Tcpip

Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Source Port Destination Port
2 Sequence Number
Header
Words
3 Acknowledgement Number
4 Offset Reserved Control Bits Window
5 Checksum Urgent Pointer
6 Options Padding
Data begins here ...
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Version IHL Type of Service Total Length
2 Identification Flag Fragment Offset
Header
Words
3 Time-to-live Protocol Header Checksum
4 Source Address
5 Destination Address
6 Options Padding
Ethernet Router
Router Token Ring Router
Router Ethernet
Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation

4/4/2002 Alex.Peeters@citap.com
Table of Contents:
Introduction.............................................................................................1
Telematics ...............................................................................................................1
Data-communication................................................................................................1
Data-transmission....................................................................................................1
Accident-proof network ............................................................................................1
Network Media........................................................................................2
Network Medium ......................................................................................................2
Twisted-pair cable....................................................................................................2
Unshielded Twisted-Pair ..................................................................................................................2
Shielded Twisted-Pair.......................................................................................................................2
Coaxial cable ...........................................................................................................2
Thick coax ........................................................................................................................................2
Thin coax..........................................................................................................................................2
Fibre-optic cable ......................................................................................................3
Network Components .............................................................................4
Network Operating System ......................................................................................4
Network Interface Card ............................................................................................4
Client........................................................................................................................4
Server ......................................................................................................................4
Client-Server model .................................................................................................5
Local Resource........................................................................................................5
Remote Resource....................................................................................................5
Node ........................................................................................................................6
Concentrator ............................................................................................................6
Hub ..........................................................................................................................6
Repeater ..................................................................................................................6
Bridge ......................................................................................................................6
Router ......................................................................................................................7
Gateway...................................................................................................................7
Backbone.................................................................................................................7
Networks.................................................................................................8
Network Topology....................................................................................................8
Bus Networks ...................................................................................................................................8
Ring Network ....................................................................................................................................9
Star Network.....................................................................................................................................9
Hub Network...................................................................................................................................10
Local Area Networks..............................................................................................10
Circuit-Switched networks ..............................................................................................................11
Packet-Switched networks .............................................................................................................11
Backbone Network .........................................................................................................................12
Thinnet Network .............................................................................................................................12
10BASET Network .........................................................................................................................12
Wide Area Networks ..............................................................................................12
The seven-layer Open Systems Interconnection Reference Model ......13
Communication Protocols......................................................................................13
Characteristics of Layered Architectures:.......................................................................................13
Description of each of these layers........................................................................14
Layer 1, the Physical Layer ............................................................................................................14
Table of Contents I
Layer 2, the Data Link Layer ..........................................................................................................15

Layer 3, the Network Layer ............................................................................................................17
Layer 4, the Transport Layer ..........................................................................................................19
Layer 5, the Session Layer .............................................................................................................20
Layer 6, the Presentation Layer .....................................................................................................21
Layer 7, the Application layer .........................................................................................................21
Characteristics of Layered Protocols .....................................................................22
IEEE LAN’s...........................................................................................24
Terminology ...........................................................................................................24
Access method’s ............................................................................................................................24
Architecture of the IEEE 802 Standards ................................................................24
Logical Link Control........................................................................................................................24
Medium Access Control .................................................................................................................26
802 LAN Physical Address ....................................................................................26
IEEE 802.3 Networks.............................................................................................27
How Ethernet Works ......................................................................................................................27
IEEE 802.3 Media...........................................................................................................................30
IEEE 802.3 Frames ........................................................................................................................30
Implementing TCP/IP over IEEE 802.3 ..........................................................................................31
IEEE 802.5 Networks.............................................................................................31
How Token Ring Works .................................................................................................................31
Several reasons can be cited for Token Ring' s lower popularity....................................................33
IEEE 802.5 Frames ........................................................................................................................33
Protocols and Protocol Stacks ..............................................................35
Operating Dual Protocol Stacks.............................................................................36
Network Driver Interface Standard.........................................................................36
Open Datalink Interface .........................................................................................37
Delivering Data Through Internetworks.................................................39
The way data are delivered through internetworks ................................................39
Multiplexing............................................................................................................39
Switching Data .......................................................................................................40
Circuit Switching .............................................................................................................................40
Packet Switching ............................................................................................................................40
Bridges, Routers, and Switches.............................................................................41
Bridges ...........................................................................................................................................41
Routers ...........................................................................................................................................42
Switches .........................................................................................................................................43
Digital Data Services ............................................................................44
Leased line ............................................................................................................44
Dedicated Leased Lines .................................................................................................................44
Switched Digital Lines ....................................................................................................................44
The Internet Model................................................................................44
What TCP/IP provides ...........................................................................................44
Description of each of these layers........................................................................44
Network Access Layer....................................................................................................................44
Internetwork Layer..........................................................................................................................44
Host-to-Host Transport Layer.........................................................................................................44
Process/Application Layer ..............................................................................................................44
Addressing, Routing, and Multiplexing..................................................44
IP Host Address.....................................................................................................44
IP Address Classes ...............................................................................................44
Subnets..................................................................................................................44
Routing ..................................................................................................................44
The Routing Table..........................................................................................................................44
Table of Contents II
Internet Routing Architecture .................................................................................44

The Routing Table..........................................................................................................................44
Address Resolution................................................................................................44
RARP..............................................................................................................................................44
Protocols, Ports, and Sockets................................................................................44
Protocol Numbers...........................................................................................................................44
Port Numbers .................................................................................................................................44
Sockets...........................................................................................................................................44
Names and Addresses ..........................................................................................44
The Host Table...............................................................................................................................44
The Network Information Centre Host Table..................................................................................44
Domain Name Service ...................................................................................................................44
The Domain Hierarchy ...................................................................................................................44
Creating Domains and Subdomains...............................................................................................44
Domain Names...............................................................................................................................44
Network Information Service ..........................................................................................................44
Remote Procedure Call .........................................................................................44
Remote Procedure Call Execution .................................................................................................44
External Data Representation................................................................................44
An overview of TCP/IP components .....................................................44
Internet Protocol ....................................................................................................44
Internet Control Message Protocol ........................................................................44
Transmission Control Protocol...............................................................................44
User Datagram Protocol ........................................................................................44
Telnet.....................................................................................................................44
File Transfer Protocol ............................................................................................44
Simple Mail Transfer Protocol................................................................................44
Domain Name System...........................................................................................44
Simple Network Management Protocol..................................................................44
Network File Server ...............................................................................................44
Remote Procedure Calls........................................................................................44
Trivial File Transfer Protocol ..................................................................................44
Boot Protocol .........................................................................................................44
Address Resolution Protocol .................................................................................44
Reverse Address Resolution Protocol ...................................................................44
Network Time Protocol ..........................................................................................44
The TCP/IP Family of Protocols............................................................44
Transport ...............................................................................................................44
Routing ..................................................................................................................44
Network Address ...................................................................................................44
User services .........................................................................................................44
Gateway Protocols.................................................................................................44
Others ....................................................................................................................44
Implementing TCP/IP............................................................................44
Multiple Protocol Stacks ........................................................................................44
NetBIOS and NetBEUI...........................................................................................44
Basic Input Output System ....................................................................................44
NetBIOS over TCP/IP ............................................................................................44
Windows Internet Name Service ...........................................................................44
DNS Windows Name Resolution ...........................................................................44
LMHOSTS File Lookup..........................................................................................44
TCP/IP Applications...............................................................................................44
Table of Contents III

Reverse Address Resolution Protocol ...................................................................44

Bootstrap Protocol .................................................................................................44
Dynamic Host Configuration Protocol ....................................................................44
Network File System ..............................................................................................44
Simple Mail Transfer Protocol................................................................................44
Post Office Protocol ...............................................................................................44
Multipurpose Internet Mail Extensions ...................................................................44
File Sharing............................................................................................................44
Interaction of TCP/IP and Other Protocols............................................44
Application Programming Interface........................................................................44
Redirectors and File Sharing .................................................................................44
NOS Gateways and Servers..................................................................................44
NOS Support for Native IP.....................................................................................44
Building an Internet Server ...................................................................44
Isolating the Server................................................................................................44
Providing Full Internet Connectivity .......................................................................44
A basic rule of TCP/IP security is as follows ..................................................................................44
Traffic can be filtered in various ways ............................................................................................44
Simple Network Management Protocol .................................................44
Object Identifier Hierarchy .....................................................................................44
Microsoft TCP/IP...................................................................................44
Microsoft Network Protocols ..................................................................................44
Microsoft Network Protocol Architecture................................................................44
NetBEUI Frame Protocol .......................................................................................44
NWLink ..................................................................................................................44
TCP/IP ...................................................................................................................44
DHCP Concept and Operation .......................................................................................................44
Managing WINS .............................................................................................................................44
Resolving Names on Microsoft Networks ......................................................................................44
Architecture of the Windows Internet Name Service......................................................................44
Naming versus Browsing................................................................................................................44
Managing LMHOST Files.......................................................................................44
Managing DNS ......................................................................................................44
Name Resolution with HOSTS Files ......................................................................44
Transmission Line Theory.....................................................................44
Troubleshooting TCP/IP........................................................................44
Introduction ............................................................................................................44
Tree steps in tracking down the real problem are ..........................................................................44
Some hints on analysing the test results are..................................................................................44
Troubleshooting TCP/IP ........................................................................................44
Approaching a problem ..................................................................................................................44
Troubleshooting Hints ....................................................................................................................44
Diagnostic tools ..............................................................................................................................44
Testing Basic Connectivity .............................................................................................................44
Abbreviations ........................................................................................44
Table of Figures....................................................................................44
Index.....................................................................................................44
Table of Contents IV
4/4/2002 Alex Peeters
Introduction:
Telematics:
Telematics is the combination of informatics and telecommunication. It includes a total of services

connected with the usage of informatics. The are accessible for the transmission of data by middle
from networks.
Data-communication:
Data-communication is the combination of data-processing and telecommunication. It includes the

processing of data of program's running on computer-systems, and the communication over great dis-
tance where the information is transported by using of electrical-conductivity, radio-ways, light-signals,
etc.. With data-communication is it possible to communicate over great distances from terminals con-
nected on the communication network.
Figure 1 shows different possibilities for communication of great distance.
Data-transmission:
Character-sets (ASCII & EBCDIC), parallel/serial, method' s of transmission (Asynchronically: all char-
acters are directly and independently from eachother transmitted. It begins with a start-, and ends with
a stop-bit. & Synchronically: The information-packet is transmitted in block.), simplex/half-duplex/full-
duplex, and the speed from the data-transmission.
Accident-proof network:
Is designed so that the actions of one user do not affect the network access of another user. No net-
work is really accident-proof. Therefore, we must reduce the impact of a user' s mistake on the other
users, while knowing well that some accidents cannot be planned for. Design a network that a user
cannot bring down by merely disconnecting his PC, or even by accidentally cutting a wire in his office.
Introduction 1
Network Media:
A Network Medium is the type of cabling used in a network. There are many types of cables used in
networks today, although only a few are commonly used. The type of cabling can have an influence on
the speed of the network.
A Twisted-pair cable has a pair of wires twisted around eachother to reduce the interference. There
can be two, four, or even more sets of twisted pairs in a network cable. Twisted-pair cables are usually
attached to the network devices with a jack that looks like a telephone modular jack, but a little wider,
supporting up to eight wires. The most commonly used jacks are called RJ-11 (6 wires) and RJ-45 (8
wires), depending on the size of the connector and the number of wires inside.
Figure 2 shows the symbol used for a Twisted-Pair line tag.
There are two types of Twisted-Pair cable in use:

• A Unshielded Twisted-Pair (UTP) cable is one of the most commonly used network me-
dia because it is cheap and easy to work with.
• A Shielded Twisted-Pair (STP) cable has the same basic construction as its unshielded
cousin, but the entire cable is wrapped in a layer of insulation for protection from interfer-
ence.
The same type of connectors are used with both forms of twisted-pair cables.
A Coaxial cable is designed with two conductors, one in the centre surrounded by a layer of insula-
tion, and the second a mesh or foil conductor surrounded the insulation. Outside the mesh is a layer of
outer insulation. Because of its reduced electrical impedance, coaxial is capable of faster transmission
than twisted-pair cable. Coax is also broadband, supporting several network channels on the same
cable.
Figure 3 shows the symbol used for a Coaxial line tag.
There are two types of coaxial cable in use:

• Thick coax is a heavy cable that is used as a network backbone for the bus network. This
cable is formally known as Ethernet PVC coax, but is usually called 10BASE5. Because
thick coax is so heavy and stiff, it is difficult to work with and is quit expensive.
• Thin coax is the most common type used in Ethernet networks. It goes by several names,
including Thin Ethernet, 10BASE2, and cheapernet. Formally, thin coax is called RG-58.
Thin coax is the same as your television cable. The inner connector can be made of a sin-
gle solid copper wire or fashioned out of thin strands of wire braided together. Thin coax is
quite flexible and has a low impedance, so it is capable of fast throughput rates. It is not
difficult to lay out, as it is quite flexible, and it is easy to construct cables with the proper
connectors, usually BNC connectors, at each end. Thin coax is broadband, although most
local area networks use only a single channel of the cable.
Network Media 2
A Fibre-optic cable is becoming popular for very high-speed networks (500 Mbits). It is very expen-
sive but capable of supporting many channels at tremendous speed. Fibre-optic cable is almost never
used in local area networks, although some large corporations do use it to connect many LAN’s to-
gether into a wide area network. The supporting hardware to handle fibre-optic backbones is quite ex-
pensive and specialised.
Figure 4 shows the symbol used for a Fibre-optic line tag.
Network Media 3
Network Components:
A Network Operating System (NOS) controls the interaction between all the machines on the net-
work. The network operating system is responsible for controlling the way information is sent over the
network medium and handles the way data from one machine is packaged and send to another. The
NOS also has to handle what happens when two or more machines try to send at the same time.
• Local area networks that have a single server with many clients connected to it who put the
NOS on the server. The main part of the NOS sits on the server, while the smaller client soft-
ware packages are loaded onto each client.
• With larger networks that don'
t use a single server, such as a network running TCP/IP, the
NOS may be part of each machine' s software.
A Network Interface Card (NIC) is an adapter that usually sits in a slot inside the PC. Some NIC’s
can plug into parallel or SCSI ports. The network interface card handles the connection to the network
itself through one or more connectors on the backplane of the card. You must make sure that the net-
work interface card you are using in your machine works with the network operating system.
NIC
Figure 5 shows the symbol used for a Network Interface Card.
A Client is any machine that request something from a server. The server supplies files and some-
times processing power to the smaller machines connected to it. Each machine is a client in this type
of network.
Figure 6 shows the symbol used for a Client.
A Server is any machine that can provide files, resources, or services to another machine. Any ma-
chine that you request a file from is a server. This is the essence of client-server networks: One ma-
chine, the client, request something from another machine, the server. A single machine may be both
client and server. The more commonly used definition for a server is related to local area networks,
where the server is a powerful machine that holds main files and large applications. Other machines
on the network connect to the server to access those files and applications. In this type of network, a
single machine usually acts as the server and all the other machines are clients. Simply put, the server
is any machine on the network that your machine request something from.
Figure 7 shows the symbol used for a Server.
Network Components 4
In the Client-Server model, a client is the machine that initiates a request to a server. This type of
terminology is common with TCP/IP networks, where no single machine is a central repository.
initiates a request
the response
Figure 8 shows a Client-Server model.
A Local Resource is any peripheral (optical drive, printer, scanner, modem, and so on) that is at-
tached to your machine. Since the machine doesn't have to go on the network to get to the device, it is
called a local device or a local resource.
your machine
Modem
Local Resources
Figure 9 shows Local Resources.
A Remote Resource is any device that must be reached through the network. Any devices attached
to a server, are remote resources.
Server Network your machine
Modem
Remote Resources
Figure 10 shows Remote Resources.
A Node is any device on a network (server, workstation, printer, scanner, or any other kind of periph-
eral) that is accessed directly by the network. A node has a unique name or IP address so the rest of
the network can identify it.
Network
Modem
Node Node Node Node
Figure 11 shows a Node.
A Concentrator is a device that concentrates several network connections at a single point. It is a

electronic unit that converts signals coming from different slower devices to a signal that can be
transmitted over faster communication-channels with a bigger bandwidth.
Concentrator
Figure 12 shows the symbols used for a Concentrator.
A Hub is a multipurpose network device that lies at the centre of a star-topology network. Most hubs
do the same job as concentrators. Hubs support a variety of different interface cards, from concentra-
tor cards to router cards. Hubs are also expandable within a single chassis. Despite these differences,
the term hub and concentrator are often used interchangeably. There are active and passive hubs.
Hub
Figure 13 shows the symbol used for a Hub.
A Repeater is a network device that boosts the power of incoming signals to allow the length of a net-
work to be extended.
Figure 14 shows the symbol used for a Repeater.
A Bridge is a network device capable of connecting networks that use similar protocols. It connects
two local area networks running the same network operating system.
Router
Bridge
Figure 15 shows the symbol used for a Bridge.
A Router is a network device that connects LAN’s, that may be running on different operating sys-
tems, into an internetwork and routes traffic between them. The router can have software that con-
verts on NOS' s packets to the other'
s. A router is more complicated than a bridge in that it can make
decisions about where and how to send packets of information.
Router
Router
Figure 16 shows the symbol used for a Router.
A Gateway forwards data between IP networks. It is a machine that acts as an interface between a
small network and a much larger one, such as a local area network connecting to the internet. Gate-
ways are also used in large corporations to connect small office-based LAN’s into the larger corporate
mainframe networks. Usually, the gateway connects to a high-speed network cable or medium called
the backbone.
Router
Gateway
Figure 17 shows the symbol used for a Gateway.
A Backbone is a set of nodes and links connected together comprising a network, or the upper layer
protocols used in a network. A star network has no backbone.
Backbone
Ethernet Backbone Cable

Vampire-Tap Tranceiver
Figure 18 shows the symbol used for a Backbone.
Networks:
A Network Topology describes the way network cabling is laid out. This doesn' t mean the physical
layout (how it loops through walls and floors), but how the logical layout looks when viewed in a simpli-
fied diagram.
• A Bus Networks is one of the most widely used network topologies. A bus network uses a
cable to which all the network devices are attached, either directly or through a junction box.
The method of attachment depends on the type of bus network, the network protocol, and the
speed of the network. The main cable that is used to connect all the devices is called the
backbone.
Bus Terminator
File Server
Bus Backbone
Connector
Workstation Workstation Workstation Workstation
Figure 19 shows a schematic of a bus network.
In figure 19, the backbone has a number of junction boxes (transceivers) attached. This al-
lows for a high-speed backbone that is usually also immune to problems with any network
card within a device. The junction box allows traffic through the backbone whether or not a
device is attached to the junction box. Each end of the backbone, called the bus, is terminated
with a block of resistors or a similar electrical device.
A popular variation of the bus network topology is found in many small LAN’s. This consists of
a length of cable that snakes from machine to machine. There are no transceivers along the
network. Instead, each device is connected into the bus directly using a T-shaped connector
(Bus Network Connector) on the network interface card. The connector connects the machine
to the two neighbours through two cables, one to each neighbour. At the ends of the network,
a simple resistor is added to one side of the T-connector to terminate the network electrically.
T-Connector
NIC NIC
Terminator
NIC NIC NIC

Coaxial Cable
Figure 20 shows a schematic of a machine-to-machine bus network.
In figure 20, each network device has a T-connector attached to the network interface card,
leading to the two neighbours. The two ends of the bus are terminated with resistors. Some
devices on this type of network use a telephone jack connector, called RJ-45, instead of a T-
connector and BNC jacks. In this case, a special adapter must be coupled into the network
backbone to accept the telephone jacks. This connector acts much like a transceiver in the
true bus network.
This machine-to-machine network, also called a peer-to-peer network, is not capable of sus-
taining the high speeds possible with a backbone-based bus network. A machine-to-machine
network is usually built using coaxial cable. Until recently, these networks were limited to a
throughput of about 10 Mbps. Recent improvements allow 100 Mbps on this type of network.
Networks 8
The problem with this type of machine-to-machine network is that if one machine is taken off
the network cable or the network interface card malfunctions, the backbone is broken and
must be tied together again with a jumper of some sort.
• A Ring Network is a closed network structure in the form of a circle, to which all nodes are
connected. Despite misconceptions, there is no physical loop made of the network cable, at
least not in the case of the most common form of ring network called Token Ring. The ring
name comes from the design of the central network device, which has a loop inside it to which
are attached cables for all the devices on the network. With a Token Ring network, a central
control unit called a Media Access Unit (MAU) has a cable ring inside it to which all devices
are attached.
MAU
Figure 21 shows a schematic of a Token Ring network.
In figure 21, with the MAU at the centre of the network containing the bus ring. Attached to the
ring through junction boxes are all the network devices.
There are some true ring networks that have a physically closed loop of the network cable.
The ring network has some advantages from a design point of view in that network problems
with traffic collisions are handled more easily than on a bus network. A problem is that as with
the bus-based machine-to-machine network, any problem with one machine' s connection to
the network cable can crash the entire network.
e
am
Fr
n
ke
To
Figure 22 shows the token access method in a Token Ring network.
In figure 22, a Token Frame is transported in only one direction, until it reaches it’s destination.
Thereafter it’s back transported by the Token Ring network until the sending node recognise it
and remove it from the ring.
• A Star Network is arranged in a central structure with branches radiating from it. The central
point of the star-structure is called a concentrator, into which plug all the cables from individu-
als machines. On machine on the network usually acts as the central controller or network
server. A star network has one major advantage over the machine-to-machine bus and ring
networks: When a machine is disconnected from the concentrator, the rest of the network
continues functioning unaffected.
Networks 9
Concentrator
Figure 23 shows a schematic of a star network.
In figure 23, each cable from the concentrator to the device comes out of one of a row of slots
or connectors, each identified by a number. Network traffic on a star network proceeds from
your machine to the concentrator, then out to the target machine. A star network needs a lot of
cable because each machine has to have a cable straight to the concentrator.
• A Hub Network is similar to the bus network in that it uses a backbone cable that has a set of
connectors on it. The cable is called a backplane in a hub network. Each connector leads to
the hub device, which leads off to network devices. This allows a very high-speed backplane
to be used, which can be as long and complex as needed. Hub networks are commonly found
in large organisations that must support many network devices and need high speed.
The hubs that lead off the backplane can support many devices, depending on the type of
connector. They can support hundreds of PC each, so a hub network can be used for very
large networks. The cost of a hub network is usually very high because of the high-speed
backbone and the fast hub devices.
Hub or Port Hub or Port Hub or Port Hub or Port Hub or Port
High-Speed Backplane
Figure 24 shows a schematic of a hub network.
A Local Area Networks (LAN) is a number of devices (computers, printers, and other special periph-
erals) that are connected to eachother by some form of wiring, all of which are treated as a single en-
tity for TCP/IP configuration. This usually means they share a subnet IP address in common. A LAN
enables independent devices to communicate directly with each other through peer-to-peer communi-
cations. A LAN does not exceed a span of about 10 kilometre’s and is usually limited to a single build-
ing or group of close buildings. LAN’s use a moderate data rate, which means they are slower than
mainframe-to-mainframe links. A LAN is a physical and logical accumulation of machines, called
nodes, and cables or other communications method' s between the machines, called links. Usually the
links are simple coaxial or twisted-pair cables. In larger LAN’s, there may have to be amplifiers or re-
peaters positioned along the cables to ensure the signal is not lost due to lack of strength.
Networks 10
There are three characteristics of LAN’s that must always be considered:

• The transmission medium (the type of cabling used as the link).
• The transmission technique (the technique used to handle transmission on the medium).
• The access control method (which decides how a machine accesses the medium).
The medium is straightforward:

• It'
s a choice between one type of cable or another, dependent primarily on the speed of the
network and the adapter cards, as well as the type of network topology.
The transmission technique is usually one of two:

• Circuit-Switched networks, this networks uses dedicated connections between any two
machines (or more properly, between any two nodes). As long as the circuit exists, the
sending machine can always talk directly to the destination machine. The connection be-
tween the two machines is left in place until no longer needed. This doesn't mean that a
cable has to be strung between the two devices, the connection may be made inside a
switching box of some sort, which can connect and disconnect between any two machines
running into it quickly and flexibly. The connection between two machines is exclusively
used by those two machines only, and no other transmission is allowed on the connection.
E D C B A Original Message
E D C B A Circuit E D C B A
Switching
Message Fragments Network Message Fragments
Reassembled Message E D C B A
Figure 25 shows fragmentation and reassemble of a message on a circuit switching network.
• Packet-Switched networks, this networks divides all messages on the local area network
into small chunks called packets and attaches information to the front of the packet that
identifies the recipient. The packets from all the machines on the local area network are
placed on a high-bandwidth cable running through all the machines on the network. As a
packet moves around the network, each machine analyses the header to see if the packet
is for it. If not, it is sent further on.
E D C B A Packet E D C B A
Switching
Message Fragments Network Message Fragments
Figure 26 shows fragmentation and reassemble of a message on a packet switching network.
While packet switching is a more flexible approach than circuit switching, it does have a few
problems. The primary problem is network traffic. As the number of nodes on the network in-
creases, the network traffic increases too, sometimes reaching the network limit' s. Another
problem with packet switching is that there is no guarantee of packets getting from source to
destination, which is one of the strong points of circuit switching.
Networks 11
Some examples of common used networks:
• A Backbone Network:
Local Area Network Local Area Network
Router
Router Router
Router
Backbone Network
Ethernet Backbone Cable

Vampire-Tap Tranceiver
Router
Router Router
Router
Local Area Network Local Area Network
Figure 27 shows a schematic of a Backbone Network.
• A Thinnet Network:
Internal tranceiver
Thinnet cable
Terminator
External tranceiver
AUI cable
Figure 28 shows a schematic of a Thinnet Network.
• A 10BASET Network:
10BASET
Concentrator
Figure 29 shows a schematic of a 10BASET Network.
A Wide Area Networks (WAN) is a number of local area networks that are connected to form a large,
logical entity. The LAN’s are connected through a gateway or bridge, cabled to each other with a high-
speed network cable. WAN’s can be close together physically or separated by a large distance. For
example, the design of the WAN is such that machines-to-machines connections are simpler than go-
ing out over the internet, and usually much faster.
WAN’s can share a subnet IP address, or they can have different subnets. The design of the WAN is
more a choice of logical configuration and can be tailored to meet traffic, security, and speed consid-
erations. WAN’s are used by most corporations that maintain multiple offices.
Networks 12
The seven-layer Open Systems Interconnection (OSI) Reference Model:
A heterogeneous network (predict the users in freedom of choice) exist out products from different
suppliers of computers, hardware, software, periphery and/or network-products.
An architectural model developed by the International Standards Organisation (ISO) is frequently used
to describe the structure and function of data communication protocols. This architectural model,
called the Open Systems Interconnect (OSI) Reference Model, contains seven layers that define the
functions of data communications protocols. Each layer represents a function performed when data is
transferred between co-operating applications across an intervening network. A layer does not define
a single protocol, it defines a data communications function that may be performed by any number of
protocols. Therefore, each layer may contain multiple protocols, each providing a service suitable to
the function of that layer. Every protocol communicates with its peer. A peer is an implementation of
the same protocol in the equivalent layer on a remote system. Each protocol is only concerned with
communicating to its peer, it does not care about the layer above or below it. However, there must
also be agreement on how to pass data between the layers on a single computer, because every layer
is involved in sending data from a local application to an equivalent remote application. The individual
layers do not need to know how the layers above and below them function, they only need to know
how to pass data to them. Isolating network communications functions in different layers minimises
the impact of technological change on the entire protocol suite. New applications can be added without
changing the physical network, and new network hardware can be installed without rewriting the appli-
cation software. Although the OSI model is useful, the TCP/IP protocols don' t match its structure ex-
actly.
• Communication Protocols:
The approach used to designing a communication system is known as a layered architecture.

Each layer has specific responsibilities and specific rules for carrying out those responsibili-
ties, and knows nothing about the procedures the other layers follow. The layer carries out its
task and delivers the message to the next layer in the process, and that is enough.
Characteristics of Layered Architectures:

• They break the communication process into manageable chunks. Designing a small part of
a process is much easier than designing the entire process, and simplifies engineering.
• A change at one layer does not affect the other layers. New delivery technology'
s can be
introduced without affecting other layers.
• When a layer receives a message from an upper layer, the lower layer frequently encloses
the message in a distinct package.
• The protocols at the various layers have the appearance of a stack, and a complete model
of a data communication architecture is often called a protocol stack.
• Layers can be mixed and matched to achieve different requirements.
• Layers follow specific procedures for communicating with adjacent layers. The interfaces
between layers must be clearly defined.
• An address mechanism is the common element that allows packets to be routed through
the various layers until it reaches its destination. Sometimes, layers add their own address
information.
• Essentially, each layer at the sender'
s end communicates with the corresponding layer at
the receiver's end.
• Errors can occur at any of the layers. For critical messages, error-detecting mechanisms
should be in place to either correct errors or notify the sender when they occur.
The seven-layer OSI Reference Model 13

Network protocols are typically described with a layered model, in which the protocols are stacked on
top of each other. Data coming into a machine is passed from the lowest-level protocol up to the high-
est, and data sent to other hosts moves down the protocol stack. The layered model is a useful de-
scription because it allows network services to be defined with their functions, rather than their specific
implementation. New protocols can be substituted at lower levels without affecting the higher-level pro-
tocols, as long as these new protocols behave in the same manner as those that were replaced. Each
layer has certain functions. Communication in a heterogeneous network can take place if the functions
in each layer successfully are executed conform with the standards.
Application Layer
7 consists of application programs that
use the network
Higher Layers
Presentation Layer
6 standardises data presentation to the
applications
Session Layer
Network Protocol Stack

5 manages sessions between
applications
Transport Layer
4 provides end-to-end error detection and
correction
Network Layer
Lower Layers
3 manages connections across the
network for the upper layers
Data Link Layer
Network Interface
2 provides reliable data delivery across
the physical link
Physical Layer
1 defines the physical characteristics of
the network interface
Figure 30 shows the seven-layer Open Systems Interconnection Reference Model.
In figure 30, each layer provides a specific type of network service. It illustrates why groups of related
protocols are frequently called protocol stacks.
• The connection between the different applications the are running on these processors are carried
by the higher layers (5-7).
• The connection between the different processors are carried by the lower layers (1-4).
• The physical and the data link layers, the lower layers 1 & 2, of the network protocol stack together
define a machine's network interface.
From a software perspective, the network interface defines how the Ethernet device driver gets pack-
ets from or to the network. Ethernet is the best known implementation of the physical- and data link
layers. The Ethernet specification describes how bits are encoded on the cable and also how stations
on the network detect the beginning and end of a transmission. Ethernet can be run over a variety of
media, including thinnet, thicknet, and unshielded twisted-pair cables. All Ethernet media are function-
ally equivalent, they differ only with their convenience, cost of installation, and maintenance. Convert-
ers from one media to another operate at the physical layer, making a clean electrical connection be-
tween two different kinds of cable.
Description of each of these layers:
• Layer 1, the Physical Layer defines the characteristics of the hardware necessary to carry the
data transmission signal. Things such as voltage levels, and the number and locations of inter-
face pins, are defined in this layer (RS232C, V.35, IEEE 802.3, ...). TCP/IP does not define
physical standards, it makes use of existing standards. Describes the way data is actually
transmitted on the network medium.
The Physical Layer communicates directly with the communication medium, and has two re-
sponsibilities: Sending bits and receiving bits. A binary digit, or bit, is the basic unit of informa-
tion in data communication. A bit can have only two values, 0 or 1, represented by different
states on the communication medium. Other communication layers are responsible for collect-
ing these bits into groups that represent message data.

Bits are represented by changes in signals on the network medium. Some wire media repre-
sent 0’s and 1’s with different voltages, some use distinct audio tones, and yet others use
more sophisticated methods, such as state transitions.
A wide variety of media are used for data communication, including electric cable, fibre optics,
light waves, radio, and microwaves. The medium used can vary, a different medium simply
necessitates a different set of physical layer protocols. Thus, the upper layers are completely
independent from the particular process used to deliver bits through the network medium.
The physical layer describes the bit patters to be used, but does not define the medium, it de-
scribes how data are encoded into media signals and the characteristics of the media attach-
ment interface.
• Layer 2, the Data Link Layer is responsible for delivering the data without errors to the next
layer. It formats the packets for transmitting after delivery. Defines the network-frames. This
layer synchronises the transmission and is responsible for error-control on frame-level (a
frame is a block of data within network-specific addressing information), also error-correction
so that information can be transmitted from the physical layer. It formats the message into a
data frame, and the CRC-verification (this checks on errors into the frame) is in this layer es-
tablished. This layer carries the access-method' s for Ethernet and Token Ring. This layer also
provide the address information for the physical layer on top of the transmitted frame.
Data Frame Format:

As data is exchanged between computers, communication processes need to make
decisions about the various aspects of the exchange process:
• As the receiving computer listens to the wire to recover messages send to it, it re-
quires a mechanism by which it can tell whether to treat signals it detects as data-
carrying signals or to discard them as mere noise.
• If it is determined by the detection mechanism that what is on the wire is indeed
data-carrying signals, the second decision the receiving end must be able to make
is whether the data was intended for itself, some other computer on the network,
or a broadcast.
• If the receiving end engages in the process of recovering data from the wire, it
needs to be able to tell where the data train intended for the receiver ends. After
this determination is made, the receiver should discard subsequent signals unless
it can determine that they belong to a new, impeding transmission.
• When data reception is complete, another concern arises, and that is of establish-
ing that the recovered data withstood corruption from noise and electromagnetic
interference. In the event of detecting corruption, the receiver must have the capa-
bility of dealing with the corruption.
As can be concluded from the points made earlier, in addition to user data, computers
must be able to exchange additional information about the progress of the physical
communication process. To accommodate these decision-making requirements, net-
work designers decided to deliver data on the wire is well defined packages called
data frames.
It is important to realise that the primary concern of the receive process is the reliable
recovery of the information embedded in the information field, with no attention paid to
the nature of the actual contents of that field. Instead, processing the data in the in-
formation field is delegated to another process as the receive process reverse to lis-
tening mode to take care of future transmissions.

