1.1 Half and Full Duplex Ethernet ‘A communications channel can be used to communicate one way at a time or in both directions at once. The terms half-duplex and full-duplex describe these transmission modes. Let's dig deeper to explore the difference between half-duplex and full-duplex. On a channel that is half-duplex, only one thing on that channel -- a node -- can "talk" or transmit information at a time. Once one node has finished transmitting its data, another node ‘can start transmitting data. If multiple nodes try to talk at the same time, a collision will occur on the network, resulting in transmission errors or data loss. Half-duplex networks require a mechanism to avoid data collisions. Ethernet uses a method called cartier sense multiple access with collision detection, or CSMA/CD. In essence, an Ethernet device using half-dnplex modes will first check to see if anything else is transmitting before trying to send. If something else is sending, it will wait a random amount of time before trying again. On the other hand, full-duplex is used to describe communication where two nodes talking to each other are able to send and receive data at the same time. In these cases, there is no danger of a collision, and therefore, the transfer of data for any given communication is completed more quickly. ‘The main difference between half-duplex and full-duplex is simply whether ‘communication happens in one direction at a time or in both directions simultaneously. Beyond that, the differences center on use cases. Half-duplex, for example, can be used for media shared by more than two nodes, while full-duplex generally cannot. On a shared medium, such as a coaxial cable with several nodes attached (o it, all the nodes can share the channel because each knows to check if the channel is free before sending. The tradeoff is efficiency. The more nodes that share the channel, the lower the effective throughput for each node because of the increased time spent waiting for access. When only two nodes are talking on a full-duplex channel, separate subchannels ~ in a Cat 5 cable, for example, separate pairs of copper wire ~ will carry traffic in each direction. When more than a pair of nodes is communicating, the full-duplex channel will have a hard time separating the data sent by the various nodes, which decreases efficiency and increases costs. The most recent Ethernet standards, like 10G and up, are relaxing the requirement to support half-duplex modes. Page 1 0f 29Half-duplex vs. full-duplex In ahalf-duplex transmission mode, only one device can talk at atime. After the device is done transmitting its data, the other side can respond, ‘much like a walkie-talkie. In full-duplex mode, both sides can send and receive data at the same time, much like a telephone call. Half-Duplex FIRST DATA TRANSMISSION CC | nooe ‘SECOND DATA TRANSMISSION Netware Full-Duplex SIMULTANEOUS DATA TRANSMISSIONS Network node Network node Examples of half-duplex and full-duplex: The simplest example of a half-duplex channel is a standard walkie-talkie, as it can either transmit or receive communication, Organizations that rely on half-duplex voice communication develop procedures that speakers use to tell listeners. they are done transmitting the current piece of information. For example, on a walkie-talkie, a ‘user would say “over” when done talking or say “over and out” when getting off the Tine for a substantial amount of time, In data networking, Ethernet hubs are half-duplex devices by nature, as they create a single shared channel of communication, Ethernet switches, on the other hand, can use a connection in either half- or full-duplex mode. Most networks are built around switches. now, but hubs are still used as well. Also, some older Ethernet devices can only use half-duplex. communications, even when connected to a full-duplex switch. Lastly, Wi-Fi networks are half duplex on a per-channel basis. Each radio channel, as with walkie-talkies, can send or receive — but not both at the same time. Wi-Fi 6 standards enable the use of multiple channels Page2 of 29simultaneously via multiple antennas, creating the potential for full-duplex communications between nodes. 1.2 Ethernet at the Data Link Layer Ethemet is one of the most widely used technologies at the Data Link Layer (Layer 2) of the OST model. It provides the fundamental protocols and functions that allow devices within a local area network (LAN) to communicate with each other. Here are the key aspeets of Ethernet at the Data Link Layer: > MAC Addressing ¥ MAC Addresses: Ethernet uses Media Access Control (MAC) addresses, which are unique 48-bit identifiers assigned to each network interface card (NIC). These addresses are used to identify devices within the same network. Y Frame Structure: Ethernet frames contain both source and destination MAC addresses, allowing devices to direct traffic to the correct recipient within the LAN. > Ethernet Frame Structure ¥ Preamble: A sequence of bits used to synchronize the transmission between sender and receiver. Start Frame Delimiter (SFD): Indicates the start of the frame. Destination MAC Address: The MAC address of the intended recipient. Source MAC Address: The MAC address of the sender. EtherType/Length: Indicates either the type of the payload or the length of the S888 payload, < Payload: The actual data being transported. < Frame Check Sequence (FCS): Used for error checking to ensure the integrity of the transmitted data, ae] ase [= Page 3 of 29v - v w Error Detection v Frame Check Sequence (FCS): Ethernet frames include a Frame Check Sequence, which uses a cyclic redundancy check (CRC) to detect errors in the transmitted frame. If the receiver detects a mismatch in the FCS, the frame is discarded. Media Access Control (MAC) ¥ CSMA/CD: Carrier