Upload
mohamed-mounir-fekri
View
222
Download
0
Embed Size (px)
Citation preview
8/3/2019 3 Tcp Ip Model
1/11
3
TCP/IP Model
8/3/2019 3 Tcp Ip Model
2/11
8/3/2019 3 Tcp Ip Model
3/11
-Crossover cables should be used when you connect a DTE device to another DTE device or a DCE to another
DCE.
Use a crossover cable for the following connection types
hub to another hub
switch to another switch
hub to a switchPC, router, or file server to another PC, router, or file server
3.1.2 Layer 1 Devices
1- RepeaterA repeater is an electronic device that receives a signal and
retransmits it at a higher level and/or higher power, or onto the
other side of an obstruction, so that the signal can cover longer
distances.
2- HUBA hub is a device for connecting multiple twisted pair or fiber
optic Ethernet devices together and making them act as a single
network segment. The device is a form ofmultiport repeater.
http://en.wikipedia.org/wiki/Electronicshttp://en.wikipedia.org/wiki/Signal_%28information_theory%29http://en.wikipedia.org/wiki/Retransmithttp://en.wikipedia.org/wiki/Ethernet_over_twisted_pairhttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Multiport_repeaterhttp://en.wikipedia.org/wiki/Multiport_repeaterhttp://en.wikipedia.org/wiki/Network_segmenthttp://en.wikipedia.org/wiki/Ethernethttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Optical_fiberhttp://en.wikipedia.org/wiki/Ethernet_over_twisted_pairhttp://en.wikipedia.org/wiki/Retransmithttp://en.wikipedia.org/wiki/Signal_%28information_theory%29http://en.wikipedia.org/wiki/Electronics8/3/2019 3 Tcp Ip Model
4/11
3.2Layer 2: Data Link LayerThe data link layer provides reliable transit of data across a physical network link. Different data
link layer specifications define different network and protocol characteristics, including physical
addressing, network topology, error notification, sequencing of frames, and flow control. Physical
addressing (as opposed to network addressing) defines how devices are addressed at the data link
layer. Network topology consists of the data link layer specifications that often define how devices
are to be physically connected, such as in a bus or a ring topology. Error notification alerts upper-
layer protocols that a transmission error has occurred, and the sequencing of data framesreorders frames that are transmitted out of sequence. Finally, flow control moderates the
transmission of data so that the receiving device is not overwhelmed with more traffic than it can
handle at one time.
The Institute of Electrical and Electronics Engineers (IEEE) has subdivided the data link layer into two
sublayers: Logical Link Control (LLC) and Media Access Control (MAC).
The Data Link Layer Contains Two Sublayers
3.2.1 MAC AddressThe data link layer uses MAC, or hardware, addresses for communication. For LAN communications,each machine on the same network segment or topology needs a unique MAC address. A MAC addressis 48 bits in length and is represented as a hexadecimal number. Represented in hex, it is 12 characters
in length. To make it easier to read, the MAC address is represented in a dotted hexadecimal format,like this: FFFF.FFFF.FFFF. It is also common to see MAC addresses formatted in this way:FF:FF:FF:FF:FF:FF. Since the MAC address uses hexadecimal numbers, the values used range from 0to 9 and A to F, for a total of 16 values for a single digit.
8/3/2019 3 Tcp Ip Model
5/11
3.2.2 Carrier Sense Multiple Access / Collision Detection (CSMA/CD)
- Main procedure1.Frame ready for transmission.2.Is medium idle? If not, wait until it becomes ready3.Start transmitting.4.Did a collision occur? If so, go to collision detected procedure.5.Reset retransmission counters and end frame transmission.
- Collision detected procedure1. Continue transmission until minimum packet time is reached
(jam signal) to ensure that all receivers detect the
collision.
2. Increment retransmission counter.
3. Was the maximum number of transmission
attempts reached? If so, abort transmission.
4. Calculate and wait random backoff period based
on number of collisions.
5. Re-enter main procedure at stage 1.
3.2.3 Ethernet Frame
1. Preamble : 8 bytes 10101010 (Bit Synchronization Clocking)
2. Destination : 6 bytes (Destination MAC)
3. Source : 6 bytes (Source MAC)
4. Length : 2 bytes (Length Of Frame)
5. Data : variable (LLC encapsulated data)
6. FCS : 4 bytes (Frame Check Sequence)
3.2.4 Layer 2 Devices
1- Bridge Bridges are similar to repeaters or network hubs, devices that connect network segments;
however, with bridging, traffic from one network is managed rather than simply rebroadcast to
adjacent network segments.
2- Switch It is a multiport Bridge.
http://en.wikipedia.org/wiki/Repeaterhttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Network_hubhttp://en.wikipedia.org/wiki/Repeater8/3/2019 3 Tcp Ip Model
6/11
3.3 Layer 3: The Network LayerThe Network Layer is responsible for routing packets delivery including routing through intermediate routers. The
Network Layer is responsible for routing packets delivery including routing through intermediate routers
3.2.1 IP AddressingThe Internet Protocol (IP) is a protocol used for communicating data across a packet-switched internetwork using
TCP/IP suit
An Internet Protocol (IP) address is a numerical label that is assigned to devices participating in a computer network
that uses the Internet Protocol for communication between its nodes.
An IP address serves two principal functions:
- host or network interface identification
- location addressingThe designers of TCP/IP defined an IP address as a 32-bit number and this system, known as Internet Protocol
Version 4 or IPv4, is still in use today. Although IP addresses are stored as binary numbers, they are usually displayed
in human-readable notations, such as 208.77.188.166 (for IPv4).
3.2.2 IP Classes
Class Leading
Bits
Size of Network
Number Bit field
Size of Rest
Bit field
Number
of Networks
Addresses
per Network
Start address End address
Class A 0 8 24 128 (27) 16,777,216 (2
24) 0.0.0.0 127.255.255.25
Class B 10 16 16 16,384 (214
) 65,536 (216
) 128.0.0.0 191.255.255.25
Class C 110 24 8 2,097,152 (221
) 256 (28) 192.0.0.0 127.255.255.25
Class D
(multicast)
1110 Not defined Not defined Not defined Not defined 224.0.0.0 239.255.255.25
Class E
(reserved)
1111 Not defined Not defined Not defined Not defined 240.0.0.0 255.255.255.25
3.2.3 Private IP Addresses
Class Private Networks Subnet Mask Address Range
A 10.0.0.0 255.0.0.0 10.0.0.0 - 10.255.255.255
B 172.16.0.0 - 172.31.0.0 255.240.0.0 172.16.0.0 - 172.31.255.255
C 192.168.0.0 255.255.0.0 192.168.0.0 - 192.168.255.255
http://en.wikipedia.org/wiki/Packet_forwardinghttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Packet_forwardinghttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Protocol_%28computing%29http://en.wikipedia.org/wiki/Packet-switchedhttp://en.wikipedia.org/wiki/Internetworkhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Identification_%28information%29http://en.wikipedia.org/wiki/Logical_addresshttp://en.wikipedia.org/wiki/32-bithttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/Binary_numberhttp://en.wikipedia.org/wiki/Human-readablehttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/Human-readablehttp://en.wikipedia.org/wiki/Binary_numberhttp://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/IPv4http://en.wikipedia.org/wiki/32-bithttp://en.wikipedia.org/wiki/Logical_addresshttp://en.wikipedia.org/wiki/Identification_%28information%29http://en.wikipedia.org/wiki/Internet_Protocolhttp://en.wikipedia.org/wiki/Computer_networkhttp://en.wikipedia.org/wiki/Internetworkhttp://en.wikipedia.org/wiki/Packet-switchedhttp://en.wikipedia.org/wiki/Protocol_%28computing%29http://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Packet_forwardinghttp://en.wikipedia.org/wiki/Routinghttp://en.wikipedia.org/wiki/Packet_forwarding8/3/2019 3 Tcp Ip Model
7/11
3.2.4 SubnettingThe process of subnetting involves the separation of the network and
subnet portion of an address from the host identifier. This is performed
by a bitwise AND operation between the IP address and the subnet prefix
or bit mask. The result yields the network address, and the remainder is
the host identifier.
In order to subnet a network, extend the natural mask using some of the bits from the host ID portion of the
address to create a subnetwork ID. For example, given a Class C network of 204.17.5.0 which has a natural maskof 255.255.255.0
204.17.5.0 - 11001100.00010001.00000101.00000000
255.255.255.224 - 11111111.11111111.11111111.11100000
--------------------------|sub|----
By extending the mask to be 255.255.255.224, you have taken three bits (indicated by "sub") from the original
host portion of the address and used them to make subnets. With these three bits, it is possible to create eight
subnets. With the remaining five host ID bits, each subnet can have up to 32 host addresses, 30 of which can
actually be assigned to a device since host ids of all zeros or all ones are not allowed (it is very important to
remember this). So, with this in mind, these subnets have been created.
204.17.5.0 255.255.255.224 host address range 1 to 30
204.17.5.32 255.255.255.224 host address range 33 to 62
204.17.5.64 255.255.255.224 host address range 65 to 94
204.17.5.96 255.255.255.224 host address range 97 to 126
204.17.5.128 255.255.255.224 host address range 129 to 158
204.17.5.160 255.255.255.224 host address range 161 to 190
204.17.5.192 255.255.255.224 host address range 193 to 222
204.17.5.224 255.255.255.224 host address range 225 to 254
3.2.5 Dynamic Host Configuration Protocol (DHCP)DHCP allows devices to acquire their addressing information dynamically. DHCP provides the following advantages:-
It reduces the amount of configuration on devices.
It reduces the likelihood of configuration errors on devices acquiring address information.
It gives you more administrative control by centralizing IP addressing information and management.
3.2.6 Domain Name System (DNS)DNS resolves known name to unkown IP
3.2.7 Internet Control Message Protocol (ICMP)ICMP is used to send error and control information between TCP/IP devices at the Internet layer. ICMP includesmany different messages that devices can generate or respond to.
Here is a brief list of these messages:
Address Reply Destination Unreachable Echo Echo Reply
Address Request Information Reply Information Request Parameter Problem
Redirect Subnet Mask Request Time Exceeded Timestamp
http://en.wikipedia.org/wiki/Binary_andhttp://en.wikipedia.org/wiki/Binary_and8/3/2019 3 Tcp Ip Model
8/11
3.2.8 The Address Resolution Protocol (ARP)ARP resolves known IP to unkown MAC
3.2.9 Reverse The Address Resolution Protocol (RARP)RARP is sort of the reverse of an ARP. In an ARP, the device knows the layer 3 address, but not the data link layer
address. With a RARP, the device doesnt have an IP address and wants to acquire one. The only address that
this device has is a MAC address. Common protocols that use RARP are BOOTP and DHCP.
3.2.10 Ping CommandThe Windows ping command is used to test layer 3 connectivity between two devices. Asource generates an ICMP echo
request. If the destination is available, it will respond back with an echo reply
Here is an example of using the ping command:
C:\ > ping 4.2.2.2Pinging 4.2.2.2 with 32 bytes of data:
Request timed out.
Reply from 4.2.2.2: bytes=32 time=20ms TTL=53
Reply from 4.2.2.2: bytes=32 time=22ms TTL=53
Reply from 4.2.2.2: bytes=32 time=20ms TTL=53
Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 20ms, Maximum = 25ms, Average = 21ms
Notice that the first echo request message timed out, but the following three were successfulthis is probably
because this PC, as well as intermediate routers, had to perform ARPs to find the next hop layer 3 devices MAC
address, causing the time to exceed 2 seconds. In the successful echo replies, you can see the time it took for
the round-trip between the source and destination; for example, the last echo request and reply took 20milliseconds to complete.
8/3/2019 3 Tcp Ip Model
9/11
3.2.11 Traceroute (Tracert) CommandOne limitation of ping is that this command will not tell you, between you and the destination device, where layer 3
connectivity is broken. The Windows tracert command, on the other hand, will list each router along the way, including
the final destination. Therefore, if a layer 3 connection problem exists, with traceroute, youll know at least where the
problem begins.
- 1st packet (echo request) will have TTL (Time To Leave) = 1
- Every router receive a packet will decrement TTL by 1
- If router recive packet TTL=1mwill return Time Exceeded error
Here is an example of the use of the tracert command:-C:\ > tracert 4.2.2.2Tracing route to 4.2.2.2 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.1.1
2 8 ms 7 ms 9 ms 10.122.208.1
3 10 ms 20 ms 12 ms 24.95.231.65
.
.
.
8 27 ms 26 ms 20 ms 4.68.103.68
9 21 ms 20 ms 24 ms 4.2.2.2
Trace complete.
3.3 Layer 4: The Transport LayerThe TCP/IP transport layer is responsible for providing a logicalconnection between two hosts and can provide
these functions:
Flow control (through the use of windowing)
Reliable connections (through the use of sequence numbers and acknowledgments)
Session multiplexing (through the use of port numbers and IP addresses)
Segmentation (through the use of segment protocol data units, or PDUs)
3.3.1 Flow ControlAnother function of the transport layer is to provide optional flow control. Flow control is used to ensure that
networking components dont send too much information to the destination, overflowing its receiving buffer space and
causing it to drop some of the transmitted information. Overflow is not good because the source will have to resend all
the information that was dropped.
The transport layer can use two basic flow control methods:
Ready/not ready signals
Windowing
8/3/2019 3 Tcp Ip Model
10/11
WindowingWindowing is a much more sophisticated method of flow control
than using ready/not ready signals. With windowing, a window
size is defined that specifies how much data (commonly called
segments at the transport layer) can be sent before the source
has to wait for an acknowledgment (ACK) from the destination.
Once the ACK is received, the source can send the next batch of
data (up to the maximum defined in the window size).
Windowing accomplishes two things:
- First, flow control is enforced, based on the window
size. In many protocol implementations, the window
size is dynamically negotiated up front and can be
renegotiated during the lifetime of the connection.
This ensures that the most optimal window size is
used to send data without having the destination
drop anything.
- Second, through the windowing process, the
destination tells the source what was received. Thisindicates to the source whether any data was lost
along the way to the destination and allows the
source to resend any missing information. The
window size chosen for a connection impacts its
efficiency and throughput in defining how many
segments (or bytes) can be sent before the source has
to wait for an ACK.
3.3.2 ReliabilityWhen implementing a reliable connection, sequence numbers and
acknowledgments (ACKs) are commonly used. For example, when information
is sent to a destination, the destination will acknowledge to the source what
information was received. The destination can examine sequence numbers in
the transmitted data segments to determine whether anything was missing
(dropped along the way) as well as put the data back in the correct order, if it
arrived out of order, before passing it on to the upper-layer application. If a
segment is missing, the destination can request that the source resend the
missing information. With some protocol stacks, the destination might have
the source resend all of the information or parts of the information, including
the missing parts. Some reliable connection protocols might also go through ahandshake process when initially building a connection. This handshake
process determines whether the two networking devices can build the
connection and negotiates parameters that should be used to provide a reliable connection. With TCP, this is called the
threeway handshake.
When reliability is necessary, it should cover these four items:
Recognizing lost packets and having them re-sent
Recognizing packets that arrive out of order and reordering them
Detecting duplicate packets and dropping the extra ones
Avoiding congestion
8/3/2019 3 Tcp Ip Model
11/11
3.3.3 TCP and UDP ApplicationsOne main difference between the OSI Reference Model and TCP/IPs model is that TCP/IP lumps together the
application, presentation, and session layers into one layer, called the application layer. Hundreds and hundredsof
TCP/IP applications are available. The most common ones are used to share information, such as file transfers, e-mail
communications, and web browsing. Here are some common TCP/IP applications, Cisco devices, such as routers and
switches, support: domain name service (DNS), HTTP and HTTPS, Simple Network Management Protocol (SNMP), telnet,
Secure Shell (SSH), File Transfer Protocol (FTP), and Trivial File Transfer Protocol (TFTP).
3.3.4 MultiplexingMultiplexing is the ability of a single host to have multiple
concurrent sessions open to one or many other hosts. A
session occurs when the source opens a connection by
sending one or more PDUs and typically, but not always,
receives a reply from the destination. A session can be
reliable or unreliable and may or may not involve flow
control. To handle multiplexing, a transport layer protocolmust be able to distinguish between each session to each
destination host. Some protocols assign a number to the
session, called a session number, to identify the session
uniquely. TCP/ IP uses a more complicated process that
accomplishes basically the same thing.
3.3.5 SegmentationSegmentation is the process of breaking up data into smaller, identifiable PDUs at the
transport layer. In TCP/IP, the transport layer packages application layer data into
segments to send to a destination device. The remote destination is responsible for
taking the data from these segments and directing it to the correct application. One
component of the segment must contain information that will help the destination
in the forwarding process, such as specifying the application that is supposed to
process the encapsulated data.
Application Protocol Port NumberHTTP TCP 80
HTTPS TCP 443FTP TCP 21,20
Telnet TCP 23SMTP TCP and UDP 53DHCP UDP 67TFTP UDP 69
SNMP UDP 161