webpointmorpheus Network Info
TCP/IP

     Overview      What is TCP/IP?      TCP      IP      Address Ranges      Subnet Mask
     Default Gateway      Ports & Sockets      Additional Protocols      IPv6      Notes

©2005 - material compiled by Bob Carnaghi, www.webpointmorpheus.com

Overview     Top of Page

TCP/IP is the 'de facto' protocol of the Internet. Due to its popularity, it has become a necessary protocol that many of the previously proprietary systems have had to acknowledge and incorporate. Previous protocols that were exclusive (AppleTalk, IPX/SPX, etc.) have acknowledged and incorporated TCP/IP because of its universality, versatility, and popularity.

TCP/IP was originally designed by the ARPA (Advanced Research Projects Agency) (sometimes seen with a D - for Defense) which was funded by the Defense Department. It was designed from the viewpoint of the military to be versatile, routable, redundant, and bulletproof. Due to these criteria, it has grown in popularity and is in wide use today. In order to access the Internet, a computer must be running TCP/IP. Additionally, it's opensource - thereby owned by no single entity or corporation, and it's free for everyone to use.

This document gives an overview of TCP/IP and its workings. The intent of this document is to remain free from deep technicality, and focus on the information necessary to cover the CompTIA Network+ test objectives. There is more technical info about TCP/IP in the RFC^a pages. If you have a difficult time with the acronymn drenched terms used in this document, check out the Network Definitions Page.

What is TCP/IP?     Top of Page

TCP/IP is today's most popular network protocol, and is the bloodline of the Internet. TCP/IP is a routable protocol that provides capable connection between systems. TCP/IP allows communication between UNIX, Windows, Netware and Mac, and other systems which are spread over multiple interconnected networks. The term 'TCP/IP' is actually the 'TCP/IP suite', which is a collection of several different protocols. Each of the functions of this protocol suite operate on the separate layers of the OSI model to provide functional interoperability when fulfilling the final objective of delivering resources across a network. The two main protocols of the TCP/IP suite are in its name: the Transmission Control Protocol, and the Internet Protocol. Both are outlined below, as well as some of the other protocols in the TCP/IP suite.

TCP     Top of Page

The TCP part of TCP/IP stands for Transmission Control Protocol. It is a Transport layer protocol that provides reliable connection-oriented full-duplex transport. Connection-oriented means that a connection must be negotiated and established before hosts can exchange data. A common example of connection-oriented communication is a telephone call: you call, the 'destination' picks up the phone and acknowledges, and you start talking (sending data). TCP guarantees delivery by sending acknowledgements back to the source when messages are received. The reason that TCP is separate from IP is that the focus of TCP is on the data and continuity of the data that is to be transferred. TCP makes sure that all the data that is handed down from the upper layers of the Protocol Stack is broken down into manageable frames. The frames are numbered and sequenced before transmission so that they can be checked and re-assembled after the transmission.

IP     Top of Page

IP stands for Internet Protocol, and is defined at the Network layer of the OSI model. IP provides connectionless delivery of packets across networks. Connectionless means that IP is only concerned with sending the data packets that are handed down from the TCP layer - not with the ordered sequencing or other minutia. IP is also responsible for routing and Network layer addressing.

   IP Addressing

IP addressing is the process of assigning a 32-bit logical numeric address to a network device. Every IP address on the network must be unique. An IP address is represented in a dotted decimal format, for example here's the IP address for the server that holds the page you're looking at:

65.18.145.251

The address is divided into 4 parts. Each of the parts is called an octet. Each octet represents 8 bits in binary numbers. The IP address mentioned above can also be displayed in dotted binary format, which is how computers think:

01000001.00010010.10010001.11111011

Every computer on the internet must have a unique IP address. The example above shows how each computer is identified at the level of bitwise addressing.

Address Ranges     Top of Page

IP addressing is broken down into specific ranges. The currently used addressing schema in version 4 of IP is divided into 5 Classes. Each class is based upon the first octet. To determine the class of an IPv4 address, look at the first octet, and compare it to the list below.

1. Class A: 1-126
2. Class B: 128-191
3. Class C: 192-223
4. Class D: 224-239
5. Class E: 240-254

Private Address ranges

IANA^b has reserved 4 address ranges to be used in private networks. These addresses won't appear on the Internet, thereby avoiding IP address conflicts. The private address ranges are listed below.