Sense Multiple Access with Collision Detection is a protocol used by Ethernet to manage how data is transmitted on the network. It helps to avoid collisions when multiple devices attempt to send data simultaneously. v Carrier Sense: Each device listens to the network to detect if it is free before ansmitting ¥ Multiple Access: Multiple devices can access the network. Y Collision Detection: If a collision occurs, devices stop transmitting and wait for a random period before attempting to retransmit. Switching and Bridging Y Switches: Modern Ethernet networks use switches to segment the network into smaller collision domains, improving overall network performance and reducing collisions. Y Bridging: Bridges connect multiple network segments at the Data Link Layer, filtering traffic based on MAC addresses to reduce unnecessary data transmission, Duplex Modes Y_ Half-Duplex: Data transmission in one direction at a time. Traditional hubs operate in half-duplex mode. Y Full-Duplex: Data transmission in both directions simultaneously. Modem switches and NICs support full-duplex mode, significantly improving network performance. Ethernet Sta \dards and Speeds Ethernet Standards: Ethernet has evolved with various standards defined by IEEE 802.3. ranging from 10 Mbps (Ethernet) to 100 Gbps (100 Gigabit Ethernet). Speeds: Common Ethernet speeds include 10 Mbps, 100 Mbps (Fast Ethernet), 1 Gbps (Gigabit Ethemet), 10 Gbps (10 Gigabit Ethernet), and beyond. Virtual LANs (VLANs) Page 4 of 29¥ VLANs: Ethernet supports Virtual LANs, which allow network administ segment a physical network into multiple logical networks, VLANs i and network management by isolating traffic within specific VLANs. > Quality of Service (QoS) Y QoS: Ethernet can support Quality of Service mechanisms to prioritize certain types of traffic, ensuring that critical applications like voice and video receive the necessary bandwidth and low latency. 1.3 Ethernet at the Physical Link Layer Ethernet at the Physical Layer (Layer 1) of the OSI model concerms the transmission of raw bit streams over a physical medium. This layer defines the hardware components and how they interact, ensuring the proper encoding, signaling, and transmission of data, Here are the key aspects of Ethernet at the Physical Layer: > Physical Media Y Copper Cabling: ‘ Twisted Pair Cables: Commonly used in Ethernet networks, these include categories such as CatSe, Cat6, and Cai6a, which support different data rates and distances. * Coaxial Cable: An older Ethernet medium used in [OBASE2 and [OBASES standards. Y Fiber Optic Cabling: * Single-Mode Fiber (SME): Supports long-distance communication, typically used for backbone connections. “© Multi-Mode Fiber (MMF): Suitable for shorter distances, often used within buildings or data centers. > Signaling and Encoding ¥ NRZ (Non-Return to Zero): A basic encoding scheme used in early Ethemet standards, ¥ Manchester Encoding: Used in 10 Mbps Ethemet (I0BASE-T), ensu synchronization by embedding the clock signal within the data signal. ¥ 4B/SB Encoding: Used in 100 Mbps Ethernet (I00BASE-TX) to maintain synchronization and error detection. Page 5 of 29¥ 8B/10B Encoding: Used in bit Ethernet (I000BASE-X) for efficient and reliable data transmission, Y G4B/66B Encoding: Used in 10 Gigabit Ethernet (LOGBASE-R) and higher speeds, providing better efficiency and error handling, > Physical Layer Standards Y¥ 10BASE-T: The original Ethemet standard, using twisted-pair copper cables to transmit data at 10 Mbps. Y 100BASE-TX (Fast Ethemet): Transmits data at 100 Mbps over Cat5 or higher twisted-pair cables, Y¥ 1000BASE-T (Gigabit Ethernet): Supports 1 Gbps transmission over CatSe or higher twisted-pair cables. ¥ 10GBASE-T (10 Gigabit Ethernet): Transmits data at 10 Gbps over Cat6a or higher twisted-pair cables. ¥ 100BASE-FX, 1000BASE-SX/LX, 10GBASE-SR/LR: Fiber optic standards for different speeds and distances. & Connectors and Interfaces ¥_ RI45 Connectors: Used for twisted-pair Ethernet connections. ¥ SC, ST, LC Connectors: Commonly used in fiber optic Ethernet connections. ¥ SFP, SFP+, QSFP, QSFP+: Transceiver modules used in fiber optic and high-speed copper connections, allowing for flexibility and scalability in network design > Transmission Methods Y Baseband Transmission: Ethernet typically uses baseband transmission, where the entire bandwidth of the medium is used to transmit a single data signal, Y Broadband Transmission: Less common in Ethemet, but used in other networking. technologies where multiple signals share the same medium, > Ethernet Physical Layer Devices Y Repeaters: Simple devices that regenerate and amplify signals to extend the distance of an Ethernet network. Y Hubs: Multi-port repeaters that broadcast incoming signals to all ports, operating at the Physical Layer without understanding MAC address: Page 6 of 29Y Media Converters: Devices that convert signals from one media type to another, such as from copper to fiber. -¥: Physical Layer Considerations Y Distance Limitations: Different Ethemet standards have maximum cable length specifications to ensure signal integrity and performance. Y Crosstalk and Interference: Twisted-pair cables are designed to minimize crosstalk and electromagnetic interference, while fiber optic cables are immune to these issues. Y Bandwidth and Throughput: The Physical Layer directly impacts the available bandwidth and achievable throughput of the network. > Power over Ethemet (PoE) ¥ IEE 802.3af/at/bt: Standards for delivering power over twisted-pair Ethernet cables, allowing devices like IP cameras, wireless access points, and VoIP phones (o receive power and data over the same cable. 