TCP/IP (Layer 4/Layer 3) PDF

TCP/IP (Layer 4/Layer3) Introduction: Ethernet, a widely used networking technology, primarily uses the Internet Protocol (IP) as the main protocol for communication between devices. Here’s an overview of how IP works in Ethernet: Ethernet Frame Structure  Ethernet Header: Contains source and destination MAC (Media Access Control) addresses and other control information.  EtherType/Length Field: Indicates the type of protocol encapsulated in the frame (e.g., IPv4, IPv6, or other protocols).  Payload: Contains the actual IP packet.  Frame Check Sequence (FCS): Used for error detection. A. IP IP Protocol Versions  IPv4 (Internet Protocol version 4): The most used version of IP, characterized by its 32- bit address format (e.g., 192.168.1.1). It includes ﬁelds like: o Source/Destination IP Address o Header Length, Total Length, and Checksum o Time to Live (TTL): Limits the lifespan of a packet. o Protocol: Speciﬁes the higher-layer protocol (e.g., TCP or UDP).  IPv6 (Internet Protocol version 6): Developed to address IPv4 exhaustion, using 128-bit addresses (e.g., 2001:0db8:85a3::8a2e:0370:7334). It includes improvements such as: o Simpliﬁed header for faster processing. o Source/Destination IP Address (128-bit). o Hop Limit (similar to TTL in IPv4). o Support for advanced features like auto-conﬁguration and improved security. Encapsulation  Data Encapsulation: In Ethernet, data is encapsulated by adding an Ethernet header and trailer around the IP packet. This allows the data to be transferred across the physical network.  Layer Interaction: o Ethernet operates at Layer 2 (Data Link layer) of the OSI model. o IP operates at Layer 3 (Network layer), providing routing and addressing capabilities to deliver packets from source to destination across interconnected networks. Protocol Compatibility Ethernet can carry multiple network protocols. While IPv4 and IPv6 are most common, it can also encapsulate:  ARP (Address Resolution Protocol): Used to map IP addresses to MAC addresses.  RARP (Reverse ARP) and other network protocols. Communication Process  ARP Request: Before sending an IP packet, Ethernet devices use ARP to resolve the MAC address of the target IP.  Frame Transmission: Ethernet frames are sent from the source to the destination based on MAC addresses, while IP manages logical addressing and routing. In summary, Ethernet provides the physical and data link layer framework for transmitting IP packets between devices, supporting IPv4 and IPv6 to facilitate communication across a network. I. IP Packet Structure An IP packet has two main components: 1. Header: Contains control information for routing and delivery. 2. Payload: Contains the actual data to be delivered. IPv4 Packet Header Structure The IPv4 header is typically 20 bytes long but can be extended with optional ﬁelds. Here's the structure: Size Field Description (Bits) Version 4 IP version (4 for IPv4). Length of the header in 32-bit words (minimum 5 words = 20 Header Length (IHL) 4 bytes). Type of Service 8 Deﬁnes priority and QoS for the packet. (TOS) Total size of the IP packet (header + payload) in bytes (up to Total Length 16 65,535). Identiﬁcation 16 Unique ID for packet fragmentation/reassembly. Flags 3 Fragmentation control ﬂags (e.g., "Don't Fragment"). Size Field Description (Bits) Fragment O set 13 O set for reassembling fragmented packets. Time-to-Live (TTL) 8 Limits the packet's lifespan (hops) to prevent inﬁnite loops. Indicates the encapsulated protocol (e.g., TCP = 6, UDP = 17, Protocol 8 ICMP = 1). Header Checksum 16 Ensures the integrity of the IP header. Source IP Address 32 The sender's IP address. Destination IP 32 The receiver's IP address. Address Options (Optional) Variable Extra features like timestamping, security, etc. (if present). Padding Variable Ensures the header length is a multiple of 32 bits. IPv6 Packet Header Structure The IPv6 header is simpler and ﬁxed at 40 bytes. Here's its structure: Size Field Description (Bits) Version 4 IP version (6 for IPv6). Tra ic Class 8 Deﬁnes QoS for the packet. Flow Label 20 Identiﬁes packet ﬂows for faster routing. Payload Length 16 Length of the data payload (excluding the header). Indicates the encapsulated protocol (like "Protocol" in Next Header 8 IPv4). Hop Limit 8 Replaces TTL in IPv4; limits the number of hops. Source IP Address 128 The sender's IP address. Destination IP 128 The receiver's IP address. Address II. IP masking IP masking refers to techniques used to conceal or modify the visibility of IP addresses for security, privacy, or network management purposes. Here are some common IP masking techniques: 1. Subnetting  Concept: Subnetting divides an IP address space into smaller sub-networks, enabling e icient IP management and isolating network segments.  