Вы находитесь на странице: 1из 98


The Internet protocols are the world’s most

popular open-system (nonproprietary) protocol
suite because they can be used to
communicate across any set of interconnected
networks and are equally well suited for LAN
and WAN communications.
The TCP/IP protocol suite is being used for
communications, whether for voice, video, or
data. TCP/IP is a large collection of different
communication protocols based upon the two
original protocols TCP and IP.
TCP - Transmission Control Protocol
The TCP protocol is used for the transmission
of data from an application to the network.
TCP is responsible for breaking data down into
IP packets before they are sent, and for
assembling the packets when they arrive.
IP - Internet Protocol
The IP protocol takes care of the
communication with other computers. IP is
responsible for the sending and receiving data
packets over the Internet.
In the mid 1970s, the Defense Advanced
Research Project Agency (DARPA) was
interested in providing packet-switched
network communications between the
many research institutions in the United
DARPA and other government
organizations understood the potential of
packet-switched technology and were
just beginning to discover that virtually
all companies with networks needed to
support communication among dissimilar
computer systems.
Computer communication started for
exchanging simple text and binary data,
carried by the most common
telecommunications network technology
called Circuit Switching. It is highly in-
efficient in use of network resources.
The fundamental technology of the
Internet is Packet Switching, a data
network in which all components (i.e.,
hosts and switches) operate
With the goal of heterogeneous
connectivity in mind, DARPA funded
research by Stanford University and Bolt,
Beranek, and Newman to create a series
of communication protocols.
The result of that development effort,
completed in the late 1970s, was the
Internet protocol suite, of which the
Transmission Control Protocol (TCP) and
the Internet Protocol (IP) are the two
best-known members.
Use of the term “Internet” to refer to these
protocols is appropriate, because the Internet
protocols were developed to operate across
and provide connectivity between already
existing networks (for example, the telephone
network, dedicated links, and satellite circuits).
The design of the Internet protocols explicitly
accounted for the fact that the networks being
tied together were heterogeneous in nature.
They each supported different speeds, error
characteristics, data unit sizes, and
information formats.
The protocol suite of TCP/IP is becoming
the world’s most widely implemented
network protocol.
• 1970s—WANG
• 1980s—SNA / Novell NetWare
• 1990s—Novell and TCP/IP
• TCP/IP combined with the Web
browser is creating a new type of
client/server network operating
The first design goal of TCP/IP was to
build an interconnection of networks that
provided universal communication
Each physical network has its own
technology-dependent communication
interface, in the form of a programming
interface that provides basic
communication functions (primitives).

Communication services are provided by
software that runs between the physical
network and the user applications and
that provides a common interface for
these applications, independent of the
underlying physical network.
The architecture of the physical networks
is hidden from the user.

The second aim is to interconnect
different physical networks to form what
appears to the the user to be one large
network. Such a set of interconnected
networks is called an INTERNETWORK or
To be able to interconnect two networks,
A device (Router) is attached to both
networks and that can forward packets
from one network to the other.
The TCP is one of the core protocols of
the Internet protocol suite. Using TCP,
programs on networked computers can
create connections to one another, over
which they can send data. The protocol
guarantees that data sent by one
endpoint will be received in the same
order by the other, and without any
pieces missing. It also distinguishes data
for different applications (such as a Web
server and an email server) on the same
TCP supports many of the Internet's
most popular applications, including
Transmission Control Protocol (TCP) is a
connection-oriented, reliable-delivery
byte-stream transport layer
communication protocol, In the Internet
protocol suite, TCP is the intermediate
layer between the Internet Protocol
below it, and an application above it.
Applications most often need reliable
pipe-like connections to each other,
whereas the Internet Protocol does not
provide such streams, but rather only
unreliable packets. TCP does the task of
the transport layer in the simplified OSI
model of computer networks.
TCP sends data as an unstructured
stream of bytes.

By using sequence numbers and
acknowledgment messages, TCP can
provide a sending node with delivery
information about packets transmitted to
a destination node.
Where data has been lost in transit from
source to destination, TCP can retransmit
the data until either a timeout condition
is reached or until successful delivery has
been achieved.
TCP can also recognize duplicate
messages and will discard them
appropriately. If the sending computer is
transmitting too fast for the receiving
computer, TCP can employ flow control
mechanisms to slow data transfer.
TCP can also communicate delivery
information to the upper-layer protocols
and applications it supports.
Applications send streams of 8-bit bytes
to TCP for delivery through the network,
and TCP divides the byte stream into
appropriately sized segments (usually
delineated by the maximum transmission
unit (MTU) size of the data link layer of
the network the computer is attached

TCP then passes the resulting packets to
the Internet Protocol, for delivery
through an internet to the TCP module of
the entity at the other end.
TCP checks to make sure that no packets
are lost by giving each byte a sequence
number, which is also used to make sure
that the data are delivered to the entity
at the other end in the correct order.

