The Department of Defense created TCP/IP to ensure and
preserve date integrity. The DoD model is a condensed
version of the OSI model and only has four layers.
Process Application Layer
Defines protocols for node-to-node application
communication and also controls user interface
specifications. Consists of a set of services that provide
ubiquitous access to all types of networks. Applications
utilize the services to communicate with other devices and
remote applications
Protocols and Applications
| Port |
Protocol |
Description |
| 23 |
Telnet |
Terminal Emulation (Telephone network) |
| 21 |
FTP |
Allows file transfers between computers (File
Transfer Protocol) |
| 69 |
TFTP |
Have to know what you want and where it is on
the server, no directory browsing, no user
authentication (Trivial File Transfer Protocol) |
| 2049 |
NFS |
Allows remote file systems to be mounted as
local (Network File System) |
| 25 |
SMTP |
Used to send mail between mail servers (Simple
Mail Transfer Protocol) |
| 515 |
LPD |
Used for print sharing of network printers with
TCP/IP (Line Printer Daemon) |
| 161 |
SNMP |
Collect and manipulates network information
(Simple Network Management Protocol) |
| 53 |
DNS |
Resolves FQDN to IP addresses (Domain Name
Service) |
| 67 |
BootP |
Used by diskless workstations to receive boot
file and other information via TFTP |
| |
DHCP |
Assigns IP addresses to hosts from a pool. Can
send IP address, Subnet mask,
Domain Name, Default Gateway, DNS IP, WINS info.
(Dynamic Host Configuration Protocol) |
Host-to-Host Layer
This layer shields the upper layers from the process of
sending data. Also provides an end-to-end connection between
two devices during communication by performing sequencing,
acknowledgments, checksums, and flow control. Applications
using services at this layer can use two different
protocols: TCP and UDP.
Protocols at the Host-to-Host Layer are:
TCP (Transmission Control Protocol)
TCP provides a connection-oriented, reliable services to
the applications that use its services.
Main Functions of TCP
- Segments
application layer data stream--
- TCP accepts data from applications and segments it
into a desirable size for transmission between itself
and the remote devices. The segment size is determined
while TCP is negotiating the connection between the two
devices. Either device can dictate the segment size.
- Provides
acknowledgment times--
- TCP maintains timers to identify when packets have
taken too long to get to their destination. When an
acknowledgment is not received for a packet and the
timer expires, TCP will resend the packet to the
destination.
- Enables
sequence number checking--
- TCP/IP uses sequence numbers to ensure that all
packets sent by an application on one device are read in
the correct order by an application on another device.
The packets might not be received at the transport layer
in the correct order, but TCP sequences them in their
original order before passing them to the application
layer.
- Provides
buffer management--
- Any time two devices are communicating, the
possibility exists that one device can send data faster
than the other can accept it. If this happens, the
receiving device puts the extra packets into a buffer to
be read at the first chance it gets. When this data
overflow persists, however, the buffer is eventually
filled and packets begin to drop. TCP performs some
preventive maintenance called flow control to avoid the
problem.
- Initiates
connections with 3-way handshake--
- TCP uses the concept of the three-way handshake to
initiate a connection between two devices. A TCP
connection begins with a device sending a request to
synchronize sequence numbers (a SYN packet) and initiate
a connection. The other device receives the message and
responds with a SYN message and the sequence number
increased by one. The first device responds by sending
an acknowledgment message (an ACK) to the second device,
indicating that the device received the sequence number
it expected.
- Performs
error and duplication checking--
- TCP uses a checksum to identify packets that have
changed during transport. If a device receives a packet
with a bad checksum, it drops the packet and does not
send an acknowledgment for the packet. So the sending
device will resend the packet. Any time TCP receives a
duplicate packet it will drop the duplicate.