14 Ethernet Cabling: Straight-through, Crossover and Rolled Cable Straight-Through refers to cables that have the pin assignments on each end of the cable. In other words, Pin I connector A goes to Pin 1 on connector B, Pin 2 to Pin 2, ete, Straight-Through wired cables are most commonly used to connect a host to a client. When we talk about catSe patch cables, the StraightThrough wired catSe patch cable is used to connect computers, printers, and other network client devices to the router switch or hub (the host device in this instance), Straight Through Wiring Guide ‘soe B nn 2H 2 ee 4 a a a er LL ars ST Crossover wired cables (commonly called crossover cables) are very much like Straight- Through cables with the exception that TX and RX lines are crossed (they are at opposite positions on either end of the cable. Using the 568-B standard as an example below, you will see Page 7 of 29that Pin 1 on connector A goes to Pin 3 on connector B. Pin 2 on connector A goes to Pin 6 on connector B, ete. Crossover cables are most commonly used to connect two hosts directly. Examples would be connecting a computer directly to another computer, connecting a switch directly to another switch, or connecting a router to a router. Note: While in the past, when connecting two host devices directly, a crossover cable was required. Nowadays, most devices have auto-sensing technology that detects the cable and device and crosses pairs when needed, Crossover Wiring Guide ‘Soa —— a ae pyouaunNe eyone une Rollover wired cables, most commonly called rollover cables, have opposite Pin assignments on each end of the cable or, in other words, it is "rolled over.” Pin 1 of connector A. ‘would be connected to Pin 8 of connector B. Pin 2 of connector A would be connected to Pin 7 of connector B and so on. Rollover cables, sometimes referred to as Yost cables are most commonly used to connect to a device's console port to make programming changes to the device. Unlike crossover and straight-wired cables, rollover cables are not intended to carry data but instead create an interface with the device. Rollover Wiring Guide —— wyoubune evameune = = = a 1.5 Data Encapsulation Data encapsulation in internetworking is « fundamental process that occurs as data moves down, the layers of the OSI model and is transmitted across a network. Each layer adds its own specific Page 8 of 29header (and sometimes trailer) to the data unit, which provides the necessary information for that layer’s function, Data encapsulation is essential for ensuring that data canbe properly transmitted, routed, and received across diverse and complex internetworking environments, Each layer adds the necessary information and functions to facilitate reliable communication. ‘Application Layer (Data) Transport Layer (Segment Network Layer (Packet) Data Link Layer (Frame) Physical Layer (Bits) Here’s a detailed look at data encapsulation across the OST model > Application Layer (Layer 7) Y Data: The process starts with the data generated by an application, such as an email message, a web page request, or a file transfer. v Presentation Layer (Layer 6) ¥ Data; The data is formatted, encrypted, or compressed as needed. However, no additional headers or trailers are typically added at this layer. > Session Layer (Layer 5) Y Data: This layer establishes, manages, and terminates sessions between applications. ¢ the Presentation Layer, it generally does not add headers or trailers but manages the dialogs and synchronization. > Transport Layer (Layer 4) Page 9 of 29y v Y Segment: The data is divided into segments. Bach segment is given a header that includes information such as source and destination ports, sequence numbers, and etror-checking data (¢.g., TCP or UDP headers). Network Layer (Layer 3) Y Packet: Segments are encapsulated into packets, Each packet receives a header containing source and destination IP addresses, routing information, and other data necessary for delivery across networks. Data Link Layer (Layer 2) ¥ Frame: Packets are encapsulated into frames. Each frame includes a header and a trailer. The header contains MAC addresses for the source and destination devices, while the trailer typically includes an error-checking mechanism like a Frame Check Sequence (FCS). Physical Layer (Layer 1) Bits: Frames are converted into a bit stream for transmission over the ph: medium. This involves converting the frame data into electrical, optical, or radio signals depending on the medium used (e.g., copper cable. fiber optics, wireless), Example of Data Encapsulation Process > - ¥ v Application Layer: A user sends an email using an email client, Y Data: "Hello, this is a test email.” Presentation Layer: The data might be encrypted (c.g. using SSL/TLS). Y Data: Enerypted email content. Session Layer: A session is established to handle the email transmission. Y Data: Session management information ‘Transport Layer: The data is segmented, and each segment receives a TCP header ¥ Segment: [TCP Header] [Encrypted email content] Network Layer: Each segment is encapsulated into an IP packet. Packet: [IP Header] [TCP Header] [Enerypted ema Data Link Layer: Bach packet is encapsulated into an Ethemet frame. Y Frame: [Ethernet Header] [IP Header] [TCP Header] [Encrypted email content] [Fcs). content]. Page 10 of 29> Physical Layer: The frame is converted into a bit stream for transmission over the network. Y Bits: 0101010001 101 11001011110 (electrical signals over copper, light pulses over fiber, etc.). Decapsulation When the data reaches the destination, the encapsulation process is reversed, known as decapsulation. Each layer removes its corresponding header (and trailer) as the data moves up the layers: > Physical Layer: Converts the signals back into a bit stream, > Data Link Layer: Reads and removes the frame header and trail -, passing the packet up. Network Layer: Reads and removes the IP header, passing the segment up. & Transport Layer: Reads and removes the TCP/UDP header, reassembling the data if necessary, and passes it up. v Session Layer: Manages the session, if applicable. 