The TCP module at the far end sends back an
acknowledgement for packets which have been
successfully received; a timer at the sending
TCP will cause a timeout if an
acknowledgement is not received within a
reasonable round-trip time (or RTT), and the
(presumably lost) data will then be re-
The TCP checks that no bytes are damaged by
using a checksum; one is computed at the
sender for each block of data before it is sent,
and checked at the receiver.

The heterogeneity of networks has
expanded further with the deployment of
Ethernet, Token Ring, Fiber Distributed
Data Interface (FDDI), X.25, Frame
Relay, Switched Multi-megabit Data
Service (SMDS), Integrated Services
Digital Network (ISDN), and most
recently, Asynchronous Transfer Mode

The Internet protocols are the best
proven approach to internetworking this
diverse range of LAN and WAN
The TCP/IP suite includes specifications
for common applications as electronic
mail, terminal emulation, and file

TCP connections contain three phases:
• Connection establishment
• Data transfer
• Connection termination
A 3-way handshake is used to establish a
A 4-way handshake is used to disconnect.
During connection establishment, parameters
such as sequence numbers are initialized to
help ensure ordered delivery and robustness.
Connection establishment (3-way
handshake) While it is possible for a pair
of end hosts to initiate a connection
between themselves simultaneously,
typically one end opens a socket and
listens passively for a connection from
the other. This is commonly referred to
as a passive open, and it designates the
server-side of a connection.
The client-side of a connection initiates
an active open by sending an initial SYN
segment to the server as part of the 3-
way handshake. The server-side should
respond to a valid SYN request with a
Finally, the client-side should respond to
the server with an ACK, completing the
3-way handshake and connection
establishment phase.
The Internet Protocol (IP) is the primary
Network-Layer (Layer 3) protocol in the
Internet suite that contains addressing
information and some control information
that enables packets to be routed.
IP along with TCP represents the heart of
the Internet protocol suite.
It is described as a “connectionless
datagram service”.
IP is documented in RFC 791 (Request
For Comments).
Documentation of the Internet protocols
(including new or revised protocols) and
policies are specified in technical reports
called Request For Comments (RFCs),
which are published and then reviewed
and analyzed by the Internet
community. Protocol refinements are
published in the new RFCs.
In inter-network routing, IP provides
error reporting and fragmentation and
reassembly of information units called
DATAGRAMS for transmission over
networks with different maximum data
unit sizes. Datagrams are packets of
information that can be destined for one,
many or all stations (UNICAST,
requirement for the intended recipient/s
to acknowledge whether the datagram
was received.
As IP is connectionless, no specific route
is defined between 2 communicating
nodes, so DATAGRAMS traveling can
travel through different routes and reach
destination in a different order.
One of the major roles of IP layer is to
make it unnecessary for higher layer
protocols to understand anything about
the physical capabilities of the media
supporting them.

IP has two main responsibilities:
• providing connectionless, best-effort
delivery of DATAGRAMS through an inter-
• providing fragmentation and reassembly
of DATAGRAMS to support data links with
different maximum-transmission unit
(MTU) sizes.
IP addresses are globally unique, 32-bit
numbers assigned by the Network
Administrator. Globally unique addresses
permit IP networks anywhere in the world to
communicate with each other.
Data packets or segments in TCP/IP are
only prepared for travel by TCP and once
arrived at destination are reassembled
by the receiving TCP program into the
original message. TCP then delivers the
message to the proper session or
The delivery is done through the 'port'.
So, TCP is not moving data physically it
is only 'packing' and 'unpacking' it. The
programs and hardware for moving data
are called by TCP to do the work.
The 'network layer' is responsible for
putting the packets in an envelope
(Datagram), writing a destination
address and a source address and some
special delivery options on the envelope,
and then requesting the 'data link layer'
and the 'physical layer' to deliver the
envelopes. These lower layers are the
real movers. In TCP/IP, the 'network
layer' is IP (Internet Protocol). The
'envelope' that IP uses to put the TCP
segments in is actually another header.
No. IP Header Field Bits Purpose

1 Version 4 Indicates the version of IP currently used. Ipv4

or Ipv6

2 IP Header 4 Indicates the datagram header length in 32-bit

Length (IHL) words. Minimum is 5 that is most commonly
used. Header must be at least 20 bytes long.