Masking Method: A subnet mask (e.g., 255.255.255.0 for a /24 network) deﬁnes which portion of an IP address represents the network and which part represents the host.  Use Case: This helps in creating di erent network segments, increasing security, and controlling tra ic. 2. Network Address Translation (NAT)  Concept: NAT modiﬁes the IP address information in packets as they pass through a router or ﬁrewall, typically for translating private IP addresses to a public IP address.  Types of NAT: o Static NAT: Maps one private IP to one public IP. o Dynamic NAT: Maps private IPs to a pool of public IPs. o Port Address Translation (PAT): Also known as NAT Overload, maps multiple private IP addresses to a single public IP by using di erent ports.  Use Case: Widely used in routers to allow devices in a local network (with private IPs) to communicate with the internet (using a shared public IP). 3. Proxy Servers  Concept: A proxy server acts as an intermediary between a client and external servers. It can mask the client’s IP address by replacing it with the proxy server's IP.  Beneﬁts: o Provides anonymity. o Helps bypass content restrictions.  Use Case: Web browsing through an anonymous proxy for privacy purposes. 4. VPN (Virtual Private Network)  Concept: A VPN creates an encrypted tunnel between a user’s device and a VPN server, masking the original IP address with the IP of the VPN server.  Advantages: o Enhances privacy and security. o Helps access region-restricted content.  Use Case: Individuals use VPNs for secure browsing and data transmission, while organizations use them for secure remote access. 5. IP Address Spooﬁng  Concept: Spooﬁng involves creating IP packets with a forged source IP address to conceal the sender's identity or impersonate another device.  Security Concerns: Often used in malicious activities such as DDoS attacks or to bypass network ﬁlters.  Use Case: Typically detected and mitigated by security systems as it poses risks. III. IP classes address IP addresses are divided into classes to organize the IP address space and manage network sizes e iciently. In IPv4, the address space is split into ﬁve classes (A to E). Here’s a breakdown: 1. Class A  Range: 1.0.0.0 to 126.255.255.255  Default Subnet Mask: 255.0.0.0 (/8)  First Octet: Starts with 0 in binary (e.g., 000xxxxxx)  Number of Networks: 128 (2^7 - 2, excluding reserved addresses)  Number of Hosts per Network: Up to 16,777,214 (2^24 - 2)  Purpose: Designed for very large networks, such as major ISPs and large organizations.  Reserved: o 10.0.0.0 to 10.255.255.255 is reserved for private networks. Note: a. Class A ranges from 1.0.0.0 to 126.0.0.0. This gives a theoretical total of 27=1282^7 = 12827=128 possible networks (since the ﬁrst octet is 7 bits, excluding the leading 0). However, two network IDs are reserved: 1. Network ID 0.0.0.0 : Default route and special addressing (e.g., DHCP). 2. Network ID 127.0.0.0 : Loopback, used for internal communication/testing. b. Why Subtraction of 2 in Host Addresses?  One address is reserved for the network ID (the ﬁrst address): The network ID is not assignable to devices, as it identiﬁes the network itself rather than any speciﬁc host.  One address is reserved for the broadcast address (the last address). 2. Class B  Range: 128.0.0.0 to 191.255.255.255  Default Subnet Mask: 255.255.0.0 (/16)  First Octet: Starts with 10 in binary (e.g., 10xxxxxx)  Number of Networks: 16,384 (2^14)  Number of Hosts per Network: Up to 65,534 (2^16 - 2)  Purpose: Used by medium to large-sized networks, such as universities and multinational companies.  Reserved: o 172.16.0.0 to 172.31.255.255 is reserved for private networks. 3. Class C  Range: 192.0.0.0 to 223.255.255.255  Default Subnet Mask: 255.255.255.0 (/24)  First Octet: Starts with 110 in binary (e.g., 110xxxxx)  Number of Networks: 2,097,152 (2^21)  Number of Hosts per Network: Up to 254 (2^8 - 2)  Purpose: Intended for small networks, such as small businesses or home networks.  Reserved: o 192.168.0.0 to 192.168.255.255 is reserved for private networks. 4. Class D  Range: 224.0.0.0 to 239.255.255.255  Default Subnet Mask: Not applicable  First Octet: Starts with 1110 in binary (e.g., 1110xxxx)  Purpose: Reserved for multicast groups, used for sending data to multiple devices in a network simultaneously (e.g., streaming media).  Note: Class D is not used for regular host addressing. 5. Class E  Range: 240.0.0.0 to 255.255.255.255  Default Subnet Mask: Not applicable  First Octet: Starts with 1111 in binary (e.g., 1111xxxx)  Purpose: Reserved for experimental and future use. Not used in normal operations.  Note: Class E is typically not routable on the internet. Summary of Use Cases  Class A: Very large networks (e.g., ISPs).  Class B: Medium to large networks (e.g., universities, large organizations).  Class C: Small networks (e.g., small o ices, home networks).  Class D: Multicasting (e.g., streaming or conferencing services).  Class E: Reserved for research and experimental purposes. Private IP Address Ranges are used for local networks and cannot be routed on the public internet:  Class A: 10.0.0.0 to 10.255.255.255  Class B: 172.16.0.0 to 172.31.255.255  Class C: 192.168.0.0 to 192.168.255.255 B. TCP The TCP (Transmission Control Protocol) stack, often referred to as the TCP/IP model, is fundamental to network communication, particularly over Ethernet, which is a common wired LAN technology. The TCP/IP model is used to deﬁne how data is transmitted across networks and ensures that the data reaches its destination accurately and e iciently. I. TCP/IP Model 1. Overview of the TCP/IP Model The TCP/IP model has four primary layers that correspond to the di erent functions in data transmission. These layers are:  Application Layer  Transport Layer  Internet Layer  Link Layer (Network Access Layer) Let's break down each layer and explain their roles, especially in the context of Ethernet. 2. Link Layer (Network Access Layer)  Function: This is the lowest layer in the TCP/IP model, responsible for physical data transfer between devices on the same local network. It includes both the hardware (Ethernet cables, network interface cards) and protocols for communication.  Ethernet Role: Ethernet operates here. It deﬁnes how devices on the same network segment format and transmit data using frames. Ethernet frames encapsulate the data being transmitted and include information like source and destination MAC (Media Access Control) addresses for device identiﬁcation on the local network.  Key Protocols: Ethernet (IEEE 802.3), ARP (Address Resolution Protocol) for mapping IP addresses to MAC addresses. 3. Internet Layer  Function: The Internet Layer handles the logical addressing and routing of data across multiple interconnected networks. This layer ensures that packets are sent from the source network to the destination network using IP addresses.  Protocols Used: The main protocol at this layer is IP (Internet Protocol), which is responsible for packet forwarding and addressing. Other protocols include ICMP (Internet Control Message Protocol) for network diagnostics and error reporting.  IP Addressing: IP addresses are used to identify devices across networks, allowing routers to forward packets towards their ﬁnal destinations. 4. Transport Layer  Function: The Transport Layer manages end-to-end communication between devices. It ensures that data is transferred reliably or unreliably, depending on the protocol used.  Key Protocols: o TCP (Transmission Control Protocol): A connection-oriented protocol that guarantees reliable, ordered delivery of a data stream. It uses mechanisms like the three-way handshake to establish connections and acknowledgments to ensure data is received correctly. o UDP (User Datagram Protocol): A connectionless protocol that sends data without guaranteed delivery, used for time-sensitive transmissions where speed is prioritized over reliability (e.g., video streaming).  