c







 serves as a unique identifier for a computer on a network. When set
up correctly, computers can determine the addresses of other computers on the network and use
these addresses to send messages to each other.

One of the best known form of network addressing is the Internet Protocol (IP) address. IP

addresses consist of four bytes (32 bits) that uniquely identify all computers on the public
Internet.

Another popular form of address is the Media Access Control (MAC) address. MAC addresses
are six bytes (48 bits) that manufacturers of network adapters burn into their products to uniquely
identify them.




is simply a code used by computers as a means of identification. Just like
getting information to and from your home requires the postal service to know the house number
and street name, a network address accomplishes the same thing for a computer network.
Without some way of passing along this information, the idea of the Internet would be almost
useless.

Just like the postal service, a computer must know where it is sending information. The network
address is a set of unique identifying sets of information that can be used to find the right
destination. While many may have heard of such an identifier being used to crack identify theft
schemes and other sorts of online crime, that is really just a small part of the overall importance
of the address. Nearly all information will require this address.

There are a number of different ways a network address can be configured on a computer. The
most common way is to use a protocol known as the Internet Protocol (IP). An address that uses
this protocol may also be referred to as an IP address. The information for the IP address is
contained in 32 bits. A computer will likely keep the same IP address at least while connected to
the Internet, though it may also change periodically, and can be manually reset.

The other type of protocol is known as media access control (MAC). This type of network
address has a little more involved simply because it uses 48 bits instead of 32. The information
from a MAC number is very useful, and offers clues along the way about the origin of the
computer and where it is currently located from a physical standpoint. The IP address can also
offer some of these facts as well.

The network address may be used to track someone down who is wanted, but this happens very
rarely. In most cases, getting the information as to the physical location of a computer is highly
privileged. It will likely require some sort of warrant in order to get access to that type of
information.


 





Krom Wikipedia, the free encyclopedia
Jump to: navigation, search

A 

 is a network addressing architecture used in the Internet from 1981 until the
introduction of Classless Inter-Domain Routing in 1993. The method divides the address space
for Internet Protocol Version 4 (IPv4) into five address classes. Each class, coded in the first four
bits of the address, defines either a different network size, i.e. number of hosts for unicast
addresses (classes A, B, C), or a multicast network (class D). The fifth class (E) address range is
reserved for future or experimental purposes.

Since its discontinuation, remnants of classful network concepts remain in practice only in
limited scope in the default configuration parameters of some network software and hardware
components (e.g., default subnet mask), but the terms are often still heard in general discussions
of network structure among network administrators.

Map of the prototype Internet in 1982, showing 8-bit-numbered networks (ovals) only,
interconnected by routers (rectangles).
È

 
Originally, a 32-bit IPv4 address was logically subdivided into the a
a  field, the
most-significant 8 bits of an address, which specified the particular network a host was attached
to, and the local address, also called 

  (the rest of the address), which uniquely identifies
a host connected to that network. This format was sufficient at a time when only a few large
networks existed, such as the ARPANET which was assigned the network number 10, and before
the wide proliferation of local area networks (LANs). As a consequence of this architecture, the
address space supported only a low number (254) of independent networks, and it became clear
very early on that this would not be enough.


  



Expansion of the network had to ensure compatibility with the existing address space and the
Internet Protocol (IP) packet structure, and avoid the renumbering of the existing networks. The
solution was to expand the definition of the network number field to include more bits, allowing
more networks to be designated, each potentially having fewer hosts. All existing network
numbers at the time were smaller than 64, they only used the 6 least-significant bits of the
network number field. Thus it was possible to use the most-significant bits of an address to
introduce a set of address classes, while preserving the existing network numbers in the first of
these classes.

The new addressing architecture was introduced by RKC 791 in 1981 as a part of the
specification of the Internet Protocol.[1] It divided the address space into primarily three address
formats, henceforth called address @ 

, and left a fourth range reserved to be defined later.

The first class, designated as  

, contained all addresses in which the most significant bit is

zero. The network number for this class is given by the next 7 bits, therefore accommodating 128
networks in total, including the zero network, and including the existing IP networks already
allocated. A  

 network was a network in which all addresses had the two most-significant
bits set to 1 and 0. Kor these networks, the network address was given by the next 14 bits of the
address, thus leaving 16 bits for numbering host on the network for a total of 65536 addresses
per network.  

 was defined with the 3 high-order bits set to 1, 1, and 0, and designating
the next 21 bits to number the networks, leaving each network with 256 local addresses.

The leading bit sequence  designated an "

@ 
 
a 

a ",[1] which was

later subdivided in to Class D () for multicast addressing, while leaving as reserved for
future use the  block designated as Class E.

