Network Protocols and Services

Communications Protocols
Simply having a wired or wireless physical connection between end devices
is not enough to enable communication. For communication to occur,
devices must know “how” to communicate. Communication, whether by
face-to-face or over a network, is governed by rules called protocols. These
protocols are specific to the type of communication method occurring.

For example, consider two people communicating face-to-face. Prior to

communicating, they must agree on how to communicate. If the
communication is using voice, they must first agree on the language. Next,
when they have a message to share, they must be able to format that
message in a way that is understandable. For example, if someone uses the
English language but poor sentence structure, the message can easily be
misunderstood.

Network protocol communication is the same way. Network protocols

provide the means for computers to communicate on networks. Network
protocols dictate the message encoding, formatting, encapsulation, size,
timing, and delivery options.

Figure 1 Network Protocol Characteristics

Network Protocol Suites

1 | Page
A protocol suite is a set of protocols that work together to provide
comprehensive network communication services. A protocol suite may be
specified by a standards organization or developed by a vendor.
For devices to successfully communicate, a network protocol suite must
describe precise requirements and interactions. Networking protocols define
a common format and set of rules for exchanging messages between
devices. Some common networking protocols are Hypertext Transfer
Protocol (HTTP), Transmission Control Protocol (TCP), and Internet Protocol
(IP).

NB
IP in this course refers to both the IPv4 and IPv6 protocols. IPv6 is the most
recent version of IP and will eventually replace the more common IPv4.

The TCP/IP Protocol Suite

Networks today use the TCP/IP protocol suite. Figure 2 shows the protocols
of the TCP/IP protocol suite.

Figure 2 TCP/IP Protocol Suite and Communication Process

2 | Page
Table 1 TCP/IP Protocols and Standards Descriptions

3 | Page
4 | Page
Format, Size, and Timing
Protocols define the format, size, and timing of different forms of messages.

Format
When you send an email, protocols of the TCP/IP protocol suite are used by
your device to format your message for sending on the network. This is
similar to you sending a letter in the mail. You place your letter in an
envelope. The envelope has the address of the sender and receiver, each
located at the proper place on the envelope. If the destination address and

5 | Page
formatting are not correct, the letter is not delivered. The process of placing
one message format (the letter) inside another message format (the
envelope) is called encapsulation. De-encapsulation occurs when the
process is reversed by the recipient and the letter is removed from the
envelope.

Just as a letter is encapsulated in an envelope for delivery, so too are

computer messages encapsulated. Each computer message is encapsulated
in a specific format, called a frame, before it is sent over the network.

Size
Another rule of communication is size. When people communicate in person
or over the phone, a conversation is usually made up of many smaller
sentences to ensure that each part of the message is received and
understood. Likewise, when a long message is sent from one host to another
over a network, it is necessary to break the message into many frames.

Timing
Timing includes the access method (when can a host send), flow control
(how much information can a host send at one time), and response timeout
(how long to wait for a response).

Unicast, Multicast, and Broadcast

A message can be delivered in different ways. Sometimes, a person wants to
communicate information to a single individual. At other times, the person
may need to send information to a group of people at the same time, or
even to all people in the same area.

Hosts on a network use similar delivery options to communicate.

A one-to-one delivery option is referred to as a unicast, meaning there is

only a single destination for the message, as shown in Figure 3.

6 | Page
Figure 3 Unicast Message

When a host needs to send messages using a one-to-many delivery option,

it is referred to as a multicast, as shown in Figure 4.

Figure 4 Multicast Message

If all hosts on the network need to receive the message at the same time, a
broadcast may be used. Broadcasting represents a one-to-all message
delivery option, as shown in Figure 5.

7 | Page
Figure 5 Broadcast Message

Reference Models
As you learned earlier, the TCP/IP protocol suite is represented by a four-
layer model: Application, Transport, Internet, and Network Access. Another
popular reference model is the Open Systems Interconnection (OSI) model,
which uses a seven-layer model, as shown Figure 6. In networking
literature, when a layer is referred to by a number, such as Layer 4, then
the reference is using the Open Systems Interconnection (OSI) model.
Reference to layers in the TCP/IP model use the name of the layer, such as
the transport layer.

Figure 6 Comparing the OSI and TCP/IP Models

8 | Page
Three Addresses
Network protocols require that addresses be used for network
communication. Addressing is used by the client to send requests and other
data to a server. The server uses the client’s address to return the requested
data to the client that requested it.

Protocols operate at layers. The OSI transport, network, and data link layers
all use addressing in some form. The transport layer uses protocol addresses
in the form of port numbers to identify network applications that should
handle client and server data.
The network layer specifies addresses that identify the networks that clients
and servers are attached to and the clients and servers themselves – IP or
logical address.
Finally, the data link layer specifies the devices on the local LAN that should
handle data frames – MAC or physical address. All three addresses are
required for client-server communication.

Encapsulation
Data is divided into smaller, more manageable pieces to send over the
network. This division of data into smaller pieces is called segmentation.

As application data is passed down the protocol stack on its way to be

transmitted across the network media, it is encapsulated with various
protocol information at each level.

The form that an encapsulated piece of data takes at any layer is called a
protocol data unit (PDU). Each succeeding layer encapsulates the PDU that it
receives from the layer above in accordance with the protocol being used. At
each stage of the process, a PDU has a different name to reflect its new
functions.
Exercise: Give PDU names for each layer.

When sending messages on a network, the encapsulation process works

from top to bottom. At each layer, the upper layer information is considered
data within the encapsulated protocol. For example, the TCP segment is
considered data within the IP packet.

Scenario: Sending and Receiving a Web Page

To summarize network communication processes and protocols, consider the
scenario of sending and receiving a web page. Some of the protocols used
between a web server and a web client are:
HTTP: This application protocol governs the way a web server and a web
client interact.
9 | Page
TCP: This transport protocol manages individual conversations. TCP divides
the HTTP messages into smaller pieces, called segments. TCP is also
responsible for controlling the size and rate at which messages are
exchanged between the server and the client.
IP: This Internet protocol is responsible for taking the formatted segments
from TCP, encapsulating them into packets, assigning them the appropriate
addresses, and delivering them to the destination host.
Ethernet: This network access protocol is responsible for taking the packets
from IP and formatting them to be transmitted over the media.

The complete communication process is demonstrated using an example of a

web server transmitting data to a client and the client receiving the data:
1. The web server prepared the Hypertext Markup Language (HTML) page as
data to be sent.
2. The application protocol HTTP header is added to the front of the HTML
data. The header contains various information, including the HTTP version
that the server is using and a status code indicating it has information for
the web client.
3. The HTTP application layer protocol delivers the HTML-formatted web
page data to the transport layer. TCP segments the data adding source and
destination port numbers.
4. The IP information is added to the front of the TCP information. IP assigns
the appropriate source and destination IP addresses. The TCP segment has
now been encapsulated in an IP packet.
5. The Ethernet protocol adds information to both ends of the IP packet to
create a frame. This frame is delivered through the network towards the web
client.
6. The client receives the data link frames that contain the data. Each
protocol header is processed and then removed in the opposite order it was
added. The Ethernet information is processed and removed, followed by the
IP protocol information, the TCP information, and finally the HTTP
information.
7. The web page information is then passed on to the client’s web browser
software.

Lab 2: Introduction to Wireshark

Wireshark is a software protocol analyzer, or “packet sniffer” application,
used for network troubleshooting, analysis, software and protocol
development, and education. In this lab, you will use Wireshark to capture
and analyze network traffic.

10 | P a g e
Ethernet
The Ethernet Protocol
Ethernet operates in the data link layer and the physical layer. It is a family
of networking technologies that are defined in the IEEE 802.2 and 802.3
standards. Ethernet relies on the two separate sub layers of the data link
layer to operate, the Logical Link Control (LLC) and the Media Access Control
(MAC) sub layers

LLC is responsible for communication with the network layer. MAC is

implemented by the computer’s network interface card (NIC). The MAC sub
layer has two primary responsibilities:
Data encapsulation: Ethernet encapsulates the IP packet into a frame,
adding timing information, destination and source MAC addresses, and an
error checking feature.
Media access control: Ethernet manages the process of converting the frame
into bits and sending the frame out onto the network. In older wired
networks, devices could not send and receive data at the same time. This is
still the case for wireless networks. In such situations, Ethernet use a
process to determine when a device can send and what to do if the data sent
by two devices collides on the network. This process is discussed later in the
course.

The Ethernet Frame

The minimum Ethernet frame size is 64 bytes and the maximum is 1518
bytes. This includes all bytes from the Destination MAC Address field through
the Frame Check Sequence (FCS) field. The Preamble field is not included
when describing the size of a frame.

Any frame less than 64 bytes in length is considered a “collision fragment”

or “runt frame.” Frames with more than 1518 bytes are considered “jumbo
frames” or “baby giant frames.”

If the size of a transmitted frame is less than the minimum or greater than
the maximum, the receiving device drops the frame. Dropped frames are
likely to be the result of collisions or other unwanted signals and are
therefore considered invalid.
Figure 7 shows the structure of the Ethernet II frame.

Figure 7 Ethernet II Frame Fields

11 | P a g e
Preamble and Start Frame Delimiter fields
The Preamble field (7 bytes) and Start Frame Delimiter (SFD)-also called
Start of Frame-field (1 byte) are used for synchronization between the
sending and receiving devices. These first 8 bytes of the frame are used to
get the attention of the receiving nodes. Essentially, the first few bytes tell
the receivers to get ready to receive a new frame.

Destination MAC Address field

This 6-byte field is the identifier for the intended recipient. As you will recall,
this address is used by Layer 2 to assist devices in determining if a frame is
addressed to them. The address in the frame is compared to the MAC
address in the device. If there is a match, the device accepts the frame. Can
be a unicast, multicast, or broadcast address.

Source MAC Address field

This 6-byte field identifies the frame’s originating NIC or interface. Must be a
unicast address.

EtherType field
This 2-byte field identifies the upper layer protocol encapsulated in the
Ethernet frame. Common values are, in hexadecimal, 0x800 for IPv4,
0x86DD for IPv6, and 0x806 for ARP.

Data field
This field (46–1500 bytes) contains the encapsulated data from a higher
layer, which is a generic Layer 3 PDU, or more commonly, an IPv4 packet.
All frames must be at least 64 bytes long. If a small packet is encapsulated,
additional bits called a pad are used to increase the size of the frame to this
minimum size.

Frame Check Sequence field

The Frame Check Sequence (FCS) field (4 bytes) is used to detect errors in a
frame. It uses a cyclic redundancy check (CRC). The sending device includes
the results of a CRC in the FCS field of the frame. The receiving device
receives the frame and generates a CRC to look for errors. If the calculations
match, no error occurred. Calculations that do not match are an indication
that the data has changed; therefore, the frame is dropped. A change in the
data could be the result of a disruption of the electrical signals that
represent the bits.

12 | P a g e
MAC Address Format
An Ethernet MAC address is a 48-bit binary value expressed as 12
hexadecimal digits (4 bits per hexadecimal digit). Hexadecimal digits use the
numbers 0 to 9 and the letters A to F. Figure 8 shows the equivalent decimal
and hexadecimal values for binary 0000 to 1111. Hexadecimal is commonly
used to represent binary data. IPv6 addresses are another example of
hexadecimal addressing.

Figure 8 Different Representations of MAC Addresses

Fig 9 Example MAC Address

All data that travels on the network is encapsulated in Ethernet frames.

13 | P a g e