The reliable delivery of data across the underlying physical network is handled by the Data
Link Layer. TCP/IP rarely creates protocols in this layer. Most RFC' s that relate to this layer
talk about how IP can make use of existing data link protocols. Defines how these streams of
bits are put together into manageable chunks of data.
Devices that can communicate on a network frequently are called nodes, station or device.
The data link layer is responsible for providing node-to-node communication on a single, local
network. To provide this service, the data link layer must perform two functions. It must pro-
vide an address mechanism that enable messages to be delivered to the correct nodes. Also,
it must translate messages from upper layers into bits that the physical layer can transmit.
When the data link layer receives a message to transmit, it formats the message into a data
frame (packets). The sections of a frame are called fields.
Start Indicator Source Address Destination Address Control Data Error Control
Figure 31 shows an example of a data frame.
The fields in figure 31 are as follows:

• Start Indicator : A specific bit pattern indicates the start of a data frame.
• Source Address : The address of the sending node so that replies to
messages can be addressed properly.
• Destination Address : The address of the receiving node to identifies messages
that it should receive.
• Control : Additional control information.
• Data : All data that were forwarded to the data link layer from
upper protocol layers.
• Error Control : Contains information that enables the receiving node to
determinate whether an error occurred during transmission.
Frame delivery on a local network is extremely simple. A sending node simply transmits the
frame. Each node on the network sees every frame, and examines the destination address.
When the destination address of a frame matches the node' s address, the data link layer at
the node receives the frame and sends it up the protocol stack. Data units at the data link
layer are most commonly called frames, although the term packet is used with some proto-
cols.
MAC Address = 3 MAC Address = 5 MAC Address = 7
DA = 7 DA = 7
DA is not Hardware Address, DA matches Hardware Address,

DA = Destination Address
Frame is discarded. Frame is received.
Figure 32 shows how simple delivering of a frame on a local network can be.
In figure 32, the source node simply builds a frame that includes the recipient’s destination
address. The sender’s responsibility ends when the addressed frame is placed on the net-
work. On LAN’s, each node examines each frame that is sent on the network, looking for
frames with a destination address that matches its own MAC address. Frames that matches
are received. Frames the don’t match are discarded by Ethernet networks or forwarded to the
next node by Token Ring networks.

Frames and Network Interfaces:

The data link layer defines the format of data on the network. A series of bits with a definite
beginning and, constitutes a network frame, commonly called a packet. A proper data link
layer packet has checksum and network-specific addressing information in it so that each host
on the network can recognise it as a valid or invalid frame and determine if the packet is ad-
dressed to it. The largest packet that can be sent through the data link layer defines the
Maximum Transmission Unit (MTU), of the network. All hosts have at least one network inter-
face, although any host connected to an Ethernet has at least two: The Ethernet interface and
the loopback interface. The Ethernet interface handles the physical and logical connection to
the outside world, while the loopback interface allows a host to send packets to itself. If a
packet' s destination is the local hosts, the data link layer chooses to send it via the loopback,
rather than Ethernet, interface. The loopback device simply turns the packet around and en-
queues it at the bottom of the protocol stack as if it were just received from the Ethernet.
Ethernet Addresses:
Associated with the data link layer is it a method for addressing hosts on the network. Every
machine on the Ethernet has a unique, 48-bit address called its Ethernet address or Media
Access Control (MAC) address. Vendors making network ready equipment ensure that every
machine in the world has unique MAC address. 24-bit prefixes for MAC addresses are as-
signed to hardware vendors, and each vendor is responsible for the uniqueness of the lower
24-bits. MAC addresses are usually represented as colon-separated pairs of hex digits. Note
that MAC addresses identify a host, and a host with multiple network interfaces may (or
should) use the same MAC address on each. Part of the data link layer' s protocol-specific
header are the packet' s source and destination MAC address. Each protocol layer supports
the notation of a broadcast, which is a packet or set of packets that must be sent to all hosts
on the network. The broadcast MAC address is: ff:ff:ff:ff:ff:ff. All network interfaces recog-
nise this wildcard MAC address as a broadcast address, and pass the packet up to a higher-
level protocol handler.
• Layer 3, the Network Layer transmit the data and decide which route the data must follow
through the internetwork. The network layer receives data-packets from the upper layer from
the transmitter, and transmit these by so many connections and subsystems as needed to
reach it destination. Defines the network packets. Controls the routing and the switching from
the data through the network. This layer controls the transmitting from packets between sta-
tions. On basics from certain information will this layer transmit the data sequential from one
station to one other by the most economic route, and both logical as physical. This layer per-
mits that data units can be transmit to other networks if the are using special equipment,
called routers. Routers are defined in this layer.
The Network Layer manages connections across the network and isolates the upper layer
protocols from the details of the underlying network. The Internet Protocol (IP), which isolates
the upper layers from the underlying network and handles the addressing and delivery of data,
is usually described as TCP/IP' s Network layer.
The most known protocol in this layer is IP. The network-layer is the limit from the communi-
cation subnet: Above this layer increases the level off abstraction dramatically. For layer 3 and
lower is there mostly an upper-limit for the size of these packets. In broadcast-networks is the
routing very simply, so that the network-layer is thin or event existing. This is the reason why
the transport layer-protocol TCP so many times is combined with IP, called TCP/IP.
Only the smallest networks consist of a single, local network. The majority of networks must
be subdivided. A network that consists of several network segments is frequently called an in-
ternetwork, or an internet, not to be confused with the Internet. These subdivisions may be
planned to reduce traffic on network segments or to isolate remote networks connected by
slower communication media. When networks are subdivided, it can no longer be assumed
that messages will be delivered on the local network. A mechanism must be put in place to
route messages from one network to another.

Name Server
Internet
Router
Router
Network
Workstation Workstation Workstation Workstation Workstation
Figure 33 shows the schematic of a single, local network.
Name Server
Internet
Router
Router
Network Bridge Network
Figure 34 shows the schematic of a bridged network.

Name Server
Internet
Network Router
Router Network
Figure 35 shows the schematic of a subnetted network.
To deliver messages on an internetwork, each network must be uniquely identified by a net-

work address. When it receives a message from the upper layers, the network layer adds a
header to the message that includes the source and destination network address. This com-
bination of data plus the network layer is called a packet. The network address information is
used to deliver a message to the correct network. After the message arrives on the correct
network, the data link layer can use the node address to deliver the message to a specific
node.
Forwarding packets to the correct network is called routing, and the devices that route packets
are called routers.

An internetwork has two types of nodes:

• End nodes: Provides user services. End nodes do use a network layer to add network ad-
dress information to packets, but they do not perform routing. End nodes are sometimes
called end systems or hosts.
• Routers: Incorporate special mechanisms that perform routing. Because routing is a com-
plex task, routers usually are dedicated devices that do not provide services to end users.
Routers are sometimes called intermediate systems or gateways.
The network layer operates independently of the physical medium, which is a concern of the
physical layer. Since routers are network layers devices, they can be used to forward packets
between physically different networks. For example, a router can join an Ethernet to a Token
Ring network. Routers also are often used to connect a local area network, such as Ethernet,
to a wide area network, such as the Internet.
Ethernet Router
Router Token Ring
Workstation Workstation Workstation Workstation Workstation Workstation
Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network.
• Layer 4, the Transport Layer guarantees that the receiver gets the data exactly as it was
sent. In TCP/IP this function is performed by the Transmission Control Protocol (TCP), How-
ever, TCP/IP offers a second Transport Layer service, User Datagram Protocol (UDP) that
does not perform the end-to-end reliability checks.
All network technologies set a maximum size for frames that can be sent on the network.
Ethernet limits the size of the data field to 1500 bytes.
This limit is necessary for two reasons:

• Small frames improve network efficiency when many devices must share the network. If
devices could transmit frames of unlimited size, the might monopolise the network for an
excessive period of time. With small frames, devices take turns at shorter intervals, and
devices are more likely to have ready access to the network.
• With small frames, less data must be retranslated to correct an error.
One responsibility of the transport layer is to divide messages into fragments that fit within the
size limitations established by the network. At the receiving end, the transport layer reassem-
bles the fragments to recover the original message.
When messages are divided into multiple fragments, the possibility that segments might not
be received in the order sent increases. When the packets are received, the transport layer
must reassemble the message fragments in the correct order. To enable packets to be reas-
sembled in their original order, the transport layer includes a message sequence number in its
header.
The transport layer is responsible for delivering messages from a specific process on one
computer to the corresponding process on the destination computer. The transport layer as-
signs a Service Access Point (SAP) ID to each packet. The SAP ID is an address that identi-
fies the process that originated the message. The SAP ID enables the transport layer of the
receiving node to route the message to the appropriate process.

Identifying messages from several processes so that the message can be transmitted through
the same network medium is called multiplexing. The procedure of recovering messages and
directing them to the correct process is called demultiplexing. Multiplexing is a common occur-
rence on networks, which are designed to enable many dialogues to share the same network
medium. Because multiple protocols may be supported for any given layer, multiplexing and
demultiplexing can occur at many layers.
Although the data link and network layers can be assigned responsibility for detecting errors in
transmitting data, that responsibility generally is dedicated to the transport layer.
Two general categories of error detection can be performed by the transport layer:
• Reliable delivery: Does not mean that errors cannot occur, only that errors are detected if
the do occur. Recovery from a detected error can take the form of simply notifying upper
layer processes that the error occurred. Often, however, the transport layer can request the
retransmission of a packet for which an error was detected.
• Unreliable delivery: Does not mean that errors are likely to occur, but rather, indicates that
the transport layer does not check for errors. Because error checking takes time and re-
duces network performance, unreliable delivery often is preferred when a network is known
to be highly reliable, which is the case with majority of local area networks. Unreliable de-
livery generally is used when each packet contains a completes message, whereas reliable
delivery is preferred when messages consist of large number of packets. Unreliable deliv-
ery is often called datagram delivery, and independent packets transmitted in this way fre-
quently are called datagrams.
Assuming that reliable delivery is always preferable is a common mistake. Unreliable delivery
actually is preferable in at least two cases: When the network is fairly reliable and perform-
ance must be optimised, and when entire messages are contained in individual packets and
loss of a packet is not a critical problem.
• Layer 5, the Session Layer manages the sessions (connection) between co-operating appli-
cations. In TCP/IP, this function largely occurs in the transport layer, and the term session is
not used. For TCP/IP, the term socket and port are used to describe the path over which co-
operating applications communicate. This layer is not identifiable as a separate layer in the
TCP/IP protocol hierarchy.
The Session Layer is responsible for dialogue control between nodes. A dialogue is a formal
conversation in which two nodes agree to exchange data.
Communication can take place in three dialogue modes:

• Simplex: One node transmit exclusively, while another exclusively receives.
• Half-duplex: Only one node may send at a given time, and nodes take turns transmitting.
• Full-duplex: Nodes may transmit and receive simultaneously.
Sessions enable nodes to communicate in an organised manner.
Each session has three phases:

• Connection establishment: The nodes establish contact. They negotiate the rules of com-
munication, including the protocol to be used and communication parameters.
• Data transfer: The nodes engage in a dialogue to exchange data.
• Connection release: When the nodes no longer need to communicate, they engage in an
orderly release of the session.

Connection establishment and Connection release represent extra overhead for the commu-
nication process. When devices are managed on a network, they send out periodic status re-
ports that generally consist of single frame messages. If all such messages were sent as part
of a formal session, the connection establishment and release phases would transfer far more
data than the message itself. In such situation, communicating using a connection-less ap-
proach is common. The sending node simply transmits its data and assumes availability of the
desired receiver. A connection-oriented session approach is desirable for complex communi-
cation. Consider transmitting a large amount of data to another node. Without formal controls,
a single error anytime during the transfer would require resending of the entire file. After es-
tablishing a session, the sending and receiving nodes can agree on a checkpoint procedure. If
an error occurs, the sending node must retransmit only the data sent since the previous
checkpoint, The process of managing a complex activity is called activity management.
• Layer 6, the Presentation Layer is for co-operating applications to exchange data, they must
agree about how data is represented. This layer is handled within the applications in TCP/IP.
The Presentation Layer is responsible for presenting data to the application layer. In some
cases, the presentation layer directly translates data from one format to another, whereas vir-
tually all other computers use the ASCII encoding scheme. For example, if data is being
transmitted from an EBCDIC computer to an ASCII computer, the presentation layer might be
responsible for translating between the different character sets. Numeric data is also repre-
sented quite differently on different computer architecture and must be converted when trans-
ferred between different machines times.
A common technique used to improve data transfer is to convert all data to a standard format
before transmitting data. This standard format probably is not the native data format of any
computer. All computers can be configured to retrieve standard format data, however, and
convert it into their native data forms.
Other functions that may correspond to the presentation layer are data encryption/decryption
and compression/decompression.
• Layer 7, the Application layer is the level of the protocol hierarchy where user-accessed net-
work processes reside. An TCP/IP application is any network process that occurs above the
transport layer. This include all the processes that the users directly interact with, as well as
other processes at this level that users are not necessarily aware of.
The Application Layer provides the services user applications needed to communicate through
the network.
Here are several examples of user application layer services:

• Electronic mail transport.
• Remote file access.
• Remote job execution.
• Directories.
• Network management.

Characteristics of Layered Protocols:
Application Layer Application Data
Presentation Layer H Application PDU
Session Layer H Presentation PDU
Transport Layer H Session PDU
Network Layer H Transport PDU
Data Link Layer H Network PDU Error
Physical Layer Data Link PDU
Figure 37 shows Headers and the OSI protocol layers.
When a device transmits data to the network, each protocol layer processes the data in turn. Consider
the network layer for the sending device. Data to be transmitted is received from the transport layer.
The network layer is responsible for routing and must add its routing information to the data. The net-
work layer information is added in the form of a header, which is appended to the beginning of the
data. The term Protocol Data Unit (PDU) is used to describe the combination of the control information
for a layer with the data from the next higher layer. Each layer appends a header to the PDU that the
next higher layer receives. The data field for each layer consists of the PDU for the next higher layer.
The physical layer does not encapsulate in this manner because the physical layer manages data in
bit form.
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2 Sequence Number
Header
Words
6 Options & Padding
Figure 38 shows the Protocol Data Unit layout.

• Source port (16 bits): Identifies the local TCP user.
• Destination port (16 bits): Identifies the remote user.
• Sequence number (32 bits): A number indicating the position of the current’s position in the
overall message.
• Acknowledgement number (32 bits): A number indicating the next sequence number to be
excepted.
• Data offset (4 bits): The number in the TCP header used to enable calculation of the start
of the data.
• Reserved (6 bits): All bits are set to 0.
• Control bits (6 bits):
The six control bits are as follow:
• URG: A value of 1 indicates urgent. A value of 0 implies not urgent.
• ACK : A value of 1 indicates an acknowledgement. A value of o indicates this is not
an acknowledgement.
• PSH : A value of 1 indicates a push operation. A value of o indicates this is not a
push function.
• RST : A value of 1 indicates that the connection is to be reset. A value of 0 indi-
cates no reset.

• SYN : A value of 1 indicates that the sequence numbers are to be synchronised. A

value of 0 means no synchronisation.
• FIN : A value of 1 indicates that the sender has no more data to send, equivalent
to an end-of-transmission marker. A value of 0 indicates more data is to follow.
• Window (16 bits): A number indicating how many blocks of data the receiving machine can
accept.
• Checksum (16 bits): A value for the data and header together, which enables a receiving
machine to verify the contents have not been corrupted.
• Urgent Pointer (16 bits): Used if the URG flag was set. It indicates the portion of the data
message that is urgent by specifying the offset from the sequence number in the header.
• Options (variable): Similar to the IP header options fields, it is used for specifying TCP op-
tions.
• Padding (variable): Filled with bits to ensure that the size of the header is 32-bit multiple.
As received data passes up the protocol stack, each layer strips its corresponding header from the
data unit. The process of removing headers from data is called decapsulation. This mechanism en-
ables each layer in the transmitting device to communicate with the corresponding layer in the re-
ceiver. Each layer in the transmitting device communicates with its peer layer in the receiving device,
in a process called peer-to-peer communication.

IEEE LAN’s:
Terminology:
Access method’s (polling, token passing of contention):
This method decides the presentation and possibilities from the network
• Polling:
Making periodic requests is called polling. Polling also reduces the burden on the
network because the polls originate from a single system are at a predictable rate.
The shortcoming of polling is that it does not allow for real-time updates. If a problem
occurs on a managed device, the manager does not find out until the agent polled.
Mostly used in a star network topology.
• Token passing:
Token passing that every device on the network receives a periodic opportunity to
transmit. The token consists of a special frame that circulates from device to device
around the ring. Only the device that possesses the token is permitted to transmit. Af-
ter transmitting, the device restarts the token, enabling other devices the opportunity
to transmit.
• Contention (CSMA/CA of CSMA/CD):

A condition occuring in some LAN’s wherin the Media Access Control sublayer allows
more than one node to transmit at the same time, risking collisions. Mostly used in a
bus network topology.
Architecture of the IEEE 802 Standards:
Network type IEEE 802.2: Defines the LLC sublayer protocol.
Network type IEEE 802.3: Network with a bus-topology and the access method CSMA/ CD,
10 Mbps. Defines the MAC and physical layer for CSMA/CD.
Network type IEEE 802.4: Network with a bus-topology and the access method token pass-
ing, 2.5 Mbps.
Network type IEEE 802.5: Network with a ring-topology and the access method token pass-
ing, 4 Mbps. Defines the MAC and physical layer for a Token Ring network.
• Logical Link Control (LLC):
This sublayer provides a network interface to Upper-Layer Protocols (ULP) and is concerned
with transmitting data between two stations on the same network segment.
An interface between the LLC sublayer and upper-layer protocols is a Link Service Access
Point (LSAP). It is a logical address that identifies the upper-layer protocol from which the data
originated or to which the data should be delivered.
LLC Delivery Service:

Was designed to provide a variety of delivery services, which determine the level of communi-
cation integrity established between devices.
IEEE LAN’s 24
LCC support the following three types of delivery service:

• Type 1 service, Unacknowledged Datagram Service (UDS), supports point-to-point, multi-
point, and broadcast transmission. Does not perform error detection and recovery or flow
control.
• Type 2 service, Virtual Circuit Service (VCS), provides frame sequencing, flow control, and
error detection and recovery.
• Type 3 service, Acknowledged Datagram Service (ADS), implements point-to-point data-
gram service with message acknowledgements, and functions somewhere between type 1
and type 2 service.
Devices have a limited number of receive buffers, used to store frames that have been re-
ceived but not processed. If the sending device continues to transmit while the destination re-
ceive buffers are full, frames not received are lost. Flow control ensures that frames are not
sent at a rate faster than the receiving device can accept them.
Sending Computer
Full
Communication
Communication
buffers
... buffers ...
Transmitted Data
... Received Data
Discarded Data
Figure 39 shows the receiving computer risks losing data whenever its communication buffers
become full.
A variety of mechanisms can be used to provide flow control:

The simple stop-and-wait method requires the receiver to acknowledge received frames, sig-
nalling a readiness to accept more data. This mechanism is suitable to a connectionless,
datagram service.
If the sender must wait for an acknowledgement of each frame, multiframe transmissions are
handled inefficiently. The more sophisticated sliding-window technique enables the sender to
transmit multiple frames without waiting for an acknowledgement. The receiver can acknowl-
edge several datagrams at one time. A window determines the number of frames that can be
outstanding at a given time, ensuring that the receiver'
s buffer do not overflow. The complexity
of sliding-windows flow control requires a connection-oriented LLC service.
Error detection is performed at the MAC layer, but error recovery, when performed at the data
link layer, is a function of LLC.
Data Flow Control:

Data-communication processes allocate memory, commonly known as communica-
tion buffers, for the sake of transmission and reception of data. Communication buff-
ers serve as holding areas where inbound data traffic is temporarily kept for subse-
quent handling by the CPU. Depending on the rate at which incoming data is handled
by other components of the communication process, the communications buffers of-
ten become full. A computer whose communications buffers become full while still in
the process of receiving data runs the risks of discarding extra transmissions and los-
ing data unless a data flow control mechanism is employed. A proper data flow control
technique calls on the receiving process to send a stop sending signal to the sending
computer whenever it cannot cope with the rate at which data is being transmitted.
The receiving process later sends a resume sending signal when data communica-
tions buffers become available.
IEEE LAN’s 25
LLC Data Format:

The LLC layer constructs a PDU by appending LLC-specific fields to the data received from
upper layers.
1 1 1 0 -1497 octets
DSAP SSAP Control Data
LLC Header Data
Figure 40 shows the format of the LLC protocol data unit.

• The Destination Service Access Point (DSAP) address that identifies the required protocol
stack on the destination computer.
• The Source Service Access Point (SSAP) address associated with the protocol stack that
originated the data on the source computer.
• The Control Information that varies with the function of the PDU.
• The Data received from upper-layer protocols in the form of the network layer PDU.
• Medium Access Control (MAC):

This sublayer provides the method by which devices access the shared network transmission
medium.
802 LAN Physical Address:
Physical device addresses are defined at the MAC protocol sublevel. Physical addresses, therefore,
frequently are referred to as MAC addresses.
Bits
4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
Organisation Unique Identification (22 bits) Organisation Administered Address (24 bits)
U/L bit: '
0'= universally administered address & '1'= locally administered address
I/G bit: '
0'= individual address & '1'= group address
Figure 41 shows the format of an IEEE 802 MAC address.
The bit’s 46 and 47 in figure 41 are as follows:

• Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address of one
device on the network. If the bit is 1, it specifies a multicast address that identifies a group of de-
vices.
• Bit 46 is the U/L bit and indicates whether the address is universally or locally administrated. If the
bit is 0, universally administrated address. If the bit is 1, locally administrated address.
Application Layer
Presentation Layer
Session Layer
Transport Layer
Network Layer
IEEE 802.2 LLC
Data Link Layer
IEEE 802.3 IEEE 802.5
Physical Layer CSMA/CD Token Ring
Figure 42 shows IEEE 802 standards related to the OSI reference model.
IEEE LAN’s 26
IEEE 802.3 Networks:
Utilise the same CSMA/CD access control mechanism that was developed for Ethernet II. The same
media-signalling techniques are employed and 802.3 and Ethernet II network hardware are inter-
changeable. 802.3 and Ethernet II frames may be multiplexed on the same media. The primary differ-
ence between the 802.3 and Ethernet II standards has to do with frame formats.
• How Ethernet Works:
Ethernet
Figure 43 shows the schematic of an Ethernet network.
Typically, local area networks permit a single node to transmit at a given time. Access control
methods are systems that enable many nodes to have access to a shared network medium by
granting access to the medium in an organised manner. Ethernet uses an elegant access
control method, called carrier sence. When a node has data to transmit, it senses the me-
dium, essentially listening to see if any other node is transmitting. If the medium is busy, the
node waits a few microseconds and tries again. If the medium is quiet, the node begins to
transmit. The full name for this approach is Carrier Sence Multiple Access (CSMA), permitting
multiple nodes to access the medium through a carrier sence method.
Carrier Sence Multiple Access/Collision Avoid (CSMA/CA):
The listen to the wire to check if there is someone that wants to communicates, the
pronounce that the are ready to start with a communication (burst). When two termi-
nals on the same moment are ready to start with a communication then the communi-
cation will be delayed for a random time by both terminals.
Carrier Sence Multiple Access/Collision Detection (CSMA/CD):
The start with there communication when the think that the are the only ones that
wants to communicate. When after a searten time seams that the don' t where the
only ones that wants to communicate, both terminals stops there communication for a
random time before the trey again. With a much better rendement then a token that
needs to pass all the different terminals offers the CSMA/CD method the disadvan-
tage that it is not possible to now exactly which response time they need to use with a
danger for saturation if there is much intensive traffic.
Before the stations can send the need to do next 5 steps on a CSMA/CD-network:
1 - listen to the wire before the can send,
2 - wait if the cable isn'
t free,
3 - send and listen to the wire to check if there are collisions,
4 - if there is a collisions, wait again before you can send it again,
5 - send it again or cancel it.
IEEE LAN’s 27
Before the stations can recieve the need to do next 4 steps on a CSMA/CD-network:
1 - inspectation of the incoming packets and checking on fragmentation,
2 - read and check the destination address,
3 - when the packet is for the local station, check the packet to sea if it'
s intact,
4 - process the packet.
A brief period of time must expire before a transmitted electrical signal reaches the furthest
extents of the medium on which it is sent. As the two signals flow through the medium, even-
tually they overlap in an event called a collision. Collisions always damage data, and having a
mechanism for dealing with collisions when they occur is of paramount importance.
Ethernet nodes detect collisions by continuing to listen as they transmit. If a collision takes
place, the nodes measure a signal voltage that is twice as high as expected. After detecting a
collision, the nodes transmit a jamming signal that notifies all nodes on the network that a col-
lision has occurred and the current frame should be disregarded. Then the nodes wait random
amount of time before attempting to retransmit. Because each node delays for a different
time, the likelihood of a new collision is reduced. This technique of managing collisions is
called Collision Detection (CD), making the complete abbreviation for the Ethernet access
control method CSMA/CD.
Collisions are part of the normal operation of an Ethernet. Because CSMA/CD is an excep-
tionally efficient access control method, normal collision activity does not seriously affect net-
work performance. They occur when two or more systems transmit at the same time contend-
ing for the right to control the network. If a system transmit 64 bytes, it is considered to be in
control, and the other systems are supposed to be quiet until the controlling system has fin-
ished. It is possible, if the total length of an Ethernet exceeds the specifications, for a system
not to know that another system has control of the network and to transmit right over the con-
trolling system' s packet. This creates a packet greater than 64 bytes long with a CRC error.
The busier the network, the more this problem becomes.
Ethernet
Figure 44 shows collisions on an Ethernet.
Sometimes when an installation doesn' t work because the cable is to long or otherwise out of
specification, people use a transceiver or network card that functions even over an out-of-
specification link to solve the problem. Don't do it. You are not solving the problem. You'
re just
hiding the problem that may came back to haunt you in the future.
In a large 10BASET installation, hubs that can be remotely managed are almost indispensa-
ble.
Simple Network Management Protocol (SNMP) is the standard management software for
TCP/IP networks. The agent is the software that reports information about a device back to
the management station. SNMP may help you manage the PC’s on your network.
Late collisions are undetected collisions caused by a cable segment that is too long and are
one example of why you' ll regret violating the Ethernet specifications.
IEEE LAN’s 28
Ethernet II Frames:
8 octets 6 octets 6 octets 2 46 -1500 octets 4 octets

Destination Source
Preamble Type Data FCS
Address Address
CRC calculation
frame length
Figure 45 shows the structure of an Ethernet II frame.
• The minimum length of an Ethernet frame is 6+6+2+46+4=64 octets

• The maximum length of an Ethernet frame is 6+6+2+1500+4=1518 octets

• The preamble consists of a series of 8 bits in a specific pattern that notifies receiving
nodes that a frame is beginning. The preamble begins with seven octets (8-bit groups, fre-
quently referred to as byte) of the pattern 10101010. The final octet of the preamble has
the bit pattern 10101011. The purpose of the preamble is to signal the beginning of a
frame, and the preamble is not formally part of the frame. Therefore, the octets in the pre-
amble are not counted as part of the length of the frame.
• The destination and source address each consist of 48 bits (6 octets). Each node on the
network is assigned a unique 48-bit address. This information enables receiving nodes to
identify frames that are addressed to them, and also enables the receiver of a message to
reply to the sender.
• The type field (EtherType) is a 16-bit (2 octets) field that designates the data type of the
data field. The EtherType enables the network drivers to demultiplex the packets and direct
data to the proper protocol stack. The type mechanism enables Ethernet networks to sup-
port multiple protocol stacks.
• The data field contains the Protocol Data Unit (PDU) received from upper-layer protocols.
For TCP/IP its constructed of three components: The IP header, the TCP header, and the
application data. The length of the data field can bee from 46 to 1500 octets, inclusive. If
the data field is less than 46 octets in length, upper-layer protocols must pad the data to
the minimum length.
• The Frame Check Sequence (FCS) is a 32-bit code that enables the receiving node to de-
termine if transmission errors have altered the frame. This code is derived through a Cyclic
Redundancy Checksum (CRC) calculation which processes all fields except the preamble
and the frame sequence. This CRC value is recalculated by the receiving node. If the CRC
calculation by the receiver matches the value in the FCS, it is assumed that transmission
errors didn’t occur.
Ethernet II Node Address:
Consist of 48 bits, organised in three fields, commonly organised in sec octets, six groups of 8
bits.
Bits
4 4 4 4 4 4 4 4 3 3 3 3 3 3 3 3 3 3 2 2 2 2 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0
7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0 9 8 7 6 5 4 3 2 1 0
Vendor Code (23 bits) Globally Administered Address (24 bits)
I/G bit: '
0'= individual address & '
1'= group address
Figure 46 shows the structure of an Ethernet II Node Address.

\
• Bit 47 is the Physical/Multicast bit. If the bit is 0, the address specifies the physical address
of one device on the network. If the bit is 1, it specifies a multicast address that identifies a
group of devices.
IEEE LAN’s 29
Vendors are assigned unique vendor codes that are used to identify their adapters. This regis-
tration system ensures that each Ethernet device that is manufactured has a physical address
that is unique in the entire world. The Globally Administrated Address is designated by the
manufacturer of the Ethernet equipment. Because each manufacturer is assigned a unique
vendor ID, and the manufactures assign a different identification number to each equipment
produced, the complete Ethernet ID for each Ethernet device is unique.
Ethernet wiring comes in three forms:

• Thicknet : IEEE 10BASE5 standard, coax cable .5" diameter, used for backbone
Ethernet to interconnect other networks
• Thinnet : IEEE 10BASE2 standard, coax cable .2" diameter, used to directly connect
PC’s
• UTP : IEEE 10BASET standard, used to directly connect PC’s, these systems
requires a concentrator or hub to operate.
Ethernet wiring limits:
Max. 10BASE5 10BASE2 10BASET

Segment length 500 m 185 m 500 m
Repeaters or concentrators 4 4 4
Total length 2500 m 925 m 2500 m
Nodes per segment 100 30 512
Workstation cable N/A N/A 100 m
• IEEE 802.3 Media:
Each of the cable standards has a three-part name. The first number indicates the data rate in
megabits per second. BASE specifies baseband operation, and BROAD indicates a broad-
band network. The final designation suggest the cable type.
• 10BASE5 : Thick, 50-ohm coaxial cable.
• 10BASE2 : Thinner coaxial cable.
• 10BASE-T : UTP cable.
• 10BROAD36: A broadband cable system that enables multiple 10 Mbps channels to be
carried by the same coaxial medium.
• 100BASE-TX: Utilises two pairs of high-grade UTP cable, 100 Mbps.
• 100BASE-T4: Utilises four pairs of standard grade UTP cable, 100 Mbps
• 100BASE-TF: Utilises optical fibre, 100 Mbps.
• IEEE 802.3 Frames:
7 octets 1 6 octets 6 octets 2 46 -1500 octets 4 octets

Destination Source Len
Preamble Data FCS
Address Address gth
CRC calculation
Start Frame Delimiter
frame length
Figure 47 shows the format of a IEEE 802.3 Frame.
• The minimum length of an IEEE 802.3 frame is 6+6+2+46+4=64 octets.