This addressing scheme is illustrated in the following table:

 
 

 a
 
 
 



 

  


 a  
 




 
 
 16,777,216
Class A 0 8 24 128 (27) 0.0.0.0 127.255.255.255
(224)
16,384 65,536
Class B 10 16 16 14 16 128.0.0.0 191.255.255.255
(2 ) (2 )
2,097,152
Class C 110 24 8 256 (28) 192.0.0.0 223.255.255.255
(221)
Class D not not not
1110 not defined 224.0.0.0 239.255.255.255
(multicast) defined defined defined
Class E not not not
1111 not defined 240.0.0.0 255.255.255.255
(reserved) defined defined defined

The number of addresses usable for addressing specific hosts in each network is always 2N - 2
(where N is the number of rest field bits, and the subtraction of 2 adjusts for the use of the all-
bits-zero host portion for network address and the all-bits-one host portion as a broadcast
address. Thus, for a Class C address with 8 bits available in the host field, the number of hosts is
254.

Today, IP addresses are associated with a subnet mask. This was not required in a classful
network because the mask was implicitly derived from the IP address itself. Any network device
would inspect the first few bits of the IP address to determine the class of the address.

È


 

In the following table:

 a indicates a binary slot used for network ID.

 A indicates a binary slot used for host ID.

 X indicates a binary slot (without specified purpose)

ï



   
   

ï

 
   
  

ï
ï
 
   
 

ï


   

ï

 
   






In the original Internet routing scheme developed in the 1970s, sites were assigned addresses
from one of three @ 

: Class A, Class B and Class C. The address classes differ in size and
number. Class A addresses are the largest, but there are few of them. Class Cs are the smallest,
but they are numerous. Classes D and E are also defined, but not used in normal operation.

To say that class-based IP addressing in still used would be true only in the loosest sense. Many
addressing designs are still class-based, but an increasing number can only be explained using
the more general concept of CIDR, which is backwards compatible with address classes.

Suffice it to say that at one point in time, you could request the Internet NIC to assign you a class
A, B or C address. To get the larger class B addresses, you might have to supply some
justification, but only the class A was really tough to get. In any case, NIC would set the network
bits, or n-bits, to some unique value and inform the local network engineer. It would then be up
to the engineer to assign each of his hosts an IP address starting with the assigned n-bits,
followed by host bits, or h-bits, to make the address unique.

Internet routing used to work like this: A router receiving an IP packet extracted its Destination
Address, which was classified (literally) by examining its first one to four bits. Once the
address's class had been determined, it was broken down into network and host bits. Routers
ignored the host bits, and only needed to match the network bits to find a route to the network.
Once a packet reached its target network, its host field was examined for final delivery.

ß

 
   
ï


 K
  
 
   

 ˜ 



 ï
 







 


ï


ï


 K
    
   

 ˜ 


 ï
 

   
ï


ï
ï

 K

   
   

 ˜ 


 
 ï
ï 

  
ï
ï

ï
!

 K
"#
  $#  


 

 ˜ 



 ï
!

$#  


%Kï

ï
&

 K
"#
  



 

 ˜ 
 

 %
"
'
$
#


È


A Class B address consists of a 16-bit network address and a 16-bit local or host address.

The first two bits in the network address are dedicated to indicating the network class, leaving 14
bits for the actual network address. There are 16,384 possible network addresses and 65,536
local host addresses. In a Class B address, the highest order bits are set to 1 and 0.

Kigure 1. Class B address.

This illustration shows a typical class B address structure. The first 16 bits contain the network
address. The two highest order bits will always be a one and a zero. The remaining 16 bits
contain the local host address.

The first octet of a Class B address is in the range 128 to 191.





A Class C address consists of a 24-bit network address and an 8-bit local host address.

The first two bits in the network address are dedicated to indicating the network class, leaving 22
bits for the actual network address. Therefore, there are 2,097,152 possible network addresses
and 256 possible local host addresses. In a Class C address, the highest order bits are set to 1 and
1.

Kigure 1. Class C address

This illustration shows a typical class C address structure. The first 24 bits contain the network
address (the two highest order bits will always be a one and a one). The remaining 8 bits contain
the local host address.

In other words, the first octet of a Class C address is in the range 192 to 223.

When deciding which network address class to use, you must consider how many local hosts
there will be on the network and how many subnetworks will be in the organization. If the
organization is small and the network will have fewer than 256 hosts, a Class C address is
probably sufficient. If the organization is large, then a Class B or Class A address might be more
appropriate.

