Sams Teach Yourself TCP/IP Network Administration in 21 Days

Overview

In just 21 days, you'll have all the skills you need to configure and administer the TCP/IP suite of protocols on your network. With this complete tutorial, you'll master the essentials of the protocol suite and then move on to the more advanced features and concepts. Understand the driving force behind the evolution of the Internet - TCP/IP. Master all of the advanced concepts required to administer a TCP/IP network. Learn how to effectively use the tools and features of the TCP/IP protocol suite by following ...
See more details below
Available through our Marketplace sellers.
Other sellers (Paperback)
  • All (20) from $1.99   
  • New (4) from $4.95   
  • Used (16) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$4.95
Seller since 2011

Feedback rating:

(7)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
Indianapolis, Ind. 1998 Trade paperback New. xvii, 606 p. : ill.; 24 cm. Includes Illustrations. Includes index. n ice copy new flat perfect

Ships from: brentwood, TN

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$14.50
Seller since 2011

Feedback rating:

(3)

Condition: New
"new condition, not use"

Ships from: Murphy, TX

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
$60.00
Seller since 2014

Feedback rating:

(136)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
$60.00
Seller since 2014

Feedback rating:

(136)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by
Sending request ...

Overview

In just 21 days, you'll have all the skills you need to configure and administer the TCP/IP suite of protocols on your network. With this complete tutorial, you'll master the essentials of the protocol suite and then move on to the more advanced features and concepts. Understand the driving force behind the evolution of the Internet - TCP/IP. Master all of the advanced concepts required to administer a TCP/IP network. Learn how to effectively use the tools and features of the TCP/IP protocol suite by following practical, real-world examples. Get expert tips from a leading authority on implementing, installing, and managing TCP/IP.
Read More Show Less

Product Details

  • ISBN-13: 9780672312502
  • Publisher: Sams
  • Publication date: 7/28/1998
  • Series: Sams Teach Yourself Series
  • Edition number: 1
  • Pages: 624
  • Product dimensions: 7.39 (w) x 9.13 (h) x 1.44 (d)

Read an Excerpt

Day 3: The TCP/IP Layer Model and the Core Protocols of the TCP/IP Suite

Today's material can be split into two separate sections: the TCP/IP layer model and the core protocols of the TCP/IP protocol suite. First you will compare the TCP/IP layer model to the OSI model so you can determine how TCP/IP varies from the OSI layer model. You then will examine the protocols used at each IP layer. The following protocols are discussed:

  • Address Resolution Protocol (ARP)
  • Internet Protocol (IP)
  • Internet Control Message Protocol (ICMP)
  • Internet Gateway Message Protocol (IGMP)
  • Transmission Control Protocol (TCP)
  • Universal Datagram Protocol (UDP)
The discussion of these protocols provides more in-depth information about the functionality provided by each layer of the TCP/IP layer model. It also clarifies how each layer interacts with the layers above and below it.

The TCP/IP Layer Model

The TCP/IP layer model is based on a four-layered network (see Figure 3.1).

FIGURE 3.1. The TCP/IP four-layer model.

Within the four layers, specific boundaries are observed. In the Network Interface layer, only physical MAC addresses are used for address resolution. Even when an interface does not have a physical address—as is the case with a modem—a logical physical address is used. Modems are commonly used to connect to networks, yet they do not have a physical MAC address. When a modem connects to the network, a logical address is assigned to the modem so communication can take place.

In the Internet layer, logical IP addresses are mapped to the physical MAC addresses. Each host in a TCP/IPinternetwork is assigned a unique IP address. This address identifies hosts and identifies the subnetwork on which a host resides.

All protocols used in the transport and Internet layers are provided by the operating system. Applications do not have to provide their own transport or internetworking protocols. This makes it easier for applications to be deployed on different operating systems. The application only has to interface with either TCP or UDP as a transport protocol.

All protocols and software used in the application layer are application dependent. You can switch the underlying protocols, and many of the applications will continue to operate. You can, for example, use the Microsoft TCP/IP stack on your Windows 95 client and use an FTP client. You can just as easily replace the TCP/IP stack with the Net Chameleon IP stack. Your application will still operate in this environment because the FTP software functions beyond the operating system. It interfaces with whatever TCP/IP protocol stack is used. This concept is known as boundary layers. A new protocol at any of the four layers of the TCP/IP model only needs to interact with the layer immediately above or below the level in which it functions.

The following sections go into more detail about the processes completed in each layer of the TCP/IP layer model.

The Network Interface Layer

The network layer merges outgoing frames on the wire and pulls incoming frames off the wire. The format used by these frames depends on the network topology implemented. P The network layer adds a preamble at the beginning of the frame and adds a cyclical redundancy check (CRC) to ensure that the data is not corrupted in transit. When the frame arrives at the destination, the CRC value is recalculated to determine whether the data has been corrupted in transit. If the frame arrives intact, it is passed up the network layer model. If the frame is corrupted, it is discarded at this point.

ISSUES WITH FRAME TYPES
On a single network segment, all hosts must use the same frame type for communication to occur. Multiple frame types can be run on a single network segment, but only hosts with same frame types can actually communicate.

The Internet Layer

The Internet layer provides three primary functions: addressing, packaging, and routing. The Internet Protocol (IP) resides in this layer of the TCP/IP protocol layer suite. IP provides connectionless, non-guaranteed delivery of information. This means the IP protocol does not perform any checks or measures to make sure the information has been received successfully by the destination host. Packets could be lost or could arrive out of order.

When information arrives from the transport layer, the IP protocol adds a header to the information. The header includes the following information:

  • Source IP address. This is the IP address assigned to the sending host.
  • Destination IP address. This is the IP address assigned to the target host.
  • Transport protocol. The protocol used by the transport layer is stored within the IP header. This way, when the datagram arrives at the host system, the Internet layer knows whether to transfer the datagram using the TCP or UDP protocols.
  • Checksum. This ensures that the data arriving at this layer has not been corrupted in transit.
  • Time-to-live (TTL). Each time the datagram crosses a router, the TTL is decreased by a value of at least one. When the TTL reaches a value of zero, the datagram is dropped from the network.

The Internet Layer also determines how to route a datagram to a destination host. If it is determined that the destination IP host is on the same network segment, the datagram is sent directly to the target host. If IP determines that the destination host is located on a remote network segment, IP uses the source host's routing table to determine the best route to reach the network on which the remote host is located. If there is not an explicit route in the routing table, the source host uses its default gateway to send the datagram to the remote host.

DEFAULT GATEWAYS
The default gateway is the preferred router a host uses to route traffic to remote network segments.

Other processes that occur in the Internet layer are fragmentation and reassembly. Sometimes, when information is transferred between network segments, the network segments might not use the same network topology. The recipient's network topology cannot work with the same datagram size as the sending host's network. In this case, IP breaks data into smaller pieces. When the data is received at the destination host, the smaller pieces are re-assembled into the original data packet. When the data is broken up, the following information is appended in each separate packet:

  • Flag. The fragment flag bit in the IP header of each packet fragment is set to designate that the data has been fragmented. On the last packet fragment, the flag bit is not set because no more fragments follow.
  • Fragment ID. When a datagram is broken into smaller pieces, the fragment ID identifies all the pieces of the original datagram. This information is used by the client to reassemble the datagram.
  • Fragment offset. When the smaller pieces are reassembled into a single datagram, the fragment offset determines the order in which the fragments should be reassembled.

The Transport Layer

The transport layer provides end-to-end communication between hosts using ports. The following two protocols are provided in the TCP/IP layer model to transport data:

Transmission Control Protocol (TCP)

Universal Datagram Protocol (UDP)

TCP provides connection-oriented communication on a TCP/IP network. When two hosts communicate using the TCP protocol, a session must be established between the two hosts. This is so each host can determine the next sequence number the other host will be using. A TCP connection provides a level of reliability. Transmissions use sequence numbers and acknowledgments to make sure the destination host successfully receives the data. If a destination host does not receive a specific segment, it can request that the source host resend the packet (see Figure 3.2).

FIGURE 3.2. TCP uses sequence numbers to ensure delivery.

In Figure 3.2, the host on the left has segmented a data package into five segments. It sends segments 1 and 2 to the host on the right. When the host on the right receives the fragments, it acknowledges their receipt. The host on the left then sends the next two fragments (fragments 3 and 4). For whatever reason, the host on the right receives only the third fragment. When it sends the acknowledgment, it only acknowledges the receipt of fragment 3. The host on the left resends fragment 4 and also sends fragment 5. Upon receipt, the receiving host acknowledges both fragments. Now it can reassemble the data into its original format. The TCP protocol is covered in depth on Day 5. Topics discussed include the TCP three-way handshake and the use of sliding windows in TCP data transmissions.

A UDP protocol provides connection-less service. It is not guaranteed that the destination host will receive the information. Applications that use UDP are on their own to make sure data is successfully delivered to the recipient host. The only protection you have in a UDP packet is that there is a checksum value within its header. The checksum makes sure the data was not corrupted in transit.

A common analogy used when comparing the TCP and UDP protocols is the post office versus a courier service. The post office is much like the UDP protocol. When you place a letter to your friend in the mailbox, it is not guaranteed that the mail will get to them. Most of the time it reaches them successfully. When you must make sure that a business associate receives a package, however, you are not going to use a typical mail service. Instead, you use a courier service to make sure the business associate receives the package in a predetermined amount of time. Along the way, you can check the progress of the package. When the business associate receives the package, he acknowledges its receipt by signing for the package.

Just as it costs more to use a courier service rather than the post office, there is additional cost on the network when using the TCP protocol. Periodically, the recipient host must send an acknowledgment that it has received the last transmissions successfully. The sending host often waits for an acknowledgment before it continues to send data.

You, as a network administrator, do not have a choice which transport protocol to implement. This is determined by the higher-level application using the transport protocol. Many applications use TCP so they do not have to provide reliable data transport. The TCP protocol can handle reliable transmission of data using sequence numbers and acknowledgments. An application that uses UDP has to ensure reliability on its own.

The Application Layer

Network-based applications function on the application layer in the TCP/IP layer model. Network-based applications refers to applications that connect to or communicate with remote network hosts. Network applications that run on a TCP/IP network generally fit into one of two categories: ... FIGURE 3.7. The ICMP packet structure....

Read More Show Less

Table of Contents

1 The History of the Internet 1
2 Network Types and Open Systems Architecture 15
3 The TCP/IP Layer Model and the Core Protocols of the TCP/IP Suite 39
4 Internet Protocol (IP) Addresses 61
5 Transport Control Protocol (TCP) and User Datagram Protocol (UDP) 75
6 The Art of Subnet Masking 99
7 Resolution of IP Addresses and Logical Names 125
8 Configuring Domain Name Servers 155
9 Gateway and Routing Protocols 185
10 Auto Configuration of Hosts Using RARP, BOOTP, and Dynamic Host Configuration Protocol (DHCP) 217
11 Remote Command Applications 237
12 File Transfer Protocols 257
13 Electronic Mail over TCP/IP 285
14 Managing a Network 311
15 Dial-Up Networking Using TCP/IP 345
16 Firewalls and Security 363
17 NIS and NFS 383
18 IP over ATM and Configuring NetBIOS Name Servers 399
19 Configuring Network Servers to Use TCP/IP 417
20 Configuring Client Software 451
21 Future Applications of TCP/IP 475
App. A: RFC Reference 495
App. B: Answers to End of Day Test Your Knowledge Questions 519
App. C: Glossary of Terms 547
Index 577
Read More Show Less

First Chapter










[Figures are not included in this sample chapter]


Teach Yourself TCP/IP Network Administration in 21 Days


Day 3

The TCP/IP Layer Model and the Core Protocols of the TCP/IP Suite


Today's material can be split into two separate sections: the TCP/IP layer model
and the core protocols of the TCP/IP protocol suite. First you will compare the TCP/IP
layer model to the OSI model so you can determine how TCP/IP varies from the OSI
layer model. You then will examine the protocols used at each IP layer. The following
protocols are discussed:


  • Address Resolution Protocol (ARP)


  • Internet Protocol (IP)


  • Internet Control Message Protocol (ICMP)


  • Internet Gateway Message Protocol (IGMP)


  • Transmission Control Protocol (TCP)


  • Universal Datagram Protocol (UDP)

The discussion of these protocols provides more in-depth information about the
functionality provided by each layer of the TCP/IP layer model. It also clarifies
how each layer interacts with the layers above and below it.

The TCP/IP Layer Model


The TCP/IP layer model is based on a four-layered network (see Figure 3.1).


FIGURE 3.1. The TCP/IP four-layer model.


Within the four layers, specific boundaries are observed. In the Network Interface
layer, only physical MAC addresses are used for address resolution. Even when an
interface does not have a physical address--as is the case with a modem--a logical
physical address is used. Modems are commonly used to connect to networks, yet they
do not have a physical MAC address. When a modem connects to the network, a logical
address is assigned to the modem so communication can take place.


In the Internet layer, logical IP addresses are mapped to the physical MAC addresses.
Each host in a TCP/IP internetwork is assigned a unique IP address. This address
identifies hosts and identifies the subnetwork on which a host resides.


All protocols used in the transport and Internet layers are provided by the operating
system. Applications do not have to provide their own transport or internetworking
protocols. This makes it easier for applications to be deployed on different operating
systems. The application only has to interface with either TCP or UDP as a transport
protocol.


All protocols and software used in the application layer are application dependent.
You can switch the underlying protocols, and many of the applications will continue
to operate. You can, for example, use the Microsoft TCP/IP stack on your Windows
95 client and use an FTP client. You can just as easily replace the TCP/IP stack
with the Net Chameleon IP stack. Your application will still operate in this environment
because the FTP software functions beyond the operating system. It interfaces with
whatever TCP/IP protocol stack is used. This concept is known as boundary layers.
A new protocol at any of the four layers of the TCP/IP model only needs to interact
with the layer immediately above or below the level in which it functions.


The following sections go into more detail about the processes completed in each
layer of the TCP/IP layer model.

The Network Interface Layer


The network layer merges outgoing frames on the wire and pulls incoming frames
off the wire. The format used by these frames depends on the network topology implemented.


The network layer adds a preamble at the beginning of the frame and adds a cyclical
redundancy check (CRC) to ensure that the data is not corrupted in transit. When
the frame arrives at the destination, the CRC value is recalculated to determine
whether the data has been corrupted in transit. If the frame arrives intact, it is
passed up the network layer model. If the frame is corrupted, it is discarded at
this point.





ISSUES WITH FRAME TYPES

On a single network segment, all hosts must use the same frame type for communication
to occur. Multiple frame types can be run on a single network segment, but only hosts
with same frame types can actually communicate.



The Internet Layer


The Internet layer provides three primary functions: addressing, packaging, and
routing. The Internet Protocol (IP) resides in this layer of the TCP/IP protocol
layer suite. IP provides connectionless, non-guaranteed delivery of information.
This means the IP protocol does not perform any checks or measures to make sure the
information has been received successfully by the destination host. Packets could
be lost or could arrive out of order.


When information arrives from the transport layer, the IP protocol adds a header
to the information. The header includes the following information:


  • Source IP address. This is the IP address assigned to the sending host.


  • Destination IP address. This is the IP address assigned to the target
    host.


  • Transport protocol. The protocol used by the transport layer is stored
    within the IP header. This way, when the datagram arrives at the host system, the
    Internet layer knows whether to transfer the datagram using the TCP or UDP protocols.


  • Checksum. This ensures that the data arriving at this layer has not been
    corrupted in transit.


  • Time-to-live (TTL). Each time the datagram crosses a router, the TTL is
    decreased by a value of at least one. When the TTL reaches a value of zero, the datagram
    is dropped from the network.

The Internet Layer also determines how to route a datagram to a destination host.
If it is determined that the destination IP host is on the same network segment,
the datagram is sent directly to the target host. If IP determines that the destination
host is located on a remote network segment, IP uses the source host's routing table
to determine the best route to reach the network on which the remote host is located.
If there is not an explicit route in the routing table, the source host uses its
default gateway to send the datagram to the remote host.





DEFAULT GATEWAYS

The default gateway is the preferred router a host uses to route traffic to
remote network segments.



Other processes that occur in the Internet layer are fragmentation and
reassembly. Sometimes, when information is transferred between network segments,
the network segments might not use the same network topology. The recipient's network
topology cannot work with the same datagram size as the sending host's network. In
this case, IP breaks data into smaller pieces. When the data is received at the destination
host, the smaller pieces are re-assembled into the original data packet. When the
data is broken up, the following information is appended in each separate packet:


  • Flag. The fragment flag bit in the IP header of each packet fragment is
    set to designate that the data has been fragmented. On the last packet fragment,
    the flag bit is not set because no more fragments follow.


  • Fragment ID. When a datagram is broken into smaller pieces, the fragment
    ID identifies all the pieces of the original datagram. This information is used by
    the client to reassemble the datagram.


  • Fragment offset. When the smaller pieces are reassembled into a single
    datagram, the fragment offset determines the order in which the fragments should
    be reassembled.

The Transport Layer


The transport layer provides end-to-end communication between hosts using ports.
The following two protocols are provided in the TCP/IP layer model to transport data:


  • Transmission Control Protocol (TCP)


  • Universal Datagram Protocol (UDP)

TCP provides connection-oriented communication on a TCP/IP network. When two hosts
communicate using the TCP protocol, a session must be established between the two
hosts. This is so each host can determine the next sequence number the other host
will be using. A TCP connection provides a level of reliability. Transmissions use
sequence numbers and acknowledgments to make sure the destination host successfully
receives the data. If a destination host does not receive a specific segment, it
can request that the source host resend the packet (see Figure 3.2).


FIGURE 3.2. TCP uses sequence numbers to ensure delivery.


In Figure 3.2, the host on the left has segmented a data package into five segments.
It sends segments 1 and 2 to the host on the right. When the host on the right receives
the fragments, it acknowledges their receipt. The host on the left then sends the
next two fragments (fragments 3 and 4). For whatever reason, the host on the right
receives only the third fragment. When it sends the acknowledgment, it only acknowledges
the receipt of fragment 3. The host on the left resends fragment 4 and also sends
fragment 5. Upon receipt, the receiving host acknowledges both fragments. Now it
can reassemble the data into its original format. The TCP protocol is covered in
depth on Day 5. Topics discussed include the TCP three-way handshake and the use
of sliding windows in TCP data transmissions.


A UDP protocol provides connection-less service. It is not guaranteed that the
destination host will receive the information. Applications that use UDP are on their
own to make sure data is successfully delivered to the recipient host. The only protection
you have in a UDP packet is that there is a checksum value within its header. The
checksum makes sure the data was not corrupted in transit.


A common analogy used when comparing the TCP and UDP protocols is the post office
versus a courier service. The post office is much like the UDP protocol. When you
place a letter to your friend in the mailbox, it is not guaranteed that the mail
will get to them. Most of the time it reaches them successfully. When you must make
sure that a business associate receives a package, however, you are not going to
use a typical mail service. Instead, you use a courier service to make sure the business
associate receives the package in a predetermined amount of time. Along the way,
you can check the progress of the package. When the business associate receives the
package, he acknowledges its receipt by signing for the package.


Just as it costs more to use a courier service rather than the post office, there
is additional cost on the network when using the TCP protocol. Periodically, the
recipient host must send an acknowledgment that it has received the last transmissions
successfully. The sending host often waits for an acknowledgment before it continues
to send data.


You, as a network administrator, do not have a choice which transport protocol
to implement. This is determined by the higher-level application using the transport
protocol. Many applications use TCP so they do not have to provide reliable data
transport. The TCP protocol can handle reliable transmission of data using sequence
numbers and acknowledgments. An application that uses UDP has to ensure reliability
on its own.

The Application Layer


Network-based applications function on the application layer in the TCP/IP layer
model. Network-based applications refers to applications that connect to or
communicate with remote network hosts. Network applications that run on a TCP/IP
network generally fit into one of two categories:


  • Winsock applications


  • NetBIOS applications

Winsock applications use the Windows Sockets service application-programming
interface (API). These include utilities such as FTP, Telnet, SNMP, and IRC.


NetBIOS applications use NetBIOS names and messaging services over a TCP/IP
network. The Windows NT 4.0 network operating system still uses NetBIOS names for
its networking name resolution.

Comparing the OSI Model to the TCP/IP Model


The following comparisons can be made between the seven-layer OSI reference model
and the four-layer TCP/IP model (see Figure 3.3):


  • The TCP/IP layer model combines both the physical and data link layers of the
    OSI Model into the TCP/IP model's network layer. It does not differentiate between
    the physical network cards and their drivers. This enables TCP/IP to be implemented
    in any network topology.


  • The Internet layer of the TCP/IP model corresponds the network layer of the OSI
    Reference model. Both layers provide addressing and routing services.


  • The transport layer in each model enables end-to-end communication sessions to
    occur between two hosts.


  • The application layer in the TCP/IP model combines the session, presentation,
    and application layers of the OSI model. The TCP/IP model includes all issues of
    how data is represented and how sessions are maintained within the definitions of
    an application.

FIGURE 3.3. Comparing the OSI and TCP/IP layer models.

Defining the Core Protocols in the IP Layer Model


Now that you are familiar with the logical layout of the TCP/IP layer model, the
following sections discuss the specific protocols involved in the TCP/IP layer model.
This provides more details into the specific functionality provided by protocols
in each layer of the TCP/IP model.

Protocols in the Internet Layer


As previously discussed, the Internet layer provides all addressing, packaging,
and routing in the TCP/IP protocol suite. The protocols in this layer either interact
with the physical network components in the network interface layer or provide logical
addressing information to the transport layer. The following are the actual protocols
located in the Internet layer:


  • Address Resolution Protocol (ARP)


  • Internet Can Message Protocol (ICMP)


  • Internet Protocol (IP)


  • Internet Group Messaging Protocol (IGMP)

Address Resolution Protocol (ARP)


For two hosts to communicate successfully on a network segment, they must resolve
each other's hardware addresses. This is accomplished in the TCP/IP protocol suite
using the Address Resolution Protocol (ARP). ARP resolves a destination host's IP
address to a MAC address. It also makes sure the destination host is able to resolve
the sender's IP address to a MAC address.


Frequently on a network, a client computer communicates with a central server.
Instead of querying each time for the server's MAC address, the ARP protocol makes
use of the ARP cache. The ARP cache stores a list of IP addresses recently
resolved to MAC addresses. If the target IP address' MAC address is found in the
ARP cache, this MAC address is used as the target address for communication.


The following rules must be followed when maintaining the ARP cache:


  • Each new entry is configured with a time-to-live (TTL) value. The actual value
    depends on the operating system in use. When the time-to-live value reaches zero,
    the entry is removed from the ARP cache.


  • If a new entry is not reused in the first two minutes of its life, it is removed
    from the ARP cache.


  • In some TCP/IP implementations, the time-to-live value is reset to its initial
    value every time an entry is reused in the ARP cache.


  • Each implementation of TCP/IP sets a maximum number of entries in the ARP cache.
    If the ARP cache fills up and a new entry must be added, the oldest entry in the
    ARP cache is removed to make room for the new entry.

The ARP Process  When a host needs to communicate with another
host on a local network segment, the following process is used (see Figure 3.4):


1. The calling host checks its ARP cache to determine whether there is an entry
for the IP address of the destination host.


2. If an entry cannot be found, the calling host creates an ARP packet that asks
the destination host to reply with its MAC address. Included in the ARP packet are
the IP address and MAC address of the calling host so the destination host can add
this information to its ARP cache. This ARP packet is sent to the ethernet broadcast
address FF-FF-FF-FF-FF-FF. This means every host on the segment investigates the
packet.


3. Each host investigates the ARP packet to see whether the destination host
IP address in the ARP packet matches its IP address. If it does not, the packet is
ignored. If it matches, the destination host adds the IP address and MAC address
information of the sending host to its ARP cache.


4. The destination host creates an ARP reply containing its IP address and MAC
address information. This reply is returned to the calling host.


5. The calling host adds the IP address and MAC address information to its ARP
cache. Communication now can begin between the two hosts.

Figure 3.4. The ARP process when communicating with a local host.


The process differs when the target host is located on a remote network (see Figure
3.5). This can be determined by comparing the target host's IP address to the sending
host's IP address/subnet mask combination. This is discussed on Day 4 in the section
"The ANDing Process."


FIGURE 3.5. The ARP process when communicating with a remote host.


1. The sending host determines whether the destination host is located on a remote
network. The sending host inspects its TCP/IP configuration and finds the address
for its default gateway. The default gateway is the router on the host's network
segment where all outbound network traffic is directed.





THE IMPLEMENTATION OF DEFAULT GATEWAYS

Not all TCP/IP implementations use default gateways. If they are not used, explicit
routes are configured for each remote network. If the remote network is not defined
in the routing table, traffic cannot be sent to that remote network. In these implementations,
the sending host determines which router to send the data to reach the remote network
and uses ARP to find that router's MAC address.




2. The sending host inspects its ARP cache to see whether it has recently resolved
the MAC address of the default gateway. If it hasn't, the host sends an ARP packet
to determine the MAC address using the same local ARP resolution method previously
discussed.


3. The data is transferred to the default gateway.


4. The default gateway now inspects the destination host's IP address. If the
default gateway has an interface on the network segment on which the host is located,
it inspects its ARP cache for an entry for the destination host. If the default gateway
does not have an interface on the network segment on which the destination host is
located, it uses its routing table to determine which router to pass the information
to. It inspects its ARP cache for the MAC address of the target router's interface.
If it does not have an entry in the ARP cache, it uses ARP to determine the MAC address.





ARP CACHES WHEN A HOST HAS MORE THAN ONE NETWORK CARD

For multihomed (multiple interfaced) hosts, a separate ARP cache is maintained for
each interface.



The ARP Packet  The ARP packet is shown in Figure 3.6. This packet
format is used for both the ARP protocol and the Reverse Address Resolution Protocol
(RARP). The RARP protocol is discussed in Day 10 with the topic of automatic configuration.


FIGURE 3.6. The ARP packet structure.


Table 3.1 describes each field in an ARP packet.

TABLE 3.1. THE ARP PACKET FIELDS.












































Field Definition
Hardware Type Designates the type of hardware used in the network layer.
Protocol Type The field indicates the protocol address type in the protocol address fields. For
an IP address, this value is set to 08-00.
Hardware Address Length The length in bytes of the hardware address. For ethernet and token-ring networks,
this is 6 bytes.
Protocol Address Length The length of the protocol address. For IPv4, this is 4 bytes.
Op Code Determines whether the packet is an ARP request or an ARP reply. Possible values
include: (1) ARP request, (2) RARP request, (3) ARP reply, or (4) RARP reply.
Sender's hardware address The hardware address of the sending host.
Sender's protocol Address The IP address of the sending host.
Target's hardware address The hardware address of the target host. This is set to 00-00-00-00-00-00 in an ARP
request.
Target's protocol address The IP address of the target host.




Using the ARP Command  Each TCP/IP protocol suite provides
an ARP command for viewing and modifying the ARP cache. In Windows NT, the
ARP command can be used for three purposes: viewing the ARP cache, adding
a static entry to the ARP cache, and removing an ARP cache entry. The following command
is used to view the ARP cache:



ARP -a [IP address]

This command displays all the current ARP cache entries. You can use [IP Address]
to optionally provide the parameters. This parameter filters the ARP command
so only the physical addresses for the specified IP address are displayed. Use this
when you are trying to determine the MAC address for a single IP address, and there
are several entries in the ARP cache. In Windows NT, you also can use the ARP
-g
command with the same results.


To add a static entry to the ARP cache that will not expire according to normal
ARP cache rules, use the following command:



ARP -s "IP Address" "Physical Address"

If you want to add a static entry for the host 172.16.2.16 with MAC address 0080D7225FBF,
for example, type the following command:



ARP -s 172.16.2.16 00-80-D7-22-5F-BF

Note that the MAC address uses a hyphen to separate each pair of hexadecimal characters.
It generally is not recommended that you add static entries to the ARP cache. If
a network card failed or was replaced on host 172.16.2.16, you would not be able
to communicate with this host because you would have the incorrect MAC address.





STATIC ARP ENTRIES REALLY ARE NOT THAT STATIC

Static ARP entries remain in the ARP cache until the host is restarted. When this
occurs, the ARP cache is flushed and static entries are not re-created. If an IP
address has been assigned a static entry in the ARP cache, and if an ARP broadcast
sent on the network suggests a different physical address, the new address replaces
the old address in the ARP cache.



If you want to remove an incorrect entry from the ARP cache (such as an incorrectly
entered static entry), use the following command:



ARP -d "IP address"

If you want to remove your previous entry for the host at 172.16.2.16, type the
following:



ARP -d 172.16.2.16





HOSTS CAN UPDATE ARP PACKETS

Although the ARP packet is sent with a specific host's IP address, other hosts still
inspect the ARP packet to see whether it is intended for them. If a host notices
that the ARP packet contains an IP address/MAC address combination that does not
match an entry in its ARP cache, it updates its cache with the information in the
ARP packet. This information is more timely and should be trusted over an entry in
the ARP cache.



Internet Control Message Protocol (ICMP)


The Internet Control Message Protocol provides an error-reporting mechanism and
controls messages to the TCP/IP protocol suite. This protocol was created primarily
to report routing failures to the sending host.


The following functions can be performed by the ICMP protocol:


  • Provide echo and reply messages to test the reliability of a connection between
    two hosts. This usually is accomplished with the PING (Packet Internet Groper) command.


  • Redirect traffic to provide more efficient routing when a router becomes congested
    due to excess traffic.


  • Send out a time-exceeded message when a source datagram has exceeded its allocated
    time-to-live and has been discarded.


  • Send out router advertisements to determine the address of all routers on a network
    segment.


  • Provide a source-quench message to tell a host to slow down its communications
    when the communications are saturating a router or a network WAN link.


  • Determine what subnet mask is in use on a network segment.





ROUTING PROTOCOLS

Routing is discussed on Day 9, "Gateway and Routing Protocols." See this
chapter when reviewing the concept of routing and the functionality provided by routing
protocols.



The ICMP Packet Format  The ICMP packet format is shown in Figure
3.7, with fields described in Table 3.2.


FIGURE 3.7. The ICMP packet structure.

TABLE 3.2. THE ICMP PACKET FIELDS.












































































Field Definition
Type This 8-bit field indicates the type of ICMP packet being transmitted. The following
are possible types:
*0--Network unreachable
*1--Host unreachable
*2--Protocol unreachable
*3--Port unreachable
*4--Fragmentation needed
*5--Source route failed
*6--Destination network unknown
*7--Destination host unknown
*8--Source host isolated
*9--Communication with destination network administratively prohibited
*10--Communication with destination host administratively prohibited
*11--Network unreachable for type of service
*12--Host unreachable for type of service
Code This field provides additional information not provided in the Type field for the
destination host.
Checksum This field provides error detection for the ICMP portion of the packet.
Type Specific Data This data depends on the type of functionality ICMP is providing. If it's Echo Request/Echo
Reply (the most common), this information includes an identifier and a sequence number
that are used to identify each echo request sent and each reply




Using the ICMP Protocol to Troubleshoot Connectivity  One of
the most common problems a network administrator faces is determining why a specific
computer cannot communicate with the rest of the network. Many times, it is the result
of an incorrect TCP/IP protocol configuration. The ICMP protocol can help determine
which configuration parameter potentially is incorrect. Figure 3.8 shows a test network
on which you could test the TCP/IP configuration for a host with IP address 172.16.2.200


.FIGURE 3.8. Testing a host's IP configuration.


1. Start by pinging a reserved IP address. This address (known as the loopback
address)
is 127.0.0.1. If you ping this successfully, the TCP/IP protocol suite
has been installed correctly.


2. Next ping the IP address assigned to your host (in this example, 172.16.2.200).
If you can ping this IP address, the IP address has been configured correctly on
your host. This also indicates that TCP/IP has been bound to the correct network
interface card (NIC).


3. Next ping the IP address of the configured default gateway. Pinging this address
proves you can communicate with another host on the same network segment. If you
cannot do this, try pinging a different host on the same network segment. If neither
ping works, you probably have an incorrect subnet mask configured. If you can ping
one host but not the other, make sure you have the correct addresses and that both
hosts are running. In this example, you would ping 172.16.2.1.


4. Finally, ping an IP address for a host on a remote network segment. This proves
all routing functions are working correctly. If this does not work, double-check
your subnet mask. If it is incorrect, TCP/IP might assume the remote host actually
is a local host and won't be able to communicate properly with it. All packets destined
for the remote host won't be properly directed to the default gateway on the network
segment. In this example, 192.168.1.3 could be pinged to test this step.





A SHORTCUT FOR HOST TESTING

When testing a host's configuration, you actually could just perform step 4. Here's
why: If you can ping the host at 192.168.1.3, you successfully used your default
gateway. Because the response returned to your computer, you have configured your
IP address correctly. For all this to occur, you must be running the TCP/IP protocol.



Internet Protocol (IP)


The Internet Protocol provides all logical addressing of hosts. Each host is assigned
a unique IP address for the network on which it is running. The IP protocol is connectionless.
For two hosts to communicate using the IP protocol, they do not have to establish
a session first. Data is exchanged between the systems using a best-effort delivery
system.





UNDERSTANDING IP ADDRESSES

Tomorrow you will learn the specifics of IP addressing. Today, it is important to
understand that the IP address assigned to a host not only represents the host, it
also indicates on which logical subnetwork the host is located.



As with any protocol that provides network addressing, the Internet Protocol comprises
both network and host components. By comparing a destination computer's IP address
with its own source IP address, IP can determine whether the packet must be routed
to the destination host or can be sent directly to it.


The format of an IP packet is shown in Figure 3.9.


FIGURE 3.9. The IP packet format.


The following sections describe each field in an IP packet.


The Version Field  The Version field indicates which version
of the IP protocol is used for formatting the IP datagram. The current version of
the IP protocol is version 4, but work is continuing on the IPv6 protocol. If the
receiving computer cannot handle the IP protocol version, it simply drops the packet.
The length of the Version field is 4 bits.


The Length Field  The Length field indicates the IP header's
length. All fields in an IP packet are of fixed length except the IP Options and
Padding fields. This field determines the dividing line between the header and data
portions of the packet. The Length field is subtracted from the Packet Length field
to determine where the data starts.


The Service Type Field  The Service Type field tells IP how to
handle the IP packet. It includes the five subfields in Figure 3.10.


FIGURE 3.10. The Service Type subfields.


The Precedence subfield sets the importance of a datagram. This 3-bit subfield
can range from a value of 0 (normal) to a value of 7 (network control). The higher
the number, the more important the packet. Theoretically, higher precedence packets
should be routed to the destination address faster than lower precedence packets.


The Delay, Throughput, and Reliability subfields all specify the desired
transport of the packet. These three subfields usually are all set to 0. If they
are set to 1, they indicate that low delay, high throughput, and high reliability
are desired. When multiple routes are available to a remote network, these subfields
can be used to determine which route to take.


The last two bits of the Server Type field currently are unused in IP version
4.


The Packet Length Field  The Packet Length field contains
the total length of the IP packet. This includes all data and the IP header.


The Packet Fragmentation Fields  The next three fields play a
part in the fragmentation and reassembly processes. In an IP internetwork,
information can travel between different network topologies including ethernet, token
ring, and FDDI networks. Each network topology is constrained by the amount of data
that can fit into a single frame on the network. When data is transferred between
differing topologies, it sometimes must be broken into smaller fragments that can
be transported across the other network topology. The size of these fragments is
based on the maximum size that can be handled by the network topology across which
the datagram is traveling. When a packet is fragmented, a mechanism also must be
provided that enables the original packet to be reassembled at the destination host.


The Identification field contains a unique identifier that marks the original
datagram. If an original packet is broken into three fragments, each of the three
fragments has the same Identification field.


The Flags field, which is 3 bits, controls fragmentation. The first bit
currently is unused. The second bit is the Don't Fragment (DF) bit, and the third
bit is the More Fragments (MF) bit. If the DF bit is set to 1, the datagram cannot
be fragmented. If the data is transferred to a network that cannot handle frames
of this size, the datagram is dropped (because it cannot be fragmented). This often
is used for circumstances in which packet size is being tested and the packet should
not be fragmented into smaller fragments. The MF bit is set to 1 when an original
packet has been fragmented. The MF bit indicates that the current packet is followed
by more packets. In the last packet of a fragment, the MF bit is set to 0. This indicates
that no more packets follow.


The Fragment Offset field is used in conjunction with the MF bit when reassembling
the fragmented packet. Many times, the destination host receives the fragmented packets
out of order. The MF bit, Identification field, and Fragment Offset field help determine
how to rebuild these fragmented packets into the original packet. The offset value
always is based on the beginning of the message.


If a 1500-byte packet must be broken into fragments not larger than 700 bytes,
for example, the following would occur: The first fragment would be assigned the
same ID as the original 1500-byte packet. The MF bit would be set to 1, and the Fragment
Offset would be set to 0. The second fragment would have the same ID as the original
packet and also would have the MF bit set to 1. The Fragment Offset for the second
fragment would be set to 700. The final fragment would have the same ID as the original
packet. This would be the final packet, so the MF bit would be set to zero because
no more fragments follow. The fragment offset would be set to 1400 for this packet.


The Time-to-Live Field  The time-to-live (TTL) field indicates
how long a datagram can exist on a network. Each time the packet crosses a router,
its value decreases by at least one second. When the TTL field reaches a value of
zero, the datagram is discarded at the current router. A message is sent to the source
host stating that the packet was dropped using the ICMP protocol so the source host
could resend the packet.


The Protocol Field  The Protocol field indicates which
high-level protocol was used to create the information stored in the data portion
of the packet. This field assists in moving the packet up to the correct protocol
in the TCP/IP layer model. It also defines the format of the data portion of the
packet. A protocol identification number (PIN) assigned by the Network Information
Center (NIC) represents each protocol. ICMP, for example, is protocol number 1; TCP
is protocol number 6.


The Header Checksum Field  The Header Checksum field makes
sure the header information has not been corrupted in transit. This checksum is only
for the header portion of the packet. It results in reduced processing at each router
because the checksum is not calculated on the entire packet. The Header Checksum
must be recalculated at every router the packet traverses. This is because the TTL
field decrements at each router, necessitating that a new checksum be calculated.


The Source and Destination IP Address Fields  The Source IP Address
and Destination IP Address fields contain the 32-bit IP addresses
of the source and destination hosts. These values are not changed in transit.


The Options Field  The Options field can be composed of
several codes of variable length. More than one option can be used in an IP packet.
If more than one is used, the fields appear consecutively in the IP header. Each
option is 8 bits long and consists of three subfields. The first bit represents the
copy flag. It determines how this option should be treated when an original
packet is fragmented. If the copy flag is set to 0, the option only should be copied
to the first fragment. If the copy flag is set to 1, the option should be copied
to all fragments of the original packet.


The option class is represented by 2 bits. The option class can have one
of four values assigned to it. A value of 0 means the option has to do with a datagram
or a network control. A value of 2 means the option is used for debugging or measurement
purposes. Values of 1 and 3 are reserved for future use and have not been defined
yet.


The option number is represented by the final 5 bits. Each combination
of option class and option number is shown in Table 3.3.

TABLE 3.3. VALID IP OPTION CLASSES AND OPTION NUMBERS.












































Option Class Option Number Description
0 0 End of option list.
0 1 Used for padding. Indicates that no option has been set.
0 2 Security options for military applications.
0 3 Loose source routing. This option indicates a sequence of IP addresses that should
be used as the route to a destination host. Loose source routing enables multiple
network hops to exist between designated source addresses.
0 7 Used to trace routes to a destination. Useful for determining which exact route was
traversed between a source and destination host. Each router that handles the IP
packet adds its IP address to the options list.
0 9 Strict source routing. As with loose source routing, strict source routing specifies
a routing path to a destination host. The difference is that, if the designated route
cannot be followed, the packet is discarded.
2 4 Internet timestamp that enables timestamps to be recorded along a route. Each router
records its IP address and a timestamp, indicating the time the router handled the
packet. This time is based on milliseconds since midnight Greenwich Mean Time (or
Universal Time). Due to non-synchronization of clocks, these times only should be
considered estimates of the exact time.




The Padding Field  The Padding field's contents are based
on the options selected for an IP packet. The padding ensures that the datagram's
header is rounded to an even number of bytes.

Internet Group Management Protocol (IGMP)


At times, instead of sending information from a source host to a single destination
host, you will need to send information to multiple destination hosts. One method
is to use broadcasting. There are two major issues with broadcasting. First,
all hosts on the network must examine the packet to determine whether it is intended
for them. Second, many routers are configured not to forward broadcasts to other
network segments. Both these issues can cause congestion on the network.


An alternative to broadcasting is multicasting. Instead of an IP packet's
destination being all machines on the network, the destination can be a specific
group of computers. Multicast packets are delivered using UDP. Therefore, they might
be lost or delayed in transit.


The following are some facts about IP multicast groups:


  • All multicast addressing is based on Class D IP addresses, which range from 224.0.0.1
    through 239.255.255.255. TCP/IP address classes are discussed on Day 4.


  • The address 224.0.0.1 is reserved. It represents the all hosts group.
    This group includes all IP hosts and routers participating in IP multicasting on
    a network segment.


  • An IP host can dynamically join or exit an IP multicast group at any time.


  • IP multicast addresses should appear only as destination addresses. They rarely
    appear as source addresses because multicast addresses are not usually bound to network
    interface cards. Some forms of UNIX do allow this capability. In these cases, a multicast
    address can appear as the source address.

The fields in an IGMP packet are shown in Figure 3.11.


FIGURE 3.11. The Service Type subfields.


  • Version. This field indicates the protocol version in use. For IGMP packets,
    this is set to a value of 1.


  • Type. This field indicates whether the IGMP message is a query sent by
    a multicast router (a value of 1) or a response sent by an IP host (a value of 2).


  • Checksum. This field is a checksum for the entire IGMP message. It makes
    sure the information has not been corrupted in transit. The same algorithm used for
    calculating IP header checksums also is used for IGMP checksums.


  • Group Address. This field contains the IP multicast of the group in which
    a host is reporting membership. In the case of a multicast group query, this field
    is set to all zeroes.

Applying What You Have Learned


Today's material covered a lot of information. You started with a comparison of
the TCP/IP and OSI layer models. Be sure you know what functionality is provided
by each layer. This can help you determine which layer each protocol in the TCP/IP
protocol suite exists.


The following questions will further your knowledge of the protocols that exist
in each of the TCP/IP layers.

Test Your Knowledge



1. What are the four layers of the TCP/IP layer model?


2. What is meant by the term boundary layer?


3. What layers of the OSI model can be matched to the network interface layer
of the TCP/IP layer model?


4. What functionality is provided by the transport layer in the TCP/IP layer
model?


5. What physical address is obtained by the ARP protocol when the destination
host is located on the same network segment?


6. What physical address is obtained by the ARP protocol when the destination
host is located on a remote network segment?


7. What services are provided by the ICMP protocol?


8. Does the IP protocol provide connection-oriented or connectionless service?


9. Why is multicasting preferred over broadcasting when sending data to multiple
hosts?

Preview of the Next Day


Tomorrow's material digs into the Internet Protocol. Topics discussed include
the basic formatting of an IP address, the various classes of IP addresses, and general
information about the use of subnet masks.


The end of the day overviews some features of IPv6. If you are interested in a
more detailed description of IPv6, see Day 21, "Future Applications of TCP/IP."



Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)