Next: Networking Operations
Up: Computer Networks and Networking
Previous: Network Transmission Standards
Subsections
Each network operating system manufacturer has implemented its own networking
protocols to provide the required networking functions. These protocols operate
as distinct programs or processes that the system uses to transport data between
the network nodes. Each set of programs is commonly referred as a protocol stack
(see Table 5.1). It is important to note that although the
underlying functionality of each of these protocol stacks is similar, the implementation
within each network system is unique.
Table 5.1:
Layers of common protocols
| OSI Model |
Application |
Presentation |
Session |
Transport |
Network |
Data Link |
Physical |
| Banyan Vines |
Vines |
NetRPC |
SPP & |
Vines IP |
ARP&RARP |
NIC |
| Redirector |
Direct Socket |
JPC |
ICP |
Vines Drivers |
| NT/Lan |
Server Message Block |
NETBIOS |
NetBEUI |
NDIS |
NIC |
| Manager |
Named Pipes |
| Novell Netware |
Netware Core Protocols |
SPX |
IPX |
ODI/NDIS |
NIC |
| TCP/IP Unix |
Network |
Socket |
TCP |
IP |
ARP&RARP |
| Applications |
Interface |
UDP |
ICMP |
NDIS |
NIC |
|
A client application sends data down its protocol stack, passing through each
of the protocols and interfaces. Information necessary to forward the application
data to its destination is added by the programs operating at each level. At
the receiving side, the data packets traverse a similar stack of protocols and
programs, this time in reverse. Starting at the physical layer, the packet passed
through each successive layer until it reaches the top of the stack at the relevant
application process. At each layer, the information appended by the different
protocols is examined so that the host can forward the packet to its final destination.
For the host to accomplish this, both the client and the host need to run the
same program at each level. If the server received a data packet that contained
protocol information generated from a program not in its protocol stack, it
would obviously not be able to understand the contained information.
Each subsequent layer, additional protocol information is appended to the original
data packet. At the host side, the protocol information is stripped away layer
by layer to finally leave the application data.
Figure 5.1:
TCP/IP packet moving through the protocol layers
|
|
Figure 5.1 shows a more specific example of an application packet
moving through a TCP/IP network.
The relationship between the various protocols in the TCP/IP suite of networked
applications is illustrated in Table 5.2.
Table 5.2:
TCP/IP related protocols
| Session |
Telnet |
FTP |
Gopher |
SMTP |
HTTP |
DNS |
SNMP |
RIP |
Ping |
| Transport |
TCP |
UDP |
ICMP |
| Network |
IP |
| Data Link |
Ethernet |
Token Ring |
FDDI |
ISDN |
ATM |
SLIP |
PPP |
|
Computers attached to an Ethernet can send application data to one another using
high-level protocol software, such as the TCP/IP protocol suite used on the
worldwide Internet. The high-level protocol packets are carried between computers
in the data field of the frames.
Common Protocols are:
- IP:
- Internet Protocol. The lowest layer protocol defined in TCP/IP. This is
the base layer on which all other protocols mentioned herein are built. IP is
often referred to as TCP/IP as well.
- UDP:
- User Datagram Protocol. This is a connectionless protocol built on top
of IP. It does not provide any guarantees on the ordering or delivery of messages.
This protocol is layered on top of IP.
- TCP:
- Transmission Control Protocol. TCP is a connection oriented protocol that
guarantees that messages are delivered in the order in which they were sent
and that all messages are delivered. If a TCP connection cannot deliver a message
it closes the connection and informs the entity that created it. This protocol
is layered on top of IP.
- ICMP:
- Internet Control Message Protocol. ICMP is used for diagnostics in the
network. The Unix program, ping, uses ICMP messages to detect the status of
other hosts in the net. ICMP messages can either be queries (in the case of
ping) or error reports, such as when a network is unreachable.
- PPP
- Point-to-Point Protocol - A protocol for creating a TCP/IP connection over
both synchronous and asynchronous systems. PPP provides connections for host
to network or between two routers, It also has a security mechanism. PPP is
well known as a protocol for connections over regular telephone lines using
modems on both ends. This protocol is widely used for connecting personal computers
to the Internet.