• The maximum length of an IEEE 802.3 frame is 6+6+2+1500+4=1548 octets.
IEEE LAN’s 30

• The preamble consists of a series of 8 bits in a specific pattern 10101010.
• The Start Frame Delimiter (SFD) is a one octet with the bit pattern 10101011.
• The destination and source address each consist of 48 bits (6 octets). Each node on the
network is assigned a unique 48-bit address. This information enables receiving nodes to
identify frames that are addressed to them, and also enables the receiver of a message to
reply to the sender.
• The length field consists of 2 octets that specify the number of octets in the LLC data field.
This value must be in the range 46 through 1500, inclusive.
• The LLC data field contains the Protocol Data Unit (PDU) received from the LLC sublayer,
consisting of the LLC header and data. The size of this field can be from 46 to 1500 octets,
inclusive. If the data field is less than 46 octets in length, upper-layer protocols must pad
the data to the minimum length.
• The Frame Check Sequence (FCS) is a 32-bit code that enables the receiving node to de-
termine if transmission errors have altered the frame. This code is derived through a Cyclic
Redundancy Checksum (CRC) calculation which processes all fields except the preamble
and the frame sequence. This CRC value is recalculated by the receiving node. If the CRC
calculation by the receiver matches the value in the FCS, it is assumed that transmission
errors didn’t occur.
• Implementing TCP/IP over IEEE 802.3:
1 1 1 3 octets 2 octets 0 -1492 octets

DSAP SSAP Control Organisation Code
Ethertype Data
(= 170) (= 170) (= 3) (= 0)
LLC Header SNAP Header Data
Figure 48 shows the format of the SNAP data format.
IEEE 802.5 Networks:
IEEE 802.5 Token Ring is the second most commonly employed LAN physical layer, trailing signifi-
cantly behind Ethernet.
• How Token Ring Works:
Each time a device needs to transmit, some probability exists that the network will be busy.
And, even when the device successfully begins to transmit, some probability exists that an-
other device will also transmit and cause a collision, forcing both devices to back off and try
again. These probabilities increase as the network becomes busier, until a point is reached at
which a device needing to transmit data becomes extremely unlikely to receive the opportunity
to do so. Because network access on a CSMA/CD network is uncertain, CSMA/CD is called a
probabilistic access method.
The mere probability of access is unacceptable in certain critical situations such as industrial
control. Suppose that an overheat urgently needs to send a warning to the factory operators. If
even a possibility exists that the sensor cannot access the network, the factory designers will
not take the situation lightly.
Token access guarantees that every device on the network receives a periodic opportunity to
transmit.
IEEE LAN’s 31
Listen to the wire

No
Detected a
preamble
Yes
Read destination
address
Broadcast Yes
address
No
Ignore No My
transmission address
Yes
Read data
frame contents
No
End of
frame
Yes
Perform
integrity check
No Check
Discard data passed
Yes
Deliver data to
designated process
Figure 49 shows the token access method in a ring network.
The token consists of a special frame that circulates from device to device around the ring.
Only the device that possesses the token is permitted to transmit. After transmitting, the de-
vice restarts the token, enabling other devices the opportunity to transmit.
The initial 4 Mbps implementation of Token Ring permitted a single token to circulate on the
network. Before releasing a token on the network that enabled other devices to transmit, a de-
vice that transmitted a frame waited for the frame to return after circulating the ring. A new
feature, called Early Token Release (ETR), introduced with the newer 16 Mbps Token Ring,
enables a sending device to release a token immediately after it completes transmission of a
frame. Thus a token can circulate at the same time as a data frame.
Although token access control appears simple, numerous problems lie beneath the surface.
The point of introducing them is to illustrate that the control mechanisms Token Ring uses are
significantly more complicated than those required for CSMA/CD. These control mechanisms
take up network bandwidth, reducing the efficiently of Token Ring.
To compensate for this added complexity, Token Ring offers significant benefits. Data
throughput of a Token Ring can never reach zero, as is possible with an Ethernet experienc-
ing excessive collisions. Although network performance slows as demand increases, every
device on the network receives a periodic opportunity to transmit.
Token Ring possesses a capability to set network access priorities, which is unavailable in
Ethernet. High-priority devices can request preferred network access. This capability enables
a critical device to gain greater access to the network.
IEEE LAN’s 32
Token Ring was also designed to provide a higher level of diagnostic and management capa-
bility than is available with Ethernet. The mechanisms that compensate for Token Ring errors
provide a capability for diagnosing other network problems, as well. For example, detecting
devices causing network errors and forcing those devices to disconnect from the network, is
possible. Also, in the cabling system IBM designed, the network is services by two rings of ca-
ble. In the event of a cable break, using the media ring to reconfigure the network and keep it
operating is possible.
Nevertheless, Ethernet remains the most popular network physical layer. Ethernet works well
in the majority of networks and costs considerably less than Token Ring. Equipment for Token
Ring costs two-to-three times as much as corresponding Ethernet components.
Wiring Hub
Figure 50 shows how Token Rings are wired in a star.
• Several reasons can be cited for Token Ring's lower popularity:

• It was developed as an IBM technology. Although Token Ring technology is now offered by
great many vendors, many in the user community perceive it as proprietary.
• Ethernet is simple, reliable, and effective for the majority of networks, and at the same
time, cost significantly less than Token Ring.
• TCP/IP has traditionally been wed to Ethernet II. Growing industry demand for TCP/IP has
accompanied a recent surge in the Ethernet popularity.
Nevertheless, Token Ring is an effective physical layer technology with features that make it
preferable under some circumstances.
• IEEE 802.5 Frames:

1 1 1 2 or 6 octets 2 or 6 octets 0 or more octets 4 octets 1 1
SD AC FC DA SA Information FCS ED FS
start-of-frame data section (FCS coverage) end-of-frame
Figure 51 shows the format of a Token Ring frame.
Three major sections can be specified, as follow:

• Start-of-Frame Sequence (SFS): This section signals the network devices that a frame is
beginning.
• Data section: This section contains control information, upper-layer data, and that a frame
is beginning.
• End-of-Frame Sequence (EFS): This section indicates the end of the frame and includes
several control bits.
IEEE LAN’s 33

• The Starting Delimiter (SD) field is a single octet that consists of electrical signals that can-
not appear elsewhere in the frame. The SD violates the rules for encoding data in the
frame and contains nondata signals.
• The Access Control (AC) field includes priority and reservation bits used to set network pri-
orities. It also includes a monitor bit, used for network management. A token bit indicates
whether the frame is a token or a data frame.
• The Frame Control (FC) field indicates whether the frame contains LLC data or is a MAC
control frame. Several types of MAC frame are used to control network functions.
• The Destination Address (DA) specifies the station or stations to which the frame is di-
rected. Multicasts and broadcasts are possible in addition to transmission to a single de-
vice. 16- and 48-bit addresses are supported.
• The Source Address (SA) specifies the device that originated the frame. The DA and SA
address must utilise the same format.
• The Information field contains LLC data or control information if it appears in a MAC control
frame.
• The Frame Check Sequence (FCS) is a 32-bit cyclic redundancy check that is applied to
the FC, DA, SA, and information field.
• The Ending Delimiter (ED) violates the network data format and signals the end of the
frame. This field includes two control bits. The intermediate bit indicates whether this is an
intermediate or the final frame in a transmission. The error bit is set by any device that de-
tects an error, such as in the FCS.
• The Frame Status (FS) field contains other control bits that indicate that a station has rec-
ognised its address and that a frame has been copied by a receiving device.
IEEE LAN’s 34
Protocols and Protocol Stacks:

OSI Model Banyan Vines MS NT LAN Manager Novell NetWare TCP/IP UNIX
Application Layer Vines Redirector Server Message NetWare Core Network Applications
Block Protocols
(SMB) (NCP) Socket Interface
Presentation Layer
Net Direct
RPC Socket Named
Session Layer NetBIOS
Pipes
Transport Layer SPP & JPC SPX TCP UDP

NetBEUI
Network Layer Vines IP ICP IPX IP ICMP
ARP & RARP Vines

Data Link Layer NDIS ODI / NDIS ARP & RARP & NDIS
Drivers & NDIS
Physical Layer Network Interface Card Network Interface Card Network Interface Card Network Interface Card
Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the
OSI model.
In figure 52, each NOS manufacturer has implemented its own networking protocols to provide the
required networking functions. These protocols operate as distinct programs or processes that the
NOS use to transport data between the network nodes. Each set of programs is commonly referred as
a protocol stack. It is important to note that although the underlying functionality of each of these pro-
tocol stacks is similar, the implementation within each NOS is unique.
A client application sends data down its protocol stack, passing through each of the protocols and in-
terfaces. Information necessary to forward the application data to its destination is added by the pro-
grams operating at each level. At the receiving side, the data packets traverse a similar stack of proto-
cols and programs, this time in reverse. Starting at the physical layer, the packet passed through each
successive layer until it reaches the top of the stack at the relevant application process. At each layer,
the information appended by the different protocols is examined so that the host can forward the
packet to its final destination. For the host to accomplish this, both the client and the host need to run
the same program at each level. If the server received a data packet that contained protocol informa-
tion generated from a program not in its protocol stack, it would obviously not be able to understand
the contained information.
Protocols operating at each layer need to be compatible
Client Host
Client Application Server Application
Application Layer Application Layer

Presentation Layer Presentation Layer
Session Layer Session Layer
Transport Layer Transport Layer
Network Layer Network Layer
Data Link Layer Data Link Layer
Physical Layer Physical Layer
Figure 53 provides a generic illustration of a data packet moving through the different protocol layers
of the OSI model.
Each subsequent layer, additional protocol information is appended to the original data packet. At the
host side, the protocol information is stripped away layer by layer to finally leave the application data.
Protocols and Protocol Stacks 35

Network Client Network Host
Application Layer Application Application

Data Data
Presentation Layer
Session Layer
Transport Layer Application TCP Application

Data Info. Data
Network Layer Application TCP IP IP TCP Application

Data Info. Info. Info. Info. Data
Data Link Layer Application TCP IP NDIS & Data NDIS & Data IP TCP Application
Data Info. Info. Link Info. Link Info. Info. Info. Data
Physical Layer Application TCP IP NDIS & Data Ethernet Ethernet NDIS & Data IP TCP Application
Data Info. Info. Link Info. Info. Info. Link Info. Info. Info. Data
Transmission over the Network
Figure 54 shows a more specific example of an application packet moving through a TCP/IP network.
Operating Dual Protocol Stacks:
The biggest problems in providing multiprotocol support to network clients relate to the operation of
the interface at both the top and the bottom of the protocol stack.
At the top of the stack, applications are generally written to function through the use of a specific net-
work protocol. The application developer then needs to write different version of the application for it to
operate using different network protocols. It is possible, however, for developers to overcome these
issues by writing applications based on a common or standard interface such as NetBIOS, WinSock,
or BSD sockets. It then becomes the problem of the implemented networking protocol to offer support
for these interfaces.
Similar interpretability problems are found at the protocol stack, the use of a standard interface offers
a possible solution. Each distinct networking solution offers its own protocol drivers to communicate
with the installed network interface card. For example, this means, that if you loaded a separate NIC
driver for both your NetWare stack and your TCP/IP stack, each driver program would assume that it
had complete control over the installed NIC. The result would be that as either driver attempted to ac-
cess the NIC it could corrupt any communication being carried out by the other program.
The solution to this problem requires that you load a single device driver to interface directly with the
NIC and that this driver provides simultaneous support to all the installed protocol stacks. Two possi-
ble solutions have been developed to provide this support. The first is known as the Network Driver
Interface Specification, and the second is the Open Datalink Interface. The implementation of either of
these standards enables you to effectively provide multiprotocol support, enabling you to load more
than one network protocol on a single workstation.
Network Driver Interface Standard (NDIS):
The NDIS specification was written to provide an NIC with the capability to simultaneously support
multiple protocol stacks through the use of a single NIC device driver.
The specification defines three main components:

• Media Access Control (MAC) driver: This is a device driver written by the vendors of the NIC that
directly interfaces with the NIC hardware.
• Upper-Level Protocol driver: This is a device driver written by the NOS vendor that provides the
required functionality and interface support for the upper-layer protocols.
• Protocol manager program: This is a manager or control program that co-ordinates the joining or
binding of the preceding two programs to provide the completed protocol stack support. This pro-
gram is called PROTMAN.DOS or PROTMAN.OS2, depending on the client operating system em-
ployed.

The initialisation of the NDIS environment starts with the protocol manager, which reads a configura-
tion file, called PROTOCOL.INI, and stores the contained configuration in a predefined structure in an
area of memory known as configuration memory.
As each of the other device drivers are loaded, they issue requests to the protocol manager for their
specific configuration details. The protocol manager provides this information by indicating to each
driver where it can find the configuration memory. The drivers then access this area of memory, which
provides them with the details they need in order to initialise.
After the MAC driver and all the required protocol drivers have been loaded, the protocol manager
must connect all the drivers together. This process is known as binding and is initiated by a program
called NETBIND. The principal function of NETBIND is to issue the BindAndStart directive to the pro-
tocol manager. This indicates that all the drivers and protocols to form the necessary protocol stacks.
The protocol manager should initiates communication with the MAC driver by issuing the IniatiateBind
directive to each of the protocols that was loaded. Each of the protocols binds to the MAC driver with
an indicated vector value. The MAC driver can then multiplexed between each of the loaded protocols
based on this vector value.
Applications Applications
Application Layer
TCP/IP NOS
TCP/IP NOS Proprietary

Network Protocols Network Protocols
TCP/IP NDIS NOS NDIS

Network Layer
Compatible Driver Compatible Driver
Binding Interface
Data Link Layer(s)
NIC NDIS Driver
Physical Layer Network Interface Card (NIC)
Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program.
Open Datalink Interface (ODI):
The ODI specification is similar in structure and functionality to NDIS. The ODI specification was de-
veloped as a means of providing client and server support for network protocols alongside its native
networking protocol, IPX.
The ODI specification references the following components:

• Multiple Link Interface Drivers (MLID): These drivers are similar in functionality to the MAC drivers
specified by NDIS. They provide a device interface to the installed NIC within the client or the
server.
• Link Support Layer (LSL) interface: This interface manages the interaction between the installed
MLID and the various installed upper-layer protocols. References within the LSL are made to redi-
rect traffic from the MLID to the specified upper-layer protocol.
• Upper-Level Protocol driver: This is a device driver that allows for the integration of other network
protocols and their support within the NetWare environment.
Configuration and protocol loading within an ODI environment are controlled via the net.cfg file on the
workstation. The first program to load is the LSL driver, which provides a basis for the binding of up-
per-layer protocols and for the loading of the NIC drivers. The file net.cfg contains information relating
to the installed NIC driver, or MLID, and the LAN frame type support that is required. After the MLID
has been installed, the upper-layer protocol drivers can be loaded to interface individually onto the
LSL.

Listing 1 shows an example ODI dual protocol stack configuration. It indicates the loading of both the
IPXODI driver, for IPX support, and the TCP/IP driver to provide a TCP/IP protocol stack.
AUTOEXEC.BAT
...
REM Load LSL driver
LSL
REM Load MLID driver, which reference NET.CFG for its configuration
3c509
REM Load IPX upper layer ODI compliant driver
IPXODI
REM Load TCP/IP upper layer ODI compliant driver
TCPIP
REM Load redirector program
VLM
REM TCP/IP and IPX stacks loaded, continue with login routines
...
NET.CFG
...
link driver 3c509
frame ethernet_803.2
frame ethernet_snap
frame ethernet_II
frame ethernet_803.3
...
It is also possible to provide for NDIS-compatible environments within the ODI specification. This is
provided through inclusion of a program called ODINSUP.COM. This program provides support for
upper-layer protocol drivers written to the NDIS specification to interface directly with the installed ODI
MLID. In other words, the NDIS protocols bind to the ODI MLID, via ODINSUP.COM, bypassing the
installed LSL module. You might undertake this method if the TCP/IP stack you wanted to load sup-
plied only an NDIS-compliant driver.

Delivering Data Through Internetworks:
Ethernet Router
Router Token Ring Router
Router Ethernet
Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation
Figure 56 shows an internetwork consisting of several networks.
The way data are delivered through internetworks involves several topics:
• Methods for carrying multiple data streams on common media.
• Methods for switching data through paths on the network.
• Methods for determining the path to be used.
Multiplexing:
LAN’s generally operate in baseband mode, which means that a given cable is carrying a single data
signal at any one time. The various devices on the LAN must take turns using the medium. This gen-
erally is a workable approach for LAN’s, because LAN media offer high performance at low cost.
Long-distance data communication media are expensive to install and maintain, and it would be ineffi-
cient if each media path could support only a single data stream. WAN’s, therefore, tend to use broad-
band media, which can support two or more data streams. Increasingly, as LAN’s are expected to
carry more and different kinds of data, broadband media are being considered for LAN as well.
To enable many data streams to share a high-bandwidth medium, a technique called multiplexing is
employed.
A A
Demultiplex
Multiplex
B B
D C B A D C B A D C B A D C B A
C C
D Data Flow D
Figure 57 illustrates one method of time-division multiplexing of digital signals.
In figure 57, the signals-carrying capacity of the medium is divided into time slots, with a time slot as-
signed to each signal, a technique called Time-Division Multiplexing (TMD). Because the sending and
receiving devices are synchronised to recognise the same time slots, the receiver can identify each
data stream and re-create the original signals. The sending device, which places data into the time
slots, is called a multiplexer or mux. The receiving device is called a demultiplexer or demux. TMD can
be inefficient. If a data stream falls silent, its time slots are not used and the media bandwidth is under-
utilised.
A A
Demultiplex
Multiplex
B B
A B A C A B A A A C A A B A B A
C C
D Data Flow D
Figure 58 depict a more advanced technique, statistical time-division multiplexing.
In figure 58, time slots are still used, but some data streams are allocated more time slots that others.
An idle channel, D, is allocated no time slots at all. A device that performs statistical TMD often is
called a stat-MUX.
Delivering Data Through Internetworks 39

Switching Data:
On an internetwork, data units must be switched through the various intermediate devices until they
are delivered to their destination. Two contrasting methods of switching data are commonly used: Cir-
cuit switching and packet switching. Both are used in some form by protocols in common use.
Circuit Switching:
E D C B A
Message Fragments E
D
C
B
A
E D C B A E D C B A
Message Fragments
Figure 59 illustrates circuit switching.
When two devices negotiate the start of a dialogue, they establish a path, called a circuit, through the
network, along with a dedicated bandwidth through the circuit. After establishing the circuit, all data for
the dialogue flow through that circuit. The chief disadvantage of circuit switching is that when commu-
nication takes place at less than the assigned circuit capacity, bandwidth is wasted. Also, communicat-
ing devices can’t take advantage of other, less busy paths through the network unless the circuit is
reconfigured.
Circuit switching does not necessarily mean that a continuous, physical pathway exists for the sole use
of the circuit. The message stream may be multiplexed with other message streams in a broadband
circuit. In fact, sharing of media is the more likely case with modern telecommunications. The appear-
ance to the end devices, however, is that the network has configured a circuit dedicated to their use.
End devices benefit greatly from circuit switching. Since the path is pre-established, data travel
through the network with little processing in transit. And, because multipart messages travel sequen-
tially through the same path, message segments arrive in an order and little effort is required to recon-
struct the original message.
Packet Switching:
E D C B A D C A A
Message Fragments
B D
E A
C
E E D C B E D C B A
Message Fragments
Figure 60 illustrates packet switching.

Packet switching takes a different and generally more efficient approach to switching data through
networks. Messages are broken into sections called packets, which are routed individually through the
network. At the receiving device, the packets are reassembled to construct the complete message.
Messages are divided into packets to ensure that large messages do not monopolise the network.
Packets from several messages can be multiplexed through the same communication channel. Thus,
packet switching enables devices to share the total network bandwidth efficiently.
Two variations of packet switching may be employed:

• Datagram services treat each packet as an independent message. The packets, also
called datagrams, are routed through the network using the most efficient route currently
available, enabling the switches to bypass busy segments and use under-utilised seg-
ments. Datagrams frequently are employed on LAN’s and network layer protocols are re-
sponsible for routing the datagrams to the appropriate destination. Datagram service is
called unreliable, not because it is inherently flawed but because it does not guarantee de-
livery of data. Recovery of errors is left to upper-layer protocols. Also, if several messages
are required to construct a complete message, upper-layer protocols are responsible for
reassembling the datagrams in order. Protocols that provide datagram service are called
connectionless protocols.
• Virtual circuits establish a formal connection between two devices, giving the appearance
of a dedicated circuit between the devices. When the connection is established, issues
such as messages size, buffer capacities, and network paths are considered and mutually
agreeable communication parameters are selected. A virtual circuit defines a connection, a
communication path through the network, and remains in effect as the devices remain in
communication. This path functions as a logical connection between the devices. When
communication is over, a formal procedure releases the virtual circuit. Because virtual cir-
cuit service guarantees delivery of data, it provides reliable delivery service. Upper-layer
protocols need not be concerned with error detection and recovery. Protocols associated
with virtual circuits are called connection-oriented.
Bridges, Routers, and Switches:
Data can be routed through an internetwork using the following three types of information:
• The physical address of the destination device, found at the data link layer. Devices that
forward messages based on physical addresses generally are called bridges.
• The address of the destination network, found at the network layer. Devices that use net-
work addresses to forward messages usually are called routers, although the original
name, still commonly used in the TCP/IP world, is gateway.
• The circuit that has been established for a particular connection. Devices that route mes-
sages based on assigned circuits are called switches.
Bridges:
End Node Bridge End Node

Presenation Layer Presenation Layer
Network Layer Network Layer
Data Link Layer Data Link Layer Data Link Layer Data Link Layer
Physical Layer Physical Layer Physical Layer Physical Layer
Network A Network B
Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model.
Bridges build and maintain a database that lists known addresses of devices and how to reach those
devices. When it receives a frame, the switch consults its database to determine which of its connec-
tions should be used to forward the frame.

A bridge must implement both the physical and data link layers of the protocol stack. Bridges are fairly
simple devices. The receive frames from on connection and forward them to another connection
known to be en route to the destination. When more than one route is possible, bridges ordinarily can’t
determine which route is most efficient. In fact, when multiple routes are available, bridging can result
in frames simply travelling in circles. Having multiple paths available on the network is desirable, how-
ever, so that a failure of one path does not stop the network. With Ethernet, a technique called the
spanning-tree algorithm enables bridged networks to contain redundant paths.
Token Ring uses a different approach to bridging. When a device needs to send to another device, it
goes through a discovery process to determine a route to the destination. The routing information is
stored in each frame transmitted and is used by bridges to forward the frames to the appropriate net-
works. Although this actually is a data link layer function, the technique Token Ring uses is called
source routing.
The bridge must implement two protocol stacks, one for each connection. Theoretically, these stacks
could belong to different protocols, enabling a bridge to connect different types of networks. However,
each type of network, such as Ethernet and Token Ring, has its own protocols at the data link layer.
Translating data from the data link layer of an Ethernet to the data link layer of a Token Ring is diffi-
cult, but not impossible. Bridges, which operate at the data link layer, therefore, generally can join only
networks of the same type. You see bridges employed most often in networks that are all Ethernet or
all Token Ring. A few bridges have been marketed that can bridges networks that have different data
link layers.
Routers:
End Node Router End Node

Presenation Layer Presenation Layer
Network Layer Network Layer Network Layer Network Layer
Data Link Layer Data Link Layer Data Link Layer Data Link Layer
Physical Layer Physical Layer Physical Layer Physical Layer
Network A Network B
Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model.
A different method of path determination can be employed using data found at the network layer. At
that layer, networks are identified by logical network identifiers. This information can be used to build a
picture of the network. This picture can be used to improve the efficiency of the paths that are chosen.
Devices that forward data units based on network addresses are called routers.
With TCP/IP, routing is a function of the internet layer. By convention, the network on which the data
unit originates counts as one hop. Each time a data unit crosses a router, the hop count increases by
one.
Router A
Router Router B
Router Router C
Router
Router D
Router Router
Router E Router
Router F
Figure 63 illustrates Hop-count routing.

A wide variety of paths could be identified between A and F:

• A-E-F (4 hops)
• A-E-D-F (5 hops)
• A-E-C-F (5 hops)
• A-B-C-F (5 hops)
By this method, A-E-F is the most efficient route. This assumes that all of the paths between the
routers provide the same rate of service. A simple hop-count algorithm would be misleading if A-D and
D-E were 1.5 Mbps lines while A-E was a 56 Kbps line. Apart from such extreme cases, however, hop-
count routing is a definite improvement over no routing planning at all.
Routing operates at the network layer. By the time data reach that layer, all evidence of the physical
network has been shorn away. Both protocol stacks in the router can share a common network layer
protocol. The network layer does not know or care if the network is Ethernet or Token Ring. Therefore,
each stack can support different data link and physical layers. Consequently, routers posses a capabil-
ity, fairly rare in bridges, to forward traffic between dissimilar types of networks. Owing to that capabil-
ity, routers often are used to connect LAN’s to WAN’s.
Building routers around the same protocol stack as are used on the end-nodes is possible. TCP/IP
networks can use routers based on the same IP protocol employed at the workstation. However, it is
not required that routers and end-nodes use the same routing protocol. Because network layers need
not communicate with upper-layer protocols, different protocols may be used in routers than are used
in the end-nodes. Commercial routers employ proprietary network layer protocols to perform routing.
These custom protocols are among the keys to the improved routing performance provided by the
bets routers.
Switches:
Circuit-based networks operate with high efficiency because the path is established once, when the
circuit is established. Each switch maintains a table that records how data from different circuits
should be switched. Switching is typically performed by lower-level protocols to enhance efficiency,
and is associated most closely with the data link layer.

Digital Data Services:
When networks must span more than a few kilometre' s, new categories of technology come into play.
Before considering WAN standards, it is useful to take a look at options that might be used by an or-
ganisation that wants to build a private WAN. Not all options are examined.
A Leased line is a dedicated communication line between two points. It’s usually used by organisa-
tions to connect computers over a dedicated telephone line.
• Dedicated Leased Lines:
Communication providers offer dedicated, leased lines at a variety of capacities. A dedicated

line is a communication channel between two points that is leased by an organisation for its
exclusive use. The dedicated line almost certainly does not consist of a pair of wires that
stretches continuously between the end-points, and a customer' s signal can pass through any
combination of copper and optical fibre cables as well as terrestrial and satellite microwaves.
The appearance to the customer, however, is of a directly wired channel. Dedicated lines may
be analogue or digital in nature.
T1 is an example of a digital leased-line technology. T1 supports full-duplex communication

between two points. Originally intended for digital voice communication, T1 adapts as well to
data communication, supporting data rates up to 1.544 Mbps. T1 circuits can utilise combina-
tions of cables and microwave links. A T1 line supports 24 multiplexed 64 Kbps channels.
Fractional T1 enables organisations to lease part of a T1 line in 64 Kbps increments. Other
standards include T2 (6.312 Mbps), T3 (44.736 Mbps) and T4 (274.176 Mbps).
Router
Router CSU/DSU CSU/DSU Router
Router
DDS
Figure 64 shows connecting remote sites with a Digital Leased Circuit.
The interface to the leased line consists of a bridge or router to forward frames to the leased
circuit. A Channel Service Unit/Digital Service Unit (CSU/DSU) to translate between LAN and
the Digital Data Service (DDS) signal formats. A network interface provided by the communi-
cation service vendor.
Leased lines can be used to construct quite large networks. The Internet is a world wide net-
work that consists of thousands of host. Most connected by leased lines. The participant in the
Internet share the cost of operating the Internet by bearing the cost of one or more leased
lines to connect to other host sites.
The downside of leased lines is that an organisation bears the full cost of the capacity they
have leased. Some allowance must be made for peak traffic periods, and a portion of the
channel capacity being paid for may be idle a great deal of the time. Dedicated lines ensure an
organisation of a specified communication capacity, but come at a high cost.
Digital Data Services 44

• Switched Digital Lines:

Switched lines provide an alternative to dedicated lines. When remote hosts need to commu-
nicate, one dials the other to establish a temporary connection. Switched connection can be
configured using conventional modems and voice-grade lines, enabling organisations that
have very limited bandwidth needs to avoid the cost of a digital service.
A technology of switched digital communication is the Integrated Services Digital Network

(ISDN). A variety of ISDN services are possible, providing different amounts of bandwidth. A
common basic rate service consists of two 64 Kbps digital channels. Although the potential
bandwidth of this service is 128 Kbps, the 64 Kbps channels function separately. Equipment at
the customer site must be capable of aggregating the separate 64 Kbps channels into a 128
Kbps logical channel. ISDN has the potential to make switched digital communication widely
available at low cost.
Digital Data Services 45

The Internet Model:
The protocol architecture for TCP/IP currently is defined by the IETF, which is responsible for estab-
lishing the protocols and architecture for the Internet.
What TCP/IP provides:

• Open protocol standards, freely available and developed independently from any specific operating
system or computer hardware platform. Because TCP/IP is so widely supported, it is ideal for unit-
ing different hardware and software, even if you don'
t communicate over the Internet.
• Independence from specific physical network hardware, it can be run over an Ethernet, a Token
Ring, a dial-up line, an X.25 net, and virtually any other kind of physical transmission media.
• A globally unique addressing scheme that allows any TCP/IP device to address any other device in
the entire network, even if the network is as large as the world-wide Internet.
• Support for internetworking and routing, standardised high-level protocols for consistent, widely
available user services.
TCP/IP attempts to create a heterogeneous network with open protocols that are independent of op-
erating system and architectural difference. TCP/IP protocols are available to everyone, and are de-
veloped and changed by consensus, not by the fiat of one manufacturer. Everyone is free to develop
products to meet these open protocol specifications. Most information about TCP/IP is published as
Request For Comments (RFC), its contain the latest version of the specifications of all standard
TCP/IP protocols.
Application Layer
4 consists of applications and processes
that use the network
Transport Layer
3 provides end-to-end data delivery
services
Internet Layer
2 defines the datagram and handles the
routing of data
Network Access Layer
1 consists of routines for accessing
physical media
Figure 65 shows the Layers in the TCP/IP Protocol Architecture.
The four-layered structure of TCP/IP is seen in the way data handled as it passes down the protocol
stack from the Application Layer to the underlying physical network. Each layer in the stack adds con-
trol information to ensure proper delivery. This control information is called a header because it is
placed in front of the data to be transmitted. Each layer treats all of the information it receives from the
layer above as data and places its own header in front of that information. The addition of delivery in-
formation at every layer is called encapsulation. When data is received, the opposite happens. Each
layer strips off its header before passing the data on the layer above. As information flows back up the
stack, information received from a lower layer is interpreted as both a header and data.
Application Layer Data
Transport Layer Header Data
Internet Layer Header Header Data
Network Access Layer Header Header Header Data
Figure 66 shows TCP/IP Data Encapsulation.
The Internet model 46

Each layer has its own independent data structures. Conceptually a layer is unaware of the data struc-
ture used by the layers above and below it. In reality, the data structures of a layer are designed to be
compatible with the structures used by the surrounding layers for the sake of more efficient data
transmission. Still, each layer has its own data structure and its own terminology to describe that struc-
ture.
TCP UDP
Application Layer stream message
Transport Layer segment packet
Internet Layer datagram datagram
Network Access Layer frame frame
Figure 67 shows Data Structures.
Figure 67 shows the terms used by different layers of TCP/IP to refer to the data being transmitted.
Most networks refer to transmitted data as packets of frames.
Application Application
Send continuous data streams Receive continuous data streams
Data Steam
TCP
TCP
Defragment segments,
Fragment data stream to segments
reconstruct data stream
Segments
IP IP
Fragment segments if required, Reconstruct segments
prepare datagrams from datagrams
Datagrams
Network Access Network Access

Fragment datagram to bits Reconstruct datagrams from bits
Figure 68 shows the processing of data during the transmission and the receiving for TCP.
Description of each of these layers:
• The Network Access Layer it is the lowest layer of the TCP/IP protocol hierarchy. The proto-
cols in this layer provide the means for the system to deliver data to the other device on a di-
rectly attached network. It defines how to use the network to transmit an IP diagram. Unlike
higher-level protocols, it must know the details of the underlying network to correctly format the
data being transmitted to comply with the network constraints. The TCP/IP Network Access
Layer can encompass the function of all three lower layers of the OSI reference model Net-
work Layer, Data Link Layer, and Physical Layer.
Functions performed at this level include encapsulation of IP datagrams into the frames
transmitted by the network, and mapping of IP addresses to the physical addresses used by
the network.
The network access layer is responsible for exchanging data between a host and the network
and for delivering data between two devices on the same network. Node physical addresses
are used to accomplish delivery on the local network.

TCP/IP has been adapted to a wide variety of network types, including switching, such as
X.21, packet switching, such as X.25, Ethernet, the IEEE 802.x protocols, frame relay, etc..
Data in the network access layer encode EtherType information that is used to demultiplex
data associated with specific upper-layer protocol stacks.
SMTP FTP Telnet TFTP SNMP NFS Application Layer SMTP FTP Telnet TFTP SNMP NFS
TCP UDP Transport Layer TCP UDP
IP ICMP Internet Layer IP ICMP
ARP MAC Driver RARP ARP MAC Driver RARP

NIC NIC
DATA DATA DATA DATA DATA ... DATA

Actual Physical Connection
Figure 69 shows processes/applications and protocols that rely on the Network Access Layer
for the delivery of data to their counterparts across the network.
• The Internetwork Layer it is the heart of TCP/IP and the most important protocol. IP provides
the basic packet delivery service on which TCP/IP networks are built. All protocols, in the lay-
ers above and below IP, use the Internet Protocol to deliver data. All TCP/IP data flows
through IP, incoming and outgoing, regardless of its final destination.
The Internetwork Layer is responsible for routing messages through internetworks. Devices
responsible for routing messages between networks are called gateways in TCP/IP terminol-
ogy, although the term router is also used with increasing frequency. The TCP/IP protocol at
this layer is the Internet Protocol (IP). In addition to the physical node addresses utilised at the
network access layer, the IP protocol implements a system of logical host addresses called IP
addresses. The IP addresses are used by the internet and higher layers to identify devices
and to perform internetwork routing. The Address Resolution Protocol (ARP) enable IP to
identify the physical address that matches a given IP address.
Internet Protocol (IP):

• Defining the datagram, which is the basic unit of transmission in the Internet.
• Defining the Internet addressing scheme, moving data between the Network Access Layer
and the Host-to-Host Transport Layer.
• Routing datagrams to remote hosts.
• Performing fragmentation and reassembly of datagrams.
The Datagram:
Is the packet format defined by Internet Protocol. The internet protocol delivers the datagram
by checking the Destination Address (DA). This is an IP address that identifies the destination
network and the specific host on that network. If the destination address is the address of a
host on the local network, the packet is delivered directly to the destination, otherwise the
packet is passed to a gateway for delivery. Gateways are devices that switch packets between
the different physical networks. Deciding which gateway to use is called routing. IP makes the
routing decision for each individual packet. IP deals with data in chunks called datagrams. The
terms packet and datagram are often used interchangeably, although a packet is a data link-
layer object and a datagram is a network layer object. In many cases, particularly when using
IP on Ethernet, a datagram and packet refer to the same chunk of data. There' s no guarantee
that the physical link layer can handle a packet of the network layer' s size. If the media's MTU
is smaller than the network' s packet size, then the network layer has to break large datagrams
down into packed-sized chunks that the data link layer and physical layer can digest. This
process is called fragmentation. The host receiving a fragmented datagram reassembles the
pieces in the correct order.

IP Datagram Format:
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Header
Words
3 Time-to-live Protocol Header Checksum
4 Source Address
6 Options Padding
Figure 70 shows the IP Datagram Format.
The field in figure 70 are as follows:

Version:
IHL:
Type of Service: Data in this fields indicate the quality of service desired. The effects of values
in the precedence fields depend on the network technology employed, and values must be
configured accordingly.
Format of the Type of Service field:
• Bits 0-2: Precedence 111 = Normal Control
110 = Internetwork Control
101 = CRITIC/ECP
100 = Flash Override
011 = Flash
010 = Immediate
001 = Priority
000 = Routine
• Bit 3 : Delay 0 = normal delay 1 = low delay
• Bit 4 : Throughput 0 = normal throughput 1 = high throughput
• Bit 5 : Reliability 0 = normal reliability 1 = high reliability
• Bits 6-7: Reserved
Total Length: The length of the datagram in octets, including the IP header and data. This field
enables datagrams to consist of up to 65.535 octets. The standard recommends that all hosts
be prepared to receive datagrams of at least 576 octets in length.
Identification: An identification field used to aid reassemble of the fragments of a datagram.
Flag: If a datagram is fragmented, the MB bit is 1 in all fragments except the last.
This field contains three control bits.
• Bit 0: Reserved, must be 0.
• Bit 1 (DF): 1 = Do not fragment and 0 = May fragment
• Bit 2 (MF): 1 = More fragments and 0 = Last fragment
Fragment Offset: For fragmented datagrams, indicates the position in the datagram of this
fragment.
Time-to-live: Indicates the maximum time the datagram may remain on the network.
Protocol: The upper layer protocol associated with the data portion of the datagram.
Header Checksum: A checksum for the header only. This value must be recalculated each
time the header is modified.
Source Address: The IP address of the that originated the datagram.
Destination Address: The IP address of the host that is the final destination of the datagram.
Options: May contain 0 or more options.
Padding: Filled with bits to ensure that the size of the header is a 32-bit multiple.

Routing Datagrams:
Internet gateways are commonly referred to as IP routers because they use Internet Protocol
to route packets between networks. Gateways forward packets between networks and hosts
don' t. However, if a host is connected to more than one network (a multihomed host), it can
forward packets between the networks. When a multihomed host forwards packets, it acts just
like any other gateway and is considered to be a gateway.
Systems can only deliver packets to other devices attached to the same physical network.
Host A1 Gateway AB1 Gateway BC1 Host C1

Internet Layer Internet Layer Internet Layer Internet Layer
Network Access Layer Network Access Layer Network Access Layer Network Access Layer
Network A Network B Network C
Figure 71 shows Routing Through Gateways.
The hosts (end-systems) process packets through all four protocol layers, while the gateways
(intermediate-systems) process the packets only up to the internet layer where the routing de-
cisions are made.
Fragmenting Datagrams:
As a datagram is routed through different networks, it may be necessary for the IP module in
the gateway to divide the datagram into smaller pieces. A datagram received from one net-
work may be to large to be transmitted in a single packet on a different network. This condition
only occurs when a gateway interconnects dissimilar physical networks. Each type of network
has a Maximum Transmission Unit (MTU), which is the largest packet that it can transfer If the
datagram received from one network is longer than the other network' s MTU, it is necessary
to divide the datagram into smaller fragments for transmission. This process is called frag-
mentation.
Passing Datagrams to the Transport Layer:

When IP receives a datagram that is addressed to the local host, it must pass the data portion
of the datagram to the correct transport layer protocol. This is done by using the protocol
number of the datagram header. Each transport layer protocol has a unique protocol number
that identifies it to IP.
Internet Control Message Protocol (ICMP):

Is part of the internet layer and uses the IP datagram delivery facility to sends its messages.
ICMP sends messages that perform control, error reporting, and informational functions for
TCP/IP.
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Header
Words
1 Type Code Checksum

2 Pointer unused
Header & 64 bits from original datagram
Figure 72 shows the ICMP Header Format.

• Flow control: When datagrams arrive to fast for processing, the destination host or inter-
mediate gateway sends an ICMP Source Quench Message back to the sender. This tells
the source to temporarily stop sending datagrams.
• Detecting unreachable destinations: When a destination is unreachable, the system detect-
ing the problem sends an ICMP Destination Unreachable Message to the datagrams
source. If the unreachable destination is a network or host, the message is sent by an in-
termediate gateway. But if the destination is an unreachable port, the destination host
sends the message.

• Redirecting routes: A gateway sends the ICMP Redirect Message to tell a host to use an-
other gateway, presumably because the other gateway is a better choice. This message
can only be used when the source host is on the same network as both gateways.
• Checking remote hosts: A host can send the ICMP Echo Message to see if a remote sys-
tem'
s internet protocol is up and operational. When a system receives an echo message, it
sends the same packet back to the source host (e.g. PING).

NIC NIC

Figure 73 shows processes/applications and protocols rely on the Internet Layer for the deliv-
ery of data to their counterparts across the network.
• The Host-to-Host Transport Layer has two major jobs: It must subdivide user-sized data
buffers into network layer sized datagrams, and it must enforce any desired transmission con-
trol such as reliable delivery. The two most imported protocols in this layer are Transmission
Control Protocol (TCP) and User Datagram Protocol (UDP). TCP provides reliable data deliv-
ery service with end-to-end error detection and correction. UDP provides low-overhead, con-
nectionless datagram delivery service. Both protocols deliver data between the Application
Layer and the Internet Layer. Applications programmers can choose whichever service is
more appropriate for their specific applications.
The Host-to-Host Transport Layer is responsible for end-to-end data integrity. Two protocols
are employed at this layer: Transmission control protocol and user datagram protocol. TCP
precedes reliable, full-duplex connections and reliable service by ensuring that data is present
when transmission result in an error. Also, TCP enables hosts to maintain multiple, simultane-
ous connections. UDP provides unreliable service that enhances network throughput when er-
ror correction is not required at the host-to-host-layer.
Protocols defined at this layer accept data from application protocols running at the Applica-
tion layer, encapsulate it in the protocol header, and deliver the data segment thus formed to
the lower IP layer for routing. Unlike the IP protocol, the transport layer is aware of the identity
of the ultimate user representative process. As such, the Transport layer, in the TCP/IP suite,
embodies what data communications are all about: The delivering of information from an ap-
plication on one computer to an application on another computer.
User Datagram Protocol (UDP):

Gives application programs direct access to a datagram delivery service, like the delivery ser-
vice that IP provides. This allows applications to exchange messages over the network with a
minimum of protocol overhead. UDP is an unreliable (it doesn' t care about the quality if deliv-
eries it make), connectionless (doesn' t establish a connection on behalf of user applications)
datagram protocol. Within your computer, UDP will deliver data correctly. UDP is used as a
data transport service when the amount of data being transmitted is small, the overhead of
creating connections and ensuring reliable delivery may be greater than the work of retrans-
mitting the entire data set. Broadcast-oriented services use UDP, as do those in which re-
peated, out of sequence, or missed requests have no harmful side effects. Since no state is
maintained for UDP transmission, it is ideal for repeated, short operations such as the Remote
Procedure Call protocol. UDP packets can arrive in any order. If there is a network bottleneck
that drops packets, UDP packets may not arrive at all. It's up to the application built on UDP to
determine that a packet was lost, and to resend it if necessary.

NFS and NIS are build on top of UDP because of its speed and statelessness. While the per-
formance advantages of a fast protocol are obvious, the stateless nature of UDP is equally
important. Without state information in either the client or server, crash recovery is greatly
simplified.
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Header
Words
2 Length Checksum
Figure 74 shows the UDP Datagram Format.

• Source Port (16 bits): This field is optional and specifies the port number of the
application that is originating the user data.
• Destination Port (16 bits): This is the port number pertaining to the destination ap-
plication.
• Length (16 bits): This field describes the total length of the UDP datagram, includ-
ing both data and header information.
• UDP checksum (16 bits): Integrity checking is optional under UDP. If turned on,
this field is used by both ends of the communication channel for data integrity
checks.
Version IHL Type of Service Total Length

Identification Flag Fragment Offset
Time-to-live Protocol Header Checksum
Source Address IP Datagram
Destination Address
Options Padding
UDP Datagram
Source Port Destination Port

Length Checksum UDP Datagram
Figure 75 shows the relationship between UDP and IP headers.
There are two points to make:

• What IP considers to be data field is in fact another piece of formatted information
including both UDP header and user protocol data. To IP it should not matter what
the data field is hiding.
• The details of the header information for each protocol should clearly convey to the
reader purpose of the protocol.
Transmission Control Protocol (TCP):

Is a fully reliable, connection-oriented, acknowledged, byte stream protocol that provide reli-
able data delivery across the network and in the proper sequence. TCP supports data frag-
mentation and reassemble. It also support multiplexing/demultiplexing using source and desti-
nation port numbers in much the same way they are used by UDP.
TCP provides reliability with a mechanism called Positive Acknowledgement with Retransmis-
sion (PAR). Simply stated, a system using PAR sends the data again, unless it hears from the
remote system that the data arrived okay. The unit of data exchanged between co-operating
TCP modules is called a segment.

TCP Segment Format:
Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
2 Sequence Number
Header
Words
6 Options Padding
Figure 76 shows the data segment format of the TCP Protocol.

• Source port (16 bits): Specifies the port on the sending TCP module.
• Destination port (16 bits): Specifies the port on the receiving TCP module.
• Sequence number (32 bits): Specifies the sequence position of the first data octet
in the segment. When the segment opens a connection, the sequence number is
the Initial Sequence Number (ISN) and the first octet in the data field is at se-
quence ISN+1
• Acknowledgement number (32 bits): Specifies the next sequence number that is
expected by the sender of the segment. TCP indicates that this field is active by
setting the ACK bit, which is always set after a connection is established.
• Data offset (4 bits): Specifies the number of 32-bit word in the TCP header.
• Reserved (6 bits): Must be zero. Reserved for future use.
• Control bits (6 bits):
The six control bits are as follow:
• URG: When set, the Urgent Pointer field is significant
• ACK : When set, the acknowledgement Number field is significant
• PSH : Initiates a push function
• RST : Forces a reset of the connection
• SYN : Synchronises sequencing counters for the connection. This bit is set
when a segment request opening of a connection.
• FIN : No more data. Closes the connection
• Window (16 bits): Specifies the number of octets, starting with the octet specified
in the acknowledgement number field, which the sender of the segment can cur-
rently accept.
• Checksum (16 bits): An error control checksum that covers the header and data
fields. It does not cover any padding required to have the segment consists of an
even number of octets. The checksum also covers a 96-pseudoheader, it includes
source and destination addresses, the protocol, and the segment length. The in-
formation is forwarded with the segment to IP to protect TCP from miss-routed
segments. The value of the segment length fields include the TCP header and
data, but doesn' t include the length of the pseudoheader.
• Urgent Pointer (16 bits): Identifies the sequence number of the octet following ur-
gent data. The urgent pointer is a positive offset from the sequence number of the
segment.
• Options (variable): Options are available for a variety of functions.
• Padding (variable): 0-value octets are appended to the header to ensure that the
header ends on a 32-bit word boundary.

Bits
0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
1 Source Address
Header
Words
3 zero Protocol TCP length
Figure 77 shows the format of the TCP pseudoheader.
Each segment contains a checksum that the recipient uses to verify that the data is undam-
aged. If the data segment is received undamaged, the receiver sends a positive acknowl-
edgement back to the sender. If the data segment is damaged, the receiver discards it. After
an appropriate time-out period, the sending TCP module retransmits any segment for which
no positive acknowledgement has been received.
TCP is connection-oriented. It establishes a logical end-to-end connection between the two

communication hosts. Control information, called a handshake, is exchanged between the two
endpoints to establish a dialogue before data is transmitted. TCP indicates the control function
of a segment by setting the appropriate bit in the flags field of the segment header.
SMTP FTP Telnet TFTP SNMP NFS Preceived Data SMTP FTP Telnet TFTP SNMP NFS
TCP UDP DATA DATA TCP UDP
Preceived Connection
IP ICMP IP ICMP
NIC Actual Data NIC

Including Headers

Figure 78 shows TCP establishes virtual circuits over which applications exchange data.
The type of handshake used by TCP is called a three-way handshake because three seg-
ments are exchanged.
Three-Way Handshake:
Host A Host B
SYN
SYN, ACK
ACK, data
data transfer has begun
Figure 79 shows a Three-Way Handshake.
Reliability and Acknowledgement:

TCP employs the positive acknowledgement with retransmission technique for the purpose of
archiving reliability in service.
Host A Host B
DS1
ACK1
Time
DS2
ACK2
Figure 80 shows the positive acknowledgement with retransmission technique.

In figure 80, with a laddergram depicting the events taking place between two hosts. The ar-
rows represent transmitted data and/or acknowledgements, and time is represented by the
vertical distance down the ladder. When TCP send a data segment, it requires an acknowl-
edgement from the receiving end. The acknowledgement is used to update the connection
state table. An acknowledgement can be positive or negative. An positive acknowledgement
implies that the receiving host recovered the data and that it passed the integrity check. A
negative acknowledgement implies that the failed data segment needs to be retransmitted. It
can be caused by failures such as data corruption or loss.
Host A Host B
Countdown timer starts

DS1
Acknowledgment received ACK1

Countdown timer starts
DS
2(
los
t)
Countdown timer expires
Countdown timer starts DS2 (r
etr.)
Acknowledgment received ACK2
Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments.
In figure 81, what illustrates what happens when a packet is lost on the network and fails to
reach its ultimate destination. When a host sends data, it starts a countdown timer. If the timer
expires without receiving an acknowledgement, this host assumes that the data segment was
lost. Consequently, this host retransmits a duplicate of the failing segment. TCP keep a copy
of all transmitted data with outstanding positive acknowledgement. Only after receiving the
positive acknowledgement is this copy discarded to make room for other data in its buffer.
Data Stream Maintenance:

The interface between TCP and a local process is a port, which is a mechanism that enables
the process to call TCP and in turn enables TCP to deliver data streams to the appropriate
process.
Ports are identified by port numbers. To fully specify a connection, the host IP address is ap-
pended to the port number. This combination of IP address and port number is called a
socket. A given socket number is unique on the internetwork. A connection between two hosts
is fully described by the sockets assigned to each end of the connection.
Window 6000
Data Received Current Segment
1 1001 2001 3001 4001 5001 6001 7001
Initial Sequence Number 0 Acknowledgement Number 2000 Sequence Number 4001
Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0.
In figure 82, the receiving system has received and acknowledged 2000 bytes. so the current
Acknowledgement Number is 2000. The receiver also has enough buffer space for another
6000 bytes, so it has advertised a Window of 6000. The sender is currently sending a seg-
ment of 1000 bytes starting with Sequence Number 4001. The sender has received no ac-
knowledgement for the bytes from 2001 on, but continues sending data as long as it is within
the window. If the sender fills the window and receives no acknowledgement of the data pre-
viously sent, it will, after an appropriate time-out, send the data again starting from the first
unacknowledged byte. Retransmission would start from byte 2001 if no further acknowledge-
ments are received. This procedure ensures that data is reliably received at the far end of the
network.

Managing Connections:
From the perspective of the process, communication with the network involves sending and
receiving continuous streams of data. The process is not responsible for fragmenting the data
to fit lower-layer protocols.
Application Application
Send continuous data streams Receive continuous data streams
Data Steam
TCP
TCP
Defragment segments,
Fragment data stream to segments
reconstruct data stream
Segments
IP IP
Fragment segments if required, Reconstruct segments
prepare datagrams from datagrams
Datagrams
Network Access Network Access

Fragment datagram to bits Reconstruct datagrams from bits
Figure 83 shows how data are processed as the travel down the protocol stack, through the
network, and up the protocol stack of the receiver.
A short explanation of figure 83:

• TCP receives a stream of data from the upper-layer process
• TCP may fragment the data stream into segments that meet the maximum datagram size
of IP
• IP may fragment segments as it prepares datagrams that are sized to conform to restric-
tions of the network.
• Network protocols transmit the datagram in the form of bits.
• Network protocols at the receiving host reconstruct datagrams from the bits they receive.
• IP receives datagrams from the network. Where necessary datagram fragments are reas-
sembled to reconstruct the original segment.
• TCP presents data in segments to upper-layer protocols in the form of data streams.

NIC NIC

Figure 84 shows processes/applications and protocols rely on the Transport Layer for the de-
livery of data to their counterparts across the network.

• The Process/Application Layer includes all processes that use the transport layer protocols
to deliver data. There are many applications protocols. A good example of concerns handled
by these process is the reconciliation of differences in the data syntax between the platforms
on which the applications are running. It should be clear that unless this difference in data rep-
resentation is handled properly, any exchange of data involving these processes id likely to
yield erroneous interpretations of numerical data. To resolve this issue, and other similar is-
sues, TCP/IP defines the eXternal Data Representation (XDR) protocol. Reflecting on the na-
ture of this problem, you can easily see that the problem has nothing to do with the underlying
network topology, wiring, or electrical interference.
Some applications that uses TCP:

• TELNET: The Network Terminal Protocol, provides remote login over the network.
• FTP: The File Transfer Protocol, is used for interactive file transfer between hosts.
• SMTP: The Simple Mail Transfer Protocol delivers electronic mail.
Some applications that uses UDP:

• SNMP: The Simple Network Management Protocol, is used to collect management infor-
mation from network devices.
• DNS : Domain Name Service, maps IP addresses to the names assigned to network de-
vices.
• RIP: Routing Information Protocol, routing is the central to the way TCP/IP networks. RIP is
used by the network devices to exchange routing information.
• NFS : Network File System, this protocol allows files to be shared by various hosts on the
network as if they were local drives.
TCP/IP Protocols Inside a Sample Gateway:

Source Host Gateway Destination Host

Internet Layer Internet Layer Internet Layer
Destination Gateway Destination Gateway Destination Gateway
134.67.32.0 134.67.40.3 134.67.32.0 134.67.32.5 134.67.32.0 134.67.32.2
134.67.40.0 134.67.40.2 134.67.40.0 134.67.40.3 default 134.67.32.5
default 134.67.40.1 default 134.67.40.1
Network Access Layer Network Access Layer Network Access Layer
134.67.40.2 134.67.40.3 134.67.32.5 134.67.32.2
134.67.40.0 134.67.32.0
Network A Network B
Figure 85 shows the TCP/IP Protocols Inside a Sample Gateway.

NIC NIC

Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of
data to their counterparts across the network.

Addressing, Routing, and Multiplexing:
To deliver data between two Internet hosts, it is necessary to move data across the network to the cor-
rect host, and within that host to the correct user or process.
TCP/IP uses three schemes to accomplish these tasks:

• Addressing : IP addresses deliver data to the correct host.
• Routing : Gateway deliver data to the correct network.
• Multiplexing : Protocol and port numbers deliver data to the correct software module
within the host.
Each of these functions is necessary to send data between two co-operating applications across the
Internet.
IP Host Address:
The Internetwork Protocol identifies hosts with a 32-bit number called IP address or a host address.
To avoid confusion with MAC addresses, which are machine or station addresses, the term IP address
will be used to designate this kind of address. IP addresses are written as four dot-separated decimal
numbers between 0-255.
IP addresses must be unique among all connected machines (are any hosts that you can get over a
network or connected set of networks, including your local area network, remote offices joined by the
company' s wide-area network, or even the entire Internet community).
The Internet Protocol moves data between the hosts in the form of datagrams. Each datagram is de-
livered to the address contained in the destination address of the datagrams header. The Destination
Address is a standard 32-bit IP address that contains sufficient information to uniquely identify a net-
work and a specific host on that network.
If your network is connected to the Internet, you have to get a range of IP addresses assigned to your
machines through a central network administration authority. The IP address uniqueness requirement
differs from the MAC addresses. IP addresses are unique only on connected networks, but machine
MAC addresses are unique in the world, independent of any connectivity. Part of the reason for the
difference in the uniqueness requirement is that IP addresses are 32-bits, while MAC addresses are
48-bits, so mapping every possible MAC address into an IP address requires some overlap. Of
course, not every machine on a Ethernet is running IP protocols, so the many-to-one mapping isn' t as
bad as the numbers might indicate. There are a variety of reasons why the IP address is only 32 bits,
while the MAC address is 48 bits, most of which are historical.
Since the network and data link layer use different addressing schemes, some system is needed to
convert or map the IP addresses to the MAC addresses. Transport-layer services and user processes
use IP addresses to identify hosts, but packets that go out on the network need MAC addresses. The
Address Resolution Protocol (ARP) is used to convert the 32-bit IP address of a host into its 48-bit
MAC address. When a hosts wants to map an IP address to a MAC address, it broadcasts an ARP
request on the network, asking for the host using the IP address to respond. The host that sees its
own IP address in the request returns its MAC address to the sender. With a MAC address, the send-
ing host can transmit a packet on the Ethernet and know that the receiving host will recognise it.
Addressing, Routing, and Multiplexing 58

IP Address Classes:
An IP address contains a network part and a host part, but the format of these parts in not the same in
every IP address.
Class A 0 netid hostid
Class B 1 0 netid hostid
Class C 1 1 0 netid hostid
Class D 1 1 1 0 Multicast
Class E 1 1 1 1 0 Reserved
31 23 15 7 0
Figure 87 shows the IP address classes.
Not all network addresses or host addresses are available for use. The class A addresses, 0 and 127,
that are reserved for special use. Network 0 designates the default route (is used to simplify the rout-
ing information that IP must handle) and network 127 is the loopback address (simplifies network ap-
plications by allowing the local host to be addressed in the same manner as a remote host). We use
the special network addresses when configuring a host.
There are also some host addresses reserved for special use. In all network classes, host number 0
and 255 are reserved. An IP address with all host bits set to zero identifies the network itself. Ad-
dresses in this form are used in routing table listings to refer to entire networks. An IP address with all
bits set to one is a broadcast address (is used to simultaneously address every host on a network). A
datagram sent to this address is delivered to every individual host on that network.
IP uses the network portion of the address to route the datagram between networks. The full address,
including the host information, is used to make final delivery when the datagram reaches the destina-
tion network.
Hosts with the same Hosts with different

netids can netids cannot
communicate communicate
A B C
134.67.32.1 134.67.32.2 135.68.32.3
Figure 88 shows host communication on a local network.
Subnets:
The standard structure of an IP address can be locally modified by using host address bits as addi-
tional network address bits. Essentially, the dividing line between network address bits and host bits is
moved, creating additional networks, but reducing the maximum number of hosts that can belong to
each network. These newly designed network bits define a network within the larger network, called a
subnet. Subnetting allows decentralised management of host addressing. With the standard address-
ing scheme, a single administrator is responsible for managing host addresses for the entire network.
By subnetting, the administrator can delegate address assignment to smaller organisations within the
overall organisation.
Subnetting can also be used to overcome hardware differences and distance limitations. IP routers
can link dissimilar physical networks together, but only if each physical network has its own unique
network address. Subnetting divides a single network address into many unique subnet addresses, so
that each physical network can have its own unique address.

Without Subnetting 1 0 netid hostid
Subnet on Octet Boudary 1 0 netid subnetid hostid
Subnet Not on Octet Boudary 1 0 netid subnetid hostid
31 23 15 7 0
Figure 89 shows IP addresses with and without subnetting.
A subnet is defined by applying a bitmask, the subnetmask, to the IP address. If a bit is on the mask,
that equivalent bit in the address is interpreted as a network bit. If the bit in the mask is off, the bit be-
longs to the host part of the address. The subnet is only known locally. To the rest of the Internet, the
address is still interpreted as a standard IP address.
Hosts with the same Hosts with different

netids and subnetids netids or subnetids
can communicate cannot communicate
A B C
134.67.32.1 134.67.32.2 135.67.33.3

subnet mask 255.255.240.0
Figure 90 shows host communication with subnetting.
Routing:
As networks grow in size, so does the traffic imposed on the wire, which in turn impacts the overall
network performance, including responses. To alleviate such a degradation, network specialist resort
to breaking the network into multiple networks that are interconnected by specialised devices, includ-
ing routers, bridges, and switches.
The routing approach calls on the implementation of various co-operative processes, in both routers
and workstations, whose main concern is to allow for the intelligent delivery of data to its ultimate des-
tination. Data exchange can take place between any workstation, whether or not both belong to the
same network.
A1
Token Ring Router
Gateway G1
X.25
B1
Router
Gateway G2
Ethernet
Figure 91 shows a view of routing.
Figure 91 emphasises that the underlying physical networks that a datagram travels through may be
different and even incompatible. Host A1 on the Token Ring network routes the datagram through
gateway G1, to reach host B1 on the Ethernet. Gateway G1 forwards the data through the X.25 net-
work to gateway G2, for delivery to B1. The datagram traverses three physical different networks, but
eventually arrives intact at B1.

A good place to start when discussing routers is with a through discussion of the addresses, including
MAC addresses, network addresses, and the complete addresses.
The Routing Table:
To perform its function reliably, the routing process is equipped with the capability to maintain a road
map depicting the entire internetwork of which it is part. This road map is commonly referred to as the
routing table, and it includes routing information depicting every known network is, and how it can be
reached. The routing process builds and maintains the routing table by employing a route discovery
process known as the Routing Information Protocol (RIP).
Routers should be capable of selecting the shortest path connecting two networks. Routers discover
the road map of the internetwork by dynamically exchanging routing information among themselves or
by being statically configured by network installers, or both. The dynamic exchange of routing informa-
tion is handled by yet another process besides the routing process itself. In the case of TCP/IP, IP
handles the routing process, whereas RIP handles the route discovery process.
Internet Routing Architecture:
When a hierarchical structure is used, routing information about all of the networks in the internet is
passed into the core gateway (a central delivery medium to carry long distance traffic). The core gate-
way process this information, and then exchange it among themselves using the Gateway-to-Gateway
Protocol (GGP). The processed routing information is then passed back out to the external gateways.
Internet Core
Router
Gateway Router
Gateway
Autonomous Autonomous
Core Gatway
System System
External Gatway
Figure 92 shows the Internet Routing Architecture.
Outside of the Internet Core are groups of independent networks called Autonomous Systems (AS), it
is a collection of networks and gateways with its own internal mechanism for collection routing infor-
mation and passing it to other network systems.
The Routing Table:

Gateways route data between networks, but all network devices, hosts as well as gateways, must
make routing decisions.
For most hosts, the routing decisions are simple:

• If the destination is on the local network, the data is delivered to the destination host.
• If the destination is on the remote network, the data is forwarded to a local gateway.

Because routing is network oriented, IP makes routing decisions based on the network portion of the
address. The IP module determines the network part of the destination' s IP address by checking the
high-order bits of the address to determine the address class. The address class determines the por-
tion of the address that IP uses to identify the network. If the destination network is the local network,
the local subnet mask is applied to the destination address.
After determining the destination network, the IP module looks up the network in the local routing ta-
ble. Packets are routed toward their destination as directed by the routing table. The routing table may
be built by the system administrator or by routing protocols, but the end result is the same, IP routing
decisions are simple table look-ups.
Route Datagram
Destination
Yes
and Source Network
ID Match
No
Specific Route Yes

Found in RIT
No
Route to
Network Found in
RIT
No
No Default Route
Defined
Yes
Declare Failure: Deliver to Deliver Directly

ICMP Host Unreachable Next Router to Designated Host
Figure 93 shows a flowchart depiction of the IP routing algorithm.
You can display the routing table'

s contents with the netstat -r command.
The netstat command displays a routing table containing the following fields:
• Destination : The destination network or host.
• Gateway : The gateway to use to reach the specified destination.
• Flags : The flags describe certain characteristics of this route.
U: Indicates that the route is up and operational.
H: Indicates this is a route to a specific host.
G: Means the route uses a gateway.
D: Means that this route was adds because of an ICMP redirect.
• Refcnt : Shows the number of times the route has been referenced to establish a
connection.
• Use : Shows the number of packets transmitted via this route.
• Interface : The name of the network interface used by this route.
All of the gateways that appear in a routing table are networks directly connected to the local system.
A routing table does not contain end-to-end routes. A rout only points to the next gateway, called the
next hop, along the path to the destination network. The host relies on the local gateway to deliver the
data, and the gateways relies on the other gateways. As a datagram moves from one gateway to an-
other, it should eventually reach one that is directly connected to its destination network, It is this last
gateway that finally delivers the data to the destination host.

Address Resolution:
The IP address and the routing table direct a datagram to a specific physical network, but when the
data travels across a network, it must obey the physical layer protocol used by that network. The
physical networks that underlay the TCP/IP network do not understand IP addressing. Physical net-
works have their own addressing schemes. and there are as many different addressing schemes as
there are different types of physical networks. One task of the network access protocols is to map IP
addresses to physical network addresses.
134.67.32.1 134.67.32.2 134.67.32.3
ARP request frame (broadcast)
ARP repley frame to 134.67.32.1
Figure 94 show the operation of ARP.
The most common example of this network access layer function is the translation of IP addresses to
Ethernet addresses. The protocol that performs this function is Address Resolution Protocol (ARP).
Hardware Type (16 bits)

Protocol Type (16 bits)
Protocol Address Hardware Address
Length Length
Operation Code (16 bits)
Sender Hardware Address
Sender IP Address
Recipient Hardware Address
Recipient IP Address
Figure 95 shows the layout of an ARP request or ARP reply.
In figure 95, when an ARP request is sent, all fields in the layout are used except the Recipient Hard-
ware Address (which the request is trying to identify). In an ARP reply, all the fields are used. The
fields in the ARP request and reply can have several values.
The ARP software maintains a table of translations between IP addresses and Ethernet addresses.
This table is built dynamically. When ARP receives a request to translate an IP address, it checks for
the address in its table. If the address is found, it returns the Ethernet address in its table. If the ad-
dress is not found in the table, ARP broadcast a packet to every host on the Ethernet. The packet con-
tains the IP address for which an Ethernet address is sought. If a receiving host identifies the IP ad-
dress as its own, it responds by sending its Ethernet address back to the requesting host. The re-
sponse is then cached in the ARP table.
The arp -a command display all the contents of the ARP table.
Routing Routing
Domain Domain
Routing
Domain
Figure 96 shows Routing Domains

RARP:
The Reverse Address Resolution Protocol (RARP), is a variant of the address resolution protocol.
RARP also translates addresses, but in the opposite direction. It converts Ethernet addresses to IP
addresses. The RARP protocol really has nothing to do with routing data from one system to another.
RARP helps configure diskless systems by allowing diskless workstations to learn their IP address.
The diskless workstations uses the Ethernet broadcast facility to ask which IP address maps to its
Ethernet address. When a server on the network sees the request, it looks up the Ethernet address in
the table. If it finds a match, the server replies with the workstation'
s IP address.
Source Destination
Host Host
134.268.67.3 134.268.67.5
00003E2D1C0B 0000B3C2D1E0
Ethernet
Dest. Address Source Address

Preamble Type Data FCS
00003E2D1C0B 0000B3C2D1E0
Version IHL Type of Service Total Length

Identification Flag Fragment Offset
Time-to-live Protocol Header Checksum
Source Address (134.268.67.3)
Destination Address (134.268.67.5)
Options Padding
Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the
Ethernet data frame.
In figure 97, Shaded fields correspondent to the destination and source address of host A, (the
sender) and Host B (the receiver).
Protocols, Ports, and Sockets:
Once data is routed through the network and delivered to a specific host, it must be delivered to the
correct user or process. As the data moves up or down the layers of TCP/IP, a mechanism is needed
to deliver data to the correct protocols in each layer. The system must be able to combine data from
many applications into a few transport protocols, and from the transport protocols into the Internet Pro-
tocol. Combining many sources of data into a single data stream is called multiplexing. Data arriving
from the network must be demultiplexed, divided for delivery to multiple processes. To accomplish
this, IP uses protocol numbers to identify transport protocols, and the transport protocols use port
numbers to identify applications.
Telnet
port 23
TCP
protocol 6
Internet Protocol
destination address 134.67.32.3

Header
Words
3 Time-to-live Protocol (6) Header Checksum

4 Source Address
5 Destination Address (134.67.32.3)
6 Options Padding (23)
Figure 98 shows Protocol and Port Numbers.

SMTP FTP Telnet TFTP SNMP NFS Application Layer
TCP UDP Transport Layer
IP ICMP Internet Layer
RARPD MAC Driver RARP

NIC
Figure 99 shows the protocol interdependency between Application level protocols and Transport level
protocols.
Protocol Numbers:
Is a single byte in the header of the datagram. The value identifies the protocol in the layer above IP to
which the data should be passed.
Port Numbers:
A host may have many TCP and UDP connections at any time. Connections to a host are distin-
guished by a port number, which serves as a sort of mailbox number for incoming datagrams. There
may be many processes using TCP and UDP on a single machine, and the port numbers distinguish
these processes for incoming packets. When a user program opens a TCP or UDP socket, it gets
connected to a port on the local host. The application may specify the port, usually when trying to
reach some service with a well-defined port number, or it may allow the operating system to fill in the
port number with the next available free port number.
After IP passes incoming data to the transport protocol, the transport protocol passes data to the cor-
rect application process. Application processes are identified by port numbers, which are 16-bit values.
The source port number, which identifies the process that sent the data, and the destination port num-
ber, which identifies the process that is to receive the data are contained in the header of each TCP
segment and UDP packet.
Port numbers are not unique between transport layer protocols, the numbers are only unique within a
specific transport protocol. It is the combination of protocol and port numbers that uniquely identifies
the specific process the data should be delivered to.
Telnet SMTP FTP SNMP Echo
Application Layer 23 25 21 161 7 Port Number
Presentation Layer
Session Layer
Transport Layer TCP 6 17 UDP Protocol Number
Network Layer
Physical Layer
Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the tar-
geted TCP/IP applications.
In figure 100, if a data packet arrives specifying a transport protocol of 6, it is forwarded to the TCP
implementation. If the packet specifies 17 as the required protocol, the IP layer would forward the
packet to the programs implementing UDP.

