Viewed times.





Home

Inside MCSE
   For MCPs Only
   For MCSEs Only
   An Evaluation
   Skills Assessment
   NT Faq
 MCSE Guide
    NT 4 Integration
   Storage Strategy
   TCP/IP
   Unix to NT
 News
   Free News
 Cricket
   The World Cup '99
   Ceat Cricket Rating
 Have A Laugh
   Laugh Page
 Free World
   Free Software
   Free Emails
   Free Web Pages
   Miscellaneous
The X World
   The Zodiac
   Today's Horoscope
   The X Files
   The UFO
 Lets Talk
    My ICQ Status
   Email me
   Guest Book


The author is  
a member of
The HTML Writers Guild
Get Microsoft Internet Explorer

CLICK HERE TO SEARCH THE WEB!

Introduction | Protocol Architecture | Core Protocols |
Application Interfaces | IP Addressing | Address Classes |
Subnets & subnet Masks | Subnetting | Var Length Subnetting |
Supernetting | Host Name Resolution | NetBIOS Name Resolution |
IP Routing | Physical Add Resolution | Multicasting-White Paper | RFC

Previous | Next

TCP/IP Core Protocols

The TCP/IP protocol component that is installed in your network operating system is a series of interconnected protocols called the core protocols of TCP/IP. All other applications and other protocols in the TCP/IP protocol suite rely on the basic services provided by the following protocols: IP, ARP, ICMP, IGMP, TCP, and UDP.

IP

IP is a connectionless, unreliable datagram protocol primarily responsible for addressing and routing packets between hosts. Connectionless means that a session is not established before exchanging data. Unreliable means that delivery is not guaranteed. IP will always make a best effort attempt to deliver a packet. An IP packet might be lost, delivered out of sequence, duplicated, or delayed. IP does not attempt to recover from these types of errors. The acknowledgment of packets delivered and the recovery of lost packets is the responsibility of a higher-layer protocol, such as TCP. IP is defined in RFC 791.

An IP packet consists of an IP header and an IP payload. Table 3 describes the key fields in the IP header.

Table 3 Key fields in the IP header

IP Header Field Function
Source IP Address The IP address of the original source of the IP datagram.
Destination IP Address The IP address of the final destination of the IP datagram
Identification Used to identify a specific IP datagram and to identify all fragments of a specific IP datagram if fragmentation occurs.
Protocol Informs IP at the destination host whether to pass the packet up to TCP, UDP, ICMP, or other protocols.
Checksum A simple mathematical computation used to verify the integrity of the IP header.
Time to Live (TTL) Designates the number of networks on which the datagram is allowed to travel before being discarded by a router. The TTL is set by the sending host and is used to prevent packets from endlessly circulating on an IP internetwork. When forwarding an IP packet, routers are required to decrease the TTL by at least one

Fragmentation and Reassembly

If a router receives an IP packet that is too large for the network onto which the packet is being forwarded, IP will fragment the original packet into smaller packets that will fit on the downstream network. When the packets arrive at their final destination, IP at the destination host reassembles the fragments into the original payload. This process is referred to as fragmentation and reassembly. Fragmentation can occur in environments that have a mix of networking technologies, such as Ethernet and Token Ring.

The fragmentation and reassembly works as follows:

1. When an IP packet is sent by the source, it places a unique value in the Identification field.

2. The IP packet is received at the router. The IP router notes that the maximum transmission unit (MTU) of the network onto which the packet is to be forwarded is smaller than the size of the IP packet.

3. IP fragments the original IP payload into fragments that will fit on the next network. Each fragment is sent with its own IP header which contains:

  • The original Identification field identifies all fragments that belong together.
  • The More Fragments Flag indicates that other fragments follow. The More Fragments Flag is not set on the last fragment, because no other fragments follow it.
  • The Fragment Offset field indicates the position of the fragment relative to the original IP payload.

4. When the fragments are received by IP at the remote host, they are identified by the Identification field as belonging together. The Fragment Offset is then used to reassemble the fragments into the original IP payload.

ARP

When IP packets are sent on shared access, broadcast-based networking technologies such as Ethernet or Token Ring, the Media Access Control (MAC) address corresponding to a forwarding IP address must be resolved. ARP uses MAC-level broadcasts to resolve a known forwarding IP address to its MAC address. ARP is defined in RFC 826.