Note: Class D (1-1-1-0 in the highest order bits) addresses provide for multicast addresses and
are supported by UDP/IP under this operating system.

Machines read addresses in binary code. The conventional notation for Internet host addresses is
the 

 @ , which divides the 32-bit address into four 8-bit fields. The following binary
value:



can be expressed as:

  or  

where the value of each field is specified as a decimal number and the fields are separated by
periods.

Note: The hostent command does recognize the following addresses: .08, .008, .09, and .009.
Addresses with leading zeros are interpreted as octal, and numerals in octal cannot contain 8s or
9s.

TCP/IP requires a unique Internet address for each network interface (adapter) on a network.
These addresses are determined by entries in the configuration database, which must agree with
entries in the /etc/hosts file or the named database if the network is using a name server.

 !




 "
NAT (Network Address Translation or Network Address Translator) is the translation of an
Internet Protocol address (IP address) used within one network to a different IP address known
within another network. One network is designated the a
 network and the other is the


 . Typically, a company maps its local inside network addresses to one or more global
outside IP addresses and unmaps the global IP addresses on incoming packets back into local IP
addresses. This helps ensure security since each outgoing or incoming request must go through a
translation process that also offers the opportunity to qualify or authenticate the request or match
it to a previous request. NAT also conserves on the number of global IP addresses that a
company needs and it lets the company use a single IP address in its communication with the
world.

NAT is included as part of a router and is often part of a corporate firewall. Network
administrators create a NAT table that does the global-to-local and local-to-global IP address
mapping. NAT can also be used in conjunction with  @ 
a. NAT can be statically
defined or it can be set up to dynamically translate from and to a pool of IP addresses. Cisco's
version of NAT lets an administrator create tables that map:

 A local IP address to one global IP address statically

 A local IP address to any of a rotating pool of global IP addresses that a company may
have

 A local IP address plus a particular TCP port to a global IP address or one in a pool of
them

 A global IP address to any of a pool of local IP addresses on a round-robin basis

NAT is described in general terms in RKC 1631. which discusses NAT's relationship to Classless
Interdomain Routing (CIDR) as a way to reduce the IP address depletion problem. NAT reduces
the need for a large amount of publicly known IP addresses by creating a separation between
publicly known and privately known IP addresses. CIDR aggregates publicly known IP
addresses into blocks so that fewer IP addresses are wasted. In the end, both extend the use of
IPv4 IP addresses for a few more years before IPv6 is generally supported.

#$
The 
#  $
   (#$) is a computer networking protocol for determining a
network host's Link Layer or hardware address when only its Internet Layer (IP) or Network
Layer address is known. This function is critical in local area networking as well as for routing
internetworking traffic across gateways (routers) based on IP addresses when the next-hop router
must be determined. ARP was defined by RKC 826 in 1982.[1] It is Internet Standard STD 37.
ARP has been implemented in many types of networks, such as Internet Protocol (IP), CHAOS,
DECNET, Xerox PARC Universal Packet, Token Ring, KDDI, IEEE 802.11 and other LAN
technologies, as well as the modern high capacity networks, such as Asynchronous Transfer
Mode (ATM). Due to the overwhelming prevalence of IPv4 and Ethernet in general networking,
ARP is most frequently used to translate IPv4 addresses (OSI Layer 3) into Ethernet MAC
addresses (OSI Layer 2).

In the next generation Internet Protocol, IPv6, ARP's functionality is provided by the Neighbor
Discovery Protocol (NDP).

 
[hide]

 1 Overview and IPv4-plus-Ethernet example

 2 Operating scope

 3 Packet structure

 4 ARP probe

 5 ARP announcements

 6 ARP mediation

 7 Inverse ARP and Reverse ARP

 8 See also

 9 References

 10 External links

O 

 $
 
%

Consider a LAN where machines using IPv4 over Ethernet wish to communicate. A sender
wishes to send a message to some other machine on the LAN and knows a destination IPv4
address. The destination IPv4 address is hopefully associated with some appropriate network
interface belonging to the recipient machine, and is present on the LAN. But in order for
communication to succeed, the sending machine 