- SLIP
- Serial Line Internet Protocol - A point-to-point protocol to use over
a serial connection, a predecessor of PPP. There is also an advanced version
of this protocol known as CSLIP (compressed serial line Internet protocol) which
reduce overhead on a SLIP connection by sending just a header information when
possible, thus increasing packet throughput.
- FTP
- File Transfer Protocol - FTP enables transferring of text and binary files
over TCP connection. FTP allows to transfer files according to a strict mechanism
of ownership and access restrictions. It is one of the most commonly used protocols
over the Internet now days.
- Telnet
- Telnet is a terminal emulation protocol, defined in RFC854, for use
over a TCP connection. It enables users to login to remote hosts and use their
resources from the local host.
- SMTP
- Simple Mail Transfer Protocol - This protocol is dedicated for sending
Email messages originated on a local host, over a TCP connection, to a remote
server. SMTP defines a set of rules which allows two programs to send and receive
mail over the network. The protocol defines the data structure that would be
delivered with information regarding the sender, the recipient (or several recipients)
and, of course, the mail's body.
- HTTP
- Hyper Text Transport Protocol - A protocol used to transfer hypertext
pages across the world wide web. SNMP Simple Network Management Protocol - A
simple protocol that defines messages related to network management. Through
the use of SNMP network devices such as routers can be configured by any host
on the LAN.
- ARP
- Address Resolution Protocol - In order to map an IP address into a hardware
address the computer uses the ARP protocol which broadcast a request message
that contains an IP address, to which the target computer replies with both
the original IP address and the hardware address.
- NNTP
- Network News Transport Protocol - A protocol used to carry USENET posting
between News clients and USENET servers.
High-level protocols have their own system of addresses, such as the 32-bit
address used in the current version of IP. The high-level IP-based networking
software in a given station is aware of its own 32-bit IP address and can read
the 48-bit Ethernet address of its network interface, but it doesn't know what
the Ethernet addresses of other stations on the network may be.
To make things work, there needs to be some way to discover the Ethernet addresses
of other IP-based stations on the network. For several high-level protocols,
including TCP/IP, this is done using yet another high-level protocol called
the Address Resolution Protocol (ARP). As an example of how Ethernet and one
family of high-level protocols interact, let's take a quick look at how the
ARP protocol functions.
The operation of ARP is straightforward. Let's say an IP-based station (station
"A") with IP address 192.0.2.1 wishes to send data over the
Ethernet channel to another IP-based station (station "B")
with IP address 192.0.2.2. Station "A" sends a packet to the
broadcast address containing an ARP request. The ARP request basically says
"Will the station on this Ethernet channel that has the IP address
of 192.0.2.2 please tell me what the address of its Ethernet interface is?"
Since the ARP request is sent in a broadcast frame, every Ethernet interface
on the network reads it in and hands the ARP request to the networking software
running on the station. Only station "B" with IP address 192.0.2.2
will respond, by sending a packet containing the Ethernet address of station
"B" back to the requesting station. Now station "A"
has an Ethernet address to which it can send data destined for station "B,"
and the high-level protocol communication can proceed.
A given Ethernet system can carry several different kinds of high-level protocol
data. For example, a single Ethernet can carry data between computers in the
form of TCP/IP protocols as well as Novell or AppleTalk protocols. The Ethernet
is simply a trucking system that carries packages of data between computers;
it doesn't care what is inside the packages.
The Internet protocol provides for transmitting blocks of data called datagrams
from sources to destinations, where sources and destinations are hosts identified
by fixed length addresses. The Internet protocol also provides for fragmentation
and reassembly of long datagrams, if necessary, for transmission through "small
packet" networks.
The Internet protocol is specifically limited in scope to provide the functions
necessary to deliver a package of bits (an Internet datagram) from a source
to a destination over an interconnected system of networks. There are no mechanisms
to augment end-to-end data reliability, flow control, sequencing, or other services
commonly found in host-to-host protocols. The Internet protocol can capitalize
on the services of its supporting networks to provide various types and qualities
of service.
IP addressing is based on the concept of hosts and networks. A host is essentially
anything on the network that is capable of receiving and transmitting IP packets
on the network, such as a workstation, server or a router. The hosts are connected
together by one or more networks. The IP address of any host consists of its
network address plus its own host address on the network. IP addressing, unlike,
say, IPX addressing, uses one address containing both network and host address.
An IP address is 32 bits wide, and is composed of two parts: the network number,
and the host number. By convention, it is expressed as four decimal numbers
separated by periods, such as "200.1.2.3" representing the
decimal value of each of the four bytes. Valid addresses thus range from 0.0.0.0
to 255.255.255.255, a total of about 4.3 billion addresses. The first few bits
of the address indicate the Class that the address belongs to:
| Class |
Prefix |
Network Number |
Host Number |
| A |
0 |
Bits 1-7 |
Bits 8-31 |
| B |
10 |
Bits 2-15 |
Bits 16-31 |
| C |
110 |
Bits 3-23 |
Bits 24-31 |
| D |
1110 |
N/A |
| E |
1111 |
N/A |
Class D addresses are multicast, and Class E are reserved. Any address starting
with 127 is a loopback address and should never be used for addressing outside
the host. A host number of all binary 1's indicates a directed broadcast over
the specific network. For example, 200.1.2.255 would indicate a broadcast over
the 200.1.2 network. If the host number is 0, it indicates "this host".
If the network number is 0, it indicates "this network".
The format of an IP header is shown in Table 5.3.
Table 5.3:
IP Header
| Bits 0-7 |
Bits 8-15 |
Bits 16-23 |
Bits 24-31 |
| Version |
IHL |
Type of Service |
Total Length |
| Identification |
Flags |
Fragment Offset |
| Time to Live |
Protocol |
Header Checksum |
| Source Address |
| Destination Address |
| Options |
Padding |
|
- Version: 4 bits - indicates the format of the Internet header. This document
describes version 4.
- IHL: 4 bits - Internet Header Length is the length of the Internet header in
32 bit words, and thus points to the beginning of the data. Note that the minimum
value for a correct header is 5.
- Type of Service: 8 bits - The Type of Service provides an indication of the
abstract parameters of the quality of service desired. These parameters are
to be used to guide the selection of the actual service parameters when transmitting
a datagram through a particular network. Several networks offer service precedence,
which somehow treats high precedence traffic as more important than other traffic
(generally by accepting only traffic above a certain precedence at time of high
load).
- Total Length: 16 bits - Total Length is the length of the datagram, measured
in octets, including Internet header and data. This field allows the length
of a datagram to be up to 65,535 octets.
- Identification: 16 bits - An identifying value assigned by the sender to aid
in assembling the fragments of a datagram.
- Flags: 3 bits - Various Control Flags.
- Fragment Offset: 13 bits - This field indicates where in the datagram this fragment
belongs.
- Time to Live: 8 bits - This field indicates the maximum time the datagram is
allowed to remain in the Internet system. If this field contains the value zero,
then the datagram must be destroyed. This field is modified in Internet header
processing. The time is measured in units of seconds, but since every module
that processes a datagram must decrease the TTL by at least one even if it process
the datagram in less than a second, the TTL must be thought of only as an upper
bound on the time a datagram may exist. The intention is to cause undeliverable
datagrams to be discarded, and to bound the maximum datagram lifetime.
- Protocol: 8 bits - This field indicates the next level protocol used in the
data portion of the Internet datagram.
- Header Checksum: 16 bits - A checksum on the header only. Since some header
fields change (e.g., time to live), this is recomputed and verified at each
point that the Internet header is processed. The checksum field is the 16 bit
one's complement of the one's complement sum of all 16 bit words in the header.
For purposes of computing the checksum, the value of the checksum field is zero.
- Source Address: 32 bits
- Destination Address: 32 bits
- Options: variable - The options may appear or not in datagrams. They must be
implemented by all IP modules (host and gateways). What is optional is their
transmission in any particular datagram, not their implementation.
- Padding: variable - The Internet header padding is used to ensure that the Internet
header ends on a 32 bit boundary. The padding is zero.
UDP gives application programs direct access to a datagram delivery service,
like the delivery service that IP provides. This allows applications to exchange
messages over the network with a minimum of protocol overhead. UDP is an unreliable
(it doesn't care about the quality if deliveries it make), connectionless (doesn't
establish a connection on behalf of user applications) datagram protocol. Within
your computer, UDP will deliver data correctly. UDP is used as a data transport
service when the amount of data being transmitted is small, the overhead of
creating connections and ensuring reliable delivery may be greater than the
work of retransmitting the entire data set. Broadcast-oriented services use
UDP, as do those in which repeated, out of sequence, or missed requests have
no harmful side effects. Since no state is maintained for UDP transmission,
it is ideal for repeated, short operations such as the Remote Procedure Call
protocol. UDP packets can arrive in any order. If there is a network bottleneck
that drops packets, UDP packets may not arrive at all. It's up to the application
built on UDP to determine that a packet was lost, and to re-send it if necessary.
NFS and NIS are build on top of UDP because of its speed and statelessness.
While the performance advantages of a fast protocol are obvious, the stateless
nature of UDP is equally important. Without state information in either the
client or server, crash recovery is greatly simplified.
Table 5.4:
UDP Datagram Header
| Bits 0-7 |
Bits 8-15 |
Bits 16-23 |
Bits 24-31 |
| Source Port |
Destination Port |
| Length |
Checksum |
|
The structure of a UDP packet header is shown in Table 5.4.
- Source Port (16 bits): This field is optional and specifies the port number
of the application that is originating the user data.
- Destination Port (16 bits): This is the port number pertaining to the destination
application.
- Length (16 bits): This field describes the total length of the UDP datagram,
including both data and header information.
- UDP checksum (16 bits): Integrity checking is optional under UDP. If turned
on, this field is used by both ends of the communication channel for data integrity
checks.
TCP is a fully reliable, connection-oriented, acknowledged, byte stream protocol
that provide reliable data delivery across the network and in the proper sequence.
TCP supports data fragmentation and reassembly. It also support multiplexing/demultiplexing
using source and destination port numbers in much the same way they are used
by UDP.
TCP provides reliability with a mechanism called Positive Acknowledgement with
Retransmission (PAR). Simply stated, a system using PAR sends the data again,
unless it hears from the remote system that the data arrived okay. The unit
of data exchanged between co-operating TCP modules is called a segment.
Table 5.5:
TCP Packet Header
| Bits 0-7 |
Bits 8-15 |
Bits 16-23 |
Bits 24-31 |
| Source Port |
Destination Port |
| Sequence Number |
| Acknowledgement Number |
| Offset |
Reserved |
Control |
Window |
| Checksum |
Urgent Pointer |
| Options |
Padding |
|
The structure of a TCP packet header is shown in Table 5.5.
- Source port (16 bits): Specifies the port on the sending TCP module.
- Destination port (16 bits): Specifies the port on the receiving TCP module.
- Sequence number (32 bits): Specifies the sequence position of the first data
octet in the segment. When the segment opens a connection, the sequence number
is the Initial Sequence Number (ISN) and the first octet in the data field is
at sequence ISN+1
- Acknowledgement number (32 bits): Specifies the next sequence number that is
expected by the sender of the segment. TCP indicates that this field is active
by setting the ACK bit, which is always set after a connection is established.
- Data offset (4 bits): Specifies the number of 32-bit words in the TCP header.
- Control bits (6 bits): The six control bits are as follow:
- URG: When set, the Urgent Pointer field is significant
- ACK : When set, the acknowledgement Number field is significant
- PSH : Initiates a push function
- RST : Forces a reset of the connection
- SYN : Synchronizes sequencing counters for the connection. This bit is set when
a segment request opening of a connection.