- Performs
acknowledgment windowing--
- Any time a TCP device sends data to another device,
it must wait for the acknowledgment that this data was
received, To increase the bandwidth utilization, TCP can
change the window size. Whatever the window size is
negotiated to be, acknowledgments will only be sent
after that many packets have been received at the
receiving device. TCP sets the window size dynamically
during a connection, allowing either device involved in
the communication to slow down the sending data rate
based on the other devices capacity. This process is
known as sliding window because of TCP's ability
to change the window size dynamically.
TCP Overview
Before data is sent, the transmitting host contacts the
receiving host to set up a connection known as a virtual
circuit. This makes TCP connection-oriented. During
the handshake the two hosts agree upon the amount of
information to be sent before an acknowledgment is needed
(Windowing). TCP takes the large blocks of data from the
upper layers and breaks them up into segments that it
numbers and sequences. TCP will the pass the segments to the
network layer, which will route them through the
Internetwork. The receiving TCP can put the segments back
into order. After packets are sent, TCP waits for an
acknowledgment from the receiving end of the virtual
circuit. If no acknowledgment is received then the sending
host will retransmit the segment.
| TCP Header Information |
Source Port Number
16 bits
(Number of calling port) |
Destination Port Number
16 bits
(Number of called port) |
Sequence Number
32 bits
(Number to ensure proper sequence of data.) |
Acknowledgment Number
32-bits
(Identifies next segment expected) |
Header Length
4 bits
(Number of 32 bit words in header) |
Reserved
6 bits
(Always 0) |
Code
bits
6 bits
(Identifies type of segment, setup/termination of
session) |
Window size
16 bits
(Number of octets the device is willing to accept) |
TCP
Checksum
16 bits
(Used to ensure data integrity) |
Urgent Pointer
16 bits
(Indicates end of urgent data) |
Options
0 or 32 bits
(Identifies maximum segment size) |
Data
|
UDP (User Datagram Protocol)
UDP transports information that doesn't require reliable
delivery; therefore it can have less overhead than TCP as no
sequencing or acknowledgments are used. NFS and SNMP use UDP
for their sessions, the applications have their own methods
to ensure reliability. UDP receives blocks of information
from the upper layers, which it breaks into segments. It
gives each segment a number, sends it, and then forgets
about it. No acknowledgments, no virtual circuits,
connectionless protocol.
| UDP Header Format |
Source Port Number
16 bits
(Number of calling port) |
Destination Port Number
16 bits
(Number of called port) |
UDP Length
16 bits
(Length of UDP in bytes) |
UDP Checksum
16 bits
(Used to ensure data integrity) |
Data
|
Differences between TCP and UDP
|
Differences
Between TCP and UDP |
| TCP |
UDP |
| Sequenced |
Unsequenced |
| Reliable -sequence numbers, acknowledgments, and
3-way handshake |
Unreliable -best effort only |
| Connection Oriented |
Connectionless |
| Virtual Circuits |
Low Overhead |
| Checksum for Error Checking |
Checksum for Error Checking |
| Uses buffer management to avoid overflow, uses
sliding window to maximize bandwidth efficiency |
No flow control |
| Assigns datagram size dynamically for efficiency |
Every datagram segment is the same size |
TCP and UDP Port Numbers
TCP and UDP use port numbers to communicate with the
upper layers. Port numbers keep track of different sessions
across the network. The source port will be above 1024
(unprivileged). 1023 and below (privileged) are known as
well known ports and are assigned to common protocols. TCP
and upper layer don't use hardware (MAC) and logical (IP)
addresses to see the host's address; instead they use port
numbers.
Internet Layer
The Internet Layer exists for routing and providing a
single network interface to the upper layers. IP provides
the single network interface for the upper layers.
Protocols at the Internet Layer are:
IP (Internet Protocol)
The Internet Protocol (IP) is a network-layer (Layer 3)
protocol that contains addressing information and some
control information that enables packets to be routed.
IP has two primary responsibilities: providing
connectionless, best-effort delivery of datagrams through an
internetwork; and providing fragmentation and reassembly of
datagrams to support data links with different
maximum-transmission unit (MTU) sizes.
