This article will cover the TCP/IP Protocol within Windows XP Professional.
The Transmission Control Protocol/Internet Protocol is a network
communication protocol. It can be used as a communications
protocol on private networks and it is the default protocol
in use on the internet. When you set up any system to have
direct access to the Internet, whether it is via dial-up or
one of the high speed technologies in use today, your system
will need to utilize the TCP/IP protocol whether it is a
Windows based system or not.
Also, if the given system needs to communicate to other
TCP/IP systems on the local LAN or WAN it will need to
utilize the TCP/IP protocol as well.
[NOTES FROM THE FIELD] - Indirectly connected computers, such as those on a LAN
that hit the internet via certain default gateways, certain
types of routers, Proxy Servers, ISA Servers or other
indirect means, do not necessarily need to use the TCP/IP
protocol. The need only use the network protocol in use for
their LAN, where that LAN protocol would communicate with
the directly connecting mechanism, (default gateway, router,
Proxy Server or other direct device). That directly
connected device would need to use the internet default
protocol of TCP/IP.
TCP/IP is
technically made up of two protocols. The upper layer,
Transmission Control Protocol, on the sending system is
responsible for breaking down the data into smaller packets
to be transmitted over the network, (local and internet),
while the TCP layer on the receiving node reassembles the
packets it receives back into the original data structure.
The lower layer, Internet Protocol, addresses each
individual packet so that it gets delivered to the correct
node. Each routing device on the network, be it a hardware
router or a server system that is performing routing
functions, will check the destination address to see where
to forward the message.
[NOTES FROM THE FIELD] - This is just a basic
overview of TCP/IP and I didn't want to get too involved
with it here within this article. There is bountiful
information on TCP/IP all over the internet and before
pouring through the RFCs I would first suggest you try
TCP/IP
Frequently Asked Questions.
The TCP/IP Model
The TCP/IP suite of protocols maps to a four-layer
conceptual model which is based off of the seven layer Open
System Interconnection (OSI) protocol model.
The detailed function of each layer of the Open System
Interconnection (OSI) protocol model is beyond the scope of
this topic, however, the 60 second overview is as follows:
Physical Layer - Defines the interface between the
medium and the device. This layer also transmits bits (ones
and zeros) and defines how the data is transmitted over the
physical medium. Some examples of Network Components found
at this layer are Multiplexers, Passive Hubs, Active Hubs,
Repeaters and other types of signal Amplifiers.
Data Link Layer - This layer is actually divided into
to sublayers, Logical Link Control, which mainly handles
error correction and flow control and Media Access Control,
which mainly handles the communication with the network
adapter card. Some examples of Network Components found at
the Data Link layer are Bridges, Switches and certain
Advanced Cable Testers.
Network Layer - This OSI layer is responsible for
translating logical network address and names such as
computernames to their MAC addresses and for addressing and
routing data packets over the network. If routers at this
layer can’t forward the data frames as large as the source
node has sent, this OSI layer will break down the data into
smaller units that the devices can handle. Some examples of
Protocols found at the Network Layer are IP, ARP, RARP,
ICMP, RIP, OSFP, IGMP, IPX, NWLink and NetBEUI. Some
examples of Network Components found at this layer are
Brouters, Routers, some types of ATM Switches and Frame
Relay hardware.
Transport Layer - The Transport Layer adds an
additional connection below the Session layer and helps
manage data flow control between nodes on the network. This
layer divides the data into packets on the sending node and
the transport layer of the receiving node reassembles the
message from packets. The Transport Layer provides
error-checking to guarantee error-free data delivery by
requesting retransmission if some packets don’t arrive
error-free. It also sends acknowledgment of successful
transmissions back to the sending node. Some examples of
Protocols found at this layer are TCP, ARP, RARP, SPX and
NWLink. Some examples of Network Components found at the
Transport Layer are Gateways and certain types of Brouters.