a 


@ 
 
 a




 a
a  @ a
a
a
@ . This requirement comes about because

Ethernet hardware does not (necessarily) understand IPv4 protocols or IPv4 addresses in the
sense that Ethernet hardware 'listens out for' relevant Ethernet MAC addresses but does not
'listen out for' IPv4 addresses. (An impractical alternative would be to have all units listen to
every Ethernet packet and inspect the contents for relevant IPv4 addresses, discarding the
packets that are intended for other devices, but this would be very inefficient.) So before sending
an IPv4 packet, the sender sends a broadcast message onto the LAN using ARP in order to
discover the Ethernet MAC address of some interface that is listening for that desired target IPv4
address. Some appropriate unit replies that it has a network interface with a certain MAC address
that is associated with the IPv4 address in question. The original would-be sender now has the
information needed and can go ahead and send its IPv4 packet to the destination inserting it into
an Ethernet frame with the correct destination MAC address for the appropriate recipient. The
sender's operating system also stores the newly discovered MAC address in a table ('caches' the
result). This table of mappings from IPv4 addresses to MAC addresses is retained and consulted
again and again, so the ARP discovery procedure only has to be performed one time, when a
packet is sent to a 'new' destination IPv4 address. When a host goes down on a network, there is
no message sent to inform the other hosts. They will continue to send messages to that MAC
address and because Ethernet doesn't have guaranteed delivery, they will have no way of
knowing that the address associated with that host is no longer correct. A timer is set when
information is entered in to the ARP cache and it will be discarded when the time is up to
prevent the storing of invalid information. A new ARP request will be sent to the stored MAC
address to verify that it is in fact still connected.

O

 
The Address Resolution Protocol is a low level request and answer protocol communicated on
the media access level of the underlying network. Kor Ethernet systems, an ARP message is the
payload of Ethernet packets. ARP therefore operates only across the local link which a host is
connected to.

Within the framework of the Internet Protocol Suite, this characteristic makes ARP a Link Layer
protocol.[2]

ARP is also very often discussed in terms of the Open Systems Interconnect (OSI) networking
model, because that model addresses hardware-to-software interfaces more explicitly and is
preferred by some equipment manufacturers. However, ARP was not developed based on the
design principles and strict encapsulation hierarchy of this model and, therefore, such discussions
create a number of conflicts about the exact operating layer within this model. Most often ARP is
placed into the Data Link Layer (Layer 2), but since it requires the definitions of network
addresses of the Network Layer, it is not unusual to find it referenced at that layer.

An example of use in OSI networking, is ATMARP, used for resolving Asynchronous Transfer
Mode (ATM) NSAP addresses in IP over ATM deployments.

$



The 
#  $
   uses a simple message format that contains one address
resolution request or response. The size of the ARP message depends on the upper layer and
lower layer address sizes, which are given by the type of networking protocol (usually IPv4) in
use and the type of hardware or virtual link layer that the upper layer protocol is running on. The
message header specifies these types, as well as the size of addresses of each. The message
header is completed with the operation code for request (1) and reply (2). The payload of the
packet consists of four addresses, the hardware and protocol address of the sender and receiver
hosts.

The principal packet structure of ARP packets is shown in the following table which illustrates
the case of IPv4 networks running on Ethernet. In this scenario, the packet has 48-bit fields for
the sender hardware address (SHA) and target hardware address (THA), and 32-bit fields for the
corresponding sender and target protocol addresses (SPA and TPA). Thus, the ARP packet size
in this case is 28
bytes.

$
  !$
" 
 
#$

Hardware type

(HTYPE) &'( )'*+

This field
specifies the & Hardware type (HTYPE)
Link Layer *, Protocol type (PTYPE)
protocol type. Hardware address length
Example: -. Protocol address length (PLEN)
(HLEN)
Ethernet is 1.
) Operation (OPER)
Protocol type
(PTYPE) ,
 Sender hardware address (SHA) (first 16 bits)
This field )& (next 16 bits)
specifies the /, (last 16 bits)
upper layer **. Sender protocol address (SPA) (first 16 bits)
protocol for
*.) (last 16 bits)
which the
ARP request *

 Target hardware address (THA) (first 16 bits)
is intended. *,& (next 16 bits)
Kor IPv4, this *(, (last 16 bits)
has the value */. Target protocol address (TPA) (first 16 bits)
0x0800. The
.&) (last 16 bits)
permitted
PTYPE values share a numbering space with those for Ethertype.[3][4][5]
Hardware length (HLEN)
Length (in octets) of a hardware address. Ethernet addresses size is 6.
Protocol length (PLEN)
Length (in octets) of addresses used in the upper layer protocol. (The upper layer protocol
specified in PTYPE.) IPv4 address size is 4.
Operation
Specifies the operation that the sender is performing: 1 for request, 2 for reply.
Sender hardware address (SHA)
Hardware (MAC) address of the sender.
Sender protocol address (SPA)
Upper layer protocol address of the sender.
Target hardware address (THA)
Hardware address of the intended receiver. This field is ignored in requests.
Target protocol address (TPA)
 Upper layer protocol address of the intended receiver.