Port Numbers: TCP and UDP use port numbers to di erentiate between di erent services or applications running on the same device (e.g., HTTP on port 80, HTTPS on port 443). 5. Application Layer  Function: The Application Layer includes the protocols and interfaces that applications use to communicate over the network. This is where data is generated and prepared for transmission.  Key Protocols: o HTTP/HTTPS: For web communication. o SMTP/IMAP: For email services. o FTP/SFTP: For ﬁle transfer.  Data Handling: At this layer, data is structured according to the application protocol, then passed down to the Transport Layer to be transmitted. 6. How Ethernet Integrates with TCP/IP  Frame Structure: Ethernet frames carry the payload encapsulated by the higher-level protocols.  Data Encapsulation: The TCP/IP model encapsulates data at each layer. For Ethernet, an IP packet generated by the Internet Layer is encapsulated within an Ethernet frame before being transmitted over the network. 7. Data Flow in TCP over Ethernet When an application sends data over a network using TCP over Ethernet, the process follows these steps: 1. Application Layer: The application formats the data according to its protocol (e.g., HTTP request). 2. Transport Layer: TCP divides the data into segments, adds a header with sequence numbers, and passes it to the Internet Layer. 3. Internet Layer: The IP layer encapsulates the TCP segment into an IP packet and adds an IP header with source and destination IP addresses. 4. Link Layer (Ethernet): The IP packet is then encapsulated in an Ethernet frame, which adds the MAC addresses and other Ethernet header information. 5. Physical Transmission: The Ethernet frame is transmitted over the network using Ethernet cables or switches. 8. Ethernet and Reliability Ethernet itself does not provide reliability mechanisms. It transmits frames but does not handle issues such as lost or corrupted packets. This is managed by the TCP protocol at the Transport Layer, which ensures that missing or damaged data segments are retransmitted. In summary, the TCP/IP stack is a layered model where each layer performs speciﬁc functions to enable data transmission. Ethernet operates at the Link Layer, providing the infrastructure for local communication, while TCP ensures reliable end-to-end communication within the Transport Layer. II. TCP Segment 1. TCP Segment Structure A TCP segment consists of a header and a data payload. The header contains various ﬁelds used to manage the communication between devices. TCP Header Format (Minimum size: 20 bytes, Maximum size: 60 bytes) Field Size (bits) Description Source Port 16 Identiﬁes the sender's application or process. Destination Port 16 Identiﬁes the receiver's application or process. Speciﬁes the position of the ﬁrst byte of the current Sequence Number 32 segment's data in the stream. Acknowledgment Indicates the next expected byte from the sender, 32 Number used for acknowledgment. Data O set (Header Speciﬁes the length of the TCP header in 32-bit words 4 Length) (minimum is 5 = 20 bytes). Reserved 3 Reserved for future use (must be set to 0). Controls the state of the connection (e.g., SYN, ACK, Flags (Control Bits) 9 FIN). Speciﬁes the number of bytes the receiver is willing Window Size 16 to accept (ﬂow control). Field Size (bits) Description Checksum 16 Used for error-checking the header and data. Urgent Pointer 16 Points to urgent data (only valid if the URG ﬂag is set). Variable (0–40 Used for additional features (e.g., Maximum Segment Options bytes) Size, timestamps). Contains the actual application data being Data (Payload) Variable transmitted. Key Fields Explained 1. Source Port & Destination Port: o These identify the endpoints of the communication, allowing multiple connections to exist simultaneously between two devices. 2. Sequence Number: o Used for data ordering. Each byte in the TCP stream is numbered sequentially, and this ﬁeld marks the starting byte for the current segment. 3. Acknowledgment Number: o Used to conﬁrm receipt of data. It tells the sender the next byte the receiver expects. 4. Flags (Control Bits): o Common ﬂags include:  SYN: Synchronize sequence numbers (used during connection establishment).  ACK: Acknowledgment ﬁeld is valid.  FIN: No more data from sender (used during connection termination).  RST: Reset the connection.  PSH: Push the data to the receiving application immediately.  URG: Urgent data indicator. 5. Window Size: o Implements ﬂow control, specifying the amount of bu er space available for incoming data. 6. Checksum: o Ensures integrity by validating the header and data against errors during transmission. 7. Options: o Common options include:  Maximum Segment Size (MSS): Speciﬁes the largest segment size the sender can handle.  Timestamps: Used for more accurate RTT measurements. 2. TCP Segment Encapsulation The TCP segment is encapsulated into larger protocol structures for transmission: 1. TCP Segment: o Includes the TCP header and data payload. 2. IP Packet (Internet Layer): o The TCP segment is encapsulated into an IP packet, which adds the IP header (source/destination IP addresses, etc.). 3. Ethernet Frame (Link Layer): o The IP packet is encapsulated into an Ethernet frame for transmission over the physical network. 3. Visualization of TCP Encapsulation Layer Encapsulation Unit Fields Added Application Application Data Data generated by the application. Transport TCP Segment TCP Header + Application Data. Internet IP Packet IP Header + TCP Segment. Link Ethernet Frame Ethernet Header + IP Packet. 4. Example Frame with TCP Segment Let’s consider a TCP segment encapsulated into an Ethernet frame during transmission:  Ethernet Header: o Destination MAC: AA:BB:CC:DD:EE:FF o Source MAC: 11:22:33:44:55:66 o EtherType: 0x0800 (IPv4)  IP Header: o Source IP: 192.168.1.1 o Destination IP: 192.168.1.2 o Protocol: 6 (TCP)  TCP Header: o Source Port: 12345 o Destination Port: 80 o Sequence Number: 1001 o Acknowledgment Number: 5001 o Flags: SYN In summary, the TCP segment structure contains critical information for managing reliable communication, while the Ethernet frame encapsulates the TCP segment with additional headers for delivery at the Link Layer. Understanding this encapsulation hierarchy is key to grasping how data travels through a network. III. TCP Three-way handshake The three-way handshake is a process used by the Transmission Control Protocol (TCP) to establish a reliable connection between a client and a server. This handshake ensures that both devices are ready to communicate and can properly exchange data. It involves three steps: SYN, SYN-ACK, and ACK. Here’s a detailed breakdown of how it works: 1. Step 1: SYN (Synchronization)  Initiator: The client starts the handshake.  Action: The client sends a TCP packet with the SYN (synchronize) ﬂag set.  Purpose: This packet indicates that the client wants to establish a connection and includes a random initial sequence number (ISN) (e.g., Seq = X).  Example: o Client → Server: SYN (Seq = X) 2. Step 2: SYN-ACK (Synchronization and Acknowledgment)  Initiator: The server responds to the client.  Action: The server sends a TCP packet with both the SYN and ACK (acknowledge) ﬂags set. o SYN: Indicates that the server also wants to establish a connection. o ACK: Conﬁrms receipt of the client’s SYN packet. The acknowledgment number is X + 1 (the next expected sequence number from the client). o The server also includes its own random initial sequence number (e.g., Seq = Y).  Example: o Server → Client: SYN-ACK (Seq = Y, Ack = X + 1) 3. Step 3: ACK (Acknowledgment)  Initiator: The client ﬁnalizes the handshake.  Action: The client sends a TCP packet with the ACK ﬂag set. o ACK: Conﬁrms receipt of the server’s SYN-ACK packet. The acknowledgment number is Y + 1 (the next expected sequence number from the server).  Example: o Client → Server: ACK (Seq = X + 1, Ack = Y + 1) Key Points of the Handshake:  Sequence Numbers: Both devices exchange initial sequence numbers (ISNs), which are random values used to track the order of transmitted data. These ensure data integrity.  Acknowledgment Numbers: Each device acknowledges the other’s sequence numbers, conﬁrming that communication can proceed.  Reliable Communication: Once the handshake is complete, both devices are synchronized and can begin exchanging data securely. Why Is It Necessary? The three-way handshake ensures: 1. Both devices agree on initial sequence numbers to track data packets. 2. Both devices are ready to communicate. 3. The connection is established reliably before actual data transfer begins. Visualization of the Three-Way Handshake Step Sender (Client) Receiver (Server) 1: SYN Sends SYN (Seq = X) Waits for a connection request. Step Sender (Client) Receiver (Server) 2: SYN-ACK Waits for acknowledgment. Sends SYN-ACK (Seq = Y, Ack = X+1) 3: ACK Sends ACK (Seq = X+1, Ack = Y+1) Connection established. Example in Real-World Terms  Client (You): "Hello, I’d like to talk (SYN)."  Server: "Hello, I’m here to talk. Can we conﬁrm? (SYN-ACK)."  Client: "Conﬁrmed, let’s begin! (ACK)." Once this handshake is complete, the communication channel is open, and data can be exchanged. IV. TCP vs UDP The choice between TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) depends on the requirements of your application. Here’s a detailed comparison to help you decide: 1. TCP (Transmission Control Protocol) TCP is a connection-oriented protocol, meaning it establishes a reliable connection between the sender and receiver before data transfer begins. When to Choose TCP 1. Reliable Communication: o Data must be delivered without loss or errors. o Use cases: File transfers, emails, and web browsing. 2. Ordered Delivery: o Data must arrive in the correct order. o Use cases: Database synchronization, document editing. 3. Error Detection and Correction: o TCP ensures data integrity by retransmitting lost or corrupted packets. o Use cases: Financial transactions, sensitive data transfer. 4. Acknowledgments and Flow Control: o The protocol manages congestion and ensures the receiver can handle incoming data. o Use cases: Remote connections (e.g., SSH, Telnet). 5. Security: o TCP is often used with TLS/SSL for secure communication. o Use cases: HTTPS websites, secure email communication. Examples of Applications Using TCP  Web browsing (HTTP/HTTPS)  Email (SMTP, IMAP, POP3)  File Transfer Protocol (FTP)  Remote desktop access (RDP) 2. UDP (User Datagram Protocol) UDP is a connectionless protocol, meaning it sends packets (datagrams) without establishing a connection and does not guarantee delivery, order, or error correction. When to Choose UDP 1. Speed is Critical: o Low latency is more important than reliability. o Use cases: Real-time video streaming, online gaming. 2. Tolerance for Loss: o Applications can handle occasional data loss without major issues. o Use cases: Voice over IP (VoIP), live broadcasts. 3. Broadcast or Multicast: o Data is sent to multiple recipients e iciently. o Use cases: Video conferencing, IPTV. 4. Simple Protocol Overhead: o Applications beneﬁt from reduced protocol overhead. o Use cases: Lightweight IoT data transfers. Examples of Applications Using UDP  Video streaming (e.g., Netﬂix, YouTube)  Online gaming (e.g., multiplayer games)  VoIP calls (e.g., Zoom, Skype)  DNS queries  Broadcasting services (e.g., IPTV, real-time stock quotes) Factors to Consider Criteria TCP UDP Unreliable, no guarantee of Reliability Reliable, ensures all data arrives. delivery. Speed Slower due to connection overhead. Faster due to minimal overhead. Order of Data Guarantees order. No guarantee of order. Error Handling Built-in error correction. None; errors are ignored. Use Case File transfers, secure Streaming, gaming, broadcasting. Examples communication. Making the Choice 1. Ask Yourself: o Is reliability critical? If yes, choose TCP. o Is speed more important than accuracy? If yes, choose UDP. 2. Speciﬁc Scenarios: o Video Calls: Use UDP (low latency is key; a few dropped frames are acceptable). o File Downloads: Use TCP (accuracy and integrity are essential). o Web Applications: Use TCP (most rely on HTTP/HTTPS for security and reliability). o IoT Devices: Use UDP for lightweight, fast transmissions, unless data loss is unacceptable. 3. Hybrid Approach: o Some applications use both protocols depending on the context. For example, video streaming may use TCP for initial metadata retrieval (e.g., video selection) and UDP for actual video delivery. In summary, choose TCP for applications requiring reliability, ordered delivery, and error correction. Opt for UDP when speed, simplicity, and low latency are more critical than data reliability.

TCP/IP (Layer 4/Layer 3) PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue