|
|
 TCP/IP
Protocol Within Windows XP Professional
By Jason Zandri
Article Date: 01.29.03
The Transmission Control Protocol/Internet Protocol is a network communication
protocol. It can be used as a communications protocol on private networks and
it is the default protocol in use on the Internet. When you set up any system
to have direct access to the Internet, whether it is via dial-up or one of the
high speed technologies in use today, your system will need to utilize the TCP/IP
protocol whether it is a Windows based system or not.
Also, if the given system needs to communicate to other TCP/IP systems on the
local LAN or WAN it will need to utilize the TCP/IP protocol as well.
[NOTES FROM THE FIELD] -
Indirectly connected computers, such as those on a LAN that hit the Internet
via certain default gateways, certain types of routers, Proxy Servers, ISA Servers
or other indirect means, do not necessarily need to use the TCP/IP protocol. The
need only use the network protocol in use for their LAN, where that LAN protocol
would communicate with the directly connecting mechanism, (default gateway, router,
Proxy Server or other direct device). That directly connected device would need
to use the Internet default protocol of TCP/IP.
TCP/IP is technically made up of two protocols. The upper layer, Transmission
Control Protocol, on the sending system is responsible for breaking down the data
into smaller packets to be transmitted over the network, (local and Internet),
while the TCP layer on the receiving node reassembles the packets it receives
back into the original data structure.
The lower layer, Internet Protocol, addresses each individual packet so that it
gets delivered to the correct node. Each routing device on the network, be it
a hardware router or a server system that is performing routing functions, will
check the destination address to see where to forward the message.
[NOTES FROM THE FIELD] -
This is just a basic overview of TCP/IP and I didn't want to get too involved
with it here within this article. There is bountiful information on TCP/IP all
over the Internet and before poring through the RFCs I would first suggest you
try TCP/IP Frequently Asked
Questions or
TCP/IP Protocol Suite - Questions & Answers.
The TCP/IP Model
The TCP/IP suite of protocols maps to a four-layer conceptual model which is based
on the seven layer Open System Interconnection (OSI) protocol model.
The detailed function of each layer of the Open System Interconnection (OSI) protocol
model is beyond the scope of this topic, however, the 60 second overview is as
follows:
Physical Layer - Defines the interface between the medium and the device.
This layer also transmits bits (ones and zeros) and defines how the data is transmitted
over the physical medium. Some examples of Network Components found at this layer
are Multiplexers, Passive Hubs, Active Hubs, Repeaters and other types of signal
Amplifiers
Data Link Layer - This layer is actually divided into
to sublayers, Logical Link Control, which mainly handles error correction and
flow control and Media Access Control, which mainly handles the communication
with the network adapter card. Some examples of Network Components found at the
Data Link layer are Bridges, Switches and certain Advanced Cable Testers.
Network Layer - This OSI layer is responsible for translating
logical network address and names such as computernames to their MAC addresses
and for addressing and routing data packets over the network. If routers at this
layer can’t forward the data frames as large as the source node has sent, this
OSI layer will break down the data into smaller units that the devices can handle.
Some examples of Protocols found at the Network Layer are IP, ARP, RARP, ICMP,
RIP, OSFP, IGMP, IPX, NWLink and NetBEUI. Some examples of Network Components
found at this layer are Brouters, Routers, some types of ATM Switches and Frame
Relay hardware.
Transport Layer - The Transport Layer adds an additional connection below
the Session layer and helps manage data flow control between nodes on the network.
This layer divides the data into packets on the sending node and the transport
layer of the receiving node reassembles the message from packets. The Transport
Layer provides error-checking to guarantee error-free data delivery by requesting
retransmission if some packets don’t arrive error-free. It also sends acknowledgment
of successful transmissions back to the sending node. Some examples of Protocols
found at this layer are TCP, ARP, RARP, SPX and NWLink. Some examples of Network
Components found at the Transport Layer are Gateways and certain types of Brouters.
Session Layer - This OSI layer, as the name implies,
establishes, maintains and ends sessions between transmitting nodes across the
network and manages which node can transmit data at a certain time and for how
long. Some examples of Protocols found at this layer are Names Pipes, NetBIOS
Names, RPC and Mail Slots. Some examples of Network Components found at the Session
Layer are Gateways and certain types of Proxy Servers.
Presentation Layer - The Presentation Layer technically
performs the translation of the data from the way applications understand it to
the way networks understand it on the transmission end and then back on the receiving
node. It is responsible for protocol conversions, data encryption / decryption,
and data compression / decompression where the network is considered. Some examples
of Network Components found at the Presentation Layer are Gateways and certain
types of Redirectors. There are no Protocols that normally operate in this layer.
Application - The Application Layer of the OSI model
allows access to network services for applications specifically written to run
over the network, such as email and file transfer programs such as FTP. There
are many Protocols found at the Application Layer, some of which include FTP,
TFTP, BOOTP, SNMP, SMTP, TELNET, NCP, and SMB.
The TCP/IP suite four-layer conceptual model is as follows;
Network Interface Layer - This layer effectively puts
the frames on the wire from the sending node and pulls frames off the wire at
the receiving node and basically correlates to the Physical Layer of the OSI model.
Internet Layer - Internet layer protocol of the TCP/IP
suite encapsulate packets into Internet datagrams. There are four Internet protocols
that operate at this layer. The Internet Layer basically (but not entirely) correlates
to the Network Layer of the OSI model.
| IP |
Internet Protocol provides connectionless
packet delivery for all other protocols and does not guarantee packet arrival
or correct packet sequence nor does it acknowledge packet delivery. IP has the
main responsibility of addressing and routing packets between nodes and it does
not try to recover from network errors. |
| ARP |
Address Resolution Protocol maps
IP addresses to a physical machine addresses (MAC addresses) that are located
on the LAN. IP broadcasts a special ARP inquiry packet containing the IP address
of the destination system. The system that owns the IP address replies by sending
its physical address to the requester. The MAC sublayer communicates directly
with the network adapter card and is responsible for delivering error-free data
between network. |
| ICMP |
Internet Control Message Protocol
is a message control and error-reporting protocol used between network nodes.
Higher level protocols use the information in these datagrams to recover from
any transmission or other errors. |
| IGMP |
The Internet Group Management Protocol
provides a way for nodes to report their multicast group membership to nearby
multicast routers. Multicasting allows nodes to send content to multiple other
nodes within that multicast group by sending IP multicast traffic to a single
MAC address but by allowing it to be processed by multiple nodes. IGMP is part
of the Network layer of the OSI model. Windows XP Professional supports multicast
for things such as Windows 2000 Server NetShow Services. |
Transport Layer - The two Transport layer protocols provide communication
sessions between computers and these sessions can be connection oriented or connectionless,
as outlined below. The Transport Layer basically (but not entirely) correlates
to the Transport Layer of the OSI model.
| TCP |
Transmission Control Protocol is
a connection-oriented protocol that provides reliable communication by assigning
a sequence number to each segment of data that is transmitted so that the receiving
host can send an acknowledgment (ACK) to verify that the data was received. If
an ACK is not received, the data is retransmitted. TCP guarantees the delivery
of packets, ensures proper sequencing of the data, and provides a checksum feature
that validates both the packet header and its data for accuracy. |
| UDP |
User Datagram Protocol is a connectionless
protocol that does not guarantee the delivery or the correct sequencing of packets.
Applications that use UDP typically transfer small amounts of data at once and
the data sent is usually not considered critical. TFTP (Trivial File Transfer
Protocol) uses UDP. |
Application Layer - The Application Layer is where applications that are
specifically written to operate over networks, gain their access. There are two
TCP/IP services, Winsock and the NetBIOS over TCP/IP (NetBT) interface, that network
applications most commonly use on Windows XP Professional networks. The Application
Layer basically (but not entirely) correlates to the Application Layer of the
OSI model.
| Winsock |
Winsock is the standard interface
used for socket-based applications and TCP/IP protocols. Winsock allows the network
application to bind to a specific port and IP address on a node, initiate and
accept a connection, send and receive data, and close then close the connection.
|
| NetBT |
NetBIOS over TCP/IP is the standard
interface for NetBIOS services, including name, datagram, and session services.