Source Destination
3044,23
23,3044
3044,23
23,3044
134.67.32.1 134.268.67.1
Figure 101 shows the exchange of port numbers during the TCP handshake.
In figure 101, the source host randomly generates a source port, in this example 3044. It sends out a
segment with a source port of 3044 and a destination port of 23. The destination host receives the
segment, and responds back using 23 as it source port and 3044 as its destination port.
Sockets:
Well-known ports are standardised port numbers that enables remote computers to know which port
to connect to for a particular network service. This simplifies the connection process because both the
sender and the receiver know in advance that data bound for a specific process will use a specific
port.
There is a second type of port number called a dynamically allocated port. As the name implies, this
ports are not pre-assigned. They are assigned to processes when needed. The system ensures that it
does not assign the same port number to two processes, and that the number assigned are above the
range of standard port numbers. She provide the flexibility needed to support multiple users.
The combination of an IP address and a port number is called a socket. A socket uniquely identifies a
single network process within the entire internet. One pair of sockets, one socket for the receiving host
and one for the sending host, define the connection for connection-oriented protocols such as TCP.
Names and Addresses:
Every network interface attached to a TCP/IP network is defined by a unique 32-bit IP address. A
name, called a host name, can be assigned to any device that has an IP address. Names are as-
signed to devices because, compared to numeric Internet addresses, names are easier to remember
and type correctly. The network software doesn' t require names, but they do make it easier form hu-
mans to use the network. In most cases, host names and numeric addresses can be used inter-
changeably. Whether a command is entered with an address or a host name, the network connection
always takes place based on the IP address. The system converts the host name to an address be-
fore the network connection is made. The network administrator is responsible for assigning names
and addresses and storing them in the database used for the conversion. There are two methods for
translating names into addresses. The older method simply looks up the host name in a table called
the host table. The newer technique uses a distributed database system called Domain Name Service
(DNS) to translate names to addresses.
The Host Table:

Is a simple text file that associates IP addresses with host names. Most systems have a small host
table containing name and address information about the important hosts on the local network. This
small table is used when DNS is not running, such as during the initial system start-up. Even if you use
DNS, you should create a small host file containing entries for your host, for localhost, and for the
gateway and servers on your local net. Sites that use NIS use the host table as input to the NIS host
database. You can use NIS in conjunction with DNS, but even when they are used together, most NIS
sites create host tables that have an entry for every host on the local network. Hosts connected to the
Internet should use DNS.

The Network Information Centre (NIC) Host Table:

Maintain a large table of Internet hosts, which is stored on the host. The NIC places host names and
addresses into the file for all sites on the Internet. The NIC table contains three types of entries: Net-
work records, gateway records, and host records.
NET : 134 . 67 . 32 . 0 : NetworkName :
HOST : 134 . 67 . 32 . 1 : HostName : Computer : OS : Service
GATEWAY : 134 . 67 . 32 . 250 , 134 , 67 , 32 , 251 : GatewayName : Computer : OS : Service
Figure 102 shows the format of the Host.txt records.
In figure 102, each record begins with a keyword (NET, HOST or GATEWAY) that identifies the record
type, followed by an IP address, and one or more names associated with the address. The IP ad-
dresses and host names from the Host record are extracted to construct the /etc/hosts file. The net-
work addresses and names from the NET records are used to create the etc/networks file.
Domain Name Service (DNS):

It is a distributed database system that doesn' t bog down as the database grows. It guarantees that
new host information will be disseminated to the rest of the network as it is needed to those who are
interested. If a DNS server receives a request for information about a host for which it has no informa-
tion, it passes on the request to an authoritative server (is any server responsible for maintaining accu-
rate information about the domain which is being queried). When the authoritative server answers, the
local server saves (caches) the answer for future use. The next time the local server receives a re-
quest for this information, it answers the request itself. The ability to control host information from an
authoritative source and to automatically disseminate accurate information makes DNS superior to the
host table, even for small networks not connected to the Internet.
Application
address
Name
Host
IP
Resolver
Response
Query
query for address of alex.firm.be

root
referral to be domain name server Name Server

Name be
Server referral to be domain name server Name Server

firm.be
IP address of alex.firm.be Name Server
Figure 103 shows resolution of a DNS query.
The Domain Hierarchy:

DNS is a distributed hierarchical system for resolving host names into IP addresses. Under DNS,
there is no central database with all of the Internet host information. The information is distributed
among thousands of name servers organised into a hierarchy. DNS has a root domain at the top of
the domain hierarchy that is served by a group of name servers called the root server. Information
about a domain is found by tracing pointers from the root domain, through subordinate domains, to the
target domain. Directly under the root domain are the top level domains. There are two basic types of
top-level domains, geographic and organisational.

. (root)
edu com net org int gov mil
firm ...
sales R&D ... ...
Figure 104 shows Domain Hierarchy.
Creating Domains and Subdomains:
The Network Information Centre has the authority to allocate domains. To obtain a domain, you apply
to the NIC for authority to create a domain under one of the top-level domains. Once the authority to
create a domain is granted, you can create additional domains, called subdomains, under your do-
main.
Domain Names:
Reflect the domain hierarchy. Domain names are written from most specific, a host name, to least
specific, a top-level domain, with each part of the domain name separated by a dot (<host
name>.<subdomain>.<domain>).
..
edu com net org int gov mil AU ... US ... ZW

Generic World Wide Domains Generic US only Country
AK AL AZ ... ... ... ... ... ... ... ... ... ... ... ... ... ... ... WY
States
Figure 105 shows organisation of the DNS name space.
Network Information Service (NIS):

Is an administrative database system that provides central control and automatic dissemination of im-
portant administrative files, NIS can be used in conjunction with DNS, or as an alternative to it. NIS
and DNS have some similarities and some differences. Like DNS, the NIS overcomes the problem of
accurately distributing the host table, nut unlike DNS, it only provides service for the local area net-
works. NIS is not intended as a service for the Internet as a whole. Another difference is that NIS pro-
vides access to a wider range of information than DNS. As its name implies, NIS provides much more
than name-to-address conversion. It converts several standard UNIX files into databases that can be
queried over the network. These databases are called NIS maps.
NIS provides a distributed database system for common configuration files. NIS servers manage cop-
ies of the database files, and NIS clients request information from the servers instead of using their
own, local copies of these files. Once NIS is running, simply updating the NIS server ensures that all
machines will be able to retrieve the new configuration file information
A major problem in running a distributed computing environment is maintaining separate copies of

common configuration files such as the password, group, and hosts files. Ideally, the network should
be consistent in its configuration, so that users don't have to worry about where they have accounts or
if they'
ll be able to find a new machine on the network. Preserving consistency, however, means that
every change to one of these common files must be propagated to every host on the network. The
Network Information Service (NIS) addresses these problems. It is a distributed database system that
replaces copies of commonly replicated configuration files with a centralised management facility. In-
stead of having to manage each host' s files, you maintain one database for each file on one central
server. Machines that are using NIS retrieve information as needed from these database. If you add a
new system to the network, you can modify on file on a central server and propagate this change to

the rest of the network, rather than changing the hosts file for each individual host on the network. Be-
cause NIS enforces consistent views of files on the network, it is suited for files that have no host-
specific information in them. Files that are generally the same on all hosts in a network, fit the NIS
model of a distributed database nicely. NIS provides all hosts information from its global database.
Master, Slaves, and Clients:

NIS is built on the client-server model. An NIS server is a host that contains NIS data files,
called maps. Clients are hosts that request information from these maps. Servers are further
divided into master and slave servers: The master server is the true single owner of the map
data. Slave NIS servers handle client requests, but they do not modify the NIS maps. The
master server is responsible for all map maintenance and distribution to its slave servers.
Once an NIS map is built on the master to include a change, the new map file is distributed to
all slave servers. NIS clients see these changes when the perform queries on the map file, it
doesn' t matter whether the clients are talking to a master or a slave server, because once the
map data is distributed, all NIS servers have the same information.
NIS
Master Server
Map Transfers
NIS Requests
NIS NIS
Slave Server Slave Server
Client Client Client Client
Figure 106 shows NIS masters, slaves, and clients.
With the distinction between NIS servers and clients firmly established, we can see that each
system fits into the NIS scheme in one of three ways:
• Client only: This is a typical of desktop workstations, where the system administrator tries
to minimise the amount of host-specific tailoring required to bring a system onto the net-
work. As an NIS client, the host gets all of its common configuration information from an
extant server.
• Server only: While the host services client request for map information, it does not use NIS
for its own operation. Server-only configuration may be useful when a server must provide
global host and password information for the NIS clients, but security concerns prohibit the
server from using these same files. However, bypassing the central configuration scheme
opens some of the same loopholes that NIS was intended to close. Although it is possible
to configure a system to be an NIS server only, we don' t recommend it.
• Client and server: In most cases, an NIS server also function as an NIS client so that its
management is streamlined with that of other client-only hosts.
Most precisely, a domain is a set of NIS maps. A client can refer to a map from any of several
different domains. Most of the time, however, any given host will only look up data from one
set of NIS maps. Therefore, it' s common to use the term domain to mean the group of sys-
tems that share a set of NIS maps. All systems that need to share common configuration in-
formation are put into an NIS domain. Although each system can potentially look up informa-
tion in any NIS domain, each system is assigned to a default domain, meaning that the sys-
tem, by default, looks up information from a particular set of NIS maps. It is up to the adminis-
trator to decide how many different domains are needed.
An interruption in NIS service affects all NIS clients if no other servers are available. Even if
another server is available, clients will suffer periodic slowdowns as the recognise the current
server is down and hunt for a new one.

A second imperative for NIS servers is synchronisation. Clients may get their NIS information
from any server, so all servers must have copies of every map file to ensure proper NIS op-
eration. Furthermore, the data in each map file on the slave servers must agree with that on
the master server, so that NIS clients cannot get out-of-data or stale data. NIS contains sev-
eral mechanisms for making changes to map files and distributing these changes to all NIS
servers on a regular basis.
Remote Procedure Call (RPC):
Provides a mechanism for one host to make a procedure call that appears to be part of the local proc-
ess but is really executed on another machine on the network. Typically, the host on which the proce-
dure call is executed has resources that are not available on the calling host. This distribution of com-
puting services imposes a client/server relationship on the two hosts: The host owning the resource is
a server for that resource, and the calling host becomes a client of the server when it needs access to
the resource. The resource might be a centralised configuration file (NIS) or a shared filesystem
(NFS).
Instead of executing the procedure on the local host, the RPC system bundles up the arguments
passed to the procedure into a network datagram. The exact bundling method is determined by the
presentation layer, described in the next section. The RPC client creates a session by locating the ap-
propriate server and sending the datagram to a process on the server that can execute the RPC. On
the server, the arguments are unpacked, the server executes the result, packages the result (if any),
and sends it back to the client. Back on the client side, the reply is converted into a return value for the
procedure call, and the user application is reentered as if a local procedure call has completed. RPC
services may be built on either TCP or UDP transports, although most are UDP-oriented because the
are centred short-lived requests. Using UDP also forces the RPC call to contain enough context infor-
mation for its execution independent of any other RPC request, since UDP packets may arrive in any
order, if at all.
When an RPC call is made, the client may specify a time-out period in which the call must complete. If
the server is overloaded or has crashed, or if the request is lost in transit to the server, the remote call
may not be executed before the time-out period expires. The action taken upon an RPC times varies
by application, some resend the RPC call, while others may look for another server.
Remote Procedure Call Execution:
User Process
ruser (host)
RPC Server
ruser (host) library call RPC server code

encode arguments decode arguments
RPC client code execute ruser() locally
decode return value encode return value
Figure 107 shows Remote Procedure Call Execution.
External Data Representation (XDR):
Is built on the notion of an immutable network byte ordering, called the canonical form. It isn'
t really
important what the canonical form is, your systems may or may not use the same byte ordering and
structure packing conventions. This form simply allows network hosts to exchange structured data
independently of any peculiarities of a particular machine. All data structures are converted into the
network byte ordering and padded appropriately.
The rule of XDR is sender makes local canonical, receivers makes canonical local. Any data that goes
over the network is in canonical form. A host sending data on the network converts it to canonical
form, and the host that receives the data converts it back into its local representation. A different way
to implement the presentation layer might be receiver makes local. In this case, the sender does noth-

ing to the local data, and the receiver must deduce the packing and encoding technique and convert it
into the local equivalent, While this scheme may send less data over the network, it places the burden
of incorporating a new hardware architecture on the receiving side, rather than on the new machine.

An overview of TCP/IP components:
Many of the descriptions included in this section are intended to give you only the basic.
Internet Protocol (IP):
IP is responsible for several tasks, most importantly determining a route to the description. In addition,
IP is responsible for the packing of messages into small network-transportable packets, called data-
grams. IP is used with almost all TCP protocols, sitting at the bottom of the TCP protocol stack just
above the network-layers. IP has no control over whether messages sent and received are intact. All
IP does is handle the sending and receiving, leaving it up to the next higher layer, usually TCP or UDP,
to take care of any problems that occur with lost or damaged data.
Internet Control Message Protocol (ICMP):
ICMP is a special form of IP used to handle error and status messages between IP layers on different
machines. Whenever one IP layer has to send information to another, it uses ICMP. Also, whenever IP
software detects an error of some sort, it uses ICMP to send reports to the other machine. Probably
the most common use of ICMP is for the ping command, which checks whether a machine is respon-
sive by sending a small ICMP message to the machine and waiting for a reply.
Transmission Control Protocol (TCP):
TCP is used primarily to verify that whatever was sent by the sending machine is received intact by the
destination. TCP is called a reliable delivery protocol, meaning that it makes sure everything sent was
received properly. TCP adds a header to the front of each message that contains checksums, num-
bering, and other reliability information to ensure that every packet sent is received without modifica-
tion. If there is a transmission problem, TCP takes care of resending the information.
TCP sits between the application and the IP layer on each machine, acting as a packaging layer for
application data and a delivery mechanism of sending packets to an application. TCP usually runs with
IP, but it can work with other protocols.
TCP is a connection-based protocol, meaning that the sending and the destination machines commu-
nicate with each other by sending status messages back and forth. If the connection is lost because of
routing problems or machine failures, errors are sent to the applications that use TCP. Some service
use TCP to maintain a connection between two machines, notably FTP or Telnet, both of which enable
you to move files and commands back and forth between two machines as if you were logged into
both at the same time.
User Datagram Protocol (UDP):
UDP is an alternative to TCP. It is a connection-less protocol, meaning that the sending and receiving
machine are not constantly connected to each other. They can send status messages back and forth
to indicate reception of packets, but there is no constant connection maintained.
UDP is used by services that do not require a connection, such as the TFTP, DNS, NFS, and RPC.
Because of the lack of a connection, UDP is often thought of as a less reliable delivery protocol than
TCP, although other protocols can pick up the tasks that TCP offers. UDP sits in the layer between the
applications and IP. UDP usually uses IP to handle its packets.
An overview of TCP/IP components 72

Telnet:
The Telnet service provides a remote login capability. This lets a user on one machine log into another
machine and act as if they are directly in front of the second machine. The connection can be any-
where on the local network, or on another network anywhere in the world, as long as the user has
permission to log into the remote system. Telnet uses TCP to maintain a connection between two ma-
chines.
File Transfer Protocol (FTP):
FTP enables a file on one system to be copied to another system. Users don' t actually log in as full
users to the machine they want to access but instead use the FTP service to provide access. The re-
mote machine must be set up with the permissions necessary to provide the user access to the files.
FTP uses TCP to create and maintain a connection between source and destination machines. Once
the connection to a remote machine has been established, FTP enables you to copy one or more files
to your machine. The term transfer implies that the file is moved from one system to another, but the
original is not affected, files are copied from one system to another.
Simple Mail Transfer Protocol (SMTP):
SMTP is one protocol used for transferring electronic mail. Transparent to the user. SMTP connects to
different machines and transfers mail messages, much like FTP transfers files.
Domain Name System (DNS):
DNS enables a device with a common name to be converted to a special network address. DNS pro-
vides the conversion from a common local name to the unique physical address of the device'
s net-
work connection.
Simple Network Management Protocol (SNMP):
SNMP is a network management protocol. SNMP uses UDP as a transport mechanism. SNMP relies
on several terms from TCP/IP standard specifications, working with managers and agents instead of
clients and servers. An agent provides information about a device, whereas a manager communicates
across the network.
Network File Server (NFS):
NFS is used to transparently enable multiple machines to access each other' s directories. NFS ac-
complishes this by using a distributed filesystem scheme. NFS systems are common in large corpo-
rate environments.
Remote Procedure Calls (RPC):
RPC are programming functions that enable an application to communicate with another machine, the
server. They provide the programming functions, return codes, and predefined variables to support
distributed computing.

Trivial File Transfer Protocol (TFTP):
TFTP is a very simple, unsophisticated file transfer protocol that lacks ant security. It uses UDP as a
transport. Although not as sophisticated or as fast as FTP, TFTP can be used on many systems that
do not enable FTP access. In some ways, TFTP can be analogous to an e-mail message requesting
and receiving a file instead of a text body.
BOOT Protocol (BOOTP):
The BOOT Protocol, called BOOTP, is used to start up machines on a network that do not have their
own hard drives or storage devices containing operating systems and network information. BOOTP is
used for X-terminals and other diskless workstations.
Address Resolution Protocol (ARP):
ARP is one of several protocols that helps determine addresses on a network. ARP works with IP to
set routes to a destination. ARP converts an IP address to a network interface hardware address.
Reverse address Resolution Protocol (RARP):
RARP as its name suggest, is the reverse process of ARP. RARP uses a network interface hardware
address and from that produces the IP address, whereas ARP produces the IP address from the
hardware address.
Network Time Protocol (NTP):
NTP is used to synchronise clocks across a network. This is important because many packets have a
prespectified amount of time to reach their routes. If a clock on one machine is inaccurate, the timers
in the packet might expire prematurely. Time is also used to build efficient routing tables that let IP
determine the fastest route to a destination.

The TCP/IP Family of Protocols:
The protocols that make up the TCP/IP family can be divided into groups of similar functionality for
convenience.
Application Layer SMTP FTP Telnet TFTP NFS RPC

DNS SNMP
Transport Layer TCP UDP
Routing ARP,
Internet Layer IP ICMP
Protocol RARP
Network Access Layer ATM, Ethernet II, IEEE 802.x, ISDN, X.25, etc.
Figure 108 shows the TCP/IP family tree.
Transport:
Protocols that control the movement of data between two machines.
• TCP (Transport Control Protocol): A connection-based service, meaning that the sending and re-
ceiving machines are communicating with each other at all times.
• UDP (User Datagram Protocol): A connection-less service, meaning that the two machines are not
communicating with each other.
Routing:
Protocols that handle the addressing of data and determine the best routing to the destination. They
also handle the breaking up and reassemble of larger messages.
• IP (Internet Protocol): Handles the actual transmission of data.

• ICMP (Internet Control Message Protocol): Handles status messages for IP, such as errors and
network changes that can affect routing.
• RIP (Routing Information Protocol): One of several protocols that determines the best routing
method.
• OSPF (Open Shortest Path First): An alternate protocol for determining routing.
Network Address:
These protocols handle the way machines are addressed, both by a unique number and a more com-
mon symbolic name.
• ARP (Address Resolution Protocol): Determines the unique numeric addresses of the machine on
the network.
• DNS (Domain Name System): Determines numeric addresses from machine names.
• RARP (Reverse Address Resolution Protocol): Determines addresses of machines on the network,
but in a manner backward from ARP.
The TCP/IP Family and Protocols 75

User services:
These are applications to which users have direct access.
• BOOTP (BOOT Protocol): Starts up a network machine by reading the boot information from a
server.
• FTP (File Transfer Protocol): Transfers files from one machine to another without excessive over-
head. Uses TCP as the transport.
• TFTP (Trivial File Transfer Protocol): A simple file transfer method that uses UDP as the transport.
• Telnet: Enables remote logins so that users on one machine can connect to another machine and
behave as if they are sitting at the remote machine'
s keyboard.
Gateway Protocols:
These protocols help the network communicate routing and status information.
• EGP (Exterior Gateway Protocol): Transfers routing information for external networks.
• GGP (Gateway-to-Gateway Protocol): Transfers routing information between Internet gateways
• IGP (Interior Gateway Protocol): Transfer routing information for internal networks.
Others:
Services that don'

t fall into any of the preceding categories.
• NFS (Network File System): Enables directories on one machine to be mounted on another ma-
chine, then accessed by users as if they were on the local machine.
• NIS (Network Information Service): Maintains user accounts across networks simplifying logins and
password maintenance.
• RPC (Remote Procedure Call): Enables remote applications to communicate with each other using
function calls.
• SMTP (Simple Mail Transfer Protocol): A protocol for transferring electronic mail between ma-
chines.
• NTP (Network Time Protocol): Used to synchronise clocks of machines on a network.
• SNMP (Simple Network Management Protocol): An administrator'
s service that sends status mes-
sages about the network and devices attached to it.
The TCP/IP Family and Protocols 76

Implementing TCP/IP:
• The standard interface defined by Microsoft is the Network Device Interface Specification (NDIS).
• The standard interface defined by Novell is the Open Datalink Interface (ODI).
These are different and incompatible specifications. Both of these driver interface standards allow
multiple protocol stacks to be run on the same PC. This means that TCP/IP can share a single net-
work interface with another protocol. such as NetWare, when an NDIS or ODI driver is used.
Multiple Protocol Stacks:
TCP/IP NetWare
Applications Services
TCP/IP Workstation
Protocols Shell
ODI Novell IPX
Converter Protocols
Link Support Layer
Multiple Link Interface Driver
Network Interface Card
Figure 109 shows Multiple Protocol Stacks.
• To build complex static routes, use the ROUTE command:
ROUTE [-f] [command [destination] [MASK netmask] [gateway] ]

-f : Flush all of the routes from the routing table.
command : Specifies the action that the command should take ADD, DELETE,
CHANGE or PRINT
destination : This is the network host that is reached trough this route
MASK netmask : Is applied to the address provided in the destination field to determine the
true destination of the route. If a bit in the netmask is set to 1, the corre-
sponding bit in the destination field is a significant bit in the destination ad-
dress. For example, a destination of 134.239.96,1 with a netmask of
255.255.0.0 defines the route to network 134.239.0.0, but the same destina-
tion with a mask 255.255.255.255 defines the route to the host
134.239.96.1. If no value is specified for the netmask, it defaults to
255.255.255.255.
gateway : This is the IP address of the gateway for this route
• To build complex dynamic routes, use IP Routing:
NetBIOS and the associated protocol NetBEUI (NetBIOS Extended User Interface) have long been
the basis of Microsoft'
s networking strategy.
Implementing TCP/IP 77
Basic Input Output System (BIOS):
It is the part of DOS that defines the I/O calls that applications use to request DOS I/O services. Net-
BIOS extends this to include calls that support I/O over a network. NetBIOS is an Application Pro-
gramming Interface (API) that defines how an application program request services from the underly-
ing network. NetBEUI includes the NetBIOS API, the Service Message Block (SMB) protocol, and the
NetBIOS Frame (NBF) protocol. SMB is an API that defines how applications ask for network services,
but NetBEUI is not just an API. It also includes the NBF protocol that builds NetBIOS frames for
transmission over the network. NetBIOS is not just used to refer to the API, it is frequently used to re-
fer to any network that uses NetBIOS.
NetBIOS requires very little memory and runs on any type of PC equipment. It is a fast, lightweight
protocol suitable for small LAN’s. NetBIOS is only suitable for LAN applications, it cannot be used by
itself for a WAN or an enterprise network because it is a non-routable protocol (the protocol cannot be
passed through routers, she can only be passed on a single physical network, it has no routing proto-
col and no independent address structure), and it depends on an underlying broadcast medium (it
cannot be used over serial lines, point-to-point networks, or internets built from dissimilar physical
networks).
NetBIOS over TCP/IP (NBT):
Is a standard protocol, by encapsulating the NetBIOS messages inside TCP/IP datagrams. It is based
on the B-node (is an end node that uses broadcast messages to register its name and to request the
names of other systems on the network) architecture. The NetBIOS messages are encapsulated in
UDP messages and sent using the IP broadcast address. In effect, IP acts as the broadcast medium
for the NetBIOS protocol.
The B-node architecture doesn't address the problem of broadcast dependence, so NBT loads a
cache with NetBIOS-name-to-IP-address mappings from the LMHOSTS file.
In the B-node model, broadcast are only needed for name resolution. Other messages are addressed
directly to the remote host. Therefore, broadcasts are only needed for names that cannot be resolved
by other means. NBT also uses a name cache to further improve performance. The name cache pro-
vides information about computers that cannot respond to a broadcast. These are computers located
outside of the broadcast area, including computers located behind routers or on non-broadcast links.
Broadcasts continue to be used to local computers, so no entries need to be made for them in the
LMHOSTS file. This keeps the file small and permits it to be cached in memory.
Encapsulating NetBIOS inside IP datagrams reduces the performance and increase the complexity of
the protocol. Both protocols requires some level of configuration, whether it is the address for IP or he
LMHOSTS file for NetBIOS.
• NetBIOS-specific information are the hostname, and are the workgroup name.
• NBT-specific information are the scope ID (limits communication between NBT hosts, it
limits access and prevents the resources being offered by a system from being seen by
systems with a different scope ID), and the location from which the LMHOSTS file should
be imported.
Windows Internet Name Service (WINS):
It is a protocol to provide name service for NetBIOS names. The advantage of WINS is that it dynami-
cally learns names and addresses from the transmission on the network, and that it can be dynami-
cally updated by DHCP. The disadvantage is that it requires an NT server, and it is primarily a Net-
BIOS service. It is generally not used on TCP/IP networks.
DNS Windows Name Resolution:
Can be used to map a NetBIOS name to an IP address, but only if the NetBIOS name and the Internet
hostname of the computer are the same. It is a good idea to always make the NetBIOS name and the
hostname the same on every system
LMHOSTS File Lookup:
Is a simple flat file that associates NetBIOS names with IP addresses.
#PRE Causes the entry to be pre-loaded into the cache and permanently retained there. Nor-
mally entries are only cached when they are used for name resolution and are only re-
tained in the cache for a few minutes. Use #PRE to speed up address resolution for fre-
quently used hostnames.
#DOM Domain identifies NT domain controllers.
#INCLUDE File specifies a remote file that should be incorporated in the local LMHOSTS file. This
allows a centrally maintained LMHOSTS file to be automatically loaded. To provide re-
dundant sources for LMHOSTS, enclose a group of #INCLUDE commands inside a pair
of #BEGIN_ALTERNATE and #END_ALTERNATE statements. The system tries the vari-
ous sources in order and stops as soon it successfully downloads one copy of the
LMHOSTS file.
134.268.67.1 SERVER01 #PRE

134.268.67.2 SERVER02 #PRE #DOM:DOMAIN01
134.268.67.3 SERVER03
#BEGIN_ALTERNATE
#INCLUDE \\ SERVER01 \ADMIN\lmhosts
#INCLUDE \\ SERVER02\ADMIN\lmhosts
#END_ALTERNATE
The system first checks the LMHOSTS file and then issues a DNS query if the NetBIOS name is not
found in the file. Many systems use a small LMHOSTS file to provide the addresses of important serv-
ers.
TCP/IP Applications:
Ping, Telnet, FTP, NFS, SMTP, enz..
Reverse Address Resolution Protocol (RARP):
Is a protocol that converts a physical network address into an IP address. This is the reverse of what
Address Resolution Protocol (ARP) does. Address Resolution Protocol maps an IP address to a
physical address so that data can be delivered over a physical network. It does this by broadcasting an
ARP packet that contains the IP address in question. When a system receives an ARP packet that
contains its IP address, it responds with a packet that contains its physical network address, e.g. its
Ethernet address.
Reverse Address Resolution Protocol (RARP) maps a physical address to an IP address for a system
that doesn't know its own IP address. The client uses the broadcast services of the physical network to
send out a packet that contains the client's physical network address, and asks if any system on the
network knows what IP address is associated with the address. The RARP server responds with a
packet that contains the client'
s IP address.
RARP is a useful tool, but it only provides the IP address. There are still several other values (the sub-
net mask, default gateway, the list of name servers, and the broadcast address) that need to be
manually configured.
Bootstrap Protocol:
Is an alternative to RARP, and when is used, RARP is not needed. BOOTP is a more comprehensive
configuration protocol than RARP. It provides much more configuration information, and it continues to
evolve to provide ever more comprehensive information. Over time they have expanded to become
the Dynamic Host Configuration Protocol (DHCP).
The BOOTP client broadcasts a single packet called a BOOTREQUEST packet that contains, at a
minimum, the client's physical network address. The client sends the broadcast using the address
255.255.255.255, which is a special address called the limited broadcast address. The clients wait for
a response from the server, and if one is not received within a specified time interval, the client re-
transmits the request. The server responds to the client'
s request with a BOOTREPLY packet.
OpCode HTYPE HLEN HOPS 8 bits each

Transaction Identification Number 32 bits
Seconds unused 16 bits each
Client IP Address 32 bits
Machine IP Address 32 bits
Server IP Address 32 bits
Gateway IP Address 32 bits
Client Hardware Address Up to 128 bits
Server Host Name Up to 512 bits
Boot File Name Up to 1024 bits
Vendor-specific Information Up to 512 bits
Figure 110 shows the BOOTP message format.
BOOTP uses UDP as a transport protocol and, unlike RARP, it does not require any special Network
Access Layer protocols. It uses two different well-known port numbers: UDP port number 67 is used
for the server, and UDP port number 68 is used for the client. This is very unusual. Most software uses
a well-know port on the server side and a randomly generated port on the client side. The random port
number ensures that each pair of source/destination ports identifies a unique path for exchanging in-
formation. A BOOTP client, however, is still in the process of booting, it may not know its IP address.
Even if the client generates a source port for the BOOTREQUEST packet, a server response ad-
dressed to that port and the client' s IP address won' t be read by a client that doesn'
t recognise the ad-
dress. Therefore BOOTP sends the response to a specific port on all hosts. A broadcast set to UDP
port 68 is read by all hosts, even by a system that doesn' t know its specific address. The system then
determines if it is the intended recipient by checking the physical network address embedded in the
response. The server fills in all of the fields in the packet for which it has data. There are many differ-
ent values a server can provide.
Parameter Description Example

bf Bootfile :bf=null
bs Bootfile size :bs=22050
cs Cookie servers list :cs=134.268.xxx.xxx
ds Domain name servers list :ds=134.268.xxx.xxx
gw Gateway list :gw=134.268.xxx.xxx
ha Hardware address :ha=7FF8100000AF
hd Bootfile directory :hd=/usr/boot
hn Send hostname boolean :hn
ht Hardware type :th=ethernet
im Impress server list :im=134.268.xxx.xxx
ip Host IP address :ip=134.268.xxx.xxx
lg Log servers list :lg=134.268.xxx.xxx
lp LPR servers list :lp=134.268.xxx.xxx
ns IEN-116 name servers list :ns=134.268.xxx.xxx
rl Resource location servers :rl=134.268.xxx.xxx
sm Subnet mask :sm=255.255.255.0
tc Template continuation :tc=default1
to Time offset :to=18000
ts Time servers list :ts=134.268.xxx.xxx
vm Vendor magic cookie selector :vm=auto
Tn Vendor extension n :T132="1234597AD3B"
# /etc/bootptab
defaults:\
:hd=/usr/boot: \
:bf=null: \
:ds=134.268.67.1 134.239.67.3: \
:sm=255.255.255.0: \
:gw=134.268.67.5:
PC0087: \
:tc=defaults: \
:ht=ethernet: \
:ha=0000c0a15e10: \
:ip=134.268.67.87: \
:hn:
PC0088: \
:tc=defaults: \
:ht=ethernet: \
:ha=0000c0a10e15: \
:ip=134.268.67.88: \
:hn:
It is possible to configure a BOOTP server to handle a very large number of clients. One server for
each subnet is a good design because it eliminates the need to pass BOOTP information through a
router, which requires a special router configuration.
Dynamic Host Configuration Protocol (DHCP):
Is the latest generation of BOOTP. It is designed to be compatible with earlier versions. DHCP is only
a proposed standard. DHCP uses the same UDP ports, 67 and 68, as BOOTP, and the same
BOOTREQUEST and BOOTREPLY packet format. But DHCP is more than just an update of BOOTP.
The new protocol expands the functions of BOOTP:

• The configuration parameters provided by DHCP server include everything defined in the
Requirements for Internet Hosts. DHCP provides a client with a complete set of TCP/IP
configuration values.
• DHCP permits automated allocation of IP addresses.
DHCP uses the portion of the BOOTP packet originally set aside for vendor extensions to indicate the
DHCP packet type and to carry a complete set of configuration information. DHCP calls the values in
this part of the packet options instead of vendor extensions. This is a more accurate description be-
cause DHCP defines how the options are used and does not leave their definition up to the vendors.
To handle the full set of configuration values from the Requirements for Internet Hosts, the option field
is expanded to 312 bytes from the original 64 bytes of the BOOTP vendor extension field.
DHCP allows addresses to be assigned Manual-, Automatic- and Dynamic allocation:

• Manual allocation: The network administrator keeps complete control over addresses by
specifically assigning them to clients. This is exactly the same way that addresses are
handled by BOOTP.
• Automatic allocation: The DHCP server permanently assign an address from a pool of ad-
dresses. The administrator is not involved in the details of assigning a client an address.
• Dynamic allocation: The server assigns an address to a DHCP client for a limited period of
time. The client can return the address to the server at any time, but the client must re-
quest an extension from the server to retain the address longer than the time permitted.
The server automatically reclaims the address after the lease expires if the client has not
requested an extension.
Dynamic allocation is useful in a large distributed network where many PC’s are being added and de-
leted. Unused addresses are returned to the pool of addresses without relying on users or system ad-
ministrators to take action to return them. Addresses are only used when and where they' re needed.
Dynamic allocation allows a network to make the maximum use of a limited set of addresses.
DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses
are assigned.
Local Network
Router with BOOTP enabled
Remote Network
Router
Router
DHCP Server DHCP Client DHCP Client DHCP Client
Figure 111 illustrates an example of a network running DHCP.
In figure 111, it consists of a single DHCP server and a few clients. As shown, a single DHCP server
can supply addresses for more than one network. To support DHCP on an internetwork, routers must
be configured with BOOTP forwarding.
The DHCP server maintains pools of IP addresses, called scopes. When a DHCP client enters a net-
work, it requests and granted a lease to use an address from an appropriate scope.
The concept of leasing is important, because DHCP clients are not ordinarily granted permanent use
of an address. Instead, they receive a lease of limited duration. When the lease expires, it must be
renegotiated. This approach ensures that unused addresses become available for use by other cli-
ents.
A single DHCP server can support clients on several networks in an internetwork. Clients moved to
different networks are assigned IP addresses appropriate to the new network.
Discover message
Offer message
Request message
DHCP Client DHCP Server
Acknowledgement message
Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a
DHCP client obtains a lease from a DHCP server.
1. Initialising state 8. Rebinding

Begin (sends discover message) (obtains new lease)
2. Initialising state 7. Renewal

(receives offer message) (attempts to renew lease)
Renewal
Granted
3. Selecting state 6. Bound state

(examines offers) (attempts to renew lease)
4. Requesting state 5. Requesting state

(sends request message) (attempts to renew lease)
Figure 113 shows the life cycle of a DHCP address lease.
The stages in the life cycle are as follow:

• 1) A DHCP client hosts that enters a network enters an initialising state and broadcasts a discover
message on the local network. This message may be relayed to other networks to deliver it to
DHCP servers in the Internet.
• 2) Each DHCP server that receives the discover message and can service the request responds
with an offer message that consists of an IP address and associated configuration information.
• 3) The DHCP client enters a selecting state and examines the offer message that it receives.
• 4) When the DHCP client selects an offer, it enters a requesting state and sends a request mes-
sage to the appropriate DHCP server, requesting the offered configuration.
• 5) The DHCP server grants the configuration with an acknowledgement message that consists of
the IP address and configuration along with a lease to use the configuration for a specific time. The
local network administrator establishes lease policies.
• 6) The DHCP client receives the acknowledgement and enters a bound state in which the IP con-
figuration is applied to the local TCP/IP protocols. Client computers retain the configuration for the
duration of the lease and may be restarted without negotiating a new lease.
• 7) When the lease approaches expiration, the client attempts to renew its lease with the DHCP
server.
• 8) If the lease cannot be renewed, the client reenters the binding process and is assigned a lease
to a new address. Non-renewed addresses return to the available address pool.
This process is completely transparent to the client and requires little ongoing maintenance on the part
of the network administrator.
DHCP can be configured to assign specific addresses to specific hosts, which enables administrators
to use DHCP to set host protocol options while retaining fixed address assignments.
Several types of hosts must assigned fixed, manual addresses so that other hosts can enter the ad-
dresses into their configurations.
Network File System (NFS):
Is a TCP/IP file sharing protocol that allows a server to export files that are mounted by clients and
used as if they are local files. NFS is a client/server application. The server makes part of its filesys-
tem available for use by its clients, and the client uses the remote filesystem as if it were part of its
local filesystem. Attaching a remote directory to the local filesystem (a client function) is called mount-
ing a directory. Offering a directory for remote access (a server function) is called exporting a direc-
tory.
NFS is a distributed filesystem. An NFS server has one ore more filesystems that are mounted by
NFS clients, to the NFS clients, the remote disks look like local disks. NFS filesystems are mounted
using the standard UNIX mount command, and all UNIX utilities work just as well with NFS-mounted
files as they do with files on local disks. NFS makes system administration easier because it elimi-
nates the need to maintain multiple copies of files on several machines: All NFS clients share the sin-
gle copy of the file on the NFS server. NFS also makes life easier for users: Instead of logging on to
many different systems and moving files from one system to another, a user can stay on one system
and access all the files that he or she needs within one consistent file tree.
The Network File System is a distributed file system that provides transparent access to remote disks.
Just as NIS allows you to centralise administration of user and host information, NFS allows you to
centralise administration of disks. Instead of duplicating common directories on every system, NFS
provides a single copy of the directory that is shared by all systems on the network. To a host running
NFS, remote filesystems are indistinguishable from local ones. For the user, NFS means that he/she
doesn' t have to log into other systems to access files. There is no need to use RCP or tapes to move
files onto the local system. Once NFS has been set up properly, users should be able to do all their
work on their local system, remote files will appear to be local to their own system. NFS and NIS are
frequently used together: NIS makes sure that configuration information is propagated to all hosts, and
NFS ensures that the files a user needs are accessible from these hosts.
NFS is also built on the RPC protocol and imposes a client-server relationship on the hosts that use it.
An NFS server is a host that owns one ore more filesystems and makes them available on the net-
work, NFS clients mount filesystems from one or more servers. This allows the normal client-server
model where the server owns a resource that is used by the client. In the case of NFS, the resource is
a physical disk drive that is shared by all clients of the server.
Simple Mail Transfer Protocol (SNMP):
Is the TCP/IP mail delivery protocol. It moves mail across the Internet and across your local network. It
runs over the reliable, connection-oriented service provided by Transmission Control Protocol (TCP),
and it uses well known port number 25.
Command Syntax Function

Hello HELLO <sending-host> Identify sending SMTP
From MAIL FROM <from-addresses> Sender address
Recipient RCPT TO:<to-address> Recipient address
Data DATA Begin a message
Reset RSET Abort a message
Verify VRFY <string> Verify a username
Expand EXPN <string> Expand a mailing list
Help HELP <string> Request on-line help
Quit QUIT End the SMPT session
SMPT is such a simple protocol you can literally do it yourself. You telnet to port 25 (telnet alex.firm.be
25) on a remote host and type mail in from the command line using the SMTP commands.
SMTP provides direct end-to-end mail delivery. This is unusual, most mail systems use store and for-
ward protocols that move mail toward its destination one hop at a time, storing the complete message
at each hop and then forwarding it on the next system until final delivery is made. If the direct end-to-
end mail delivery fails, the local system knows it right away.
Post Office Protocol (POP):
Is used to transfer the contents of the user'

s mailbox from the server to the users desktop. POP2 uses
port 109 and POP3 uses port 110. These are incompatible protocols that use different commands, but
they perform the same basic functions. The POP protocols verify the PC user' s login name and pass-
word, and move the user' s mail from the server to the PC where it is read using a local PC mail
reader.
Command Syntax Function POP2

Hello HELLO user password Identify user account
Folder FOLD mail-folder Select mail folder
Read READ [n] Read mail, start with message n
Retrieve RETR Retrieve message
Save ACKS Acknowledge and save
Delete ACKD Acknowledge and delete
Failed NACK Negative acknowledge
Quit QUIT End the POP2 session
Syntax Function POP3

USER username The user'
s account name
PASS passwordThe user'
s password
STAT Display the number of unread messages/bytes
RETR n Retrieve message number n
DELE n Delete message number n
LAST Display the number of the last message accessed
LIST [n] Display the size of message n or of all messages
RSET Undelete all message, reset message number to 1
TOP n l Print the header and l lines of message n
NOOP Do nothing
QUIT End the POP3 session
Multipurpose Internet Mail Extensions (MIME):
Is an extension of the TCP/IP mail system, not a replacement for it. MIME is more concerned with
what the mail system delivers than it is with the mechanics of delivery. It doesn'
t attempt to replace
SMTP or POP, it extends the definition of what constitutes mail.
File Sharing:
A true file sharing system allows files to be accessed at the record level. This makes it possible for a
client to read a record from a file located on a remote server, update that record, and write it back to
the server without moving the full file from the server to the client.
File sharing is transparent to the user and to the application software running on the user' s system.
Through file sharing, users and programs access files located on the remote systems as if they were
local. In a perfect file sharing environment, the user neither knows nor cares where the files are actu-
ally stored.
• Remote File System (RFS): Is a TCP/IP file sharing protocol.

• Andrew File System (AFS): Is a TCP/IP file sharing protocol.
• Network File System (NFS): Is the only TCP/IP file sharing protocol widely available for PC'
s.
• Distributed File System (DFS): Is a new TCP/IP file sharing protocol.
Interaction of TCP/IP and Other Protocols:
It is possible to classify applications as being network-aware or network-unaware. The distinction can

be made because some applications, such as Web browsers and client/server applications, need to
make explicit use of an underlying network protocol. Other applications, such as standard Windows
application suites, simply function within the confines of a workstation' s own operating system. For
these applications to make use of network file and print services, it is necessary for the NOS to pro-
vide extensions to the functions of the local operating system. The next section examines how these
different types of applications can make use of the underlying network.
Application Programming Interface (API):
Application developers can write network-aware applications by accessing a set of standard proce-
dures and functions through an Application Programming Interface (API). This interface specifies soft-
ware-defined entry points that developers can use to access the functionality of the networking proto-
cols. The use of an API enables a developer to develop networkable applications, while being shielded
from having to understand how the underlying protocols operate. Other API’s define interfaces to other
system functionality.
Standard API Calls and Procedures Application Interface
Application Layer
Presentation Layer
Network Protocol Interface API accessing underlying network protocols Session Layer
Transport Layer
Network Layer
Data Link Layer
Physical Layer
Figure 114 provides a visual representation of how a networking API might fit within the OSI seven-
layer model.
The majority of network applications have been written specifically to access a single networking pro-
tocol. This is because each of the NOS implementations have developed their API’s as a standard.
Redirectors and File Sharing:
One of the main application requirements within a network is saving files on a central file store. To
achieve this, NOS implementations commonly include a program known as a redirector. A redirector
program extends the functionality of the workstation operating system to enable it to address remote
file stores.
In a DOS/Windows environment, file storage areas are denoted with the use of letters, typically with
the letters A through E being reserved for local disk drives. When a user wants to access a network
file volume, it is common for the NOS to facilitate some form of mapping between a volume name and
an available drive letter. After the mapping has been made, it is possible for any application to access
the shared file volumes in the same way as the would access a local drive. This is because of the op-
eration of the installed redirector program. The program sits between the workstation operating system
and the NOS protocol stack and listens for application calls made to any of the mapped network
drives.
Interaction of TCP/IP and other Protocols 87

The functionality of a redirector can be further clarified by considering the example of an application
user attempting to save a file on a network drive. The user prompts the application to save the file on a
network file volume that the NOS has mapped to the DOS drive I:. The application makes a call to the
workstation operating system to complete the required file save operation. The redirector program
recognise that the application is attempting to access a network drive and steps in to handle the re-
quired data transfer. If the redirector hadn'
t been active, the workstation operating system would have
been presented with a request to save a file on a drive letter that is knew nothing about, and it would
have responded with a standard error message, such as ' Invalid drive specification'
.
In a UNIX environment, similar file sharing capabilities are provided through the use of a Network File
System (NFS). The use of NFS enables the workstation to access file volumes located on remote host
machines as if they were extensions to the workstation' s native filesystem. As such, the use of NFS,
on the workstation side, is very similar to the use of the NOS redirector as outlined earlier. Implemen-
tation of client NFS software are available from several thirdparty companies. These implementations
require a TCP/IP protocol stack to operate alongside the installed NOS protocol stack.
A workstation configured with both an NOS and a TCP/IP protocol stack is able to operate two inde-
pendent applications that can provide file sharing access between environments. This is accomplished
through the use of the redirector program, to provide access to the NOS file server, and NFS, operat-
ing on the TCP/IP protocol stack to provide access to NFS volumes on UNIX-servers.
NetWare Server
UNIX Server
F:
G:
H:
Workstation
Figure 115 illustrates how a single workstation can be utilise to access both network environments.
The indicated workstation loads a NetWare protocol software and the associated redirector software.
File areas on the NetWare server are mapped as local drive F: and G:. The TCP/IP stack and NFS
implementation are also loaded, and the remote UNIX file system is mounted as the local drive H: on
the workstation PC. Files are then available to be saved by any application operating on the work-
station to any of the mapped drivers.
NOS Gateways and Servers:
It is often more efficient to utilise an NOS server as a gateway into an existing TCP/IP network than to
run dual protocol stacks upon each network client.
In figure 117, the NetWare server has the Novel NFS Gateway software installed. The UNIX host has
exported the NFS, which has been mounted to a drive on it. This file area is now available to any of
the NetWare client workstations. These users are able to access the UNIX file area through the stan-
dard NetWare redirector program, removing the requirement of having to load a TCP/IP protocol stack
and run a TCP/IP-based application.
The NetWare server provides application gateway services between the IPX/SPX-based networks and
the TCP/IP network. To achieve this, it is necessary for the server to load both protocol stacks. On the
network clients, however, it is necessary to operate only the standard IPX/SPX protocol. The client
directs applications requests to use resources within the UNIX network to the gateway using IPX/SPX
protocols. The gateway relays these requests to the UNIX host via its TCP/IP protocol stack. In this
way, the use of a gateway greatly reduces the administrative overhead required to provide network
clients with access to TCP/IP hosts. Network users are able to utilise UNIX-based resources without
the requirement to run multiprotocol stacks.

IPX Protocols TCP/IP Protocols
NFS NFS
NetWare Client Workstations
Protocol stack
Protocol stack
Protocol stack
TCP/IP
TCP/IP
IPX
Figure 116 outlines a sample configuration of a NOS server as a gateway.
NOS gateways tend to be implemented in one of two ways. The first is through the operation of proxy
application services. The use of a proxy service provides the user with a special set of the network
applications, such as Telnet, FTP, and Web browsers, that have been specifically written to operate
over NOS protocols. The client applications communicate with the gateway process, which forwards
the application request to the specified UNIX hosts. An alternative solution utilise a tailored version of
a standard WinSock driver. This special WinSock driver provides support for standard WinSock appli-
cations, but instead of operating on an underlying TCP/IP protocol stack it communicates using
IPX/SPX protocols. Yet again, communication occurs between the client workstation and the gateway
application, with the gateway acting to forward application data between the client and UNIX host. The
use of the tailored WinSock driver means that network clients are able to utilise any standard.
WinSock application and don' t have to rely on the gateway manufacturer to provide specialised appli-
cation software.
Client Workstation NOS Server UNIX Workstation

operating IPX protocols providing gateway service operating TCP/IP protocols
Standard WinSock UNIX server

client application application process
Gateway
Tailored WinSock Standard WinSock
Standard IPX TCP/IP

Protocol Stack Protocol Stack
Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use
any standard WinSock application.
NOS Support for Native IP:
The major NOS vendors have recognised an increasing demand to replace their proprietary commu-
nication methods with native TCP/IP protocols. However, network applications have generally inter-
faced with a specific protocol. If NOS vendors were to suddenly adopt a different protocol, many of the
existing network applications would no longer function. For this reason, vendors are looking for ways
to replace their proprietary network protocols, but at the same time to provide a degree of backward-
compatibility to protect existing applications.
For example, within NetWare it is possible to replace the standard IPX/SPX protocols with a TCP/IP
protocol stack to provide standard communication between network client and server. However, within
this implementation each data packet actually consists of an IPX packet enclosed within a UDP
packet. The inclusion of the IPX header provides NetWare with the backward-compatibility it requires
to support its existing application base. However, the inclusion of the IPX header places an additional
overhead on each data packet. This overhead is likely to account for around 8 to 10 percent of the
total packet size.

Other NOS vendors also provide native support for TCP/IP protocols. For example, Windows NT al-
lows for the users of the NetBEUI protocol or TCP/IP protocols or a combination of both. Within NT,
network protocols are provided via an interface that it refers to as the Transport Driver Interface (TDI).
This is a layer that is loaded toward the top of the protocol stack and is used to provide a standard in-
terface between application environments and any underlying network protocols.
NetBIOS WinSock
Applications Applications
NetBIOS
Interface
TCP/UDP Services
Transport Device Interface
ARP IP Services ICMP
Network Device Interface NDIS Drivers & SLIP/PPP
Physical Network Layer Network Interface
Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT.
At the TDI interface, standard API’s such as NetBIOS and WinSock are able to interact with communi-
cation modules, principally TCP/IP and NetBEUI. The TDI model has been designed around a flexible
architecture so that it can be adapted to support additional network protocols as required.
Under this networking model, applications that have been written to the NetBIOS interface can operate
over an installed TCP/IP protocol stack. NetBIOS operates by assigning a unique name to every net-
work node. The assignment and management of the NetBIOS name space results in the generation of
a large amount of network traffic. This is because hosts send out broadcasts to all network nodes
when they want to register the use of a name they need to perform name resolution. The NetBIOS
over TCP/IP standards specifies a method whereby this functionality can occur over a TCP/IP protocol
stack. The excessive broadcast requirements effectively limit the use of NetBIOS to small LAN envi-
ronments where the necessary bandwidth is available. IP networks, on the other hand, often include
wide area links where bandwidth might not be sufficient to handle the required broadcasts needed to
maintain the NetBIOS address space.

Building an Internet Server:
Isolating the Server:
If an organisation merely wants to offer a service to the Internet community without enabling the users
to use the same connection to the Internet, limiting the security risk is easy.
local network
Internet
Internet Server Internet
Figure 119 shows an Internet server isolated from the local network.
Figure 119 illustrates a configuration that completely isolates local users computers from the Internet.
If someone breaks into your Internet server, access is limited to the server itself.
IPX Protocols
local network
Internet

TCP/IP Protocols
Figure 120 shows an Internet server that connect to the Internet using TCP/IP.
In figure 120, the server is connected to the organisation’s LAN using NWLink (IPX/SPX). Windows
NT servers do not route between different protocol stacks, and this approach very effectively isolates
outside TCP/IP users from inside users connected using NWLink.
Providing Full Internet Connectivity:
Suppose that you want your Internet connection to enable outside users to connect in and inside users
to connect out. Don’t use an insecure Internet connection. If an outsider attempts to violate security,
you’ll know it. After all, the intruder can be readily identified because he will be using a nonlocal netid.
Buiding an Internet Server 91

local network
Windows NT
Router
Internet

TCP/IP Protocols
Figure 121 shows an insecure Internet connection.
Unfortunately, IP addresses aren’t secure. Any reasonably knowledgeable Internet snoop can use a
technique known as IP spoofing to make his packets appear to have originated on your local network.
All the intruder needs to do is listen into your network for awhile, pick up a few usernames and pass-
words, which are transmitted in the clear, spoof an IP address, and break in. Once in, an intruder can
gain entry to dozen of TCP/IP systems. If the intruder can spoof in using the address of a user logged
on to a server, the intruder might be able to impersonate the logged-on user and access files using
that user’s security permissions.
A basic rule of TCP/IP security is as follows:

• Never base security on IP addresses. Security must always be based on a secure login procedure
that authenticates all users who are given access to critical systems.
• Isolate your Internet servers from your LAN clients, you can use therefore firewalls.
A firewall is a filter that can be configurated to block certain types of network traffic.
Traffic can be filtered in various ways:

Restricting certain protocols.
Restricting certain types of packets.
Permitting inside traffic out, while preventing outside traffic from entering.
A firewall is essentially an IP router that has had its routing function replaced by a more secure
method of forwarding messages. Some firewalls are specialised pieces of hardware, while other fire-
walls might consist of software running on a multihomed TCP/IP host.
Firewall
Router
all packets are forwarded through no packets are forwarded, packets

the IP layer. addressed to the firewall are
processed locally by the firewall
machine
Figure 122 shows a comparison between a firewall and an IP router.

In figure 122, the router handles packets up through the IP layer. The router forwards each packet
based on the packet’s destination address, and the route to that destination indicated in the routing
table. A host, on the other hand, does not forward packets, and the firewall system is just a special
type of multihomed host. Just like any host, the firewall accepts packets that are addressed to it, and
processes those packets through the Application Layer. The firewall ignores packets that are not ad-
dressed to it.
local network
Internet
firewall/Internet Server Internet

TCP/IP Protocols
Figure 123 shows a basic firewall/Internet server combination.
Figure 123 illustrates a firewall configuration in which on Internet host provides all Internet services
and runs firewall software. The firewall/Internet server combination is configured to enable inside us-
ers to connect out to the Internet. Outside users are not permitted to connect to the LAN.
local network
Additional
Internet
Server
Internet

TCP/IP Protocols
Figure 124 shows a firewall configuration that poses potential problems.
In figure 124, if you must configure more than on Internet server, you should avoid this example. No
matter how tightly the firewall is configured to restrict outside users from accessing specific hosts, an
intruder still could circumvent the firewall and gain access to other LAN-based hosts.
You should isolate the servers on a separate network segment and configure the firewall to route traf-
fic appropriately.

local network
Additional
Internet
Server
Internet

TCP/IP Protocols
Figure 125 shows a more secure firewall configuration.
In figure 125, the firewall permits outside users to access designated servers on one network seg-
ment, but prevent access to systems on the other segments.
Because firwalls are used in place of routers, the are usually thought of as a way to separate an inter-
nal network from the external world. However, isolating an entire network behind a firwall may not be
required. Even at sites that need a firewall, most workstations and desktop computers may not contain
information or applications that need this level of protection. Frequently, only a limited set of com-
puters contain truly sensitive data or processes critical to the operation or the organisation.
One way to limit the impact of a firewall on the operation of a network is to use an internal firewall that
isolates selected critical systems, while allowing all other systems to operate in a normal manner.
Internal network of
Internet Router internal firewall
non-sensitive systems
Internet Router
Router
Internet
Internal network of sensitive

Internet external firewall Secure network of sensitive systems
and non-sensitive systems
Figure 126 illsutrates networks using both Internal and External Firewalls.
The difficulty of identifying all sensitive systems, and the fear of making a mistake that could compro-
mise critical information, causes many security-conscious sites to prefer an external firewall, or even a
combination of internal and external firewalls. However, if sensitive systems can be identified and iso-
lated, the majority of users benefit from a more user friendly network because the entire network is not
isolated behind an external firewall.
The techniques for cracking into TCP/IP networks are advancing at least as quickly as the techniques
for building firewalls. and potting too much faith in the security you implement in unwise. For many, a
secure network is merely an inspiration to try harder. For this reason, physical isolation of critical com-
puters remain the one certain way to prevent intrusion.

Simple Network Management Protocol (SNMP):
Is a client/server (agent/manager) protocol. The network management software used on TCP/IP

based networks is based on the SNMP. The agent (the server) runs on the device being managed,
which is called the Managed Network Entity. The agent monitors the status of the device and reports
that status to the manager.
The manager (the client) runs on the Network Management Station, it collects information from all of
the different devices that are being managed, consolidates it, and presents it to the human network
manager.
SNMP is a request/response protocol. UDP port 161 is its well-known port. SNMP uses UDP as its
transport protocol because it has no need for the overhead of TCP. Reliability is not required because
each request generates a response. If the SNMP application does not receive a response, it simply
reissues the request. Sequencing is not needed because each request and each response travels as
a single datagram.
The request and response messages that SNMP sends in the diagrams are called Protocol Data Units
(PDU). These message types allow the manager to request management information, and when ap-
propriate, to modify that information. The messages also allow the agent to respond to manager re-
quests and to notify the manager of unusual situations.
SNMP Protocol Data Units:
PDU Use
GetRequest Manager requests an update
GetNextRequest Manager requests the next entry in a table
GetResponse Agent answers a manager request
SetRequest Manager modifies data on the managed device
Trap Agent alerts manager of an unusual event
The NMS periodically requests the status of each device (GetRequest) and each agent responds with
the status of its device (GetResponse). Making periodic requests is called polling. Polling reduces the
burden on the agent because the NMS decides when polls are needed, and the agent simply re-
sponds. Polling also reduces the burden on the network because the polls originate from a single sys-
tem are at a predictable rate. The shortcoming of polling is that it does not allow for real-time updates.
If a problem occurs on a managed device, the manager does not find out until the agent polled. To
handle this, SNMP uses a modified polling system called trap-directed polling.
A trap is an interrupt signalled by a predefined event. When a trap event occurs, the SNMP agent
does not wait for the manager to poll, instead it immediately sends information to the manager. Traps
allow the agent to inform the manager of unusual events while allowing the manager to maintain con-
trol of polling. SNMP traps are sent on UDP port 162. The manager sends polls on port 161 and lis-
tens for traps on port 162.
Simple Network Management Protocol 95

Generic Trap:
Trap Meaning
coldStart Agent restarted, possible configuration changes
warmStart Agent reinitialised without configuration changes
enterpriseSpecific An event significant to this hardware or software
authenticationFailure Agent received an unauthenticated message
linkDown Agent detected a network link failure
linkUp Agent detected a network link coming up
egpNeighborLoss The device'
s EGP neighbour is down
The last tree entries in this table show the roots of SNMP in Simple Gateway Management Protocol
(SGMP), which was a tool for tracking the status of network routers. Routers are generally the only
devices that have multiple network links to keep track of and are the only devices that run Exterior
Gateway Protocol (EGP). These traps are not significant for PCs.
The most important trap for a PC may be the enterpriseSpecific trap. The events that signal trap are
defined differently by every vendor' s SNMP agent software. Therefore it is possible for the trap to be
tuned to events that are significant for a PC. SNMP uses the term enterprise to refer to something that
is privately defined by a vendor or organisation as opposed to something that is globally defined by an
RFC.
The Structure of Management Information (SMI) defines how data should be presented in an SNMP
environment. The SMI defines how managed objects are named, the syntax in which they are defined,
and how they are encoded for transmission over the network. The SMI is based on previous ISO work.
Each managed object is given a globally unique name called an object identifier. The object identifier
is part of a hierarchical name space that is managed by the ISO. The hierarchical structure is used to
guarantee that each name is globally unique. In an object identifier, each level of the hierarchy is iden-
tified by a number. All SNMP managed object start with the number 1.3.6.1 .
Object Identifier Hierarchy:
The number of the root is not included in the identifier.
Objects are defined just as formally as they are named. The syntax used to define managed objects is
Abstract Syntax Notation One (ASN.1). It is a very formal set of language rules for defining data. It
makes the data definition independent of rules for encoding data for transfer over a network.
Installing SNMP:
Only one copy of the manager software is needed for a network. SNMP agents are installed in every
system.
Simple Network Management Protocol 96

Microsoft TCP/IP:
Microsoft Network Protocols:
Microsoft Windows operating systems support three network transport protocols:

• NetBIOS Frame protocol (NBF).
• NWLink.
• TCP/IP.
DLC: Supports network-attached printers.
These protocols are integrated using two technologies:

• The Network Driver Interface Specification (NDIS).
• The Transport Driver Interface (TDI).
The Microsoft Network Protocol Architecture:
TCP/IP
Windows API Applications
Applications
Application/Presentation
Windows
Layer NetBIOS
NetBIOS over Sockets
Session Layer TCP/IP
TDI Interface
Transport Layer
Network Layer NWLink NetBEUI (NBF) TCP/IP
Data Link Layer NDIS Interface

Network Adapter Drivers
Physical Layer Network Adapters
Figure 127.shows the Microsoft Network Protocol Architecture.
NDIS and TDI act as the unifying layers that enable Microsoft workstations to support multiple protocol
stacks over a single network interface.
At the lowest level of the protocol stack model are network interface adapters and the driver software
that enables them to connect with upper layers. NDIS is a standard interface between the MAC layer
protocols and the network layer. At the MAC layer, NDIS provides a well-defined interface that enables
vendors to write drivers for their network interface products. NDIS also provides a standard protocol
layer that upper-layer protocols can use, enabling multiple NDIS-compliant network layer protocols to
interface with any NDIS-compliant network adapter.
NDIS enables a computer to support multiple network adapters, which might be of the same or mixed
type. These adapters communicate with the same upper-layer protocol stacks, mediated by the NDIS
interface.
The Transport Driver Interface (TDI) defines a protocol interface between session layer protocols and
the transport layer. Transport protocols, therefore, can be written to standard interfaces both above
(TDI) and below (NDIS) in the protocol stack.
Above the TDI, Microsoft provides support for two Application Programming Interfaces (API’s). Net-
BIOS is the historic API for Microsoft network products. On the other hand, the standard API for
TCP/IP applications is Berkeley sockets, which Microsoft has implemented as Windows Sockets. For
environments that choose to implement TCP/IP without NetBEUI, and to support the non-routable
NetBIOS protocols over internetworks, Microsoft has provides a NetBIOS over TCP/IP (NBT) feature
that enables NetBIOS applications to access the TCP/IP transport.
Microsoft TCP/IP 97
NetBEUI Frame Protocol (NBF):
An efficient protocol that functions well in local networks, part of Windows NT. NBF is compatible with
the earlier NetBEUI implementations found in LAN Manager and Windows 3.x.
NBF provides two service modes:

• Unreliable connectionless communication (datagram).
• Reliable connection-oriented communication (virtual circuit).
reliable connectionless mode is unavailable.
Connection-oriented communication is used in many situations on peer-to-peer networks. NBF de-

pends heavily on broadcast messages, however, to advertise network names. When a NetBIOS com-
puter enters a network, it broadcasts a message announcing its name to ensure that no other com-
puter on the network already has the same name. This essential NetBIOS mechanism fails in inter-
networks because broadcasts do not cross routers. Ordinarily, therefore, NBF is restricted to non-
routed networks.
NWLink:
Is a Microsoft implementation of the two protocols (IPX and SPX) that are the standard transport on
NetWare networks.
• Internetwork Packet eXchange (IPX): Is a datagram network layer protocol that services as
the primary workhorse on NetWare LAN’s. The majority of NetWare services operate over
IPX.
• Sequenced Packet eXchange (SPX): Is an optional transport-layer protocol that provides
connection-oriented, reliable message delivery.
IPX is a routable protocol, and NWLink can be used to construct routed networks using Microsoft
products. The network/hardware address mechanism differs significantly from the mechanism used
for IP.
IPX uses sockets to direct messages to and from the correct upper-layer processes. In most cases,
upper-layer functions are performed by the NetWare Core Protocols (NCP), which provides network
services at the session, presentation, and application layers. NCP is not part of NWLink, although Mi-
crosoft has implemented a NetWare client requester that implements the client side of NCP.
The IPX/SPX protocols offer high performance, because node ID’s need not be maintained manually.
Use of IPX/SPX, however, has been confined primarily to the NetWare environment.
TCP/IP:
Microsoft has been including TCP/IP support in network products since LAN Manager. TCP/IP was
Microsoft'
s choice as a notable protocol for use when the non-routable NetBEUI was not functional.
DHCP Concept and Operation:
DHCP is based on DHCP servers, which assign IP addresses, and DHCP clients, to which addresses
are assigned. A single DHCP server can supply addresses for more than one network. To support
DHCP on an internetwork, routers must be configured with BOOTP forwarding.
The DHCP servers maintains pools of IP addresses, called scopes. When a DHCP client enters a
network, it request and is granted a lease to use an address from an appropriate scope. The concept
of leasing is important, because DHCP clients are not ordinarily granted permanent use of an address.
Instead, they receive a lease of limited duration. When the lease expires, it must be renegotiated. This
approach ensures that unused addresses become available for use by other clients.
Microsoft TCP/IP 98
DHCP can be configured to assign specific addresses to specific hosts, which enables administrators
to use DHCP to set host protocol options while retaining fixed address assignments.
Several types of hosts must be assigned fixed, manual addresses so that other hosts can enter the
addresses into their configuration, including, among others, the following examples: Routers (Gate-
ways), WINS servers, and DNS servers.
Client options override

scope and global options
Scope options override

Global Scope Client
global options
Global options apply unless overridden

by scope or client options
Figure 128 shows priority of DHCP options.
Managing WINS:
The primary naming system for Microsoft networks is based on NetBIOS names. Each computer on
the network is configured with a name that it broadcasts to the network make its presence known to all
other computers on the local network. This system is easy to maintain because whenever a computer
inserts itself into the network, the global name database is updated. This system works well on local
networks on which all protocols are supported by Microsoft network products. Microsoft operating sys-
tems configured using only TCP/IP protocols can use NetBIOS names within the context of a local,
non-routed network.
A significant limitation of NetBIOS naming in a TCP/IP environment is that the names do not propa-
gate across routers. NetBIOS names are disseminated using broadcast datagrams, which IP routers
do not forward. The NetBIOS names on one network, therefore, are invisible to computers on net-
works connected via routers.
The Microsoft LAN Manager products supported internetwork name resolution using static naming
tables stored in files named LMHOSTS. An LMHOSTS file is a text file that contains mappings be-
tween NetBIOS names and IP addresses. To enable computers on the internetwork to resolve names,
a network administrator had to manually update the LMHOSTS file and distribute it to all computers on
the Internet. This was a distinctly labour-intensive method of maintaining NetBIOS naming.
Like LMHOSTS, Windows Internet Name Service (WINS) maintains a NetBIOS global naming service
for TCP/IP internets. Unlike LMHOSTS, WINS is dynamic, extending the automatic configuration of
the NetBIOS name directory from local networks to internets. The WINS database is updated auto-
matically as NetBIOS computers insert and remove themselves from the network. Using WINS in con-
junction with DNS is possible, which would enable WINS to provide DNS with host names for Micro-
soft-based hosts within your network.
Microsoft TCP/IP 99
Resolving Names on Microsoft Networks:
Resolution is the process of associating host names with addresses. Resolution of NetBIOS names on
TCP/IP environments is the responsibility of the NetBIOS over TCP/IP (NBT) service. NBT name reso-
lution has evolved from a basic, broadcast-based approach to the current name-service approach.
Before discussing WINS, it is necessary to examine the name resolution modes supported by NBT.
• B-node: Is the oldest method employed on Microsoft networks, name resolution using broad-
cast messages. When Host A needs to communicate with Host B, it sends a broadcast mes-
sage to interrogates the network for the presence of Host B. If Host B receives the broadcast,
it sends a response to Host A that includes its address. If Host A does not receive a response
within a preset period of time, it times out and the attempt fails.
Hey, everybody! What'

s the address of HOST B?
It'
s 134.67.32.2
A B C D
Figure 129 shows B-node name resolution.
It works well in small, local networks, but poses two disadvantages that become criti-
cal as networks grow:
• As the number of hosts on the network increases, the amount of broadcast traffic
can consume significant network bandwidth.
• IP routers do not forward broadcasts, and this technique cannot propagate names
through an internetwork.
B-node is the default name resolution mode for Microsoft hosts not configured to use WINS
for name resolution. In pure B-node environments, hosts can be configured to use LMHOSTS
files to resolve names on the networks.
• P-node: Is used for name resolution. P-node computers register themselves with a WINS
server, which functions as a NetBIOS name server. The WINS server maintains a database of
NetBIOS names, ensures that duplicate names do not exist, and makes the database avail-
able to WINS clients.
Hey, everybody! What'

s the address of HOST B?
It'
s 134.67.32.2
WINS Server
A B C
Figure 130 shows P-node name resolution.
Each WINS client is configured with the address of a WINS server, which may reside on the
local network or on a remote network. WINS clients and servers communicate via directed
messages that can be routed. No broadcast messages are required to P-node name resolu-
tion.
Microsoft TCP/IP 100

Two liabilities of P-node name resolution are that:

• All computers must be configured using the address of a WINS server, even when
communicating hosts reside on the same network.
• If a WINS server is unavailable, name resolution fails for P-node clients.
• M-node: computers first attempt to use B-node name resolution, which succeeds if the desired
host resides on the local network. If B-node resolution fails, M-node hosts then to use P-node
to resolve the name. M-node enables name resolution to continue on the local network when
WINS servers are down. B-node resolution is attempted first on the assumption that in most
environments, hosts communicate most often with hosts on their local networks. When this
assumption holds, performance of B-node resolution is superior to P-node. Recall, however,
that B-node can result in high levels of broadcast traffic. Microsoft warns that M-node can
cause problems when network logons are attempted in a routed environment.
• H-node: Is the default for Microsoft TCP/IP clients configured using the addresses of WINS
servers. As a fallback, Windows TCP/IP clients can be configured to use LMHOSTS fields for
name resolution. Nodes configured with H-node, however, first attempt to resolve addresses
using WINS. Only after an attempt to resolve the name using a name server fails does an H-
node computer an attempt to use B-node. H-Node computers, therefore, can continue to re-
solve local addresses when WINS is unavailable. When operating in B-node, H-node com-
puters continue to poll the WINS server and revert to H-node when WINS services are re-
stored.
Architecture of the Windows Internet Name Service (WINS):
WINS uses one ore more WINS servers to maintain a database that provides name-to-address map-
pings in response to queries from WINS clients. WINS is a particularly got fit when IP addresses are
assigned by DHCP. Although the DHCP lease renewal process results in a certain stability of IP ad-
dress assignments. IP addresses can change if hosts are moved to different networks or if a hosts is
inactive for a time sufficient to cause its address to be reassigned. WINS automatically updates its
database to respond to such changes. Because WINS clients communicate with WINS servers via
directed messages, no problems are encountered when operating in a routed environment.
Non-WINS Client WINS Proxy
B-node broadcast query
IP Address
P-node directed query
IP Address
Router
Router
WINS Server 1
with
Non-WINS Client WINS Proxy
BOOTP
Database Replication
WINS Server 2
WINS-Enabled Client
Router
Router
P-node query
with
BOOTP
IP Address
Figure 131 shows the architecture of a WINS name service.

WINS proxies enable non-WINS clients to resolve names on the internetwork. When a WINS proxy
receives a B-node broadcast attempting to resolve a name on a remote network, the WINS proxy di-
rects a name query to a WINS server and returns the response to the non-WINS client.
WINS makes maintaining unique NetBIOS names throughout the Internet possible. When a computer
attempts to register a NetBIOS name with WINS, it is permitted to do so only if the name is not cur-
rently reserved in the WINS database. Without WINS, unique names are enforced only through the
broadcast B-node mechanism on local networks.
• When a WINS client is shut down in an orderly manner, it releases its name reservation in the
WINS database and the name is marked as released. After a certain time, a released name is
marked as extinct. Extinct names are maintained for a period of time sufficient to propagate the in-
formation to all WINS servers, after which the extinct name is removed from the WINS database.
• If a computer has released its name through an orderly shutdown, WINS knows that the name is
available and the clients can immediately reobtain the name when it reenters the network. If the cli-
ent has changed network addresses, by moving to a different network segment, a released name
can also be reassigned.
• If a computer is not shut down in an orderly fashion, its name reservation remains active in the
WINS database. When the computer attempt to reregister the name, the WINS server challenges
the registration attempt. If the computer has changed IP addresses, the challenge fails and the cli-
ent is permitted to reregister the name with its new address. If no other computer as actively using
the name, the client is also permitted to reregister with the name.
• All names in the WINS database bear a timestamp that indicates when the reservation will expire.
If a client fails to reregister the name when the reservation expires, the name is released. WINS
supports definition of static assignments that do not expire.
Any Windows NT server computer can be configured as a WINS server, except WINS servers cannot
receive their IP address assignment from DHCP. WINS clients communicate with WINS servers via
directed datagrams, and you do not have to locate a WINS server on each network segment. How-
ever, non-WINS clients are supported only if at least one WINS proxy is installed on each network or
subnetmask.
Multihomed computers should not be configured as WINS server. A WINS server may register its
name with only one network. The name of a multihomed WINS server, therefore, cannot be registered
with all attached networks. Also, some client connection attempts fail with multihomed WINS servers.
WINS recognises a variety of special names, identified by the value of the 16th byte of LAN Manager-
compatible names. Special names are encountered when setting up static mappings and when exam-
ining entries in the WINS database.
• Multihomed Names:
A multihomed name is a single computer name that stores multiple IP addresses, which are
associated with multiple network adapters on a multihomed computer. Each multihomed
name can be associated with up to 25 IP addresses. This information is established when
TCP/IP configuration is used to specify IP addresses for the computer.
When the WINS server service is running on a multihomed computer, the WINS service is al-
ways associated with the first adapter in the computer configuration. All WINS messages on
the computer, therefore, originate from the same adapter.
Multihomed computers with connections to two or more networks should not be configured as
WINS servers. If a client attempts a connection with a multihomed WINS server, the server
might supply an IP address on the wrong network, causing the connection attempt to fail.

• Normal Group Names:

Are tagged with the value 0x1E in the 16th byte. Browsers broadcast to this name and re-
spond to it when electing a master browser. In response to queries to this name, WINS always
returns the broadcast address FF.FF.FF.FF.
• Internet Group Names:

An internet group is used to register Windows NT server computers in internet groups, princi-
pally Windows NT server domains. If the Internet group is not configured statically, member
computers are registered dynamically as the enter and leave the group. Internet group names
are identified by the value 0x1C in the 16th byte of the NetBIOS name. An internet group can
contain up to 25 members, preference being given to the nearest Windows NT server com-
puters. On a large internetwork, the Internet group register the 24 nearest Windows NT server
computers plus the primary domain controller.
• Other Special Names:

0x0 identifies the redirector name of a computer.
0x3 identifies the messenger service name, used to send messages.
0x1B identifies the domain master browser, which WINS assumes is the primary domain con-
troller. If it is not. the domain master browser should be statically configured in WINS.
0x1 identifies _MSBROWSE_, the name to which master browsers broadcast to announce
their domains to other master browsers on the local subnet.
Having two or more WINS servers on any network is desirable. A second server can be used to main-
tain a replica of the WINS database that can be used if the primary server fails. On large internet-
works, multiple WINS servers result in less routed traffic and spread the name resolution workload
across several computers.
Pairs of WINS servers can be configured as replication partners. WINS servers can perform two types
of replication actions: Pushing and pulling. And a member of a replication pair functions as either a
push partner or a full partner. All database replication takes place by transferring data from a push
partner to a pull partner. But a push partner cannot unilaterally push data. Data transfers may be initi-
ated in two ways.
• A pull partner can initiate replication by requesting replication from a push partner. All records in a
WINS database are stamped with a version number. When a pull partner sends a pull request, it
specifies the highest version number that is associated with data received from the push partner.
The push partner then sends any new data in its database that has a higher version number than
was specified in the pull.
• A push partner can initiate replication by notifying a pull partner that the push partner has data to
send. The pull partner indicates its readlines to receive the data by sending a pull replication re-
quest that enables the push partner to push the data.
Pulls generally are scheduled events that occur at regular intervals. Pushes generally are triggered
when the number of changes to be replicated exceeds a specified threshold. An administrator, how-
ever, can manually trigger both pushes and pulls.
WINS performs a complete backup of its database every 24 hours. If users cannot connect to a server
running the WINS server service, the WINS database probably has become corrupt. In that case, you
might need to restore the database from a backup copy.

Push Pull Push Pull
Pull Push Pull Push
Push
Pull
Pull
Push
Push
Pull
Pull
Push
Figure 132 shows a network with several WINS replication partnerships.
Naming versus Browsing:
Browsers, however, maintain databases only of host names. Addresses must still be derived from a
name resolution process.
Browsing works somewhat differently on TCP/IP networks than on networks running NetBIOS and
NWLink, although the difference becomes apparent only when routing is involved. Windows browsing
is based on browse lists, which catalogue all available domains and servers.
Browse lists are maintained by browsers. By default all Windows NT server computer are browsers.
Windows NT workstations computers are potential browsers, and can become browsers if required.
Each domain has one master browser that serves as the primary point for collecting the browse data-
base for the domain. Servers, any computer that offers shared resources, that enter the network
transmit server announcements to the master browser to announce their presence. The master
browser uses these server announcements to maintain its browse list.
Backup browsers receive copies of the browse list from the master browser at periodic intervals. She
introduce redundancy to the browsing mechanism and distribute browsing queries across several
computers. An election process among the various browsers determines the master browser. In do-
mains, the election is biased in favour of making the Primary Domain Controller (PDC) the master
browser, which always is the master browser if it is operational.
All Windows NT server computers function as master or backup browser. Windows NT workstations
can function as browsers. In the presence of sufficient Windows NT server computers, no Windows
NT workstation will be configured as browsers. When no Windows NT server computers are available,
at least two Windows NT workstations computers will be activated as browsers. An additional browser
will be activated for every 32 Windows NT workstation computers in the domain.

Severs must announce their presence to the master browser at periodic intervals, starting at one min-
ute intervals and increasing to 12 minutes. If a server fails to announce itself for three announcement
periods, it is removed from the browse list. Therefore, up to 36 minutes may be required before a
failed server is removed from the browse list.
Domains are also maintained in the browse list. Every fifteen minutes, a master browser broadcast a
message announcing its presence to master browsers in other domains. If a master browser is not
heard for three 15-minutes periodes, other master browsers remove the domain from their browse list.
Thus, 45 minutes may be required to remove information about another domain from a browse list.
Internetworks based on NetBIOS and NWLink protocols can route broadcast name queries across
routers. Maintaining a single master for each domain, therefore, is necessary.
Internetworks based on TCP/IP cannot forward broadcast queries between networks. Therefore, Mi-
crosoft TCP/IP networks maintain a master browser for each network or subnetmask. If a domain
spans more than one network or subnetwork, the domain master browser running on the PDC has a
special responsibility of collecting browse lists from the master browser on each network and subnet-
work. The domain master browser periodically rebroadcasts the complete domain browse list to the
master browser, which in turn update backup browsers on their networks. Therefore, significant time
might be required to disseminate browsing data through a domain on a large TCP/IP internetwork.
The browsing service is a convenience but is not required to enable clients to access servers on the
internetwork. Clients processes still can use shared resources by connecting directly with the Univer-
sal Naming Convention (UNC) name of the resource. On a TCP/IP internetwork, that makes WINS a
near necessity. Browsing, on the other hand, is very convenient but is not essential.
Multihomed hosts often present an ambiguous face to the network community. Different hosts can use
different IP addresses to access services running on the host, with unpredictable results. One case in
which this unpredictability seems to appear is browsing when the PDC for a domain is multihomed.
Clients are not hard-wired with the address of browsers, and a multihomed browser appears to con-
fuse things, causing various clients to see different browse lists. More consistent results seem to be
obtained when the PDC has a single IP address. In any case, the PDC cannot serve as master
browser for more than one network or subnetmask.
Sometimes dynamic name-address mappings are not desirable. At such times, creating static map-
pings in the WINS database proves useful. A static mapping is a permanent mapping of a computer
name to an IP address. Static mappings cannot be challenged and are removed only when they are
explicitly deleted. Reserved IP addresses assigned to DHCP clients override any static mappings as-
signed by WINS. Static mappings for unique and special group names can be imported from files that
conform to the format of LMHOSTS files.
Managing LMHOST Files:
Although a complete name resolution system can be based on LMHOSTS files, static naming files can
be a nightmare to administrator, particularly when they must be distributed to several hosts on the
network. Nevertheless, LMHOSTS files may be necessary if WINS will no be run on a network or if
having a backup is desirable in case the WINS service fails.
Although LAN manager host files supported little more than mappings of NetBIOS names to IP ad-
dresses, Windows NT offers several options that make LMHOSTS considerably more versatile.

The basic format of an LMHOSTS file is as follow:
IP-address Name
134.67.32.0 Logon-Server-Network-A
134.67.32.1 Host-1-Network-A
134.67.32.2 Host-2-Network-A
134.67.40.0 Logon-Server-Network-B
134.67.32.3 Host-3-Network-B
134.268.67.0 Logon-Server-Network-C
134.268.67.3 Host-3-Network-C
134.268.67.5 Host-5-Network-C
Managing DNS:
Domain Name Service (DNS) is the standard naming service used on the Internet and on most
TCP/IP networks.
If your Windows TCP/IP network is not connected to non-Microsoft TCP/IP networks, you do not need
DNS. WINS can provide all the naming services required on a Microsoft Windows Network.
You need DNS if you want to connect your TCP/IP hosts to the Internet or to a UNIX based TCP/IP
network, but only if you want to enable users outside the Windows network to access your TCP/IP
hosts by name.
Name Resolution with HOSTS Files:
Before DNS, name resolution was accomplished using files named HOSTS. Supporting a naming ser-
vice is a simple matter of editing a master HOSTS file and distributing it to all computers, which could
be accomplished by copying the file when a user logs on to a domain, or it could be done using a soft-
ware distribution system.

Transmission Line Theory:
The electrical characteristics of the media used to send network datagrams partly define the physical
layer: The determine the maximum transmission rate, the longest straight run of cable, and other con-
strains of the network. This are all products of the transmission line theory, a study how signals be-
have when they are transmitted over long distances. While the extremely lower-level theory doesn’t
have any direct implications for higher-level protocols, violating the constraints imposed by transmis-
sion line theory can lead to intermittent and puzzling network failures that appear to the higher-level
protocol breakdowns.
A transmission line is any signal path that is long compared to the wavelength of the signal travelling
the path. Signals of higher frequencies have shorter wavelengths, so higher frequencies signals re-
quire transmission line analysis over much shorter path lengths. For example, low-speed AC line volt-
age going from a power company generator to a substation or transformer is affected by transmission
line problems over a distance of several miles. On the other end of the spectrum, high-speed inte-
grated circuits that produce pulses in the nanosecond range require transmission line treatment for
signals that are a few centimetres long. Signals on the Ethernet have wavelengths of about one meter,
so transmission line theory applies to every network with at least two stations on it, assuming the ma-
chines aren’t located on top of each other.
Every signal conductor has some inherent capacitance and inductance. The inductance comes from
the fact that any conductor must have a real non-zero thickness, the capacitance is due to coupling
with the ground plane and other nearby wires. Ethernet backbones are limited in length partly because
of these capacitive loading effects: The longer the cable, the greater its capacitance. As the capaci-
tance increases, each signal must charge up the line for a longer time, and after some critical value,
the time required to charge the line’s capacitance is significant compared to the time required to send
the packet’s preamble.
At low frequencies, the non-ideal characteristics of the wire may be ignored, but at the Ethernet data
transmission frequency of 10 MHz, the become important.
L1 L2 Ln
C1 C2 Cn
Figure 133 shows a drawing how a real-world Ethernet cable looks.
In figure 133, the series of inductors/capacitor pairs define an AC impedance for the cable. Impedance
is usually a function of the frequency of the signal encountering the L/C pairs. Ethernet packets are
sent with a constant frequency (not the frequency of the packets themselves, but the frequency of the
modulated signal representing the packet), fixing the AC impedance of the cable. The fixed imped-
ance is why you can put a fixed-value resistor on the Ethernet as a terminator, the rest of this discus-
sion explores the transmission line theory underpinnings that determine the value of that terminator.
On a non-ideal wire, the voltage at an endpoint can’t change instantaneously, due to the capacitive
and inductive effects described earlier. When a signal is impressed on a line (when a host sends a
packet on the Ethernet), the voltage at the end of the wire must go from 0 to -2.5 volts. A packet rolling
down the Ethernet cable is represented as a series of voltage changes, each with a corresponding
change in current as defined by Ohm’s law. The endpoint of the wire appears to be a signal load, for
this discussion assume that the load has an arbitrary value.
Transmission Line Theory 107

IR
IO = IL - IR IL
VO ZO ZL VL
load
Figure 134 shows the signal on an Ethernet.
The endpoint of the wire, represented as the load above, is initially at 0 volts. In order to satisfy Ohm’s
and Kirkhoff’s laws, a reflected signal must be created.
• Kirkhoff’s law dictates that the current flowing into a node must equal the current leaving it.
The incident, load, and reflected currents obey the following equation:
IO = IL − IR
• Kirkhoff’s law states that the loop voltage around a circuit must add up to zero.
We can use this form of Kirkhoff’s law to express the relationship of the voltages in the circuit:
VL = VO + VR
• Ohm’s law is used to describe the relationship of the line impedance, Z, and the current:
VL = IL. ZL
Substituting for VL and IL, we get:
VO + VR = ZL[IO - IR ]
Apply Ohm’s law again, with VR = IR . ZO, since the reflected signal sees the same impedance as
the incident signal:
ZL
VO + VR = [ VO − VR ]
ZO
Rearranging terms, we can express the amplitude of the reflected signal as a function of the origi-
nal signal:
VR ZL − ZO
=
VO ZL + ZO
Now let’s revisit our assumption that the load impedance, ZL, is some arbitrary value. An unterminated
cable endpoint has an infinite load impedance, so with ZL infinite, the fraction’s value is approximately
unity and VO = VR. The reflected current becomes a signal that looks electrically similar to the incident
packet, travelling in the opposite direction.
Again, the non-ideal physical characteristics of the wire prevent the reflected signal from being a mirror
image of the incident signal. At the same time, the end point of the line starts to charge to -2.5 volts,
so the voltage V at the endpoint of the wire isn’t precisely 0 volts. The combination of these two effects
makes the reflected signal a slightly attenuated version of the original. After several trips down the

length of the cable, the reflected signal is damped out completely. During the voltage rise time, how-
ever, reflected signals are making the line ring.
The fairly obvious solution is to make the reflection coefficient (the numerator in the fraction above)
equal to zero, so that there is no signal reflection. By placing a terminating resistor between the cable
and ground, the incident signal is caught and any reflection is suppressed.
Ethernet cabling has a characteristic impedance of 50 ohms, which is precisely the value used for
termination. Note that the line impedance is seen by AC signals only, and that DC testing of the line
itself, without the terminators, should show a DC resistance of a fraction of an ohm. However, this fact
can be exploited to perform a simple cable test: With a multimeter set on ohms, measure the DC re-
sistance between the centre conductor of the Ethernet and the ground shield on a network with no traf-
fic. Do not measure resistance on a live network. The network activity will cause the ohmmeter to give
an inexact reading. You may inadvertently create a short on the network, possibly damaging some
transceivers equipment.
The multimeter should read 25 ohms, half of the terminating resistor value, for a properly terminated
Ethernet. The resistance of the entire cable is 25 ohms because it is the effective resistance of the two
50 ohm terminators wired in parallel, joined by two conductors of the Ethernet cable:
R1. R2 R
Re ffective = =
R1 + R2 2
Ehternet Conductor
R1 R1 = R2 = 50 ohms R2
Figure 135 shows the terminators on an Ethernet cable.
Sometimes the most perplexing network problems stem from a failure in the physical layer. This theo-
retical discussion may not help you debug open circuits or locate bad transceivers by watching wave-
forms, but it should help you build a mental checklist of potential problems to be used when examining
network cabling.

Troubleshooting TCP/IP:
Introduction:
• Resolving most problems requires a methodical approach and the application of your knowledge of
TCP/IP and of your network.
• TCP/IP is a four-layer hierarchy. Problems seen by the user in the Application Layer may be
caused by problems in the lower layers.
• IP requires that each system have a globally unique, software-defined address. IP uses the ad-
dress to move data through networks and through the layers of software in a host. Unlike networks
that use hardware addresses, IP relies on the system administrator to define the correct address.
Problems are frequently caused by configuration errors.
• Routing is required to deliver data between any two systems that are not directly connected by the
same physical network. Subnetting divides a network into separate physical networks so that rout-
ing may even be required within a single enterprise network.
Tree steps in tracking down the real problem are:

• Gather information when the problem is reported, ask the user several questions. What application
failed! What is the address and hostname of the remote computer? What is the address and the
hostname of the user' s computer? What error message was displayed? If possible, have the user
verify the problem by running the application while you talk trough it. If possible, duplicate the prob-
lem yourself.
• Run preliminary tests using another application, such as PING. Check if the problem occurs in
other applications on the user's host. Check if the user's problem occurs with only one remote host,
with all remote hosts, or only with hosts off the user'
s subnet. Check if the problem occurs on other
local systems or just on the user' s system. Does it fail from your system? How about from other
systems on the user' s subnet?
• Visualise each protocol and device that handles the user' s data. If the problem occurs on some
systems and not others, think about difference in the path that data takes from those systems.
Think about where and how things could go wrong, to avoids oversimplifying the problem. It also
highlights the areas that are most likely cause the user'
s problem. The problem can be anywhere in
the path you visualise.
Some hints on analysing the test results are:

• If only one application is having a problem, the application may misconfigured. If the same applica-
tion fails on different local hosts, but only when connecting to a specific remote host, the application
may not be available on the remote host. If the application that fails is from a different source than
the TCP/IP protocol stack, e.g., a commercial protocol stack and a freeware application, the appli-
cation and the stack may not be compatible. The last condition is particularly prevalent in Windows
3.1 and 3.11 when the application is designed for a specific WINSOCK.DLL and a different one is
used by the stacks.
• If problems occur on all local PC’s, regardless of the application or the remote host they are con-
necting to, the problem is in one of the devices that connects the network to the outside world. If
the problem only occurs on systems on a single subnet, the problem is in the device that connects
the subnet to the rest of your network. If the problem only occurs on one PC, that PC is probably
misconfigured. Check its configuration. If it appears okay, take your laptop and check the network
link.
Troubleshooting TCP/IP 110

• Pay attention to the error messages. Error messages are often vague, but they contain valuable
pointers to the underlying problem.
• The error Unknown host indicates a name server problem. If other computers resolve the
name correctly, the user's PC is probably misconfigured. If no system resolves the name
correctly, the name the user has may be wrong or the name server may be misconfigured.
Have the user try to connect with the numeric address.
• The error Network unreachable indicates a routing problem. It means that there is no route
to the remote host. If no system can reach it, the remote site might be down. If only the
user's PC has the problem, check the PC's routing configuration.
• The error Cannot connect or No answer or Connection timed out means that the remote
system is not responding. Either the remote system is down or a link between the user's
PC and the remote system is down. If the user is trying to connect using a numeric ad-
dress, it could mean that the user has the wrong address. Ask him/her to use the remote
system' s hostname.
Troubleshooting TCP/IP:
Deals with the unexpected. Network problems are usually unique and sometimes difficult to resolve.
Troubleshooting is an important part of maintaining a stable, reliable network service. Effective trou-
bleshooting requires a methodical approach to the problem, and a basic understanding of how the
network works. The key to solving a problem is understanding what the problem is. This is not as easy
as it may seem. The surface problem is sometimes misleading, and the real problem is frequently ob-
scured by many layers of software. When the true nature of the problem is understood, the solution of
the problem is often obvious.
Approaching a Problem:
• Gather detailed information about exactly what' s happening. When the first problem is reported,
talk to the user. Find out which application failed. What is the remote host'
s name and IP address?
What is the user' s hostname and address? What error message was displayed? If possible, verify
the problem by having the user run the application while you talk him/her through it. If possible, du-
plicate the problem on your own system.
• Does the problem occur in other applications on the user' s host, or is only one application having
trouble? If only one application is involved, the application may be misconfigured or disabled on the
remote host. Because of rising security concerns, more and more systems are disabling some ser-
vices.
• Does the problem occur with only one remote host, all remote hosts, or only certain groups of re-
mote hosts? If only one remote host is involved, the problem could easily be with that host. If all
remote hosts are involved, the problem is probably with the user'
s system. If only hosts on certain
subnets or external networks are involved, the problem may be related to routing.
• Does the problem occur on other local systems? Make sure you check other systems on the same
subnet. If the problem only occurs on the user's host, concentrate testing on that system. If the
problem affects every system on a subnet, concentrate on the router for that subnet.
Once you know the symptoms of the problem, visualise each protocol and device that handles the
data. Visualising the problem will help you avoid oversimplification, and keep you from assuming that
you know the cause even before you start testing.

Troubleshooting Hints:
• Approach problems methodically, don' t jump into another test scenario based on a hunch, without
ensuring that you can pick up your original test scenario where you left off.
• Keep a historical record of the problems in case it reappears.
• Don'
t assume a problem seen at the application level is not caused by a problem at a lower level.
• Test each possibility and base your actions on the evidence of the tests.
• Pay attention to error messages.
• Duplicate the reported problem yourself.
• Most problems are caused by human errors.
• Keep your users informed, users want solutions to their problems, they'
re not interested in specula-
tive techno-babble.
• Don'
t speculate about the cause of the problem while talking to the users.
• Stick to a few simple troubleshooting tools.
• Don't neglect the obvious, a loose Ethernet cable is a very common network problem. Check plugs,
connectors, cables, and switches.
• Small things can cause big problems.
Diagnostic tools:
Most network problems can be solved using the free diagnostic software. Large networks probably
need a network analyser, or at least a hardware tester such as a Time Domain Reflectometer (TDR).
ifcongif : Provides information about the basic configuration of the interface. It is useful
for detecting bad IP addresses, incorrect subnet masks, and improper broad-
cast addresses.
arp : Provides information about Ethernet/IP address translation. It can be used to
detect systems on the local network that are configured with the wrong IP
address.
netstat : Provides a variety of information. It is commonly used to display detailed sta-
tistics about each network interface, network sockets, and the network rout-
ing table.
ping : Indicates whether a remote host can be reached.
nslookup : Provides information about the DNS name service.
dig : Provides information about name service.
ripquery : Provides information about the contents of the RIP update packet being sent
or received by your system.
traceroute : Tells you which route packets take going from your system to a remote sys-
tem. Information about each hop is printed.
etherfind : Analyses the individual packets exchanged between hosts on the network. It
is most useful for analysing protocol problems.
Testing Basic Connectivity:
The ping command tests whether a remote host can be reached from your computer. This simple
function is extremely useful for testing the network connection, independent of the application in which
the original problem was detected. Ping allow you to determine whether further testing should be di-
rected toward the network connection (the lower layers) or the application (the upper layers). If ping
shows that packets can travel to the remote system and back, the user' s problem is probably in the
upper layers. If packets can't make the round-trip, lower protocol layers are probably at fault.

