Overview of TCP/IP Protocols

Computer Network Programming

IP Protocol Header

VersionHdr

length Total lengthType of service

identification Fragment offsetflags

Time to leave protocol Header checksum

32 bit source IP address

32 bit destination IP address

Options (if any)

Data

20 byteHeader

• Version is 4 (IPv4)

• Header length is the number of 32 bits in the header

• Type of service field is used to assign priorities to the packets

• Total length field is the total length of an IP packet (max 65535).

• Identification field identifies each IP packet sent. It is used in fragmentation.

• Time-to-live field limits the lifetime of an IP packet– Each router decrements it.

• Protocol field is used to demultiplex the incoming packet to the appropriate upper layer: TCP, UDP.

• Header checksum is calculated over the header to check the integrity of the header.

• Source IP address is the IP address of the sending machine.

• Destination IP address is the IP address of the receiving machine.

• Options field can keep additional information. It is optional.

IPv6• IPv4 address space is limited and can not

support the ever increasing number of hosts in the Internet in the future.

• IPv4 does not support Quality of Service

• Ipv6 has more clean and efficient header

• IETF developed IPv6 to address these problems• IPv6 is not globally operational. IPv4 is used in most

places. But islands of IPv6 networks exists.

IPv6 HeaderIPv6 Header

VersionTraffic Class Flow Label

Payload length Next Header Hop Limit

128 bit Source Address

128 bit Destination Address

• Version: 6 for IPv6.

• Traffic Class: identifies different classes and priorities

• Flow Label: used by the source to label the packets that makes a stream from source to destination

• Payload Length: the length of the data portion.

• Next Header: identifies the type of the header that is immediately used after the IPv6 header: TCP, UDP..

• Hop Limit: decremented by 1 by each router that forwards the packet. If reaches to zero, then the packet is discarded.

Other Protocols

IP IGMPICMP

Hardware İnterface

Ethernet/PPP/...ARP RARP

TCP UDP

User process

Userprocess

Userprocess

User process

Physical Media (Ethernet cable, serial line, ….)

Linklayer

Networklayer

Transportlayer

Application layer

Kernel

User levelProcesses

API

Operating System Kernel

Process 1 Process 2 Process N

HW

Applications (User level Processes)

TCP/IP protocols are implemented inside the kernel

Demultiplexing

EthernetDriver

ARP RARP

IP

ICMP IGMP

TCP UDP

Appl. Appl. Appl. Appl.

Demultiplexing based onframetype in the ethernetheader

Demultiplexing basedon protocol number in IP header

Demultiplexing based on portnumber in TCP/UDP header

Incoming frame

Link Layer• Two examples of different link layer protocols

• Ethernet– protocol that is used in local area networks (for example in the network in

dormitories and departments

– shared pysical link

– responsible from framing.

– implements a MAC protocol

• PPP– the protocol that is used over telephone lines/serial lines at your home while

getting connected to Internet from home

– dedicated physical link

– no MAC protocol is needed.

– Responsible from framing of IP datagrams (packets) over byte stream oriented serial lines.

PPP

IPTCP

Web Browser

modem modemTelephonenetwork

Telephone lines

PPP

IP

Your computerat home

Internet

Wide area connectivity

ISP router

Ethernet

IP

Wide area connectivity

Local Area Network at School

Ethernet

IP

TCP

Web Server

Serial line

Bilkent Web Serverat the University

Bilkent Campus Router

ISP: Internet service provider

Ethernet

datatypesrc

addressdst

addressCRC

6 bytes 6 2 46-1500 bytes 4

0800 IP datagram0806 ARP packet8035 RARP packet

Dst and Src addresses are 6 bytes MAC addresses. They areglobally unique.

Example: 00:0e:63:93:2e:86

MTU (maximum tranferable unit) is 1500 bytes. IP packet should be fragmented to that size if they

are larger than 1500 bytes.

PPP

Flag0x7E

Addr0xFF

control0x03

Protocol data CRCFlag0x7E

1 1 1 2 <= 1500 2 1

0021 IP datagramC021 Link control packet8021 Network control packet

All occurances of 0x7E is byte stuffed: replaced with 0x7d 0x5e 0x7d is transmitted as 2 byte sequence 0x7d 0x5d.

MTU is 1500, but can be negotiatedConnection oriented protocol: a PPP connection is established beforeyou send data. That is why you are waiting for some time when connecting from home. Dialing time + PPP connection time

Loopback Interface• There is an other interface on every

computer which is loopback. Its IP address is always 127.0.0.1

• It does not have any hardware attached to it.

• If you send data to this address, data comes back to your computer: so it is loopback.

IP

loopback ethernet127.0.0.1/8

Network interfaces

• You can have multiple network interfaces in your computer: loopback, ethernet interface, token ring interface….

• You will have an IP address and subnet mask configured for each interface.

• Those machines that have more than one physical network interface are called multihomed machines.

ifconfig commadYou can use ifconfig command to see the configured interfacesin a UNIX machine (ipconfig for WINDOWS). You use the samecommand to configure/modify the properties of an interface (assign IP address/subnet mask etc.)

ifconfig -a gives all the configured interfacesexample: lo0: flags=849<UP,LOOPBACK,RUNNING,MULTICAST> mtu 8232 inet 127.0.0.1 netmask ff000000 le0: flags=863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST> mtu 1500 inet 139.179.21.217 netmask ffffff00 broadcast 139.179.21.255

Two interfaces are configures for this machine: loopback and an ethernet interface.

ifconfig le0 gives information only on interface le0.

netstat command• netstat command gives information about the

network connections that the machine has currently, the routing table content etc. It is a command that displays the content of various network related data structures in the kernel.

netstat -nr shows the content of the routing table on that machine

Example:aspendos{korpe}:> netstat -nr

Routing Table: Destination Gateway Flags Ref Use Interface-------------------- -------------------- ----- ----- ------ ---------139.179.21.0 139.179.21.217 U 3 924 le0224.0.0.0 139.179.21.217 U 3 0 le0default 139.179.21.240 UG 0 851 127.0.0.1 127.0.0.1 UH 0 63282 lo0

Delivery of IP datagrams at the Link layer

RouterR

Internet

LAN(Ethernet)

A C DB

The frames in a LANare sent to each otherusing MAC addresses asthe identities of the hosts.

c Packets are coming for C (dst IP address = 139.179.10.6)

139.179.10.6

139.179.10.1 IP address of R00:0e:63:93:2e:86 MAC address of R

00:00:20:79:04:14

S

129.192.56.10

Use of MAC (link layer) addresses

• When stations in a shared LAN send frames(packets) to eachother, they use the MAC addresses (link layer addresses) as the destination address of the frames

• For example, route R will put the IP packet inside an ethernet frame while sending the packet to host C. the ethernet frame will contain the MAC address of C as in its dst address field

• When host A (or B etc.) want to send an IP packet to C, it does the same thing.

• All stations in a LAN talk to eachother using their MAC addresses.

The IP packets that is send from Router R to C will be (assumethe packets are originated at computer S) like the following: IP packet will be put into an Ethernet frame:

00:00:20:79:04:14 00:0e:63:93:2e:86 0x800 IP datagram CRC

129.192.56.10 139.179.10.6 data

Src address Dst address

Otherfields of IP hdr

Ethernet frame that is originated at router R and destined to CDst addr Src addr Type

Address resolution

• Assume in a LAN a host want to send a frame to the other host on the same LAN.

• How does the sender host knows the Ethernet address of the receiving host?

• We need an address resolution protocol

A B C

D E F

A wants to send a frame to E (it can also be router R)A will build an ethernet frame but it does not know the MAC addres of E.

Address Resolution Protocol (ARP): provides mapping from IP addresses to MAC addresses.

R

ARP and RARP

IP Address

MAC Address

ARP RARP

RARP: reverse address resolution protocols.

How does ARP work

• Host that want to send a frame, broadcasts an ARP request packet on the LAN

• The broadcast address is ff:ff:ff:ff:ff:ff (this will be the dst address field in ethernet frame)

• The ARP packet contains the IP address that host wants the MAC address for.

• All hosts on the LAN receive the ARP request packet.

ARP• The destination host that has the IP address

matching the IP address in the ARP request packet, replies back to the sending host with a ARP replay packet and includes its MAC address in the packet.

• The sending host takes the unicast reply and learns the MAC address of the destination

• Note that the ARP reply is not broadcasted but directly sent to the sender of the ARP request packet.

ARP Cache

• When the sender host learns the MAC address of the receiver host, it stores this mapping in its cache (ARP table).

• All subsequent frames that are destined to this host use this MAC address (without invoking the ARP protocol)

• The mapping is stored for some period of time (like 20 minutes) and then deleted.

arp command

arp allows you to display and modify (if you are a superuser in UNIX) the ARP table

arp -a shows the content of the tableaspendos{korpe}:> arp -aNet to Media TableDevice IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- ---------------le0 hitit 255.255.255.255 00:40:61:00:3e:2ale0 cisco3 255.255.255.255 00:e0:63:93:2e:86le0 gordion 255.255.255.255 08:00:20:79:04:14le0 pcmfbe.ef.bilkent.edu.tr 255.255.255.255 00:05:1c:01:d1:28le0 139.179.54.1 255.255.255.255 00:e0:63:93:2e:86le0 best.ee.bilkent.edu.tr 255.255.255.255 00:40:61:00:0d:c2le0 didim.ee.bilkent.edu.tr 255.255.255.255 08:00:20:73:99:b6le0 ph-mali.bcc.bilkent.edu.tr 255.255.255.255 00:e0:63:93:2e:86le0 139.179.13.1 255.255.255.255 00:e0:63:93:2e:86le0 pcscanner 255.255.255.255 00:80:ad:b7:c3:34

ARP Packet formatEther dst addess

Ether src addess

Ether frame type

Hw type

Prot Type

Hw Size

Proto Size

Sender Ether address

Sender Sender IP address

Target Ether address

Target IP address

Ethernet Header

ARP request/replypacket format

6 bytes

6

2

2

2

1

16

4

6

4

Example - ARP requestFrame 5 (42 on wire, 42 captured) Arrival Time: Feb 19, 2002 22:48:18.612874000 Time delta from previous packet: 1.356006000 seconds Time relative to first packet: 5.372405000 seconds Frame Number: 5 Packet Length: 42 bytes Capture Length: 42 bytesEthernet II Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff) Source: 08:00:46:48:43:9f Type: ARP (0x0806)Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) Sender hardware address: 08:00:46:48:43:9f Sender protocol address: 139.179.137.84 Target hardware address: 00:00:00:00:00:00 Target protocol address: 139.179.137.1

Host 139.179.137.84 wants to learn the MAC address of the router whose IP address is 139.179.137.1

Example continued - ARP replyFrame 6 (60 on wire, 60 captured) Arrival Time: Feb 19, 2002 22:48:18.613552000 Time delta from previous packet: 0.000678000 seconds Time relative to first packet: 5.373083000 seconds Frame Number: 6 Packet Length: 60 bytes Capture Length: 60 bytesEthernet II Destination: 08:00:46:48:43:9f Source: 00:e0:63:90:b7:9a (CABLETRO_90:b7:9a) Type: ARP (0x0806) Trailer: 00000000000000000000000000000000...Address Resolution Protocol (reply) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: reply (0x0002) Sender hardware address: 00:e0:63:90:b7:9a Sender protocol address: 139.179.137.1 Target hardware address: 08:00:46:48:43:9f Target protocol address: 139.179.137.84

Answer comeshere

RARP protocol• A diskless system like an X-terminal want to

learn its IP address automatically when booted.

• It sends an RARP request, requesting the IP address corresponding to its MAC address.

• A RARP server that keeps all the mapping of MAC addresses to IP addresses replies back with the corresponding IP address for the diskless system

RARP

• The diskless system sends the RARP request to the broadcast address. ff:ff:ff:ff:ff:ff

• Only the RARP server replies back and it replies back directly to the diskless system.