TCP/IP was established to join the hundreds of Network Architectures. Prior to TCP/IP, each vendor/company usually designed a proprietary communication protocol for their hardware, this developed into small electronic islands. And for these electronic islands to communicate with each other, they need some type of gateway between the various systems.
TCP/IP is an industry-standard suite of protocols designed for large internetworks spanning WAN links. Its purpose was to provide high-speed communication to network links. It is a standard that enables different computer systems to talk with or to share information with these "electronic islands". Since 1969, ARPANET, TCP/IP has grown into a worldwide community of networks known as Internet.
A Protocol is an agreed upon format for transmitting data between two devices. It determines the following:
1) type of error checking to be used
2) data compression method, if used
3) how the sending device will indicate that it has finished sending a message
4) how the receiving device will indicate that it has received a messageSimply put, A Protocol is a set of Rules for communications between two or more devices.
TCP and IP were developed by a Department of Defense (DOD) research project to connect a number different networks designed by different vendors into a network of networks (the "Internet"). It was initially successful because it delivered a few basic services that everyone needed (file transfer, electronic mail, remote logon) across a very large number of client and server systems. Several computers in a small department can use TCP/IP (along with other protocols) on a single LAN. The IP component provides routing from the department to the enterprise network, then to regional networks, and finally to the global Internet. On the battlefield a communications network will sustain damage, so the DOD designed TCP/IP to be robust and automatically recover from any node or phone line failure. This design allows the construction of very large networks with less central management. However, because of the automatic recovery, network problems can go undiagnosed and uncorrected for long periods of time.
As with all other communications protocol, TCP/IP is composed of layers:
Microsoft TCP/IP enables enterprise networking and connectivity by offering the following...
DOD computers often need to communicate with contractors and organizations that do defense-related research (that includes most universities). Defense-related network components must be capable of withstanding considerable damage so that the nation's defenses remain operable during a disaster.
TCP/IP enables such communication, regardless of vendor or hardware differences, to occur. It is robust networking technology that is flexible enough for all the network vendors to use it. Because it is open system, many different groups can develop applications that work with it. Because majority of work has been developed based on the work of the DOD, the specifications for it are in the public domain.
The DOD initiated research into networking protocols (known as packet switching). Research on the protocols that eventually became TCP/IP protocol suite began in 1969. The goals for this research were the following:
Common protocols: a common set of communication rules that could be used by all networks. Simplifies the process by having a common set of protocols every system could communicate with each other.
Interoperability: equipment from various vendors could interoperate with other vendors.
Robust communication: a dependable network standard was required to meet nation's defense. These protocols needed to provide reliable, high-performance networking with WAN technology of that period.
Ease of configuration: having the ability to move, add or reconfigure network without disrupting communications.
In 1968, DARPA initiated research into networks using the technology known as "Packet Swithching", the capability to address a packet and move it to the destination through different networks.
Responsibility for setting Internet standards rests with an Internet Activity Board (IAB).
Internet Protocol currently in use is version 4. It uses a 32-bit address, using dotted decimal between each octet. An example of a IP address is as follows 125.125.125.125. Because of the growth of the Internet, there are only a limited number of IP addresses available which is becoming a major problem. Currently they are implementing version 6 (IPng or IP v6), which will use 128-bit addressing. It is in the testing stage now and to be implemented in the near future.
Because there have been many different people involved with TCP/IP suite of protocols, a process evolved which enabled everyone to comment on proposed definition of different standards. This process has become the Request for Comments (RFC).
Before a protocol becomes a standard, it goes through many stages. The protocol starts at a Proposed Standard, then it gets promoted to a Draft Standard, and finally it becomes a Standard. At each stage, the proposed protocol goes through review, debate, implementation, and testing.
The governoring body of RFCs is the Internet Activities Board (IAB), established in 1983. The IAB has two tak forces: Internet Engineering Task Force (IETF) and the Internet Research Task Force (IRTF).
