y Architectural Overview of the TCP/IP
Protocol Suite (adapted from Microsoft Press Chapter Outlines)
y The Microsoft TCP/IP Protocol Suite
1. The Four-Layer Model
A. TCP/IP protocols follow a four-layer
conceptual model.
B. The Network Interface Layer protocols are responsible
for physical interface.
1. Puts frames on and takes frames off the
network
2. Responsible for physical interface
C. The Internet Layer protocols contain the four
Internet protocols.
1. Internet Protocol (IP) is responsible for
addressing and routing packets between hosts and networks.
2. Address Resolution Protocol (ARP) obtains
hardware addresses of hosts on the same physical network using IP addresses
assigned.
3. Internet Control Message Protocol (ICMP)
sends messages and reports errors regarding packet delivery.
4. Internet Group Management Protocol (IGMP) is
used by IP hosts to report host group memberships to local multicast routers.
D. The Transport Layer protocols provide
communication sessions between computers.
1. TCP provides connection-oriented, reliable
communications for applications that typically transfer large amounts of data
at one time.
2. User Datagram Protocol (UDP) provides
connectionless communications and does not guarantee to deliver packets.
E. The Application Layer protocols support
applications on the network.
1. There are many standard TCP/IP utilities and
services implemented by Microsoft in the TCP/IP suite.
a. File Transfer Protocol (FTP)
b. Terminal emulation protocol (Telnet)
c. Simple Network Management Protocol (SNMP)
d. Domain Name Service protocol (DNS)
2. There are two standard interfaces for network
applications to use the services of the TCP/IP protocol stack.
a. Windows Sockets (Winsock) – some applications
that use Winsock are ftp, telnet, and ping
b. NetBIOS – some examples of NetBIOS are the
net commands (net view, net use, etc.)
y 2. Network Interface Technologies
A. Several LAN technologies are supported by
TCP/IP.
1. Ethernet
2. Token Ring
3. Fiber Distributed Data Interface (FDDI)
B. WAN environment might require Windows 2000
Remote Access Service or additional hardware. The following WAN technologies
are supported.
1. Serial line technologies
a. Dial-up analog
b. Digital lines
c. Leased lines
2. Packet-switched network technologies
a. X.25
b. Frame relay
c. Asynchronous Transfer Mode (ATM)
C. Serial Line Protocols
1. Serial Line Internet Protocol (SLIP)
a. Industry standard developed in early 1980s
to support TCP/IP over low-speed serial interfaces
b. Using Windows 2000 RRAS, computers running
Windows 2000 can use TCP/IP and SLIP to communicate with remote hosts
running SLIP.
Windows 2000 supports only SLIP client
functionality, not SLIP server functionality. Also, Windows 2000 RRAS servers
do not accept SLIP client connections.
2. Point-to-Point Protocol (PPP)
a. Designed as an enhancement to SLIP
b. PPP is a data-link protocol that provides a
standard method of sending network packets over a point-to-point link.
c. PPP provides greater security, configuration
handling, and error detection; therefore, it is the recommended protocol for
serial line communication.
3. Summary
A. TCP/IP protocols use a four-layer conceptual
model including the following layers: Application, Transport, Internet, and
Network Interface.
B. IP supports both LAN and WAN interface
technologies.
Lesson 2
Address Resolution Protocol (ARP)
y 1. ARP
A. ARP obtains hardware addresses of TCP/IP
hosts on broadcast-based networks.
B. Hardware
address, once obtained, is stored with the IP address in ARP cache.
C. Used
to convert IP Address into MAC Address.
y 2. Resolving a Local IP Address
A. ARP
cache is checked first to resolve an IP address to a hardware address. If an IP
address is not found in ARP cache, ARP broadcasts are issued.
B. All
hosts on the local network receive the broadcast and must check for a match to
its own IP address
C. The
destination host that determines that the IP address in the broadcast matches
its own IP address sends an ARP reply to the source host with its hardware
address. It also updates its own ARP cache with the IP address/hardware address
mapping of the source host.
y 3. Reverse
ARP (RARP)
A. The
reverse of ARP is Reverse Address Resolution Protocol (RARP) which is where a
MAC Address is converted into an IP Address. An example of RARP is the case of
a diskless workstation which boots up without an IP Address. It would send out
a RARP broadcast and await the response of a RARP server that will tell it
which IP Address to use. Note: Windows 2000 can not be a RARP client nor a
RARP server.
y 4. Resolving a Remote IP Address
A. When a request for communication initiates,
the destination IP address is identified as a remote address.
B. The source host checks its local routing
table for a route to the destination host. If no route is found, it determines
the IP address of the default gateway.
C. The source host checks its ARP cache for an
entry for the specified gateway.
D. If no ARP entry exists for the gateway, an ARP
request is broadcast for the gateway’s address rather than for the destination
host.
E. Router responds to the source with its
hardware address. The source then sends the packet to the router for further
delivery.
F. At the router, IP determines whether the
destination IP address is local or remote. If it is local, the packet is
delivered to the appropriate subnet. If it is remote, the router checks its
routing table for a specified gateway, and then it uses ARP cache or broadcast
to obtain the gateway’s hardware address so that packet can be sent to the
gateway.
G. This process repeats for the routers on the
way to the destination host.
H. When the destination host receives the
request, it forms an ICMP echo reply. The reverse process is repeated to send
the ICMP echo reply to the source.
y 5. The ARP Cache
A. ARP cache is maintained to minimize the
number of broadcasts needed to resolve IP addresses to hardware addressees.
B. ARP cache maintains dynamic and static
entries.
C. Static entries remain in cache until the
computer is restarted, until the entry is deleted with the arp –d command, or
until an ARP broadcast is received with a different hardware address.
D. Each ARP cache entry has a potential lifetime
of ten minutes. However, if an entry is not used within two minutes, it is
deleted.
E. Static entries can be added using arp –s.
y F. ARP
packets
1. Hardware type
2. Protocol type
3. Hardware address length
4. Protocol address length
5. Operation (Opcode)
6. Sender’s Hardware Address
7. Sender’s protocol address
8. Target’s Hardware Address
ICMP and IGMP
y 1. ICMP
A. ICMP reports errors and provides feedback on
specific IP conditions.
B. ICMP messages are carried as IP datagrams and
are, therefore, unreliable.
C. ICMP
Source Quench message is sent when a source is sending data at a faster rate
that the receiver can handle. A Windows 2000 TCP/IP host honors a source
quench by slowing its sending rate.
D. The
ping and tracert utilities on Windows 2000 use ICMP.
y 2. IGMP
A. IGMP information passes to other routers so
that each router that supports multicasting is aware of which host groups are
on which network.
B. IGMP packets are carried by IP datagrams and
are, therefore, unreliable.
3. Summary
A. ICMP
reports errors and controls messages on behalf of TCP/IP. It can be considered
a “helper” protocol to IP.
B. IGMP
informs routers that hosts of a specific multicast group are available on a
given network.