For more information on ARP, see the "Physical Address Resolution" section later in this paper.

ICMP

Internet Control Message Protocol (ICMP) provides troubleshooting facilities and error reporting for packets that are undeliverable. For example, if IP is unable to deliver a packet to the destination host, ICMP will send a Destination Unreachable message to the source host. Table 4 shows the most common ICMP messages.

Table 4 Common ICMP messages

ICMP Message Function
Echo Request Simple troubleshooting message used to check IP connectivity to a desired host.
Echo Reply Response to an ICMP Echo Request
Redirect Sent by a router to inform a sending host of a better route to a destination IP address.
Source Quench Sent by a router to inform a sending host that its IP datagrams are being dropped due to congestion at the router. The sending host then lowers its transmission rate. Source Quench is an elective ICMP message and is not commonly implemented
Destination Unreachable Sent by a router or the destination host to inform the sending host that the datagram cannot be delivered.

To send ICMP Echo Request messages and view statistics on the responses on a Windows NT-based computer, use the ping utility at a Windows NT command prompt.

There are a series of defined Destination Unreachable ICMP messages. Table 5 describes the most common ICMP Destination Unreachable messages.

Table 5 Common ICMP Destination Unreachable messages

Destination Unreachable Message Description
Network Unreachable Sent by an IP router when a route to the destination network can not be found.
Host Unreachable Sent by an IP router when a destination host on the destination network can not be found. This message is only used on connection-oriented network technologies (WAN links). IP routers on connectionless network technologies (such as Ethernet or Token Ring) do not send Host Unreachable messages.
Protocol Unreachable Sent by the destination IP node when the Protocol field in the IP header cannot be matched with an IP client protocol currently loaded.
Port Unreachable Sent by the destination IP node when the Destination Port in the UDP header cannot be matched with a process using that port.
Fragmentation Needed and DF Set Sent by an IP router when fragmentation must occur but is not allowed due to the source node setting the Don't Fragment (DF) flag in the IP header.

ICMP does not make IP a reliable protocol. ICMP attempts to report errors and provide feedback on specific conditions. ICMP messages are carried as unacknowledged IP datagrams and are themselves unreliable. ICMP is defined in RFC 792.

IGMP

Internet Group Management Protocol (IGMP) is a protocol that manages host membership in IP multicast groups. An IP multicast group, also known as a host group, is a set of hosts that listen for IP traffic destined for a specific multicast IP address. Multicast IP traffic is sent to a single MAC address but processed by multiple IP hosts. A given host listens on a specific IP multicast address and receives all packets to that IP address. Some additional aspects of IP multicasting:

  • Host group membership is dynamic, hosts can join and leave the group at anytime.
  • A host group can be of any size.
  • Members of a host group can span IP routers across multiple networks. This situation requires IP multicast support on the IP routers and the ability for hosts to register their group membership with local routers. Host registration is accomplished using IGMP.
  • A host can send traffic to an IP multicast address without belonging to the corresponding host group.

For a host to receive IP multicasts, an application must inform IP that it will be receiving multicasts at a specified destination IP multicast address. If the network technology supports hardware-based multicasting, then the network interface is told to pass up packets for a specific multicast address. In the case of Ethernet, the network interface card is programmed to respond to a multicast MAC address corresponding to the desired IP multicast address.

A host supports IP multicast at one of the following levels:

Level 0 No support to send or receive IP multicast traffic.
Level 1 Support exists to send but not receive IP multicast traffic.
Level 2 Support exists to both send and receive IP multicast traffic. Windows NT TCP/IP supports level 2 IP multicasting.

The protocol to register host group information is IGMP. IGMP is required on all hosts that support level 2 IP multicasting. IGMP packets are sent using an IP header.

IGMP messages take two forms:

1. When a host joins a host group, it sends an IGMP Host Membership Report message to the all-hosts IP multicast address (224.0.0.1) or to the desired multicast address declaring its membership in a specific host group by referencing the IP multicast address.

2. When a router polls a network to ensure there are members of a specific host group, it sends an IGMP Host Membership Query message to the all-hosts IP multicast address. If no responses to the poll are received after several polls, the router assumes no membership in that group for that network and stops advertising that group-network information to other routers.

