tcp/ip week 1

Protocol Data Unit (PDU)

A generic term referring to the header defined by some layer of a networking model, and the data encapsulated by the header (and possibly trailer) of that layer, but specifically not including any lower-layer headers and trailers.

cable segment

A length of cable between two network devices, such as a NIC and a switch. Any intermediate passive (unpowered) devices, such as wall jacks, are considered part of the total segment length.

Divide and Conquer

A program design strategy in which tasks are broken down into subtasks, which are broken down into sub-subtasks, and so on, until each piece is small enough to code comfortably. These pieces work together to accomplish the total job.

Best Current Practice (BCP)

A specific type of Internet RFC document that outlines the best ways to design, implement, and maintain TCP/IP-based networks.

Point-to-point transmission

A type of network communication in which pairs of devices establish a communications link to exchange data with one another; the most common type of connection used when communicating with an Internet service provider.

historic standard

An Internet RFC that was superseded by a newer, more current version.

well known port numbers

Definition:A 16-bit number that identifies a preassigned value associated with some well-known Internet protocol or service that operates at the TCP/IP Application layer. Most well-known port numbers fall in the range from 0 to 1024, but IANA (see www.iana.org) also documents registered port numbers above that range that behave likewise. Also called a well-known port address.

port numbers

Definition:A 16-bit number that identifies either a well-known application service or a dynamically assigned port number for a transitory sender-receiver exchange of data through TCP or UDP. Also referred to as a port address.

congestion control

Definition:A TCP mechanism, also available from other protocols, that permits network hosts to exchange information about their ability to handle traffic volumes and thereby causes senders to decrease or increase the frequency and size of their upcoming communications.

registered port

Definition:A TCP or UDP port number in the range from 1024 to 65535 and associated with a specific Application layer protocol or service. IANA maintains a registered port number list at www.iana.org.

TCP/IP

Definition:The name of the standard protocols and services in use on the Internet, denoted by the names of the two key constituent protocols: the Transmission Control Protocol, or TCP, and the Internet Protocol, or IP.

port number

Definition:The sender's port address for a TCP or UDP PDU.

network interface controller

The circuitry that enables a device to access a LAN

network layer

The third layer in the OSI model. Protocols in this layer translate network addresses into their physical counterparts and decide how to route data from the sender to the receiver.

network analysis

another term for protocol analysis

internet standard

An RFC document that specifies the rules, structure, and behavior of a current Internet protocol or service. Also called a Standard RFC.

Point to point tunneling protocol

Definition:A Layer 2 or TCP/IP Network Interface layer protocol that allows a client and a server to establish a secure, encrypted communications link for just about any kind of PPP traffic.

Point-to-Point Protocol (PPP)

Definition:A Layer 2 or TCP/IP Network Interface layer protocol that permits a client and a server to establish a communications link that can accommodate a variety of higher-layer protocols, including IP. Today's most widely used serial line protocol for making Internet connections.

draft standard

Definition:A Standard RFC that has gone through the draft process, been approved, and for which two reference implementations must be shown to work together before it can move on to Internet Standard status.

registered ports

Definition:A TCP or UDP port number in the range from 1024 to 65535 and associated with a specific Application layer protocol or service. IANA maintains a registered port number list at www.iana.org.

remote monitoring

Definition:A TCP/IP Application layer protocol designed to support remote monitoring and management of networking devices, such as hubs, servers, and routers.

network services

Definition:A TCP/IP term for a protocol/service combination that operates at the Application layer in the TCP/IP network model.

network file system

Definition:A TCP/IP-based, networkdistributed file system that permits users to treat files and directories on machines elsewhere on a network as an extension of their local desktop file systems.

CSMA/CD

Definition:A formal name for Ethernet's contention management approach. CSMA means "listen before attempting to send" (to make sure no later message tramples on an earlier one) and "listen while sending" (to make sure messages sent at roughly the same time don't collide with one another).

Carrier Sense Multiple Access with Collision Detection (CSMA/CD)

Definition:A formal name for Ethernet's contention management approach. CSMA means "listen before attempting to send" (to make sure no later message tramples on an earlier one) and "listen while sending" (to make sure messages sent at roughly the same time don't collide with one another).

pcap

Definition:A generic term (short for "protocol capture") for a special network interface driver designed to permit capture of all network traffic in promiscuous mode while running. Though originally associated with the tcpdump open source command-line protocol analyzer, pcap is widely used in protocol analyzers today, including the one chosen as a teaching tool for this book, the Wireshark protocol analyzer.

packet

Definition:A generic term for a PDU at any layer in a networking model. The term is properly applied to PDUs at Layer 3, or the TCP/IP Internet layer.

packets

Definition:A generic term for a PDU at any layer in a networking model. The term is properly applied to PDUs at Layer 3, or the TCP/IP Internet layer.

addressing

Definition:A method of assigning a unique symbolic name or numerical identifier to an individual network interface on a network segment to make every such interface uniquely identifiable (and addressable).

capture filter

Definition:A method used to identify specific packets that should be captured into a trace buffer based on some packet characteristic, such as source or destination address.

capture filters

Definition:A method used to identify specific packets that should be captured into a trace buffer based on some packet characteristic, such as source or destination address.

protocol suite

Definition:A named family of networking protocols, such as TCP/IP where each such family enables computers to communicate across a network.

ethernet

Definition:A network access protocol based on carrier sense, multiple access, and collision detection.

virtual private network

Definition:A network connection (containing one or more packaged protocols) between a specific sender and receiver in which information sent is often encrypted. A VPN uses public networks—like the Internet—to deliver secure, private information from sender to receiver.

packet switched network

Definition:A network in which data packets may take any usable path between sender and receiver, where sender and receiver are identified by unique network addresses and there's no requirement that all packets follow the same path in transit (although they often do).

connectionless

Definition:A networking protocol that does not require network senders and receivers to exchange information about their availability or ability to communicate; also known as "best-effort delivery."

socket address

Definition:A numeric TCP/IP address that concatenates a network host's numeric IP address (first 4 bytes) with the port address for some specific process or service on that host (last 2 bytes) to uniquely identify that process across the entire Internet.

pcapng

Definition:A packet capture driver used in Wireshark beginning with version 1.8 and developed to overcome limitations in the libpcap format. The term pcapng is short for "PCAP Next Generation."

multicast packets

Definition:A packet sent to a group of devices, often multiple routers. multiplexing The process whereby multiple individual data streams from Application layer processes are joined together for transmission by a specific TCP/IP transport protocol through the IP protocol.

unicast packet

Definition:A packet sent to a single device on the network.

unicast packets

Definition:A packet sent to a single device on the network.

checkpoint

Definition:A point in time at which all system state and information is captured and saved so that, after a subsequent failure in systems or communications, operations can resume at that point in time, with no further loss of data or information.

checkpoints

Definition:A point in time at which all system state and information is captured and saved so that, after a subsequent failure in systems or communications, operations can resume at that point in time, with no further loss of data or information.

destination port number

Definition:A port address for incoming TCP/IP communication that identifies a target application or service process.

protocol

Definition:A precise set of standards that governs communications between computers on a network. Many protocols function in one or more layers of the OSI reference model.

protocols

Definition:A precise set of standards that governs communications between computers on a network. Many protocols function in one or more layers of the OSI reference model.

IEEE 8o2

Definition:A project undertaken by the IEEE in 1980 that covers Physical and Data Link layers for networking technologies in general (802.1 and 802.2), plus specific networking technologies, such as Ethernet (802.3).

Transmission Control Protocol (TCP)

Definition:A robust, reliable, connection-oriented protocol that operates at the Transport layer in both the TCP/IP and ISO/OSI reference models and that gives TCP/IP part of its name.

layers

Definition:A single component or facet in a networking model that handles one particular aspect of network access or communications.

LOCAL area networks

Definition:A single network cable segment, subnet, or logical network community that represents a collection of machines that can communicate with one another more or less directly (using MAC addresses).

Local Area Network (LAN)

Definition:A single network cable segment, subnet, or logical network community that represents a collection of machines that can communicate with one another more or less directly (using MAC addresses).

checksum

Definition:A special mathematical value that represents the contents of a message so precisely that any change in the contents will cause a change in the checksum—calculated before and after network transmission of data and then compared. If transmitted and calculated checksums agree, the?assumption is that the data arrived unaltered.

checksums

Definition:A special mathematical value that represents the contents of a message so precisely that any change in the contents will cause a change in the checksum—calculated before and after network transmission of data and then compared. If transmitted and calculated checksums agree, the?assumption is that the data arrived unaltered.

packet filter

Definition:A specific collection of inclusion or exclusion rules that is applied to a stream of network packets and determines what is captured (and what is ignored) from the original input stream.

broadcasts

Definition:A specific type of network transmission (and address) meant to be noticed and read by all recipients on any cable segment where that transmission appears; a way of reaching all addresses on any network.

well known services

Definition:A synonym for a recognizable TCP/IP protocol or service; these assignments are documented at the IANA site (www.iana.org).

well-known service

Definition:A synonym for a recognizable TCP/IP protocol or service; these assignments are documented at the IANA site (www.iana.org).

process layer

Definition:A synonym for the TCP/IP Application layer, where high-level protocols and services, such as FTP and Telnet, operate.

application process

Definition:A system process that represents a specific type of network application or service.

dynamically assigned port address

Definition:A temporary TCP or UDP port number allocated to permit a client and server to exchange data with each other only as long as their connection remains active.

session

Definition:A temporary, but ongoing, exchange of messages between a sender and a receiver on a network.

pre-filter

Definition:A type of data filter applied to a raw input stream in a protocol analyzer that selects only packets that meet its criteria for capture and retention. Because it is applied before data is captured, it's called a pre-filter.

pre-filters

Definition:A type of data filter applied to a raw input stream in a protocol analyzer that selects only packets that meet its criteria for capture and retention. Because it is applied before data is captured, it's called a pre-filter.

broadcast packet

Definition:A type of network transmission intended for delivery to all devices on the network. The Ethernet broadcast address is 0xff-ff-ff-ff-ff-ff for IPv6 and 255.255.255.255 for IPv4.

broadcast packets

Definition:A type of network transmission intended for delivery to all devices on the network. The Ethernet broadcast address is 0xff-ff-ff-ff-ff-ff for IPv6 and 255.255.255.255 for IPv4.

connection-oriented

Definition:A type of networking protocol that relies on explicit communications and negotiations between sender and receiver to manage delivery of data between the two parties.

well known protocols

Definition:An 8-bit number in the header of an IP packet that identifies the protocol in use, as per IANA (at www.iana.org).

well-known protocol

Definition:An 8-bit number in the header of an IP packet that identifies the protocol in use, as per IANA (at www.iana.org).

protocol number

Definition:An 8-bit numeric identifier associated with some specific TCP/IP protocol.

protocol numbers

Definition:An 8-bit numeric identifier associated with some specific TCP/IP protocol.

anycast packet

Definition:An IPv6 multicast method that permits multiple recipients to be designated for a single message, usually for a single cable segment or broadcast domain.

anycast packets

Definition:An IPv6 multicast method that permits multiple recipients to be designated for a single message, usually for a single cable segment or broadcast domain.

Advanced Research Projects Agency (ARPA)

Definition:An agency within the U.S. Department of Defense that funded forward-thinking research in computing technology.

trace buffer

Definition:An area of memory or hard disk space set aside for the storage of packets captured off the network by a protocol analyzer.

ARPANET

Definition:An experimental network, funded by ARPA, designed to test the feasibility of a platform-neutral, long-distance, robust, and reliable internetwork that provided the foundation for what we know today as the Internet.

proposed standard

Definition:An intermediate step for standards-level RFCs in which a Draft Standard goes through initial review, with two or more reference implementations to demonstrate interoperability between those implementations.

Institute of Electrical and Electronics Engineers (IEEE)

Definition:An international organization that sets standards for electrical and electronic equipment, including network interfaces and communications technologies.

International Organization for Standardization Open Systems Interconnection

Definition:An international standards organization based in Geneva, Switzerland, that sets standards for information technology and networking equipment, protocols, and communications technologies.

trailer

Definition:An optional, concluding portion of a PDU that usually contains data integrity check information for the preceding content in that PDU.

peer layers

Definition:Analogous layers in the protocol stacks on a sender and a receiver; the receiving layer usually reverses whatever operations the sending layer performs (which is what makes those layers peers).

encapsulation

Definition:Enclosure of data from an upper-layer protocol between a header and a trailer (the trailer is optional) for the current layer to identify sender and receiver and, possibly, include data integrity check information.

display filter

Definition:Filters that are applied to the packets that reside in a trace buffer, for the purpose of viewing only the packets of interest.

display filters

Definition:Filters that are applied to the packets that reside in a trace buffer, for the purpose of viewing only the packets of interest.

Request for Comments (RFC)

Definition:IETF standards documents that specify or describe best practices, provide information about the Internet, or specify an Internet protocol or service.

Requests for Comments (RFC)

Definition:IETF standards documents that specify or describe best practices, provide information about the Internet, or specify an Internet protocol or service.

transport layer

Definition:Layer 4 of the ISO/OSI network reference model and the third layer of the TCP/IP network model. The Transport layer handles delivery of data from sender to receiver.

transport layers

Definition:Layer 4 of the ISO/OSI network reference model and the third layer of the TCP/IP network model. The Transport layer handles delivery of data from sender to receiver.

session layer

Definition:Layer 5 in the ISO/OSI reference model. The Session layer handles setup, maintenance, and teardown of ongoing exchanges of messages between pairs of hosts on a network.

presentation layer

Definition:Layer 6 of the ISO/OSI reference model. The Presentation layer is where generic network data formats are translated into platform-specific data formats for incoming data and vice versa for outgoing data. This is also the layer where optional encryption or compression services may be applied (or reversed).

internetwork

Definition:Literally, a "network of networks," an internetwork is better understood as a collection of multiple interconnected physical networks that together behave as a single logical network (of which the Internet is the prime example).

promiscuous mode operation

Definition:Network interface card and driver operation used to capture broadcast packets, multicast packets, packets sent to other devices, and error packets.

alarm

Definition:Notification of events or errors on the network.

alarms

Definition:Notification of events or errors on the network.

undersized packet

Definition:Packets that are below minimum packet size requirements and point to potential hardware or driver problems.

undersized packets

Definition:Packets that are below minimum packet size requirements and point to potential hardware or driver problems.

oversized packets

Definition:Packets that exceed the MTU for the network and usually point to a problem with a NIC or its driver software.

statistics

Definition:Short- or long-term historical information regarding network communications and performance, captured by a protocol analyzer or other similar software.

host

Definition:TCP/IP terminology for any computer with one or more valid TCP/IP addresses (hence, reachable on a TCP/IP-based network). A host also can be a computer that offers TCP/IP services to clients.

hosts

Definition:TCP/IP terminology for any computer with one or more valid TCP/IP addresses (hence, reachable on a TCP/IP-based network). A host also can be a computer that offers TCP/IP services to clients.

daemon

Definition:Taken from James Clerk Maxwell's famous physics idea, a daemon is a computer process whose job is to "listen" in on connection attempts for one or more specific network services and hand off all valid attempts to temporary connections known as sockets.

payload

Definition:That portion of a PDU that contains information intended for delivery to an application or to a higher-layer protocol (depending on where in the stack the PDU is situated).

header

Definition:That portion of a PDU that precedes the actual content for the PDU and usually identifies sender and receiver, protocols in use, and other information necessary to establish context for senders and receivers.

Defense Information Systems Agency (DISA)

Definition:The DoD agency that took over operation of the Internet when ARPA surrendered its control in 1983.

defense information systems agency

Definition:The DoD agency that took over operation of the Internet when ARPA surrendered its control in 1983.

frame

Definition:The basic Data Link layer PDU for the ISO/OSI reference model.

frames

Definition:The basic Data Link layer PDU for the ISO/OSI reference model.

data frame

Definition:The basic PDU at the Data Link layer, which represents what is transmitted or received as a pattern of bits on a network interface.

data frames

Definition:The basic PDU at the Data Link layer, which represents what is transmitted or received as a pattern of bits on a network interface.

data segment

Definition:The basic PDU for TCP at the Transport layer. See also segment.

data segments

Definition:The basic PDU for TCP at the Transport layer. See also segment.

datagram

Definition:The basic protocol data unit at the TCP/IP Network Access layer. Used by connectionless protocols at the Transport layer, a datagram simply adds a header to the PDU, supplied from whichever Application layer protocol or service uses a connectionless protocol, such as UDP; hence, UDP is also known as a datagram service.

datagrams

Definition:The basic protocol data unit at the TCP/IP Network Access layer. Used by connectionless protocols at the Transport layer, a datagram simply adds a header to the PDU, supplied from whichever Application layer protocol or service uses a connectionless protocol, such as UDP; hence, UDP is also known as a datagram service.

MTU

Definition:The biggest single chunk of data that can be transferred across any particular type of network medium—for example, 1,518 bytes is the MTU for conventional Ethernet.

Internet Research Task Force (IRTF)

Definition:The forward-looking research and development arm of the Internet Society. The IRTF reports to the IAB for direction and governance.

ethernet collision fragments

Definition:The garbled traffic on a network produced when two packets transmitted at about the same time collide, resulting in a hodgepodge of signals.

decode

Definition:The interpreted value of a PDU, or a field within a PDU, performed by a protocol analyzer or similar software package.

decodes

Definition:The interpreted value of a PDU, or a field within a PDU, performed by a protocol analyzer or similar software package.

internet protocol version 6

Definition:The latest version of IP that's moving into global deployment and use (IPv4 remains the predominant TCP/IP version in use but will slowly be supplanted by IPv6).

segment

Definition:The name of the PDU for the TCP protocol in a TCP/IP environment.

segments

Definition:The name of the PDU for the TCP protocol in a TCP/IP environment.

Transmission Control Protocol/Internet Protocol (TCP/IP)

Definition:The name of the standard protocols and services in use on the Internet, denoted by the names of the two key constituent protocols: the Transmission Control Protocol, or TCP, and the Internet Protocol, or IP.

ISO/OSI reference model

Definition:The official name for the seven-layer network reference model used to describe how networks operate and behave.

Internet Corporation for Assigned Names and Numbers (ICANN)

Definition:The organization within the Internet Society responsible for proper assignment of all domain names and numeric IP addresses for the global Internet. ICANN works with private companies called name registrars to manage domain names and with ISPs to manage assignment of numeric IP addresses.

Internet Architecture Board (IAB)

Definition:The organization within the Internet Society that governs the actions of both the IETF and the IRTF and has final approval authority for Internet Standards.

Internet Engineering Task Force (IETF)

Definition:The organization within the Internet Society that's responsible for all currently used Internet Standards, protocols, and services as well as for managing the development and maintenance of Internet Requests for Comments (RFCs).

internet protocol version 4

Definition:The original version of IP that's still in widespread public use, although IPv6 is currently fully specified and moving into global deployment and use.

Internet Society (ISOC)

Definition:The parent organization under which the rest of the Internet governing bodies fall. ISOC is a user-oriented, public-access organization that solicits end-user participation and input to help set future Internet policy and direction.

Internet Protocol (IP)

Definition:The primary Network layer protocol in the TCP/IP suite. IP manages routing and delivery for traffic on TCP/IP-based networks.

reassembly

Definition:The process applied at the Transport layer in which messages segmented into multiple chunks for transmission across the network are put back together in the proper order for delivery to an application on the receiving end. The IP Fragment Offset field (discussed in Chapter 3) is used to identify the order of the fragments for reassembly.

demultiplexing

Definition:The process of breaking up a single stream of incoming packets on a computer and directing its components to the various active TCP/IP processes based on socket addresses in the TCP or UDP headers.

protocol analysis

Definition:The process of capturing packets off the network for the purpose of gathering communication statistics, observing trends, and examining communication sequences.

fragmentation

Definition:The process of dividing a packet into multiple smaller packets to cross a link that supports an MTU than the link where the packet originated.

decoding

Definition:The process of interpreting the fields and contents of a packet and presenting the packet in a readable format.

segmentation

Definition:The process whereby TCP takes a message larger than an underlying network medium's MTU and breaks it up into a numbered sequence of chunks less than or equal to the MTU in size.

routing

Definition:The process whereby a packet makes its way from a sender to a receiver based on known paths (or routes) from the sending network to the receiving network.

source port number

Definition:The sender's port address for a TCP or UDP PDU.

application layer

Definition:The uppermost layer of the ISO/OSI network reference model (and the TCP/IP model) where the interface between the protocol suite and actual applications resides.

4.4.2 BSD

Definition:The version of the Berkeley Software Distribution (BSD) of UNIX that was the first to include a TCP/IP implementation.

Uniform Resource Locator (URL)

Definition:Web terminology for an address that specifies the protocol (http://), location (domain name), directory (/directory-name/), and filename (example.html) so that a browser can access a resource.

protocol stack

Layers of protocols that build and rely on each other

physical layer

The lowest, or first, layer of the OSI model. Protocols in this layer generate and detect signals so as to transmit and receive data over a network medium. These protocols also set the data transmission rate and monitor data error rates, but do not provide error correction.

media flow control

The management of data transmission rates between two devices across a local network medium that guarantees the receiver can accept and process input before it arrives from the sender.

data link layer

The second layer in the OSI model. This layer bridges the networking media with the Network layer. Its primary function is to divide the data it receives from the Network layer into frames that can then be transmitted by the Physical layer.