Everyone knows that TCP/IP is a network protocol used on LANs, WANs and the Internet, but not everyone who uses it understands how it works. It’s possible to use TCP/IP with little more than knowledge of how to configure the protocol stack, but a better understanding will always give you a clear picture of what is going on in your network and why the protocol needs to be set up in a particular way. The objective of this multi-part TCP/IP article is to explain the key concepts behind the TCP/IP protocol suite.

TCP/IP stands for Transmission Control Protocol/Internet Protocol. If this leads you to think that it is not just one protocol, you’re right. In fact, it is not just two protocols, either. TCP/IP is a suite of protocols. We’ll cover the most important ones in the course of this article.

Like most network protocols, TCP/IP is a layered protocol. Each layer builds upon the layer below it, adding new functionality. The lowest level protocol is concerned purely with the business of sending and receiving data using specific network hardware.

Fig.1: Outline of OSI Layer Model and TCP/IP Model

At the top are protocols designed specifically for tasks like transferring files or delivering email. In between are levels concerned with things like routing and reliability. The benefit that the layered protocol stack gives you is that, if you invent a new network application or a new type of hardware, you only need to create a protocol for that application or that hardware: you don’t have to rewrite the whole stack.

Unlike the OSI layer model, TCP/IP is a four layer protocol. The lowest level, the Network Interface layer, is implemented within the network adapter and its device driver. Since Ethernet is the most common type of network, we will look at it in a bit more detail.

The Ethernet protocol is designed for carrying blocks of data called frames. A frame consists of a header containing 48- bit hardware destination and source addresses (which identify specific network adapters), a 2- byte length field, and some control fields. After that follows the data, and then a trailer which is simply a 32- bit cyclic redundancy check (CRC) field. The data portion of an Ethernet frame must be at least 38 bytes long, so filler bytes are inserted if necessary.

Transportation

The Transport Layer provides data flow controls and error checking mechanisms, and the reliable arrival of messages.

Fig.2: Detailed work of Transport Layer protocol in OSI and TCP/IP Model

At the Transport Layer, there are two methods for transporting data: “connection-oriented”, referring to TCP, and “connectionless”, referring to UDP. TCP, the connection-oriented packet delivery method, provides several additional services to prevent lost data:

Fig.3: Flow Control of TCP as Connection oriented

TCP uses a series of acknowledgements to enforce flow control. With flow control, when one router receives a packet, it sends an acknowledgement, or “ACK”, back to the sender. If the sender does not receive an acknowledgement for a segment it sent, the segment will be resent and reassembled in the correct order at the receiver. This prevents the receiver’s buffer from being overburdened, since packets that are not received due to a full buffer are not acknowledged. (A buffer is a part of the router’s memory used to hold packets waiting processing.)

Fig.4: The flow diagram of TCP acknowledgement

The link layer is called the network layer; the most important protocol at this level is IP, the Internet Protocol. Its job is to send packets or datagrams – a term which basically means “blocks of data” – from one point to another. It uses the link layer protocol to achieve this. Both the network layer and the link layer are concerned with getting data from point A to point B. However, whilst the network layer works in the world of TCP/IP, the link layer has to deal with the real world. Everything it does is geared towards the network hardware it uses.

To make this possible, the TCP/IP protocol suite includes link-layer protocols which convert between IP and hardware addresses. The Address Resolution Protocol (ARP) finds the physical address corresponding to an IP address. It does this by broadcasting an ARP request on the network.

When a host recognizes an ARP request containing its own IP address, it sends an ARP reply containing its hardware address. There is also a Reverse ARP (RARP) protocol. This is used by a host to find out its own IP address if it has no way of doing this except via the network.

Fig.5: Host to Host communication using TCP/IP protocol suite

IP is the bedrock protocol of TCP/IP. Every message and every piece of data sent over any TCP/IP network is sent as an IP packet. Its job is to enable data to be transmitted across and between networks. Hence the name: inter-net protocol. In a small LAN, it adds little to what could be achieved if the network applications talked directly to Ethernet. If every computer is connected to the same Ethernet cable, every message could be sent directly to the destination computer.

Once you start connecting networks together, however, direct Ethernet communication becomes impractical. At the application level, you may address a message to a computer on the far side of the world, but your Ethernet card can’t communicate with the Ethernet card on that computer. Physical Ethernet limitations would prevent it, for a start. It would, in any case, be undesirable for every computer in the world to be connected to one big network. Every message sent would have to be heard by every computer, which would be bedlam.

Instead, inter-net communications take place using one or more “hops”. Your Ethernet card will communicate with another Ethernet device on the route to the final destination. Routing is the important capability that IP adds to a hardware network protocol. Before we come to it, we will look at some other features of IP.

An IP packet consists of the IP header and data. The header includes a 4-bit protocol version number, a header length, a 16-bit total length, some control fields, a header checksum and the 32-bit source and destination IP addresses. This totals 20 bytes in all. However, the protocol field is important. It identifies which higher-level TCP/IP protocol sent the data. When data arrives at its destination (either the packet’s destination address equals the host’s own IP address, or it is a broadcast address) this field tells IP which protocol module to pass it on to.

Let’s come to the Application layer that contains the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application layer protocols are then encapsulated into one or (occasionally) more transport layer protocols (such as TCP or UDP), which in turn use lower layer protocols to effect actual data transfer. Application layer protocols are most often associated with client server applications, and the more common servers have specific ports assigned to them by the IANA; HTTP has port 80 and Telnet has port 23.

Fig.6 The table below shows TCP/IP applications with their assigned port numbers
:

Network Security – Types of Attacks

Denial of Service

Commonly called DoS Attacks.

  • Purpose of breaking things.
  • Often called destroyers / crashers or flooders.
  • The attackers flood the network with packets and requests rendering the network or servers unusable.

Reconnaissance

  • Main goal is to gain information about the network.
  • E.g. Learning IP addresses hostnames and device configurations.

Access

  • Usually an attempt to steal data.
  • Mostly done for financial and competitive purposes.

Firewalls

  • Firewalls sit between a secure network and an unsecure network (an interface in each).
  • Scan ingoing and outgoing traffic for potential threats.
  • Usually looks at transport layer port numbers and application layer headers to determine traffic types.
  • Cisco’s old firewall appliances: PIX firewall devices.
  • New Devices are called Adaptive Security Appliances (ASAs).
  • Cisco uses the term Anti-x to refer to all the security tools that prevent problems.

Intrusion Prevention and Detection

  • IPS: Intrusion Prevention Systems
    • Sit in the packets forwarding path.
    • Same function as the IDS but react to the traffic and filter it out.
  • IDS: Intrusion Detection Systems
    • Typically get sent traffic on a monitoring port (as opposed to the forwarding path)
    • It can then rate and report on potential attacks.
    • Then potentially take to other devices (routers, firewalls etc.) to stop the attack.
  • Both find attacks by looking at trends and patterns in network traffic.

Virtual Private Networks

  • VPNs are used for securing traffic traveling over a public network such as the internet.
  • Two main types
    • Site-to-Site VPNs – Setup permanently between two buildings / connections.
    • Access VPNs – Temporary for roaming users.

Tips for CCNA Exams and Job purposes:

For examination purposes, you need to have a good understanding of the OSI Layer and the TCP/IP protocol suite. Try to understand which protocol works in which layer, and have a better understanding of Network Layer protocols such as TCP and UDP, and other application layer protocols. Most students and engineers think they know all about TCP/IP, but in reality they make mistakes when interviewers ask questions. So prepare well, understand the technology behind the protocol, then you can answer all the questions.

Now, I am sure that you have gotten better understanding of TCP/IP transport, applications and security. Now it’s your turn to give feedback on this article and if you want to read/understand any other concept related to networking which is not published yet, please let me know.

Reference

  1. Guide to Cisco Certified Network Associate certification by Todd Lamlee, Sybex press.
  2. Guide to Cisco Certified Network Associate by Richard Deal.
  3. Cisco Certified Network Professional-Route by Wendell Odom, Ciscopress.com
  4. CCNP- Route Quick reference by Denis Donohue, Ciscopress.com
  5. Cisco Certified Internetwork Expert by Wendell Odom and others, Ciscopress.com
  6. Cisco Certified Internetwork Expert Quick reference by Brad Ellis, Ciscopress.com
  7. Data communication & Computer Networking by Furazon
  8. Computer Networking by William Stallings
  9. Computer networking fundamentals by Tatenbum.