For IP multicasting to span routers across an internetwork, multicast routing protocols are used by routers to communicate host group information so that each router supporting multicast forwarding is aware of which networks contain members of which host groups.

TCP

TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments. Connection-oriented means that a connection must be established before hosts can exchange data. Reliability is achieved by assigning a sequence number to each segment transmitted. An acknowledgment is used to verify that the data was received by the other host. For each segment sent, the receiving host must return an acknowledgment (ACK) within a specified period for bytes received. If an ACK is not received, the data is retransmitted. TCP is defined in RFC 793.

TCP uses byte-stream communications, wherein data within the TCP segment is treated as a sequence of bytes with no record or field boundaries. Table 6 describes the key fields in the TCP header.

Table 6 Key fields in the TCP header

Field Function
Source Port TCP port of sending host
Destination Port TCP port of destination host.
Sequence Number The sequence number of the first byte of data in the TCP segment.
Acknowledgment Number The sequence number of the byte the sender expects to receive next from the other side of the connection.
Window The current size of a TCP buffer on the host sending this TCP segment to store incoming segments.
TCP Checksum Verifies the integrity of the TCP header and the TCP data.

TCP Ports

A TCP port provides a specific location for delivery of TCP segments. Port numbers below 1024 are well-known ports and are assigned by the Internet Assigned Numbers Authority (IANA). Table 7 lists a few well-known TCP ports.

Table 7 Well-known TCP ports

TCP Port Number Description
20 FTP (Data Channel)
21 FTP (Control Channel)
23 Telnet
80 HyperText Transfer Protocol (HTTP) used for the World Wide Web
139 NetBIOS session service

For a complete list of assigned TCP ports, see RFC 1700 from the above menu RFC [2] Ref.

The TCP Three-Way Handshake

A TCP connection is initialized through a three-way handshake. The purpose of the three-way handshake is to synchronize the sequence number and acknowledgment numbers of both sides of the connection, exchange TCP Window sizes, and exchange other TCP options such as the maximum segment size. The following steps outline the process:

  • 1. The client sends a TCP segment to the server with an initial Sequence Number for the connection and a Window size indicating the size of a buffer on the client to store incoming segments from the server.
  • 2. The server sends back a TCP segment containing its chosen initial Sequence Number, an acknowledgment of the client's Sequence Number, and a Window size indicating the size of a buffer on the server to store incoming segments from the client.
  • 3. The client sends a TCP segment to the server containing an acknowledgement of the server's Sequence Number.

TCP uses a similar handshake process to end a connection. This guarantees that both hosts have finished transmitting and that all data was received.

UDP

UDP provides a connectionless datagram service that offers unreliable, best-effort delivery of data transmitted in messages. This means that the arrival of datagrams is not guaranteed; nor is the correct sequencing of delivered packets. UDP does not recover from lost data through retransmission. UDP is defined in RFC 768.

UDP is used by applications that do not require an acknowledgment of receipt of data and that typically transmit small amounts of data at one time. The NetBIOS name service, NetBIOS datagram service, and the Simple Network Management Protocol (SNMP) are examples of services and applications that use UDP. Table 8 describes the key fields in the UDP header.

Table 8 Key fields in the UDP header

Field Function
Source Port UDP port of sending host.
Destination Port UDP port of destination host.
UDP Checksum Verifies the integrity of the UDP header and the UDP data.
Acknowledgment Number The sequence number of the byte the sender expects to receive next from the other side of the connection.

UDP Ports

To use UDP, an application must supply the IP address and UDP port number of the destination application. A port provides a location for sending messages. A port functions as a multiplexed message queue, meaning that it can receive multiple messages at a time. Each port is identified by a unique number. It's important to note that UDP ports are distinct and separate from TCP ports even though some of them use the same number. Table 9 lists well-known UDP ports.

Table 9 Well-known UDP ports

UDP Port Number Description
53 Domain Name System (DNS) Name Queries
69 Trivial File Transfer Protocol (TFTP)
137 NetBIOS name service
138 NetBIOS datagram service
161 Simple Network Management Protocol (SNMP)

For a complete list of assigned UDP ports, see RFC 1700 from the above menu RFC [2] Ref.

Go to Top of Page

The MCP Logo is displayed on this web site in accordance with Microsoft Certified Professional Program and Logo Agreement. © Paramvir Likhari 1997 - 1999

Nedstat Counter