7 Presentation Layer: Decrypts or decompresses the data, if necessary. > Application Layer: The email client presents the email to the user. 1.6 Three-Layer Hierarchical Network Model Ina three-layer hierarchical model, the first layer is the local area network (LAN) that uses TEEE 802.3 Ethernet technology to connect devices on the same physical segment (or subnet). This low level of networking provides easy sharing of media and files between individual workstations and printers connected t the LAN, as well as providing security against unauthorized access by outsiders. The next layer is the wide area network (WAN), which offers faster data transfer rates than LANs but can be more expensive due to its reliance on leased lines or satellite links, WANs typically use TCP/IP protocols at this higher level, allowing them to communicate with other networks ross corporate boundaries or over long distances. This model consists of three layers: The Access Layer, The Distribution Layer, and The Core Layer Page 11 of 29Distribution Layer Access Layer ® Access Layer: The Access Layer is the part of the network which enables the users to connect to the wired Ethernet Network. It enables the users to share data and resourees on the local network. The devices used in this layer include Ethemet Switches and Hubs. Hubs are basically multiport repeaters. They are devices that cannot decode the data packets received by them because they lack circuitry and logic to decode the data packets. Hubs cannot determine which host must receive the data packet, They simply repeat the electronic signals received on one interface to all other interfaces on the hub, ie of ind be thus all the hosts connected to the hub receive the data packet. Hubs have a fatal iss collision, if two hosts transmit data packets at the same time, they would “collide” tendered useless. The hosts must retransmit the packets again. Another device used in the Access Layer is the Ethernet Switch. An Ethemet s the interface to which the data packet must be forwarded. They use the MAC address, this far more capable than hubs. They can decode the data packets and determine also known as the Physical Address, assigned to the host to forward the data packets, ‘This reduces the issue of collision faced while using hubs. The development of Switches has rendered Hubs obsolete, Devices like Cisco 2390XR are used at this layer. > Distribution Layer: When a network grows beyond a certain size, it must be divided into multiple local (Access Layer) networks. The distribution layer connects these networks together. It ensures that local traffie remains confined to local networks and governs traffic control between these networks. Page 12 of 29This layer uses Routers to connect multiple networks together. Routers and other devices on this layer are meant 10 connect multiple networks together, and not individual hosts. In order to navigate traffic between hosts on different networks, IP Address, also known as Logical Address, is used. The Router maintains a Routing Table to determine the interface on which to forward the received data packet. This layer also aets as an intermediary between the Access Layer and the Core Layer. Devices like the Cisco (C9300 are used at this layer. v Core Layer: This layer is considered the backbone of a network, as it is used to connect multiple Distribution Layer devices together. This layer uses the most powerful devices to manage the traffic between the networks. The speed at which data flows in this layer is upwards of 10 Gigabit Ethernet. This layer has the maximum number of redundant connections (Redundancy is the process of introducing extra connections between the same network points to ensure reliable data transfer even if one of the connections is down) in order to ensure reliable connectivity. Devices like Cisco Catalyst 9600 are used at this layer with high-speed and high-bandwidth transmi cable. Advantages & Larger, more complex networks are divided into smaller, manageable subnetworks. > Local traffic remains local, which increases network efficiency. » Makes the network scalable. The addition of new networks does not affect the performance of existing ones. 1.7 Internet Layer Protocols ARP ARP stands for Address Resolution Protocol. It is used to associate an IP address with the MAC address, Each device on the network is recognized by the MAC address imprinted on the NIC. ‘Therefore, we can say that devices need the MAC address for communication on a local area network. MAC address can be changed easily. For example, if the NIC on a particular machine fails, the MAC address changes but IP address does not change. ARP is used to find the MAC address of the node when an internet address is known, How ARP works Page 13 of 29If the host wants to know the physical address of another host on its network, then it sends an ARP query packet that includes the IP address and broadcast it over the network. Every host on the network receives and processes the ARP packet, but only the intended recipient recognizes the IP address and sends back the physical address. The host holding the datagram adds the physical address to the cache memory and to the datagram header, then sends back to the sender. Router or host > Steps taken by ARP Protocol Ifa device wants to communicate with another device, the following steps are taken by the devic ¥ The device will first look at its internet list, called the ARP cache to check whether an IP address contains a matching MAC address or not. It will check the ARP cache in command prompt by using a command arp-a Gtioe nea _={0) x! core Lea Page 14 of 29v If ARP cache is empty, then device broadcast the message to the entire network askit ig each device for a matching MAC address. The device that has the matching IP address will then respond back to the sender with its MAC address. Once the MAC address is received by the device, then the communication can take place between two devices If the device receives the MAC address, then the MAC address gets stored in the ARP cache. We check the ARP cache in command prompt by using a command arp -a. re) Bcc eee ee Vien eVirats CVs iret eee yee ats Ff-ff-ff-ff-ff-ff static ome etd Betats Beats static Botats static > Two types of ARP Entries RARP ¥ Dynamic entry: It is an entry which is created automatically when the sender broadcast its message to the entire network. Dynamic entries are not permanent, and they are removed periodically. Y Static entry: It is an entry where someone manually enters the IP to MAC address association by using the ARP command utility. RARP stands for Reverse Address Resolution Protocol. If the host wants to know its IP address, then it broadcast the RARP query packet that © ntains its physical address to the entire network. A RARP server on the network recognizes the RARP packet and responds back with the host IP address. The protocol which is used to obtain the IP address from a server is known as Reverse Page 15 of 29Address Resolution Protocol. The message format of the RARP protocol is similar to the ARP protocol. Like ARP frame, RARP frame i sent from one machine (0 another encapsulated in the data portion of a frame. ICMP ICMP stands for Internet Control Message Protocol, The ICMP is a network layer protocol used by hosts and routers to send the notifications of IP datagram problems back to the sender. ICMP uses echo test/reply to check whether the destination is reachable and responding. [CMP handles. both control and error messages, but its main funetion is to report the error but not to correct them. An IP datagrun contains the addresses of both source and destination, but it does not know the address of the previous router through which it has been passed. Due to this reason, ICMP can only send the messages to the source, but not to the immediate routers, ICMP protocol communicates the error messages to the sender. ICMP messages cause the errors to be returned back to the user processes. ICMP messages are transmitted within IP datagram, Je t datagram ——| 20 bytes > Format of ICMP Message Page 16 of 29The first field specifies the type of the message. The second field specifies the reason for a particular message type. The checksum ficld covers the entire ICMP message. > Error Reporting: ICMP protocol reports the error messages to the sender. Five types of errors are handled by the ICMP protocol: Destination unreachable, Source Quench, Time Exceeded, Parameter problems, and Redirection. esata Y Destination unreachable: The message of "Destination Unreachable” is sent from receiver to the sender when destination cannot be reached, or packet is discarded. when the destination is not reachable. Y Source Quench: The purpose of the source quench message is congestion control. The message sent from the congested router to the source host to reduce the sanded packet and then add the source quench message to the IP datagram to inform the source host to reduce its transmission rate. ICMP will take the IP of the di transmission rate. The source host will reduce the transmission rate so that the router will be free from congestion. ¥ Time Exceeded: Time Exceeded is also known as "Time-To-Live”. It is a parameter that defines how long a packet should live before it would be discarded. % There are two ways when Time Exceeded message can be generated: Sometimes packet discarded due to some bad routing implementation, and this causes the looping issue and network congestion. Due to the looping issue, the value of TTL keeps on decrementing, and when it reaches zero, the router discards the datagram, However, when the datagram is discarded by Page 17 of 29the router, the time exceeded message will be sent by the router to the source host. When destination host does not receive all the fragments in a certain time limit, then the received fragments are also discarded, and the destination host sends time Exceeded message to the source host. Y Parameter problems: When a router or host di ‘overs any missing value in the IP datagram, the router discards the datagram, and the "parameter problem" message is sent back to the source host. Y Redirection: Redirection message is generated when host consists of a small routing table. When the host consists of a limited number of entries due to which it sends the datagram to a wrong router. The router that receives a datagram will forward a datagram to & correct router and also sends the "Redirection message” to the host to update its routing table. IP IP stands for internet protocol. It is a protocol defined in the TCP/IP model used for sending the packets from source to destination, The main task of IP is to deliver the packets from source to the destination based on the IP addresses available in the packet headers. IP defines the packet structure that hides the data which is to be delivered as well as the addressing method that labels the datagram with a source and destination information, An IP protocol provides the . TCPAP and connectionless service, which is accompanied by two transport protocols, UDPAP, so internet protocol is also known as TCP/IP or UDP/IP. The first version of IP (Internet Protocol) was IPv4. After IPv4, IPv6 came into the market, which has been increasingly used on the public internet since 2006, > History of Internet Protocol: The development of the protocol gets started in 1974 by Bob Kahn and Vint Cerf. It is used in conjunction with the Transmission Control Protocol (TCP), so they together named the ‘TCP/IP. The first major version of the internet ly declared in RFC ing Task Force (IETF) in 1981. After IPv4, the second major version of the internet protocol was IPv6, which was version 6. It was officially declared protocol was IPv4, w 791 by the Internet En version 4. This protocol was offi by the IETF in 1998. The main reason behind the development of IPv6 was to replace Page 18 of 29IPv4. There is a big difference between IPv4 and IPv6 is that IPv4 uses 32 bits for addressing, while IPV6 uses 128 bits for addressing, ~e Function: The main function of the internet protocol is to provide addressing to the hosts, encapsulating the data into a packet structure, and routing the data from source to the destination across one or more IP networks. In order to achieve these functionalities, internet protocol provides two major things, Format of IP Packet and IP Addressing System. v IP Packet: Before an IP packet is sent over the network, two major components are added in an IP packet, i., header and a payload. Transport Internet Link An IP header contains lots of information about the IP packet which includes: v KKK Source IP address: The source is the one who is sending the data. Destination IP address: The destination is a host that receives the data from the sender. Header length Packet length TTL (Time to Live): The number of hops occurs before the packet gets discarded. Transport protocol: The transport protocol used by the internet protocol, either it ‘an be TCP or UDP. ‘There is a total of 14 fields exist in the IP header, and one of them is optional. Page 19 of 29v Payload: Payload is the data that is to be transported. How does the IP routing perform? IP routing is a process of determining the path for data so that it can travel from the source to the destination. As we know that the data is divided into multiple packets, and cach packet will pass through a web of the router until it reaches the final destination. ‘The path that the data packet follows is determined by the routing algorithm, The routing algorithm considers various factors like the size of the packet and its header to determine the efficient route for the data from the source to the destination, When the data packet reaches some router, then the source address and destination address are used with a routing table to determine the next hop's address. This proc goes on until it reaches the destination. The data is divided into multiple packets so all the packers will travel individually (o reach the destination. For example, when an email is sent from the email server, then the TCP layer in this email server divides the data into multiple packets, provides numbering to these packets and transmits them to the IP layer. This IP layer further transmits the packet to the destination email server. On the side of the destination server, the IP layer transmits these data packets to the TCP layer, and the TCP layer recombines these data packets into the message. The message is sent to the email application. ‘Whaat is IP Addressing? An IP address is a unique identifier assigned to the computer which is connected to the internet. Each TP address consists of a series of characters like 192.168.1.2. Users cannot access the domain name of cach website with the help of these characters, so DNS resolvers are used that convert the human-readable domain names into a series of characters. Each IP packet contains wo addresses, i.e., the IP address of the device, which is sending the packet, and the IP address of the device which is receiving the packet. 1.8 Host to Host Layer Protocols Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) both are protocols of the Transport Layer Protocols. TCP is a connection-oriented protocol whereas UDP is a part of the Intemet Protocol suite, referred to as the UDP/IP suite. Unlike TCP, it is an unreliable and conneetiontess protocol. Page 20 of 29> Transmission Control Protocol: TCP (Transmission Control Protocol) is one of the main protocols of the Internet protocol suite, It lies between the Application and Network Layers which are used in providing reliable delivery services. It is a connection-oriented protocol for communications that helps in the exchange of messages between different devices over a network, The Internet Protocol (IP), which establishes the technique for sending data packets between computers, works with TCP. Client Server Active Open Passive Open Ton Drs hates ¥ Features of TCP TCP keeps track of the segments being transmitted or received by assigning numbers to every single one of them, © Flow control limits the rate at which a sender transfers data. This is done to ensure reliable delivery. ‘TCP implements an error control mechanism for reliable data transfer. TCP takes into account the level of congestion in the network. Y Applications of TCP * World Wide Web (WWW): When you browse websites, TCP ensures reliable data transfer between your browser and web servers. Protocols like SMTP (Simple Mail Transfer Protocol) handle email delivery across servers. Email: TCP is used for sending and receiving emails ‘ File Transfer Protocol (FTP): FTP relies on TCP to transfer large files sceurely, Whether you're uploading or downloading files, TCP ensures data integrity. Page 21 of 29“ Secure Shell (SSH); SSH_ sessions, commonly used for remote ation between client administration, rely on TCP for encrypted commu and server. ‘© Streaming Media: Services like Netflix, YouTube, and Spotify use TCP to stream videos and music, It ensures smooth playback by managing data segments and retransmissions. Y Advantages of TCP © Itis reliable for maintaining a connection between Sender and Receiver. Itis responsible for sending data in a particular sequence. “Its operations are not dependent on Operating System. % Ieallows and supports many routing protocols % Itcan reduce the speed of data based on the speed of the receiver. Y Disadvantages of TCP * Itis slower than UDP and it takes more bandwidth, Slower upon starting of transfer of a file. Not suitable for LAN and PAN Networks. % Itdoes not have a multicast or broadeast category, ‘% Itdoes not load the whole page if a single data of the page is missing. > User Datagram Protocol: User Datagram Protocol (UDP) is a Transport Layer protocol. UDP is a part of the Internet Protocol suite, referred to as the UDP/IP suite. Unlike TCP, it is an unreliable and connectionless protocol. So, there is no need to establish a connection before data transfer. The UDP helps to establish low-latency and loss- tolerating connections establish over the network. The UDP enables process-to-process communication, Page 22 of 29Request Response Response ee Response teeny Sender Reciever v Features of UDP Used for simple request-response communication when the size of data is less and hence there is lesser concern about flow and error control. % Itis.a suitable protocol for multicasting as UDP supports packet switching % UDP is used for some routing update protocols like RIP(Routing Information Protocol). “Normally used for real-time applications which can not tolerate uneven delays between sections of a received message. ¥ Applications of UDP Real-Time Multimedia Streaming: UDP is ideal for streaming audio and video content. Its low-latency nature ensures smooth playback, even if occasional data loss occurs. Online Gaming: Many online games rely on UDP for fast communication between players. ‘ DNS (Domain Name System) Queries: When your device looks up domain names (like converting “www.example.com” to an IP address), UDP handles these requests efficiently. “© Network Monitoring: Tools that monitor network performance often use UDP for lightweight, rapid data exchange. Multicasting: UDP supports packet switching, making it suitable for multicasting scenarios where data needs to be sent to multiple recipients simultaneously. Page 23 of 29% Routing Update Protocol Information Protocol), utilize UDP for exchanging routing information ‘ome routing protocols, like RIP (Routing among routers. Y Advantages of UDP + Itdoes not require any connection for sending or receiving data, Broadcast and Multicast are available in UDP. 4 UDP can operate on a large range of networks. UDP has live and real-time data. + UDP can deliver data if all the components of the data are not complete. ¥ Disadvantages of UDP We can not have any way to acknowledge the successful transfer of data, o + UDP cannot have the mechanism to track the sequence of data. @ UDPis connectionless, and due to this, it is unreliable to transfer data. Incase of a Collision, UDP packets are dropped by Routers in comparison to TCP. “& UDP can drop packets in case of detection of errors. > Which protocol is better: UDP or TCP? UD fet 7 ae] The answer to this question is difficult because it totally depends on what work we are doing and what type of data is being delivered. UDP is beter in the case of online gaming. as it allows us to work lag-frce. TCP is better if we are transferring data like photos, videos, ete, because it ensures that data must be correct has to be sent. In general, both Page 24 of 29‘TCP and UDP are useful in the context of the work assigned by us. Both have advantages upon the works we are performing, that’s why it is difficult to say, which one is better. Y Where TCP is used: Sending emails, transferring files, and web browsing ¥ Where UDP is used: Gaming, video streaming, and online video chats > Differences between TCP and UDP Basis ‘Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Type of Service TCP is a connection-oriented protocol, Connection orientation means that the communicating devices should establish a connection before transmitting data and should close the connection after transmitting, the UDP is the Datagram-oriented protocol, This is because there ‘overhead no for opening a connection, maintaining a connection, or terminating a connection, UDP is efficient for broadcast and multicast types of data. network transmission Reliability TCP is reliable as it guarantees |The delivery of data to the the delivery of data to the | destination cannot be guaranteed in destination router. UDP. Error checking | TCP provides extensive eror-|UDP has only the basic error- mechanism checking mechanisms, It is | checking mechanism —_using because it provides flow control | checksums. and acknowledgment of data. ‘Acknowledgement An acknowledgment segment is present. No acknowledgment segment. Sequencing Sequencing of data is a feature of Transmission Control Protocol (TCP). This means that packets arrive in order at the receiver. There is no sequencing of data in UDP. If the order is required, it has to be managed by the application layer. Speed TCP is comparatively slower than upp. ‘UDP is faster, simpler, and more efficient than TCP. Retransmission Retransmission of lost packets is There is no retransmission of lost Page 25 of 29possible in TCP, but not in UDP. packets. inthe User Datagram Protocol (UDP). Header Length TCP has a (20-60) bytes variable length header. ‘UDP has an 8 bytes fixed-length header. Weight TCP is heavy-weight, UDP is light-weight. Handshaking Uses handshakes such as SYN, [It's a connectionless protocol ie. Techniques ACK, SYN-ACK No handshake Broadcasting TCP doesn’t support | UDP supports Broadcasting. Broadcasting. Protocols TCP is used by HTTP, HTTPs, [UDP is used by DNS, DHCP. FIP, SMTP and Telnet. ‘TTP, SNMP, RIP, and VoIP. Stream Type The TCP connection is a byte|UDP connection is a message stream, stream. Overhead Low but higher than UDP. Very low. ‘Applications This protocol is primarily utilized in situations when a safe and trustworthy communication procedure is necessary, such as in email, on the web surfing, and in military services. This protocol is used in situations where quick communication is nee ry but where dependability is not a concern, such as VoIP, game streaming, video, and music streaming, ete. Example: Suppose there are two houses, HI and H2, and a letter has to be sent from HI to H2 Bur there is a river in between those two houses. Now how can we send the letter? Solution 1: Make a bridge over the river and then it can be delivered. Solution 2: Get it delivered by a pigeon Consider the first solution as TCP. A connection has to be made (bridge) to get the data (letter) delivered. The data is reliable because it will directly reach another end without loss of data or error. ‘The second solution is UDP. No connection is required for sending the data. The process is fast as compared to TCP, where we need to set up a connection (bridge). But the data is not reliable: we don’t know whether the pigeon will go in the right direction will drop the letter on the way, or some issue is encountered mid-travel. Page 26 of 291.9 Application Layer Protocols > v v ov v ‘Telnet (Telecommunication Network): Telnet is used for remote command-line access to servers and network devices. It allows a user to log in to another device over a network and execute commands as if they were physically present at that device. It uses typically TCP port 23. Telnet is not secure as it transmits data, including passwords, in plain text. It’s often replaced by SSH (Secure Shell). FTP (File Transfer Protocol): FTP is used for transferring files between a client and a server over a network. It supports uploading and downloading files, as well as basic file management tasks like listing directories and deleting files. It uses TCP ports 20 (data transfer) and 21 (control commands). FTP is not secure by default. Secure alternatives include FTPS (FTP Secure) and SETP (SSH File Transfer Protocol), ‘TFTP (Trivial File Transfer Protocol): TFTP is a simplified version of FTP used for transferring files. It primarily used for transferring small files, like configuration files and firmware updates, without authentication. It uses UDP port 69. TFTP is not secure and does not support authentication, making it unsuitable for sensitive data. NFS (Network File System): NFS allows a computer to access files over a network as if they were on its local hard drive. It facilitates file sharing between Unix/Linux systems, supporting file reads, writes, and modifications. It uses port 2049 by default, NFS can use. various security mechanisms, such as Kerberos, to provide secure authentication and data transmission. SMTP (Simple Mail Transfer Protocol): messages. It handles the process of sending emails from a client to a mail server and SMTP is used for sending and relaying email between mail servers. It uses TCP port 25 for standard communication, port 587 for submission, and port 465 for secure communication (SMTP over SSL/TLS). SMTP can be secured using SSL/TLS, but it does not support encryption by default. LPD (Line Printer Daemon): LPD is used for managing print jobs on a network. It allows. clients to send print jobs to printers managed by an LPD server. It uses TCP port 515. LPD lacks robust security features and is often replaced by more secure protocols like IPP (Internet Printing Protocol). X Window System (X11): The X Window System provides a graphical user interface for networked computers. It enables the display of graphical applications on remote devices, Page 27 of 29allowing for a distributed graphical environment. It uses typically TCP port 6000 and above. It can be secured using SSH tunneling or other security mechanisms to encrypt the. data. > SNMP (Simple Network Management Protocol): SNMP is used for managing and monitoring network devices. It enables network administrators to collect information and configure network devices such as routers, switches, and servers. It uses UDP ports 161 (queries) and 162. (traps/notifications). SNMPv3 provides security features like encryption and authentication, unlike SNMPv1 and SNMPv2. > DNS (Domain Name System): DNS translates human-readable domain names into IP addresses. It resolves domain names to their corresponding IP addresses, allowing users to access websites using easy-to-remember names. It uses UDP port 53 for queries and ‘TCP port 53 for zone transfers, DNSSEC (DNS Security Extensions) provides data integrity and authentication for DNS queries. > DHCP (Dynamic Host Configuration Protocol): DHCP automates the assignment of IP addresses and other network configuration parameters. It automatically provides devices on a network with IP addresses, subnet masks, default gateways, and DNS servers. It uses. UDP port 67 (server) and UDP port 68 (client). DHCP is susceptible to attacks like DHCP spoofing. Security can be enhanced with techniques such as DHCP snooping. Protocol Purpose Ports Security Concerns Telnet Remote command-line | TCP 23 Transmits data in plain text access FTP File wansfer TCP 20,21 | Transmits data in plain text TFIP Simplified file transfer | UDP 69 No authentication NFS Network file access | TCP/UDP | Depends on implementation (e.g.. 2049 Kerberos) SMTP Sending email TCP 25, 587, | Can be secured with SSI/ TLS 465 LPD Managing print jobs| TCP 515 Lacks robust security features X Window | Graphical userimterface [TCP 6000+ | Can be secured with SSH tunneling System SNMP Network management | UDP 161, | SNMPv3 offers improved security Page 28 of 29162 DNS Domain mame | UDP/TCP 53 | DNSSEC provides enhanced’ resolution security DHCP TP address assignment | UDP 67,68 | Vulnerable to DHCP spoofing Page 29 of 29