Session Layer - This OSI layer, as the name implies,
establishes, maintains and ends sessions between
transmitting nodes across the network and manages which node
can transmit data at a certain time and for how long. Some
examples of Protocols found at this layer are Names Pipes,
NetBIOS Names, RPC and Mail Slots. Some examples of Network
Components found at the Session Layer are Gateways and
certain types of Proxy Servers.
Presentation Layer - The Presentation Layer
technically performs the translation of the data from the
way applications understand it to the way networks
understand it on the transmission end and then back on the
receiving node. It is responsible for protocol conversions,
data encryption / decryption, and data compression /
decompression where the network is considered. Some examples
of Network Components found at the Presentation Layer are
Gateways and certain types of Redirectors. There are no
Protocols that normally operate in this layer.
Application - The Application Layer of the OSI model
allows access to network services for applications
specifically written to run over the network, such as email
and file transfer programs such as FTP. There are many
Protocols found at the Application Layer, some of which
include FTP, TFTP, BOOTP, SNMP, SMTP, TELNET, NCP, and SMB.
The TCP/IP suite four-layer conceptual model is as follows;
Network Interface Layer -
This layer effectively puts the frames on the wire from the
sending node and pulls frames off the wire at the receiving
node and basically correlates to the Physical Layer of the
OSI model.
Internet Layer - Internet
layer protocol of the TCP/IP suite encapsulate packets into
Internet datagrams. There are four Internet protocols that
operate at this layer. The Internet Layer basically (but not
entirely) correlates to the Network Layer of the OSI model.
IP
Internet Protocol
provides connectionless packet delivery for all other
protocols and does not guarantee packet arrival or
correct packet sequence nor does it acknowledge packet
delivery. IP has the main responsibility of addressing
and routing packets between nodes and it does not try to
recover from network errors.
ARP
Address Resolution
Protocol maps IP addresses to a physical machine
addresses (MAC addresses) that are located on the LAN.
IP broadcasts a special ARP inquiry packet containing
the IP address of the destination system. The system
that owns the IP address replies by sending its physical
address to the requester. The MAC sublayer communicates
directly with the network adapter card and is
responsible for delivering error-free data between
network.
ICMP
Internet Control Message
Protocol is a message control and error-reporting
protocol used between network nodes. Higher level
protocols use the information in these datagrams to
recover from any transmission or other errors.
IGMP
The Internet Group
Management Protocol provides a way for nodes to report
their multicast group membership to nearby multicast
routers. Multicasting allows nodes to send content to
multiple other nodes within that multicast group by
sending IP multicast traffic to a single MAC address but
by allowing it to be processed by multiple nodes. IGMP
is part of the Network layer of the OSI model. Windows
XP Professional supports multicast for things such as
Windows 2000 Server NetShow Services.
Transport
Layer - The two Transport layer protocols provide
communication sessions between computers and these sessions
can be connection oriented or connectionless, as outlined
below. The Transport Layer basically (but not entirely)
correlates to the Transport Layer of the OSI model.
TCP
Transmission Control
Protocol is a connection-oriented protocol that provides
reliable communication by assigning a sequence number to
each segment of data that is transmitted so that the
receiving host can send an acknowledgment (ACK) to
verify that the data was received. If an ACK is not
received, the data is retransmitted. TCP guarantees the
delivery of packets, ensures proper sequencing of the
data, and provides a checksum feature that validates
both the packet header and its data for accuracy.
UDP
User Datagram Protocol
is a connectionless protocol that does not guarantee the
delivery or the correct sequencing of packets.
Applications that use UDP typically transfer small
amounts of data at once and the data sent is usually not
considered critical. TFTP (Trivial File Transfer
Protocol) uses UDP.
Application Layer - The
Application Layer is where applications that are
specifically written to operate over networks, gain their
access. There are two TCP/IP services, Winsock and the
NetBIOS over TCP/IP (NetBT) interface, that network
applications most commonly use on Windows XP Professional
networks. The Application Layer basically (but not entirely)
correlates to the Application Layer of the OSI model.
