provides standardized access to datagram and session services over:

Applications and User Mode Services: APIs provide access to the lower transport protocols:


The WinSock API enables applications to communicate with the lower layers.
o o o

Telephony API (TAPI): TAPI provide the standardized interface to network protocols for different telephony applications. Messaging API (MAPI): MAPI enables applications to interface with messaging services through one interface. NetBIOS API: The NetBIOS API is mainly supported in Windows Server 2003 to enable backward compatibility.

Transport Layer
The Transport Layer's responsibilities include end-to-end message transfer capabilities independent of the underlying network, along with error control, segmentation, flow control, congestion control, and application addressing (port numbers). End to end message transmission or connecting applications at the transport layer can be categorized as either connection-oriented, implemented in Transmission Control Protocol (TCP), or connectionless, implemented in User Datagram Protocol (UDP). It is also here that identification of the specific source and destination application process is accomplished The Transport Layer can be thought of as a transport mechanism, e.g., a vehicle with the responsibility to make sure that its contents (passengers/goods) reach their destination safely and soundly, unless another protocol layer is responsible for safe delivery. The Transport Layer provides this service of connecting applications through the use of service ports. Since IP provides only a best effort delivery, the Transport Layer is the first layer of the TCP/IP stack to offer reliability. IP can run over a reliable data link protocol such as the High-Level Data Link Control (HDLC). Protocols above transport, such as RPC, also can provide reliability. For example, the Transmission Control Protocol (TCP) is a connection-oriented protocol that addresses numerous reliability issues to provide a reliable byte stream:

data arrives in-order data has minimal error (i.e. correctness) duplicate data is discarded lost/discarded packets are resent includes traffic congestion control

The newer Stream Control Transmission Protocol (SCTP) is also a reliable, connection-oriented transport mechanism. It is Message-stream-oriented not byte-stream-oriented like TCP and provides multiple streams multiplexed over a single connection. It also provides multi-homing support, in which a connection end can be represented by multiple IP addresses (representing multiple physical interfaces), such that if one fails, the connection is not interrupted. It was developed initially for telephony applications (to transport SS7 over IP), but can also be used for other applications. User Datagram Protocol is a connectionless datagram protocol. Like IP, it is a best effort, "unreliable" protocol. Reliability is addressed through error detection using a weak checksum algorithm. UDP is typically used for applications such as streaming media (audio, video, Voice over IP etc) where on-time arrival is more important than reliability, or for simple query/response applications like DNS lookups, where the overhead of setting up a reliable connection is disproportionately large. Real-time Transport Protocol (RTP) is a datagram protocol that is designed for real-time data such as streaming audio and video. TCP and UDP are used to carry an assortment of higher-level applications. The appropriate transport protocol is chosen based on the higher-layer protocol application. For example, the File Transfer Protocol expects a reliable connection, but the Network File System (NFS) assumes that the subordinate Remote Procedure Call protocol, not transport, will guarantee reliable transfer. Other applications, such as VoIP, can tolerate some loss of packets, but not the reordering or delay that could be caused by retransmission. The applications at any given network address are distinguished by their TCP or UDP port. By convention certain well known ports are associated with specific applications. (See List of TCP and UDP port numbers.)

Transmission Control Protocol:

The Transmission Control Protocol (TCP) is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol (IP), and therefore the entire suite is commonly referred to as TCP/IP. TCP provides the service of exchanging data directly between two hosts on the same network, whereas IP handles addressing and routing message across one or more networks. In particular, TCP provides reliable, ordered delivery of a stream of bytes from a program on one computer to another program on another computer. TCP is the protocol that major Internet applications rely on, applications such as the World Wide Web, e-mail, and file transfer. Other applications, which do not require reliable data stream service, may use the User Datagram Protocol (UDP) which provides a datagram service that emphasizes reduced latency over reliability. The characteristics of TCP protocol TCP (which means Transmission Control Protocol) is one of the main protocols of the transport layer of the TCP/IP model. It makes it possible, at application level, to manage data coming from (or going to) the lower layer of the model (i.e. the IP protocol). When data is provided to the IP protocol, it encapsulates them in IP datagrams, by fixing the protocol field to 6 (so that it knows in advance that the protocol is TCP...). TCP is a connection orientated protocol, i.e. it enables two machines which are communicating to control the status of the transmission. The main characteristics of the TCP protocol are as follows:

TCP makes it possible to put datagrams back in order when coming from the IP protocol TCP enables the data flow to be monitored so as to avoid network saturation TCP allows data to be formed in variable length segments in order to "return" them to the IP protocol TCP makes it possible to multiplex data, i.e. so that information coming from distinct sources (applications for example) on the same line can be circulated simultaneously Finally, TCP allows communication to be courteously started and ended

The aim of TCP Using the TCP protocol, applications can communicate securely (thanks to the TCP protocol's acknowledgements system), independently from the lower layers. This means that routers (which work in the internet layer) only have to route data in the form of datagrams, without being concerned with data monitoring because this is performed by the transport layer (or more specifically by the TCP protocol). During a communication using the TCP protocol, the two machines must establish a connection. The originator machine (the one which requests the connection) is called the client, while the recipient machine is called the server. So it is said that we are in a Client-Server environment. The machines in such an environment communicate in online mode, i.e. the communication takes place in both directions. To enable the communication and all the controls which accompany it to operate well, the data is encapsulated, i.e. a header is added to data packets which will enable the transmissions to be synchronised and ensure their reception. Another feature of TCP is the ability to control the data speed using its capability to issue variably sized messages, these messages are called segments. TCP segment structure: Transmission Control Protocol accepts data from a data stream, 'segments' it into chunks, and adds a TCP header creating a TCP segment. The TCP segment is then encapsulated into an IP packet. A TCP segment is "the packet of information that TCP uses to exchange data with its peers."

Note that the term TCP packet is now used interchangeably with the term TCP segment. Although in the original RFC segment usually referred to the TCP unit of data, datagram to the IP unit and packet to the data communications network unit: Processes transmit data by calling on the TCP and passing buffers of data as arguments. The TCP packages the data from these buffers into segments and calls on the internet module [e.g. IP] to transmit each segment to the destination TCP. A TCP segment consists of a segment header and a data section. The TCP header contains 10 mandatory fields, and an optional extension field (Options, pink background in table). The data section follows the header. Its contents are the payload data carried for the application. The length of the data section is not specified in the TCP segment header. It can be calculated by subtracting the combined length of the TCP header and the encapsulating IP segment header from the total IP segment length (specified in the IP segment header). TCP Header Bit offset 0 32 64 96 128 160 ...
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

Source port

Destination port

Sequence number Acknowledgment number Data offset Reserved W C R


Window Size

Checksum Urgent pointer Options (if Data Offset > 5) ...

Meanings of the different fields:

Source port (16 bits) identifies the sending port Destination port (16 bits) identifies the receiving port Sequence number (32 bits) has a dual role:

If the SYN flag is set, then this is the initial sequence number. The sequence number of the actual first data byte (and the acknowledged number in the corresponding ACK) are then this sequence number plus 1. If the SYN flag is clear, then this is the accumulated sequence number of the first data byte of this packet for the current session.

Acknowledgment number (32 bits) if the ACK flag is set then the value of this field is the next sequence number that the receiver is expecting. This acknowledges receipt of all prior bytes (if any). The first ACK sent by each end acknowledges the other end's initial sequence number itself, but no data. Data offset (4 bits) specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing for up to 40 bytes of options in the header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data. Reserved (4 bits) for future use and should be set to zero Flags (8 bits) (aka Control bits) contains 8 1-bit flags

CWR (1 bit) Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism (added to header by RFC 3168). ECE (1 bit) ECN-Echo indicates If the SYN flag is set, that the TCP peer is ECN capable. If the SYN flag is clear, that a packet with Congestion Experienced flag in IP header set is received during normal transmission (added to header by RFC 3168). URG (1 bit) indicates that the Urgent pointer field is significant ACK (1 bit) indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set. PSH (1 bit) Push function. Asks to push the buffered data to the receiving application. RST (1 bit) Reset the connection SYN (1 bit) Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags change meaning based on this flag, and some are only valid for when it is set, and others when it is clear. FIN (1 bit) No more data from sender

Window size (16 bits) the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive (see Flow control and Window Scaling) Checksum (16 bits) The 16-bit checksum field is used for error-checking of the header and data Urgent pointer (16 bits) if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte Options (Variable 0-320 bits, divisible by 32) The length of this field is determined by the data offset field. Options 0 and 1 are a single byte (8 bits) in length. The remaining options indicate the total length of the option (expressed in bytes) in the second byte. Some options may only be sent when SYN is set; they are indicated below as [SYN].

0 (8 bits) - End of options list 1 (8 bits) - No operation (NOP, Padding) This may be used to align option fields on 32-bit boundaries for better performance. 2,4,SS (32 bits) - Maximum segment size (see maximum segment size) [SYN] 3,3,S (24 bits) - Window scale (see window scaling for details) [SYN] 4,2 (16 bits) - Selective Acknowledgement permitted. [SYN] (See selective acknowledgments for details) 5,N,BBBB,EEEE,... (variable bits, N is either 10, 18, 26, or 34)- Selective ACKnowlegement (SACK). These first two bytes are followed by a list of 1-4 blocks being selectively acknowledged, specified as 32-bit begin/end pointers. 8,10,TTTT,EEEE (80 bits)- Timestamp and echo of previous timestamp (see TCP timestamps for details) 14,3,S (24 bits) - TCP Alternate Checksum Request. [SYN] 15,N,... (variable bits) - TCP Alternate Checksum Data.

(The remaining options are obsolete, experimental, not yet standardized, or unassigned)

Protocol operation
TCP protocol operations may be divided into three phases. Connections must be properly established in a multi-step handshake process (connection establishment) before entering the data transfer phase. After data transmission is completed, the connection termination closes established virtual circuits and releases all allocated resources.

A TCP connection is managed by an operating system through a programming interface that represents the local end-point for communications, the Internet socket. During the lifetime of a TCP connection it undergoes a series of state changes:

1. LISTEN : In case of a server, waiting for a connection request from any remote client. 2. SYN-SENT : waiting for the remote peer to send back a TCP segment with the SYN and ACK flags set. (usually set by TCP clients) 3. SYN-RECEIVED : waiting for the remote peer to send back an acknowledgment after having sent back a connection acknowledgment to the remote peer. (usually set by TCP servers) 4. ESTABLISHED : the port is ready to receive/send data from/to the remote peer. 5. FIN-WAIT-1 6. FIN-WAIT-2 7. CLOSE-WAIT 8. CLOSING 9. LAST-ACK 10. TIME-WAIT : represents waiting for enough time to pass to be sure the remote peer received the acknowledgment of its connection termination request. According to RFC 793 a connection can stay in TIME-WAIT for a maximum of four minutes. 11. CLOSED

The multiplexing function

TCP makes it possible to carry out an important task: multiplexing/demultiplexing, i.e. to convey data from various applications on the same line or in other words put information arriving in parallel into order. These operations are conducted using the concept of ports (or sockets),

i.e. a number linked to an application type which, when combined with an IP address, makes it possible to uniquely determine an application which is running on a given machine. Reliability of transfers The TCP protocol makes it possible to ensure reliable data transfer, although it uses the IP protocol, which does not include any monitoring of datagram delivery. In reality, the TCP protocol has an acknowledgement system enabling the client and server to ensure mutual receipt of data. When a segment is issued, a sequence number is linked to it. Upon receipt of a data segment, the recipient machine will return a data segment where the ACK flag is set to 1 (in order to signal that it is an acknowledgement) accompanied by an acknowledgement number equal to the previous sequence number.

In addition, using a timer which starts upon receipt of a segment at the level of the originator machine, the segment is resent when the time allowed has passed, because in this case the originator machine considers that the segment is lost... However, if the segment is not lost and it arrives at the destination, the recipient machine will know, thanks to the sequence number that it is a duplication and will only retain the last segment arrived at the destination... Establishing a connection Considering that this communication process, which takes place using data transmission and acknowledgement, is based on a sequence number, the originator and recipient machines (client and server) must know the initial sequence number of the other machine. Establishing the connection between two applications is often done according to the following schema:

The TCP ports must be open The application on the server is passive, i.e. the application is listening, awaiting a connection The application on the client makes a connection request to the server where the application is passive open. The application on the client is said to be "active open"

The two machines must then synchronise their sequences using a mechanism commonly called a three ways handshake that is also found during the closure of the session. This dialogue makes it possible to start the communication, it takes place in three stages, as its name indicates:

In the first stage the originator machine (the client) transmits a segment where the SYN flag is set to 1 (to indicate that it is a synchronisation segment), with a sequence number N which is called the initial sequence number of the client. In the second stage, the recipient machine (the server) receives the initial segment coming from the client, then sends it an acknowledgement which is a segment where the ACK flag is set to 1 and the SYN flag is set to 1 (because it is again a synchronisation). This segment contains the sequence number of this machine (the server) which is the initial sequence number for the client. The most

important field in this segment is the acknowledgement field which contains the initial sequence number for the client, incremented by 1. Finally, the client transmits an acknowledgement which is a segment where the ACK flag is set to 1 and the SYN flag is set to 0 (it is no longer a synchronisation segment). Its sequence number is incremented and the acknowledgement number represents the initial sequence number for the server incremented by 1.

Following this sequence involving three exchanges the two machines are synchronised and communication can begin! There is a hacking technique, called IP spoofing, which allows this approval link to be corrupted for malicious purposes! Sliding window method In many cases, it is possible to limit the number of acknowledgements, in order to relieve traffic on the network, by fixing a sequence number at the end of which an acknowledgement is required. This number is in fact stored in the window field of the TCP/IP header. This method is effectively called the "sliding window method" because to some extent a range of sequences is defined that does not need acknowledgements and which moves as acknowledgements are received.

In addition, the size of this window is not fixed. In fact, the server can include the size of the window which seems most suitable in its acknowledgements by storing it in the window field. So, when the acknowledgement indicates a request to increase the window, the client will move the right border of the window.

Conversely, in the case of a reduction, the client will not move the right border of the window towards the left but wait for the left border to advance (with the arrival of the acknowledgements).

Ending a connection The client can request to end a connection in the same way as the server. Ending a connection is done in the following way:

One of the machines sends a segment with the FIN flag set to 1, and the application puts itself in a waiting state, i.e. it finishes receiving the current segment and ignores the following ones. After receipt of this segment, the other machine sends an acknowledgement with the FIN flag set to 1 and continues to send the segments in progress. Following this, the machine informs the application that a FIN segment has been received, then sends a FIN segment to the other machine, which closes the connection.

