CCNA - Lammle Ch. 3
TCP Header
- 20 bytes long, or up to 24 bytes with options - Source port: This is the port number of the application on the host sending the data - Destination port: This is the port number of the application requested on the destination host - Sequence number: A number used by TCP that puts the data back in the correct order or retransmits missing or damaged data during a process called sequencing - Acknowledgment number: The value is the TCP octet that is expected next - Header length: The number of 32-bit words in the TCP header, which indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits in length. - Reserved: Always set to zero. - Code bits/flags: Controls functions used to set up and terminate a session - Window: The window size the sender is willing to accept, in octets - Checksum: The cyclic redundancy check (CRC), used because TCP doesn't trust the lower layers and checks everything. The CRC checks the header and data fields - Urgent: A valid field only if the Urgent pointer in the code bits is set. If so, this value indicates the offset from the current sequence number, in octets, where the segment of non-urgent data begins - Options: May be 0, meaning that no options have to be present, or a multiple of 32 bits. However, if any options are used that do not cause the option field to total a multiple of 32 bits, padding of 0s must be used to make sure the data begins on a 32-bit boundary. These boundaries are known as words - Data: Handed down to the TCP protocol at the Transport layer, which includes the upper-layer headers
DHCP Broadcast Example (Taken from a Network Analyzer)
- A client that sends out a DHCP Discover message in order to receive an IP address sends out a broadcast at both layer 2 and layer 3 - The layer 2 broadcast is all Fs in hex, which looks like this: ff:ff:ff:ff:ff:ff - The layer 3 broadcast is 255.255.255.255, which means all networks and all hosts. - DHCP is connectionless, which means it uses User Datagram Protocol (UDP) at the Transport layer, also known as the Host-to-Host layer
IP Address
- A numeric identifier assigned to each machine on an IP network - Designates the specific location of a device on the network - Designed to allow hosts on one network to communicate with a host on a different network regardless of the type of LANs the hosts are participating in - Consists of 32 bits of information divided into four sections, referred to as octets or bytes, with each containing 1 byte (8 bits)
Unicast Address
- A single IP address that's assigned to a network interface card and is the destination IP address in a packet - Used for directing packets to a specific host - Both the MAC address and the destination IP address are for a single NIC on the network - All hosts on the broadcast domain would receive the frame and accept it - Only the destination NIC would accept the packet; the other NICs would discard the packet
Hierarchical IP Addressing Scheme Advantage
- A structured or hierarchical address, as opposed to a flat or nonhierarchical address - Can handle a large number of addresses, namely 4.3 billion (a 32-bit address space with two possible values for each position—either 0 or 1—gives you 232, or 4,294,967,296) - The disadvantage of the flat addressing scheme, and the reason it's not used for IP addressing, relates to routing - If every address were unique, all routers on the Internet would need to store the address of each and every machine on the Internet - This would make efficient routing impossible, even if only a fraction of the possible addresses were used
Process/Application Layer
- A vast array of protocols join forces and integrate the various activities and duties spanning the focus of the OSI's corresponding top three layers (Application, Presentation, and Session) - Defines protocols for node-to-node application communication and controls user-interface specifications
File Transfer Protocol (FTP)
- Allows for transfer of files between any two machines using it - Is program as well as a protocol; operating as a protocol, it is used by applications; as a program, it is employed by users to perform file tasks by hand - Allows for access to both directories and files and can accomplish certain types of directory operations, such as relocating into different ones - After accessing a host , users must then be subjected to an authentication login that's usually secured with passwords and usernames implemented by system administrators to restrict access - Even when employed by users manually as a program, functions are limited to listing and manipulating directories, typing file contents, and copying files between hosts - Cannot execute remote files as programs
Hypertext Transfer Protocol Secure (HTTPS)
- Also known as Secure Hypertext Transfer Protocol - Uses Secure Sockets Layer (SSL) - Sometimes referred to as SHTTP or S-HTTP, which were slightly different protocols, but since Microsoft supported HTTPS, it became the de facto standard for securing web communication - A secure version of HTTP that armed with security tools for keeping transactions between a web browser and a server secure - What a browser needs to fill out forms, sign in, authenticate, and encrypt an HTTP message when performing functions online like making a reservation, accessing a bank, or making a purchase
Layer 2 Broadcasts
- Also known as hardware broadcasts—they only go out on a LAN, but they don't go past the LAN boundary (router) - The typical hardware address is 6 bytes (48 bits); 45:AC:24:E3:60:A5 - The broadcast would be all 1s in binary, which would be all Fs in hexadecimal, as in ff:ff:ff:ff:ff:ff - Every network interface card (NIC) will receive and read the frame, including the router, since this was a layer 2 broadcast, but the router would never forward
Node Address
- Assigned to, and uniquely identifies, each machine on a network - Must be unique because it identifies a particular machine—an individual—as opposed to a network, which is a group - Can also be referred to as a host address - In the IP address 172.16.30.56, the 30.56 specifies the node address
Dynamic Host Configuration Protocol (DHCP)
- Assigns IP addresses to hosts - Allows for easier administration and works well in small to very large network environments - Many types of hardware can be used as a DHCP server, including a Cisco router - Differs from BootP in that BootP assigns an IP address to a host but the host's hardware address must be entered manually in a BootP table - Considered dynamic BootP - Cannot send an operating system that a host can boot from
Bootstrap Protocol (BootP)
- Assigns an IP address to a host but the host's hardware address must be entered manually in a BootP table - Used to send an operating system that a host can boot from
Three Classes of Networks
- Based on network size: Class A - For the small number of networks possessing a very large number of nodes Class B - The class distinction for networks between very large and very small Class C - Reserved for the numerous networks with a small number of nodes
TCP Process
- Before a transmitting host starts to send segments down the model, the sender's TCP stack contacts the destination's TCP stack to establish a connection - This creates a virtual circuit, and this type of communication is known as connection-oriented - During this initial handshake, the two TCP layers also agree on the amount of information that's going to be sent before the recipient's TCP sends back an acknowledgment - With everything agreed upon in advance, the path is paved for reliable communication to take place
Private IP Addresses (RFC 1918)
- Can be used on a private network, but are not routable through the Internet - Designed for the purpose of creating a measure of security, but also saves valuable IP address space - By using , ISPs, corporations, and home users only need a relatively tiny group of bona fide IP addresses to connect their networks to the Internet - Network Address Translation (NAT) converts it for use on the Internet
Automatic Private IP Addressing (APIPA)
- Clients can automatically self-configure an IP address and subnet mask—basic IP information that hosts use to communicate—when a DHCP server isn't available - IP address range is 169.254.0.1 through 169.254.255.254 - Client configures itself with a default Class B subnet mask of 255.255.0.0
UDP Segment Format
- Source port: Port number of the application on the host sending the data Destination port: Port number of the application requested on the destination host Length: Length of UDP header and UDP data Checksum: Checksum of both the UDP header and UDP data fields Data: Upper-layer data
Simple Network Management Protocol (SNMP)
- Collects and manipulates valuable network information - It gathers data by polling the devices on the network from a network management station (NMS) at fixed or random intervals, requiring them to disclose certain information, or even asking for certain information from the device - Network devices can inform the NMS station about problems as they occur so the network administrator is alerted - When all is well, receives something called a baseline—a report delimiting the operational traits of a healthy network - Can also stand as a watchdog over the network, quickly notifying managers of any sudden turn of events - These network watchdogs are called agents, and when aberrations occur, agents send an alert called a trap to the management station
Internet Layer
- Corresponds to the OSI's Network layer, designating the protocols relating to the logical transmission of packets over the entire network - Takes care of the addressing of hosts by giving them an IP (Internet Protocol) address and handles the routing of packets among multiple networks
Protocol Field in an IP header
- Demonstrates how the Network Layer sees the protocols at the Transport Layer when it needs to hand a packet up to the upper-layer protocols - The Protocol field tells IP to send the data to either TCP port 6 or UDP port 17 - Will be UDP or TCP only if the data is part of a data stream headed for an upper-layer service or application - Could just as easily be destined for Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), or some other type of Network layer protocol
Common ICMP Events and Messages
- Destination unreachable: If a router can't send an IP datagram any further, it uses ICMP to send a message back to the sender, advising it of the situation - Buffer full/source quench: If a router's memory buffer for receiving incoming datagrams is full, it will use ICMP to send out this message alert until the congestion abates - Hops/time exceeded: Each IP datagram is allotted a certain number of routers, called hops, to pass through. If it reaches its limit of hops before arriving at its destination, the last router to receive that datagram deletes it. The executioner router then uses ICMP to send an obituary message, informing the sending machine of the demise of its datagram - Ping: Packet Internet Groper (Ping) uses ICMP echo request and reply messages to check the physical and logical connectivity of machines on an internetwork - Traceroute: Using ICMP time-outs, Traceroute is used to discover the path a packet takes as it traverses an internetwork *Both Ping and Traceroute are usually just called Trace*
Network Time Protocol (NTP)
- Developed by Professor David Mills of the University of Delaware - Used to synchronize the clocks on computers to one standard time source (typically, an atomic clock) - Works by synchronizing devices to ensure that all computers on a given network agree on the time
Three Methods of Depicting IP Addresses
- Dotted-decimal, as in 172.16.30.56 - Binary, as in 10101100.00010000.00011110.00111000 - Hexadecimal, as in AC.10.1E.38
Multicast Address
- Enables multiple recipients to receive messages without flooding the messages to all hosts on a broadcast domain - Works by sending messages or data to IP multicast group addresses; routers then forward copies of the packet out to every interface that has hosts subscribed to that group address - Copies of packets, in theory, are sent only to subscribed hosts; packets are EIGRP, and only a router running the EIGRP protocol will read them - All hosts on the broadcast LAN, and Ethernet is a broadcast multi-access LAN technology, will pick up the frame, read the destination address, then immediately discard the frame unless they're in the multicast group - The range of addresses starts with 224.0.0.0 and goes through 239.255.255.255
Internet Protocol (IP)
- Essentially is the Internet layer, the other protocols found here merely exist to support it - Holds the big picture and could be said to "see all," because it's aware of all the interconnected networks - All the machines on the network have a software, or logical, address called an IP address - Looks at each packet's address, then, using a routing table, decides where a packet is to be sent next, choosing the best path to send it upon - Protocols of the Network Access Layer at the bottom of the DoD model only with physical links (local networks)
ICMP Echo Request (Taken from a Network Analyzer)
- Even though ICMP works at the Internet (Network) layer, it still uses IP to do the Ping request - The Type field in the IP header is 0x01, which specifies that the data being carried is owned by the ICMP protocol
Class A Valid Host IDs
- Example of how to figure out the valid host IDs in a Class A network address: * All host bits off is the network address: 10.0.0.0 * All host bits on is the broadcast address: 10.255.255.255 - The valid hosts are the numbers in between the network address and the broadcast address: 10.0.0.1 through 10.255.255.254 - The host bits can't all be turned off or on at the same time
Class C Valid Host IDs
- Example of how to find a valid host ID in a Class C network: * All host bits turned off is the network ID: 192.168.100.0. * All host bits turned on is the broadcast address: 192.168.100.255 - The valid hosts would be the numbers in between the network address and the broadcast address: 192.168.100.1 through 192.168.100.254
Class B Valid Host IDs
- Example of how to find the valid hosts in a Class B network: * All host bits turned off is the network address: 172.16.0.0. * All host bits turned on is the broadcast address: 172.16.255.255 - The valid hosts would be the numbers in between the network address and the broadcast address: 172.16.0.1 through 172.16.255.254
Address Resolution Protocol (ARP)
- Finds the hardware address of a host from a known IP address - As IP's detective, ARP interrogates the local network by sending out a broadcast asking the machine with the specified IP address to reply with its hardware address - Translates the software (IP) address into a hardware address—for example, the destination machine's Ethernet adapter address—and from it, deduces its whereabouts on the LAN by broadcasting for this address
Requests for Comments (RFCs)
- Form a series of notes about the Internet (originally the ARPAnet) began in 1969 - Discuss many aspects of computer communication, focusing on networking protocols, procedures, programs, and concepts
IPv4 Address Types
- Loopback (localhost): Used to test the IP stack on the local computer. Can be any address from 127.0.0.1 through 127.255.255.254 - Layer 2 broadcasts: These are sent to all nodes on a LAN - Broadcasts (layer 3): These are sent to all nodes on the network - Unicast: This is an address for a single interface, and these are used to send packets to a single destination host - Multicast: These are packets sent from a single source and transmitted to many devices on different networks. Referred to as "one-to-many"
DHCP Conflicts
- Occurs when two hosts use the same IP address - During IP address assignment, a DHCP server checks for conflicts using the Ping program to test the availability of the address before it's assigned from the pool - If no host replies, then the DHCP server assumes that the IP address is not already allocated - This helps the server know that it's providing a good address - To provide extra protection against that terrible IP conflict issue, the host can broadcast for its own address - A host uses something called a gratuitous ARP to help avoid a possible duplicate address - The DHCP client sends an ARP broadcast out on the local LAN or VLAN using its newly assigned address to solve conflicts before they occur - If an IP address conflict is detected, the address is removed from the DHCP pool (scope) - The address will not be assigned to a host until the administrator resolves the conflict by hand
Telnet
- One of the first Internet standards, developed in 1969, and is the chameleon of protocols—its specialty is terminal emulation - Allows a user on a remote client machine, called the Telnet client, to access the resources of another machine, the Telnet server, in order to access a command-line interface - Achieves this by making the client machine appear as though it were a terminal directly attached to the local network; projection is actually a software image—a virtual terminal that can interact with the chosen remote host - There are no encryption techniques available, so everything must be sent in clear text, including passwords - Emulated terminals are of the text-mode type and can execute defined procedures such as displaying menus that give users the opportunity to choose options and access the applications on the duped server - Users begin a session by running the client software and then logging into the server - Uses an 8-bit, byte-oriented data connection over TCP, which makes it very thorough
Host-to-Host Layer
- Parallels the functions of the OSI's Transport layer, defining protocols for setting up the level of transmission service for applications - Tackles issues like creating reliable end-to-end communication and ensuring the error-free delivery of data - Handles packet sequencing and maintains data integrity - Shields the upper-layer applications from the complexities of the network
Identifying Devices on Networks
- Requires answering two questions: 1. Which network is it on? 2. What is its ID on that network? - The first answer is the software address, or logical address; considered to be the part of the address that specifies the correct street (network) - The second answer is the hardware address, which goes a step further to specify the correct mailbox (device) - IP receives segments from the Host-to-Host layer and fragments them into datagrams (packets) if necessary - IP then reassembles datagrams back into segments on the receiving side - Each datagram is assigned the IP address of the sender and that of the recipient - Each router or switch (layer 3 device) that receives a datagram makes routing decisions based on the packet's destination IP address
Domain Name Service (DNS)
- Resolves hostnames—specifically, Internet names - Allows for the use of a domain name to specify an IP address - To resolve an address from a host, type in the URL from a browser, which then hands the data to the Application layer interface to be transmitted on the network - The application would look up the address and send a UDP request to the server to resolve the name - If the first server doesn't know the answer to the query, then the server forwards a TCP request to its root server - Once the query is resolved, the answer is transmitted back to the originating host, which means the host can now request the information from the correct web server - Used to resolve a fully qualified domain name (FQDN) - if a device can be pinged with an IP address but cannot use its FQDN, then you might have some type of configuration failure
TCP Segment Format
- Segments a data stream and prepares it for the Internet layer - When the Internet layer receives the data stream, it routes the segments as packets through an internetwork - The segments are handed to the receiving host's Host-to-Host layer protocol, which rebuilds the data stream for the upper-layer applications or protocols
ICMP Illustration
- Server1 (10.1.2.2) telnets to 10.1.1.5 from a DOS prompt - Server1 will send the Telnet data to the default gateway, which is the router, and the router will drop the packet because there isn't a network 10.1.1.0 in the routing table - Server1 will receive an ICMP destination unreachable back from the router
Secure Shell (SSH)
- Sets up a secure session that's similar to Telnet over a standard TCP/IP connection and is employed for doing things like logging into systems, running programs on remote systems, and moving files from one system to another - Performs all functions while maintaining an encrypted connection
Trivial File Transfer Protocol (TFTP)
- Stripped-down, stock version of FTP; fast and easy to use - Doesn't offer the abundance of functions that FTP does because it has no directory-browsing abilities, meaning that it can only send and receive files - Heavily used for managing file systems on Cisco devices - Sends much smaller blocks of data than FTP - No authentication as with FTP; less secure
Transmission Control Protocol (TCP)
- Takes large blocks of information from an application and breaks them into segments - Numbers and sequences each segment so that the destination's TCP stack can put the segments back into the order the application intended - After these segments are sent on the transmitting host, waits for an acknowledgment of the receiving end's virtual circuit session, retransmitting any segments that aren't acknowledged - A full-duplex, connection-oriented, reliable, and accurate protocol - Very complicated and costly in terms of network overhead
TCP Session: Syn Packet Acknowledgment (Taken from a Network Analyzer)
- The Ack is valid, which means that the source port was accepted and the device agreed to create a virtual circuit with the originating host - The response from the server shows that the source is 80 and the destination is the 1144 sent from the originating host—all's well
IP Packet Example (Taken from a Network Analyzer)
- The Type field is typically a Protocol field, but this analyzer sees it as an IP Type field - If the header didn't carry the protocol information for the next layer, IP wouldn't know what to do with the data carried in the packet - The example clearly tells IP to hand the segment to TCP
Broadcast address
- The address used by applications and hosts to send information to all nodes on a network - Examples of layer 3 broadcasts include 255.255.255.255, which is any network, all nodes; 172.16.255.255, which is all subnets and hosts on network 172.16.0.0; and 10.255.255.255, which broadcasts to all subnets and hosts on network 10.0.0.0
Network Address Ranges: Classes D and E
- The addresses between 224 to 255 are reserved for Class D and E networks - Class D (224- 239) is used for multicast addresses - Class E (240-255) is used for scientific purposes
Network Access Layer
- The equivalent of the Data Link and Physical layers of the OSI model - Oversees hardware addressing and defines protocols for the physical transmission of data - Implements the data exchange between the host and the network
Network Address Range: Class C
- The first 2 bits of the first octet as always turned on, but the third bit can never be on - Defined when the first byte is configured from 192 to 223 - Range: 11000000 = 192 11011111 = 223
Class B Addresses
- The first 2 bytes are assigned to the network address and the remaining 2 bytes are used for node addresses - The format is as follows: network.network.node.node - With a network address being 2 bytes (8 bits each), you get 2¹⁶ unique combinations - All addresses in this network start with the binary digit 1, then 0 - This leaves 14 bit positions to manipulate, therefore 16,384, or 2¹⁴ unique network addresses - That is 2¹⁶ minus the two reserved patterns of all 0s and all 1s for a total of 65,534 possible node addresses for each network
Class C Addresses
- The first 3 bytes of this network address are dedicated to the network portion of the address, with only 1 measly byte remaining for the node address - Format: network.network.network.node - The first three bit positions are always the binary 110 - The calculation is as follows: 3 bytes, or 24 bits, minus 3 reserved positions leaves 21 positions - There are 2²¹, or 2,097,152, possible networks - Each unique network has 1 byte to use for node addresses - This leads to 2⁸, or 256, minus the two reserved patterns of all 0s and all 1s, for a total of 254 node addresses for each network
Network Address Range: Class A
- The first bit of the first byte in must always be off, or 0 - The address must be between 0 and 127 in the first byte, inclusive - Defined in the first octet between 0 and 127, and it can't be less or more - 0 and 127 are not valid because they're reserved addresses - Range: 00000000 = 0 01111111 = 127
Network Address Range: Class B
- The first bit of the first byte must always be turned on but the second bit must always be turned off - Defined when the first byte is configured from 128 to 191 - Range: 10000000 = 128 10111111 = 191
Class A Addresses
- The first byte is assigned to the network address and the three remaining bytes are used for the node addresses - The format is as follows: network.node.node.node - Network addresses are 1 byte long, with the first bit of that byte reserved and the 7 remaining bits available for manipulation (addressing) - The maximum number of networks that can be created is 128, because each of the 7 bit positions can be either a 0 or a 1, thus 2⁷, or 128 - The network address of all 0s (0000 0000) is reserved to designate the default route - Additionally, the address 127, which is reserved for diagnostics, can't be used either, which means that only numbers 1 to 126 to can be used to designate a network address - The actual number of usable network addresses is 128 minus 2, or 126 - Each address has 3 bytes (24-bit positions) for the node address of a machine - This means there are 2²⁴—or 16,777,216—unique combinations and, therefore, precisely that many possible unique node addresses for each network - Because node addresses with the two patterns of all 0s and all 1s are reserved, the actual maximum usable number of nodes for a network is 2²⁴ minus 2, which equals 16,777,214
Layer 3 Broadcasts
- The network broadcasts that have all host bits on - Broadcasts can also be "any network and all hosts," as indicated by 255.255.255.255 - All hosts on the LAN will get the broadcast on their NIC, including the router, but by default the router would never forward the packet
User Datagram Protocol (UDP)
- The scaled-down economy model of TCP; sometimes referred to as a thin protocol; doesn't require much bandwidth on a network - Transports information that doesn't require reliable delivery, using far less network resources - Does not sequence the segments and does not care about the order in which the segments arrive at the destination - Sends segments off and forgets about them; doesn't follow through, check up on them, or even allow for an acknowledgment of safe arrival; referred to as an unreliable protocol - Doesn't create a virtual circuit, nor does it contact the destination before delivering information to it: also considered a connectionless protocol - Assumes that the application will use its own reliability method - If the segments arrive out of order, which is commonplace in IP networks, they'll simply be passed up to the next layer in whatever order they were received
IP Address
- The software, or logical, address and contains valuable encoded information, greatly simplifying the complex task of routing - All hosts on a network have a logical ID called an IP address
TCP Session: Source Port (Taken from a Network Analyzer)
- The source host makes up the source port, which in this case is 5973, by using numbers from 1024 to 65535 - The destination port is 23, which is used to tell the receiving host the purpose of the intended connection (Telnet) - TCP and the upper layers don't use hardware and logical addresses to understand the sending host's address as the Data Link and Network Layer protocols do
TCP Session: Destination Port (Taken from a Network Analyzer)
- The source port is over 1024, but the destination port is 80, indicating an HTTP service - The server, or receiving host, will change the destination port if it needs to - In the preceding trace, a "SYN" packet is sent to the destination device - This Synch (as shown in the output) sequence is what's used to inform the remote destination device that it wants to create a session
ICMP Packet Characteristics
- They can provide hosts with information about network problems - They are encapsulated within IP datagrams
Network Address
- Uniquely identifies each network - Every machine on the same network shares that network address as part of its IP address - In the IP address 172.16.30.56, 172.16 is the network address
Port Numbers for TCP and UDP
- Used by TCP and UDP to communicate with the upper layers because these are what keep track of different conversations crossing the network simultaneously - Originating-source port numbers are dynamically assigned by the source host and will equal some number starting at 1024; used by the upper layers to set up sessions with other hosts and by TCP and UDP to use as source and destination addresses in the segment - 1023 and below are defined in RFC 3232, which discusses well-known port numbers - Virtual circuits that don't use an application with a well-known port number are assigned port numbers randomly from a specific range instead - Identify the source and destination application or process in the TCP segment
Session Multiplexing
- Used by both TCP and UDP and basically allows a single computer, with a single IP address, to have multiple sessions occurring simultaneously - When a webpage is open, and a link to another page is clicked, another browser session is open to the host - Multiple browser session can be opened using one IP address because the Session Layer is sorting the separate requests based on the Transport Layer port number. - The Session Layer keeps application layer data separate
Hypertext Transfer Protocol (HTTP)
- Used to manage communications between web browsers and web servers and opens the right resource when a link is clicked, wherever that resource may actually reside - In order for a browser to display a web page, it must find the exact server that has the right web page, plus the exact details that identify the information requested - This information must be then be sent back to the browser - A browser can understand what is needed when someone enters a Uniform Resource Locator (URL), which is usually refered to as a web address - Each URL defines the protocol used to transfer data, the name of the server, and the particular web page on that server
IP Header
- Version: IP version number - Header length: Header length (HLEN) in 32-bit words - Priority and Type of Service: Type of Service tells how the datagram should be handled. The first 3 bits are the priority bits, now called the differentiated services bits - Total length: Length of the packet, including header and data - Identification: Unique IP-packet value used to differentiate fragmented packets from different datagrams - Flags Specifies whether fragmentation should occur - Fragment offset Provides fragmentation and reassembly if the packet is too large to put in a frame. It also allows different maximum transmission units (MTUs) on the Internet - Time To Live: The time to live (TTL) is set into a packet when it is originally generated. If it doesn't get to where it's supposed to go before the TTL expires, boom—it's gone. This stops IP packets from continuously circling the network looking for a home - Protocol: Port of upper-layer protocol; for example, TCP is port 6 or UDP is port 17. Also supports Network layer protocols, like ARP and ICMP, and can referred to as the Type field in some analyzers - Header checksum: Cyclic redundancy check (CRC) on header only - Source IP address: 32-bit IP address of sending station - Destination IP address: 32-bit IP address of the station this packet is destined for - Options: Used for network testing, debugging, security, and more Data: After the IP option field, will be the upper-layer data
How ARP Works
- When IP has a datagram to send, it must inform a Network Access protocol, such as Ethernet or wireless, of the destination's hardware address on the local network - It has already been informed by upper-layer protocols of the destination's IP address - If IP doesn't find the destination host's hardware address in the ARP cache, it uses ARP to find this information
Internet Control Message Protocol (ICMP)
- Works at the Network layer and is used by IP for many different services - Basically a management protocol and messaging service provider for IP - Its messages are carried as IP datagrams - RFC 1256 is an annex to ICMP, which gives hosts extended capability in discovering routes to gateways
Two Main Purposes of the Internet Layer
1. Routing - In the DoD model, none of the other upper- or lower-layer protocols have any functions relating to routing; exclusive to the Internet Layer 2. Provide a single network interface to the upper layers - Without this layer, application programmers would need to write "hooks" into every one of their applications for each different Network Access protocol; would lead to different versions of each application—one for Ethernet, another one for wireless, and so on *All the other protocols at this layer, as well as all those at the upper layers, use IP*
DHCP Client Four-Step Process
1. The DHCP client broadcasts a DHCP Discover message looking for a DHCP server (Port 67) 2. The DHCP server that received the DHCP Discover message sends a layer 2 unicast DHCP Offer message back to the host 3. The client then broadcasts to the server a DHCP Request message asking for the offered IP address and possibly other information 4. The server finalizes the exchange with a unicast DHCP Acknowledgment message
Byte
7 or 8 bits, depending on whether parity is used
DoD Reference Model
A condensed version of the OSI model that comprises four instead of seven layers: - Process/Application layer - Host-to-Host layer/or Transport - Internet layer - Network Access layer/or Link When the different protocols in the IP stack are discussed, the layers of the OSI and DoD models are interchangeable
Hierarchical IP Addressing Scheme
A two- or three-level hierarchical addressing scheme that is structured by network and host or by network, subnet, and host
Common Information on a DHCP Aerver
IP address Subnet mask Domain name Default gateway (routers) DNS server address WINS server address
Internet Layer Protocols
Internet Protocol (IP) Internet Control Message Protocol (ICMP) Address Resolution Protocol (ARP)
Octet
Made up of 8 bits, is just an ordinary 8-bit binary number
Bit
One digit, either a 1 or a 0
Process/Application Layer Protocols
Telnet SSH FTP TFTP SNMP HTTP HTTPS NTP DNS DHCP/BootP
Network Address
The designation used in routing to send packets to a remote network—for example, 10.0.0.0, 172.16.0.0, and 192.168.10.0
Host-to-Host Layer Protocols
Transmission Control Protocol (TCP) User Datagram Protocol (UDP)