Winsock
Winsock is the standard
interface used for socket-based applications and TCP/IP
protocols. Winsock allows the network application to
bind to a specific port and IP address on a node,
initiate and accept a connection, send and receive data,
and close then close the connection.
NetBT
NetBIOS over TCP/IP is
the standard interface for NetBIOS services, including
name, datagram, and session services. It also provides a
standard interface between NetBIOS-based applications
and TCP/IP protocols and is the network component that
performs computer name to IP address mapping name
resolution. There are currently four NetBIOS over TCP/IP
name resolution methods: b-node, p-node, m-node and
h-node.
Internet Protocol Addressing Overview
The Transmission Control Protocol/Internet Protocol is a network
communication protocol. It can be used as a communications
protocol on private networks and it is the default protocol
in use on the internet. When you set up any system to have
direct access to the Internet, whether it is via dial-up or
one of the high speed technologies in use today, your system
will need to utilize the TCP/IP protocol whether it is a
Windows based system or not.
Also, if the given system needs to communicate to other
TCP/IP systems on the local LAN or WAN it will need to
utilize the TCP/IP protocol as well.
TCP/IP version 4 (IPv4) addresses are made of up four 8-bit fields
(octets) and are 32-bits in size total. Microsoft TCP/IP
version 4 supports the standard classes of address, which
defines which bits are used for the network ID and which
bits are used for the host ID. There are five TCP/IP version
4 (IPv4) addresses, although for the most part, only the A,
B, and C classes are used. The system of IP address classes
described here form the basis for IP address assignment.
Classless Inter-Domain Routing (CIDR) addressing is now
being used more often and I will cover that later in the
article. Classless Inter-Domain Routing is making the IP
address classes in their current for "less defined", for
lack of a better term. Still, the classes form the base of
any addressing scheme.
TCP/IP version 4 address are made of both a network ID and a host
ID. The network ID address identifies the physical network
where the hosts exist. The host ID address identifies the
individual TCP/IP host on a network. The host ID must be
unique on the internal network, that is, no two nodes on a
given network can have the same network ID AND host ID.
[NOTES FROM THE FIELD] - You can have two hosts with the IP host name of 112.12.44
if one is on network 10 and another is on network 11. (The
full IP addresses of these hosts would be 10.112.12.44
and 11.112.12.44. The subnet mask would be 255.0.0.0.) You
cannot assign both of these nodes the host address of
112.12.44 if they are both on network 10 or both on network
11.
The "division" point between the network ID and the host ID is
called the subnet mask. The subnet mask is used to determine
where the network number in an IP address ends and the node
number in an IP address begins.
The bits in a subnet mask are set consecutively from left to
right and there can be no "skips" in the setting structure.
The subnet mask of 255.255.128.0 is valid because all eight
bits are set in the first two octets and the first bit of
the next octet is also set. (11111111.11111111.10000000.00000000). The subnet mask of
255.255.64.0 is not valid because there is a "missing" bit
that is not allowed. (11111111.11111111.01000000.00000000).
[NOTES FROM THE FIELD] - The left most bit in a
TCP/IP version 4 address is called the Most Significant Bit
(MSB) and has the highest value. The right most bit in a
TCP/IP version 4 address is called the Least Significant Bit
(LSB) and has the lowest value.
I have detailed subnet masks
in a little more detail in a following section.
The value of the bits, in order from the Most Significant Bit (MSB) to
the Least Significant Bit (LSB) are 128, 64, 32, 16, 8, 4,
2, 1. These numerical designations are what make up the
TCP/IP version 4 address. Each set bit (noted by a "1") are
added together to give you the address. The TCP/IP version 4
address of 171.144.62.12 converts to a binary number of
10101011.10010000.00111110.00001100 and a hexadecimal number
of AB.90.3E.0C
[NOTES FROM THE FIELD] - While it's important to know that the TCP/IP version 4
address converts to a binary number or a hexadecimal number
it is not often used in day to day operations of the
MCSA/MCSE. It is more so for the Network Administrator. For
the 70-270 exam, concentrate on the different classes of
addresses, how subnet masks work, Classless Inter-Domain
Routing (CIDR) addressing and a basic understanding of the
binary conversion of a TCP/IP version 4 address. Basically,
know the Most Significant Bit (MSB) and the Least
Significant Bit (LSB) and the order of numbers.
The way I remember it was to remember that the Least Significant Bit (LSB) of each octet was "1" and
each place to the left of it doubled in value up to the end
of the octet on the far left. After the DOT I would start
back to "1"
TCP/IP version 6 (IPv6) addresses are a set of specifications from
the Internet Engineering Task Force (IETF) and has been
designed to overcome the current shortage of addresses under
TCP/IP version 4. TCP/IP version 6 also has some other built
in improvements that goes beyond the scope of the discussion
here. The single most important thing you will need to know
for the 70-270 exam (a little more depth may be needed for
the upcoming Exam 70-275: Installing, Configuring and
Administering Microsoft .NET Server and Exam 70-276:
Implementing and Administering a Microsoft .NET Server
Network Infrastructure) is that IPv6 addresses are 128 bits
in length as opposed to 32 bits under IPv4.
Classless Inter-Domain Routing (CIDR) is a newer way to
allocate IP addresses that is more flexible than with the
original Class addressing scheme used in the past. This
makes it so that the utilization of the number of remaining
available Internet addresses has been increased. CIDR is now
the routing system used by virtually all gateway hosts on
the Internet's backbone network.
The original Internet Protocol defines IP addresses in five
classes, Classes A through E. Each of these classes allowed
the use of one portion of the 32-bit Internet address scheme
to the network address and the remaining portion to the
nodes on the network. One of the main reason for the IP
address shortage was in the situation where many companies
needed more than 254 host machines that were allowed under
the Class C scheme but far fewer than the 65,533 host
addresses of the Class B scheme. They would request a unique
B Class address but often ended up not using many of the
addresses within their allotted block. This meant that many
addresses with their pool were unutilized. This is one of
the main reasons the IP address pool was drying up and for
this reason the big push was on for TCP/IP version 6 (IPv6)
and its 128-bit address. Because many of the Internet
authorities realized that it would be some time before IPv6
was in widespread use, Classless Inter-Domain Routing was
born.
Using Classless Inter-Domain Routing, each IP address has a
network prefix that identifies either a collection of
network gateways or an individual gateway. The length of the
network prefix is also specified as part of the IP address
and varies depending on the number of bits that are needed
(rather than any arbitrary class assignment structure). A
destination IP address or route that describes many possible
destinations has a shorter prefix and is said to be less
specific. A longer prefix describes a destination gateway
more specifically. Routers are required to use the most
specific or longest network prefix in the routing table when
forwarding packets.
A Classless Inter-Domain Routing network address looks like
this: 201.44.112.00/18
201.44.112.00 is the address of the network and the "18"
says that the first 18 bits are the network part of the
address, leaving the last 14 bits for the address of the
node. (Effectively, the 18 is the subnet mask from the "old"
style of address classes.) Classless Inter-Domain Routing
lets one routing table entry represent a collection of
networks that exist in the forward path that don't need to
be specified on that particular gateway. This collecting of
networks in a single address is sometimes referred to as a
supernet as by their definition they mean the same thing.
Classless Inter-Domain Routing is supported by The Border
Gateway Protocol, the prevailing exterior (interdomain)
gateway protocol. (The older exterior or interdomain gateway
protocols, Exterior Gateway Protocol and Routing Information
Protocol, do not support Classless Inter-Domain Routing.)
Classless Inter-Domain Routing is also supported by the OSPF
interior or intradomain gateway protocol.
Subnet Masks - Implementing subnewtorks (commonly referred to
as subnets in the field) helps to control network traffic.
Every node on the same physical Ethernet network sees all
the packets of data sent out on the network. Often this has
the result of multiple collisions causing network
performance to be slow. Routers or gateways are used to
separate networks into subnets. Subnet masks on each of the
nodes allow the nodes on the same subnetwork to continue to
communicate with one another and to the routers or gateways
they use to send their messages.
Subnet masks allows you to identify the network ID and the
host (node) ID of an IP address.
Given the following example of a default B Class subnet
mask:
Subnet Mask : 255.255.240.0
Subnet bit mask : nnnnnnnn.nnnnnnnn.nnnnhhhh.hhhhhhhh
Subnet Bits : 20
Host Bits : 12
Possible Number of Subnets : 16
Hosts per Subnet : 4094
we can see that rather than having the single subnet and
65534 Hosts per Subnet allowed under the default subnet mask
we are able to have up to 16 subnets with up to 4094 Hosts
per Subnet by using a Subnet Mask of 255.255.240.000.
Selected Subnet : 158.21.0.0/255.255.240.0
Usable Addresses : 4094
Host range : 158.21.0.1 to 158.21.15.254
Broadcast : 158.21.15.255
Subnet
Mask
Subnets
Host Range
Broadcast
158.21.0.0
255.255.240.0
4094
158.21.0.1 to 158.21.15.254
158.21.15.255
158.21.16.0
255.255.240.0
4094
158.21.16.1 to 158.21.31.254
158.21.31.255
158.21.32.0
255.255.240.0
4094
158.21.32.1 to 158.21.47.254
158.21.47.255
158.21.48.0
255.255.240.0
4094
158.21.48.1 to 158.21.63.254
158.21.63.255
158.21.64.0
255.255.240.0
4094
158.21.64.1 to 158.21.79.254
158.21.79.255
158.21.80.0
255.255.240.0
4094
158.21.80.1 to 158.21.95.254
158.21.95.255
158.21.96.0
255.255.240.0
4094
158.21.96.1 to 158.21.111.254
158.21.111.255
158.21.112.0
255.255.240.0
4094
158.21.112.1 to 158.21.127.254
158.21.127.255
158.21.128.0
255.255.240.0
4094
158.21.128.1 to 158.21.143.254
158.21.143.255
158.21.144.0
255.255.240.0
4094
158.21.144.1 to 158.21.159.254
158.21.159.255
158.21.160.0
255.255.240.0
4094
158.21.160.1 to 158.21.175.254
158.21.175.255
158.21.176.0
255.255.240.0
4094
158.21.176.1 to 158.21.191.254
158.21.191.255
158.21.192.0
255.255.240.0
4094
158.21.192.1 to 158.21.207.254
158.21.207.255
158.21.208.0
255.255.240.0
4094
158.21.208.1 to 158.21.223.254
158.21.223.255
158.21.224.0
255.255.240.0
4094
158.21.224.1 to 158.21.239.254
158.21.239.255
158.21.240.0
255.255.240.0
4094
158.21.240.1 to 158.21.255.254
158.21.255.255
[NOTES FROM THE FIELD] - A subnet address cannot be all 0's or all 1's.
TCP/IP Class A Address Overview
The "A" class addressing scheme
has an official start address of 0.0.0.0 and an official
last address of 127.255.255.255.
Not all of these address can be used and you will OFTEN see
conflicting information on this.
1.0.0.1 to 126.255.255.254 is
the range of IP addresses that are included in the "A" class
addressing scheme that are the useable range for node
assignment
126.255.255.255 is a broadcast address and in most case
cannot be assigned. (There are exceptions to the rule.)
The local host will use 0.0.0.0 when it cannot reach a DHCP
server when it is set to use one and cannot assign itself an
address using APIPA.
1.0.0.1 to 126.255.255.254 is the useable range.
There are 126 Class A networks total, each allowed to have
up to 16,777,214 hosts
The 127.x.x.x range is used for internal host loopback
There are three IP network addresses reserved for private
networks. 10.0.0.0 - 10.255.255.255 with the subnet
mask 255.0.0.0 is the range for Class A IP addresses.
They can be used by anyone setting up internal IP networks,
such as a lab or home LAN behind a NAT or proxy server or a
router. It is always safe to use these because routers on
the Internet will never forward packets coming from these
addresses.
These addresses are defined in RFC 1918.
While 10.0.0.0 - 10.255.255.255 addresses with the subnet
mask 255.0.0.0 are available to only internal IP networks,
they are still considered part of the Class "A" range.
TCP/IP Class B Address Overview
The "B" class addressing scheme
has an official start address of 128.0.0.0 and an official
last address of 191.255.255.255.
Not all of these address can be used and you will OFTEN see
conflicting information on this.
128.0.0.1 to 191.255.255.254 is the range of IP addresses
that are included in the "B" class addressing scheme that
are the useable range for node assignment.
The local host will use 0.0.0.0 when it cannot reach a DHCP
server when it is set to use one and cannot assign itself an
address using APIPA.
There are three IP network addresses reserved for private
networks. 172.16.0.0 - 172.31.255.255 with the subnet mask
255.240.0.0 is the range for Class B IP addresses.
They can be used by anyone setting up internal IP networks,
such as a lab or home LAN behind a NAT or proxy server or a
router. It is always safe to use these because routers on
the Internet will never forward packets coming from these
addresses.
These addresses are defined in RFC 1918.
While 172.16.0.0 - 172.31.255.255 addresses with the subnet
mask 255.240.0.0 are available to only internal IP networks,
they are still considered part of the Class "B" range.
TCP/IP Class C Address Overview
The "C" class addressing scheme
has an official start address of 192.0.0.0 and an official
last address of 223.255.255.255.
Not all of these address can be used and you will OFTEN see
conflicting information on this.
192.0.0.1 to 223.255.255.254 is the range of IP addresses
that are included in the "C" class addressing scheme that
are the useable range for node assignment.
The local host will use 0.0.0.0 when it cannot reach a DHCP
server when it is set to use one and cannot assign itself an
address using APIPA.
There are three IP network addresses reserved for private
networks. 192.168.0.0 - 192.168.255.255 with the subnet mask
255.255.0.0 is the range for Class C IP addresses.
They can be used by anyone setting up internal IP networks,
such as a lab or home LAN behind a NAT or proxy server or a
router. It is always safe to use these because routers on
the Internet will never forward packets coming from these
addresses.
These addresses are defined in RFC 1918.
While 192.168.0.0 - 192.168.255.255 addresses with the
subnet mask 255.255.0.0 are available to only internal IP
networks, they are still considered part of the Class "C"
range.
TCP/IP Class D Address Overview
The IP version 4 addresses of 224.0.0.0 through 239.255.255.255 are
set aside through IANA (Internet Assigned Numbers Authority)
as a special class of addresses for Multicast uses. At the
present, ISPs are unable to allocate Class D address space
to their customers. These addresses must be allocated
through IANA.
Class D addresses are only required if you wish to be a
multicast source. You can still receive multicast data
without the need for a separate Class D address.
TCP/IP Class E Address Overview
The IP version 4 addresses of 240.0.0.0 to 254.255.255.255 are set
aside through IANA (Internet Assigned Numbers Authority) as
a special class of addresses for experimental and future
use.
The IP
address of 255.255.255.255 broadcasts to all hosts on the
local network and therefore, is not to be considered as part
of the E class of IP addresses.
"The fact that the grass is greener on the other side of the fence is
directly proportional to how much manure is being used on
the property"