User Datagram Protocol

The User Datagram Protocol (UDP) is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol (IP) network without requiring prior communications to set up special transmission channels or data paths. The protocol was designed by David P. Reed in 1980 and formally defined in RFC 768. UDP uses a simple transmission model without implicit hand-shaking dialogues for providing reliability, ordering, or data integrity. Thus, UDP provides an unreliable service and datagrams may arrive out of order, appear duplicated, or go missing without notice. UDP assumes that error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level. Time-sensitive applications often use UDP because dropping packets is preferable to waiting for delayed packets, which may not be an option in a real-time system. If error correction facilities are needed at the network interface level, an application may use the Transmission Control Protocol (TCP) or Stream Control Transmission Protocol (SCTP) which are designed for this purpose. UDP's stateless nature is also useful for servers answering small queries from huge numbers of clients. Unlike TCP, UDP is compatible with packet broadcast (sending to all on local network) and multicasting (send to all subscribers). Common network applications that use UDP include: the Domain Name System (DNS), streaming media applications such as IPTV, Voice over IP (VoIP), Trivial File Transfer Protocol (TFTP) and many online games.

Packet structure
UDP is a minimal message-oriented Transport Layer protocol that is documented in IETF RFC 768. UDP provides no guarantees to the upper layer protocol for message delivery and the UDP protocol layer retains no state of UDP messages once sent. For this reason, UDP is sometimes referred to as Unreliable Datagram Protocol. UDP provides application multiplexing (via port numbers) and integrity verification (via checksum) of the header and payload. If transmission reliability is desired, it must be implemented in the user's application. bits 0 15 16 31 0 Source Port Number Destination Port Number Length Checksum 32 64 Data

The UDP header consists of 4 fields, each of which is 2 bytes (16 bits). The use of two of those is optional in IPv4 (pink background in table). In IPv6 only the source port is optional (see below). Source port number This field identifies the sender's port when meaningful and should be assumed to be the port to reply to if needed. If not used, then it should be zero. If the source host is the client, the port number is likely to be an ephemeral port number. If the source host is the server, the port number is likely to be a well-known port number. Destination port number

This field identifies the receiver's port and is required. Similar to source port number, if the client is the destination host then the port number will likely be an ephemeral port number and if the destination host is the server then the port number will likely be a well-known port number. Length A field that specifies the length in bytes of the entire datagram: header and data. The minimum length is 8 bytes since that's the length of the header. The field size sets a theoretical limit of 65,535 bytes (8 byte header + 65,527 bytes of data) for a UDP datagram. The practical limit for the data length which is imposed by the underlying IPv4 protocol is 65,507 bytes (65,535 8 byte UDP header 20 byte IP header). Checksum The checksum field is used for error-checking of the header and data. If no checksum is generated by the transmitter, the field uses the value all-zeros. This field is not optional for IPv6.

TCP/IP Application Layer Protocols, Services and Applications

The OSI Reference Model is used to describe the architecture of networking protocols and technologies and to show how they relate to one another. In the chapter describing the OSI model, I mentioned that its seven layers could be organized into two layer groupings: the lower layers (1 through 4) and the upper layers (5 through 7). While there are certainly other ways to divide the OSI layers, I feel this split best reflects the different roles that the layers play in a network. The lower layers are concerned primarily with the mechanics of formatting, encoding and sending data over a network; they involve software elements but are often closely associated with networking hardware devices. In contrast, the upper layers are concerned mainly with user interaction and the implementation of software applications, protocols and services that let us actually make use of the network. These elements generally don't need to worry about details, relying on the lower layers to ensure that data gets to where it needs to go reliably. In this chapter I describe the details of the many protocols and applications that run on the upper layers in modern networks and internetworks. The organization of this chapter is quite different than the previous one. I felt that there was benefit to explaining the technologies in each of the lower layers separately. This is possible because with a few exceptions, the dividing lines between the lower layers are fairly wellestablished, and this helped show how the layers differ. The upper layers are much more difficult to separate from each other, because there are many technologies and applications that implement more than one of layers 5 through 7. Furthermore, even differentiating between these layers becomes less important near the top of the networking stack. In fact, the TCP/IP protocol suite uses an architecture that lumps all the higher layers together anyway. For these reasons, this chapter is divided functionally and not by layer. It contains four different sections that cover distinct higher-layer protocol and application areas. The first discusses naming system, especially the TCP/IP Domain Name System. The second overviews file and resource sharing protocols, with a focus on the Network File System. The third covers network configuration and management protocols, which includes the host configuration protocols BOOTP and DHCP. The last and largest section covers end-user applications and application protocols, including general file transfer, electronic mail, Usenet, the World Wide Web, interactive protocols (such as Telnet) and administration utilities.


NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks. NetBIOS was developed in the early 1980s, targeting very small networks (about a dozen computers). Some applications still use NetBIOS, and do not scale well in today's networks of hundreds of computers when NetBIOS is run over NBF. When properly configured, NBT allows those applications to be run on large TCP/IP networks (including the whole Internet, although that is likely to be subject to security problems) without change.

NetBIOS Names
NetBIOS names are used to identify machines and workgroups and form the key building blocks of the NBT system. The names are limited to sixteen characters that are always in upper case. The sixteenth character of a NetBIOS name is used to indicate the type of service the name refers to. A Windows machine will thus own several names that vary only by their sixteenth character. NetBIOS names are usually encoded into a special 32 character format which makes them un-readable unless they are decoded. There are four separate services that are used to implement KFSensor emulates each one of these as described in the following sections. Service Port Description Windows networking.

NetBIOS UDP 137 NBNS is also known as Windows Internet Name Service (WINS). Name Service The job of NBNS is to match IP addresses with NetBIOS names and allow (NBNS) queries to be made of the matches. The name service is usually the first service that will be attacked. A visitor will need the information it can provide to begin a session on the other services. NetBIOS Datagram UDP 138 The Datagram service is used receive broadcasts of SMB packets via UDP. This service receives a lot of legitimate traffic from other Windows machines on the LAN as they broadcast their names and services. It is rare for an attacker to use this service, unless they are trying to add their machine to the windows network. TCP 139 The Session Service is used to handle NBT sessions. NBT sessions are a light weight protocol used to contain an SMB session. The SMB protocol and sessions based on it are used to provide the complex functionality of the services supported by Window's networking; such as file and print sharing. This is the service that attackers will be most interested in. SMB Direct TCP 445 In Windows 2000 Microsoft introduced an implementation of SMB that does not

NetBIOS Session Service

need NBT to communicate. This service is in practice the same as the NetBIOS Session Service, but without the additional NBT protocol around the SMB session. The SMB Direct is not supported in older Windows versions. The older hacker tools do not target this service, instead they go for the NetBIOS Session Service.

Windows Internet Name Service

Introduction to WINS
Windows Internet Name Service (WINS) is the Windows implementation of a NetBIOS name server (NBNS), which provides a distributed database for registering and querying dynamic mappings of NetBIOS names to IPv4 addresses used on your network. WINS is designed to provide NetBIOS name resolution in routed TCP/IP networks with multiple subnets. Without WINS, you must maintain Lmhosts files. Before two hosts that use NetBIOS over TCP/IP (NetBT) can communicate, the destination NetBIOS name must be resolved to an IPv4 address. TCP/IP cannot establish communication using a NetBIOS computer name. The basic procedure for WINS-based NetBIOS name resolution is the following: 1. Each time a WINS client starts, it registers its NetBIOS name-to-IPv4 address mappings with a configured WINS server. 2. When a NetBIOS application running on a WINS client initiates communication with another host, NetBT sends a NetBIOS Name Query Request message with the destination NetBIOS name directly to the WINS server, instead of broadcasting it on the local network. 3. If the WINS server finds a NetBIOS name-to-IPv4 address mapping for the queried name in its database, it returns the corresponding IPv4 address to the WINS client. Using WINS provides the following advantages:

Client requests for name resolution are sent directly to a WINS server. If the WINS server can resolve the name, it sends the IPv4 address directly to the client. As a result, a broadcast is not needed and broadcast traffic is reduced. However, if the WINS server is unavailable or does not have the appropriate mapping, the WINS client can still use a broadcast in an attempt to resolve the name. The WINS database is updated dynamically so that it is always current. This process allows NetBIOS name resolution on networks using DHCP and eliminates the need for local or centralized Lmhosts files. WINS provides computer browsing capabilities across subnets and domains. Computer browsing provides the list of computers in My Network Places.

How WINS Works

The WINS Server service in Windows Server 2003 is an implementation of an NBNS as described in Requests for Comments (RFCs) 1001 and 1002. WINS clients use a combination of the following processes:

Name registration Each WINS client is configured with the IPv4 address of a WINS server. When a WINS client starts, it registers its NetBIOS names and their corresponding IPv4 addresses with its WINS server. The WINS server stores the clients NetBIOS name-to-IPv4 address mappings in its database.

Name renewal All NetBIOS names are registered on a temporary basis so that if the original owner stops using a name, a different host can use it later. At defined intervals, the WINS client renews the registration for its NetBIOS names with the WINS server. Name resolution A WINS client can obtain the IPv4 addresses for NetBIOS names by querying the WINS server. Name release When a NetBIOS application no longer needs a NetBIOS name, such as when a NetBIOS-based service is shut down, the WINS client sends a message to the WINS server to release the name.

These processes are described in greater detail in the following sections. All WINS communications between WINS clients and WINS servers use unicast NetBIOS name management messages over User Datagram Protocol (UDP) port 137, the reserved port for the NetBIOS Name Service. Name Registration When a WINS client initializes, it registers its NetBIOS names by sending a NetBIOS Name Registration Request message directly to its configured WINS server. NetBIOS names are registered when NetBIOS services or applications start, such as the Workstation, Server, and Messenger services. If the NetBIOS name is unique and another WINS client has not already registered the name, the WINS server sends a positive Name Registration Response message to the WINS client. This message contains the amount of time, known as the Time to Live (TTL), that the NetBIOS name is registered to the WINS client. The TTL is configured on the WINS server. When a Duplicate Name Is Found If a duplicate unique name is registered in the WINS database, the WINS server sends a challenge to the currently registered owner of the name as a unicast NetBIOS Name Query Request message. The WINS server sends the challenge three times at 500-millisecond intervals. If the current registered owner responds to the challenge successfully, the WINS server sends a negative Name Registration Response message to the WINS client that is attempting to register the duplicate name. If the current registered owner does not respond to the WINS server, the server sends a positive Name Registration Response message to the WINS client that is attempting to register the name and updates its database with the new owner. When WINS Servers are Unavailable A typical WINS client is configured with a primary and a secondary WINS server, although you can configure more than two WINS servers. A WINS client makes three attempts to register its names with its primary WINS server. If the third attempt gets no response, the WINS client sends name registration requests to its secondary WINS server (if configured) and any additional servers that have been configured. If none of the WINS servers are available, the WINS client uses local broadcasts to register its NetBIOS names. Name Renewal To continue using the same NetBIOS name, a client must renew its registration before the TTL it received in the last positive Name Registration Response message expires. If the client does not renew the registration,

the WINS server removes the NetBIOS name from its database. After that point, other computers cannot resolve the NetBIOS name to the address of the former owner and another client can register the name for itself. Name Refresh Request Every WINS client attempts to renew its NetBIOS names with its primary WINS server by sending a NetBIOS Name Refresh message when half of the TTL has elapsed or when the computer or the service restarts. If the WINS client does not receive a NetBIOS Name Registration Response message, the client sends another refresh message to its primary WINS server every 10 minutes for one hour. If none of these attempts is successful, the client then tries the secondary WINS server every 10 minutes for one hour. The client continues to send refresh messages to the primary server for an hour and then to the secondary server for an hour until either the name expires or a WINS server responds and renews the name. If the WINS client succeeds in refreshing its name, the WINS server that responds to the NetBIOS Name Refresh message resets the renewal interval. If the WINS client fails to refresh the name on either the primary or secondary WINS server during the renewal interval, the name is released. Name Refresh Response When a WINS server receives the NetBIOS Name Refresh message, the server sends the client a positive Name Registration Response message with a new TTL. Name Release When a NetBIOS application running on a WINS client is closed, NetBT instructs the WINS server to release the unique NetBIOS name used by the application. The WINS server then removes the NetBIOS name mapping from its database. The name release process uses the following types of messages:

Name Release Request The Name Release Request message includes the clients IPv4 address and the NetBIOS name to be removed from the WINS database.

Name Release Response When the WINS server receives the Name Release Request message, the server checks its database for the specified name. If the WINS server encounters a database error or if a different IPv4 address maps to the registered name, the server sends a negative Name Release Response message to NetBT on the WINS client. Otherwise, the WINS server sends a positive Name Release Response message and then designates the specified name as inactive in its database. The positive Name Release Response message contains the released NetBIOS name and a TTL value of 0.

Server Message Block

In computer networking, Server Message Block (SMB), also known as Common Internet File System (CIFS) operates as an application-layer network protocol mainly used to provide shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running

Microsoft Windows, where it was known as "Microsoft Windows Network" before the subsequent introduction of Active Directory. SMB could refer to:

the SMB protocol specification the "server" and "workstation" services that implement the protocol on Windows the Samba daemons that implements the protocol on Unix and Unix-like systems NetBIOS transport used by SMB on legacy versions of Windows the DCE/RPC services that use SMB as an authenticated inter-process communication channel (over named pipes) the "Network Neighborhood" protocols which primarily (but not exclusively) run as datagram services directly on the NetBIOS transport

Common Internet File System

The Common Internet File System (CIFS) is the standard way that computer users share files across corporate intranets and the Internet. An enhanced version of the Microsoft open, cross-platform Server Message Block (SMB) protocol, CIFS is a native file-sharing protocol in Windows 2000. CIFS defines a series of commands used to pass information between networked computers. The redirector packages requests meant for remote computers in a CIFS structure. CIFS can be sent over a network to remote devices. The redirector also uses CIFS to make requests to the protocol stack of the local computer. The CIFS messages can be broadly classified as follows:

Connection establishment messages consist of commands that start and end a redirector connection to a shared resource at the server. Namespace and File Manipulation messages are used by the redirector to gain access to files at the server and to read and write them. Printer messages are used by the redirector to send data to a print queue at a server and to get status information about the print queue. Miscellaneous messages are used by the redirector to write to mailslots and named pipes.

Some of the platforms that CIFS supports are:

Microsoft Windows 2000, Microsoft Windows NT, Microsoft Windows 98, Microsoft Windows 95 Microsoft OS/2 LAN Manager Microsoft Windows for Workgroups UNIX VMS Macintosh IBM LAN Server DEC PATHWORKS Microsoft LAN Manager for UNIX 3Com 3+Open MS-Net

CIFS complements Hypertext Transfer Protocol (HTTP) while providing more sophisticated file sharing and file transfer than older protocols, such as FTP. CIFS is shown servicing a user request for data from a networked server in Figure.

Figure: CIFS Architecture When there is a request to open a shared file, the I/O calls the redirector, which in turn requests the redirector to choose the appropriate transport protocol. For NetBIOS requests, NetBIOS is encapsulated in the IP protocol and transported over the network to appropriate server. The request is passed up to the server, which sends data back to satisfy the request. Components in the redirector provide support for CIFS, such as:

Rdbss.sys All kernel-level interactions are encapsulated in this driver. This includes all cache managers, memory managers, and requests for remote file systems so the specified protocol can use the requested server. Mrxsmb.sys This mini-redirector for CIFS has commands specific to CIFS. Mrxnfs.sys This mini-redirector for the Network File System (NFS) provides support for NFS. Mrxnfs.sys is included in Services for Unix.

In Windows NT 4.0, Windows Internet Name Service (WINS), and Domain Name System (DNS) name resolution was accomplished by using TCP port 134. Extensions to CIFS and NetBT now allow connections directly over TCP/IP with the use of TCP port 445. Both means of resolution are still available in Windows 2000. It is possible to disable either or both of these services in the registry. Features that CIFS offers are: Integrity and Concurrency CIFS allows multiple clients to access and update the same file while preventing conflicts by providing file sharing and file locking. File sharing and file locking is the process of allowing one user to access a file at a time and blocking access to all other users. These sharing and locking mechanisms can be used over the Internet and intranets. They also permit aggressive caching and read-ahead and write-behind without loss of integrity. File caches of buffers must be cleared before the file is usable by other clients. These capabilities ensure that only one copy of a file can be active at a time, preventing data corruption. Optimization for Slow Links The CIFS protocol has been tuned to run well over slow-speed dial-up lines. The effect is improved performance for users who access the Internet using a modem.

Security CIFS servers support both anonymous transfers and secure, authenticated access to named files. File and directory security policies are easy to administer. Performance and Scalability CIFS servers are highly integrated with the operating system, and are tuned for maximum system performance. Unicode File Names File names can be in any character set, not just character sets designed for English or Western European languages. Global File Names Users do not have to mount remote file systems, but can refer to them directly with globally significant names (names that can be located anywhere on the Internet), instead of ones that have only local significance (on a local computer or LAN). Distributed File Systems (DFS) allows users to construct an enterprise-wide namespace. Uniform Naming Convention (UNC) file names are supported so a drive letter does not need to be created before remote files can be accessed.

Internet Printing Protocol

In computing, the Internet Printing Protocol (IPP) provides a standard network protocol for remote printing as well as for managing print jobs, media size, resolution, and so forth. Like all IP-based protocols, IPP can run locally or over the Internet to printers hundreds or thousands of miles away. Unlike other printing protocols, IPP also supports access control, authentication, and encryption, making it a much more capable and secure printing solution than older ones. It uses RAW and LPR printing protocols to print over a network.

IPP is implemented using the Hypertext Transfer Protocol (HTTP) and inherits all of the HTTP streaming and security features. For example, authorization can take place via HTTP's Digest access authentication mechanism, GSSAPI, or via public key certificates. Encryption is provided using the SSL/TLS protocollayer, either in the traditional always-on mode used by HTTPS or using the HTTP Upgrade extension to HTTP (RFC 2817. Streaming is supported using HTTP chunking. IPP uses the traditional client-server model, with clients sending IPP request messages with the MIME media type "application/ipp" in HTTP POST requests to an IPP printer. IPP request messages consist of key/value pairs using a custom binary encoding followed by an "end of attributes" tag and any document data required for the request. The IPP response is send back to the client in the HTTP POST response, again using the "application/ipp" MIME media type. Among other things, IPP allows a client to: 1. 2. 3. 4. 5. query a printer's capabilities submit print jobs to a printer query the status of a printer query the status of one or more print jobs cancel previously submitted jobs

IPP uses TCP with port 631 as its well-known port. IPP implementations such as CUPS also use UDP with port 631 for IPP printer discovery.

Products using the Internet Printing Protocol include, among others, CUPS which is part of Mac OS X and many BSD and Linux distributions and is the reference implementation for IPP/2.0 and IPP/2.1, Novell iPrint, and Microsoft Windows, starting with Windows 2000.[1] Windows XP and Windows Server 2003 offer IPP printing via HTTPS. Windows Vista, Windows 7, Windows Server 2008 and 2008 R2 also support IPP printing over RPC in the "Medium-Low" security zone. For reasons speculative Microsoft dropped support of secure IPP via SSL with Windows Server 2008.

Windows Sockets
the Windows Sockets API (WSA), which was later shortened to Winsock, is a technical specification that defines how Windows network software should access network services, especially TCP/IP. It defines a standard interface between a Windows TCP/IP client application (such as an FTP client or a web browser) and the underlying TCP/IP protocol stack. The nomenclature is based on the Berkeley sockets API model used in BSD for communications between programs. Initially, all the participating developers resisted the shortening of the name to Winsock for a long time, since there was much confusion among users between the API and the DLL library file (winsock.dll) which only exposed the common WSA interfaces to applications above it. Users would commonly believe that only making sure the DLL file was present on a system would provide full TCP/IP protocol support.

Version 1.0 (June 1992) defined the basic operation of Winsock. It was kept very close to the existing interface of Berkeley sockets to simplify porting of existing applications. A few Windows-specific extensions were added, mainly for asynchronous operations with message-based notifications. Although the document didn't limit support to TCP/IP, TCP and UDP were the only protocols explicitly mentioned. Most vendors only delivered TCP/IP support, although Winsock from DEC included DECNet support as well. Version 1.1 (January 1993) made many minor corrections and clarifications of the specification. The most significant change was the inclusion of the gethostname() function. Versions 2.0.x (May 1994 onwards) had internal draft status, and were not announced as public standards. Version 2.1.0 (January 1996) was the first public release of the Winsock 2 specification. Version 2.2.0 (May 1996) included many minor corrections, clarifications, and usage recommendations. It was also the first version to remove support for 16-bit Windows applications. Version 2.2.1 (May 1997) and Version 2.2.2 (August 1997) introduced minor functionality enhancements. Mechanisms were added for querying and receiving notification of changes in network and system configuration. The IPv6 Technical Preview for Windows 2000 (December 2000) saw the first implementation of RFC 2553 (March 1999, later obsoleted by RFC 3493), a protocol-independent API for name resolution, which would become part of Winsock in Windows XP.

Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. User data is interspersed in-band with Telnet control information in an 8-bit byte oriented data connection over the Transmission Control Protocol (TCP).

Telnet was developed in 1969 beginning with RFC 15,extended in RFC 854, and standardized as Internet Engineering Task Force (IETF) Internet Standard STD 8, one of the first Internet standards. Historically, Telnet provided access to a command-line interface (usually, of an operating system) on a remote host. Most network equipment and operating systems with a TCP/IP stack support a Telnet service for remote configuration (including systems based on Windows NT). Because of security issues with Telnet, its use for this purpose has waned in favor of SSH. The term telnet may also refer to the software that implements the client part of the protocol. Telnet client applications are available for virtually all computer platforms. Telnet is also used as a verb. To telnet means to establish a connection with the Telnet protocol, either with command line client or with a programmatic interface. For example, a common directive might be: "To change your password, telnet to the server, login and run the passwd command." Most often, a user will be telnetting to a Unix-like server system or a network device (such as a router) and obtain a login prompt to a command line text interface or a characterbased full-screen manager.

When Telnet was initially developed in 1969, most users of networked computers were in the computer departments of academic institutions, or at large private and government research facilities. In this environment, security was not nearly as much of a concern as it became after the bandwidth explosion of the 1990s. The rise in the number of people with access to the Internet, and by extension, the number of people attempting to hack other people's servers made encrypted alternatives much more of a necessity. Experts in computer security, such as SANS Institute, recommend that the use of Telnet for remote logins should be discontinued under all normal circumstances, for the following reasons:

Telnet, by default, does not encrypt any data sent over the connection (including passwords), and so it is often practical to eavesdrop on the communications and use the password later for malicious purposes; anybody who has access to a router, switch, hub or gateway located on the network between the two hosts where Telnet is being used can intercept the packets passing by and obtain login and password information (and whatever else is typed) with any of several common utilities like tcpdump and Wireshark. Most implementations of Telnet have no authentication that would ensure communication is carried out between the two desired hosts and not intercepted in the middle. Commonly used Telnet daemons have several vulnerabilities discovered over the years.

These security-related shortcomings have seen the usage of the Telnet protocol drop rapidly, especially on the public Internet, in favor of the Secure Shell (SSH) protocol, first released in 1995. SSH provides much of the functionality of telnet, with the addition of strong encryption to prevent sensitive data such as passwords from being intercepted, and public key authentication, to ensure that the remote computer is actually who it claims to be. As has happened with other early Internet protocols, extensions to the Telnet protocol provide Transport Layer Security (TLS) security and Simple Authentication and Security Layer (SASL) authentication that address the above issues. However, most Telnet implementations do not support these extensions; and there has been relatively little interest in implementing these as SSH is adequate for most purposes.

Dynamic Host Configuration Protocol

The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks. Computers that are connected to IP networks must be configured before they can communicate with other computers on the network. DHCP allows a computer to be configured automatically, eliminating the need for

intervention by a network administrator. It also provides a central database for keeping track of computers that have been connected to the network. This prevents two computers from accidentally being configured with the same IP address. In the absence of DHCP, hosts may be manually configured with an IP address. Alternatively IPv6 hosts may use stateless address autoconfiguration to generate an IP address. IPv4 hosts may use link-local addressing to achieve limited local connectivity. In addition to IP addresses, DHCP also provides other configuration information, particularly the IP addresses of local caching DNS resolvers. Hosts that do not use DHCP for address configuration may still use it to obtain other configuration information. There are two versions of DHCP, one for IPv4 and one for IPv6. While both versions bear the same name and perform much the same purpose, the details of the protocol for IPv4 and IPv6 are sufficiently different that they can be considered separate protocols.

Hypertext Transfer Protocol

The Hypertext Transfer Protocol (HTTP) is a networking protocol for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web. The standards development of HTTP has been coordinated by the Internet Engineering Task Force (IETF) and the World Wide Web Consortium, culminating in the publication of a series of Requests for Comments (RFCs), most notably RFC 2616 (June 1999), which defines HTTP/1.1, the version of HTTP in common use. HTTP is an application layer network protocol built on top of TCP. HTTP clients (such as Web browsers) and servers communicate via HTTP request and response messages. The three main HTTP message types are GET, POST, and HEAD. HTTP utilizes TCP port 80 by default, though other ports such as 8080 can alternatively be used. The current version of HTTP in widespread use - HTTP version 1.1 - was developed to address some of the performance limitations of the original version - HTTP 1.0. HTTP 1.1 is documented in RFC 2068.

Network News Transfer Protocol

The Network News Transfer Protocol (NNTP) is an Internet application protocol used for transporting Usenet news articles (netnews) between news servers and for reading and posting articles by end user client applications. Brian Kantor of the University of California, San Diego and Phil Lapsley of the University of California, Berkeley authored RFC 977, the specification for the Network News Transfer Protocol, in March 1986. Other contributors included Stan O. Barber from the Baylor College of Medicine and Erik Fair of Apple Computer. Usenet was originally designed based on the UUCP network, with most article transfers taking place over direct point-to-point telephone links between news servers, which were powerful time-sharing systems. Readers and posters logged into these computers reading the articles directly from the local disk. As local area networks and Internet participation proliferated, it became desirable to allow newsreaders to be run on personal computers connected to local networks. Because distributed file systems were not yet widely

available, a new protocol was developed based on the client-server model. It resembled the Simple Mail Transfer Protocol (SMTP), but was tailored for exchanging newsgroup articles. A newsreader, also known as a news client, is a software application that reads articles on Usenet, either directly from the news server's disks or via the NNTP. The well-known TCP port 119 is reserved for NNTP. When clients connect to a news server with Transport Layer Security (TLS), TCP port 563 is used. This is sometimes referred to as NNTPS.

File Transfer Protocol

File Transfer Protocol (FTP) is a standard network protocol used to copy a file from one host to another over a TCP-based network, such as the Internet. FTP is built on a client-server architecture and utilizes separate control and data connections between the client and server.[1] FTP users may authenticate themselves using a clear-text sign-in protocol but can connect anonymously if the server is configured to allow it. The first FTP client applications were interactive command-line tools, implementing standard commands and syntax. Graphical user interface clients have since been developed for many of the popular desktop operating systems in use today.

Routing Information Protocol

RIP is a dynamic routing protocol used in local and wide area networks. As such it is classified as an interior gateway protocol (IGP). It uses the distance-vector routing algorithm. It was first defined in RFC 1058 (1988). The protocol has since been extended several times, resulting in RIP Version 2 (RFC 2453). Both versions are still in use today, although they are considered to have been made technically obsolete by more advanced techniques such as Open Shortest Path First (OSPF) and the OSI protocol IS-IS. RIP has also been adapted for use in IPv6 networks, a standard known as RIPng (RIP next generation) protocol, published in RFC 2080 (1997).

There are three versions of the Routing Information Protocol: RIPv1, RIPv2, and RIPng. RIP version 1 (RIPv1). This is a simple distance vector protocol. It has been enhanced with various techniques, including Split Horizon and Poison Reverse in order to enable it to perform better in somewhat complicated networks. The longest path cannot exceed 15 hops. RIP uses static metrics to compare routes. The maximum datagram size is 512 bytes not including the IP or UDP headers. RIP version 2 (RIPv2). This version added several new features. External route tags.

Subnet masks. Next hop router addresses. Authentication. Multicast support. RIPng RIPng (RIP next generation), defined in RFC 2080, is an extension of RIPv2 for support of IPv6, the next generation Internet Protocol. The main differences between RIPv2 and RIPng are:

Support of IPv6 networking. While RIPv2 supports RIPv1 updates authentication, RIPng does not. IPv6 routers were, at the time, supposed to use IPsec for authentication. RIPv2 allows attaching arbitrary tags to routes, RIPng does not; RIPv2 encodes the next-hop into each route entries, RIPng requires specific encoding of the next hop for a set of route entries.

Simple Network Management Protocol

Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more.. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF). It consists of a set of standards for network management, including an application layer protocol, a database schema, and a set of data objects. The Simple Network Management Protocol (SNMP) is the standard operations and maintenance protocol for the Internet. SNMP-based management not only produces management solutions for systems, applications, complex devices, and environmental control systems, but also provides the Internet management solutions supporting Web services. SNMPv3, the most recent standard approved by the Internet Engineering Task Force (IETF) Built Upon Open Standards SNMP Research is a leading-edge producer of standards-based products and participates in the IETF SNMP open management standards working groups. SNMP Research was the first company to support SNMPv3. Dr. Jeff Case, founder of SNMP Research, and other engineers at SNMP Research authored or co-authored SNMPv1, SNMPv2c, SNMPv3, and many related MIB documents. As a result, our implementations are faithful to Internet standards, and, in many cases, the standards are based on our implementations. Our engineering staff represents more than a half-century of management expertise. Our sales and engineering teams work closely with you to match your requirements with the best solution.

UNIT - III IP Address (Internet Protocol Address):

This number is an exclusive number all information technology devices (printers, routers, modems, et al) use which identifies and allows them the ability to communicate with each other on a computer network. There is a standard of communication which is called an Internet Protocol standard (IP). In laymans terms it is the same as your home address. In order for you to receive snail mail at home the sending party must have your correct mailing address (IP address) in your town (network) or you do not receive bills, pizza coupons or your tax refund. The same is true for all equipment on the internet. Without this specific address, information cannot be received. IP addresses may either be assigned permanently for an Email server/Business server or a permanent home resident or temporarily, from a pool of available addresses (first come first serve) from your Internet Service Provider. A permanent number may not be available in all areas and may cost extra so be sure to ask your ISP. IP Address Functions: Identification and Routing The first point that bears making is that there are actually two different functions of the IP address:

Network Interface Identification: Like a street address, the IP address provides unique identification of the interface between a device and the network. This is required to ensure that the datagram is delivered to the correct recipients. Routing: When the source and destination of an IP datagram are not on the same network, the datagram must be delivered indirectly using intermediate systems, a process called routing. The IP address is an essential part of the system used to route datagrams.

IP Address Versions: IP version 4: Currently used by most network devices. However, with more and more computers accessing the internet, IPv4 addresses are running out quickly. Just like in a city, addresses have to be created for new neighborhoods but, if your neighborhood gets too large, you will have to come up with an entire new pool of addresses. IPv4 is limited to 4,294,967,296 addresses. IP version 5: This is an experimental protocol for UNIX based systems. In keeping with standard UNIX (a computer Operating System) release conventions, all odd-numbered versions are considered experimental. It was never intended to be used by the general public. IP version 6: The replacement for the aging IPv4. The estimated number of unique addresses for IPv6 is 340,282,366,920,938,463,463,374,607,431,768,211,456 or 2^128.

Converting from Decimal to Binary:

The address is made up of 32 binary bits which can be divisible into a network portion and host portion with the help of a subnet mask. The 32 binary bits are broken into four octets (1 octet = 8 bits). Each octet is converted to decimal and separated by a period (dot). For this reason, an IP address is said to be expressed in dotted decimal format (for example, The value in each octet ranges from 0 to 255 decimal, or 00000000 - 11111111 binary. Here is how binary octets convert to decimal: The right most bit, or least significant bit, of an octet holds a value of 20. The bit just to the left of that holds a value of 2 1. This continues until the left-most bit, or most significant bit, which holds a value of 27. So if all binary bits are a one, the decimal equivalent would be 255 as shown here:

1 1 1 11111 128 64 32 16 8 4 2 1 (128+64+32+16+8+4+2+1=255)

Here is a sample octet conversion when not all of the bits are set to 1.
0 1000001 0 64 0 0 0 0 0 1 (0+64+0+0+0+0+0+1=65)

And this is sample shows an IP address represented in both binary and decimal.
10. 1. 23. 19 (decimal) 00001010.00000001.00010111.00010011 (binary)

These octets are broken down to provide an addressing scheme that can accommodate large and small networks. There are five different classes of networks, A to E. This document focuses on addressing classes A to C, since classes D and E are reserved and discussion of them is beyond the scope of this document. Class D IP addresses are reserved for the multicast group ant cannot be assigned to hosts and the E class IP addresses are the experimental addresses and cannot be assigned to the people. Every IP address consists of 4 octets and 32 bits. Every participating host and the devices on a network such as servers, routers, switches, DNS, DHCP, gateway, web server, internet fax server and printer have their own unique addresses within the scope of the network. TCP/IP protocols are installed by default with the Windows based operating systems. After the TCP/IP protocols are successfully installed you need to configure them through the Properties Tab of the Local Area Connection.

IP Addressing Tips

A Network ID cannot be All 0s A host ID cannot be All 1 because this represents a broadcast address for the local network. Each host must have a unique host portion of the IP address. All hosts on the same network segment should have the same network id. A host address cannot be 127 because 127 has been reserved for the loop back functionalities.

Subnet Mask
An IP (Internet Protocol) address is a unique identifier for a single device (node or host connection) on an IP network. It is a 32 bit binary number that ranges from 0 to 4294967295. This means that theoretically, the Internet can contain approximately 4.3 billion unique objects This binary number is usually represented as 4 decimal values, each representing 8 bits (octets), in the range 0 to 255 separated by decimal points. This is known as dotted decimal notation. IP address is a communications protocol used from the smallest private network to the massive global Internet.

Increments of an IP Address: increment 252 hosts increment 252 hosts increment 4+ billion hosts Subnetting and Subnet Mask A subnetwork, or subnet, describes networked computers and devices that have a common, designated IP address routing prefix. Every IP address consists of two parts, one identifying the network and one identifying the node. The Class of the address and the subnet mask determine which part belongs to the network address and which part belongs to the node address. Routers are used to manage traffic and form borders between subnets. Subnetting is used to break the network into smaller, more efficient subnets to prevent excessive rates of Ethernet packet collision in a large network. These subnets can be arranged hierarchically, with the organizations network address space partitioned into a tree-like structure. A significant feature of subnetting is the subnet mask. Similar to IP addresses, a subnet mask contains four bytes (32 bits) and is often written using the same dotted-decimal notation. Applying a subnet mask to an IP address allows you to identify the network and node parts of the address. The network bits are represented by the ones in the mask, and the node bits are represented by the zeros which are identical to the subnet length. A subnet mask cannot replace an IP address; however they do work together and not independently. Applying the subnet mask to an IP address splits the address into two parts, an extended network address and a host address. The subnet mask determines the size of a subnet and pinpoints where the end points on the subnet ar, if the IP address within the subnet is known. The mask aspect in a subnet mask comes from the fact that it conceals the host bits and leaves the Network ID that starts the subnet. If the beginning and size of the subnet is known, the end of the subnet (Broadcast ID) can be defined. The Network ID is the official designation for a particular subnet, and the ending number is the broadcast address that every device on a subnet listens to. Uses of Subnet Masks

Identifies a Network Isolates the Network ID and Host ID Determines the number of host/terminals that could be used on the same network Reduces Network traffic

Internet IP Address Structure:

As we just saw, each version 4 IP address is 32 bits long. When we refer to the IP address we use a dotteddecimal notation, while the computer converts this into binary. However, even though these sets of 32 bits are considered a single entity, they have an internal structure containing two components:

Network Identifier (Network ID): A certain number of bits, starting from the left-most bit, is used to identify the network where the host or other network interface is located. This is also sometimes called the network prefix or even just the prefix. Host Identifier (Host ID): The remainder of the bits are used to identify the host on the network.

Note: By convention, IP devices are often called hosts for simplicity, as I do throughout this Guide. Even though each host usually has a single IP address, remember that IP addresses are strictly associated with network-layer network interfaces, not physical devices, and a device may therefore have more than one IP address.

Basic IP Address Division: Network ID and Host ID The fundamental division of the bits of an IP address is into a network ID and host ID. Here, the network ID is 8 bits long, shown in cyan, and the host ID is 24 bits in length.

Implications of Including the Network ID in IP Addresses

The fact that the network identifier is contained in the IP address is what partially facilitates the routing of IP datagrams when the address is known. Routers look at the network portion of the IP address to determine first of all if the destination IP address is on the same network as the host IP address. Then routing decisions are made based on information the routers keep about where various networks are located. Again, this is conceptually similar to how the area code is used by the equivalent of routers in the phone network to switch telephone calls. The host portion of the address is used by devices on the local portion of the network. Since the IP address can be split into network ID and host ID components, it is also possible to use either one or the other by itself, depending on context. These addresses are assigned special meanings. For example, if the network ID is used with all ones as the host ID, this indicates a broadcast to the entire network. Similarly, if the host ID is used by itself with all zeroes for the network ID, this implies an IP address sent to the host of that ID on the local network, whatever that might be. It is the inclusion of the network identifier in the IP address of each host on the network that causes the IP addresses to be network-specific. If you move a device from one network to a different one the network ID must change to that of the new network. Therefore, the IP address must change as well. This is an unfortunate drawback that shows up most commonly when dealing with mobile devices.

Network ID and Host ID

Location of the Division Between Network ID and Host ID
One difference between IP addresses and phone numbers is that the dividing point between the bits used to identify the network and those that identify the host isn't fixed. It depends on the nature of the address, the type of addressing being used, and other factors. Let's take the example from the last topic, It is possible to divide this into a network identifier of 227.82 and a host identifier of 157.177. Alternately, the network identifier might be 227 and the host identifier 82.157.177 within that network. To express the network and host identifiers as 32-bit addresses, we add zeroes to replace the missing pieces. In the latter example just above, the address of the network becomes and the address of the host (In practice, network addresses of this sort are routinely seen with the added zeroes; network IDs are not as often seen in 32-bit form this way.) Lest you think from these examples that the division must always be between whole octets of the address, it's also possible to divide it in the middle of an octet. For example, we could split the IP address so there were 20 bits for the network ID and 12 bits for the host ID. The process is the same, but determining the dotted decimal ID values is more tricky because here, the 157 is split into two binary numbers. The results are for the network ID and for the host ID, as shown in Figure 58.

Mid-Octet IP Address Division Since IP addresses are normally expressed as four dotted-decimal numbers, educational resources often show the division between the Network ID and Host ID occurring on an octet boundary. However, its essential to remember that the dividing point often appears in the middle of one of these eight-bit numbers. In this example, the Network ID is 20 bits long and the Host ID 12 bits long. This results in the third number of the original IP address, 157, being split into 144 and 13. The place where the line is drawn between the network ID and the host ID must be known in order for devices such as routers to know how to interpret the address. This information is conveyed either implicitly or explicitly depending on the type of IP addressing in use. I describe this in the following topic.

IP "Classful" Addressing Network and Host Identification and Address Ranges

Determining Address Class From the First Octet Bit Pattern: As humans, of course, we generally work with addresses in dotted decimal notation and not in binary, but it's pretty easy to see the ranges that correspond to the classes. For example, consider class B. The first two bits

of the first octet are 10. The remaining bits can be any combination of ones and zeroes. This is normally represented as 10xx xxxx (shown as two groups of four for readability.) Thus, the binary range for the first octet can be from 1000 0000 to 1011 1111. This is 128 to 191 in decimal. So, in the classful scheme, any IP address whose first octet is from 128 to 191 (inclusive) is a class B address. In Table to shown the bit patterns of each of the five classes, and the way that the first octet ranges can be calculated. In the first column is the format for the first octet of the IP address, where the xs can be either a zero or a one. Then I show the lowest and highest value for each class in binary (the fixed few bits are highlighted so you can see that they do not change while the others do.) I then also show the corresponding range for the first octet in decimal.
Table 44: IP Address Class Bit Patterns, First-Octet Ranges and Address Ranges IP Address Class Class A Class B Class C Class D Class E First Octet of IP Address 0xxx xxxx 10xx xxxx 110x xxxx 1110 xxxx 1111 xxxx Lowest Value of First Octet (binary) 0000 0001 1000 0000 1100 0000 1110 0000 1111 0000 Highest Value of First Octet (binary) 0111 1110 1011 1111 1101 1111 1110 1111 1111 1111 Range of First Octet Values (decimal) 1 to 126 128 to 191 192 to 223 224 to 239 240 to 255 Octets in Network ID / Host ID 1/3 2/2 3/1 Theoretical IP Address Range to to to to to

Key Concept: In the classful IP addressing scheme, the class of an IP address is identified by looking at the first one, two, three or four bits of the address. This can be done both by humans working with these addresses and routers making routing decisions. The use of these bit patterns means that IP addresses in different classes fall into particular address ranges that allow an addresss class to be determined by looking at the first byte of its dotted-decimal address.

Address Ranges for Address Classes:

I have also shown in Table the theoretical lowest and highest IP address ranges for each of the classes. This means that the address ranges shown are just a result of taking the full span of binary numbers possible in each class. In reality, some of the values are not available for normal use. For example, even though to is technically in class C, it is reserved and not actually used by hosts on the Internet. Also, there are IP addresses that can't be used because they have special meaning. For example, you can't use an IP address of, as this is a reserved all ones broadcast address. In a similar vein, note that the range for Class A is from 1 to 126 and not 0 to 127 like you might have expected. This is because class A networks 0 and 127 are reserved; 127 is the network containing the IP loopback address. These special and reserved addresses are discussed later in this section.

IP Address Class Bit Assignments and Network/Host ID Sizes This illustration shows how the 32 bits of IP address are assigned for each of the five IP address classes. Classes A, B and C are the normal classes used for regular unicast addresses; each has a different dividing point between the Network ID and Host ID. Classes D and E are special and are not divided in this manner. Now, recall that classes A, B and C differ in where the dividing line is between the network ID and the host ID: 1 for network and 3 for host for class A, 2 for each for class B, and 3 for network and 1 for host for class C. Based on this division, I have highlighted the network ID portion of the IP address ranges for each of classes A, B and C. The plain text corresponds to the range of host IDs for each allowable network ID. Figure 62 shows graphically how bits are used in each of the five classes. Let's look at class C. The lowest IP address is and the highest is The first three octets are the network ID, and can range from 192.0.0 to 223.255.255. For each network ID in that range, the host ID can range from 0 to 255.

IP Addresses Classes
Class A The binary address for the class A starts with 0. The range of the IP addresses in the class A is between 1 to 126 and the default subnet mask of the class A is Class A supports 16 million hosts on each of 125 networks. An example of the class A is Class A is used for the large networks with many network devices. Class B The binary address for the class B starts with 10. The range of the IP address in the class B is between 128 to 191 and the default subnet mast for the class B is Class B supports 65,000 on each of 16,000 networks. An example of the class B address is Class B addresses scheme is used for the medium sized networks. Class C The binary address for the class C starts with 110. The range of the IP addresses in the class C is between 192 to 223 and the default subnet mask for the class C is 255.255.255. Class C hosts 254 hosts on each of 2 million networks. An example of the Class C IP address is Class C is used for the small networks with less then 256 devices and nodes in a network.

Class D The binary addresses for the class D starts with 1110 and the IP addresses range can be between 224 to 239. An example of the class D IP address is Class E The binary address can starts with 1111 and the decimal can be anywhere from 240 to 255. An example of the class E IP address is It is very important to know that all the computers in the same network segment should have the IP addresses for the same class i.e. form A, B or C. Note: It is common to see resources refer to the network ID of a classful address as including only the significant bits, that is, only the ones that are not common to all networks of that class. For example, you may see a Class B network ID shown in a diagram as having 14 bits, with the 10 that starts all such networks shown separately, as if it were not part of the network ID. Remember that the network ID does include those bits as well; it is 8 full bits for Class A, 16 for Class B and 24 for Class C. In the case of Class D addresses, all 32 bits are part of the address, but only the lower 28 bits are part of the multicast group address; see the topic on multicast addressing for more.

UNIT-IV Determining Host Addresses For Each Subnet

Once we know the addresses of each of the subnets in our network, we use these addresses as the basis for assigning IP addresses to the individual hosts in each subnet. We start by associating a subnet base address with each physical network. We then sequentially assign hosts particular IP addresses within the subnet Determining host addresses is really quite simple, once we know the subnet address. All we do is substitute the numbers 1, 2, 3 and so on for the host ID bits in the subnet address. We must do this in binary of course, and then convert the address to decimal form. Again, we can do some short-cutting once the rather obvious pattern of how to assign addresses emerges. We'll look at those later in the topic. Class C Host Address Determination Example Let's start with our Class C example again,, which we divided into 8 subnets using 3 subnet bits. Here's how the address appears with the subnet bits shown highlighted, and the host ID bits shown highlighted and underlined.: 11010011 01001101 00010100 00000000 The first subnet is subnet #0, which has all zeroes for those subnet bits, and thus the same address as the network as a whole: We substitute the numbers 1, 2, 3 and so on for the underlined bits to get the host IDs. (Remember that we don't start with 0 here because for the host ID, the all-zero and all-one binary patterns have special meaning). So it goes like this: 1. The first host address has the number 1 for the host ID, or 00001 in binary. So, it is: 11010011 01001101 00010100 00000001

In decimal, this is 2. The second host address has the number 2 for the host ID, or 00010 in binary. Its binary value is: 11010011 01001101 00010100 00000010 In decimal, this is I'm sure you get the picture already; the third host will be, the fourth and so on. There is a maximum of 30 hosts in each subnet, as we saw before. So, the last host in this subnet will be found by substituting 30 (11110 in binary) for the host ID bits, resulting in a decimal address of

Figure 80: Determining Host Addresses For A Class C Network This diagram shows how both subnet addresses and host addresses are determined in a two-step process. The subnet addresses are found by substituting subnet ID values (shown in red) for the subnet ID bits of the network. Then, for any given subnet address, we can determine a host address

by substituting a host number (shown in blue) for the host ID bits within that subnet. So, for example, host #2 in subnet #6 has 110 for the subnet ID and 00010 for the host ID, resulting in a final octet value of 11000010 or 194. We can do the same thing for each of the other subnets; the only thing that changes is the values in the subnet ID bits. Let's take for example, subnet #6. It has 110 for the subnet bits instead of 000. So, its subnet base address is, or: 11010011 01001101 00010100 11000000 We assign hosts to this subnet by substituting 00001, then 00010, then 00011 for the host ID bits as before: 1. The first host address is: 11010011 01001101 00010100 11000001 Or 2. The second host address is: 11010011 01001101 00010100 11000010 Or And so on, all the way up to the last host in the subnet, which is Figure 80 shows graphically how subnet and host addresses are calculated for this sample network. Class B Host Address Determination Example We can do the same thing for our Class B network, naturally. The address of that network is Now, say we want to define the hosts that go in subnet #13. We substitute 13 in binary (01101) for the subnet ID bits, to get the following subnet address, shown with the subnet ID bits highlighted and the host ID bits highlighted and underlined: 10100110 01110001 01101000 00000000 This is the subnet address Now, we have 11 bits of host ID, so we can have a maximum of 2,046 hosts. The first is found by substituting 000 00000001 for the host ID bits, to give an address of The second host is, and so on. The last is found by substituting 111 11111110, to give an address of Note that since the host ID bits extend over two octets, two octets change as we increment the host ID, unlike our Class C example. The broadcast address is "Shortcuts" For Quickly Computing Host Addresses As you can see, defining the host IDs is really quite straight-forward. If you can substitute bits and convert to decimal, you have all you need to know. You can also see that as was the case with defining the subnet addresses, there are patterns that you can use in defining host IDs and understanding how they work. These generally define ways that we can more quickly determine certain host addresses by working directly in decimal instead of bothering with binary substitutions. This is a bit more complex conceptually, so only proceed if you are feeling a bit brave. The following are some of the shortcuts you can use in determining host IP addresses in a subnet environment:

First Host Address: The first host address is always the subnet address with the last octet incremented by 1. So, in our class C example, subnet #3's base address is The first host address in subnet #3 is thus Subsequent Host Addresses: After you find the first host address, to get the next one you just add one to the last octet of the previous address. If this makes the last octet 256 (which can happen only if there are more than 8 host ID bits) you wrap around this to zero and increment the third octet. Directly Calculating Host Addresses: If the number of host ID bits is 8 or less, you can find host #N's address by adding N to the last octet's decimal value. For example, in our class C example, subnet #3's base address is Therefore, host #23 in this subnet has an address of

If there are more than 8 bits in the host ID, this only works for the first 255 hosts, after which you have to wrap around and increase the value of the third octet. Consider again subnet #13 in our Class B example, which has a base address of Host #214 on this subnet has address, but host #314 isn't It is (host #255 is, then host #256 is, and we count up 58 more (314-256) to get to #314,

Range Of Host Addresses: The range of hosts for any subnet is determined as follows:

First Address: Base address of subnet with last octet incremented by one. Last Address: Base address of next subnet after this one, less two in the last octet (which may require changing a 0 in the last octet to 254 and reducing the value of the third octet by 1).

Broadcast Address: The broadcast address for a subnet is always one less than the base address of the subsequent subnet. Or alternately, one more than the last real host address of the subnet. So, for subnet #17 in our Class B example, the broadcast address is

Did I just confuse you? Well, remember, these are shortcuts and sometimes when you take a shortcut you get lost. J Just kidding, it's really not that hard once you play around with it a bit. In closing, remember the following quick summary when working with IP addresses in a subnet environment: 1. The network ID is the same for all hosts in all subnets, and all subnets in the network. 2. The subnet ID is the same for all hosts in each subnet, but unique to each subnet in the network. 3. The host ID is unique within each subnet. Each subnet has the same set of host IDs. 4. Subnetting is fun!

Determine the Network IDs

A network address, or IP address, is a series of numbers that a computer or other device uses to connect to a network, like the internet. An example of an IP (or network) address would be IP addresses are individual and differ between devices and networks. An IP address is separated into two parts. The first part is the network address, which is the first three series of numbers (192.168.1 as shown in the example.) The last number or series of numbers (100 in the shown example) is the host address. 1. Find Your Address
o Locate and click the Start menu on your computer. Find "Run" and click to open it. This will bring up the window that allows you to locate files and folders on your computer.

o o o

Type "cmd" in the drop down arrow box next to Open. Then click OK. This will open the command prompt. Type "ipconfig" to bring up the network configurations of your computer and press "Enter" on your keyboard. Locate the line that says "IP Address," IPv4 Address" or something similar. Follow the dotted lines over to the right to locate your IP address.

How to determine an IP address:

Microsoft Windows Users
1. 2. Click Start / Run and type: cmd or command to open a Windows command line. From the prompt, type ipconfig and press enter. This should give you information similar to what is shown below.

Windows 2000 IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : Subnet Mask . . . . . . . . . . : Default Gateway . . . . . . . : As seen in the above example, the IP address as well as other important network information is listed when using the "ipconfig" command. If you have more than one network adapter, e.g. a wireless adapter and network adapter you'll see each adapter listed when using this command. Home network and corporate network users This information is the IP address of your computer in your network. If you're computer is connected to the Internet the IP address shown in this screen will more than likely not be the IP address other people and web pages see. To determine this IP address easily see the below online service section. Graphical representation of network settings Microsoft Windows XP users may get a GUI representation of their network by right-clicking the network icon in their systray and selecting "Status." Within the "Local Area Connection Status" window click the "Support" tab. Microsoft Windows 98 users may also get a GUI representation of their network settings by clicking Start / Run and typing "ipconfig" in the run line. Unfortunately, not all versions of Windows have this feature.

Linux / Unix, BSD 4.2+, and Apple OS X, Operating System Users

For Linux or Unix users, to view their IP address or network information, users must have administrator or root privileges. 1. Open the Linux or Unix shell if you are utilizing a GUI interface for your Linux or Unix machine. 2. From the prompt, type "ifconfig eth0" (without the quotes) and press enter. This should give you a listing of network information similar to what is seen below. eth0 Link encap:Ethernet HWaddr 00:A0:24:72:EB:0A inet addr: Bcast: Mask: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5569799 errors:32 dropped:32 overruns:0 frame:6 TX packets:3548292 errors:0 dropped:0 overruns:0 carrier:3 Collisions:14 Interrupt:18 Base address:0xda00

As seen from the above example, users will commonly see the network settings for all their network devices when running the "ifconfig" command. First in the above example we have the network settings for the "lo" or "local loopback", next is the actual network settings of your network adapter. Home network and corporate network users This information is the IP address of your computer in your network. If you're computer is connected to the Internet the IP address shown in this screen will more than likely not be the IP address other people and web pages see. To determine this IP address easily see the below online service section. Apple Macintosh Users 1. From the Apple menu, select the "Apple System Profiler" 2. Open the "Network overview" 3. Open "TCP/IP" Within this window the user will be able to see the computer's network information including the IP address.

Public and Private IP Addresses:

What is the Difference Between Public and Private IP Addresses? A unique Internet Protocol (IP) address, known as a public IP address, is assigned to every computer that connects to the Internet. The IP addressing scheme makes it possible for computers to find each other online and exchange information. Within a private network, computers use addresses excluded by convention from use on the Internet. The difference between a private IP address and a public IP address then, is that private IP addresses are reserved for private networks, and public IP addresses are reserved for the Internet. The Internet Assigned Numbers Authority (IANA), a once-autonomous organization, now works within the purview of the Internet Corporation for Assigned Names and Numbers (ICANN). IANA is responsible for overseeing global allocation of IP numbers, among other related protocols. Within the range of publicly available IP addresses are specific, excluded ranges withheld for private network use. These private IP ranges are as follows: (Total Addresses: 16,777,216) (Total Addresses: 1,048,576) (Total Addresses: 65,536)

Computers within a private network are each assigned a unique address in order to exchange files and share resources with one another. The network router, which routes information, will pass data back and forth among the connected computers, using the respective addresses. But how do computers on a private network connect to the Internet? Assuming the network has Internet connectivity, the computer connected to the digital subscriber line (DSL) modem is assigned a public IP address by the Internet Service Provider (ISP). This single public IP address is used to identify the network on the Internet. Now the networks router acts as a gatekeeper between the private network and the public Internet. Using a built-in Network Address Translator (NAT), the router passes requests to the Internet using the assigned public IP address. Returning data is routed back to the public IP address, with the router determining which private IP address requested the information. In essence, the private IP address is daisy-chained to the public IP address through processes in the router. A public IP address can be static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. Some gamers also prefer static IPs for interactive gaming. A dynamic public IP address is chosen from a pool of available addresses and changes each time

one connects to the Internet. Most people have a dynamic public IP address, as it is the standard type of public IP address assigned when purchasing Internet connectivity. Various freeware programs are available online that will display your computers assigned public IP address for you. To see private IP addresses you can open your routers configuration dialogs, or if using Windows XP, type ipconfig at the command prompt. The command prompt is available through Start -> All Programs -> Accessories -> Command Prompt. To leave the command prompt window, type exit. What are Public IP Addresses? A public IP address is assigned to every computer that connects to the Internet where each IP is unique. Hence there cannot exist two computers with the same public IP address all over the Internet. This addressing scheme makes it possible for the computers to find each other online and exchange information. User has no control over the IP address (public) that is assigned to the computer. The public IP address is assigned to the computer by the Internet Service Provider as soon as the computer is connected to the Internet gateway. A public IP address can be either static or dynamic. A static public IP address does not change and is used primarily for hosting webpages or services on the Internet. On the other hand a dynamic public IP address is chosen from a pool of available addresses and changes each time one connects to the Internet. Most Internet users will only have a dynamic IP assigned to their computer which goes off when the computer is disconnected from the Internet. Thus when it is re-connected it gets a new IP. What are Private IP Addresses? An IP address is considered private if the IP number falls within one of the IP address ranges reserved for private networks such as a Local Area Network (LAN). The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private networks (local networks): (Total Addresses: 16,777,216) (Total Addresses: 1,048,576) (Total Addresses: 65,536)

Private IP addresses are used for numbering the computers in a private network including home, school and business LANs in airports and hotels which makes it possible for the computers in the network to communicate with each other. Say for example, if a network X consists of 10 computers each of them can be given an IP starting from to Unlike the public IP, the administrator of the private network is free to assign an IP address of his own choice (provided the IP number falls in the private IP address range as mentioned above). Devices with private IP addresses cannot connect directly to the Internet. Likewise, computers outside the local network cannot connect directly to a device with a private IP. It is possible to interconnect two private networks with the help of a router or a similar device that supports Network Address Translation. If the private network is connected to the Internet (through an Internet connection via ISP) then each computer will have a private IP as well as a public IP. Private IP is used for communication within the network where as the public IP is used for communication over the Internet. Most Internet users with a DSL/ADSL connection will have both a private as well as a public IP. You can know your private IP by typing ipconfig command in the command prompt. The number that you see against IPV4 Address: is your private IP which in most cases will be or Unlike the public IP, private IP addresses are always static in nature.

Unlike what most people assume, a private IP is neither the one which is impossible to trace (just like the private telephone number) nor the one reserved for stealth Internet usage. In reality there is no public IP address that is impossible to trace since the protocol itself is designed for transparency.

What is Network Routing

You will be able to find the basic network routing overview, router configuration, router working, simulations static routes and routing table. Routing is the process of defining routes for the packets to its destination through an internetwork and this is performed by the router. Routing is consist of two separate tasks. 1. Defining paths for the packets through and internetwork. 2. Forwarding data packets based on their predefined paths. Generally, there are two types of routing.

IP Routes and Routing Tables

Routers are responsible for forwarding traffic on an IP internetwork. Each router accepts datagrams from a variety of sources, examines the IP address of the destination and decides what the next hop is that the datagram needs to take to get it that much closer to its final destination. A question then naturally arises: how does a router know where to send different datagrams? Each router maintains a set of information that provides a mapping between different network IDs and the other routers to which it is connected. This information is contained in a data structure normally called a routing table. Each entry in the table, unsurprisingly called a routing entry, provides information about one network (or subnetwork, or host). It basically says if the destination of this datagram is in the following network, the next hop you should take is to the following device. Each time a datagram is received the router checks its destination IP address against the routing entries in its table to decide where to send the datagram, and then sends it on its next hop. Obviously, the fewer the entries in this table, the faster the router can decide what to do with datagrams. (This was a big part of the motivation for classless addressing, which aggregates routes into supernets to reduce router table size, as we will see in the next topic.) Some routers only have connections to two other devices, so they don't have much of a decision to make. Typically, the router will simply take datagrams coming from one of its interfaces and if necessary, send them out on the other one. For example, consider a small company's router acting as the interface between a network of three hosts and the Internet. Any datagrams sent to the router from a host on this network will need to go over the router's connection to the router at the ISP. When a router has connections to more than two devices, things become considerably more complex. Some distant networks may be more easily reachable if datagrams are sent using one of the routers than the other. The routing table contains information not only about the networks directly connected to the router, but also information that the router has learned about more distant networks. Key Concept: A router make decisions about how to route datagrams using its internal routing table. The table contains entries specifying to which router datagrams should be sent to reach a particular network.

Figure 93: IP Routing and Routing Tables This diagram shows a small, simple internetwork consisting of four LANs each served by a router. The routing table for each lists the router to which datagrams for each destination network should be sent, and is color coded to match the colors of the networks. Notice that due to the triangle, each of R1, R2 and R3 can send to each other. However, R2 and R3 must send through R1 to deliver to R4, and R4 must use R1 to reach either of the others. Routing Tables in an Example Internetwork Lets consider an example (see Figure 93) with routers R1, R2 and R3 connected in a triangle, so that each router can send directly to the others, as well as to its own local network. Suppose R1's local network is, R2's is and R3's is (I'm just trying to keep this simple. ) R1 knows that any datagram it sees with 11 as the first octet is on its local network. It will also have a routing entry that says that any IP address starting with 12 should go to R2, and any starting with 13 should go to R3. Let's suppose that R1 also connects to another router, R4, which has as its local network. R1 will have an entry for this local network. However, R2 and R3 also need to know how to reach, even though they don't connect to it its router directly. Most likely, they will have an entry that says that any datagrams intended for should be sent to R1. R1 will then forward them to R4. Similarly, R4 will send any traffic intended for or through R1. Note: There is a difference between a routable protocol and a routing protocol. IP is a routable protocol, which means its messages (datagrams) can be routed. Examples of routing protocols are RIP or BGP, which are used to exchange routing information between routers.

IP Routing
This chapter describes how IPv4 and IPv6 forward packets from a source to a destination and the basic concepts of routing infrastructure. A network administrator must understand routing tables, route

determination processes, and routing infrastructure when designing IP networks and troubleshooting connectivity problems.

Chapter Objectives
After completing this chapter, you will be able to:

Define the basic concepts of IP routing, including direct and indirect delivery, routing tables and their contents, and static and dynamic routing. Explain how IPv4 routing works with the TCP/IP component of Windows, including routing table contents and the route determination process. Define IPv4 route aggregation and route summarization. Configure Windows hosts, static routers, and dynamic routers for routing. Define network address translation and how it is used on the Internet. Explain how IPv6 routing works with the IPv6 component of Windows, including routing table contents and the route determination process. Configure hosts and static routers for the IPv6 component of Windows. Define the use of the Route, Netsh, Ping, Tracert, and Pathping tools in IPv4 and IPv6 routing.

IP Routing Overview
IP routing is the process of forwarding a packet based on the destination IP address. Routing occurs at a sending TCP/IP host and at an IP router. In each case, the IP layer at the sending host or router must decide where to forward the packet. For IPv4, routers are also commonly referred to as gateways. To make these decisions, the IP layer consults a routing table stored in memory. Routing table entries are created by default when TCP/IP initializes, and entries can be added either manually or automatically.

Direct and Indirect Delivery

Forwarded IP packets use at least one of two types of delivery based on whether the IP packet is forwarded to the final destination or whether it is forwarded to an IP router. These two types of delivery are known as direct and indirect delivery.

Direct delivery occurs when the IP node (either the sending host or an IP router) forwards a packet to the final destination on a directly attached subnet. The IP node encapsulates the IP datagram in a frame for the Network Interface layer. For a LAN technology such as Ethernet or Institute of Electrical and Electronic Engineers (IEEE) 802.11, the IP node addresses the frame to the destinations media access control (MAC) address. Indirect delivery occurs when the IP node (either the sending host or an IP router) forwards a packet to an intermediate node (an IP router) because the final destination is not on a directly attached subnet. For a LAN technology such as Ethernet or IEEE 802.11, the IP node addresses the frame to the IP routers MAC address.

End-to-end IP routing across an IP network combines direct and indirect deliveries.

Direct and indirect delivery In Figure 5-1, when sending packets to Host B, Host A performs a direct delivery. When sending packets to Host C, Host A performs an indirect delivery to Router 1, Router 1 performs an indirect delivery to Router 2, and then Router 2 performs a direct delivery to Host C.

IP Routing Table
A routing table is present on every IP node. The routing table stores information about IP destinations and how packets can reach them (either directly or indirectly). Because all IP nodes perform some form of IP routing, routing tables are not exclusive to IP routers. Any node using the TCP/IP protocol has a routing table. Each table contains a series of default entries according to the configuration of the node, and additional entries can be added manually, for example by administrators that use TCP/IP tools, or automatically, when nodes listen for routing information messages sent by routers. When IP forwards a packet, it uses the routing table to determine:

The next-hop IP address For a direct delivery, the next-hop IP address is the destination address in the IP packet. For an indirect delivery, the next-hop IP address is the IP address of a router.

The next-hop interface The interface identifies the physical or logical interface that forwards the packet.

Routing Table Entries

A typical IP routing table entry includes the following fields:

Destination Either an IP address or an IP address prefix. Prefix Length The prefix length corresponding to the address or range of addresses in the destination. Next-Hop The IP address to which the packet is forwarded. Interface

The network interface that forwards the IP packet.

Metric A number that indicates the cost of the route so that IP can select the best route, among potentially multiple routes to the same destination. The metric sometimes indicates the number of hops (the number of links to cross) in the path to the destination.

Routing table entries can store the following types of routes:

Directly-attached subnet routes Routes for subnets to which the node is directly attached. For directly-attached subnet routes, the Next-Hop field can either be blank or contain the IP address of the interface on that subnet.

Remote subnet routes Routes for subnets that are available across routers and are not directly attached to the node. For remote subnet routes, the Next-Hop field is the IP address of a neighboring router.

Host routes A route to a specific IP address. Host routes allow routing to occur on a per-IP address basis.

Default route Used when a more specific subnet or host route is not present. The next-hop address of the default route is typically the default gateway or default router of the node.

Static and Dynamic Routing

For IP packets to be efficiently routed between routers on the IP network, routers must either have explicit knowledge of remote subnet routes or be properly configured with a default route. On large IP networks, one of the challenges that you face as a network administrator is how to maintain the routing tables on your IP routers so that IP traffic travels along the best path and is fault tolerant. Routing table entries on IP routers are maintained in two ways:

Manually Static IP routers have routing tables that do not change unless a network administrator manually changes them. Static routing requires manual maintenance of routing tables by network administrators. Static routers do not discover remote routes and are not fault tolerant. If a static router fails, neighboring routers do not detect the fault and inform other routers.

Automatically Dynamic IP routers have routing tables that change automatically when the routers exchange routing information. Dynamic routing uses routing protocols, such as Routing Information Protocol (RIP) and Open Shortest Path First (OSPF), to dynamically update routing tables. Dynamic routers discover remote routes and are fault tolerant. If a dynamic router fails, neighboring routers detect the fault and propagate the changed routing information to the other routers on the network.

Dynamic Routing
Dynamic routing is the automatic updating of routing table entries to reflect changes in network topology. A router with dynamically configured routing tables is known as a dynamic router. Dynamic routers build and maintain their routing tables automatically by using a routing protocol, a series of periodic or on-demand messages that contain routing information. Except for their initial configuration, typical dynamic routers

require little ongoing maintenance and, therefore, can scale to larger networks. The ability to scale and recover from network faults makes dynamic routing the better choice for medium, large, and very large networks. Some widely used routing protocols for IPv4 are RIP, OSPF, and Border Gateway Protocol 4 (BGP-4). Routing protocols are used between routers and represent additional network traffic overhead on the network. You should consider this additional traffic if you must plan WAN link usage. When choosing a routing protocol, you should pay particular attention to its ability to sense and recover from network faults. How quickly a routing protocol can recover depends on the type of fault, how it is sensed, and how routers propagate information through the network. When all the routers on the network have the correct routing information in their routing tables, the network has converged. When convergence is achieved, the network is in a stable state, and all packets are routed along optimal paths. When a link or router fails, the network must reconfigure itself to reflect the new topology by updating routing tables, possibly across the entire network. Until the network reconverges, it is in an unstable state. The time it takes for the network to reconverge is known as the convergence time. The convergence time varies based on the routing protocol and the type of failure, such as a downed link or a downed router. The Routing and Remote Access service in the Microsoft Windows Server 2003 operating systems supports the RIP and OSPF IPv4 routing protocols but no IPv6 routing protocols.

Routing Protocol Technologies

Typical IP routing protocols are based the following technologies:

Distance Vector Distance vector routing protocols propagate routing information in the form of an address prefix and its distance (hop count). Routers use these protocols to periodically advertise the routes in their routing tables. Typical distance vector-based routers do not synchronize or acknowledge the routing information they exchange. Distance vector-based routing protocols are easier to understand and configure, but they also consume more network bandwidth, take longer to converge, and do not scale to large or very large networks.

Link State Routers using link state-based routing protocols exchange link state advertisements (LSAs) throughout the network to update routing tables. LSAs consist of address prefixes for the networks to which the router is attached and the assigned costs of those networks. LSAs are advertised upon startup and when a router detects changes in the network topology. Link state-based routers build a database of LSAs and use the database to calculate the optimal routes to add to the routing table. Link state-based routers synchronize and acknowledge the routing information they exchange. Link state-based routing protocols consume less network bandwidth, converge more quickly, and scale to large and very large networks. However, they can be more complex and difficult to configure.

Path Vector Routers use path vectorbased routing protocols to exchange sequences of autonomous system numbers that indicate the path for a route. An autonomous system is a portion of a network under the same administrative authority. Autonomous systems are assigned a unique autonomous system identifier. Path vectorbased routers synchronize and acknowledge the routing information they exchange. Path vectorbased routing protocols consume less network bandwidth, converge more

quickly, and scale to networks the size of the Internet. However, they can also be complex and difficult to configure. IPv4 Routing IPv4 routing is the process of forwarding an IPv4 packet based on its destination IPv4 address. IPv4 routing occurs at a sending IPv4 host and at IPv4 routers. The forwarding decision is based on the entries in the local IPv4 routing table.

Contents of the IPv4 Routing Table

The following are the fields of an IPv4 routing table entry for the TCP/IP component of Windows:

Destination Can be either an IPv4 address or an IPv4 address prefix. For the IPv4 routing table of the TCP/IP component of Windows, this column is named Network Destination in the display of the route print command.

Network Mask The prefix length expressed in subnet mask (dotted decimal) notation. The subnet mask is used to match the destination IPv4 address of the outgoing packet to the value in the Destination field. For the IPv4 routing table of the TCP/IP component of Windows, this column is named Netmask in the display of the route print command.

Next-Hop The IPv4 address to which the packet is forwarded. For the IPv4 routing table of the TCP/IP component of Windows, this column is named Gateway in the display of the route print command. For direct deliveries, the Gateway column lists the IPv4 address assigned to an interface on the computer.

Interface The network interface that is used to forward the IPv4 packet. For the IPv4 routing table of the TCP/IP component of Windows, this column contains an IPv4 address assigned to the interface.

Metric A number used to indicate the cost of the route so that the best route, among potentially multiple routes to the same destination, can be selected. The metric can indicate either the number of links in the path to the destination or the preferred route to use, regardless of number of links.

IPv4 routing table entries can store the following types of routes:

Directly attached subnet routes For directly attached subnet routes, the Next-Hop field is the IPv4 address of the interface on that subnet.

Remote subnet routes For remote subnet routes, the Next-Hop field is the IPv4 address of a neighboring router. Host routes

For IPv4 host routes, the destination is a specific IPv4 address, and the network mask is

Default route The default route is used when a more specific subnet or host route is not found. The default route destination is with the network mask of The next-hop address of the default route is typically the default gateway of the node.

Route Determination Process

IPv4 uses the following process to determine which routing table entry to use for forwarding: 1. For each entry in the routing table, IPv4 performs a bit-wise logical AND operation between the destination IPv4 address and the Network Mask field. The result is compared with the Destination field of the entry for a match. As described in Chapter 4, "Subnetting," the result of the bit-wise logical AND operation is: For each bit in the subnet mask that is set to 1, copy the corresponding bit from the destination IPv4 address to the result. o For each bit in the subnet mask that is set to 0, set the corresponding bit in the result to 0. 2. IPv4 compiles the list of matching routes and selects the route that has the longest match (that is, the route with the highest number of bits set to 1 in the subnet mask). The longest matching route is the most specific route to the destination IPv4 address. If the router finds multiple routes with the longest matches (for example, multiple routes to the same address prefix), the router uses the lowest metric to select the best route. If the metrics are the same, IPv4 chooses the interface that is first in the binding order.

Name Resolution Techniques

Conventional name resolution transforms a DNS name into an IP address. At the highest level, this process can be considered to have two phases. In the first phase, we locate a DNS name server that has the information we need: the address that goes with a particular name. In the second phase, we send that server a request containing the name we want to resolve, and it sends back the address required. The Difficult Part of Name Resolution: Finding The Correct Server Somewhat ironically, the second phase (the actual mapping of the name into an address) is fairly simple. It is the first phasefinding the right serverthat is potentially difficult, and comprises most of the work in DNS name resolution. While perhaps surprising, this is a predictable result of how DNS is structured. Name information in DNS is not centralized, but rather distributed throughout a hierarchy of servers, each of which is responsible for one zone in the DNS name space. This means we have to follow a special sequence of steps to let us find the server that has the information we need. The formal process of name resolution parallels the tree-like hierarchy of the DNS name space, authorities and servers. Resolution of a particular DNS name starts with the most general part of the name, and proceeds from it to the most specific part. Naturally, the most general part of every name is the root of the DNS tree, represented in a name as a trailing dot, sometimes omitted. The next most-specific part is the top-level domain, then the second-level domain and so forth. The DNS name servers are linked in that the DNS

server at one level knows the name of the servers that are responsible for subdomains in zones below it at the next level. Suppose we start with the fully-qualified domain name (FQDN) C.B.A.. Formally, every name resolution begins with the root of the treethis is why the root name servers are so important. It's possible that the root name servers are authoritative for this name, but probably not; that's not what the root name servers are usually used for. What the root name server does know is the name of the server responsible for the top-level domain, A.. The name server for A. in turn may have the information to resolve C.B.A. It's still fairly high-level, though, so C.B.A is probably not directly within its zone. In that case, it will not know the address we seek, but it will know the name of the server responsible for B.A.. In turn, that name server may be authoritative for C.B.A., or it may just know the address of the server for C.B.A., which will have the information we need. As you can see, it is very possible that several different servers may be needed in a name resolution. Key Concept: Since DNS name information is stored as a distributed database spread across many servers, name resolution cannot usually be performed using a single request/response communication. It is first necessary to find the correct server that has the information that the resolver requires. This usually requires a sequence of message exchanges, starting from a root name server and proceeding down to the specific server containing the resource records that the client requires. DNS Name Resolution Techniques The DNS standards actually define two distinct ways of following this hierarchy of servers to discover the correct one. They both eventually lead to the right device, but they differ in how they assign responsibility for resolution when it requires multiple steps. Iterative Resolution When a client sends an iterative request to a name server, the server responds back with either the answer to the request (for a regular resolution, the IP address we want) or the name of another server that has the information or is closer to it. The original client must then iterate by sending a new request to this referred server, which again may either answer it or provide another server name. The process continues until the right server is found; the method is illustrated in Figure 243. In this example, the client is performing a name resolution for C.B.A. using strictly iterative resolution. It is thus responsible for forming all DNS requests and processing all replies. It starts by sending a request to the root name server for this mythical hierarchy. That server doesnt have the address of C.B.A., so it instead returns the address of the name server for A.. The client then sends its query to that name server, which points the client to the server for B.A.. That name server refers the client to the name server that actually has the address for C.B.A., which returns it to the client. Contrast to Figure 244

Figure 243: Iterative DNS Name Resolution Recursive Resolution When a client sends a recursive request to a name server, the server responds back with the answer if it has the information sought. If it doesn't, the server takes responsibility for finding the answer by becoming a client on behalf of the original client and sending new requests to other servers. The original client only sends one request, and eventually gets the information it wants (or an error message if it is not available). This technique is shown in Figure 244. This is the same theoretical DNS resolution that I showed in Figure 243, but this time, the client asks for the name servers to perform recursive resolution and they agree to do so. As in the iterative case, the client sends its initial request to the root name server. That server doesnt have the address of C.B.A., but instead of merely returning to the client the address of the name server for A., it sends a request to that server itself. That name server sends a request to the server for B.A., which in turn sends a request to the server for C.B.A.. The address of C.B.A. is then carried back up the chain of requests, from the server of C.B.A. to that of B.A., then A., then the root, and then finally, back to the client.

Figure 244: Recursive DNS Name Resolution

Domain Name System

The Domain Name System (DNS) is a hierarchical naming system built on a distributed database for computers, services, or any resource connected to the Internet or a private network. Most importantly, it translates domain names meaningful to humans into the numerical identifiers associated with networking equipment for the purpose of locating and addressing these devices worldwide.

Domain name space

The domain name space consists of a tree of domain names. Each node or leaf in the tree has zero or more resource records, which hold information associated with the domain name. The tree sub-divides into zones beginning at the root zone. A DNS zone may consist of only one domain, or may comprise many domains and sub-domains, depending on the administrative authority delegated to the manager. Administrative responsibility over any zone may be divided by creating additional zones. Authority is said to be delegated for a portion of the old space, usually in form of sub-domains, to another nameserver and administrative entity. The old zone ceases to be authoritative for the new zone.

The hierarchical domain name system, organized into zones, each served by a name server

Physical Address Resolution

Based on the destination IP address and the route determination process, IP determines the forwarding IP address and interface to be used to forward the packet. IP then hands the IP packet, the forwarding IP address, and the interface, to ARP. If the forwarding IP address is the same as the destination IP address, then ARP performs a direct delivery. In a direct delivery, the MAC address corresponding to the destination IP address must be resolved. If the forwarding IP address is not the same as the destination IP address, then ARP performs an indirect delivery. The forwarding IP address is the IP address of a router between the current IP node and the final destination. In an indirect delivery, the MAC address corresponding to the IP address of the router must be resolved. To resolve a forwarding IP address to its MAC address, ARP uses the broadcasting facility on shared access networking technologies (such as Ethernet or Token Ring) to send out a broadcasted ARP Request frame. An ARP Reply, containing the MAC address corresponding to the requested forwarding IP address, is sent back to the sender of the ARP Request.

Host name resolution

Host name resolution means successfully mapping a host name to an IP address. A host name is an alias that is assigned to an IP node to identify it as a TCP/IP host. The host name can be up to 255 characters long and can contain alphabetic and numeric characters, hyphens, and periods. You can assign multiple host names to the same host. Windows Sockets (Winsock) programs, such as Internet Explorer and the FTP utility, can use one of two values for the destination to which you want to connect: the IP address or a host name. When the IP address is specified, name resolution is not needed. When a host name is specified, the host name must be resolved to an IP address before IP-based communication with the desired resource can begin. Host names can take various forms. The two most common forms are a nickname and a domain name. A nickname is an alias to an IP address that individual people can assign and use. A domain name is a structured name in a hierarchical namespace called the Domain Name System (DNS). An example of a domain name is www.microsoft.com. Nicknames are resolved through entries in the Hosts file, which is stored in the systemroot\System32\Drivers\Etc folder. For more information, see TCP/IP database files. Domain names are resolved by sending DNS name queries to a configured DNS server. The DNS server is a computer that stores domain name-to-IP address mapping records or has knowledge of other DNS servers. The DNS server resolves the queried domain name to an IP address and sends the result back. You are required to configure your computers with the IP address of your DNS server in order to resolve domain names. You must configure Active Directory-based computers running Windows XP Professional or Windows Server 2003 operating systems with the IP address of a DNS server.

Host Name Resolution Process

Host name resolution is the process of resolving a host name to an IP address before the source host sends the initial IP packet. Table 7-1 lists the standard methods of host name resolution for TCP/IP for Windows XP and Windows Server 2003. Resolution Method Local host name Description

The configured host name for the computer as displayed in the output of the Hostname tool. This name is compared to the destination host name. A local text file in the same format as the 4.3 Berkeley Software Distribution (BSD) UNIX \etc\hosts file. This file maps host names to IP addresses. For TCP/IP for Hosts file Windows XP and Windows Server 2003, the contents of the Hosts file are loaded into the DNS client resolver cache. For more information, see "The DNS Client Resolver Cache" in this chapter. A server that maintains a database of IP address-to-host name mappings and has the DNS server ability to query other DNS servers for mappings that it does not contain.

Table 7-1 Standard Methods of Host Name Resolution Table 7-2 lists the additional methods used by TCP/IP for Windows XP and Windows Server 2003 to resolve host names. Resolution Method DNS client resolver cache NetBIOS name cache NetBIOS name server (NBNS) Local broadcast Lmhosts file Description A random access memory (RAM)-based table of the entries listed in the local Hosts file and the names that were attempted for resolution by using a DNS server. A RAM-based table of recently resolved NetBIOS names and their associated IPv4 addresses. A server that resolves NetBIOS names to IPv4 addresses, as specified by Requests for Comments (RFCs) 1001 and 1002. The Microsoft implementation of an NBNS is a Windows Internet Name Service (WINS) server. Up to three NetBIOS Name Query Request messages are broadcast on the local subnet to resolve the IPv4 address of a specified NetBIOS name. A local text file that maps NetBIOS names to IPv4 addresses for NetBIOS processes running on computers located on remote subnets.

Table 7-2 Windows-Specific Methods of Host Name Resolution

How Packets Travel from Network to Network

What Kinds of Devices Are on a Network?
Previously, we stated that a network is made up of devices connected together. Besides personal computers, like the Dells, IBMs and Macintoshes with which you might be familiar, other types of computers, such as printers, servers, switches and routers, can be found on computer networks. Servers Servers are computers that provide some centralized resource that other computers on the network can access. Servers store and send out web pages, send e-mails and provide high-powered computing for users on a network. To make an analogy with a highway network, servers are like manufacturing plants; they provide the information, or goods, that must travel to the other parts of the network. The network applications section discusses in detail some of the duties that servers can perform. Switches and Routers Switches and routers are computers that sit on the intersections of the links of a network and are often called gateways. When a packet travels through a link in a computer network and encounters either of these types of computers, the switch or router, if it can, takes the packet and places it on the next link required for the packet to reach its destination. These types of machines do not change the data in packets; they simply direct them. Switches and routers differ slightly in the way that they route packets, and because of their differences routers can direct packets in more complicated ways than switches. To continue with the highway analogy, gateways are like highway interchanges, shifting packets (or cars), from one link (or road) onto another. What Actually Connects These Computers?

There are many methods of linking computers together, the most well-used of which are copper wires, fiber optics and radio waves. Information can be transmitted through electrical impulses over copper wire, light impulses over fiber optics or radio waves from one computer to another. The section on types of network links discusses this topic in more detail. How Do Computers Know How to Talk to Each Other? When you hear someone speaking in an unfamiliar language, you cannot understand what she is saying, even though your ear is picking up the sound waves coming from her vocal chords. Similarly, computers on a network will not be able to communicate unless they are able to speak the same "language." The languages by which computers communicate over a network are called protocols. Protocols tell computers how to send and receive data and what to do with the data after they receive it. Computers send data in small pieces instead of all at once. Since the data is digital, it is already divided into bits, so sending the data piece by piece is easy. These pieces of data are then sent in packets across the network. A packet is the computer equivalent of an envelope. On the outside of the envelope are a source address, a destination address and some basic synchronization information. Inside the envelope is the original data as well as protocol information. For more details, see the diagram of a packet in a later section. Multiple protocols can be used during data transmission. For example, one protocol might be used to determine how the packet is routed through the network, another protocol could be used to resolve any congestion problems that the packet encounters during transmission and yet another protocol could tell the recipient computer how to interpret the data it is receiving. You can think of protocols as placing the original data in another envelope. When a packet arrives at its destination, therefore, the first envelope, which has address information, is stripped off the packet and the next envelope is examined. After analyzing the protocol instructions, that envelope is removed and the next is examined. This process continues until the original data is recovered. Basic protocols are usually installed as hardware or are part of the basic operating system of a computer. TCP/IP, IPX, and AppleShare are examples of such protocols and are the three most commonly used protocols at Princeton. For more information see the section on network protocols. Other protocols are specific to certain types of applications. The transfer of web pages, for example, uses a protocol called HyperText Transfer Protocol, or HTTP. These types of protocols are discussed in the network applications section. How Does a Packet Travel through a Network? Let's say that I want to send information to one of the servers here at Princeton. Here's how it would happen: My computer would take the first chunk of the data I want to send and wrap it in a protocol envelope. This envelope would then be passed to my network card that is connected via copper wire, for example, to the rest of the network. The network card would put another envelope around the data and then transmit the whole packet over the wire. Any gateways connected to that wire would look at the destination address for the packet and, if possible, pass the packet farther along the path towards its destination. This process would be repeated at other gateways along the packet's path until the final gateway transmits the packet to its final destination. The destination computer would then strip off the envelopes and process the data.

Address Resolution Protocol

Address Resolution Protocol - (ARP) A method for finding a host's Ethernet address from its Internet address. The sender broadcasts an ARP packet containing the Internet address of another host and waits for it (or some other host) to send back its Ethernet address. Each host maintains a cache of address translations to reduce delay and loading. ARP allows the Internet address to be independent of the Ethernet address but it only works if all hosts support it.

The Address Resolution Protocol (ARP) is a computer networking protocol for determining a network host's Link Layer or hardware address when only its Internet Layer (IP) or Network Layer address is known. This function is critical in local area networking as well as for routing internetworking traffic across gateways (routers) based on IP addresses when the next-hop router must be determined. ARP was defined by RFC 826 in 1982. It is Internet Standard STD 37. ARP has been implemented in many types of networks, such as Internet Protocol (IP), CHAOS, DECNET, Xerox PARC Universal Packet, Token Ring, FDDI, IEEE 802.11 and other LAN technologies, as well as the modern high capacity networks, such as Asynchronous Transfer Mode (ATM). Packet structure The Address Resolution Protocol uses a simple message format that contains one address resolution request or response. The size of the ARP message depends on the upper layer and lower layer address sizes, which are given by the type of networking protocol (usually IPv4) in use and the type of hardware or virtual link layer that the upper layer protocol is running on. The message header specifies these types, as well as the size of addresses of each. The message header is completed with the operation code for request (1) and reply (2). The payload of the packet consists of four addresses, the hardware and protocol address of the sender and receiver hosts. The principal packet structure of ARP packets is shown in the following table which illustrates the case of IPv4 networks running on Ethernet. In this scenario, the packet has 48-bit fields for the sender hardware address (SHA) and target hardware address (THA), and 32-bit fields for the corresponding sender and target protocol addresses (SPA and TPA). Thus, the ARP packet size in this case is 28 bytes.
Internet Protocol (IPv4) over Ethernet ARP packet bit offset 0 16 32 48 64 07 Hardware type (HTYPE) Protocol type (PTYPE) Hardware address length (HLEN) Protocol address length (PLEN) 8 15

Operation (OPER) Sender hardware address (SHA) (first 16 bits)

80 96 112 128 144 160 176 192 208

(next 16 bits) (last 16 bits) Sender protocol address (SPA) (first 16 bits) (last 16 bits) Target hardware address (THA) (first 16 bits) (next 16 bits) (last 16 bits) Target protocol address (TPA) (first 16 bits) (last 16 bits)

Hardware type (HTYPE) This field specifies the Link Layer protocol type. Example: Ethernet is 1. Protocol type (PTYPE) This field specifies the upper layer protocol for which the ARP request is intended. For IPv4, this has the value 0x0800. The permitted PTYPE values share a numbering space with those for Ethertype. Hardware length (HLEN) Length (in octets) of a hardware address. Ethernet addresses size is 6. Protocol length (PLEN) Length (in octets) of addresses used in the upper layer protocol. (The upper layer protocol specified in PTYPE.) IPv4 address size is 4. Operation Specifies the operation that the sender is performing: 1 for request, 2 for reply. Sender hardware address (SHA) Hardware (MAC) address of the sender. Sender protocol address (SPA) Upper layer protocol address of the sender. Target hardware address (THA)

Hardware address of the intended receiver. This field is ignored in requests. Target protocol address (TPA) Upper layer protocol address of the intended receiver.

Inverse ARP
Inverse Address Resolution Protocol - (InARP) Additions to ARP typically used for Frame Relay. Frame Relay stations route frames of a higher level protocol between LANs, across a Permanent Virtual Circuit. These stations are identified by their Data Link Control Identifier (DLCI), equivalent to an Ethernet address in a LAN itself. InARP allows a station to determine a protocol address (e.g. IP address) from a DLCI. This is useful if a new virtual circuit becomes available. Signalling messages announce its DLCI, but without the corresponding protocol address it is unusable: no frames can be routed to it. Reverse ARP (RARP) performs a similar task on an Ethernet LAN, however RARP answers the question "What is my IP Address?" whereas InARP answers the question "What is your protocol address?".

Proxy ARP
ARP was designed to be used by devices that are directly connected on a local network. Each device on the network should be capable of sending both unicast and broadcast transmissions directly to each other one. Normally, if device A and device B are separated by a router, they would not be considered local to each other. Device A would not send directly to B or vice-versa; they would send to the router instead at layer two, and would be considered two hops apart at layer three. Why Proxy ARP Is Needed In contrast to the normal situation, in some networks there might be two physical network segments connected by a router that are in the same IP network or subnetwork. In other words, device A and device B might be on different networks at the data link layer level, but on the same IP network or subnet. When this happens, A and B will each think the other is on the local network when they look to send IP datagrams. In this situation, suppose that A wants to send a datagram to B. It doesn't have B's hardware address in the cache, so it begins an address resolution. When it broadcasts the ARP Request message to get B's hardware address, however, it will quickly run into a problem: B is in fact not on A's local network. The router between them will not pass A's broadcast onto B's part of the network, because routers don't pass hardware-layer broadcasts. B will never get the request and thus A will not get a reply containing Bs hardware address. Proxy ARP Operation The solution to this situation is called ARP proxying or Proxy ARP. In this technique, the router that sits between the local networks is configured to respond to device A's broadcast on behalf of device B. It does not send back to A the hardware address of device B; since they are not on the same network, A cannot send directly to B anyway. Instead, the router sends A its own hardware address. A then sends to the router, which forwards the message to B on the other network. Of course, the router also does the same thing on A's behalf

for B, and for every other device on both networks, when a broadcast is sent that targets a device not on the same actual physical network as the resolution initiator. This is illustrated in Figure 50. In this small internetwork, a single router connects two LANs that are on the same IP network or subnet. The router will not pass ARP broadcasts, but has been configured to act as an ARP proxy. In this example, device A and device D are each trying to send an IP datagram to the other, and so each broadcasts an ARP Request. The router responds to the request sent by Device A as if it were Device D, giving to A its own hardware address (without propagating Device As broadcast.) It will forward the message sent by A to D on Ds network. Similarly, it responds to Device D as if it were Device A, giving its own address, then forwarding what D sends to it over to the network where A is located.

Figure 50: ARP Proxy Operation Proxy ARP provides flexibility for networks where hosts are not all actually on the same physical network but are configured as if they were at the network layer. It can be used to provide support in other special situations where a device cannot respond directly to ARP message broadcasts. It may be used when a firewall is configured for security purposes. A type of proxying is also used as part of the Mobile IP protocol, to solve the problem of address resolution when a mobile device travels away from its home network. Key Concept: Since ARP relies on broadcasts for address resolution, and broadcasts are not propagated beyond a physical network, ARP cannot function between devices on different physical networks. When such operation is required, a device, such as a router, can be configured as an ARP proxy to respond to ARP requests on the behalf of a device on a different network.

Advantages of Proxy ARP The main advantage of proxy ARP is that it can be added to a single router on a network and does not disturb the routing tables of the other routers on the network. Proxy ARP must be used on the network where IP hosts are not configured with a default gateway or do not have any routing intelligence. Disadvantages of Proxy ARP Hosts have no idea of the physical details of their network and assume it to be a flat network in which they can reach any destination simply by sending an ARP request. But using ARP for everything has disadvantages. These are some of the disadvantages:

It increases the amount of ARP traffic on your segment. Hosts need larger ARP tables in order to handle IP-to-MAC address mappings. Security can be undermined. A machine can claim to be another in order to intercept packets, an act called "spoofing." It does not work for networks that do not use ARP for address resolution. It does not generalize to all network topologies. For example, more than one router that connects two physical networks.

Subnet Masks
A subnet mask allows you to identify which part of an IP address is reserved for the network, and which part is available for host use. If you look at the IP address alone, especially now with classless inter-domain routing, you can't tell which part of the address is which. Adding the subnet mask, or netmask, gives you all the information you need to calculate network and host portions of the address with ease. In summary, knowing the subnet mask can allow you to easily calculate whether IP addresses are on the same subnet, or not. Determining network and host portions of an IP address using a subnet mask To determine what the network address is for any given IP address, you merely have to convert both octal addresses into binary, and do a bitwise AND operation. An example using an IP address of used with a network mask of follows:

IP Address:


Subnet mask: 11111111.11111111.11111111.11110000 Bitwise AND Result: 10011100.10011010.01010001.00110000

As you can see, the network address for the IP address and subnet mask in question is To determine the how many hosts are possible to be on this same subnet, it is a simple operation. Count the number of bits from the right until you get to the first "1" in the binary network address display. That number will be the power you raise 2 to for the calculation of

possible number of hosts. You must also subtract two from the result because one address is reserved for broadcast and network addresses. This leaves you with the final algorithm of 2^n-2. In this case there are 4 bits of 0 in the network address, leaving you with 2^4-2 hosts possible, or 14 hosts. This means that your network address is, that you have a range of addresses available to hosts from, and that the broadcast address for this network is Are subnet masks necessary? Subnet masks are critical to communications on an IP network. Network devices use the IP address targets and defined netmask to determine if the network the host is on is a local subnet, or a remote network. This is important because devices act differently depending on the result. If the subnet is local, the device will send an ARP request to retrieve the MAC or hardware address of the system in question to communicate over the data-link layer. If the address is found to be on a remote network, then the network device routes packets to the gateway in it's routing table that is set to handle that network. If no routing table entry is found matching that network, the packets are routed to the default route. If no default route is defined, the packets are dropped with nowhere left to go.


Classful network:
A classful network is a network addressing architecture used in the Internet from 1981 until the introduction of Classless Inter-Domain Routing in 1993. The method divides the address space for Internet Protocol Version 4 (IPv4) into five address classes. Each class, coded in the first four bits of the address, defines either a different network size, i.e. number of hosts for unicast addresses (classes A, B, C), or a multicast network (class D). The fifth class (E) address range is reserved for future or experimental purposes.

Originally, a 32-bit IPv4 address was logically subdivided into the network number field, the mostsignificant 8 bits of an address, which specified the particular network a host was attached to, and the local address, also called rest field (the rest of the address), which uniquely identifies a host connected to that network. This format was sufficient at a time when only a few large networks existed, such as the ARPANET which was assigned the network number 10, and before the wide proliferation of local area networks (LANs). As a consequence of this architecture, the address space supported only a low number (254) of independent networks, and it became clear very early on that this would not be enough.

Introduction of address classes

Expansion of the network had to ensure compatibility with the existing address space and the Internet Protocol (IP) packet structure, and avoid the renumbering of the existing networks. The solution was to expand the definition of the network number field to include more bits, allowing more networks to be designated, each potentially having fewer hosts. All existing network numbers at the time were smaller than 64, they only used the 6 least-significant bits of the network number field. Thus it was possible to use the most-significant bits of an address to introduce a set of address classes, while preserving the existing network numbers in the first of these classes.

The new addressing architecture was introduced by RFC 791 in 1981 as a part of the specification of the Internet Protocol. It divided the address space into primarily three address formats, henceforth called address classes, and left a fourth range reserved to be defined later. The first class, designated as Class A, contained all addresses in which the most significant bit is zero. The network number for this class is given by the next 7 bits, therefore accommodating 128 networks in total, including the zero network, and including the existing IP networks already allocated. A Class B network was a network in which all addresses had the two most-significant bits set to 1 and 0. For these networks, the network address was given by the next 14 bits of the address, thus leaving 16 bits for numbering host on the network for a total of 65536 addresses per network. Class C was defined with the 3 high-order bits set to 1, 1, and 0, and designating the next 21 bits to number the networks, leaving each network with 256 local addresses. The leading bit sequence 111 designated an "escape to extended addressing mode", which was later subdivided in to Class D (1110) for multicast addressing, while leaving as reserved for future use the 1111 block designated as Class E.
Size of Size of Leading network rest bits number bit bit field field 0 10 110 1110 8 16 24 not defined not defined 24 16 8 not defined not defined


Number of networks

Addresses per network

Start address

End address

Class A Class B Class C Class D (multicast) Class E (reserved)

128 (27) 16,384 (214) 2,097,152 (221) not defined

16,777,216 (224) 65,536 (216) 256 (28) not defined


not defined

not defined

The number of addresses usable for addressing specific hosts in each network is always 2 N - 2 (where N is the number of rest field bits, and the subtraction of 2 adjusts for the use of the all-bits-zero host portion for network address and the all-bits-one host portion as a broadcast address. Thus, for a Class C address with 8 bits available in the host field, the number of hosts is 254.

Bit-wise representation
In the following table:

n indicates a binary slot used for network ID. H indicates a binary slot used for host ID. X indicates a binary slot (without specified purpose)

Class A 0. 0. 0. 0 = 00000000.00000000.00000000.00000000 = 01111111.11111111.11111111.11111111 0nnnnnnn.HHHHHHHH.HHHHHHHH.HHHHHHHH

Class B 128. 0. 0. 0 = 10000000.00000000.00000000.00000000 = 10111111.11111111.11111111.11111111 10nnnnnn.nnnnnnnn.HHHHHHHH.HHHHHHHH Class C 192. 0. 0. 0 = 11000000.00000000.00000000.00000000 = 11011111.11111111.11111111.11111111 110nnnnn.nnnnnnnn.nnnnnnnn.HHHHHHHH Class D 224. 0. 0. 0 = 11100000.00000000.00000000.00000000 = 11101111.11111111.11111111.11111111 1110XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX Class E 240. 0. 0. 0 = 11110000.00000000.00000000.00000000 = 11111111.11111111.11111111.11111111 1111XXXX.XXXXXXXX.XXXXXXXX.XXXXXXXX

The replacement of classes

The first architecture change extended the addressing capability in the Internet, but did not prevent IP address shortage. The principal problem was that many sites needed larger address blocks than a Class C network provided, and therefore they received a Class B block, which was in most cases much larger than required. In the rapid growth of the Internet, the pool of unassigned Class B addresses (214, or about 16,000) was rapidly being depleted. Classful networking was replaced by Classless Inter-Domain Routing (CIDR), starting in 1993 with the specification of RFC 1518 and RFC 1519, to attempt to solve this problem. Early allocations of IP addresses by the Internet Assigned Numbers Authority (IANA) were in some cases not made efficiently, which contributed to the problem. However, the commonly held notion that some American organizations unfairly or unnecessarily received Class A networks is wrong; most such allocations date to the period before the introduction of address classes, when the only address blocks available were what later became known as Class A networks.

Self Test Example

1.Need to retrieve a file from the file server for your word processing application, which layer of the OSI model is responsible for this function? 1. Presentation layer 2. Application layer 3. Session layer 4. Transport layer 5. Datalink layer

2. You are working in a word processing program, which is run from the file server. Your data comes back to you in an unintelligible manner. Which layer of the OSI model would you investigate? 1. Application layer 2. Presentation layer 3. Session layer 4. Network layer 5. Datalink layer

3. IEEE subdivided the datalink layer to provide for environments that need connectionless or connection-oriented services. What are the two layers called?

1. Physical

2. MAC

3. LLC

4. Session

5. IP

4. You are working with graphic translations. Which layer of the OSI model is responsible for code formatting and conversion and graphic standards. 1. Network layer 2. Session layer 3. Transport layer 4. Presentation layer 5. Which is the best definition of encapsulation? 1. Each layer of the OSI model uses encryption to put the PDU from the upper layer into its data field. It adds header and trailer information that is available to its counterpart on the system that will receive it. 2. Data always needs to be tunneled to its destination so encapsulation must be used. 3. Each layer of the OSI model uses compression to put the PDU from the upper layer into its data field. It adds header and trailer information that is available to its counterpart on the system that will receive it. 4. Each layer of the OSI model uses encapsulation to put the PDU from the upper layer into its data field. It adds header and trailer information that is available to its counterpart on the system that will receive it. 6. Routers can be configured using several sources. Select which of the following sources can be used. 1. Console Port 2. Virtual Terminals 3. TFTP Server 4. Floppy disk 5. Removable media

7. Which memory component on a Cisco router contains the dynamic system configuration? 1. ROM 2. NVRAM 3. Flash 4. RAM/DRAM 8. Which combination of keys will allow you to view the previous commands that you typed at the router? 1. ESC-P 2. Ctrl-P 3. Shift-P 4. Alt-P 9. Which commands will display the active configuration parameters? 1. show running-config 2. write term 3. show version 4. display term 10. You are configuring a router, which prompt tells you that you are in the privileged EXEC mode? 1. @ 2. > 3. ! 4. : 5. # 11. What does the command IP name-server accomplish? 1. It disables domain name lookup. 2. It sets the domain name lookup to be a local broadcast. 3. This is an illegal command. 4. The command is now defunct and has been replaced by IP server-name ip any 12. The following selections show the command prompt and the configuration of the IP network mask. Which two are correct? 1. Router(config-if)#netmask-format { bitcount | decimal | hexadecimal } 2. Router#term IP netmask-format { bitcount | decimal | hexadecimal } 3. Router(config-if)#IP netmask-format { bitcount | decimal | hexadecimal } 4. Router#ip netmask-format { bitcount | decimal | hexadecimal }

15. Which layer is responsible for flow control with sliding windows and reliability with sequence numbers and acknowledgments? 1. Transport 2. Application 3. Internet 4. Network Interface 16. Which processes does TCP, but not UDP, use? 1. Windowing 2. Acknowledgements

3. Source Port

4. Destination Port

17. Select which protocols use distance vector routing? 1. OSPF 2. RIP 3. IGRP

4. PPP

Probable Answers:
1. 2 5. 2 9. 1 13. 1 2. 1 6. 1,2,3 10. 5 14. 1 3. 3,4 7. 4 11. 4 15. 2,3 4. 4 8. 2 12. 3