Session 1b: Introductory –

TCP/IP Networking
(An Example)
Objective
•This lecture illustrates the interactions of the protocols of the TCP/IP
protocol suite with the help of an example.
•The example intents to motivate the study of the TCP/IP protocols.

1
 Review: TCP/IP Based Networks
• Internet is based on TCP/IP
• TCP/IP is a suite of protocols
• IP is Internet protocol at the network layer level
• TCP is connection-oriented transport protocol
and ensures end-to-end connection
• UDP is connectionless transport protocol and
provides datagram service
• E-mail, WWW, FTP, Telnet: TCP/IP
• Network mgmt. (SNMP): UDP/IP
• ICMP: part of TCP/IP suite
TCP/IP Based Networks (cont.)
(Protocols used in Network Management)

SNMP(v1, v2, v3)

Simple Network Management Protocol

ICMP

Internet Control Message Protocol

Ping , traceroute (or tracert)

ARP/RARP

Address Resolution Protocol/ (Reverse ARP)

TCP

Socket

Telnet/SSH

HTTP+XML
 TCP/IP Suite and OSI Reference Model
Application
Layer
Application Presentation
The TCP/IP protocol stack does not Layer Layer
define the lower layers of a complete Session
Layer
protocol stack Transport Transport
Layer Layer
Network Network
Layer Layer
(Data) Link (Data) Link
Layer Layer
Physical
Layer

OSI
TCP/IP Suite Reference
Model

4
 Application protocol

IP is the highest layer protocol which is implemented at both
routers and hosts

5
 IP: The waist of the hourglass

IP is the waist of the
hourglass of the Internet Applications
protocol architecture
HTTP FTP SMTP

TCP UDP

Multiple higher-layer protocols

Multiple lower-layer protocols IP

Data link layer

Only one protocol at the network protocols
layer.
Physical layer
protocols

6
 Data Communication Network
Message (Frame)
Application Application
Client
Switch Server
Station
Station
Switch
Access Switch Trunk
Line Line Trunk Outside
Line World
Mobile Client Switch Router
Station Mobile Client
Station
 Internet/internet
LAN
LAN

LAN WAN
LAN

LAN
WAN

: router …
 HTTP Request and HTTP response

Web browser runs an HTTP client program

Web server runs an HTTP server program

HTTP client sends an HTTP request to HTTP server

HTTP server responds with HTTP response
Argon Neon

HTTP client
HTTP request HTTP server
HTTP response

9
 A simple TCP/IP Example

A user on host argon.tcpip-lab.edu (“Argon”) makes a web
access to URL
http://Neon. tcpip-lab.edu/index.html.

argon.tcpip-lab.edu neon.tcpip-lab.edu
("Argon") ("Neon")

W eb request

W eb page

W eb client W eb server

What actually happens in the network?

10
 HTTP Request
GET /example.html HTTP/1.1
Accept: image/gif, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0
Host: 192.168.123.144
Connection: Keep-Alive

11
 HTTP Response
HTTP/1.1 200 OK
Date: Sat, 25 May 2002 21:10:32 GMT
Server: Apache/1.3.19 (Unix)
Last-Modified: Sat, 25 May 2002 20:51:33 GMT
ETag: "56497-51-3ceff955"
Accept-Ranges: bytes
Content-Length: 81
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<HTML>
<BODY>
<H1>Internet Lab</H1>
Click <a href="http://www.tcpip-lab.net/index.html">here</a> for the
Internet Lab webpage.
</BODY>
</HTML>

•Q: How does the HTTP request get from Argon to Neon ?
12
 From HTTP to TCP

To send request, HTTP client program establishes an TCP
connection to the HTTP server Neon.

The HTTP server at Neon has a TCP server running

Argon Neon

HTTP client HTTP request / HTTP response HTTP server

TCP client TCP connection TCP server

13
 Resolving hostnames and port
numbers

Since TCP does not work with hostnames and also would not
know how to find the HTTP server program at Neon, two
things must happen:

1. The name “neon.tcpip-lab.edu” must be translated

into a 32-bit IP address.

2. The HTTP server at Neon must be identified by a

16-bit port number.