All machines on a TCP/IP network have a unique logical
address, an IP address. The Internet Layer (IP) has a
complete picture of the entire network and is responsible
for path determination and packet switching. IP is the
transport for TCP, UDP, and ICMP and provides an unreliable
service. It lets the upper layer protocols that use it
worry about reliability. IP will perform as a
connectionless service because it handles each datagram as
an independent entity. IP performs packet switching
and path determination by maintaining tables that indicate
where to send a packet based on its IP address. IP
gets the destination address from the packet. IP
receives segments from the Host-to-Host layer and fragments
them into packets. IP will then reassemble the packets
into segments on the receiving end to send to the
Host-to-Host layer. Each packet has the source and
destination IP address. Each router will make path
determinations based on the destination IP address.
ICMP (Internet Control Message Protocol)
The Internet Control Message Protocol (ICMP) is a
network-layer Internet protocol that provides message
packets to report errors and other information regarding IP
packet processing back to the source. ICMP utilizes IP
to carry the ICMP data within it through a network.
ICMP Messages
ICMPs generate several kinds of useful messages,
including Destination Unreachable, Echo Request and Reply,
Redirect, Time Exceeded, and Router Advertisement and Router
Solicitation. If an ICMP message cannot be delivered, no
second one is generated. This is to avoid an endless flood
of ICMP messages.
When an ICMP destination-unreachable message is
sent by a router, it means that the router is unable to send
the package to its final destination. The router then
discards the original packet. Destination-unreachable
messages include four basic types: network unreachable, host
unreachable, protocol unreachable, and port unreachable.
- Network-unreachable messages usually
mean that a failure has occurred in the routing or
addressing of a packet.
- Host-unreachable messages usually
indicates delivery failure, such as a wrong subnet mask.
- Protocol-unreachable messages
generally mean that the destination does not support the
upper-layer protocol specified in the packet.
- Port-unreachable messages imply that
the TCP socket or port is not available.
An ICMP echo-request message, which is generated
by the ping command, is sent by any host to test node
reachability across an internetwork. The ICMP
echo-reply message indicates that the node can be
successfully reached. PING - Packet
Internet Gropher, uses echo message to test physical
connectivity.
An ICMP Redirect message is sent by the router to
the source host to stimulate more efficient routing. The
router still forwards the original packet to the
destination. ICMP redirects allow host routing tables to
remain small because it is necessary to know the address of
only one router, even if that router does not provide the
best path. Even after receiving an ICMP Redirect message,
some devices might continue using the less-efficient route.
An ICMP Time-exceeded message is sent by the
router if an IP packet's Time-to-Live field (expressed in
hops or seconds) reaches zero. The Time-to-Live field
prevents packets from continuously circulating the
internetwork if the internetwork contains a routing loop.
Routers discard packets that have reached their maximum hop
count and tell the source machine that the packet is
expired. Traceroute - uses ICMP timeouts
to find the path a packet takes through the internetwork.
ARP (Address Resolution Protocol)
Used to find the MAC address from the known IP address.
ARP sends a broadcast asking for the machine with the
specified IP address to respond with its MAC address.
If two devices want to communicate, the first device can
send a broadcast ARP message requesting the physical address
for a specified IP address. The receiving device
responds with its IP address and the first device maintains
the entry in its ARP cache. If a device doesn't exist
on the same subnet, the sending device addresses the the
default gateway's physical address and sends the packet to
the default gateway.
RARP Reverse Address Resolution Protocol)
This protocol is used to find an IP address when the MAC
address is known. A machine sends a broadcast with its
MAC address and requests its IP address. An example of
a device that uses RARP is a diskless workstation.
Since it can't store its logical network address, it sends
its MAC address to a RARP server to requests its IP address.
A RARP server responds to the RARP request with the device's
IP address.
Network Access Layer
The Network Access Layer monitors the data exchange
between the host and the network. Oversees MAC addressing
and defines protocols for the physical transmission of data.
DOD Model and TCP/IP
|