TCP/IP Protocol Suite and IP Addresses – The Basics
Idlehands
sysop@kbnet.co.uk
TCP/IP, Protocol, Security, IP Address
1.1 Introduction
2.1 Background on TCP/IP
3.1 IP and IP Addresses
3.2 Class of addresses
3.3 Important addresses to recognize.
4.1 Biography
4.2 Final Note
4.3 Credits
1.1 Introduction
This file explains some of the topics that are associated with
the TCP/IP protocol suite and IP addresses. The information here
has been collected from numerous files on the topic. This file
was also supposed to include a section on port scanning and a
listing of ports. Unfortunately I’ve been slacking, so the other
two sections will have to wait. As usual, I do not condone nor
take responsibility for the actions of individuals, based upon
the information contained within. All information here is for
educational use only.
2.1 Background on TCP/IP
TCP/IP is an open networking protocol, which means that all aspects
of the protocol suite are published. They are also available for
anyone to use on their hardware and software. TCP/IP is probably
the most used protocol in the world. The main reason for TCP/IP being
so popular is very simple. TCP/IP will allow a user to connect devices
of almost all platforms together and talk in a universal language.
TCP/IP is not just a single protocol, but is a whole suite of protocols,
amounting to a dozen or so protocols, all designed to per task. All of
the protocols use TCP and IP to transmit data.
TCP (Transmission Control Protocol) and IP (Internet Protocol) are the
two main protocols of the TCP/IP suite. All of the protocols can be
grouped together according with the type of task that they fulfil.
Transport
These protocols are responsible for transmitting packets of data from
one device to another through a network.
TCP – Transmission Control Protocol
TCP is a connection-based service, meaning that two devices transmitting
data must be connected through a constant connection.
UDP – User Datagram Protocol
UDP is the opesite to TCP in that fact that it is a connectionless based
service. This means that two devices exchanging data do not communicate
with each other through a constant connection.
Routing
These protocols deal with the addressing of data and working out which
is the best route for the data to take. They also deal with how large packets
are broken up and reassembled.
IP – Internet Protocol
IP deals with the actual transmission of data.
ICMP – Internet Control Message Protocol
ICMP deals with status messages for IP, such as errors and network changes
that may effect routing.
RIP – Routing Information Protocol
One of several protocols designed to determine the best routing method.
OSPF – Open Shortest Path First
Another protocol designed to determine the best routing method.
Network Addresses
These protocols are designed to handle the way that devices are
addressed by both a unique number and a more common hostname.
ARP – Address Resolution Protocol
Figures out the unique address of devices on the network
DNS – Domain Name System
Works out a device’s numeric address from device hostnames.
RARP – Reverse Address Resolution Protocol
Works out the unique address of a device, but in a completely
different method from ARP.
BOOTP – Boot Protocol
This protocol starts up a network device by reading the boot
information from a server. BOOTP is most often used by diskless
workstations.
User Services
These are services that users have access too.
FTP – File Transmission Protocol
This protocol transfers files from one machine to another. FTP
uses TCP for transport.
TFTP – Trivial File Transmission Protocol
This simple file transport method uses UDP as transport.
Telnet – Telnet
This protocol allows remote logins. A user on one machine can login
to another machine and behaves as if the user is sat at that machine.
Gateway Protocols
These protocols help networks communicate routing and status
information, as well as handling data for local networks.
EGP – Exterior Gateway Protocol
This protocol transfers routing information for external networks.
GGP – Gateway-to-Gateway Protocol
This protocol handles routing information between Internet gateways.
IGP – Interior Gateway Protocol
This protocol deals with the transfer of routing information for
internal networks.
Other Protocols
These protocols do not fit into any of the previous categories,
but provide very important services for a network.
NFS – Network File System
This protocol means that a user can mount external directories
to their machine as if they were hosted on the local machine.
NIS – Network Information Service
This service maintains user accounts across a network, easing the
problem of username and passwd maintenance.
RPC – Remote Procedure Call
This protocol allows remote applications to communicate with one another
using function calls.
SMTP – Simple Mail Transfer Protocol
This protocol is designed to deal with the problem of transferring E-mail
between machines.
SNMP – Simple Network Management Protocol
This protocol is used to obtain status messages about TCP/IP configurations
and software. SNMP requires a loopback to be in place for proper operation.
3.1 IP and IP Addresses
IP is a connectionless network protocol within the TCP/IP suite;
unfortunately, it is also very unreliable, containing two 32-bit
header fields (network address and terminal address). IP is also
the busiest of the TCP/IP protocols because almost all TCP/IP traffic
is encapsulated within an IP packet. It’s IP’s job to route packets
around the network, but it provides no means for reliability or
accountability (IP relies on upper layers for that). IP can try to
send an ICMP error message back to the source, but this can be lost
as well. ICMP is used to relay network conditions and errors to IP
and the other layers. As IP is connectionless, it doesn’t store any
connection state information. Each IP packet is sent out without regard
to the last one or the next packet.
IP Addresses are 32-bit numbers that uniquely identify any machine on
a TCP/IP based network. These “addresses” allow proper routing within
the network. Each 32-bit IP address is broken up into four parts 8-bit
segments. Each segment can have a range of 0 to 255 (2 to the power of 8,
minus 1) and each 8-bit segment is separated by a dot. This type of
notation is called dotted quad. An example of an IP address is
194.156.169.3
The two fields (network address and terminal address) allow for
two networks to have the same terminal address. All IP addresses must
be assigned by NIC (network information center) based on the size of
the proposed network. All IP addresses must be assigned by NIC
to prevent duplication of addresses.
3.2 Classes of IP Addresses
IP addresses are assigned relating to the size of a network. There are
three categories in this classification: class A, class B and class C.
The three network classifications break the IP address into different
sizes for the network and terminal addresses.
A class A network only uses one byte for the network addresses and
the other three bytes are used for the terminal address. This allows
for over 16 million different terminal addresses. Class B addresses
uses two bytes for the network address and two bytes for the terminal
address. This combination allows for over 65,000 possible terminal
address, but only a few large companies are limited to this address.
Type C addresses have three bytes assigned for the network address
and a single byte for the terminal address. This means that the network
has a maximum of 254 terminal addresses (255 and 0 are reserved for
special use).
There are limitations for the first value of the IP address.
A class A network’s first value must be between 0 and 127.
A class B network must have a first value of between 128 and 191.
Finally, a class C network’s first value must be between 192 and 233.
This is because of the way the first byte is broken up, with a few bits
at the front to identify the class of network. The values 0 and 255
are reserved for special use.
Messages sent through TCP/IP use the IP address to identify devices
on the network that are receiving and transmitting data, as well
as routing information contained with the message headers.
3.3 Important IP Addresses to Recognize
These IP addresses are pretty-much standard among TCP/IP networks
and are handy to know.
127.0.0.1 – Loopback
A Loopback or “Dummy Interface” is used to give a machine an IP address
to work with when it only uses SLIP (Serial Line Internet Protocol)
and PPP (Point-to-Point Protocol) interfaces. A Loopback solves
the problem of a machine with no network cards communicating with
another machine. Almost all TCP/IP Protocols need an IP address,
something usually lacking in a standalone config. Therefore
a Loopback is configured to the standard IP address of 127.0.0.1
Broadcast Address
The broadcast address is used when one machine wants to send
the same packet of data to all the machines on the network.
To get the broadcast address, you set the terminal address to 255.
For example, if your IP address it 194.168.148.6, then your broadcast
address is 194.168.148.255. This address is very useful when trying
to determine the number of hosts on a network. This will be explained
later in the file.
Gateway Address
The gateway address is the IP address of the machine that is
the network’s gateway out to other networks, including the Internet
(such as a router). Normally, the gateway has the same IP address
as that of your machine, but the terminal address is set to the
value of 1. For example, if your IP address as 192.168.148.6,
then your gateway address would be 192.168.148.1.
Network Address
The network address is basically the network proportion of your
IP address. For example, if your IP address was 194.168.148.6…
Class B network address – 194.168.0.0
Class C network address – 194.168.148.0
4.1 Biography
This file is based upon the information contained in:
Linux Unleashed (v.4)
Various issues of Phrack
Personal knowledge
4.2 Final Note
This file only scratches the surface of the topic. With a little more
time sober, I’ll either add topics or rewrite it completely, but life’s
been a little complicated of late.
Idle Hands
(
geocities.com/eljehad1)