- FIN : No more data. Closes the connection
- Window (16 bits): Specifies the number of octets, starting with the octet specified
in the acknowledgement number field, which the sender of the segment can currently
accept.
- Checksum (16 bits): An error control checksum that covers the header and data
fields.
- Urgent Pointer (16 bits): Identifies the sequence number of the octet following
urgent data. The urgent pointer is a positive offset from the sequence number
of the segment.
- Options (variable): Options are available for a variety of functions.
- Padding (variable): 0-value octets are appended to the header to ensure that
the header ends on a 32-bit word boundary.
TCP is connection-oriented. It establishes a logical end-to-end connection between
the two communication hosts. Control information, called a handshake, is exchanged
between the two endpoints to establish a dialogue before data is transmitted.
TCP indicates the control function of a segment by setting the appropriate bit
in the flags field of the segment header.
The type of handshake used by TCP is called a three-way handshake because three
segments are exchanged. Host A sends a SYN to host B, host B responds with a
SYN,ACK and host A acknowledges that with an ACK and begins data transfer.
TCP employs the positive acknowledgement with retransmission technique for the
purpose of archiving reliability in service. When TCP send a data segment, it
requires an acknowledgement from the receiving end. The acknowledgement is used
to update the connection state table. An acknowledgement can be positive or
negative. An positive acknowledgement implies that the receiving host recovered
the data and that it passed the integrity check. A negative acknowledgement
implies that the failed data segment needs to be retransmitted. It can be caused
by failures such as data corruption or loss.
TCP detects when a packet is lost on the network and fails to reach its ultimate
destination. When a host sends data, it starts a count down timer. If the timer
expires without receiving an acknowledgement, this host assumes that the data
segment was lost. Consequently, this host retransmits a duplicate of the failing
segment. TCP keep a copy of all transmitted data with outstanding positive acknowledgement.
Only after receiving the positive acknowledgement is this copy discarded to
make room for other data in its buffer.
Occasionally a gateway or destination host will communicate with a source host,
for example, to report an error in datagram processing. For such purposes this
protocol, the Internet Control Message Protocol (ICMP), is used. ICMP, uses
the basic support of IP as if it were a higher level protocol, however, ICMP
is actually an integral part of IP, and must be implemented by every IP module.
ICMP messages are sent in several situations: for example, when a datagram cannot
reach its destination, when the gateway does not have the buffering capacity
to forward a datagram, and when the gateway can direct the host to send traffic
on a shorter route.
The Internet Protocol is not designed to be absolutely reliable. The purpose
of these control messages is to provide feedback about problems in the communication
environment, not to make IP reliable. There are still no guarantees that a datagram
will be delivered or a control message will be returned. Some datagrams may
still be undelivered without any report of their loss. The higher level protocols
that use IP must implement their own reliability procedures if reliable communication
is required.
The ICMP messages typically report errors in the processing of datagrams. To
avoid the infinite regress of messages about messages etc., no ICMP messages
are sent about ICMP messages. Also ICMP messages are only sent about errors
in handling fragment zero of fragmented datagrams. (Fragment zero has the fragment
offset equal zero).
ICMP messages may fall into the following categories:
- Destination Unreachable Message: If, according to the information in the gateway's
routing tables, the network specified in the Internet destination field of a
datagram is unreachable, e.g., the distance to the network is infinity, the
gateway may send a destination unreachable message to the Internet source host
of the datagram. In addition, in some networks, the gateway may be able to determine
if the Internet destination host is unreachable. Gateways in these networks
may send destination unreachable messages to the source host when the destination
host is unreachable.
- Time Exceeded Message: If the gateway processing a datagram finds the time to
live field is zero it must discard the datagram. The gateway may also notify
the source host via the time exceeded message.
- Parameter Problem Message: If the gateway or host processing a datagram finds
a problem with the header parameters such that it cannot complete processing
the datagram it must discard the datagram. One potential source of such a problem
is with incorrect arguments in an option.
- Source Quench Message: A gateway may discard Internet datagrams if it does not
have the buffer space needed to queue the datagrams for output to the next network
on the route to the destination network. If a gateway discards a datagram, it
may send a source quench message to the Internet source host of the datagram.