1. 10.0.0.0 through 10.255.255.255
2. 127.0.0.0 to 127.255.255.254 - reserved for IP loopback addresses.
3. 169.254.0.1 through 169.254.255.254 - reserved for Automatic Private IP Addressing.
4. 172.16.0.0 through 172.31.255.255
5. 192.168.0.0 through 192.168.255.255

Subnet Mask & Subnetting     Top of Page

In order for a protocol to be routable across a network, the address must have two parts: a host portion and a network portion. TCP/IP uses subnet masks to determine which part is the host portion and which is the network portion. The list below gives the default subnet masks for Classes A, B, and C addresses. For a Class A address, the first portion is the network portion of the address. The last 3 portions will give the numbers assigned to the hosts on the network. For example, in a Class B IP address such as 172.116.12.24 with the default Class B 16 bit subnet mask of 255.255.0.0 the network portion is 172.116 and the host part is 12.24. Using these parameters, networks can be broken down into portions for easier management.

   Default subnet masks:

1. Class A: 255.0.0.0
2. Class B: 255.255.0.0
3. Class C: 255.255.255.0

   Subnetting

Subnetting is the process of further breaking down a subnet mask. Subnetting increases the number of nodes available on a network. A subnetted address will appear like this: '10.121.6.15/22'. The '/' part defines the number of bits in the subnet mask. Note that the assumption with the default subnet masks is that there are 8 or 16 or 24 bits in the subnet masks. However, with subnetting, that definition is further refined. The process of how subnetting works is beyond the scope of this document.

Default Gateway     Top of Page

Default gateways are assigned to hosts on an internal LAN to facilitate access to territory beyond that LAN. If a data packet is bound for a host on the same LAN, the subnet masks will match, and the default gateway will not transfer the packets outside the LAN. If the subnet mask is different from that of the local LAN, the default gateway knows to pass the data outside of the LAN. The purpose of a default gateway can be clearly defined: "All data not meant for the local subnet is sent to the router for transfer beyond the LAN."

Ports & Sockets     Top of Page

An important feature of the TCP/IP protocol suite is sockets. A socket is the combination of an IP address and a port number. A user application is defined to work at the Application Layer of the OSI model. Different applications use different port numbers which allows multiple applications to share the same connection. It is possible to connect to an SMTP mail server on port 25 to send email, and at the same time connect to a web server on port 80 to browse a web site. A socket is defined with an IP address, a colon (:), then a port number. This way one single Internet connection can handle separate data streams by directing the transfer of information to the appropriate host and application by identifying it with a port number. Thus, a packet with a destination address of 145.212.66.7:80 knows that it's bound for the web browser of the requesting machine.

TCP Ports
Port Number	Service	Description
20	FTP DATA	Data portion of file transfer.
21	FTP	Control portion of file transfer.
22	SSH	A secure version of system access, similar to FTP.
23	TELNET	Used for remote system access.
25	SMTP	Simple Mail Transfer Protocol. Popularly used for email transfer between servers or from client to server.
53	DNS	Domain Naming Service
67, 68	DHCP	Dynamic Host Configuration Protocol. DHCP servers listen to port #67, and DHCP clients listen to port #68.
69	TFTP	Trivial File Transfer. A non-secure type of file transfer.
80	HTTP	Hyper Text Transfer Protocol. Webpages, etc.
110	POP3	Version 3 of Post Office Protocol that is used for transferring email from server to client.
119	NNTP	Network News Transfer Protocol. Used for Usenet news group messages.
123	NTP	Network Time Protocol. Used for clock synchronization.
137	NETBIOS-NS	Microsoft Networking NetBIOS Name Service.
138	NETBIOS-DG	Microsoft Networking NetBIOS Datagram Service.
139	NETBIOS-SS	Microsoft Networking NetBIOS Session Service.
143	IMAP	Internet Message Access Protocol
161	SNMP	Simple Network Management Protocol. Used to remotely monitor network devices.
443	HTTPS	Secure version of HTTP. (See port 80)
1512	WINS	Windows Internet Naming Service
1701	L2TP	Layer 2 Tunneling Protocol
1723	PPTP	Point to Point Tunneling Protocol

Additional Protocols     Top of Page

   UDP

UDP - User Datagram Protocol - is a connectionless Transport layer protocol. It is designed to provide best-effort delivery. There is no guarantee that UDP datagrams ever reach their intended destination. UDP is termed as unreliable and intended to be that way. The purpose of UDP is to send one way broadcasts in multiple directions to multiple hosts.