Internet Engineering Task Force (IETF) is responsible for specifying the Internet protocols and architecture. They only specify the protocol, although many of these specifications have produced standards. (page 20 of text).
Internet Research Task Force (IRTF) is the research organization of the IAB.
It is important to note that not all RFC's are standards. Even if a document is submitted it will have a RFC assigned to it. TCP/IP standards are not developed by a committee, rather by consensus.
Internet protocols can have several designations, depending on their state in the standards process. This designation describes the status of protocol the RFC describes.
Protocol Designation (Standards) are as follows:
Proposed Standard: protocols under consideration for standardization in the future.
Draft Standard: protocols in final stages of study prior to approval as a standard.
Standard: an official standard for the Internet
Experimental: protocols undergoing testing but not on standard track.
Historical: protocols that have been antiquated and are no longer under construction for standardization.
Informational: protocols of interest to community but not gone through IAB standards process.
Each protocol designation has a requirement level, which is defined in RFC and describes the intended use of RFC.
Protocol Requirement Level
Required: Must be implemented by all systems connected to Internet
Recommended: should be implemented
Elective: May be implemented if desired
Limited: May be useful in some systems. experimental, specialized and historic protocols might receive this classification
Not Recommended: historical, specialized, or experimental protocols not recommended for use on Internet
FYI is a For Your Information document that trys to condense the information from one or more RFCs. They normally describe in general terms the purpose of a site, protocol, newsgroup, and etc. This information is located at the Internic site as are RFCs loacated here (www.internic.com).
TCP/IP is being pushed by everyone as the protocol of the future. It is a robust networking technology that is flexible enough for all the network vendors to use it. It is an open system so that different groups can develop applications that work with it and the specifications is public domain, meaning everyone has access to it.
The International Standards Organization (ISO) developed the Open Systems Interconnection Model (OSI Model).
TCP/IP Protocol Suite includes some of the following protocols.
Telnet is a remote terminal emulation protocol that enables clients to log on to remote hosts on the network.
FTP is a file transfer application that enables users to transfer files between hosts.
TFTP is a simplier file transfer protocol, usually less supported.
SNMP (Simple Network Management Protocol) is used to remotely manage network devices
SMTP (Simple Mail Transport Protocol) allows transfer of email between computers and networks
NNTP (Net News Transport Protocol) transmits messages for USENET news discussion groups
DNS (Domain Name Service) associates IP addresses with Fully Quilified Domain Names (ie) 207.46.131.13 is IP address for www.microsoft.com
HTTP (HyperText Transfer Protocol) is the core protocol for the WWW, it facilities retrieval and transfer of hypertext documents.
NFS allows file systems on remote machines to be accessed as local drives. Very similar to the drive mapping feature in an NT network
TCP (Transmission Control Protocol) is a connection-oriented protocol. It is a reliable protocol.
IP (Internet Protocol) is the most important protocol in the Internet Layer. It collects segments of data from the higher-layer protocols and combines them into packets (datagrams)
decimal=binary
192 = 11000000
| 128 | 64 | 32 | 16 | 8 | 4 | 2 | 1 |
| 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
TCP/IP Address Classes --First Octet
| Class | Start Binary | Finish Binary | Start Decimal | Finish Decimal | Networks | Host per Network |
| A | 00000001 | 011111111 | 1 | 127 | 126 | 16,777,214 |
| B | 10000000 | 10111111 | 128 | 191 | 16,384 | 65,534 |
| C | 11000000 | 11011111 | 192 | 223 | 2,097,152 | 254 |
OSI Reference Model
Application Layer generates the requests and processes the requests that it receives
Presentation Layer Creates SMB which tells the other system what is requested, or contains the response to the request. (Type conversion when different hosts are involved)
Session Layer Provides a method for creating and maintaining a logical connection between two hosts.
Transport Layer Puts information into a language that other systems understand.
Network Layer Deals with directing which system or systems receive the information on the other end.
Data Link Control Deals with the framing of the information sent on the wire.
Physical Layer Puts the information on the physical network and receives packets (frames) from the network.
Microsoft Networking provides flexibility in networking by providing the layered approach to networking components.
Name Management NetBios (computer names) are used to identify the different systems on a network.
Connection-oriented data transfer This enables the transfer of data from one system to another by using a session and enables a series of check and balances. (TCP)
Connectionless data transfer enables computers to make announcements and send queries to all computers on the network without having to create a session. It provides a transport for such purposes as logon validation, server anouncements, name queries, and so on. (UDP)
Session Management This service tracks and maintains sessions with other computers on network. Rather than having to identify yourself each time you communicate, you can use this session.
NetBios uses a structure called SMB (server message block) (created at Presentation layer) to communicate between the system requesting the service and the system that will provide the service. On the system that generates the request, an SMB is created by the redirector (workstation services). The SMB describes what the other system is to do and includes that data where required. The redirector and server services are in the Application layer. No other parts of the network architecture use the SMB, rather all lower layers move the data.
Layer Approach
Microsoft network has five main layers
Application/ File System Drivers: (Application and Presentation Layers of OSI)
High-end components that are going to formulate your requests and service the request from other systems. These components are implemented in two-ways, either by Application Programming Interface (API), or as a file system driver.
API is a series of routines that other programs call on. It providess a standard method for programmers to call on the services of the underlying network without having to know anything about these lower layers. Abbreviation of application program interface, a set of routines, protocols, and tools for building software applications. A good API makes it easier to develop a program by providing all the building blocks. A programmer puts the blocks together.
File System driver provides basic I/O services.NetBIOS and Winsock located at this layer. These components actually provide services to the actual applications that can call on the network by using these network APIs. This layer contains the workstation and server services.
TDI (Transport Driver Interface): (Session layer of OSI model)
This layer acts as an interface and is referred to as a boundry layer (it is a standard set of calls, not an actual file). The upper layer calls on TDI layer to pass requests to and from the various protocols installed on the system. Based mainly on NetBIOS and installed at NetBIOS Interface, takes care of session services. All the aplications and installed file systems talk to the TDI. It takes the information from the layer above and moves it down to the appropriate protocol so the information from the upper layer can be encapsulated into a packet to be sent on the wire. It also keeps track of the different computers it has communicated with. It works with NWLink and NBT, enables NetBIOS services over IPX/SPX and TCP/IP respectively. This layer must also work with Winsock to enable these communications.
Protocols: (Transport and Network Layers of OSI Model)
Microsoft networking gives you the flexibility as to which protocol your computer runs. These protocols are responsible for transporting and formatting the data so the other system can understand them. Protocols are the language of network communications.
TCP/IP is an entire suite of protocols that enables end-to-end connections as well as multicasting connections.
NWLink is Microsofts implementation of the standard IPX/SPX protocol used by Novell. This protocol is routeable.
NetBEUI is the original protocol used by Microsoft networking. It is the fastest protocol, but is not routeable, rather it is intended for single segment network and best supports 20-200 users
AFP (Apple File Protocol) Is a routeable protocol, but is not as flexible as TCP/IP and NWLink.
DLC (Data Link Control) Enables NT systems to communicate with HP JetDirect printers and an IBM mainframe using 3270 emulation software.
NDIS (Network Driver Interface Specification) (Data Link Layer of the OSI Model)
NDIS interfaces between the protocols installed in the computer and network card drivers that are installed. It provides the logical connections between the protocols and the NIC drivers that enable information from any installed protocol to pass through any of the NICs.
Adapter Card Drivers (Physical Layer of the OSI Model)
This handles the interaction between the NDIS layer and the physical card installed in the system. It deals with the last bit of formatting and the NIC. The driver is responsible for the MAC and physical access.
Application Layer (Application & Presentation Layers)
This layer contains various services such as NNTP, SMTP and WinSock API. The TCP/IP protocols and the NetBIOS services rely on services of two main APIs. WinSock and NBT.
Winsock provides socket-oriented service to the TCP/IP utilities that can exist at the Application layer. It also provides services to NetBIOS. The socket provides a simple reference point that enables each system to send to a specific port number on the other host.The services usually use well defined and well known port numbers. These port numbers are controlled and assigned by IANA (Internet Assigned Numbers Authority). Refer to page 44 figures 2.11 & 2.12.
Short for Windows Socket, Winsock is an Application Programming Interface (API) for developing Windows programs that can communicate with other machines via the TCP/IP protocol. Windows 95 and Windows NT comes with Dynamic Link Library (DLL) called winsock.dll that implements the API and acts as the glue between Windows programs and TCP/IP connections.
(example) IIS using HTTP publishing service.
Start service on computer for IIS. This service will register is assigned port numbers in the system and any information that comes in for that port is sent to that service. This allows the WinSock interface and all the underlying layers to ignore what the information is and just move it from point to point. The information includes 1. the address, 2. the transport protocol (TCP or UDP), and 3. the socket number that sent the information. (this information enables the application to respond directly to that client running on the remote system.)
Client side will register a port number that it will use. Client service sends IP address, transport protocol and socket number it uses to server.
The sever then responds to this information from the client, process requests then sends information back to client.
By using WinSock API, there is no reliance on computer names or other upper-level information and absolutely no restriction on which port any particular service can use.
The first 1,024 port numbers are reserved for and used by services only. However any port number from 1 - 65,536 is valid.
Link to a good article describing WinSock
NetBIOS Short for Network Basic Input Output System, is an application programming interface (API) that augments the DOS BIOS by adding special functions for local-area networks (LANs). Almost all LANs for PCs are based on the NetBIOS. Some LAN manufacturers have even extended it, adding additional network capabilities. Windows NT uses NetBIOS when you work with a redirector and server services. NetBIOS relies on a message format called Server Message Block (SMB).
This means it requires the underlying protocol to handle requests in the forms of NetBIOS commands.
Since TCP/IP stack doesn't use names, nor does it register each service with a name/number combo, it must rely on NBT (NetBIOS over TCP/IP) (used at a different layer). This layer maps or translates the NetBIOS command into a series of TCP/IP port numbers. This allows NetBIOS to have a port for receiving and transmitting data, establishing and releasing sessions and handling NetBIOS names over TCP/IP. (See page 45 figure 2.13)
All communications over TCP/IP must go through the Winsock interface.
Link to a good article describing NetBIOS
Transport Layer (Session & Transport Layers)
This layer is actual language of the Network. All request use on of two different protocols (UDP or TCP). Winsock relies on this layer to deal with data moving to and from it. This is handle by either TCP or UDP.
TCP Transmission Control Protocol, and pronounced as separate letters. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. (NETSTAT views sessions your system currently has) (NBTSTAT will show current NetBIOS sessions)
C:\>netstat
Active Connections
Proto Local Address Foreign Address State
TCP rlghncwt1ef:2324 rlghncsma96.usps.gov:nbsession ESTABLISHED
TCP rlghncwt1ef:2351 rlghncst071.usps.gov:nbsession ESTABLISHED
TCP rlghncwt1ef:2352 RLGHNCWT18D:nbsession ESTABLISHED
TCP rlghncwt1ef:eklogin rlghnczz104.usps.gov:8080 CLOSE_WAIT
TCP rlghncwt1ef:2122 remserv.usps.gov:753 ESTABLISHED
TCP rlghncwt1ef:2029 RLGHNCST6B7:nbsession ESTABLISHED
TCP rlghncwt1ef:1027 localhost:1028 ESTABLISHED
TCP rlghncwt1ef:1028 localhost:1027 ESTABLISHEDC:\>nbtstat -A 56.88.21.239
NetBIOS Remote Machine Name Table
Name Type Status
---------------------------------------------
RLGHNCWT1EF <00> UNIQUE Registered
RLGHNCNT001 <00> GROUP Registered
RLGHNCWT1EF <03> UNIQUE Registered
RLGHNCWT1EF <20> UNIQUE Registered
RLGHNCNT001 <1E> GROUP Registered
BRAXTOJF <03> UNIQUE Registered
MAC Address = 00-00-F8-77-48-EDUDP User Datagram Protocol, a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.
Internetwork Layer IP layer (Network Layer)
Deals with finding other hosts on the same network, but with routing information (packets) to other networks. This layer has four main protocols ICMP, IGMP, IP and ARP. These protocols work together to provide a best-effort delivery service (guarantees are responsibility of TCP and higher apps) IP needs only to know the IP address to send to and the protocol on the other host (TCP or UDP) that should receive data.
IP is responsible for determining if the packet is for the local network (subnet mask determines this). If its not for local network, IP must find a route for the packet to the destination network and host. IP address is combination of Network ID and Host ID.
Brief look at determining local verus remote networks (page 48 table 2.4 & 2.5 respectively).
ARP Address Resolution Protocol, a TCP/IP protocol used to convert an IP address into a physical address (called a DLC address), such as an Ethernet address. A host wishing to obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the network that has the IP address in the request then replies with its physical hardware address.
It is used to send the information to another host on you network. (the host you always send to is on your network--computer or interface to router). The MAC address can only talk to local machines.
ARP uses either its cache of resolved addresses or by broadcast (which will find the MAC address of host and send data to it). A router also has the IP layer and ARP. Once ARP gets the address, IP sends the packet to that address. If you're packet has problems on remote networks you'll receive notifications.
C:\>arp -a 56.88.21.1
Interface: 56.88.21.239 on Interface 2
Internet Address Physical Address Type
56.88.21.1 00-00-0c-07-ac-04 dynamicThere is also Reverse ARP (RARP) which can be used by a host to discover its IP address. In this case, the host broadcasts its physical address and a RARP server replies with the host's IP address.
ICMP Internet Control Message Protocol, an extension to the Internet Protocol (IP) defined by RFC 792. ICMP supports packets containing error, control, and informational messages. The PING command, for example, uses ICMP to test an Internet connection. It is a diagnostice and messaging protocol used in TCP/IP stack to enable communications to continue. Ping is ICMP. It also reports issues like not being ablt to reach networks. It also manages the flow of data on the Internet by directing traffic. If router becomes overburdened, ICMP might send a source quench message to your system. This tells your system to stop sending for a while. Routers can also send ICMP messages if they detect a better route to your destination is available. This is called an ICMP redirect message, telling your system to use an alternate route.
Ping Packet Internet Groper, a utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. PING is used primarily to troubleshoot Internet connections. There are many freeware and shareware PING utilities available for personal computers.
TTL Time to Live, a field in the Internet Protocol (IP) that specifies how many more hops a packet can travel before being discarded or returned.
C:\>ping 56.88.21.1
Pinging 56.88.21.1 with 32 bytes of data:
Reply from 56.88.21.1: bytes=32 time<10ms TTL=255
Reply from 56.88.21.1: bytes=32 time<10ms TTL=255
Reply from 56.88.21.1: bytes=32 time<10ms TTL=255
Reply from 56.88.21.1: bytes=32 time<10ms TTL=255IGMP resides in lower layers of TCP/IP stack. It handles the sending and receiving when groups of computers are involved (multicasting) Multicasting is when you send a message to a special IP address (Class D). When a system multicasts, it chooses an IP address (unique) and sends all the information to that address. If you want to receive this information, you must tell your system to listen for that address. A router doesn't know to listen, IGMP tells your router that you want it to listen to that address.
Network Access Layer (Data Link & Physical Layers)
Handles framing the data and merging it to the wire, and the IP layer takes care of routing. It is responsible for framing the packets of information for the underlying topology and merging the data on the wire. It also grabs the data off the wire. If the data is is for that MAC address or broadcast, it will pull data off the wire and pass up to appropriate protocol.