14
 Translating a hostname into an IP
address

The translation of the hostname neon.tcpip-lab.edu into an IP
address is done via a database lookup

neon.tcpip-lab.edu

HTTP client DNS Server

128.143.71.21

argon.tcpip-lab.edu 128.143.136.15

The distributed database used is called the Domain Name

System (DNS)

All machines on the Internet have an IP address:
argon.tcpip-lab.edu 128.143.137.144
neon.tcpip-lab.edu 128.143.71.21

15
 Finding the port number

Note: Most services on the Internet are reachable via well-
known ports. E.g. All HTTP servers on the Internet can be
reached at port number “80”.

So: Argon simply knows the port number of the HTTP
server at a remote machine.

On most Unix systems, the well-known ports are listed in a

file with name /etc/services. The well-known port numbers
of some of the most popular services are:
ftp 21 finger 79
telnet 23 http 80
smtp 25 nntp 119

16
 Requesting a TCP Connection

The HTTP client at argon.tcpip-lab.edu requests the TCP client to establish
a connection to port 80 of the machine with address 128.141.71.21

argon.tcpip-lab.edu

HTTP client

Establish a TCP connection

to port 80 of 128.143.71.21

TCP client

17
 Invoking the IP Protocol

The TCP client at Argon sends a
request to establish a connection argon.tcpip-lab.edu

to port 80 at Neon TCP client

This is done by asking its local IP Send an IP datagram to

module to send an IP datagram 128.143.71.21

to 128.143.71.21
IP

(The data portion of the IP datagram contains
the request to open a connection)

18
 Sending the IP datagram to an IP
router

Argon (128.143.137.144) can deliver the IP datagram directly to
Neon (128.143.71.21), only if it is on the same local network
(“subnet”)

But Argon and Neon are not on the same local network
(Q: How does Argon know this?)

So, Argon sends the IP datagram to its default gateway

The default gateway is an IP router

The default gateway for Argon is Router137.tcpip-lab.edu
(128.143.137.1).
19
 The route from Argon to Neon
argon.tcpip-lab.edu neon.tcpip-lab.edu
"Argon" "Neon"
128.143.137.144 128.143.71.21

router137.tcpip-lab.edu router71.tcpip-lab.edu
"Router137" "Router71"
128.143.137.1 128.143.71.1

Router

Ethernet Network Ethernet Network

Note that the gateway has a different name for each of its interfaces.
20
 Finding the MAC address of the gateway

To send an IP datagram to Router137, Argon puts the IP
datagram in an Ethernet frame, and transmits the frame.

However, Ethernet uses different addresses, so-called Media
Access Control (MAC) addresses (also called: physical
address, hardware address)

Therefore, Argon must first translate the IP address
128.143.137.1 into a MAC address.

The translation of addressed is performed via the Address
Resolution Protocol (ARP)

21
 Address resolution with ARP
ARP message: What is the MAC
address of 128.143.137.1?

ARP message: IP address 128.143.137.1

belongs to MAC address 00:e0:f9:23:a8:20

argon.tcpip-lab.edu router137.tcpip-lab.edu
128.143.137.144 128.143.137.1
00:a0:24:71:e4:44 00:e0:f9:23:a8:20

22
 Invoking the device driver

The IP module at Argon, tells its Ethernet device driver to send
an Ethernet frame to address 00:e0:f9:23:a8:20

argon.tcpip-lab.edu

IP module

Send an Ethernet frame

to 00:e0:f9:23:a8:20

Ethernet

23
 Sending an Ethernet frame

The Ethernet device driver of Argon sends the Ethernet frame
to the Ethernet network interface card (NIC)

The NIC sends the frame onto the wire

IP Datagram for Neon

argon.tcpip-lab.edu router137.tcpip-lab.edu
128.143.137.144 128.143.137.1
00:a0:24:71:e4:44 00:e0:f9:23:a8:20

24
 Forwarding the IP datagram

The IP router receives the Ethernet frame at interface 128.143.137.1,
recovers the IP datagram and determines that the IP datagram should
be forwarded to the interface with name 128.143.71.1

The IP router determines that it can deliver the IP datagram directly

argon.tcpip-lab.edu neon.tcpip-lab.edu
"Argon" "Neon"
128.143.137.144 128.143.71.21

router137.tcpip-lab.edu router71.tcpip-lab.edu
"Router137" "Router71"
128.143.137.1 128.143.71.1

Router

Ethernet Network Ethernet Network

25
 Another lookup of a MAC address

The rouer needs to find the MAC address of Neon.

Again, ARP is invoked, to translate the IP address of Neon
(128.143.71.21) into the MAC address of neon
(00:20:af:03:98:28).
ARP message: What is the MAC
address of 128.143.71.21?

ARP message: IP address 128.143.71.21

belongs to MAC address 00:20:af:03:98:28

router71.tcpip-lab.edu neon.tcpip-lab.edu
128.143.71.1 128.143.71.21
00:20:af:03:98:28
26
Invoking the device driver at the router

The IP protocol at Router71, tells its Ethernet device driver
to send an Ethernet frame to address 00:20:af:03:98:28

router71.tcpip-lab.edu

IP module

Send a frame to
00:20:af:03:98:28

Ethernet

27
 Sending another Ethernet frame

The Ethernet device driver of Router71 sends the Ethernet
frame to the Ethernet NIC, which transmits the frame onto
the wire.

IP Datagram for Neon

router71.tcpip-lab.edu neon.tcpip-lab.edu
128.143.71.1 128.143.71.21
00:20:af:03:98:28
28
 Data has arrived at Neon

Neon receives the Ethernet frame

The payload of the Ethernet frame is an IP
datagram which is passed to the IP protocol.
Neon.cerf.edu

The payload of the IP datagram is a TCP
segment, which is passed to the TCP server HTTP server

Note: Since the TCP segment is a connection request (SYN), TCP server
the TCP protocol does not pass data to the HTTP program
for this packet. Instead, the TCP protocol at neon will
respond with a SYN segment to Argon. IP m odule

Ethernet

29
 Wrapping-up the example

So far, Neon has only obtained a single packet

Much more work is required to establish an actual TCP
connection and the transfer of the HTTP Request

The example was simplified in several ways:

No transmission errors

The route between Argon and Neon is short
(only one IP router)

Argon knew how to contact the DNS server (without
routing or address resolution)

….

30
 How many packets were really sent?
tcpdump: listening on fxp0
16:54:51.340712 128.143.137.144.1555 > 128.143.137.11.53: 1+ A? neon.cs. (25)
16:54:51.341749 128.143.137.11.53 > 128.143.137.144.1555: 1 NXDomain* 0/1/0 (98) (DF)
16:54:51.342539 128.143.137.144.1556 > 128.143.137.11.53: 2+ (41)
16:54:51.343436 128.143.137.11.53 > 128.143.137.144.1556: 2 NXDomain* 0/1/0 (109) (DF)
16:54:51.344147 128.143.137.144.1557 > 128.143.137.11.53: 3+ (38)
16:54:51.345220 128.143.137.11.53 > 128.143.137.144.1557: 3* 1/1/2 (122) (DF)
16:54:51.350996 arp who-has 128.143.137.1 tell 128.143.137.144
16:54:51.351614 arp reply 128.143.137.1 is-at 0:e0:f9:23:a8:20
16:54:51.351712 128.143.137.144.1558 > 128.143.71.21.21: S 607568:607568(0) win 8192
<mss 1460> (DF)
16:54:51.352895 128.143.71.21.80 > 128.143.137.144.1558: S 3964010655:3964010655(0)
ack 607569 win 17520 <mss 1460> (DF)
16:54:51.353007 128.143.137.144.1558 > 128.143.71.21.80: . ack 1 win 8760 (DF)
16:54:51.365603 128.143.71.21.80 > 128.143.137.144.1558: P 1:60(59)
ack 1 win 17520 (DF) [tos 0x10]
16:54:51.507399 128.143.137.144.1558 > 128.143.71.21.80: . ack 60 win 8701 (DF)

31
 Session 1c: Review of Important
Networking Concepts

Objective (Introductory material).

This module uses the example from the previous module

to review important networking concepts: protocol
architecture, protocol layers, encapsulation, demultiplexing,
network abstractions.

32
 Networking Concepts

Protocol Architecture

Protocol Layers

Encapsulation

Network Abstractions

33
 Sending a packet from Argon to Neon

34
 128.143.71.21 is not on my local network.
Sending a packet from Argon to Neon
Therefore, I need to send the packet to my
128.143.71.21
default gateway withisaddress
on my local network.
128.143.137.1
DNS:
DNS:
ARP:What
The is
WhatIPisthe
address
theIPMAC
address
of Therefore, I can send the packet directly.
of“neon.tcpip-lab.edu
ARP: TheofMAC ””is? of
“neon.tcpip-lab.edu
address 128.143.137.1?
address
128.143.71.21
128.143.137.1 is 00:e0:f9:23:a8:20
ARP: What is the MAC
ARP: TheofMAC
address address of
128.143.71.21?
128.143.137.1 is 00:20:af:03:98:28

frame

frame

35
 Communications Architecture

The complexity of the communication task is reduced by using
multiple protocol layers:

Each protocol is implemented independently

Each protocol is responsible for a specific subtask

Protocols are grouped in a hierarchy

A structured set of protocols is called a communications
architecture or protocol suite

36
 TCP/IP Protocol Suite

The TCP/IP protocol suite is
the protocol architecture of the Application User-level programs

Internet
Transport

Operating system

The TCP/IP suite has four layers: Network
Application, Transport, Network,
Data Link
and Data Link Layer

End systems (hosts)

implement all four layers. Data Link Sublayer in

Gateways (Routers) only have Local Area
Media Access Networks
the bottom two layers. Control (MAC)

37
 Functions of the Layers

Data Link Layer:

Service: Reliable transfer of frames over a link
Media Access Control on a LAN

Functions: Framing, media access control, error checking

Network Layer:

Service: Move packets from source host to destination host

Functions: Routing, addressing

Transport Layer:

Service: Delivery of data between hosts

Functions: Connection establishment/termination, error
control, flow control

Application Layer:

Service: Application specific (delivery of email, retrieval of
HTML documents, reliable transfer of file)

Functions: Application specific
38
 TCP/IP Suite and OSI Reference Model
Application
Layer
Application Presentation
The TCP/IP protocol stack does not Layer Layer
define the lower layers of a complete Session
Layer
protocol stack Transport Transport
Layer Layer
Network Network
Layer Layer
(Data) Link (Data) Link
Layer Layer
Physical
Layer

OSI
TCP/IP Suite Reference
Model

39
 Assignment of Protocols to Layers
ping Application
application
HTTP Telnet FTP DNS SNMP
Layer

TCP UDP Transport

Layer

Routing Protocols

ICMP RIP

Network
IGMP IP PIM
Layer

OSPF
DHCP

ARP Ethernet Data Link

Layer

40 Network
Interface
 Layered Communications

An entity of a particular layer can only communicate with:
1. a peer layer entity using a common protocol (Peer
Protocol)
2. adjacent layers to provide services and to receive
services
N+1 Layer N+1 Layer Protocol N+1 Layer
N+1 Layer
Entity Entity
layer N+1/N
interface
N Layer N Layer Protocol N Layer
N Layer
Entity Entity
layer N/N-1
interface
N-1 Layer N-1 Layer Protocol N-1 Layer
N-1 Layer
Entity Entity

41
 Service Primitives
Communication services are invoked via function calls. The functions
are called service primitives

N+1 Layer N+1 Layer Peer Protocol N+1 Layer

Entity Entity

Request Indicate
Delivery Delivery

N Layer N Layer
Entity Entity

42
 Service Primitives
Recall: A layer N+1 entity sees the lower layers only as a service
provider

N+1 Layer N+1 Layer Peer Protocol N+1 Layer

Entity Entity

Request Indicate
Delivery Delivery

Service Provider

43
 Service Access Points

A service user accesses services of the service provider at
Service Access Points (SAPs)

A SAP has an address that uniquely identifies where the
service can be accessed

Layer-N
N Layer
Entity

layer N/N-1 Layer

service interface N-1
SAP
N-1 Layer- N-1
Layer Entity

44
 Exchange of Data

Assume a layer-N entity at A wants to send data to a layer-N
peer entity to B

The unit of data sent between peer entities is called a Protocol Data Unit
(PDU)

For now, let us think of a PDU as a single packet

N Layer PDU N Layer

A Entity (at layer N) Entity B

What actually happens: Layer N passes the PDU to one of A’s SAPs at layer N-
1

The layer N-1 entity (at A) then constructs its own PDU which it sends to the
layer N-1 entity at B

Note: PDU at layer N-1 = Header + PDU at layer N

45
 Exchange of Data
A B
Layer-N When passed to the SAP, the PDU
Layer-N
Entity is called a Service Data Unit Entity
(SDU)
(Layer-N PDU = Layer- N-1 SDU)
control N PDU
SAPs

Layer- N-1 Layer- N-1

Entity Entity

Header
(of layer N-1)
N PDU
control N PDU

PDU of Layer-N-1
46
 Layers in the Example

47
 Layers in the Example
Send HTTP Request
to neon

Establish a connection to 128.143.71.21 at

port 80Open TCP connection to
128.143.71.21 port 80
IP datagram is a TCP
segment for port 80
Send a datagram (which Send IP data-gram
contains to
a connection
Send IP datagram to
128.143.71.21
request) to 128.143.71.21
128.143.71.21
Frame is an IP Frame is an IP
datagram Send the datagram to 128.143.137.1datagram
Send the datagram
to 128.143.7.21

Send Ethernet frame Send Ethernet frame

to 00:e0:f9:23:a8:20 to 00:20:af:03:98:28

48
 Layers and Services

Service provided by TCP to HTTP:

reliable transmission of data over a logical connection

Service provided by IP to TCP:

unreliable transmission of IP datagrams across an IP network

Service provided by Ethernet to IP:

transmission of a frame across an Ethernet segment

Other services:

DNS: translation between domain names and IP addresses

ARP: Translation between IP addresses and MAC addresses

49
 Encapsulation and Demultiplexing

As data is moving down the protocol stack, each protocol is
adding layer-specific control information
User data

HTTP

HTTP Header User data

TCP

TCP Header HTTP Header User data

IP TCP segm ent

IP Header TCP Header HTTP Header User data

Ethernet IP datagram

Ethernet Ethernet
IP Header TCP Header HTTP Header User data
Header Trailer

Ethernet fram e
50
 Encapsulation and Demultiplexing
in our Example

Let us look in detail at the Ethernet frame between
Argon and the Router, which contains the TCP
connection request to Neon.

This is the frame in hexadecimal notation.

00e0 f923 a820 00a0 2471 e444 0800

4500 002c 9d08 4000 8006 8bff 808f
8990 808f 4715 065b 0050 0009 465b
0000 0000 6002 2000 598e 0000 0204
05b4

51
 Encapsulation and Demultiplexing

6 bytes

destination address
4 bytes
source address

type CRC

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
52
 Encapsulation and Demultiplexing:
Ethernet Header

6 bytes

00:e0:f9:23:a8:20
4 bytes
0:a0:24:71:e4:44

0x0800 CRC

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
53
 Encapsulation and Demultiplexing:
IP Header (1/2)
32 bits
version header Total Length (in bytes)
DS ECN
(4 bits) length (16 bits)
flags
Identification (16 bits) Fragment Offset (13 bits)
(3 bits)
TTL Time-to-Live Protocol
Header Checksum (16 bits)
(8 bits) (8 bits)

Source IP address (32 bits)

Destination IP address (32 bits)

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
54
 Encapsulation and Demultiplexing:
IP Header (2/2)
32 bits
0x4 0x5 0x0 0x0 4410

9d08 0102 00000000000002

12810 0x06 8bff

128.143.137.144

128.143.71.21

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
55
 Encapsulation and Demultiplexing:
TCP Header (1/2)
32 bits

Source Port Number Destination Port Number

Sequence number (32 bits)

Acknowledgement number (32 bits)

header
length
0 Flags window size
TCP checksum urgent pointer
option
type
length Max. segment size Option:
maximum
segment size

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
56
 Encapsulation and Demultiplexing:
TCP Header (2/2)
32 bits

162710 8010

60783510

010
610 0000002 0000102 819210
0x598e 00002

210 410 146010

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
57
 Encapsulation and Demultiplexing:
Application data

No Application Data
in this frame

Ethernet Header IP Header TCP Header Application data Ethernet Trailer

Ethernet frame
58
 Different Views of Networking

Different Layers of the protocol stack have a different view of the
network. This is HTTP’s and TCP’s view of the network.
Argon Neon
128.143.137.144 128.143.71.21

HTTP HTTP
HTTP client
server server

TCP client TCP server TCP server

IP Network

59
 Network View of IP Protocol
128.143.137.144 128.143.71.21

128.143.137.1 128.143.71.1

Router

128.143.71.0/24
128.143.137.0/24
Network
Network

60
 Network View of Ethernet

Ethernet’s view of the network

Argon
(128.143.137.144)

Router137
(128.143.137.1)

Ethernet Network

61