2.10. Using Protocols in the TCP/IP Suite

As we mentioned before, the TCP/IP protocol suite contains many protocols. These protocols work together to provide communication, management, diagnostics, and troubleshooting for a network that uses the TCP/IP protocol. In order to understand TCP/IP, it is essential that you understand all of the protocols in the suite. In this section, we examine each of these protocols in detail.

2.10.1. Critical Information

We will define the purpose, function, and use of each of the protocols in the TCP/IP protocol suite. In addition, we will discuss the TCP/IP protocol layers and define the layer at which each of the protocols operates. We will also discuss how the TCP/IP protocol loosely aligns with the OSI model of communication.

2.10.1.1. Internet Protocol (IP)

Internet Protocol (IP) is a protocol that is used to transport data from one node on a network to another node. A node can be a computer or a router interface. IP is considered to be a connectionless protocol, which works at the Network layer of the OSI model. Because it is connection-less, it does not establish a session with another computer and does not guarantee the delivery of packets; it only makes an effort to deliver them. To guarantee delivery of packets, a higher-level protocol such as TCP is required.

IP also performs the task of fragmenting and reassembling packets when needed. Fragmentation is sometimes necessary because devices that make up the network have a maximum transmission unit (MTU) size that is smaller than the packet to be delivered. In this case, the packet must be "broken up" into smaller pieces and then reassembled on the other side of the transmission. This is an important role that IP provides for the network.

Probably the most widely known role that IP provides is addressing of packets. IP marks each packet with a source address and a destination address. As we discussed in the section "Identifying Classful IP Ranges and Their Subnet Masks," this IP addressing is essential to the success of network communications.

2.10.1.2. Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP) is a connection-oriented protocol that works at the Transport layer of the OSI model. It uses IP as its transport protocol and assists IP by providing a guaranteed mechanism for delivery. TCP requires that a session first be established between two computers before communication can take place. TCP also adds features such as flow control, sequencing, and error detection and correction.

TCP works by a process referred to as a three-way handshake. The TCP three-way handshake works as follows:

A similar process is used to close the session when the data exchange is complete. The entire process provides a reliable protocol. TCP extends its reliability by making sure that every packet that it sends is acknowledged. If a packet is not acknowledged within the timeout period, the packet is resent automatically by TCP.

2.10.1.3. User Datagram Protocol (UDP)

User Datagram Protocol (UDP) also operates at the Transport layer of the OSI model and uses IP as its transport protocol, but UDP does not guarantee delivery of packets. The reason that it doesn't guarantee delivery of packets is that UDP does not establish a session. UDP is instead known as a "fire and forget" protocol because it just assumes that the data sent will reach its destination and does not require acknowledgments. Because of this, UDP is also referred to as a connectionless protocol.

Now, you might be wondering why anyone would want to use UDP instead of TCP. Well, the advantage of UDP is its low overhead in regard to bandwidth and processing effort. Whereas a TCP header has 14 fields of information that have to be processed, a UDP header only has 4 fields. Applications that can handle their own acknowledgments and that do not require the additional features of the TCP protocol might use the UDP protocol to take advantage of the lower overhead. Often, multimedia presentations that are broadcast or multicast onto the network use UDP since they can be monitored to make sure that the packets are being received. Services such as the Domain Name System (DNS) service also take advantage of the lower overhead provided by UDP.

2.10.1.4. File Transfer Protocol (FTP)

File Transfer Protocol (FTP), as its name indicates, provides for the transfer of files through a network environment. It can be used within an intranet or through the Internet. FTP is more than just a protocol; it is an application as well, and thus FTP works at the Application layer (Layer 7) of the OSI model and uses the TCP protocol as a transport mechanism. FTP allows a user to browse a folder structure on another computer (assuming that the user has been given the permissions to authenticate to the computer) and then to download files from the folders or to upload additional files.

Many organizations use FTP to make files available to the general public and therefore allow users to log onto the FTP server anonymously. In other words, the users do not have to utilize a username and password to authenticate to the server. Since the files are there for the public, the users are allowed to access them without authenticating. Organizations also use FTP to transfer files within an organization. Typically, these servers require authentication by the user, either by supplying an additional username and password or by a pass-through authentication provided by a previous logon such as to Active Directory.

You can use FTP through most browsers and even from a command line, but it is typical for users to purchase a third-party software such CuteFTP or SmartFTP instead. Using FTP to transfer files allows you to transfer much larger files than are generally allowed as an attachment by most ISPs. Using the third-party tool allows you to see that the file was transferred to the intended location. Figure 2.7 shows a connection to the FTP server at Sybex. This is one of the servers to which authors send completed work.

2.10.1.5. Trivial File Transfer Protocol (TFTP)

Trivial File Transfer Protocol (TFTP) is similar to FTP in that it allows the transfer of files within a network, but that's where the similarity stops. Whereas FTP allows for the browsing of files and folders on a server, TFTP requires that you know exactly the name of the file that you want to transfer and exactly where to find the file. Also, whereas FTP uses the connection-oriented TCP protocol, TFTP operates at the Application layer (Layer 7) and uses the connectionless UDP protocol. TFTP is most often used for simple downloads such as transferring firm-ware to a network device such as a router or a switch. Its main advantage is its speed, since it does not require the overhead that FTP does.

2.10.1.6. Simple Mail Transfer Protocol (SMTP)

Simple Mail Transfer Protocol (SMTP) defines how e-mail messages are sent between hosts on a network. You can remember SMTP as "Sending Mail To People." SMTP works at the Application layer (Layer 7) of the OSI model and uses TCP to guarantee error-free delivery of messages to hosts. Since SMTP requires that the destination host always be available, mail systems spool the incoming mail and display it in a user's mailbox so that the user can read it at another time. How the user reads the mail is determined by what protocol he uses to access the SMTP server.

2.10.1.7. Hypertext Transfer Protocol (HTTP)

Hypertext Transfer Protocol (HTTP) is the Application layer (Layer 7) protocol that users utilize to browse the World Wide Web. HTTP clients use a browser to make special requests from an HTTP server (web server) that contains the files that they need. The files on the HTTP server are formatted in Hypertext Markup Language (HTML) and are located using a uniform resource locator (URL). The URL contains the type of request being generated (for example http://), the DNS name of the server to which the request is being made, and optionally the path to the file on the server. For example, if you type http://micosoft.com/support in a browser, you will be directed to the Support pages on Microsoft's servers.

2.10.1.8. Hypertext Transfer Protocol Secure (HTTPS)

One of the disadvantages of using HTTP is that all of the requests are sent in clear text. This means that the communication is not secure and therefore unsuited for web applications such as e-commerce or the exchanging of sensitive or personal information through the Web. For these applications, Hypertext Transfer Protocol Secure (HTTPS) is an Application layer (Layer 7) protocol that provides a more secure solution and that uses Secure Sockets Layer (SSL) to encrypt information sent between the client and the server. In order for HTTPS to operate, both the client and the server must support it. All of the most popular browsers now support HTTPS, as do web server products such as Microsoft Internet Information Server (IIS), Apache, and most other web server applications. To use a URL to access a website using HTTPS and SSL, start with https:// instead of http://—for example, https://partnering.one.microsoft.com/mcpis the page that is used to authenticate Microsoft Certified Professionals to Microsoft's private website.

2.10.1.9. Post Office Protocol Version 3 (POP3)

Post Office Protocol Version 3 (POP3) is one of the protocols used to retrieve mail from SMTP servers. Using POP3, clients connect to the server, authenticate, and then download their mail. Once they have downloaded their mail, they can read it. Typically, the mail is then deleted from the server, although some systems hold a copy of the mail for a period of time specified by an administrator. One of the drawbacks of POP3 authentication is that it is generally performed in clear text. This means that an attacker could sniff your POP3 password off the network as you enter it.

2.10.1.10. Internet Message Access Protocol Version 4 (IMAP4)

Internet Message Access Protocol Version 4 (IMAP4) is another Application layer (Layer 7) protocol that is used to retrieve mail from SMTP servers, but IMAP4 offers some advantages over POP3. To begin with, IMAP4 provides a more flexible method of handling e-mail. You can read your e-mail on the e-mail server and then determine what you want to download to your own PC. Since the mail can stay in the mailbox on the server, you can retrieve it from any computer that you wish to use, provided that the computer has the software installed to allow you to access the server. Microsoft Hotmail is a good example of an IMAP4 type of service. You can access your Hotmail from any browser. You can then read, answer, and forward mail without the need to download the messages to the computer that you are using. This can be very convenient for users who travel.

2.10.1.11. Telnet

Telnet is a virtual terminal protocol that has been used for many years. Originally, Telnet was used to connect "dumb terminals" to mainframe computers. It was also the connection method used by earlier Unix systems. Today, Telnet is still used to access and control network devices such as routers and switches. It operates at the Application and Presentation layers (Layer 6 and Layer 7) of the OSI model.

Telnet can be used for remote control and remote configuration of servers in network environments. The main problem with Telnet for today's environment is that it is not a secure protocol; everything is transmitted in plain text. For this reason, Telnet is being replaced by more secure methods such as Secure Shell and Microsoft's Remote Desktop Connection, which provide encrypted communication.

2.10.1.12. Secure Shell (SSH)

First developed by SSH Communications Security Ltd., Secure Shell (SSH) is a program that allows you to log in to another computer over a network, execute commands, and move files from one computer to another. SSH provides strong authentication and secure communications over insecure channels. It protects networks from attacks such as IP spoofing, IP source routing, and DNS spoofing. The entire login session is encrypted; therefore, it is almost impossible for an outsider to collect passwords. SSH is available for Windows, Unix, Macintosh, and OS/2, and it also works with RSA authentication. SSH operates at Application and Session layers (Layer 7 and Layer 5) of the OSI model.

2.10.1.13. Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) is a protocol that works at the Network layer (Layer 3) of the OSI model. ICMP provides error checking and reporting functionality. Although it provides many functions, the most commonly known is the ping utility provided by ICMP. The ping utility is most often used for troubleshooting. In a typical "ping scenario," an administrator uses a hosts command line and the ping utility to send a stream of packets called an echo request to another host. When the destination host receives the packets, ICMP sends back a stream of packets referred to as an echo reply. This confirms that the connection between the two hosts is configured properly and that the TCP/IP protocol is operational.

ICMP can also send back a message such as "Destination Host Unreachable" or "Time Exceeded." The former is sent when the host cannot be located on the network, and the latter is sent when the packets have exceeded the timeout period specified by TCP. Still another function of ICMP is the sending of source quench messages. These messages are sent by ICMP when the flow of data from the source is larger than that which can be processed properly and quickly by the destination. A source quench message tells the system to slow down and therefore prevents the resending of many data packets.

2.10.1.14. Address Resolution Protocol (ARP)

Address Resolution Protocol (ARP) is a protocol that works at the Network layer of the OSI model. It is used to resolve IP addresses to MAC addresses. This is an extremely important function, since the only real physical address that a computer has is its MAC address; therefore, all communication will have to contain a MAC address before it can be delivered to the host. This is accomplished in a series of steps as follows:

2.10.1.15. Reverse Address Resolution Protocol (RARP)

Reverse Address Resolution Protocol (RARP), as its name implies, is the opposite of ARP. RARP resolves a MAC address to an IP address. RARP was first used by diskless workstations to obtain an IP address from a server before DHCP servers were available. It simply presented its MAC address and was given an IP address based on its MAC address. RARP is sometimes used as a very rudimentary form of security on applications.

2.10.1.16. Network Time Protocol (NTP)

Network Time Protocol (NTP) is a protocol that works at the Application layer of the OSI model and synchronizes time between computers in a network. In today's distributed networks, ensuring that the time is synchronized between clients and servers is essential. Authentication protocols such as the Kerberos protocol used with Microsoft's Active Directory use keys that are valid for only about five minutes. If a client and a server are not synchronized, the keys could be invalid the very second that they are issued. In many of today's networks, an authoritative time source such as the Internet is first used and configured onto a time server (perhaps a domain controller), then that server uses NTP to synchronize time with other computers in the network. Some computers may be a receiver of the correct time as well as a sender of the time to other computers in the network.

2.10.1.17. Network News Transport Protocol (NNTP)

Network News Transport Protocol (NNTP) runs at the Application layer and is used to connect computers to newsgroup servers that use the Usenet system. (Usenet is a worldwide bulletin board system that can be accessed through the Internet or through many online services.) NNTP replaced the original UUCP protocol.

2.10.1.18. Secure Copy Protocol (SCP)

Secure Copy Protocol (SCP) runs at the Application layer and is used to copy files securely within a network or between networks. SCP is often used in high-security networks.

2.10.1.19. Lightweight Directory Access Protocol (LDAP)

Lightweight Directory Access Protocol (LDAP) is a set of protocols for accessing information directories. It is based on the standards within the X.500 standard, but it is significantly simpler. LDAP also supports TCP/IP, so it has become the standard for Windows Active Directory. LDAP operates at the Session layer (Layer 5) of the OSI model.

2.10.1.20. Internet Group Multicast Protocol (IGMP)

Internet Group Multicast Protocol (IGMP) is the standard for IP multicasting on intranets. It is used to establish host memberships in multicast groups on a single network. The mechanisms of the protocol allow a host to inform its local router, using Host Memberships Reports, that it wants to receive messages addressed to a specific multicast group. IGMP operates at the network layer (Layer 3) of the OSI model.

2.10.1.21. Line Printer Daemon/Line Printer Remote (LPD/LPR)

Line Printer Daemon/Line Printer Remote (LPD/LPR) is a printer protocol that operates at the Session layer (Layer 5) and uses TCP/IP to establish connections between computers and print-ers on a network. The technology was first developed for use with Unix and has since become the de facto cross-platform printing protocol. The LPD software is typically stored in the printer or print server. The LPR software must be installed on the client computer. The LPR software sends a print request to the LPD printer/server, which in turn queues the file and prints it as soon as the printer is available.

Table 2.7 highlights the main characteristics of each of the protocols that we discussed.

Table 2.7. Characteristics of Protocols in the TCP/IP Protocol Suite

	Purpose	Function	Use
IP	Responsible for flow control and error recovery.	Waits for receipt of acknowledgments from the destination that packets have been delivered without errors. Resends packets that are not acknowledged within a specified time frame. Works at the Transport layer (Layer 4) of the TCP/IP suite.	Works by a process of a threeway handshake. Sends SYN messages and waits for an ACK response.
UDP	Broadcasts packets through a network making a "best effort" to deliver them to the destination	Connectionless protocol. Works at the Transport layer (Layer 4) of the OSI model.	Used for applications that can provide their own acknowledgments or that can be monitored, such as multimedia over the Internet.
FTP	Provides the rules of behavior for transferring files through an intranet or over the Internet.	Works at the Application layer (Layer 7) of the OSI model. Provides a protocol as well as an application for transferring files.	Used to browse file structures on a remote computer and to transfer files between computers in intranets and on the Internet.
TFTP	Provides for transferring files within a network.	Connectionless protocol that works at the Application layer (Layer 7) of the OSI model. Uses UDP for low overhead without a guarantee of delivery.	Typically used for simple file transfers such as those between a computer and a router or a switch for management purposes.
SMTP	Provides for the delivery of mail messages within a network or between networks.	Works at the Application layer (Layer 7) of the OSI model and uses TCP to guarantee delivery of mail to remote hosts.	Typically used to transfer email messages within a network and between networks.
HTTP	Provides for browsing services for the World Wide Web.	Works at the application layer (Layer 7) of the OSI model and uses provides access to files on web servers through the use of URLs to pages that are formatted with HTML.	Typically used to browse information on the many servers that interconnect the World Wide Web.
HTTPS	Provides for access to resources on the Internet in a secure fashion.	Works at the Application layer (Layer 7) of the OSI model and uses SSL to encrypt data traffic so communications on the Internet can remain secure.	Used for Internet communications that must remain secure, such as banking, e-commerce, and medical transactions.
POP3	Allows the storage and retrieval of user e-mail on servers. Allows users to access and download e-mail from servers.	Works at the Application layer (Layer 7) of the OSI model. Users can connect to the server and download messages to a client. The messages can then be read off the client.	Used for many e-mail applications. Users can check their e-mail boxes and download messages that have been placed in them.
IMAP4	Allows the storage and retrieval of user e-mail on servers. Allows users to access e-mail on servers and either read the e-mail on the server or download the e-mail to the client to read it.	Works at the Application layer (Layer 7) of the OSI model. Allows a user to read messages on an email server without having to download the messages off the server.	Typically, this method of e-mail retrieval is very convenient for users who travel and therefore might access their e-mail from more than one location. The mail remains on the server until they delete it, so they can gain access to it from multiple locations.
SSH	Provides the capability to log onto a computer remotely, execute commands, and move files in a secure and encrypted environment.	Works at the Application layer (Layer 7) of the OSI model. Provides for a secure logon and a secure environment in which to execute commands.	Typically used to manage servers from clients and to move sensitive files from one server to another within the same network or between networks.
CIMP	Provides error checking and reporting functionality.	Works at the Network layer (Layer 4) of the OSI model. Provides background services that can be used to provide information to an administrator and to request a "quench" of the information flow in the network.	Typically used as part of the ping tool to test network connectivity. Can send back an echo reply when an echo request message is sent to it. Can also send back a message such as "Destination Host Unreachable" and "Time Exceeded" when the connection to the pinged host is not possible.
ARP	Resolves IP addresses to MAC addresses.	Works at the Network layer (Layer 4) of the OSI model. Includes a cache that is checked first. If the entry is not found in the cache, then ARP uses a broadcast to determine the MAC address of the client.	Typically used by the system as a background service, but also includes a utility that can be used for troubleshooting.
RARP	Resolves IP addresses to MAC addresses.	Works at the Network layer (Layer 4) of the OSI model. It assigns an IP address when presented with a MAC address.	Used with diskless workstations to automatically assign an IP address. Also sometimes used as very rudimentary security for computer authentication.
NTP	Synchronizes time between computers in a network.	Works at the Application layer (Layer 7) of OSI model. Can synchronize time between clients and servers.	Used to synchronize time to assure that authentication protocols such as the Kerberos protocol work properly and that applications that require collaboration operate properly.
NNTP	Provides access to Usenet newsgroups on news servers.	Works at the Application layer of the TCP/IP suite. Provides a set of standards for accessing and opening news articles on a Usenet-based news server.	Typically used by individuals and organizations to research information about a variety of topics. News servers do not provide for "browsing" but instead just provide lists of articles for specified topic.
SCP	Provides the capability to copy and transfer files securely in a network.	Works at the Application layer (Layer 7) of the OSI model. Provides the capability to transfer or copy files within a network while keeping them encrypted and secure.	Typically used to transfer and/or copy files within a high-security network.
LDAP	Provides a service to access directories.	Based on the X.500 standard of Directory Access Protocols, but much simpler. It works at the Application layer (Layer 7) of the OSI model.	Used as the basis for network directory services such as Windows Active Directory and Novell Directory Services.
IGMP	Provides a standard for multicasting on an intranet.	Allows a host to inform its local router, using Host Memberships Reports, that it wants to receive messages addressed to a specific multicast group. It works at the Network layer (Layer 4) of the OSI model.	Used to establish host memberships in multicast groups on a single network.
LPD/LPR	A printer protocol that uses TCP/IP to provide connections between computers and printers.	LPD software is stored in the printer or print server while LPR software must be installed on the client computer. The LPR software sends a print request to the LPD printer/server, which in turn queues the file and prints it as soon as the printer is available. These protocols work at the Application layer (Layer 7) of the OSI model.	Originally developed for Unix, LPD/LPR has now become the de facto standard for TCP/IPbased printing. Many OSs use this protocol to "capture" a printer and configure a server or client to print to it.

2.10.2. Exam Essentials

Know the purpose of each of the protocols in the TCP/IP protocol suite. You should know the general purpose for each of the protocols in the TCP/IP protocol suite. In addition, you should understand how the protocols work together.

Describe the function of each of the protocols in the TCP/IP protocol suite. You should know the function for each of the protocols in the TCP/IP protocol suite. In addition, you should know the level of the OSI model at which each protocol functions.

Explain how each of the protocols in the TCP/IP protocol suite is used. You should know the general use of each of the protocols in the TCP/IP protocol suite. In addition, you should understand how some of the protocols work together with other protocols.