As we mentioned before, the TCP/IP protocol suite contains many protocols. These protocols work together to provide communication, management, diagnostics, and troubleshooting for a network that uses the TCP/IP protocol. In order to understand TCP/IP, it is essential that you understand all of the protocols in the suite. In this section, we examine each of these protocols in detail.
NOTE
For more information on the TCP/IP protocols, see Chapter 3 of the Network+ Study Guide, Fourth Edition.
We will define the purpose, function, and use of each of the protocols in the TCP/IP protocol suite. In addition, we will discuss the TCP/IP protocol layers and define the layer at which each of the protocols operates. We will also discuss how the TCP/IP protocol loosely aligns with the OSI model of communication.
Internet Protocol (IP) is a protocol that is used to transport data from one node on a network to another node. A node can be a computer or a router interface. IP is considered to be a connectionless protocol, which works at the Network layer of the OSI model. Because it is connection-less, it does not establish a session with another computer and does not guarantee the delivery of packets; it only makes an effort to deliver them. To guarantee delivery of packets, a higher-level protocol such as TCP is required.
IP also performs the task of fragmenting and reassembling packets when needed. Fragmentation is sometimes necessary because devices that make up the network have a maximum transmission unit (MTU) size that is smaller than the packet to be delivered. In this case, the packet must be "broken up" into smaller pieces and then reassembled on the other side of the transmission. This is an important role that IP provides for the network.
Probably the most widely known role that IP provides is addressing of packets. IP marks each packet with a source address and a destination address. As we discussed in the section "Identifying Classful IP Ranges and Their Subnet Masks," this IP addressing is essential to the success of network communications.
NOTE
We will discuss more IP addressing functions later in this chapter.
Transmission Control Protocol (TCP) is a connection-oriented protocol that works at the Transport layer of the OSI model. It uses IP as its transport protocol and assists IP by providing a guaranteed mechanism for delivery. TCP requires that a session first be established between two computers before communication can take place. TCP also adds features such as flow control, sequencing, and error detection and correction.
TCP works by a process referred to as a three-way handshake. The TCP three-way handshake works as follows:
TCP sends a short message called a SYN to the target host.
The target host opens a connection for the request and sends back an acknowledgment message called an ACK or SYN ACK.
A similar process is used to close the session when the data exchange is complete. The entire process provides a reliable protocol. TCP extends its reliability by making sure that every packet that it sends is acknowledged. If a packet is not acknowledged within the timeout period, the packet is resent automatically by TCP.
User Datagram Protocol (UDP) also operates at the Transport layer of the OSI model and uses IP as its transport protocol, but UDP does not guarantee delivery of packets. The reason that it doesn't guarantee delivery of packets is that UDP does not establish a session. UDP is instead known as a "fire and forget" protocol because it just assumes that the data sent will reach its destination and does not require acknowledgments. Because of this, UDP is also referred to as a connectionless protocol.
Now, you might be wondering why anyone would want to use UDP instead of TCP. Well, the advantage of UDP is its low overhead in regard to bandwidth and processing effort. Whereas a TCP header has 14 fields of information that have to be processed, a UDP header only has 4 fields. Applications that can handle their own acknowledgments and that do not require the additional features of the TCP protocol might use the UDP protocol to take advantage of the lower overhead. Often, multimedia presentations that are broadcast or multicast onto the network use UDP since they can be monitored to make sure that the packets are being received. Services such as the Domain Name System (DNS) service also take advantage of the lower overhead provided by UDP.
File Transfer Protocol (FTP), as its name indicates, provides for the transfer of files through a network environment. It can be used within an intranet or through the Internet. FTP is more than just a protocol; it is an application as well, and thus FTP works at the Application layer (Layer 7) of the OSI model and uses the TCP protocol as a transport mechanism. FTP allows a user to browse a folder structure on another computer (assuming that the user has been given the permissions to authenticate to the computer) and then to download files from the folders or to upload additional files.
Many organizations use FTP to make files available to the general public and therefore allow users to log onto the FTP server anonymously. In other words, the users do not have to utilize a username and password to authenticate to the server. Since the files are there for the public, the users are allowed to access them without authenticating. Organizations also use FTP to transfer files within an organization. Typically, these servers require authentication by the user, either by supplying an additional username and password or by a pass-through authentication provided by a previous logon such as to Active Directory.
You can use FTP through most browsers and even from a command line, but it is typical for users to purchase a third-party software such CuteFTP or SmartFTP instead. Using FTP to transfer files allows you to transfer much larger files than are generally allowed as an attachment by most ISPs. Using the third-party tool allows you to see that the file was transferred to the intended location. Figure 2.7 shows a connection to the FTP server at Sybex. This is one of the servers to which authors send completed work.
Trivial File Transfer Protocol (TFTP) is similar to FTP in that it allows the transfer of files within a network, but that's where the similarity stops. Whereas FTP allows for the browsing of files and folders on a server, TFTP requires that you know exactly the name of the file that you want to transfer and exactly where to find the file. Also, whereas FTP uses the connection-oriented TCP protocol, TFTP operates at the Application layer (Layer 7) and uses the connectionless UDP protocol. TFTP is most often used for simple downloads such as transferring firm-ware to a network device such as a router or a switch. Its main advantage is its speed, since it does not require the overhead that FTP does.
Simple Mail Transfer Protocol (SMTP) defines how e-mail messages are sent between hosts on a network. You can remember SMTP as "Sending Mail To People." SMTP works at the Application layer (Layer 7) of the OSI model and uses TCP to guarantee error-free delivery of messages to hosts. Since SMTP requires that the destination host always be available, mail systems spool the incoming mail and display it in a user's mailbox so that the user can read it at another time. How the user reads the mail is determined by what protocol he uses to access the SMTP server.
Hypertext Transfer Protocol (HTTP) is the Application layer (Layer 7) protocol that users utilize to browse the World Wide Web. HTTP clients use a browser to make special requests from an HTTP server (web server) that contains the files that they need. The files on the HTTP server are formatted in Hypertext Markup Language (HTML) and are located using a uniform resource locator (URL). The URL contains the type of request being generated (for example http://), the DNS name of the server to which the request is being made, and optionally the path to the file on the server. For example, if you type http://micosoft.com/support in a browser, you will be directed to the Support pages on Microsoft's servers.
One of the disadvantages of using HTTP is that all of the requests are sent in clear text. This means that the communication is not secure and therefore unsuited for web applications such as e-commerce or the exchanging of sensitive or personal information through the Web. For these applications, Hypertext Transfer Protocol Secure (HTTPS) is an Application layer (Layer 7) protocol that provides a more secure solution and that uses Secure Sockets Layer (SSL) to encrypt information sent between the client and the server. In order for HTTPS to operate, both the client and the server must support it. All of the most popular browsers now support HTTPS, as do web server products such as Microsoft Internet Information Server (IIS), Apache, and most other web server applications. To use a URL to access a website using HTTPS and SSL, start with https:// instead of http://—for example, https://partnering.one.microsoft.com/mcpis the page that is used to authenticate Microsoft Certified Professionals to Microsoft's private website.
Post Office Protocol Version 3 (POP3) is one of the protocols used to retrieve mail from SMTP servers. Using POP3, clients connect to the server, authenticate, and then download their mail. Once they have downloaded their mail, they can read it. Typically, the mail is then deleted from the server, although some systems hold a copy of the mail for a period of time specified by an administrator. One of the drawbacks of POP3 authentication is that it is generally performed in clear text. This means that an attacker could sniff your POP3 password off the network as you enter it.
Internet Message Access Protocol Version 4 (IMAP4) is another Application layer (Layer 7) protocol that is used to retrieve mail from SMTP servers, but IMAP4 offers some advantages over POP3. To begin with, IMAP4 provides a more flexible method of handling e-mail. You can read your e-mail on the e-mail server and then determine what you want to download to your own PC. Since the mail can stay in the mailbox on the server, you can retrieve it from any computer that you wish to use, provided that the computer has the software installed to allow you to access the server. Microsoft Hotmail is a good example of an IMAP4 type of service. You can access your Hotmail from any browser. You can then read, answer, and forward mail without the need to download the messages to the computer that you are using. This can be very convenient for users who travel.
Telnet is a virtual terminal protocol that has been used for many years. Originally, Telnet was used to connect "dumb terminals" to mainframe computers. It was also the connection method used by earlier Unix systems. Today, Telnet is still used to access and control network devices such as routers and switches. It operates at the Application and Presentation layers (Layer 6 and Layer 7) of the OSI model.
Telnet can be used for remote control and remote configuration of servers in network environments. The main problem with Telnet for today's environment is that it is not a secure protocol; everything is transmitted in plain text. For this reason, Telnet is being replaced by more secure methods such as Secure Shell and Microsoft's Remote Desktop Connection, which provide encrypted communication.
First developed by SSH Communications Security Ltd., Secure Shell (SSH) is a program that allows you to log in to another computer over a network, execute commands, and move files from one computer to another. SSH provides strong authentication and secure communications over insecure channels. It protects networks from attacks such as IP spoofing, IP source routing, and DNS spoofing. The entire login session is encrypted; therefore, it is almost impossible for an outsider to collect passwords. SSH is available for Windows, Unix, Macintosh, and OS/2, and it also works with RSA authentication. SSH operates at Application and Session layers (Layer 7 and Layer 5) of the OSI model.
Internet Control Message Protocol (ICMP) is a protocol that works at the Network layer (Layer 3) of the OSI model. ICMP provides error checking and reporting functionality. Although it provides many functions, the most commonly known is the ping utility provided by ICMP. The ping utility is most often used for troubleshooting. In a typical "ping scenario," an administrator uses a hosts command line and the ping utility to send a stream of packets called an echo request to another host. When the destination host receives the packets, ICMP sends back a stream of packets referred to as an echo reply. This confirms that the connection between the two hosts is configured properly and that the TCP/IP protocol is operational.
ICMP can also send back a message such as "Destination Host Unreachable" or "Time Exceeded." The former is sent when the host cannot be located on the network, and the latter is sent when the packets have exceeded the timeout period specified by TCP. Still another function of ICMP is the sending of source quench messages. These messages are sent by ICMP when the flow of data from the source is larger than that which can be processed properly and quickly by the destination. A source quench message tells the system to slow down and therefore prevents the resending of many data packets.
Address Resolution Protocol (ARP) is a protocol that works at the Network layer of the OSI model. It is used to resolve IP addresses to MAC addresses. This is an extremely important function, since the only real physical address that a computer has is its MAC address; therefore, all communication will have to contain a MAC address before it can be delivered to the host. This is accomplished in a series of steps as follows:
A computer addresses a packet to another host using an IP address.
Routers use the IP address to determine whether the destination address is in their network or on another network.
When the router that is responsible for the network that contains the destination address receives the packet, it checks the ARP cache to determine if there is an entry that resolves the IP address to a MAC address. If there is an entry, it uses the MAC address contained in the entry to address the packet to its final destination.
If there is no entry in the ARP cache, the router resolves the IP address to a MAC address by using ARP to broadcast onto the local network. It asks the computer with the IP address contained in the destination address of the packet to respond with its MAC address. The router also gives the computer its own MAC address to use for the response.
The broadcast is "heard" by all of the computers in the local network, but it will only be responded to by the computer that has the correct IP address. All other computers will only process the request to the point that they determine that it is not for them.
The computer that is configured with the IP address in question responds with its MAC address.
The router addresses the packet with the MAC address and delivers it to its final destination.
NOTE
In Chapter 4, "Domain 4 Network Support," we will discuss the arp utility that you can use to examine and control the ARP cache.
Reverse Address Resolution Protocol (RARP), as its name implies, is the opposite of ARP. RARP resolves a MAC address to an IP address. RARP was first used by diskless workstations to obtain an IP address from a server before DHCP servers were available. It simply presented its MAC address and was given an IP address based on its MAC address. RARP is sometimes used as a very rudimentary form of security on applications.
Network Time Protocol (NTP) is a protocol that works at the Application layer of the OSI model and synchronizes time between computers in a network. In today's distributed networks, ensuring that the time is synchronized between clients and servers is essential. Authentication protocols such as the Kerberos protocol used with Microsoft's Active Directory use keys that are valid for only about five minutes. If a client and a server are not synchronized, the keys could be invalid the very second that they are issued. In many of today's networks, an authoritative time source such as the Internet is first used and configured onto a time server (perhaps a domain controller), then that server uses NTP to synchronize time with other computers in the network. Some computers may be a receiver of the correct time as well as a sender of the time to other computers in the network.
Network News Transport Protocol (NNTP) runs at the Application layer and is used to connect computers to newsgroup servers that use the Usenet system. (Usenet is a worldwide bulletin board system that can be accessed through the Internet or through many online services.) NNTP replaced the original UUCP protocol.
Secure Copy Protocol (SCP) runs at the Application layer and is used to copy files securely within a network or between networks. SCP is often used in high-security networks.
Lightweight Directory Access Protocol (LDAP) is a set of protocols for accessing information directories. It is based on the standards within the X.500 standard, but it is significantly simpler. LDAP also supports TCP/IP, so it has become the standard for Windows Active Directory. LDAP operates at the Session layer (Layer 5) of the OSI model.
Internet Group Multicast Protocol (IGMP) is the standard for IP multicasting on intranets. It is used to establish host memberships in multicast groups on a single network. The mechanisms of the protocol allow a host to inform its local router, using Host Memberships Reports, that it wants to receive messages addressed to a specific multicast group. IGMP operates at the network layer (Layer 3) of the OSI model.
Line Printer Daemon/Line Printer Remote (LPD/LPR) is a printer protocol that operates at the Session layer (Layer 5) and uses TCP/IP to establish connections between computers and print-ers on a network. The technology was first developed for use with Unix and has since become the de facto cross-platform printing protocol. The LPD software is typically stored in the printer or print server. The LPR software must be installed on the client computer. The LPR software sends a print request to the LPD printer/server, which in turn queues the file and prints it as soon as the printer is available.
Table 2.7 highlights the main characteristics of each of the protocols that we discussed.
Know the purpose of each of the protocols in the TCP/IP protocol suite. You should know the general purpose for each of the protocols in the TCP/IP protocol suite. In addition, you should understand how the protocols work together.
Describe the function of each of the protocols in the TCP/IP protocol suite. You should know the function for each of the protocols in the TCP/IP protocol suite. In addition, you should know the level of the OSI model at which each protocol functions.
Explain how each of the protocols in the TCP/IP protocol suite is used. You should know the general use of each of the protocols in the TCP/IP protocol suite. In addition, you should understand how some of the protocols work together with other protocols.
18.118.142.166