3 Type-of-Service 8 Specifies how an upper-layer protocol would

like a current datagram to be handled, and
assigns DATAGRAMS various levels of
importance, like Reliability, Precedence, Delay
and Throughput Parameters. It is indication of
the quality of Service requested for IP Packet.
Usually it is not used.

No. IP Header Field Bits Purpose

4 Total Length 16 Specifies the length, in bytes, of the entire IP packet,

including the data and header.

5 Identification 16 Contains a unique integer assigned by sending device

that identifies the current datagram to aid in
reassembling a fragmented packet. Primary purpose is
to allow the destination device to collect all fragments
from a packet, since they will have the same
identification number.

6 Flags 3 Consists of a 3-bit field of which the two low-order

(least-significant) bits control fragmentation.
The low-order (3rd) bit specifies whether the packet
can be fragmented, if zero means “Last Fragment”, if
one means “More Fragment”.
The middle bit (2nd) specifies whether the packet is
the last fragment in a series of fragmented packets, if
zero means “May Fragment” if one means “Don’t
The high-order (1st) bit is not used and always zero.

No. IP Header Field Bits Purpose

7 Fragment Offset 13 Indicates the position of the fragment’s data relative

to the beginning of the data in the original datagram,
which allows the destination IP process to properly
reconstruct the original datagram.
Used with fragmented packets for full packet

8 Time-to-Live 8 Maintains a counter that gradually decrements down

to zero, at which point the datagram is discarded.
It contains time, that packet is allowed to remain on
an Inter-network. Each IP device that the packet
passes through will decrease the value by the time it
takes it to process the IP Header. All routers must
decrease this value by a minimum of one. If value
drops to zero the packet is discarded. This guarantees
that packets cannot travel around an IP network in a
loop even if routing tables become corrupt.

9 Protocol 8 Indicates which upper-layer protocol receives

incoming packets after IP processing is complete.

No. IP Header Field Bits Purpose

10 Header Checksum 16 Helps ensure IP header integrity.

11 Source Address 32 Specifies the 32-bit IP address of sending node.

12 Destination 32 Specifies the 32-bit IP address of receiving node.


13 Options VAR Allows IP to support various options, such as security.

These are not required in every packet, may be used
for Network testing or debugging.

14 Data VAR Contains upper-layer information. The total length of

Data field plus header (is 65,535 maximum).

Traffic Types


Reliability Should be High

Speed Not matter

Voice and Video

Reliability Not matter

Speed Should be High

Each technology has its own convention for
transmitting messages between two machines
within the same network.
On a LAN, messages are sent between
machines by supplying the six byte unique
identifier called "MAC" address.
In an SNA network, machine have Logical
Units with their own network address.
SNA (Systems Network Architecture) is
developed by IBM in 1974, for Mainframe
Computers to support Peer-to-Peer Network or
DECNET, Appletalk, and Novell IPX all
have a scheme for assigning numbers to
each local network and to each
workstation attached to the network.
On top of these local or vendor specific
network addresses, TCP/IP assigns a
unique number to every workstation in
the world called "IP number"

Internet Assigned Number Authority
The Internet employs a central Internet
Assigned Numbers Authority (IANA) for
the allocation and assignment of various
numeric identifiers needed for the
operation of the Internet.
The IANA function is performed by the
University of Southern California's
Information Sciences Institute.
The IANA co-ordinates the assigned
values of protocol parameters, including
type codes, protocol numbers, port
numbers, Internet addresses, and
Ethernet addresses.
The IANA delegates the responsibility of
assigning IP network numbers and
domain names to three Regional Internet
Registries (RIRs):
• ARIN (American Registry for Internet Numbers)
• RIPE (Reseaux IP European)
• APNIC (Asia Pacific Network Information Centre)
The registries provide databases and
information servers for domains,
networks, AS numbers, and their
associated Point Of Contacts (POCs).
The documents distributed by the
Internet registries include network
information, and procedures, including
application forms, to request network
numbers and register domain name
IP addresses are represented by a 32-bit
unsigned binary value which is usually
expressed in a dotted decimal format. An
IP address is made of four groups of
decimal numbers between 0 - 255
separated by Periods. The standards for
IP addresses are described in RFC 1166–
Internet Numbers.

To be able to identify a host on the Internet,
each host is assigned an address, the IP
address, or Internet Address. When the host is
attached to more than one network, it is called
multi-homed and it has one IP address for
each network interface.
An IP address is divided into three parts.
The first part designates the network address,
the second part designates the subnet
address, and
the third part designates the host address.

Traditional IP Address Classes
The first part of an Internet address
identifies the network, on which a host
resides, while the second part identifies
the particular host on a given network.
The network-ID field can also be referred
to as the network-number or the
network-prefix. All hosts on a given
network share the same network-prefix
but must have a unique host-number.

There are five different address classes
supported by IP addressing. The class of
an IP address can be determined from
the high-order (left-most) bits.

IP Address Conversion
Binary to Decimal

Class A (/8 Prefixes)
Class A networks are intended mainly for use
with a few very large networks, because they
provide only 8 bits for the network address
Class A addresses were assigned to networks
with a very large number of hosts. The high-
order bit in a class A address is always set to
zero. The next seven bits (completing the first
octet) represent the network ID and provide
126 possible networks. The remaining 24 bits
(the last three octets) represent the host ID.
Each network can have up to 16777214 hosts.
Class A addresses use 7 bits for the
<network> and 24 bits for the <host> portion
of the IP address. That allows for 27-2 (126)
networks with 224-2 (16777214) hosts each; a
total of over 2 billion addresses.

Class B (/16 Prefixes)
Class B networks allocate 16 bits, and Class C
networks allocate 24 bits for the network
address field. Class B addresses were assigned
to medium-sized to large-sized networks.
The two high-order bits in a class B address
are always set to binary 1 0. The next 14 bits
(completing the first two octets) represent the
network ID. The remaining 16 bits (last two
octets) represent the host ID. Therefore, there
can be 16382 networks and up to 65534 hosts
per network.

Class B addresses use 14 bits for the
<network> and 16 bits for the <host> portion
of the IP address. That allows for 214-2
(16382) networks with 216-2 (65534) hosts
each; a total of over 1 billion addresses.

Class C (/24Prefixes)
Class C networks only provide 8 bits for the
host field, however, so the number of hosts
per network may be a limiting factor.
Class C addresses were used for small
networks. The three high-order bits in a class
C address are always set to binary 1 1 0. The
next 21 bits (completing the first three octets)
represent the network ID. The remaining 8 bits
(last octet) represent the host ID. There can,
therefore, be 2097150 networks and 254 hosts
per network.

Class C addresses use 21 bits for the
<network> and 8 bits for the <host> portion
of the IP address. That allows for 221-2
(2097150) networks with 28-2 (254) hosts
each; a total of over half a billion addresses.

Class D
Class D addresses are employed for multicast
group usage. A multicast group may contain
one or more hosts, or none at all. The four
high-order bits in a class D address are always
set to binary 1 1 1 0. The remaining bits
designate the specific group, in which the
client participates. When expressed in dotted
decimal notation, multicast addresses range
from through
There are no network or host bits in the
multicast operations. Packets are passed to a
selected subset of hosts on a network.
Only those hosts registered for the multicast
operation accept the packet.
Some multicast group addresses are assigned
as well-known addresses by the IANA. For
example, the multicast address is
used for OSPF hello messages, and
is used for RIP-2.

Class E
Class E is an experimental address not
available for general use. It is reserved for
future use. The high-order bits in a class E
address are set to 1 1 1 1 0.
Extract from RFC1812 “Requirements for IPv4
Routers” ‘The explosive growth of the Internet
has forced a review of address assignment
The traditional uses of general purpose (Class
A, B, and C) networks have been modified to
achieve better use of IP's 32-bit address space.
Classless Inter Domain Routing (CIDR) is a
method currently being deployed in the
Internet backbones to achieve this added
efficiency. CIDR depends on deploying and
routing to arbitrarily sized networks.
In this model, hosts and routers make no
assumptions about the use of addressing in the
The Class D (IP Multicast) and Class E
(Experimental) address spaces are preserved,
although this is primarily an assignment

Each address contains a self-encoding
key to identify the dividing point between
the network-ID and the host-Number,
i.e. 0,10,110 etc.








N = The network ID bits M = The multicast address bits

H = The host ID bits R = Reserved bits
All bits 0
Stands for this:
this host (IP address with <host address>=0)
or this network (IP address with <network
When a host wants to communicate over a
network, but does not yet know the network IP
address, it may send packets with <network
address>=0. Other hosts on the network will
interpret the address as meaning this network.
Their reply will contain the fully qualified
network address, which the sender will record
for future use.
All bits 1
Stands for all: all networks or all hosts.
For example, the following means all
hosts on network 128.2 (class B
This is called a directed broadcast
address because it contains both a valid
<network address> and a broadcast
<host address>.


The class A network is defined

as the loopback network.

Addresses from that network are

assigned to interfaces that process data
inside the local system and never access
a physical network (loopback interfaces).

RFC 1918 requests that organizations
make use of the private Internet address
space for hosts which require IP
connectivity within the enterprise
network, but do not require external
connections to the global Internet.
For this purpose the IANA has reserved
the following three address blocks for
private Internets: - - -
Any organization that elects to use
addresses from these reserved blocks
can use without contacting the IANA or
an Internet registry. These addresses
are never injected into the global
Internet routing system, the address
space can be used simultaneously by
many organizations. The disadvantage of
this addressing scheme is that it requires
an organization to use a Network
Address Translator (NAT) for global
Internet access.

• Private IP
• Class A : -
• Class B : -
• Class C : -
• Special IP
• Class A : -
• Class B : -
• Public IP
• All remaining IP Addresses are Public

CLASSFUL IP Addressing and
The difference between Classful IP
addressing and Classless IP addressing is
in selecting the number of bits used for
the network ID portion of an IP address.
In Classful IP addressing, the network ID
portion can take only the predefined
number of bits 8, 16, or 24.
In Classless addressing, any number of
bits can be assigned to the network ID.
The following rules must be adhered to when
assigning network IDs and host IDs:

The network ID cannot be 127. The class A

network address is reserved for
loop-back and is designed for testing and
inter-process communication on the local
device. When any device uses the loop-back
address to send data, the protocol software
in the device returns the data without
sending traffic across any network.
The network ID and host ID bits of a specific
device cannot be all 1s. If all bits are set to 1,
the address is interpreted as a broadcast
rather than a host ID. The following are the
two types of broadcast:
1. If a destination address contains all 1s in the
network ID and the host ID (
then it, is a limited broadcast, that is, a
broadcast on the source’s local network.
2. If a destination address contains all 1s in the
host ID but a proper net-work ID, for example,, this is a directed broadcast,
that is, a broadcast on a specified network (in
this example network

The network ID and host ID bits cannot
all be 0s. If all bits are set to 0, the
address is interpreted to mean ‘this
network only’.
The host ID must be unique to the local

Invalid IPs
Every IP address whose host portion is
whole 0 or 1
Host Portion whole 0 refer NID
Host Portion whole 1 refer BID

ARP - Address Resolution Protocol
To connect to a remote computer we
must know it’s IP address , but we do
not need to know it’s MAC address.
ARP was invented for this reason.
It relates IP’s to MAC addresses only on
media that supports broadcasts. Each
node maintains a cache called the ARP
cache, which holds a table of IP’s against
MAC addresses.
How ARP works
When IP is requested to send a
datagram to another IP address, it first
looks in the ARP cache to find the
corresponding MAC address.
If there is no entry it then attempts to
look for it using ARP. In order to do this
ARP sends an ARP request datagram to
all LAN cards using a broadcast address.

ARP uses its own Ethernet type 0x0806
for these requests, so they are passed to
the ARP software in all nodes within the
broadcast area.
All cards on a network read this request
datagram and any that discover a match
between their IP and the requested IP
reply with an ARP response.

If a response is received, the answer is
entered to the ARP cache for future use.
If none is received, the request is
ARP DATAGRAMS are not passed through
routers, as a router operates at the IP
layer and will not relay MAC broadcast
traffic. This makes routers a good buffer
between broadcast domains and prevent
flooding networks.

RARP - Reverse ARP
RARP is intended for use with devices that can
not store their IP address, usually diskless
workstations. RARP, like ARP, operates directly
over the data-link layer and has an Ethernet
type 0x8035. Nodes acting as RARP servers
that find a match for the MAC address in their
RARP tables will reply with the corresponding
IP address in a RARP response.
This system requires that at least one server is
present and that the server has a table
defining which IP addresses should be used by
each MAC address.
ICMP - Internet Control Message Protocol
Even though IP is a datagram service and
there is no delivery guarantee, ICMP is
provided within IP and can generate error
messages regarding datagram delivery.
ICMP uses IP DATAGRAMS to carry its
messages back and forth between relevant
nodes. ICMP error messages are generated by
a node recognizing there is a transmission
problem and they are sent back to the
originating address of the datagram that
caused the problem.