   FTP

FTP - File Transfer Protocol - is an Application layer protocol that provides connection-oriented file transfer functions. TCP port 21 is assigned for control instructions and TCP port 20 is for the actual data transfer.

   TFTP

TFTP - Trivial File Transfer Protocol - is an Application layer protocol that provides connectionless file transfer functions. Compare TFTP to the connection-oriented FTP above.

   SMTP

SMTP - Simple Mail Transfer Protocol - is an Application layer protocol used to transfer e-mail.

   POP3/IMAP4

While SMTP is used to send email, both the Post Office Protocol and the IMAP are used to retrieve e-mail. POP3 typically downloads the queued messages to the client's computer. The more complex IMAP4 can be used to access the messages which are stored on the server, and leaves them on the server for later viewing/retrieval/etc. SMTP is defined at the Application layer of the OSI model.

   HTTP

HTTP - HyperText Transfer Protocol - is the Application layer protocol used for transferring World Wide Web documents. It is not limited to web documents, and can be used to transfer other files as well.

   HTTPS

HTTPS - Secure HTTP - is used in exactly the same way as the HTTP protocol. The difference is that HTTPS sends data in encrypted form. The url for a secure HTTP connection would appear as https://www.webpointmorpheus.com/.

   TELNET

Telnet is an Application layer protocol that provides terminal emulation. It is an older protocol that is used for remote connection to distant computers.

   NTP

NTP - Network Time Protocol - is an Application layer protocol used to provide accurate time synchronization. NTP is utilized in LANs and WANs by synchronizing the time of a computer to a reference time source. Typically the source is a remote NTP server, a radio, a satellite receiver, or a modem. NTP is capable of synchronizing distributed clocks to the millisecond.

   ICMP

ICMP - The Internet Control Message Protocol is a Network layer protocol that travels in IP packets and is used for sending information and control messages back to the source. One of the most common applications that uses ICMP is the ping utility. Ping is used to determine whether a particular TCP/IP host is reachable. Ping sends out an echo request to an IP address, and if the destination is alive and reachable it will send an echo reply back to the source. If the destination is not reachable, the last router on the path sends a Destination Unreachable message back to the source host. Echo request and echo reply are two of a set of message types ICMP uses to provide/request feedback.

   ARP

ARP - Address Resolution Protocol - resolves physical MAC addresses to assigned IP addresses. In order for nodes to communicate, it is necessary that the two stations in a network know each other's MAC & IP addresses. The Address Resolution Protocol is used to discover an IP address (layer 3) to a MAC address (layer 2). An ARP request is broadcast on the local network to discover the MAC address of the destination host. Responding to the broadcast, the station with the correct MAC address forwards an ARP reply containing its IP and MAC address to the requesting host.

   RIP

RIP - Routing Information Protocol is used to exchange routing information between routers. Each router builds a routing table that contains entries of possible routes in the network and their attributes. RIP saves routers on a network the effort of building a routing table when they share their routing tables. Additionallly, when a link to a network goes down, the route to that network becomes invalid. To inform routers in an internetwork about the change in network routes, RIP is used. RIP is typically used in smaller environments. Another example of a more scalable routing protocol is OSPF - Open Shortest Path First.

IP Version 6     Top of Page

This document so far has referred to IP version 4. The next version of TCP/IP, IPv6, is currently being developed. The purpose of IPv6 is to permit larger networks with more hosts since the number of addresses available in IPv4 is limited. IPv6 uses a 128-bit address format allowing a theoretical 128² unique addresses. When IP addressing first began, the system currently used (IPv4) provided an abundance of addresses. At this point, the growth of the computer industry as well as the Internet has shown the limitations of the IPv4 addressing scheme. One way to invision the number of IP addresses possible in IPv6 is that there are approximately as many IPv6 addresses possible as there are cells in a human body.

An IPv6 address is written in a maximum of 8 groups of 16 bits each written as four hex digits separated by colons. Here is an example of an IPv6 address:

FEDC:BA12:ABCD:3210:FEDC:BA98:7654:1234

 

Notes     Top of Page

1. An RFC is a Request For Comment. It is a (formal) technical paper that is refined through iteration by professionals to define certain standards of protocol and operation. See this RFC Resource for more info.
2. Internet Assigned Number Authority. See the IANA Website for more info.
3. Additional IP/Internet Resources: InterNIC