ARP protocol parameter values have been standardized and are maintained by IANA.[6]

#$

An #$
 is an ARP request constructed with an all-zero
a 

. The term is
used in the 

a @

@
a specification (RKC 5227). Before beginning to use

an IPv4 address (whether received from manual configuration, DHCP, or some other means), a
host implementing this specification must test to see if the address is already in use, by
broadcasting ARP probe packets.

#$
 
ARP may also be used as a simple announcement protocol. This is useful for updating other
hosts' mapping of a hardware address when the sender's IP address or MAC address has changed.
Such an announcement, also called a 


 message, is usually broadcast as an ARP
request containing the sender's protocol address (SPA) in the target field (TPA=SPA), with the
target hardware address (THA) set to zero. An alternative is to broadcast an ARP reply with the
sender's hardware and protocol addresses (SHA and SPA) duplicated in the target fields
(TPA=SPA, THA=SHA).

An ARP announcement is not intended to solicit a reply; instead it updates any cached entries in
the ARP tables of other hosts that receive the packet. The operation code may indicate a request
or a reply because the ARP standard specifies that the opcode is only processed after the ARP
table has been updated from the address fields.[7][8][9]

Many operating systems perform gratuitous ARP during startup. That helps to resolve problems
which would otherwise occur if, for example, a network card was recently changed (changing the
IP-address-to-MAC-address mapping) and other hosts still have the old mapping in their ARP
caches.

Gratuitous ARP is also used by some interface drivers to effect load balancing for incoming
traffic. In a team of network cards, it is used to announce a different MAC address within the
team that should receive incoming packets.

ARP announcements can be used to defend link-local IP addresses in the Zeroconf protocol
(RKC 3927), and for IP address takeover within high-availability clusters.

#$ 
 
 
a refers to the process of resolving Layer 2 addresses when different resolution
protocols are used on multiple connected circuits, e.g., ATM on one end and Ethernet on the
others.

 
#$
 # 
#$
 

#  $
   (Inverse ARP or InARP) is used to obtain Network Layer
addresses (for example, IP addresses) of other nodes from Data Link Layer (Layer 2) addresses.
It is primarily used in Krame Relay (DLCI) and ATM networks, in which Layer 2 addresses of
virtual circuits are sometimes obtained from Layer 2 signaling, and the corresponding Layer 3
addresses must be available before those virtual circuits can be used.

Since ARP translates Layer 3 addresses to Layer 2 addresses, InARP may be described as its
inverse. In addition, InARP is implemented as a protocol extension to ARP: it uses the same
packet format as ARP, but different operation codes.

# 

#  $
   (Reverse ARP or RARP), like InARP, translates Layer 2
addresses to Layer 3 addresses. However, in InARP the requesting station queries the Layer 3
address of another node, whereas RARP is used to obtain the Layer 3 address of the requesting
station itself for address configuration purposes. RARP is obsolete; it was replaced by BOOTP,
which was later superseded by the Dynamic Host Configuration Protocol (DHCP).


 

 Arping

 Arptables

 Arpwatch

 ARP spoofing

 Proxy ARP

 Reverse ARP (RARP)

 Serial line ARP

 Sleep Proxy Service

 Zeroconf

#$
Short for à


 
a

@ a network layer protocol used to convert an IP address
into a physical address (called a !

), such as an Ethernet address. A host wishing to

obtain a physical address broadcasts an ARP request onto the TCP/IP network. The host on the
network that has the IP address in the request then replies with its physical hardware address.

There is also   
"# which can be used by a host to discover its IP address. In this
case, the host broadcasts its physical address and a RARP server replies with the host's IP
address.
# 

#  $
  

The # 

#  $
   (##$) is an obsolete computer networking
protocol used by a host computer to request its Internet Protocol (IPv4) address from an
administrative host, when it has available its Link Layer or hardware address, such as a MAC
address.

RARP is described in Internet Engineering Task Korce (IETK) publication RKC 903.[1] It has
been rendered obsolete by the Bootstrap Protocol (BOOTP) and the modern Dynamic Host
Configuration Protocol (DHCP), which both support a much greater feature set than RARP.

RARP requires one or more server hosts to maintain a database of mappings of Link Layer
addresses to their respective protocol addresses. Media Access Control (MAC) addresses needed
to be individually configured on the servers by an administrator. RARP was limited to serving
only IP addresses.

Reverse ARP differs from the Inverse Address Resolution Protocol (InARP) described in RKC
2390, which is designed to obtain the IP address associated with another host's MAC address.
InARP is the complement of the Address Resolution Protocol used for the reverse lookup.