A destination host may also send a source quench message if datagrams arrive
too fast to be processed. The source quench message is a request to the host
to cut back the rate at which it is sending traffic to the Internet destination.
- Redirect Message: The gateway sends a redirect message to a host in the following
situation. A gateway, G1, receives an Internet datagram from a host on a network
to which the gateway is attached. The gateway, G1, checks its routing table
and obtains the address of the next gateway, G2, on the route to the datagram's
Internet destination network, X. If G2 and the host identified by the Internet
source address of the datagram are on the same network, a redirect message is
sent to the host. The redirect message advises the host to send its traffic
for network X directly to gateway G2 as this is a shorter path to the destination.
- Echo or Echo Reply Message: The data received in the echo message must be returned
in the echo reply message. The identifier and sequence number may be used by
the echo sender to aid in matching the replies with the echo requests.
IPX is a networking protocol used by the Novell Netware operating systems. It
acts as the datagram protocol for Novell, just as IP functions in that capacity
for the Internet. Additional higher level protocols such as SPX (Sequenced Packet
Exchange) and NCP are used to provide reliable connection oriented services
(similar to TCP for the Internet).
An IPX address consists of a 4-byte Network Number, a 6-byte Node Number, and
a 2-byte Socket Number. The node number is usually the hardware address of the
interface card, and must be unique inside the particular IPX network. The network
number must be the same for all nodes on a particular physical network segment.
Socket numbers correspond to the particular service being accessed.
SMB is a message format used by DOS and Windows to share files, directories
and devices. SMB-based networks include Lan Manager, Windows for Workgroups,
Windows NT, and Lan Server. There are also a number of products that use SMB
to enable file sharing among different operating system platforms. A product
called Samba, for example, enables UNIX and Windows machines to share directories
and files.
Exercises
- 1.
- High level protocols: Consider the following packet. Identify the key features
of the various protocols encapsulated within the packet.
Received a packet, with length 127:
-
- 00 00 C0 7E A3 B6
00 00 C0 B9 ED D2
08 00
45 10 00 71
2C 00 40 00
40 06 B4 FE
92 E7 1A 87
92 E7 19 23
00 17 28 4B
1D 1E 6A 4A
33 96 9F B2
50 18 7F E0
0A 9D 00 00
46 6F 75 6E 64 20 6E 65 74 77 6F 72 6B 20
64 65 76 69 63 65 3A 20 65 74 68 30 0D 0A
52 65 63 65 69 76 65 64 20 61 20 70 61 63
6B 65 74 2C 20 77 69 74 68 20 6C 65 6E 67
74 68 20 33 37 34 2C 20 67 6F 74 20 33 37
34 0D 0A
Additional Information:
Entries from the bootp tables:
-
- snert.cs: 0000c07ea3b6, IP 146.231.25.35
monza.cs: 0000c0b9edd2, IP 146.231.26.135
DIX Types
-
- 0800 DOD Internet Protocol (IP)
TCP Ports
-
- 23 Telnet
ASCII Codes
-
- 46=F, 6F=o, 75=u, 6E=n,
64=d, 20=space, 65=e, 74=t, 77=w,
6F=o, 72=r, 6B=k
- 2.
- HTTP uses TCP as its transport layer. Why?
- 3.
- Consider a client-server fractal computing and rendering system, running over
Ethernet. You have a choice of using UDP or TCP as the transport layer. Performance
is an issue. Which protocol would you choose, and why?
- 4.
- Suppose one wanted to run TCP over UDP over IP. What changes would you make
to these protocols, and how would that affect the structure of the headers?
- 5.
- Explain how TCP/IP communications work. Why has this protocol been important
to the Internet?
- 6.
- Why are port numbers used in UDP and TCP. What is the significance of the various
values used as port numbers.
- 7.
- What is the format of a URL to a web server which is not using the default
port address?
Next: Networking Operations
Up: Computer Networks and Networking
Previous: Network Transmission Standards
Shaun Bangay
1999-11-02