Abbreviations:
AC Access Control
ACK Acknowledgement
ADS Acknowledged Datagram Service
AFS Andrew File System
API Application Programming Interface
ARP Address Resolution Protocol
AS Autonomous Systems
ASN.1 Abstract Syntax Notation One
BIOS Basic Input Output System
BNC Bus Network Connector
BOOTP BOOT Protocol
CD Collision Detection
CRC Cyclic Redundancy Checksum
CSMA Carrier Sence Multiple Access
CSMA/CA Carrier Sence Multiple Access/Collision Avoid
CSMA/CD Carrier Sence Multiple Access/Collision Detection
CSU Channel Service Unit
DA Destination Address
DDS Digital Data Service
DFS Distributed File System
DHCP Dynamic Host Configuration Protocol
DLP Data Link Protocol
DNS Domain Name Service
DSAP Destination Service Access Point
DSU Digital Service Unit
ED Ending Delimiter
EFS End-of-Frame Sequence
EGP Exterior Gateway Protocol
ETR Early Token Release
FC Frame Control
FCS Frame Check Sequence
FS Frame Status
FTP File Transfer Protocol
GGP Gateway to Gateway Protocol
ICMP Internet Control Message Protocol
IGP Interior Gateway Protocol
IP Internet Protocol
IPX Internetwork Packet eXchange
IPX/SPX Internetwork Packet eXchange/Sequenced Packet eXchange
ISDN Integrated Services Digital Network
ISN Initial Sequence Number
ISO International Standards Organisation
LAN Local Area Network
LLC Logical Link Control
LSAP Link Service Access Point
LSL Link Support Layer
MAC Media Access Control
MAU Media Access Unit
MIME Multipurpose Internet Mail Extensions
MLID Multiple Link Interface Drivers
MTU Maximum Transmission Unit
NBF NetBIOS Frame Protocol
NBT NetBIOS over TCP/IP
NCP NetWare Core Protocols
NDIS Network Driver Interface Specification
NetBEUI NetBIOS Extended User Interface
Abbreviations 113
NETBIOS Network Basic Input Output System

NFS Network File System
NIC Network Interface Card
NIS Network Information System
NOS Network Operating System
NSAP Network Service Access Point
NTP Network Time Protocol
ODI Open Datalink Interface
OSI Open Systems Interconnect
OSPF Open Shortest Path Protocol
PAD Packet Assembly/Disassembly
PING Packet Internet Groper
PAR Positive Acknowledgement with Retransmission
PDC Primary Domain Controller
PDU Protocol Data Unit
POP Post Office Protocol
PPP Point-to-Point Protocol
RARP Reverse Address Resolution Protocol
RFC Request For Comments
RFS Remote File System
RIP Routing Information Protocol
RPC Remote Procedure Call
SA Source Address
SAP Service Access Point
SD Starting Delimiter
SFD Start Frame Delimiter
SFS Start-of-Frame Sequence
SGMP Simple Gateway Management Protocol
SMB Service Message Block
SMI Structure of Management Information
SMTP Simple Mail Transfer Protocol
SNA System Network Architecture
SNMP Simple Network Management Protocol
SPX Sequenced Packet eXchange
SSAP Source Service Access Point
STP Shielded Twisted-Pair
SYN Synchronising Segment
TCB Transmission Control Block
TCP Transmission Control Protocol
TCP/IP Transmission Control Protocol/Internet Protocol
TDI Transport Driver Interface
TDM Time-Division Multiplexing
TDR Time Domain Reflectometer
TELNET Terminal Networking
TFTP Trivial File Transfer Protocol
TLI Transport Layer Interface
TSAP Transport Service Access Point
UDP User Datagram Protocol
UDS Unacknowledged Datagram Service
ULP Upper Layer Protocol
UNC Universal Naming Convention
UTP Unshielded Twisted-Pair
VCS Virtual Circuit Service
WAN Wide Area Network
WINS Windows Internet Name Service
WWW World Wide Web
XDR eXternal Data Representation
Abbreviations 114
Table of Figures:
Figure 1 shows different possibilities for communication of great distance............................................................ 1

Figure 2 shows the symbol used for a Twisted-Pair line tag................................................................................... 2
Figure 3 shows the symbol used for a Coaxial line tag. ......................................................................................... 2
Figure 4 shows the symbol used for a Fibre-optic line tag. .................................................................................... 3
Figure 5 shows the symbol used for a Network Interface Card. ............................................................................. 4
Figure 6 shows the symbol used for a Client.......................................................................................................... 4
Figure 7 shows the symbol used for a Server. ....................................................................................................... 4
Figure 8 shows a Client-Server model.................................................................................................................... 5
Figure 9 shows Local Resources............................................................................................................................ 5
Figure 10 shows Remote Resources...................................................................................................................... 5
Figure 11 shows a Node......................................................................................................................................... 6
Figure 12 shows the symbols used for a Concentrator. ......................................................................................... 6
Figure 13 shows the symbol used for a Hub. ......................................................................................................... 6
Figure 14 shows the symbol used for a Repeater. ................................................................................................. 6
Figure 15 shows the symbol used for a Bridge....................................................................................................... 6
Figure 16 shows the symbol used for a Router. ..................................................................................................... 7
Figure 17 shows the symbol used for a Gateway. .................................................................................................. 7
Figure 18 shows the symbol used for a Backbone. ................................................................................................ 7
Figure 19 shows a schematic of a bus network...................................................................................................... 8
Figure 20 shows a schematic of a machine-to-machine bus network. ................................................................... 8
Figure 21 shows a schematic of a Token Ring network. ........................................................................................ 9
Figure 22 shows the token access method in a Token Ring network..................................................................... 9
Figure 23 shows a schematic of a star network.................................................................................................... 10
Figure 24 shows a schematic of a hub network.................................................................................................... 10
Figure 25 shows fragmentation and reassemble of a message on a circuit switching network. ......................... 11
Figure 26 shows fragmentation and reassemble of a message on a packet switching network. ......................... 11
Figure 27 shows a schematic of a Backbone Network. ........................................................................................ 12
Figure 28 shows a schematic of a Thinnet Network. ............................................................................................ 12
Figure 29 shows a schematic of a 10BASET Network. ........................................................................................ 12
Figure 30 shows the seven-layer Open Systems Interconnection Reference Model. .......................................... 14
Figure 31 shows an example of a data frame....................................................................................................... 16
Figure 32 shows how simple delivering of a frame on a local network can be. .................................................... 16
Figure 33 shows the schematic of a single, local network.................................................................................... 18
Figure 34 shows the schematic of a bridged network........................................................................................... 18
Figure 35 shows the schematic of a subnetted network....................................................................................... 18
Figure 36 shows a schematic of a router that join an Ethernet to a Token Ring network..................................... 19
Figure 37 shows Headers and the OSI protocol layers. ....................................................................................... 22
Figure 38 shows the Protocol Data Unit layout..................................................................................................... 22
Figure 39 shows the receiving computer risks losing data whenever its communication buffers become full. .... 25
Figure 40 shows the format of the LLC protocol data unit. ................................................................................... 26
Figure 41 shows the format of an IEEE 802 MAC address. ................................................................................. 26
Figure 42 shows IEEE 802 standards related to the OSI reference model. ......................................................... 26
Figure 43 shows the schematic of an Ethernet network. ...................................................................................... 27
Figure 44 shows collisions on an Ethernet. .......................................................................................................... 28
Figure 45 shows the structure of an Ethernet II frame.......................................................................................... 29
Figure 46 shows the structure of an Ethernet II Node Address. ........................................................................... 29
Figure 47 shows the format of a IEEE 802.3 Frame............................................................................................. 30
Figure 48 shows the format of the SNAP data format. ......................................................................................... 31
Figure 49 shows the token access method in a ring network. .............................................................................. 32
Figure 50 shows how Token Rings are wired in a star. ........................................................................................ 33
Figure 51 shows the format of a Token Ring frame.............................................................................................. 33
Figure 52 shows how the layers of TCP/IP and other popular network protocols relate differently to the OSI
model. ........................................................................................................................................................... 35
Figure 53 provides a generic illustration of a data packet moving through the different protocol layers of the OSI
model. ........................................................................................................................................................... 35
Figure 54 shows a more specific example of an application packet moving through a TCP/IP network. ............. 36
Figure 55 shows the protocol structure resulting from the binding initiated by the NETBIND program. ............... 37
Figure 56 shows an internetwork consisting of several networks. ........................................................................ 39
Figure 57 illustrates one method of time-division multiplexing of digital signals................................................... 39
Figure 58 depict a more advanced technique, statistical time-division multiplexing............................................. 39
Figure 59 illustrates circuit switching. ................................................................................................................... 40
Figure 60 illustrates packet switching. .................................................................................................................. 40
Figure 61 illustrates the protocol stack model for bridging in terms of the OSI Reference Model. ....................... 41
Figure 62 illustrates the protocol stack model for routing in terms of the OSI Reference Model.......................... 42
Table of Figures 115

Figure 63 illustrates Hop-count routing................................................................................................................. 42

Figure 64 shows connecting remote sites with a Digital Leased Circuit. .............................................................. 44
Figure 65 shows the Layers in the TCP/IP Protocol Architecture. ........................................................................ 44
Figure 66 shows TCP/IP Data Encapsulation....................................................................................................... 44
Figure 67 shows Data Structures. ........................................................................................................................ 44
Figure 68 shows the processing of data during the transmission and the receiving for TCP. .............................. 44
Figure 69 shows processes/applications and protocols that rely on the Network Access Layer for the delivery of
data to their counterparts across the network............................................................................................... 44
Figure 70 shows the IP Datagram Format............................................................................................................ 44
Figure 71 shows Routing Through Gateways....................................................................................................... 44
Figure 72 shows the ICMP Header Format. ......................................................................................................... 44
Figure 73 shows processes/applications and protocols rely on the Internet Layer for the delivery of data to their
counterparts across the network................................................................................................................... 44
Figure 74 shows the UDP Datagram Format........................................................................................................ 44
Figure 75 shows the relationship between UDP and IP headers.......................................................................... 44
Figure 76 shows the data segment format of the TCP Protocol. .......................................................................... 44
Figure 77 shows the format of the TCP pseudoheader. ....................................................................................... 44
Figure 78 shows TCP establishes virtual circuits over which applications exchange data................................... 44
Figure 79 shows a Three-Way Handshake. ......................................................................................................... 44
Figure 80 shows the positive acknowledgement with retransmission technique.................................................. 44
Figure 81 shows how TCP implements a time-out mechanism to keep track of loss segments. ......................... 44
Figure 82 shows a TCP Data Stream that starts with an Initial Sequence Number of 0....................................... 44
Figure 83 shows how data are processed as the travel down the protocol stack, through the network, and up the
protocol stack of the receiver........................................................................................................................ 44
Figure 84 shows processes/applications and protocols rely on the Transport Layer for the delivery of data to their
counterparts across the network................................................................................................................... 44
Figure 85 shows the TCP/IP Protocols Inside a Sample Gateway. ...................................................................... 44
Figure 86 shows processes/applications and protocols rely on the Application Layer for the delivery of data to
their counterparts across the network........................................................................................................... 44
Figure 87 shows the IP address classes. ............................................................................................................. 44
Figure 88 shows host communication on a local network. ................................................................................... 44
Figure 89 shows IP addresses with and without subnetting. ................................................................................ 44
Figure 90 shows host communication with subnetting. ........................................................................................ 44
Figure 91 shows a view of routing. ....................................................................................................................... 44
Figure 92 shows the Internet Routing Architecture............................................................................................... 44
Figure 93 shows a flowchart depiction of the IP routing algorithm. ...................................................................... 44
Figure 94 show the operation of ARP................................................................................................................... 44
Figure 95 shows the layout of an ARP request or ARP reply. .............................................................................. 44
Figure 96 shows Routing Domains....................................................................................................................... 44
Figure 97 shows the interrelationship between IP and Ethernet MAC address as reflected in the Ethernet data
frame............................................................................................................................................................. 44
Figure 98 shows Protocol and Port Numbers. ...................................................................................................... 44
Figure 99 shows the protocol interdependency between Application level protocols and Transport level proto-
cols. .............................................................................................................................................................. 44
Figure 100 shows data packets multiplexed via TCP or UDP through port addresses and onto the targeted
TCP/IP applications. ..................................................................................................................................... 44
Figure 101 shows the exchange of port numbers during the TCP handshake. .................................................... 44
Figure 102 shows the format of the Host.txt records. ........................................................................................... 44
Figure 103 shows resolution of a DNS query. ...................................................................................................... 44
Figure 104 shows Domain Hierarchy.................................................................................................................... 44
Figure 105 shows organisation of the DNS name space...................................................................................... 44
Figure 106 shows NIS masters, slaves, and clients. ............................................................................................ 44
Figure 107 shows Remote Procedure Call Execution. ......................................................................................... 44
Figure 108 shows the TCP/IP family tree. ............................................................................................................ 44
Figure 109 shows Multiple Protocol Stacks. ......................................................................................................... 44
Figure 110 shows the BOOTP message format. .................................................................................................. 44
Figure 111 illustrates an example of a network running DHCP. ........................................................................... 44
Figure 112 shows a DHCP client obtaining a lease. It shows the dialogue that takes place when a DHCP client
obtains a lease from a DHCP server. ........................................................................................................... 44
Figure 113 shows the life cycle of a DHCP address lease. .................................................................................. 44
Figure 114 provides a visual representation of how a networking API might fit within the OSI seven-layer model.44
Figure 115 illustrates how a single workstation can be utilise to access both network environments.................. 44
Figure 116 outlines a sample configuration of a NOS server as a gateway. ........................................................ 44
Figure 117 shows a tailored version of a standard WinSock driver enables the network clients to use any stan-
dard WinSock application. ............................................................................................................................ 44
Figure 118 illustrates the location and operation of the Transport Driver Interface within Windows NT. ............. 44
Figure 119 shows an Internet server isolated from the local network................................................................... 44
Figure 120 shows an Internet server that connect to the Internet using TCP/IP. ................................................. 44

Figure 121 shows an insecure Internet connection. ............................................................................................. 44

Figure 122 shows a comparison between a firewall and an IP router. ................................................................. 44
Figure 123 shows a basic firewall/Internet server combination. ........................................................................... 44
Figure 124 shows a firewall configuration that poses potential problems............................................................. 44
Figure 125 shows a more secure firewall configuration........................................................................................ 44
Figure 126 illsutrates networks using both Internal and External Firewalls. ......................................................... 44
Figure 127.shows the Microsoft Network Protocol Architecture. .......................................................................... 44
Figure 128 shows priority of DHCP options. ......................................................................................................... 44
Figure 129 shows B-node name resolution. ......................................................................................................... 44
Figure 130 shows P-node name resolution. ......................................................................................................... 44
Figure 131 shows the architecture of a WINS name service................................................................................ 44
Figure 132 shows a network with several WINS replication partnerships. ........................................................... 44
Figure 133 shows a drawing how a real-world Ethernet cable looks. ................................................................... 44
Figure 134 shows the signal on an Ethernet. ....................................................................................................... 44
Figure 135 shows the terminators on an Ethernet cable. ..................................................................................... 44

Index:
Bus ..................................................................................8
Bus Network Connector ..................................................8
—1— Bus Networks ..................................................................8
10BASE2 ........................................................................2
10BASE5 ........................................................................2 —C—
10BASET Network .......................................................12
Canonical form..............................................................70
Carrier Sence.................................................................27
—8— Carrier Sence Multiple Access ......................................27
802 LAN Physical Address ...........................................26 Carrier Sence Multiple Access/Collision Avoid............27
Carrier Sence Multiple Access/Collision Detection ......27
CD.................................................................................28
—A— Channel Service Unit ....................................................44
Abbreviations.............................................................113 Characteristics of Layered Architectures.......................13
Abstract Syntax Notation One.......................................96 Characteristics of Layered Protocols.............................22
AC.................................................................................34 Cheapernet ......................................................................2
Access Control ..............................................................34 Checking remote hosts ..................................................51
Access method’s ...........................................................24 Circuit ...........................................................................40
Accident-proof network ..................................................1 Circuit Switching ..........................................................40
Acknowledged Datagram Service .................................25 Circuit-Switched networks ............................................11
Activity Management....................................................21 Client...............................................................................4
Address Resolution .......................................................63 Client-Server model ........................................................5
Address Resolution Protocol...........48, 58, 63, 74, 75, 79 Coaxial cable...................................................................2
Addressing, Routing, and Multiplexing.....................58 Collision........................................................................28
ADS ..............................................................................25 Collision Detection .......................................................28
AFS ...............................................................................86 Communication Protocols.............................................13
An Internet ....................................................................17 Concentrator..............................................................6, 10
An Internetwork ............................................................17 Connectionless Protocols ..............................................41
An overview of TCP/IP components ..........................72 Connection-oriented......................................................41
Andrew File System......................................................86 Contention.....................................................................24
API....................................................................78, 87, 97 CRC ........................................................................29, 31
Application layer...........................................................21 Creating Domains and Subdomains ..............................68
Application Programming Interface ..................78, 87, 97 CSMA ...........................................................................27
Approaching a Problem ..............................................111 CSMA/CA.....................................................................27
Architecture of the IEEE 802 Standards .......................24 CSMA/CD.....................................................................27
Architecture of the Windows Internet Name Service..101 CSU...............................................................................44
ARP.................................................48, 58, 63, 74, 75, 79 Cyclic Redundancy Checksum................................29, 31
AS .................................................................................61
ASN.1 ...........................................................................96 —D—
Asynchronically ..............................................................1
Automatic allocation .....................................................81 DA.................................................................................34
Autonomous Systems....................................................61 Data Field......................................................................29
Data Frame ..............................................................15, 16
Data Link Layer ............................................................15
—B— Data Section ..................................................................33
Backbone ....................................................................7, 8 Data Stream Maintenance .............................................55
Backbone Network........................................................12 Data-communication .......................................................1
Backplane......................................................................10 Datagram.....................................................20, 41, 48, 72
Basic Input Output System............................................78 Datagram Delivery ........................................................20
BIOS .............................................................................78 Data-processing...............................................................1
BNC connectors ..............................................................2 Data-transmission............................................................1
B-node.........................................................................100 DDS ..............................................................................44
Boot Protocol ..........................................................74, 76 Decapsulation................................................................23
BOOTP ...................................................................74, 76 Dedicated Leased Lines.................................................44
BOOTREPLY packet....................................................80 Delivering Data Through Internetworks ...................39
BOOTREQUEST packet...............................................80 Demultiplexer................................................................39
Bootstrap Protocol ........................................................80 Demultiplexing..............................................................20
Bridge .......................................................................6, 41 Demux...........................................................................39
Bridges, Routers, and Switches.....................................41 Destination Address ......................................................34
Broadband.....................................................................39 Destination and Source address...............................29, 31
Building an Internet Server........................................91 Destination Service Access Point..................................26
Detecting unreachable destinations ...............................50
Index 118
Device ...........................................................................16 Header ...........................................................................46

DFS ...............................................................................86 Heterogeneous Network................................................13
DHCP......................................................................80, 81 H-node ........................................................................101
DHCP Concept and Operation......................................98 Host address ..................................................................58
Diagnostic tools ..........................................................112 Host name .....................................................................66
Digital Data Service.....................................................44 Host table ......................................................................66
Digital Service Unit ......................................................44 Hosts .............................................................................19
Distributed File System.................................................86 Host-to-Host Transport Layer .......................................51
DLC ..............................................................................97 How Ethernet Works.....................................................27
DNS ..........................................................66, 73, 75, 106 How Token Ring Works................................................31
DNS Windows Name Resolution..................................79 Hub..................................................................................6
Domain Name Service ....................................66, 67, 106 Hub Network.................................................................10
Domain Name System.............................................73, 75
Domain Names..............................................................68
DSAP ............................................................................26
—I—
DSU ..............................................................................44 ICMP.................................................................50, 72, 75
Dynamic allocation .......................................................81 IEEE 802.3 Frames .......................................................30
Dynamic Host Configuration Protocol....................80, 81 IEEE 802.3 Media.........................................................30
Dynamically Allocated Port ..........................................66 IEEE 802.3 Networks....................................................27
IEEE 802.5 Frames .......................................................33
—E— IEEE 802.5 Networks....................................................31
IEEE LAN’s.................................................................24
Early Token Release .....................................................32 IGP ................................................................................76
ED .................................................................................34 Implementing TCP/IP .................................................77
EFS ...............................................................................33 Implementing TCP/IP over IEEE 802.3........................31
EGP.........................................................................76, 96 Index ...........................................................................118
Encapsulation................................................................46 Informatics ......................................................................1
End Systems..................................................................19 Information Field ..........................................................34
Ending Delimiter...........................................................34 Initial Sequence Number...............................................53
End-of-Frame Sequence................................................33 Integrated Services Digital Network .............................45
Ethernet Address...........................................................17 Interaction of TCP/IP and Other Protocols...............87
Ethernet PVC coax..........................................................2 Interior Gateway Protocol .............................................76
Exporting a directory ....................................................84 Intermediate Systems ....................................................19
Exterior Gateway Protocol ......................................76, 96 International Standards Organisation ............................13
eXternal Data Representation .................................57, 70 Internet ..........................................................................44
Internet Control Message Protocol....................50, 72, 75
Internet Group Names .................................................103
—F— Internet Protocol..........................................17, 48, 72, 75
FC .................................................................................34 Internet Routing Architecture........................................61
FCS ...................................................................29, 31, 34 Internetwork Layer ........................................................48
Fibre-optic cable .............................................................3 Internetwork Packet eXchange......................................98
Fields.............................................................................16 Introduction ...................................................................1
File Sharing...................................................................86 IP 17, 48, 72, 75
File Transfer Protocol .............................................73, 76 IP Address...............................................................48, 58
Flow Control .................................................................50 IP Address Classes ........................................................59
Fragmentation .........................................................48, 50 IP Datagram Format ......................................................49
Fragmenting Datagrams ................................................50 IP Host Address ............................................................58
Frame Check Sequence .....................................29, 31, 34 IPX ................................................................................98
Frame Control ...............................................................34 ISDN .............................................................................45
Frame Status..................................................................34 ISN ................................................................................53
Frames...........................................................................16 ISO ................................................................................13
Frames and Network Interfaces.....................................17 Isolating the Server .......................................................91
FS..................................................................................34
FTP .........................................................................73, 76
—L—
LAN ..............................................................................10
—G— Layer .............................................................................13
Gateway ..............................................................7, 19, 48 Layered Architecture.....................................................13
Gateway Protocols ........................................................76 Leased line ....................................................................44
Gateway-to-Gateway Protocol ................................61, 76 Length Field ..................................................................31
GGP ........................................................................61, 76 Limited Broadcast Address ...........................................80
Link Service Access Point.............................................24
Link Support Layer .......................................................37
—H— Links .............................................................................10
Handshake.....................................................................54 LLC ...............................................................................24
Index 119
LLC Data Field .............................................................31 Network File System .........................................76, 84, 86

LMHOSTS....................................................................99 Network Information Service ..................................68, 76
LMHOSTS File Lookup ...............................................79 Network Interface Card ...................................................4
Local Area Networks ....................................................10 Network Layer...............................................................17
Local Device ...................................................................5 Network Media ..............................................................2
Local Resource................................................................5 Network Medium ............................................................2
Logical Link Control.....................................................24 Network Operating System .............................................4
LSAP.............................................................................24 Network Time Protocol...........................................74, 76
LSL ...............................................................................37 Network Topology ..........................................................8
Networks ........................................................................8
Next Hop.......................................................................62
—M— NFS .............................................................73, 76, 84, 86
MAC .................................................................17, 26, 36 NIC..................................................................................4
Machine-to-Machine network.........................................8 NIS ..........................................................................68, 76
Managed Network Entity ..............................................95 NIS maps.......................................................................68
Managing Connections .................................................56 Node....................................................................6, 10, 16
Managing DNS ...........................................................106 Normal Group Names .................................................103
Managing LMHOST Files ..........................................105 NOS ................................................................................4
Managing WINS ...........................................................99 NOS Gateways and Servers...........................................88
Manual allocation .........................................................81 NOS Support for Native IP ...........................................89
Maps .............................................................................69 NTP .........................................................................74, 76
MAU ...............................................................................9 NWLink ..................................................................97, 98
Maximum Transmission Unit..................................17, 50
Media Access Control.............................................17, 36 —O—
Media Access Unit ..........................................................9
Medium Access Control................................................26 Object Identifier ............................................................96
Microsoft Network Protocol Architecture.....................97 Object Identifier Hierarchy ...........................................96
Microsoft Network Protocols........................................97 ODI ...............................................................................37
Microsoft TCP/IP........................................................97 ODINSUP.COM ...........................................................38
MIME ...........................................................................85 Open Datalink Interface ................................................37
MLID ............................................................................37 Open Shortest Path First ...............................................75
M-node........................................................................101 Open Systems Interconnect ...........................................13
Mounting a directory.....................................................84 Operating Dual Protocol Stacks ....................................36
MTU .......................................................................17, 50 OSI ................................................................................13
Multihomed Names.....................................................102 OSPF.............................................................................75
Multiple Link Interface Drivers ....................................37 Other Special Names...................................................103
Multiple Protocol Stacks...............................................77
Multiplexer....................................................................39
Multiplexing......................................................20, 39, 64
—P—
Multipurpose Internet Mail Extensions.........................85 Packet....................................................11, 16, 17, 18, 41
Mux...............................................................................39 Packet Switching...........................................................40
Packet-Switched networks ............................................11
—N— PAR...............................................................................52
Passing Datagrams to the Transport Layer ....................50
Name Resolution with HOSTS Files...........................106 PDC.............................................................................104
Names and Addresses ...................................................66 PDU ............................................................22, 29, 31, 95
Naming versus Browsing ............................................104 Peer-to-Peer Communication ........................................23
NBF...................................................................78, 97, 98 Peer-to-Peer network.......................................................8
NBT ................................................................78, 97, 100 Physical Layer ...............................................................14
NCP ..............................................................................98 P-node .........................................................................100
NDIS .......................................................................36, 97 Polling.....................................................................24, 95
NetBEUI .......................................................................77 POP ...............................................................................85
NetBEUI Frame Protocol..............................................98 Port Numbers ................................................................65
NETBIND .....................................................................37 Positive Acknowledgement with Retransmission..........52
NetBIOS........................................................................77 Post Office Protocol ......................................................85
NetBIOS Frame.............................................................78 Preamble .................................................................29, 31
NetBIOS Frame protocol ..............................................97 Presentation Layer.........................................................21
NetBIOS over TCP/IP.....................................78, 97, 100 Primary Domain Controller.........................................104
NetWare Core Protocol.................................................98 Probabilistic Access Method.........................................31
Network Access Layer ..................................................47 Process/Application Layer ............................................57
Network Address.....................................................18, 75 PROTMAN.DOS ..........................................................36
Network Components....................................................4 PROTMAN.OS2 ...........................................................36
Network Driver Interface Specification ........................97 Protocol Data Unit ......................................22, 29, 31, 95
Network Driver Interface Standard ...............................36 Protocol Manager Program ...........................................36
Network File Server ......................................................73 Protocol Numbers .........................................................65
Index 120
Protocol Stack.........................................................13, 14 SSAP .............................................................................26

PROTOCOL.INI ...........................................................37 Star Network .................................................................10
Protocols and Protocol Stacks ....................................35 Start Frame Delimiter....................................................31
Protocols, Ports, and Sockets ........................................64 Start-of-Frame Sequence...............................................33
Providing Full Internet Connectivity ............................91 Station ...........................................................................16
Stat-MUX......................................................................39
STP..................................................................................2
—R— Structure of Management Information ..........................96
RARP ..........................................................64, 74, 75, 79 Subdomains...................................................................68
Redirecting routes .........................................................51 Subnet ...........................................................................59
Redirectors and File Sharing.........................................87 Switche....................................................................41, 43
Reliability and Acknowledgement ................................54 Switched Digital Lines ..................................................45
Reliable Delivery Protocol............................................72 Switching Data ..............................................................40
Remote File System ......................................................86 Synchronically.................................................................1
Remote Procedure Call .....................................70, 73, 76
Remote Procedure Call Execution ................................70 —T—
Remote Resource ............................................................5
Repeater ..........................................................................6 Table of Figures ..........................................................115
Request For Comments .................................................46 T-connector .....................................................................8
Resolving Names on Microsoft Networks...................100 TCP .................................................19, 51, 52, 72, 75, 84
Reverse Address Resolution Protocol .........64, 74, 75, 79 TCP Segment Format ....................................................53
RFC...............................................................................46 TCP/IP ..............................................................17, 97, 98
RFS ...............................................................................86 TCP/IP Applications .....................................................79
RG-58 .............................................................................2 TCP/IP Protocols Inside a Sample Gateway .................57
Ring Network..................................................................9 TDI..........................................................................90, 97
RIP ..........................................................................61, 75 TDR.............................................................................112
RJ-11...............................................................................2 Telecommunication.........................................................1
RJ-45...........................................................................2, 8 Telematics .......................................................................1
Root server....................................................................67 Telnet ......................................................................73, 76
Router .....................................................7, 17, 18, 41, 42 Terminology..................................................................24
Routing .......................................................18, 48, 60, 75 Testing Basic Connectivity .........................................112
Routing Datagram .........................................................50 TFTP .......................................................................74, 76
Routing Information Protocol .................................61, 75 The Domain Hierarchy..................................................67
RPC...................................................................70, 73, 76 The Host Table..............................................................66
The Internet ...................................................................17
The Internet Model .....................................................46
—S— The Network Information Centre Host Table................67
SA .................................................................................34 The Routing Table.........................................................61
SAP ...............................................................................19 The seven-layer OSI Reference Model.......................13
Scopes .....................................................................82, 98 The Starting Delimiter...................................................34
SD .................................................................................34 The TCP/IP Family of Protocols ................................75
Segment ........................................................................52 The way data are delivered through internetworks........39
Sequenced Packet eXchange.........................................98 Thick coax.......................................................................2
Server ..............................................................................4 Thin coax ........................................................................2
Service Access Point.....................................................19 Thin Ethernet ..................................................................2
Service Message Block .................................................78 Thinnet Network ...........................................................12
Session Layer ................................................................20 Three-Way Handshake ..................................................54
SFD ...............................................................................31 Time Domain Reflectometer .......................................112
SFS................................................................................33 Time-Division Multiplexing..........................................39
SGMP ...........................................................................96 TMD..............................................................................39
Shielded Twisted-Pair .....................................................2 Token Passing ...............................................................24
Simple Gateway Management Protocol ........................96 Token Ring......................................................................9
Simple Mail Transfer Protocol..........................73, 76, 84 Transmission Control Protocol .............19, 51, 52, 72, 84
Simple Network Management Protocol ......28, 73, 76, 95 Transmission Line Theory ........................................107
SMB..............................................................................78 Transport .......................................................................75
SMI ...............................................................................96 Transport Control Protocol ...........................................75
SMTP......................................................................73, 76 Transport Driver Interface.......................................90, 97
SNMP ...................................................28, 73, 76, 84, 95 Transport Layer .............................................................19
Socket .....................................................................55, 66 Trap-directed polling.....................................................95
Some examples of common used networks...................12 Trivial File Transfer Protocol..................................74, 76
Source Address .............................................................34 Troubleshooting Hints.................................................112
Source Routing .............................................................42 Troubleshooting TCP/IP...................................110, 111
Source Service Access Point.........................................26 T-shaped connector .........................................................8
Spanning-tree algorithm................................................42 Twisted-pair cable ...........................................................2
SPX...............................................................................98 Type field ......................................................................29
Index 121
—U— —V—
UDP ............................................................19, 51, 72, 75 VCS...............................................................................25
UDS ..............................................................................25 Virtual Circuit Service ..................................................25
ULP...............................................................................24
Unacknowledged Datagram Service .............................25
UNC............................................................................105
—W—
Universal Naming Convention....................................105 WAN .............................................................................12
Unreliable......................................................................41 What TCP/IP provides ..................................................46
Unshielded Twisted-Pair.................................................2 Wide Area Networks .....................................................12
Upper-Layer Protocols..................................................24 Windows Internet Name Service.............................78, 99
Upper-Level Protocol driver ...................................36, 37 WINS ..............................................................78, 99, 101
User Datagram Protocol..............................19, 51, 72, 75
User services .................................................................76
UTP.................................................................................2 —X—
XDR ........................................................................57, 70
Index 122

Tcpip

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Tcpip

Загружено:

Авторское право:

Доступные форматы

Bits

Workstation Workstation Workstation Workstation Workstation Workstation Workstation Workstation

Layer 2, the Data Link Layer ..........................................................................................................15

Internet Routing Architecture .................................................................................44

Table of Contents III

Reverse Address Resolution Protocol ...................................................................44

Telematics is the combination of informatics and telecommunication. It includes a total of services

Data-communication is the combination of data-processing and telecommunication. It includes the

Figure 1 shows different possibilities for communication of great distance.

Figure 2 shows the symbol used for a Twisted-Pair line tag.

There are two types of Twisted-Pair cable in use:

Figure 3 shows the symbol used for a Coaxial line tag.

There are two types of coaxial cable in use:

Figure 4 shows the symbol used for a Fibre-optic line tag.

Figure 5 shows the symbol used for a Network Interface Card.

Figure 6 shows the symbol used for a Client.

Figure 7 shows the symbol used for a Server.

Figure 8 shows a Client-Server model.

Figure 9 shows Local Resources.

Server Network your machine

Figure 10 shows Remote Resources.

Node Node Node Node

Figure 11 shows a Node.

A Concentrator is a device that concentrates several network connections at a single point. It is a

Figure 12 shows the symbols used for a Concentrator.

Figure 13 shows the symbol used for a Hub.

Figure 14 shows the symbol used for a Repeater.

Figure 15 shows the symbol used for a Bridge.

Figure 16 shows the symbol used for a Router.

Figure 17 shows the symbol used for a Gateway.

Ethernet Backbone Cable

Figure 18 shows the symbol used for a Backbone.

Workstation Workstation Workstation Workstation

Figure 19 shows a schematic of a bus network.

NIC NIC NIC

Figure 20 shows a schematic of a machine-to-machine bus network.

Figure 21 shows a schematic of a Token Ring network.

Figure 22 shows the token access method in a Token Ring network.

Figure 23 shows a schematic of a star network.

Figure 24 shows a schematic of a hub network.

There are three characteristics of LAN’s that must always be considered:

The medium is straightforward:

The transmission technique is usually one of two:

Figure 25 shows fragmentation and reassemble of a message on a circuit switching network.

Figure 26 shows fragmentation and reassemble of a message on a packet switching network.

Some examples of common used networks:

Local Area Network Local Area Network

Ethernet Backbone Cable

Local Area Network Local Area Network

Figure 27 shows a schematic of a Backbone Network.

Figure 28 shows a schematic of a Thinnet Network.

Figure 29 shows a schematic of a 10BASET Network.

The seven-layer Open Systems Interconnection (OSI) Reference Model:

The approach used to designing a communication system is known as a layered architecture.

Characteristics of Layered Architectures:

The seven-layer OSI Reference Model 13

Network Protocol Stack

Figure 30 shows the seven-layer Open Systems Interconnection Reference Model.

Description of each of these layers:

The seven-layer OSI Reference Model 14

Data Frame Format:

The seven-layer OSI Reference Model 15

Figure 31 shows an example of a data frame.

The fields in figure 31 are as follows: