TCP/IP model

o The TCP/IP model was developed prior to the OSI model.

o The TCP/IP model is not exactly similar to the OSI model.
o The TCP/IP model consists of five layers: the application layer, transport layer, network layer,
data link layer and physical layer.
o The first four layers provide physical standards, network interface, internetworking, and transport
functions that correspond to the first four layers of the OSI model and these four layers are
represented in TCP/IP model by a single layer called the application layer.
o TCP/IP is a hierarchical protocol made up of interactive modules, and each of them provides
specific functionality.

Here, hierarchical means that each upper-layer protocol is supported by two or more lower-level
protocols.

Functions of TCP/IP layers:

Network Access Layer

o A network layer is the lowest layer of the TCP/IP model.

o A network layer is the combination of the Physical layer and Data Link layer defined in the OSI
reference model.
o It defines how the data should be sent physically through the network.
o This layer is mainly responsible for the transmission of the data between two devices on the same
network.
o The functions carried out by this layer are encapsulating the IP datagram into frames transmitted
by the network and mapping of IP addresses into physical addresses.
o The protocols used by this layer are ethernet, token ring, FDDI, X.25, frame relay.
o
Internet Layer

o An internet layer is the second layer of the TCP/IP model.

o An internet layer is also known as the network layer.
o The main responsibility of the internet layer is to send the packets from any network, and they
arrive at the destination irrespective of the route they take.

Following are the protocols used in this layer are:

IP Protocol: IP protocol is used in this layer, and it is the most significant part of the entire TCP/IP suite.

Following are the responsibilities of this protocol:

o IP Addressing: This protocol implements logical host addresses known as IP addresses. The IP
addresses are used by the internet and higher layers to identify the device and to provide
internetwork routing.
o Host-to-host communication: It determines the path through which the data is to be transmitted.
o Data Encapsulation and Formatting: An IP protocol accepts the data from the transport layer
protocol. An IP protocol ensures that the data is sent and received securely, it encapsulates the
data into message known as IP datagram.
o Fragmentation and Reassembly: The limit imposed on the size of the IP datagram by data link
layer protocol is known as Maximum Transmission unit (MTU). If the size of IP datagram is
greater than the MTU unit, then the IP protocol splits the datagram into smaller units so that they
can travel over the local network. Fragmentation can be done by the sender or intermediate
router. At the receiver side, all the fragments are reassembled to form an original message.
o Routing: When IP datagram is sent over the same local network such as LAN, MAN, WAN, it is
known as direct delivery. When source and destination are on the distant network, then the IP
datagram is sent indirectly. This can be accomplished by routing the IP datagram through various
devices such as routers.

ARP Protocol

o ARP stands for Address Resolution Protocol.

o ARP is a network layer protocol which is used to find the physical address from the IP address.
o The two terms are mainly associated with the ARP Protocol:
o ARP request: When a sender wants to know the physical address of the device, it
broadcasts the ARP request to the network.
o ARP reply: Every device attached to the network will accept the ARP request and
process the request, but only recipient recognize the IP address and sends back its
physical address in the form of ARP reply. The recipient adds the physical address both
to its cache memory and to the datagram header
ICMP Protocol

o ICMP stands for Internet Control Message Protocol.

o It is a mechanism used by the hosts or routers to send notifications regarding datagram problems
back to the sender.
o A datagram travels from router-to-router until it reaches its destination. If a router is unable to
route the data because of some unusual conditions such as disabled links, a device is on fire or
network congestion, then the ICMP protocol is used to inform the sender that the datagram is
undeliverable.
o An ICMP protocol mainly uses two terms:
o ICMP Test: ICMP Test is used to test whether the destination is reachable or not.
o ICMP Reply: ICMP Reply is used to check whether the destination device is responding
or not.
o The core responsibility of the ICMP protocol is to report the problems, not correct them. The
responsibility of the correction lies with the sender.
o ICMP can send the messages only to the source, but not to the intermediate routers because the IP
datagram carries the addresses of the source and destination but not of the router that it is passed
to.

Transport Layer

The transport layer is responsible for the reliability, flow control, and correction of data which is being
sent over the network.

The two protocols used in the transport layer are User Datagram protocol and Transmission control
protocol.

o User Datagram Protocol (UDP)

o It provides connectionless service and end-to-end delivery of transmission.
o It is an unreliable protocol as it discovers the errors but not specify the error.
o User Datagram Protocol discovers the error, and ICMP protocol reports the error to the
sender that user datagram has been damaged.
o UDP consists of the following fields:
Source port address: The source port address is the address of the application program
that has created the message.
Destination port address: The destination port address is the address of the application
program that receives the message.
Total length: It defines the total number of bytes of the user datagram in bytes.
Checksum: The checksum is a 16-bit field used in error detection.
 o UDP does not specify which packet is lost. UDP contains only checksum; it does not
contain any ID of a data segment.

o Transmission Control Protocol (TCP)

o It provides a full transport layer services to applications.
o It creates a virtual circuit between the sender and receiver, and it is active for the duration
of the transmission.
o TCP is a reliable protocol as it detects the error and retransmits the damaged frames.
Therefore, it ensures all the segments must be received and acknowledged before the
transmission is considered to be completed and a virtual circuit is discarded.
o At the sending end, TCP divides the whole message into smaller units known as segment,
and each segment contains a sequence number which is required for reordering the
frames to form an original message.
o At the receiving end, TCP collects all the segments and reorders them based on sequence
numbers.

Application Layer

o An application layer is the topmost layer in the TCP/IP model.

o It is responsible for handling high-level protocols, issues of representation.
o This layer allows the user to interact with the application.
o When one application layer protocol wants to communicate with another application layer, it
forwards its data to the transport layer.
o There is an ambiguity occurs in the application layer. Every application cannot be placed inside
the application layer except those who interact with the communication system. For example: text
editor cannot be considered in application layer while web browser using HTTP protocol to
interact with the network where HTTP protocol is an application layer protocol.
Following are the main protocols used in the application layer:

o HTTP: HTTP stands for Hypertext transfer protocol. This protocol allows us to access the data
over the world wide web. It transfers the data in the form of plain text, audio, video. It is known
as a Hypertext transfer protocol as it has the efficiency to use in a hypertext environment where
there are rapid jumps from one document to another.
o SNMP: SNMP stands for Simple Network Management Protocol. It is a framework used for
managing the devices on the internet by using the TCP/IP protocol suite.
o SMTP: SMTP stands for Simple mail transfer protocol. The TCP/IP protocol that supports the e-
mail is known as a Simple mail transfer protocol. This protocol is used to send the data to another
e-mail address.
o DNS: DNS stands for Domain Name System. An IP address is used to identify the connection of
a host to the internet uniquely. But, people prefer to use the names instead of addresses.
Therefore, the system that maps the name to the address is known as Domain Name System.
o TELNET: It is an abbreviation for Terminal Network. It establishes the connection between the
local computer and remote computer in such a way that the local terminal appears to be a terminal
at the remote system.
o FTP: FTP stands for File Transfer Protocol. FTP is a standard internet protocol used for
transmitting the files from one computer to another computer.

TCP 3-Way Handshake Process

Transmission Control Protocol (TCP) provides a secure and reliable connection between two devices
using the 3-way handshake process. TCP uses the full-duplex connection to synchronize (SYN) and
acknowledge (ACK) each other on both sides. There are three steps for both establishing and closing a
connection. They are − SYN, SYN-ACK, and ACK.

3-Way Handshake Connection Establishment Process

The following diagram shows how a reliable connection is established using 3-way handshake. It will
support communication between a web browser on the client and server sides whenever a user navigates
the Internet.
Synchronization Sequence Number (SYN) − The client sends the SYN to the server
 When the client wants to connect to the server, then it sends the message to the server by setting the
SYN flag as 1.
 The message carries some additional information like the sequence number (32-bit random
number).
 The ACK is set to 0. The maximum segment size and the window size are also set. For example, if
the window size is 1000 bits and the maximum segment size is 100 bits, then a maximum of 10
data segments can be transmitted in the connection by dividing (1000/100=10).
Synchronization and Acknowledgement (SYN-ACK) to the client
 The server acknowledges the client request by setting the ACK flag to 1.
 The ACK indicates the response of the segment it received and SYN indicates with what sequence
number it will start the segments.
 For example, if the client has sent the SYN with sequence number = 500, then the server will send
the ACK using acknowledgment number = 5001.
 The server will set the SYN flag to '1' and send it to the client if the server also wants to establish
the connection.
 The sequence number used for SYN will be different from the client's SYN.
 The server also advertises its window size and maximum segment size to the client. And, the
connection is established from the client-side to the server-side.
Acknowledgment (ACK) to the server
 The client sends the acknowledgment (ACK) to the server after receiving the synchronization
(SYN) from the server.
 After getting the (ACK) from the client, the connection is established between the client and the
server.
 Now the data can be transmitted between the client and server sides.
3 -Way Handshake Closing Connection Process
To close a 3-way handshake connection,
 First, the client requests the server to terminate the established connection by sending FIN.
 After receiving the client request, the server sends back the FIN and ACK request to the client.
 After receiving the FIN + ACK from the server, the client confirms by sending an ACK to the
server.
Network Address Translation (NAT)

To access the Internet, one public IP address is needed, but we can use a private IP address in our
private network. The idea of NAT is to allow multiple devices to access the Internet through a single
public address. To achieve this, the translation of a private IP address to a public IP address is
required. Network Address Translation (NAT) is a process in which one or more local IP address is
translated into one or more Global IP address and vice versa in order to provide Internet access to the
local hosts. Also, it does the translation of port numbers i.e. masks the port number of the host with
another port number, in the packet that will be routed to the destination. It then makes the
corresponding entries of IP address and port number in the NAT table. NAT generally operates on a
router or firewall.
Network Address Translation (NAT) working –
Generally, the border router is configured for NAT i.e the router which has one interface in the local
(inside) network and one interface in the global (outside) network. When a packet traverse outside the
local (inside) network, then NAT converts that local (private) IP address to a global (public) IP address.
When a packet enters the local network, the global (public) IP address is converted to a local (private)
IP address.
If NAT runs out of addresses, i.e., no address is left in the pool configured then the packets will be
dropped and an Internet Control Message Protocol (ICMP) host unreachable packet to the destination is
sent.
Why mask port numbers ?
Suppose, in a network, two hosts A and B are connected. Now, both of them request for the same
destination, on the same port number, say 1000, on the host side, at the same time. If NAT does only
translation of IP addresses, then when their packets will arrive at the NAT, both of their IP addresses
would be masked by the public IP address of the network and sent to the destination. Destination will
send replies to the public IP address of the router. Thus, on receiving a reply, it will be unclear to NAT
as to which reply belongs to which host (because source port numbers for both A and B are the same).
Hence, to avoid such a problem, NAT masks the source port number as well and makes an entry in the
NAT table.
NAT inside and outside addresses –
Inside refers to the addresses which must be translated. Outside refers to the addresses which are not in
control of an organization. These are the network Addresses in which the translation of the addresses
will be done.

 Inside local address – An IP address that is assigned to a host on the Inside (local) network. The
address is probably not an IP address assigned by the service provider i.e., these are private IP
 addresses. This is the inside host seen from the inside network.

 Inside global address – IP address that represents one or more inside local IP addresses to the
outside world. This is the inside host as seen from the outside network.

 Outside local address – This is the actual IP address of the destination host in the local network
after translation.

 Outside global address – This is the outside host as seen from the outside network. It is the IP
address of the outside destination host before translation.

Network Address Translation (NAT) Types –

There are 3 ways to configure NAT:

1. Static NAT – In this, a single unregistered (Private) IP address is mapped with a legally registered
(Public) IP address i.e one-to-one mapping between local and global addresses. This is generally
used for Web hosting. These are not used in organizations as there are many devices that will need
Internet access and to provide Internet access, a public IP address is needed.
Suppose, if there are 3000 devices that need access to the Internet, the organization has to buy 3000
public addresses that will be very costly.

2. Dynamic NAT – In this type of NAT, an unregistered IP address is translated into a registered
(Public) IP address from a pool of public IP addresses. If the IP address of the pool is not free, then
the packet will be dropped as only a fixed number of private IP addresses can be translated to public
addresses.
Suppose, if there is a pool of 2 public IP addresses then only 2 private IP addresses can be translated
at a given time. If 3rd private IP address wants to access the Internet then the packet will be dropped
therefore many private IP addresses are mapped to a pool of public IP addresses. NAT is used when
the number of users who want to access the Internet is fixed. This is also very costly as the
organization has to buy many global IP addresses to make a pool.

3. Port Address Translation (PAT) – This is also known as NAT overload. In this, many local
(private) IP addresses can be translated to a single registered IP address. Port numbers are used to
distinguish the traffic i.e., which traffic belongs to which IP address. This is most frequently used as
it is cost-effective as thousands of users can be connected to the Internet by using only one real
global (public) IP address.

Advantages of NAT –

 NAT conserves legally registered IP addresses.

 It provides privacy as the device’s IP address, sending and receiving the traffic, will be hidden.

 Eliminates address renumbering when a network evolves.

Disadvantage of NAT –

 Translation results in switching path delays.

 Certain applications will not function while NAT is enabled.

 Complicates tunneling protocols such as IPsec.

 Also, the router being a network layer device, should not tamper with port numbers(transport layer)
but it has to do so because of NAT.