It also provides a standard interface between NetBIOS-based applications and TCP/IP
protocols and is the network component that performs computer name to IP address
mapping name resolution. There are currently four NetBIOS over TCP/IP name resolution
methods: b-node, p-node, m-node and h-node. |
Internet Protocol Addressing Overview
The Transmission Control Protocol/Internet Protocol is a network communication
protocol. It can be used as a communications protocol on private networks and
it is the default protocol in use on the Internet. When you set up any system
to have direct access to the Internet, whether it is via dial-up or one of the
high speed technologies in use today, your system will need to utilize the TCP/IP
protocol whether it is a Windows based system or not.
Also, if the given system needs to communicate to other TCP/IP systems on the
local LAN or WAN it will need to utilize the TCP/IP protocol as well.
TCP/IP version 4 (IPv4) addresses are made of up four 8-bit fields (octets)
and are 32-bits in size total. Microsoft TCP/IP version 4 supports the standard
classes of address, which defines which bits are used for the network ID and which
bits are used for the host ID. There are five TCP/IP version 4 (IPv4) addresses,
although for the most part, only the A, B, and C classes are used. The system
of IP address classes described here form the basis for IP address assignment.
Classless Inter-Domain Routing (CIDR) addressing is now being used more often
and I will cover that later in the article. Classless Inter-Domain Routing is
making the IP address classes in their current for "less defined", for lack of
a better term. Still, the classes form the base of any addressing scheme.
TCP/IP version 4 address are made of both a network ID and a host ID. The network
ID address identifies the physical network where the hosts exist. The host ID
address identifies the individual TCP/IP host on a network. The host ID must be
unique on the internal network, that is, no two nodes on a given network can have
the same network ID AND host ID.
[NOTES FROM THE FIELD] - You can have two hosts with the IP host name
of 112.12.44 if one is on network 10 and another is on network 11. (The full IP
addresses of these hosts would be 10.112.12.44 and 11.112.12.44. The subnet mask
would be 255.0.0.0.) You cannot assign both of these nodes the host address of
112.12.44 if they are both on network 10 or both on network 11.
The "division" point between the network ID and the host ID is called the subnet
mask. The subnet mask is used to determine where the network number in an
IP address ends and the node number in an IP address begins.
The bits in a subnet mask are set consecutively from left to right and there can
be no "skips" in the setting structure. The subnet mask of 255.255.128.0 is valid
because all eight bits are set in the first two octets and the first bit of the
next octet is also set. (11111111.11111111.10000000.00000000). The subnet mask
of 255.255.64.0 is not valid because there is a "missing" bit that is not allowed.
(11111111.11111111.01000000.00000000).
[NOTES FROM THE FIELD] - The left most
bit in a TCP/IP version 4 address is called the Most Significant Bit (MSB) and
has the highest value. The right most bit in a TCP/IP version 4 address is called
the Least Significant Bit (LSB) and has the lowest value.
I have detailed subnet masks in a little more
detail in a following section.
The value of the bits, in order from the Most Significant Bit (MSB) to the Least
Significant Bit (LSB) are 128, 64, 32, 16, 8, 4, 2, 1. These numerical designations
are what make up the TCP/IP version 4 address. Each set bit (noted by a "1") are
added together to give you the address. The TCP/IP version 4 address of 171.144.62.12
converts to a binary number of 10101011.10010000.00111110.00001100 and a hexadecimal
number of AB.90.3E.0C
[NOTES FROM THE FIELD] - While it's important to know that the TCP/IP
version 4 address converts to a binary number or a hexadecimal number it is not
often used in day to day operations of the MCSA/MCSE. It is more so for the Network
Administrator. For the 70-270 exam, concentrate on the different classes of addresses,
how subnet masks work, Classless Inter-Domain Routing (CIDR) addressing and a
basic understanding of the binary conversion of a TCP/IP version 4 address. Basically,
know the Most Significant Bit (MSB) and the Least Significant Bit (LSB) and the
order of numbers.
The way I remember it was to remember that the
Least Significant Bit (LSB) of each octet was "1" and each place to the left of
it doubled in value up to the end of the octet on the far left. After the DOT
I would start back to "1"
TCP/IP version 6 (IPv6) addresses are a set of specifications from the
Internet Engineering Task Force (IETF) and has been designed to overcome the current
shortage of addresses under TCP/IP version 4. TCP/IP version 6 also has some other
built in improvements that goes beyond the scope of the discussion here. The single
most important thing you will need to know for the 70-270 exam (a little more
depth may be needed for the upcoming Exam 70-275: Installing, Configuring and
Administering Microsoft .NET Server and Exam 70-276: Implementing and Administering
a Microsoft .NET Server Network Infrastructure) is that IPv6 addresses are 128
bits in length as opposed to 32 bits under IPv4.
Classless Inter-Domain Routing (CIDR) is a newer way to allocate IP addresses
that is more flexible than with the original Class addressing scheme used in the
past. This makes it so that the utilization of the number of remaining available
Internet addresses has been increased. CIDR is now the routing system used by
virtually all gateway hosts on the Internet's backbone network.
The original Internet Protocol defines IP addresses in five classes, Classes A
through E. Each of these classes allowed the use of one portion of the 32-bit
Internet address scheme to the network address and the remaining portion to the
nodes on the network. One of the main reason for the IP address shortage was in
the situation where many companies needed more than 254 host machines that were
allowed under the Class C scheme but far fewer than the 65,533 host addresses
of the Class B scheme. They would request a unique B Class address but often ended
up not using many of the addresses within their allotted block. This meant that
many addresses with their pool were unutilized. This is one of the main reasons
the IP address pool was drying up and for this reason the big push was on for
TCP/IP version 6 (IPv6) and its 128-bit address. Because many of the Internet
authorities realized that it would be some time before IPv6 was in widespread
use, Classless Inter-Domain Routing was born.
Using Classless Inter-Domain Routing, each IP address has a network prefix that
identifies either a collection of network gateways or an individual gateway. The
length of the network prefix is also specified as part of the IP address and varies
depending on the number of bits that are needed (rather than any arbitrary class
assignment structure). A destination IP address or route that describes many possible
destinations has a shorter prefix and is said to be less specific. A longer prefix
describes a destination gateway more specifically. Routers are required to use
the most specific or longest network prefix in the routing table when forwarding
packets.
A Classless Inter-Domain Routing network address looks like this: 201.44.112.00/18
201.44.112.00 is the address of the network and the "18" says that the first 18
bits are the network part of the address, leaving the last 14 bits for the address
of the node. (Effectively, the 18 is the subnet mask from the "old" style of address
classes.) Classless Inter-Domain Routing lets one routing table entry represent
a collection of networks that exist in the forward path that don't need to be
specified on that particular gateway. This collecting of networks in a single
address is sometimes referred to as a supernet as by their definition they mean
the same thing.
Classless Inter-Domain Routing is supported by The Border Gateway Protocol, the
prevailing exterior (interdomain) gateway protocol. (The older exterior or interdomain
gateway protocols, Exterior Gateway Protocol and Routing Information Protocol,
do not support Classless Inter-Domain Routing.) Classless Inter-Domain Routing
is also supported by the OSPF interior or intradomain gateway protocol.
Subnet Masks - Implementing subnewtorks (commonly referred to as subnets
in the field) helps to control network traffic. Every node on the same physical
Ethernet network sees all the packets of data sent out on the network. Often this
has the result of multiple collisions causing network performance to be slow.
Routers or gateways are used to separate networks into subnets. Subnet masks on
each of the nodes allow the nodes on the same subnetwork to continue to communicate
with one another and to the routers or gateways they use to send their messages.
Subnet masks allows you to identify the network ID and the host (node) ID of an
IP address.
Given the following example of a default B Class subnet mask:
10011110.00010101.00111001.01101111 158.21.57.111
11111111.11111111.00000000.00000000 255.255.000.000
--------------------------------------------------------
10010110.11010111.00000000.00000000 158.21.000.000
we can determine that the network ID is 158.21 and the host ID is 57.111
Network Address : 158.21.0.0
Subnet Address : 158.21.0.0
Subnet Mask : 255.255.0.0
Subnet bit mask : nnnnnnnn.nnnnnnnn.hhhhhhhh.hhhhhhhh
Subnet Bits : 16
Host Bits : 16
Possible Number of Subnets : 1
Hosts per Subnet : 65534
Additional bits can be added to the subnet mask for a given class of addresses
to subnet networks further.
Given the following example of a B Class address using an additional bit subnet
mask:
10011110.00010101.00111001.01101111 158.21.57.111
11111111.11111111.11110000.00000000 255.255.240.000 Subnet Mask
--------------------------------------------------------
10010110.11010111.00010000.00000000 150.215.016.000 Network address
Subnet Mask : 255.255.240.0
Subnet bit mask : nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
Subnet Bits : 20
Host Bits : 12
Possible Number of Subnets : 16
Hosts per Subnet : 4094
we can see that rather than having the single subnet and 65534 Hosts per Subnet
allowed under the default subnet mask we are able to have up to 16 subnets with
up to 4094 Hosts per Subnet by using a Subnet Mask of 255.255.240.000.
Selected Subnet : 158.21.0.0/255.255.240.0
Usable Addresses : 4094
Host range : 158.21.0.1 to 158.21.15.254
Broadcast : 158.21.15.255
| Subnet |
Mask |
Subnet |
Host Range |
Broadcast |
| 158.21.0.0 |
255.255.240.0 |
4094 |
158.21.0.1 to 158.21.15.254 |
158.21.15.255 |
| 158.21.16.0 |
255.255.240.0 |
4094 |
158.21.16.1 to 158.21.31.254 |
158.21.31.255 |
| 158.21.32.0 |
255.255.240.0 |
4094 |
158.21.32.1 to 158.21.47.254 |
158.21.47.255 |
| 158.21.48.0 |
255.255.240.0 |
4094 |
158.21.48.1 to 158.21.63.254 |
158.21.63.255 |
| 158.21.64.0 |
255.255.240.0 |
4094 |
158.21.64.1 to 158.21.79.254 |
158.21.79.255 |
| 158.21.80.0 |
255.255.240.0 |
4094 |
158.21.80.1 to 158.21.95.254 |
158.21.95.255 |
| 158.21.96.0 |
255.255.240.0 |
4094 |
158.21.96.1 to 158.21.111.254 |
158.21.111.255 |
| 158.21.112.0 |
255.255.240.0 |
4094 |
158.21.112.1 to 158.21.127.254 |
158.21.127.255 |
| 158.21.128.0 |
255.255.240.0 |
4094 |
158.21.128.1 to 158.21.143.254 |
158.21.143.255 |
| 158.21.144.0 |
255.255.240.0 |
4094 |
158.21.144.1 to 158.21.159.254 |
158.21.159.255 |
| 158.21.160.0 |
255.255.240.0 |
4094 |
158.21.160.1 to 158.21.175.254 |
158.21.175.255 |
| 158.21.176.0 |
255.255.240.0 |
4094 |
158.21.176.1 to 158.21.191.254 |
158.21.191.255 |
| 158.21.192.0 |
255.255.240.0 |
4094 |
158.21.192.1 to 158.21.207.254 |
158.21.207.255 |
| 158.21.208.0 |
255.255.240.0 |
4094 |
158.21.208.1 to 158.21.223.254 |
158.21.223.255 |
| 158.21.224.0 |
255.255.240.0 |
4094 |
158.21.224.1 to 158.21.239.254 |
158.21.239.255 |
| 158.21.240.0 |
255.255.240.0 |
4094 |
158.21.240.1 to 158.21.255.254 |
158.21.255.255 |
[NOTES FROM THE FIELD] - A subnet address cannot be all 0's or all
1's.
TCP/IP Class A Address Overview
The "A" class addressing scheme has an official start address of 0.0.0.0 and an
official last address of 127.255.255.255.
Not all of these address can be used and you will OFTEN see conflicting information
on this.
1.0.0.1 to 126.255.255.254 is the range of IP addresses that are included in the
"A" class addressing scheme that are the useable range for node assignment
126.255.255.255 is a broadcast address and in most case cannot be assigned. (There
are exceptions to the rule.)
The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is
set to use one and cannot assign itself an address using APIPA.
1.0.0.1 to 126.255.255.254 is the useable range.
There are 126 Class A networks total, each allowed to have up to 16,777,214 hosts
The 127.x.x.x range is used for internal host loopback
There are three IP network addresses reserved for private networks. 10.0.0.0 -
10.255.255.255 with the subnet mask 255.0.0.0 is the range for Class A IP addresses.
They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.
These addresses are defined in RFC 1918.
While 10.0.0.0 - 10.255.255.255 addresses with the subnet mask 255.0.0.0 are available
to only internal IP networks, they are still considered part of the Class "A"
range.
TCP/IP Class B Address Overview
The "B" class addressing scheme has an official start address of 128.0.0.0 and
an official last address of 191.255.255.255.
Not all of these address can be used and you will OFTEN see conflicting information
on this.
128.0.0.1 to 191.255.255.254 is the range of IP addresses that are included in
the "B" class addressing scheme that are the useable range for node assignment.
The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is
set to use one and cannot assign itself an address using APIPA.
There are three IP network addresses reserved for private networks. 172.16.0.0
- 172.31.255.255 with the subnet mask 255.240.0.0 is the range for Class B IP
addresses.
They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.
These addresses are defined in RFC 1918.
While 172.16.0.0 - 172.31.255.255 addresses with the subnet mask 255.240.0.0 are
available to only internal IP networks, they are still considered part of the
Class "B" range.
TCP/IP Class C Address Overview
The "C" class addressing scheme has an official start address of 192.0.0.0 and
an official last address of 223.255.255.255.
Not all of these address can be used and you will OFTEN see conflicting information
on this.
192.0.0.1 to 223.255.255.254 is the range of IP addresses that are included in
the "C" class addressing scheme that are the useable range for node assignment.
The local host will use 0.0.0.0 when it cannot reach a DHCP server when it is
set to use one and cannot assign itself an address using APIPA.
There are three IP network addresses reserved for private networks. 192.168.0.0
- 192.168.255.255 with the subnet mask 255.255.0.0 is the range for Class C IP
addresses.
They can be used by anyone setting up internal IP networks, such as a lab or home
LAN behind a NAT or proxy server or a router. It is always safe to use these because
routers on the Internet will never forward packets coming from these addresses.
These addresses are defined in RFC 1918.
While 192.168.0.0 - 192.168.255.255 addresses with the subnet mask 255.255.0.0
are available to only internal IP networks, they are still considered part of
the Class "C" range.
TCP/IP Class D Address Overview
The IP version 4 addresses of 224.0.0.0 through 239.255.255.255 are set aside
through IANA (Internet Assigned Numbers Authority) as a special class of addresses
for Multicast uses. At the present, ISPs are unable to allocate Class D address
space to their customers. These addresses must be allocated through IANA.
Class D addresses are only required if you wish to be a multicast source. You
can still receive multicast data without the need for a separate Class D address.
TCP/IP Class E Address Overview
The IP version 4 addresses of 240.0.0.0 to 254.255.255.255 are set aside through
IANA (Internet Assigned Numbers Authority) as a special class of addresses for
experimental and future use.
The IP address of 255.255.255.255 broadcasts to all hosts on the local network
and therefore, is not to be considered as part of the E class of IP addresses.
About the Author:
Jason Zandri has worked as a consultant, systems engineer and technical trainer
for a variety of corporate clients in Connecticut over the past five years and
currently holds the position of Technical Account Manager for Microsoft Corporation.
He has also written a number of COMPTIA and MICROSOFT prep tests for Boson
Software and holds a number of certifications from both companies. Currently,
he writes part time for a number of freelance projects, including numerous "HOW
TO" and best practices articles for 2000Trainers.com
and MCMCSE.com.
Originally published at http://www.techtutorials.com/tutorials/xp/xp_tcpip.shtml
|
|
