y Architectural Overview of the TCP/IP Protocol Suite (adapted from Microsoft Press Chapter Outlines)

y The Microsoft TCP/IP Protocol Suite

        1.   The Four-Layer Model

              A.   TCP/IP protocols follow a four-layer conceptual model.

              B.   The Network Interface Layer protocols are responsible for physical interface.

                    1.   Puts frames on and takes frames off the network

                    2.   Responsible for physical interface

              C.  The Internet Layer protocols contain the four Internet protocols.

                    1.   Internet Protocol (IP) is responsible for addressing and routing packets between hosts and networks.

                    2.   Address Resolution Protocol (ARP) obtains hardware addresses of hosts on the same physical network using IP addresses assigned.

                    3.   Internet Control Message Protocol (ICMP) sends messages and reports errors regarding packet delivery.

                    4.   Internet Group Management Protocol (IGMP) is used by IP hosts to report host group memberships to local multicast routers.

              D.  The Transport Layer protocols provide communication sessions between computers.

                    1.   TCP provides connection-oriented, reliable communications for applications that typically transfer large amounts of data at one time.

                    2.   User Datagram Protocol (UDP) provides connectionless communications and does not guarantee to deliver packets.

              E.   The Application Layer protocols support applications on the network.

                    1.   There are many standard TCP/IP utilities and services implemented by Microsoft in the TCP/IP suite.

                          a.    File Transfer Protocol (FTP)

                          b.   Terminal emulation protocol (Telnet)

                          c.   Simple Network Management Protocol (SNMP)

                          d.   Domain Name Service protocol (DNS)

                    2.   There are two standard interfaces for network applications to use the services of the TCP/IP protocol stack.

                          a.    Windows Sockets (Winsock) – some applications that use Winsock are ftp, telnet, and ping

                          b.   NetBIOS – some examples of NetBIOS are the net commands (net view, net use, etc.)

y    2.   Network Interface Technologies

              A.   Several LAN technologies are supported by TCP/IP.

                    1.   Ethernet

                    2.   Token Ring

                    3.   Fiber Distributed Data Interface (FDDI)

              B.   WAN environment might require Windows 2000 Remote Access Service or additional hardware. The following WAN technologies are supported.

                    1.   Serial line technologies

                          a.    Dial-up analog

                          b.   Digital lines

                          c.   Leased lines

                    2.   Packet-switched network technologies

                          a.    X.25

                          b.   Frame relay

                          c.   Asynchronous Transfer Mode (ATM)

              C.  Serial Line Protocols

                    1.   Serial Line Internet Protocol (SLIP)

                          a.    Industry standard developed in early 1980s to support TCP/IP over low-speed serial interfaces

                          b.   Using Windows 2000 RRAS, computers running Windows 2000 can use TCP/IP and SLIP to communicate with remote hosts running SLIP.

Windows 2000 supports only SLIP client functionality, not SLIP server functionality. Also, Windows 2000 RRAS servers do not accept SLIP client connections.

                    2.   Point-to-Point Protocol (PPP)

                          a.    Designed as an enhancement to SLIP

                          b.   PPP is a data-link protocol that provides a standard method of sending network packets over a point-to-point link.

                          c.   PPP provides greater security, configuration handling, and error detection; therefore, it is the recommended protocol for serial line communication.

        3.   Summary

              A.   TCP/IP protocols use a four-layer conceptual model including the following layers: Application, Transport, Internet, and Network Interface.

              B.   IP supports both LAN and WAN interface technologies.

      Lesson 2
Address Resolution Protocol (ARP)

y    1.   ARP

              A.   ARP obtains hardware addresses of TCP/IP hosts on broadcast-based networks.

B.     Hardware address, once obtained, is stored with the IP address in ARP cache.

C.     Used to convert IP Address into MAC Address.

y    2.   Resolving a Local IP Address

A.      ARP cache is checked first to resolve an IP address to a hardware address. If an IP address is not found in ARP cache, ARP broadcasts are issued.

B.     All hosts on the local network receive the broadcast and must check for a match to its own IP address

C.     The destination host that determines that the IP address in the broadcast matches its own IP address sends an ARP reply to the source host with its hardware address. It also updates its own ARP cache with the IP address/hardware address mapping of the source host.

 

y    3. Reverse ARP (RARP)

A.      The reverse of ARP is Reverse Address Resolution Protocol (RARP) which is where a MAC Address is converted into an IP Address. An example of RARP is the case of a diskless workstation which boots up without an IP Address. It would send out a RARP broadcast and await the response of a RARP server that will tell it which IP Address to use. Note: Windows 2000 can not be a RARP client nor a RARP server.

y    4.   Resolving a Remote IP Address

              A.   When a request for communication initiates, the destination IP address is identified as a remote address.

              B.   The source host checks its local routing table for a route to the destination host. If no route is found, it determines the IP address of the default gateway.

              C.  The source host checks its ARP cache for an entry for the specified gateway.

              D.  If no ARP entry exists for the gateway, an ARP request is broadcast for the gateway’s address rather than for the destination host.

              E.   Router responds to the source with its hardware address. The source then sends the packet to the router for further delivery.

              F.   At the router, IP determines whether the destination IP address is local or remote. If it is local, the packet is delivered to the appropriate subnet. If it is remote, the router checks its routing table for a specified gateway, and then it uses ARP cache or broadcast to obtain the gateway’s hardware address so that packet can be sent to the gateway.

              G.  This process repeats for the routers on the way to the destination host.

              H.   When the destination host receives the request, it forms an ICMP echo reply. The reverse process is repeated to send the ICMP echo reply to the source.

y    5.   The ARP Cache

              A.   ARP cache is maintained to minimize the number of broadcasts needed to resolve IP addresses to hardware addressees.

              B.   ARP cache maintains dynamic and static entries.

              C.  Static entries remain in cache until the computer is restarted, until the entry is deleted with the arp –d command, or until an ARP broadcast is received with a different hardware address.

              D.  Each ARP cache entry has a potential lifetime of ten minutes. However, if an entry is not used within two minutes, it is deleted.

              E.   Static entries can be added using arp –s.

y          F.   ARP packets

                    1.   Hardware type

                    2.   Protocol type

                    3.   Hardware address length

                    4.   Protocol address length

                    5.   Operation (Opcode)

                    6.   Sender’s Hardware Address

                    7.   Sender’s protocol address

                    8.   Target’s Hardware Address

ICMP and IGMP

y    1.   ICMP

              A.   ICMP reports errors and provides feedback on specific IP conditions.

              B.   ICMP messages are carried as IP datagrams and are, therefore, unreliable.

C.     ICMP Source Quench message is sent when a source is sending data at a faster rate that the receiver can handle. A Windows 2000 TCP/IP host honors a source quench by slowing its sending rate.

D.     The ping and tracert utilities on Windows 2000 use ICMP.

y    2.   IGMP

              A.   IGMP information passes to other routers so that each router that supports multicasting is aware of which host groups are on which network.

              B.   IGMP packets are carried by IP datagrams and are, therefore, unreliable.

        3.   Summary

A.      ICMP reports errors and controls messages on behalf of TCP/IP. It can be considered a “helper” protocol to IP.

B.     IGMP informs routers that hosts of a specific multicast group are available on a given network.