TCP/IP or Transmission Control Protocol/Internet Protocol is a suite of Network protocols. TCP/IP is the network protocol behind the Internet.The main protocols in the TCP/IP are (rather obviously) TCP & IP. Other than these two dominant constituents of the TCP/IP suite another example is ICMP (Internet Control Message Protocol), a protocol for hosts to talk to each other at network layer; it helps in checking latency, eg in ping; it is not meant to be used by users, so no ports, error check etc;
The TCP/IP suite is based on a layered architecture, defined in RFC 1122 which has 4 layers - Data-link, Internet, Transport and Application. It was modeled before the 7 layered ISO/OSI stack.
Note: RFC = Request For Comments. Technical Documents published by IETF that defines how the Internet is structured and functions.
In the rest of the document, I will be using small letters for sake of easy typing - eg: tcp/ip instead of TCP/IP.
Before we begin, lets review some networking jargon:
-packets - The smallest unit of data that networks deal with. it some control info + payload data.
-frame - header + packet.
-tcp/ip and network layer mappings:
. layer 1 - physical - copper wire
. layer 2 - datalink - ethernet
. layer 3 - internet - ip routing
. layer 4 - transmit - order of pkts, retransmit if reqd
. layer 5-7 - session, presenation, application - ssl, pop, imap, http, vpn etc.
-each layer of the tcp/ip (or the osi) stack adds its own header to the data-packet.
-an ip packet cant be more than 65535 bytes in version 4 of ip (ipv4)
-ipv6 = IPng = IP next generation = it is backward compatible with ipv4
-ipv6 = 128 bits = 10 to the 38 addresses
-mtu = max transmission unit = the largest packet that can be sent bet two hosts
-eg: ethernet mtu is 1500 bytes.
-fragmentation = breaking up of ip packet when it is bigger than the mtu.
-eg: if the ip pkt is 4000 byte & ethernet mtu is 1500 bytes, the the ip pkt will be fragmented into 3 pkts of 1500, 1500 & 1000 bytes resp.
-ttl (time to live) = a field in the ip header whose value is 0-255, signifying the amt of secs the pkt is allowed to live on the n/w bef being dropped.
-ttl can be determined only by routers (ie layer 3) and not switches (layer 2).
Note: tcp/ip is the software piece of the network that runs on a networking hardware like Ethernet, Token Ring, etc. Since Ethernet is the most common form of networking, lets talk more of it. An ethernet packet has a header and a payload.
-ethernet header comprises:
-source ethernet addr, dest ethernet addr & pkt protocol type
-note: ethernet addr => mac addr - 48 bit or 6 bytes long - unique id of every nic
-there are two types of ethernet protocols - 802.3 (older) & ethernet-2
-the ethernet header content helps tell the diff bet the two. 802.3 ethernets are rare these days.
-to analyze the ethernet packet headers, the tcpdump cmd can be used which needs to be run as root.
No comments:
Post a Comment