3. TCP/IP Flashcards
What does TCP/IP stand for?
Transmission Control Protocol/Internet Protocol
Who created TCP/IP?
Department of Defense (DoD)
TCP/IP backstory?
• 1973 first created
• 1978 was divided into TCPand IP protocols
• 1983 Advanced Research Projects Agency (ARPA) renamed DARPA and divided into ARPAnet and MIL-NET.
• TCP/IP replaced network control protocol (NCP) used in ARPAnet
• 1990 ARPAnet and MIL-NET dissolved
• TCP/IP shipped with BSD Unix (Berkeley Software Distribution)
Name the layers of the DoD Model?
- Process/Application layer
- Host-to-we Host or Transport layer
- Internet layer
- Network Access or Link layer
Which layer of the OSI model corresponds to the Process/Application layer in the DoD model?
Application
Presentation
Session
What are the functions of the
Process/Application layer
in the DoD model?
- Define protocols for node to node communication
- Controls user interface specifications
What are the functions of the
Transport (or Host to Host) layer
in the DoD model?
- Define protocols for setting up the level of transmission service for applications
- Create reliable end-to-end communication
- Ensure error free delivery of data
- Handle packet sequencing and maintain data integrity
What are the functions of the
Internet layer
in the DoD model?
- Define protocols for the logical transmission of packets across the network
- Addressing of hosts by giving them an IP address
- Handle routing of pockets among multiple networks
What are the functions of the
Link (or Network Access) layer
in the DoD model?
- Oversee hardware addressing
- Define protocols for physical transmission of data
Name (11) Process-Application layer protocols
Telnet
SSH Secure Shell
FTP File Transfer Protocol
TFTP Trivial File Transfer Protocol
SNMP Simple Network Management Protocol
HTTP Hyper Text Transfer Protocol
HTTPS Hyper Text Transfer Protocol Secure
NTP Network Time Protocol
DNS Domain Name Service
DHCP/BootP Dynamic Host Configuration Protocol
APIPA Automatic Private IP Addressing
What’s the difference between DHCP and BootP?
BootP can assign an IP address to a host, but the host hardware address must be entered manually
BootP can send an operating system that a host can boot from
What are the four steps of DHCP?
Discover
Offer
Request
Acknowledge
Give details of the Discover step of DCHP?
• A client sends out a broadcast at both layer 2 and layer 3.
• The layer 2 broadcast is all F’s in hex
• The layer 3 broadcast is 255.255.255.255 (which means all networks and all hosts)
• DHCP is connectionless which means it uses UDP at the transport layer
What is a DHCP conflict?
How are they resolved?
A DHCP address conflict occurs when two hosts use the same IP address.
A DHCP conflict can only be resolved by an administrator by hand
What tools can be used to avoid a DHCP conflict?
The DHCP server can use the Ping program to test the availability of an IP address from its pool before assigning
A host can send a gratuitous ARP on the local LAN or VLAN using its newly assigned address, if nobody replies, this confirms the IP address is free
When would APIPA be used?
• APIPA is provided by later windows OS to avoid static IP addressing (adding by hand) when you don’t have a DHCP server.
• The IP address range for a PIPA is
169.254.0.1 to 169.256.255.254.
• A default class B subnet mask of 255.255.0.0 is used
Map the DoD model to the OSI model
Process/ Application
Application Presentation
Session
Transport Transport
(Host2Host)
Internet Network
Link Data Link
(Network Access) Physical
Map DoD model to TCP/IP protocol suite
Process/ [Telnet][FTP][LPD][SNMP]
Application [TFTP][SMTP][NFS][X Win]
————————————————————-
Transport [TCP][UDP]
(Host2Host)
————————————————————-
Internet [ICMP][ARP][RARP]
[ IP ]
————————————————————-
Link [Ethernet][FastEthernet]
[Token Ring][FDDI]
What is the default PIPA range and subnet mask used for APIPA?
169.254.0.1 to 169.256.255.254
255.255.0.0
Get details of the DHCP client 4 step process
- The DHCP client broadcasts a DHCP Discover message looking for a DHCP server (port 67).
- The DHCP server that received the DHCP Discover message sends a layer 2 unicast DHCP Offer message back to the host.
- The client then broadcasts to the server a DHCP Request message asking for the offered IP address and possibly other information.
- The server finalises the exchange with a unicast DHCP Acknowledgement message
TCP Segment Format fields
[ 16-bit source port ][ 16-bit destination port]
[ 32-bit sequence number ]
[ 32-bit acknowledgment number ]
[4b head len][Rsrvd][Flags][16-bit window sz]
[16-bit TCP Checksum][16-bit urgent pointer]
[ Options ]
[ Data ]
Study the TCP Segment field
photo
Source Port (16-bits)
This is the port number of the application on the host sending the data
Destination Port (16-bits)
This is the port number of the application requested on the destination host
Sequence number (32-bits)
A number used by TCP that puts the data back in the correct order or re-transmit missing or damaged data during a process called sequencing
Acknowledgement Number (32-bits)
The value is the TCP octet that is expected next
Header length (?)
The number of 32 bit words in the TCP header, which indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits in length.
Reserved (?)
Always set to 0.
Flags/code bits (?)
Controls functions used to set up and terminate a session
Window (16-bit)
The window size the sender is willing to accept in octets
Checksum (16-bits)
The cyclic redundancy check (CRC) Used because TCP doesn’t trust the lower layers and checks everything. The CRC checks the header and data fields
Urgent (16-bits)
A valid field only if the urgent pointer in the code bit is set. If so, this value indicates the offset from the current sequence number (in octets) where the segment of non-urgent data begins
Options
Maybe zero, meaning that no options have to be present or a multiple of 32 bits
Data
Handed down to the TCP protocol at the transport layer, which includes the upper layer headers
Study the UDP Segment ‘diagram’
[ 16-bit source port ][ 16-bit destination port]
[ 16-bit length ][ 16-bit checksum ]
[ Data ]
Common TCP Protocol Port Numbers
FTP
SSH
HTTP
HTTPS
Telnet
POP3
SNMP
DNS
IMAP4
FTP 20, 21
SSH 22
HTTP 80
HTTPS 443
Telnet 23
POP3 110
SNMP ? (Both TCP and UDP)
DNS 53 (Both TCP and UDP)?
IMAP4 143
Common UDP Protocol ports
SNMP
SMTP
TFTP
DNS
NTP
BootP
SNMP 161
SMTP 25 (587)
TFTP 69
DNS 53
NTP 123
BootP 67
Study the IP Header
diagram photo
Version (4-bit)
IP version number
Header Length (4-bit)
Add a length in 32 bit words
Priority and Type of Service (8-bits)
Type of Service tells how the datagram should be handled. The first 3 bits are the priority bits or differentiated services bits
Total Length (16-bits)
Length of the packet, including header and data
Identification (16-bits)
Unique IP-packet value used to differentiate fragmented packets from different datagrams
Flags (3-bits)
Specifies whether fragmentation should occur
Fragment Offset (13-bits)
Provide fragmentation and reassembly if the packet is too large to put in a frame. It also allows different maximum transmission units (MTUs) on the Internet.
Time to Live (8-bits)
The time to live (TTL) is set into a packet when it’s originally generated. If it doesn’t get to where it’s supposed to go before the TTL expires the packet is dropped. This stops IP packets from continuously circling the network looking for a home.
Protocol (8-bits)
The port of the upper layer protocols for example TCP is port 6 and UDP is port 17. Also support network layer protocols (not ports) like ARP and ICMP and can be referred to as the Type field in some analyses.
Header Checksum (16-bits)
Cyclic redundancy check (CRC) on header only
Source IP Address (32-bits)
32-bit IP address of sending station
Destination IP Address (32-bits)
32-bit IP address of the station this packet is destined for
Options (0 or 32-bits)
Used for network testing, the bugging, security and more
Data (varies if any)
After the IP option field will be the upper layer data if any
What are the values (ports) in an IP packet for the protocols?
? - ICMP
? - IP in IP (tunnelling)
? - TCP
? - UDP
? - IPv6
? - GRE
? - EIGRP
? - OSPF
? - L2TP
1 - ICMP
4 - IP in IP (tunnelling)
6 - TCP
17 - UDP
41 - IPv6
47 - GRE
88 - EIGRP
89 - OSPF
115 - L2TP
What is ICMP and what is it used for?
Internet Control Message Protocol
- ICMP works at the network layer and is used by IP for many different services.
- It is basically a management protocol and messaging service.
- Its messages are carried as IP datagrams.
- RFC1256 is an annex to ICMP
What messages are sent via ICMP?
- Destination unreachable
- Buffer Full / Source Quench
- Hops / Time Exceeded
- Ping
- Traceroute
What is ARP?
What is it used for?
Address resolution protocol
- ARP finds the hardware address of a host from a known IP address.
- If IP doesn’t find the destination host hardware address in the ARP cache, it uses ARP to find this information
- ARP interrogates the local network by sending out a broadcast asking the machine with the specified IP address to reply with its hardware address
What is an IP address?
An IP address is a software address (not a hardware address) that is hardcoded on a network interface card (NIC) and used for finding hosts on a local network.
What is a network address?
The network address (also called network number) uniquely identify each network. Every machine on the same network shares that network address as part of its IP address for example 192.168.0.0
What is a node address?
A node address (or host address) is assigned to each machine on a network
This part of the address must be unique because it identifies the machine.
For example, 192.168.1.12
Summarise the different classes of networks
Class 8-bit 8-bit 8-bit 8-bit
A [Network][ Host ][ Host ][ Host ]
B [Network][Network][ Host ][ Host ]
C [Network][Network][Network][ Host ]
D Multicast
E Research
Class A
0xxxxxxx = 0 -> 127
Class B
10xxxxxx = 128 -> 191
Class C
110xxxxx = 192 -> 223
Class D = 224 -> 239
Class E = 240 -> 255
Study the following reserved IP addresses
Network address of all 0s
Interpreted to mean “this network or segment “
Network address of all 1s
Interpreted to mean “all networks”
Network 127.0.0.1
Reserved for loopback tests.
Designate the local node and allows that node to send a test packet to itself without generating network traffic.
Node address of all 0s
Interpreted to main “network address“ or any host on a specified network.
Node address of all 1s
Interpreted to mean “all nodes“ on the specified network,
for example 128.2.255.255 means “all nodes“ on network 128.2 (Class B address)
Entire IP address set to all 0s
Used by Cisco routers to designate the default route.
Could also mean “any network“
Entire IP address set to all 1s ie (255.255.255.255)
Broadcast to all nodes on the current network, sometimes called an “all 1s broadcast“ or local broadcast
What are the Private IP Address (RFC 1918) ranges for each Class of IP Address?
Class A
10.0.0.0 through 10.255.255.255
Class B
172.16.0.0 through 172.31.255.255
Class C
192.168.0.0 through 192.168.255.255
What is the address range of Loopback interfaces?
127.0.0.0 through 127.255.255.254
Who is a Layer 2 Broadcast sent to?
What format does it take?
- All nodes on a LAN
- Also called hardware broadcast
- Sent to MAC address ff:ff:ff:ff:ff:ff (all 1s)
Who is a Layer 3 Broadcast sent to?
What format does it take?
- All hosts on a broadcast domain can be achieved by setting all host bits on ie 192.168.255.255
- All hosts and networks can be achieved using 255.255.255.255 (all network and host bits on)
- Note that default router behaviour is not to pass this broadcast on
What is a Unicast Address?
This is defined as a single IP address for a single NIC
What is a Multicast Address?
How is it used?
- Multicast addresses allow the sending of data or messages to multiple hosts from a single host (one to many)
- Implemented by hosts subscribing to an IP multicast group address
- EIGRP uses multicast on 224.0.0.10
- Address range is 224.0.0.0 through 239.255.255.255 (Class D)
