Unit 4- TCP/IP Protocol Suite

Transmission Control Protocol (TCP)

Internet Protocol (IP)
The entire IP suite -- a set of rules and procedures -- is
commonly referred to as TCP/IP. TCP and IP are the two
main protocols, though others are included in the suite.
Transmission Control Protocol (TCP) is a standard that defines
how to establish and maintain a network conversation by which
applications can exchange data. TCP works with the Internet
Protocol (IP), which defines how computers send packets of data
to each other.
4.1 Host to Network layer protocol
The host-to-network layer is the lowest layer of the TCP/IP
model and is concerned with the physical transmission of data.
It is also called a network interface layer or link layer. It can be
considered as the combination of physical layer and data link
layer of the OSI model.
The functions of this layer are −
It defines how bits are to be encoded into optical or electrical pulses.
It accepts IP packets from the network layer and encapsulates them into
frames. It synchronizes the transmission of the frames as well as the bits
making up the frames, between the sender and the receiver.
It states the transmission mode, i.e. simplex, half duplex or full duplex
It states the topology of the network, i.e. bus, star, ring etc.

The protocols that this layer supports are −

Ethernet
Frame Relay
Token Ring
ATM
The following diagram depicts the host-to-network layer in the TCP/IP protocol suite −

The following diagram depicts the host-to-network layer in the TCP/IP protocol suite −
SLIP-
The Serial Line Internet Protocol (SLIP) is an encapsulation of
the Internet Protocol designed to work over serial ports and
modem connections. SLIP has been largely replaced by the
Point-to-Point Protocol (PPP), which has more features and does
not require a predefined IP address configuration. SLIP stands for
Serial Line Internet Protocol.
SLIP is an Internet protocol that allows users to gain Internet
access using a computer modem.
SLIP defines a sequence of characters that frame IP packets on a
serial line and nothing more. It provides no addressing, packet
type identification, error detection/correction or compression
mechanisms.
Advantages
1.It can allow different combinations of network
configurations such as host-host, host-router, router-
router etc.
2.It can be easily used in microcontrollers because of
small overhead.
3.It is easy to implement being a basic packet protocol
and due to wide application of TCP/IP.
Disadvantages
1.It does not perform any authentication of data and IP
addresses cannot be dynamically assigned while using
SLIP.
2.SLIP provides no type identification method. The type of
protocol sent cannot be detected. Hence, only one
protocol can run over a SLIP connection.
3.It has no error detection or correction mechanism in
data transmission.
4.A SLIP connection provides no mechanism for hosts to
communicate addressing information.
5.SLIP provides no compression features to improve
packet throughput. CSLIP was a variant used for same
purpose but it could not achieve wide application.
PPP-
Point - to - Point Protocol (PPP) is a communication
protocol of the data link layer that is used to
transmit multiprotocol data between two directly
connected (point-to-point) computers. It is a byte -
oriented protocol that is widely used in broadband
communications having heavy loads and high
speeds. Since it is a data link layer protocol, data is
transmitted in frames. It is also known as RFC
1661.
Services Provided by PPP
•Defining the frame format of the data to be transmitted.
•Defining the procedure of establishing link between two
points and exchange of data.
•Stating the method of encapsulation of network layer
data in the frame.
•Stating authentication rules of the communicating
devices.
•Providing address for network communication.
•Providing connections over multiple links.
•Supporting a variety of network layer protocols by
providing a range os services.
Components of PPP
•Encapsulation Component − It encapsulates the datagram so that it
can be transmitted over the specified physical layer.
•Link Control Protocol (LCP) − It is responsible for establishing,
configuring, testing, maintaining and terminating links for transmission.
•Authentication Protocols (AP) − These protocols authenticate
endpoints for use of services.
• Password Authentication Protocol (PAP)
• Challenge Handshake Authentication Protocol (CHAP)
•Network Control Protocols (NCPs) − These protocols are used for
negotiating the parameters and facilities for the network layer.
• Internet Protocol Control Protocol (IPCP)
• OSI Network Layer Control Protocol (OSINLCP)
• Internetwork Packet Exchange Control Protocol (IPXCP)
• DECnet Phase IV Control Protocol (DNCP)
• NetBIOS Frames Control Protocol (NBFCP)
• IPv6 Control Protocol (IPV6CP)
PPP Frame
PPP is a byte - oriented protocol where each field of the frame is
composed of one or more bytes. The fields of a PPP frame are −
•Flag − 1 byte that marks the beginning and the end of the frame.
The bit pattern of the flag is 01111110.
•Address − 1 byte which is set to 11111111 in case of broadcast.
•Control − 1 byte set to a constant value of 11000000.
•Protocol − 1 or 2 bytes that define the type of data contained in
the payload field.
•Payload − This carries the data from the network layer. The
maximum length of the payload field is 1500 bytes. However, this
may be negotiated between the endpoints of communication.
•FCS − It is a 2 byte or 4 bytes frame check sequence for error
detection. The standard code used is CRC (cyclic redundancy code)
4.2 Internet Layer Protocol
The Internet layer is responsible for logical transmission of
data packets over the internet. It can be compared to the
network layer of the OSI model.

The main functions of the internet layer are −

•It transmits data packets to the link layer.
•It routes each of the data packets independently from the
source to the destination, using the optimal route.
•It reassembles the out-of-order packets when they reach
the destination.
•It handles the error in transmission of data packets and
fragmentation of data packets.
The protocols used in this layer are −
•Internet Protocol, IP − It is a connectionless and unreliable
protocol that provides a best effort delivery service. It
transports data packets called datagrams that travel over
different routes across multiple nodes.
•Address Resolution Protocol, ARP −This protocol maps
the logical address or the Internet address of a host to its
physical address, as printed in the network interface card.
•Reverse Address Resolution Protocol, RARP − This is to
find the Internet address of a host when its physical address is
known.
•Internet Control Message Protocol, ICMP − It monitors
sending the queries as well as the error messages.
•Internet Group Message Protocol, IGMP −It allows the
transmission of a message to a group of recipients
The following diagram shows the network layer in the TCP/IP protocol suite −

The following diagram shows the network layer in the TCP/IP protocol suite −
IP
The Internet Protocol (IP) is a set of requirements for
addressing and routing data on the Internet. IP can be
used with several transport protocols, including TCP and
UDP. It is a protocol defined in the TCP/IP model used for
sending the packets from source to destination.
An internet protocol defines two things:
•Format of IP packet
•IP Addressing system
An IP header contains lots of information about the IP
packet which includes:
•Source IP address: The source is the one who is sending
the data.
•Destination IP address: The destination is a host that
receives the data from the sender.
•Header length
•Packet length
•TTL (Time to Live): The number of hops occurs before the
packet gets discarded.
•Transport protocol: The transport protocol used by the
internet protocol, either it can be TCP or UDP.
There is a total of 14 fields exist in the IP header, and one
of them is optional.
ARP
•ARP stands for Address Resolution Protocol.
•It is used to associate an IP address with the MAC
address.
•Each device on the network is recognized by the
MAC address imprinted on the NIC.
• If the host wants to know the physical address of
another host on its network, then it sends an ARP
query packet that includes the IP address and
broadcast it over the network.
There are two types of ARP entries:
•Dynamic entry: It is an entry which is created
automatically when the sender broadcast its
message to the entire network. Dynamic entries
are not permanent, and they are removed
periodically.
•Static entry: It is an entry where someone
manually enters the IP to MAC address association
by using the ARP command utility.
RARP
•RARP stands for Reverse Address Resolution
Protocol.
•If the host wants to know its IP address, then it broadcast
the RARP query packet that contains its physical address
to the entire network. A RARP server on the network
recognizes the RARP packet and responds back with the
host IP address.
•The protocol which is used to obtain the IP address from a
server is known as Reverse Address Resolution
Protocol.
•The message format of the RARP protocol is similar to the
ARP protocol.
•Like ARP frame, RARP frame is sent from one machine to
ICMP
•ICMP stands for Internet Control Message Protocol.
•The ICMP is a network layer protocol used by hosts and routers to
send the notifications of IP datagram problems back to the sender.
•ICMP uses echo test/reply to check whether the destination is
reachable and responding.
•ICMP handles both control and error messages, but its main
function is to report the error but not to correct them.
•An IP datagram contains the addresses of both source and
destination, but it does not know the address of the previous
router through which it has been passed. Due to this reason, ICMP
can only send the messages to the source, but not to the
immediate routers.
•ICMP protocol communicates the error messages to the sender.
ICMP messages cause the errors to be returned back to the user
processes.
The Format of an ICMP message
Network Layer Protocols
The first field specifies the type of the message.
The second field specifies the reason for a particular message type.
The checksum field covers the entire ICMP message.
4.3 Transport layer protocols
Transport layer protocols, namely, Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP), identify
applications communicating with each other by means of port
numbers.
Features Of TCP protocol
•Stream data transfer: TCP protocol transfers the data in the form of
contiguous stream of bytes.
•Reliability: TCP assigns a sequence number to each byte transmitted
and expects a positive acknowledgement from the receiving TCP.
•Flow Control: When receiving TCP sends an acknowledgement back
to the sender indicating the number the bytes it can receive without
overflowing its internal buffer.
•Multiplexing: Multiplexing is a process of accepting the data from
different applications and forwarding to the different applications on
different computers.
•Logical Connections: The combination of sockets, sequence
numbers, and window sizes, is called a logical connection. Each
connection is identified by the pair of sockets used by sending and
receiving processes.
•Full Duplex: TCP provides Full Duplex service, i.e., the data flow in
both the directions at the same time. To achieve Full Duplex service,
TCP Segment Format
•Source port address: It is used to define the address of the
application program in a source computer. It is a 16-bit field.
•Destination port address: It is used to define the address of
the application program in a destination computer. It is a 16-bit
field.
•Sequence number: A stream of data is divided into two or
more TCP segments. The 32-bit sequence number field represents
the position of the data in an original data stream.
•Acknowledgement number: A 32-field acknowledgement
number acknowledge the data from other communicating
devices.
•Header Length (HLEN): It specifies the size of the TCP header
in 32-bit words. The minimum size of the header is 5 words, and
the maximum size of the header is 15 words.
•Reserved: It is a six-bit field which is reserved for future use.
•Control bits: Each bit of a control field functions individually
There are total six types of flags in control field:
•URG: The URG field indicates that the data in a segment is
urgent.
•ACK: When ACK field is set, then it validates the
acknowledgement number.
•PSH: The PSH field is used to inform the sender that higher
throughput is needed so if possible, data must be pushed with
higher throughput.
•RST: The reset bit is used to reset the TCP connection when
there is any confusion occurs in the sequence numbers.
•SYN: The SYN field is used to synchronize the sequence
numbers in three types of segments: connection request,
connection confirmation ( with the ACK bit set ), and
confirmation acknowledgement.
•FIN: The FIN field is used to inform the receiving TCP module
UDP
•UDP stands for User Datagram Protocol.
•UDP is a simple protocol and it provides
nonsequenced transport functionality.
•UDP is a connectionless protocol.
•This type of protocol is used when reliability and
security are less important than speed and size.
•UDP is an end-to-end transport level protocol that
adds transport-level addresses, checksum error
control, and length information to the data from the
upper layer.
•The packet produced by the UDP protocol is known
User Datagram Format
The user datagram has a 16-byte header which is shown below:
Source port address: It defines the address of the
application process that has delivered a message.
The source port address is of 16 bits address.
•Destination port address: It defines the address
of the application process that will receive the
message. The destination port address is of a 16-bit
address.
•Total length: It defines the total length of the user
datagram in bytes. It is a 16-bit field.
•Checksum: The checksum is a 16-bit field which is
used in error detection.
Disadvantages of UDP protocol
•UDP provides basic functions needed for the end-
to-end delivery of a transmission.
•It does not provide any sequencing or reordering
functions and does not specify the damaged packet
when reporting an error.
•UDP can discover that an error has occurred, but it
does not specify which packet has been lost as it
does not contain an ID or sequencing number of a
particular data segment.
4.4 Application Layer protocols
FTP-
FTP (File Transfer Protocol) is a network protocol for transmitting
files between computers over Transmission Control
Protocol/Internet Protocol (TCP/IP) connections. Within the
TCP/IP suite, FTP is considered an application layer protocol .
•It provides the sharing of files.
•It is used to encourage the use of remote
computers.
•It transfers the data more reliably and efficiently.
Advantages of FTP:
•Speed: One of the biggest advantages of FTP is speed.
The FTP is one of the fastest way to transfer the files from
one computer to another computer.
•Efficient: It is more efficient as we do not need to
complete all the operations to get the entire file.
•Security: To access the FTP server, we need to login with
the username and password. Therefore, we can say that
FTP is more secure.
•Back & forth movement: FTP allows us to transfer the
files back and forth. Suppose you are a manager of the
company, you send some information to all the
employees, and they all send information back on the
same server.
Disadvantages of FTP:
•The standard requirement of the industry is that all the FTP
transmissions should be encrypted. However, not all the FTP
providers are equal and not all the providers offer
encryption. So, we will have to look out for the FTP providers
that provides encryption.
•FTP serves two operations, i.e., to send and receive large
files on a network. However, the size limit of the file is 2GB
that can be sent. It also doesn't allow you to run
simultaneous transfers to multiple receivers.
•Passwords and file contents are sent in clear text that
allows unwanted eavesdropping. So, it is quite possible that
attackers can carry out the brute force attack by trying to
guess the FTP password.
HTTP
•HTTP stands for HyperText Transfer Protocol.
•It is a protocol used to access the data on the World Wide
Web (www).
•The HTTP protocol can be used to transfer the data in the
form of plain text, hypertext, audio, video, and so on
•HTTP is similar to the FTP as it also transfers the files
from one host to another host. But, HTTP is simpler than
FTP as HTTP uses only one connection, i.e., no control
connection to transfer the files.
•HTTP is used to carry the data in the form of MIME-like
format.
•HTTP is similar to SMTP as the data is transferred
between client and server.
Features of HTTP:
•Connectionless protocol: HTTP is a connectionless
protocol. HTTP client initiates a request and waits for a
response from the server.
•Media independent: HTTP protocol is a media
independent as data can be sent as long as both the client
and server know how to handle the data content.
•Stateless: HTTP is a stateless protocol as both the client
and server know each other only during the current
request.
HTTP Transactions
Messages
HTTP messages are of two types: request and response.
Both the message types follow the same message format.
Request Message: The request
message is sent by the client that
consists of a request line, headers,
and sometimes a body.
Response Message: The
response message is sent by the
server to the client that consists
of a status line, headers, and
sometimes a body.
SMTP
Simple Mail Transfer Protocol
SMTP is an application layer protocol. The client
who wants to send the mail opens a TCP connection
to the SMTP server and then sends the mail across
the connection. The SMTP server is an always-on
listening mode. As soon as it listens for a TCP
connection from any client, the SMTP process
initiates a connection through port 25. After
successfully establishing a TCP connection the
client process sends the mail instantly.
Communication between sender and the receiver :
The sender’s user agent prepares the message and sends
it to the MTA. The MTA’s responsibility is to transfer the
mail across the network to the receiver’s MTA. To send
mails, a system must have a client MTA, and to receive
mails, a system must have a server MTA.
Some SMTP Commands:
•HELO – Identifies the client to the server, fully qualified domain
name, only sent once per session
•MAIL – Initiate a message transfer, fully qualified domain of
originator
•RCPT – Follows MAIL, identifies an addressee, typically the fully
qualified name of the addressee, and for multiple addressees use
one RCPT for each addressee
•
Advantages of SMTP:
•If necessary, the users can have a dedicated server.
•It allows for bulk mailing.
•Low cost and wide coverage area.
•Offer choices for email tracking.
•reliable and prompt email delivery.
Disadvantages of SMTP:
•SMTP’s common port can be blocked by several firewalls.
•SMTP security is a bigger problem.
•Its simplicity restricts how useful it can be.
•Just 7 bit ASCII characters can be used.
•If a message is longer than a certain length, SMTP servers may
reject the entire message.
•Delivering your message will typically involve additional back-and-
forth processing between servers, which will delay sending and
raise the likelihood that it won’t be sent.
TELNET
TELNET stands for Teletype Network. It is a type of
protocol that enables one computer to connect to local
computer. It is a used as a standard TCP/IP protocol for
virtual terminal service which is given by ISO. Computer
which starts connection known as the local computer.
Commands of the telnet are identified by a prefix
character, Interpret As Command (IAC) which is having
code 255. IAC is followed by command and option codes.
Basic format of the command is as shown in the following
figure :
Features
•The Telnet Protocol (TELNET) provides a standard
method for terminal devices and terminal-oriented
processes to interface.
•TELNET is commonly used by terminal emulation
programs that allow you to log into a remote host. ...
•TCP/IP implements TELNET in the tn, telnet, or tn3270
user commands.
DNS
An application layer protocol defines how the application
processes running on different systems, pass the
messages to each other.
•DNS stands for Domain Name System.
•DNS is a directory service that provides a mapping
between the name of a host on the network and its
numerical address.
•DNS is required for the functioning of the internet.
•Each node in a tree has a domain name, and a full
domain name is a sequence of symbols specified by dots.
•DNS is a service that translates the domain name into IP
addresses.
DNS is a TCP/IP protocol used on different platforms. The domain
name space is divided into three different sections: inverse
domain, generic domains and country domains.
Generic Domains
•It defines the registered hosts according to their generic
behavior.
•Each node in a tree defines the domain name, which is
an index to the DNS database.
•It uses three-character labels, and these labels describe
the organization type.
Country Domain
The format of country domain is same as a generic
domain, but it uses two-character country abbreviations
(e.g., us for the United States) in place of three character
organizational abbreviations.

Inverse Domain
The inverse domain is used for mapping an address to a
name. When the server has received a request from the
client, and the server contains the files of only authorized
clients. To determine whether the client is on the
authorized list or not, it sends a query to the DNS server
and ask for mapping an address to the name.
Bootstrap Protocol (BOOTP)
This is a networking protocol which is used by networking administration to
give IP addresses to each member of that network for participating with other
networking devices by the main server.
Important Features of Bootstrap Protocol-

• Bootstrap Protocol (BOOTP) is a basic protocol that automatically provides

each participant in a network connection with a unique IP address for
identification and authentication as soon as it connects to the network.
• BOOTP uses a unique IP address algorithm to provide each system on the
network with a completely different IP address in a fraction of a second.
• This shortens the connection time between the server and the client. It
starts the process of downloading and updating the source code even with
very little information.
• BOOTP uses a combination of TFTP (Trivial File Transfer Protocol) and UDP
(User Datagram Protocol) to request and receive requests from various
network-connected participants and to handle their responses.
• In a BOOTP connection, the server and client just need an IP address and a
Uses of Bootstrap Protocol :
1.Bootstrap (BOOTP) is primarily required to check the
system on a network the first time you start your computer.
Records the BIOS cycle of each computer on the network to
allow the computer’s motherboard and network manager to
efficiently organize the data transfer on the computer as soon
as it boots up.
2.BOOTP is mainly used in a diskless environment and
requires no media as all data is stored in the network cloud
for efficient use.
3.BOOTP is the transfer of a data between a client and a
server to send and receive requests and corresponding
responses by the networking server.
4.BOOTP supports the use of motherboards and network
managers, so no external storage outside of the cloud
DHCP
Dynamic Host Configuration Protocol(DHCP)
DHCP is the short form of Dynamic Host Configuration
Protocol.
• It works based on client server architecture. There are
DHCP servers and DHCP clients.
• DHCP clients send request to DHCP server when it
opens the web browser. Upon receiving the request,
DHCP server replies the information to the requested
DHCP client.
• Function: It assigns IP addresses to requesting hosts or
clients dynamically on demand basis.
• It uses UDP port number 67 as destination server and
advantages of DHCP:
➨DHCP is easy to implement and does automatic assignment of
IP addresses to requesting clients. Hence manual configuration
time of IP addresses can be reduced.
➨The implementation does not require any additional costs.
➨Duplicate or invalid assignment of IP addresses are prevented.
Hence there is no chance of conflicts in IP addresses.
➨It simplifies administration of the network.
➨It supports multiple scopes e.g. multicast scope, super scope
etc.
➨It has great benefit to mobile users as valid configuration
parameters are automatically obtained from the new network.
disadvantages of DHCP:
➨DHCP server can be single point of failure in networks having only
one configured DHCP server.
➨DHCP packets can not travel across router, Hence relay agent is
necessary to have DHCP server handle all leases on both network
segments.
➨Security: As DHCP server has no secure mechanism for
authentication of the client, it can gain unauthorized access to IP
addresses by presenting credentials such as client identifiers which
belong to other DHCP clients.
➨The machine name does not change when new IP address is
assigned.
➨Client is not able to access the network in the absence of the DHCP
server.