##$ (Reverse Address Resolution Protocol) is a protocol by which a physical machine in a

local area network can request to learn its IP address from a gateway server's Address Resolution
Protocol (ARP) table or cache. A network administrator creates a table in a local area network's
gateway router that maps the physical machine (or Media Access Control - MAC address)
addresses to corresponding Internet Protocol addresses. When a new machine is set up, its RARP
client program requests from the RARP server on the router to be sent its IP address. Assuming
that an entry has been set up in the router table, the RARP server will return the IP address to the
machine which can store it for future use.

RARP is available for Ethernet, Kiber Distributed-Data Interface, and token ring LANs.

##$


& & & & & & & & & & * * * * * * * * * * . . . . . . . . . . - -
& * . -
 + , ( ) / & * . -
 + , ( ) / & * . -
 + , ( ) / & *
Hardware type Protocol type
Hardware address
Protocol address length Opcode
length
Source hardware address :::
Source protocol address :::
Destination hardware address :::
Destination protocol address :::

A



01 16 bits.

0 2
 
* Ethernet.
. Experimental Ethernet.
- Amateur Radio AX.25.

 Proteon ProNET Token Ring.
+ Chaos.
, IEEE 802.
( ARCNET.
) Hyperchannel.
/ Lanstar.
*& Autonet Short Address.
** LocalTalk.
*. LocalNet (IBM PCNet or SYTEK LocalNET).
*- Ultra link.
*
 SMDS.
*+ Krame Relay.
*, ATM, Asynchronous Transmission Mode.
*( HDLC.
*) Kibre Channel.
*/ ATM, Asynchronous Transmission Mode.
.& Serial Line.
.* ATM, Asynchronous Transmission Mode.
.. MIL-STD-188-220.
.- Metricom.
.
 IEEE 1394.1995.
.+ MAPOS.
., Twinaxial.
.( EUI-64.
.) HIPARP.

$
  01 16 bits.

$
  2
 
&%)&& IP.
A





 1 8 bits.
Length of the hardware address in bytes.

$
  

 1 8 bits.
Length of the protocol address in bytes.

O 1 8 bits.

O  2
  #

- Request Reverse. RKC 903

 Reply Reverse. RKC 903


#  $
  
#$
 ##$



 
Address Resolution Protocol (ARP) provides a completely different function to the network
than Reverse Address Resolution Protocol (RARP). ARP is used to resolve the ethernet
address of a NIC from an IP address in order to construct an ethernet packet around an IP
data packet. This must happen in order to send any data across the network. Reverse address
resolution protocol (RARP) is used for diskless computers to determine their IP address
using the network.


#  $
  !#$"

In an earlier section, there was an example where a chat program was written to
communicate between two servers. To send data, the user (Tom) would type text into a
dialog box, hit send and the following happened:

1. The program passed Tom's typed text in a buffer, to the socket.

2. The data was put inside a TCP data packet with a TCP header added to the data. This
header contained a source and destination port number along with some other
information and a checksum.
3. The TCP packet was be placed inside an IP data packet with a source and destination
IP address along with some other data for network management.
4. The IP data packet was placed inside an ethernet data packet. This data packet
includes the destination and source address of the network interface cards (NIC) on
the two computers. The address here is the hardware address of the respective cards
and is called the MAC address.
5. The ethernet packet was transmitted over the network line.
6. With a direct connection between the two computers, the network interface card on
the intended machine, recognized its address and grabbed the data.
7. The IP data packet was extracted from the ethernet data packet.
8. The TCP data packet was extracted from the IP data packet.
9. The data was extracted from the TCP packet and the program displayed the retrieved
 data (text) in the text display window for the intended recipient to read.

In step 4 above, the IP data was going to be placed inside an ethernet data packet, but the
computer constructing the packet does not have the ethernet address of the recipient's computer.
The computer that is sending the data, in order to create the ethernet part of the packet, must get
the ethernet hardware (MAC) address of the computer with the intended IP address. This must be
accomplished before the ethernet packet can be constructed. The ethernet device driver software
on the receiving computer is not programmed to look at IP addresses encased in the ethernet
packet. If it did, the protocols could not be independent and changes to one would affect the
other. This is where address resolution protocol (ARP) is used. Tom's computer sends a network
broadcast asking the computer that has the recipient's IP address to send it's ethernet address.
This is done by broadcasting. The ethernet destination is set with all bits on so all ethernet cards
on the network will receive the data packet. The ARP message consists of an ethernet header and
ARP packet. The ethernet header contains:

1. A 6 byte ethernet destination address.

2. A 6 byte ethernet source address.
3. A 2 byte frame type. The frame type is 0806 hexadecimal for ARP and 8035 for RARP

The encapsulated ARP data packet contains the following:

1. Type of hardware address (2 bytes). 1=ethernet.

2. Type of protocol address being mapped( 2 bytes). 0800H (hexadecimal) = IP address.
3. Byte size of the hardware address (1 byte). 6
4. Byte size of the protocol address (1 byte). 4
5. Type of operation. 1 = ARP request, 2=ARP reply, 3=RARP request, 4=RARP reply.
6. The sender's ethernet address (6 bytes)
7. The sender's IP address (4 bytes)
8. The recipient's ethernet address (6 bytes)
9. The recipient's IP address (4 bytes)

When the ARP reply is sent, the recipient's ethernet address is left blank.

In order to increase the efficiency of the network and not tie up bandwidth doing ARP
broadcasting, each computer keeps a table of IP addresses and matching ethernet addresses in
memory. This is called ARP cache. Before sending a broadcast, the sending computer will check
to see if the information is in it's ARP cache. If it is it will complete the ethernet data packet
without an ARP broadcast. Each entry normally lasts 20 minutes after it is created. RKC 1122
specifies that it should be possible to configure the ARP cache timeout value on the host. To
examine the cache on a Windows, UNIX, or Linux computer type "arp -a".

If the receiving host is on another network, the sending computer will go through its route table
and determine the correct router (A router should be between two or more networks) to send to,
and it will substitute the ethernet address of the router in the ethernet message. The encased IP
address will still have the intended IP address. When the router gets the message, it looks at the
IP data to tell where to send the data next. If the recipient is on a network the router is connected
to, it will do the ARP resolution either using it's ARP buffer cache or broadcasting.

# 

#  $
  !##$"

As mentioned earlier, reverse address resolution protocol (RARP) is used for diskless computers
to determine their IP address using the network. The RARP message format is very similar to the
ARP format. When the booting computer sends the broadcast ARP request, it places its own
hardware address in both the sending and receiving fields in the encapsulated ARP data packet.
The RARP server will fill in the correct sending and receiving IP addresses in its response to the
message. This way the booting computer will know its IP address when it gets the message from
the RARP server.

# 

 $
  
Krom Wikipedia, the free encyclopedia
Jump to: navigation, search

RIP is a dynamic routing protocol used in local and wide area networks. As such it is classified
as an interior gateway protocol (IGP). It uses the distance-vector routing algorithm. It was first
defined in RKC 1058 (1988). The protocol has since been extended several times, resulting in
RIP Version 2 (RKC 2453). Both versions are still in use today, however, they are considered to
have been made technically obsolete by more advanced techniques such as Open Shortest Path
Kirst (OSPK) and the OSI protocol IS-IS. RIP has also been adapted for use in IPv6 networks, a
standard known as RIPng (RIP next generation)protocol, published in RKC 2080 (1997).

 
[hide]

 1 History

 2 Technical details

 3 Versions
m 3.1 RIP version 1
m 3.2 RIP version 2
m 3.3 RIPng

 4 Limitations

 5 Implementations

 6 Similar protocols

 7 See also

 8 References

 9 Kurther reading

A
0
The routing algorithm used in RIP, the Bellman-Kord algorithm, was first deployed in a
computer network in 1967, as the initial routing algorithm of the ARPANET.

The earliest version of the specific protocol that became RIP was the M
 a
a

@ , part of the PARC Universal Packet internetworking protocol suite, developed at Xerox
Parc. A later version, named the 
aa
a
@ , was part of Xerox Network
Systems.

A version of RIP which supported the Internet Protocol (IP) was later included in the Berkeley
Software Distribution (BSD) of the Unix operating system. It was known as the 
 daemon.
Various other vendors would create their own implementations of the routing protocol.
Eventually, RKC 1058 unified the various implementations under a single standard.

 
 

RIP is a distance-vector routing protocol, which employs the hop count as a routing metric. The
hold down time is 180 seconds. RIP prevents routing loops by implementing a limit on the
number of hops allowed in a path from the source to a destination. The maximum number of
hops allowed for RIP is 15. This hop limit, however, also limits the size of networks that RIP can
support. A hop count of 16 is considered an infinite distance and used to deprecate inaccessible,
inoperable, or otherwise undesirable routes in the selection process.

RIP implements the split horizon, route poisoning and holddown mechanisms to prevent
incorrect routing information from being propagated. These are some of the stability features of
RIP. It is also possible to use Routing Information Protocol with Metric-based Topology
Investigation (RMTI)[1] to cope with the count to infinity problem. This makes it possible to
detect every possible loop with a very small computation effort.

Originally each RIP router transmitted full updates every 30 seconds. In the early deployments,
routing tables were small enough that the traffic was not significant. As networks grew in size,
however, it became evident there could be a massive traffic burst every 30 seconds, even if the
routers had been initialized at random times. It was thought, as a result of random initialization,
the routing updates would spread out in time, but this was not true in practice. Sally Kloyd and
Van Jacobson showed in 1994[2] that, without slight randomization of the update timer, the
timers synchronized over time. In most current networking environments, RIP is not the
preferred choice for routing as its time to converge and scalability are poor compared to
Enhanced Interior Gateway Routing Protocol (EIGRP), Open Shortest Path Kirst (OSPK), or IS-
IS, the latter two being link-state routing protocols, and the hop limit severely limits the size of
network it can be used for. However, it is easy to configure, because RIP does not require any
parameters on a router unlike other protocols.

RIP is implemented using the User Datagram Protocol as its transport protocol. It is assigned the
reserved port number 520.[3]


 
There are three versions of the Routing Information Protocol: , $, and a.

#$ 
 *

The original specification of RIP, defined in RKC 1058,[4] uses classful routing. The periodic
routing updates do not carry subnetmask information, lacking support for variable length subnet
masks (VLSM). This limitation makes it impossible to have different-sized subnets inside of the
same network class. In other words, all subnets in a network class must have the same size.
There is also no support for router authentication, making RIP vulnerable to various attacks.The
RIP version 1 works when there is only 16 hop counts(0-15).If there are more than 16 hops
between two routers it fails to send data packets to the destination address.

#$ 
 .

Due to the deficiencies of the original RIP specification, RIP version 2 (RIPv2) was developed in
1993[5] and last standardized in 1998.[6] It included the ability to carry subnet information, thus
supporting Classless Inter-Domain Routing (CIDR). To maintain backward compatibility, the
hop count limit of 15 remained. RIPv2 has facilities to fully interoperate with the earlier
specification if all 

 %  protocol fields in the RIPv1 messages are properly specified. In
addition, a @
  


@ feature[6] allows fine-grained interoperability adjustments.

In an effort to avoid unnecessary load on hosts that do not participate in routing, RIPv2

@


the entire routing table to all adjacent routers at the address 224.0.0.9, as opposed to
RIPv1 which uses broadcast. Unicast addressing is still allowed for special applications.

(MD5) authentication for RIP was introduced in 1997.[7][8]

RIPv2 is Internet Standard STD56 (which is RKC 2453).

Route tags were also added in RIP version 2. This functionality allows for routes to be
distinguished from internal routes to external redistributed routes from EGP protocols.

#$

RIPng (RIP next generation), defined in RKC 2080,[9] is an extension of RIPv2 for support of
IPv6, the next generation Internet Protocol. The main differences between RIPv2 and RIPng are:

 Support of IPv6 networking.

 While RIPv2 supports RIPv1 updates authentication, RIPng does not. IPv6 routers were,
at the time, supposed to use IPsec for authentication.

 RIPv2 allows attaching arbitrary tags to routes, RIPng does not;

 RIPv2 encodes the next-hop into each route entries, RIPng requires specific encoding of
the next hop for a set of route entries.


 

 Without using RMTI, Hop count can not exceed 15, in the case that it exceeds this
limitation, it will be considered invalid.

 Most RIP networks are flat. There is no concept of areas or boundaries in RIP networks.

 Variable Length Subnet Masks were not supported by RIP version 1.

 Without using RMTI, RIP has slow convergence and count to infinity problems.


 

 routed[10], included in most BSD Unix systems

 Routing and Remote Access, a Windows Server feature, contains RIP support.

 Õuagga, a free open source routing software suite based on GNU Zebra.

 BIRD, a free open source routing software suite.

 OpenBSD, includes a RIP implementation

 Cisco IOS, software used in Cisco routers (supports version 1, version 2 and RIPng)

 Cisco NX-OS software used in Cisco Nexus data center switches (supports RIPv1 and
RIPv2)




  

 3#$: Cisco's proprietary Interior Gateway Routing Protocol (IGRP) was a somewhat
more capable protocol than RIP. It belongs to the same basic family of distance-vector
routing protocols. Cisco has ceased support and distribution of IGRP in their router
software. It was replaced by the Enhanced Interior Gateway Routing Protocol (EIGRP)
which is a completely new design. While EIGRP still uses a distance-vector model, it
relates to IGRP only in using the same routing metrics.