howtothings.co.uk
[Network +] Common networking protocols and the TCP/IP suite - Printable Version

+- howtothings.co.uk (https://www.howtothings.co.uk)
+-- Forum: Computing (https://www.howtothings.co.uk/forumdisplay.php?fid=4)
+--- Forum: Hardware, Networking and Wireless (https://www.howtothings.co.uk/forumdisplay.php?fid=11)
+--- Thread: [Network +] Common networking protocols and the TCP/IP suite (/showthread.php?tid=768)



[Network +] Common networking protocols and the TCP/IP suite - Mark - 18-02-2011

[Network +] Common networking protocols and the TCP/IP suite

There are a lot of protocols in use today but they all have one thing in common and that is that they are sets of rules to determine how communication will take place within a network.
You should be aware of the different protocols in use today and how they work together, or in some cases don't work together.
In addition, groups of protocols are combined to create protocol suites. One of the most important being the Transmission Control Protocol / Internet Protocol or TCP/IP.

Today I will be covering the protocols within the TCP/IP suite.

The TCP/IP suite is split in to four layers and these are, Link, Internet, Transport and Application with each layer containing different protocols.
I don't like to say this but if you don't want to read about all of the protocols then the key ones you need to understand are: IP, TCP, UDP with knowledge of HTTP, HTTPS, FTP and the mail protocols.


IP (Internet Protocol)
IP is a connectionless protocol that transports packets from a source host to a destination host, across one or more networks. All network devices are assigned with an IP address.

TCP (Transmission Control Protocol)
TCP is a connection oriented protocol that provides reliable delivery of data from one computer program to another. TCP is used by applications such as FTP.

TCP requires that a session is established between two computers before communication can take place.
TCP works using a three way handshake process:

1) The host sends a SYN to the target host.
2) The target host then opens a connection and sends back a SYN ACK.
3) The host then sends an ACK to confirm that it received the SYN ACK. After this three way handshake has taken place, data can then be transferred.

When you send data using TCP, TCP is responsible for breaking the data into packets and controlling the rate of data flow.
It does this by telling the sender to either speed up or slow down, this is a precaution to ensure that programs never receive more data than they can handle.

The sender keeps a record of every packet that it sends and receives, as well as a timer from when the packet was sent and re-sends a packet if the time expires, this is used when a packet is lost or corrupt.
The receiver responds with an ACK for each packet that it receives.

If a server sends 100 SYN packets but the client only receives 97, then the client will only send 97 ACKs back. The server would then check and notice that it's 3 packets short so it would then resend the missing SYNs, this is to make sure that the client did NOT receive the packets and that it was not just a routing / networking error when the client was supposed to have sent the ACKs.

In essence there are two connections being made with TCP. Each side of the connection has both a Tx(transmit) and a Rx(receive) and they are independent of each other.

TCP uses error correction, it is not one side talking at a time saying I GO, YOU GO. It is both sides speaking and listening simultaneously.

*Thanks to Pack3t SynAck3r for his clarification and addition.


UDP (User Datagram Protocol)
UDP is a connectionless protocol. UDP broadcasts packets in the hope that they are received, resulting in many packets being lost. UDP is used by DNS and VoIP amongst others.

FTP (File Transfer Protocol)
Used to transfer files between computers / servers either within an intranet or the internet. Uses TCP and is based on a client / server set up.

TFTP (Trivial File Transfer Protocol)
Used to transfer files but unlike FTP, TFTP uses UDP instead of TCP. Compared to FTP, TFTP is limited and is often used to transfer files to routers or switches for management purposes and doesn't require authentication.

SMTP (Simple Mail Transfer Protocol)
SMTP is used to send emails and uses TCP to guarantee delivery.

HTTP (Hypertext Transfer Protocol)
The foundation protocol used on the internet, allowing you to view files on the world wide web.

HTTPS (Hypertext Transfer Protocol Secure)
Uses SSL to encrypt traffic, usually passwords for secure sites such as paypal.

POP3 (Post Office Protocol Version 3)
Allows the retrieval of emails from a webserver to a client, the emails are then stored on the local client.

IMAP4 (Internet Message Access Protocol version 4)
Similar to POP3 where it allows the retrieval of emails but the main difference is that the emails are stored on a server and not locally on a client.

Telnet (Telnet)
I'd say Telnet is legacy now but is still often used to connect to and manage switches or routers although it is insecure as it authenticates in clear text. It provides a CLI for remote management.

SSH (Secure Shell)
SSH in many ways replaced Telnet, it offers a secure alternative to log on to computers remotely provided with a CLI. Often used to connect to servers, traffic can also be tunneled over SSH such as VNC.

ICMP (Internet Control Message Protocol)
ICMP is often used to send error messages regarding networked computers. ICMP relies on IP and is used with tools such as ping and traceroute, ICMP sends echo replies to pings or messages such as "Destination Host Unreachable" or "Time Exceeded".
ICMPv4 is used for IPv4 networks and ICMPv6 for IPv6 networks.

ARP (Address Resolution Protocol)
ARP resolves IP addresses to MAC addresses. Checks in the ARP cache first before using a broadcast that determines the MAC address of the client. ARP is often targeted in MITM attacks, sometimes called ARP cache posioning attacks.

RARP (Reverse Address Resolution Protocol)
RARP is somewhat the opposite to ARP in the sense that it resolves MAC addresses to IP addresses. RARP is now obsolete and has been replaced by DHCP

NTP (Network Time Protocol)
NTP is used to synchronise computer clocks and time in a network. Microsoft often complains that you need your clock synchronised with their server before you can use Windows Update.

SIP (Session Initiation Protocol)
SIP is commonly used to control voice and video calls over IP,(VoIP). I don't know a lot about SIP

RIP (Routing Information Protocol)
RIP is a routing protocol. It uses distance vector routing and hop counts as it's routing metric, 15 hops is the maximum supported with 16 considered infinate. Uses UDP and port 520. The latest version is RIPv2, RIPv2 multicasts the entire routing table to adjacent routers at the address 224.0.0.9, hosts that don't run RIP drop the requests. OSPF has been considered better than RIP.


Other Protocols

IGMP (Internet Group Management Protocol)
TLS (Transport Layer Security)
DHCP (Dynamic Host Configuration Protocol)
LDAP (Lightweight Directory Access Protocol)


There are some others as well but familiarise yourself with these and you'll be good to go.
Also, no ripping my hard work!



RE: [Network +] Common networking protocols and the TCP/IP suite - Pack3t SynAck3r - 19-02-2011

(18-02-2011, 12:52 AM)Mark Wrote: TCP (Transmission Control Protocol)
TCP is a connection oriented protocol that provides reliable delivery of data from one computer program to another. TCP is used by applications such as FTP.
When you send data using TCP, the receiver responds with an acknowledgment message when it receives the data. The sender keeps a record of every packet that it sends and it waits until it receives the acknowledgment before sending the next packet. The sender also keeps a timer from when the packet was sent and re-sends a packet if the timer expires, this is used when a packet is lost or corrupt.

Not entirely accurate. The server side or the one who is sending SYN(chronize) / ACK(nowledge)packets does keep a record of every ACK that it receives back, but it does not wait for ACK packets to keep on sending. It may send 100 SYN packets in a burst and may receive back only 97 ACK's. There is a three way handshake they always show you diagrams of that only represents what is necessary to initiate the connection. The thing you have to remember is that there are actually two connections in essence being made with TCP. Each side on the connection has both a transmit or Tx(transmit) and a Rx(receive) they are independent of each other. The built in error checking on the server is simply whatever ACK packets were missing it resends SYNs first to make sure that the client did NOT receive the packet and that it was not just an routing/networking error when the client was supposed to have sent the ACK, and so on.

If the two sides waited for each individual packet it would only slow things down. TCP uses error correction, it is not one side talking at a time saying I GO, YOU GO. It is both sides speaking and listening simultaneously. Something that we as humans have an extraordinarily hard time with.


RE: [Network +] Common networking protocols and the TCP/IP suite - Mark - 21-02-2011

Thanks for the correction Packet, apologies on the time taken to get back to you but I did some further reading before editing the thread. I hope that now it is up to par before I can expand on the other protocols.


RE: [Network +] Common networking protocols and the TCP/IP suite - Pack3t SynAck3r - 21-02-2011

No worries, it is obvious you are busting your ass to learn these things, and good for you. Sometimes books/classes that cover a lot of material aren't very detail oriented in specifics, and often fail the student. You took some time to write that post, and I am glad you double checked to make sure I wasn't pulling your leg. I may clown a lot, but when it comes to technical details I am pretty cut and dry.