Networking / Beginners

TCP/IP Protocol Suite

TCP/IP is a suite of protocols that can be used to connect dissimilar brands of computers and network devices. The largest TCP/IP network is the Internet. The Internet was developed by the U.S. DOD under the auspices of the Defense Advanced Research Project Agency (DARPA) when DOD scientists were faced with the problem of linking thousands of computers running different operating systems. The Defense Advanced Research Project Agency (DARPA) is a small organization within the Pentagon, but its impact on technology in general and on data communications in particular has been huge. For all practical purposes, DARPA's programs and funding created the Internet. You can think of the TCP/IP suite as the lifeblood of the Internet. The TCP/IP suite has become widely adopted, because it is an open protocol standard that can be implemented on any platform regardless of the manufacturer. In addition, it is independent of any physical network hardware. TCP/IP can be implemented on Ethernet, X.25, and token ring, among other platforms.

Although there are different interpretations on how to describe TCP/IP within a layered model, it is generally described as being composed of fewer than the seven used in the OSI model. The TCP/IP protocol suite generally follows a four-layer architecture.

The IP portion of TCP/IP is the connectionless network layer protocol. It is sometimes called an "unreliable" protocol, meaning that IP does not establish an end-to-end connection before transmitting datagrams and that it contains no error detection and recovery code. The datagram is the packet format defined by IP. IP operates across the network and data link layers of the OSI model and relies on the TCP protocol to ensure that the data reaches its destination correctly.

The heart of the IP portion of TCP/IP is a concept called the Internet address. This is a 32-bit number assigned to every node on the network. IP addresses are written in a dotted decimal format that corresponds to the 32-bit binary address. Each octet is assigned a number between 0 and 255. An example of an IP address in dotted decimal format is 12.31.80.1. This IP address translated into a 32-bit binary number is:

00001100 00011111 01010000 00000001

An IP address is divided into two parts, a network ID and a host ID, but the format of these parts depends on the class of the address. There are three main address classes: class A, class B, and class C. The formats differ in the number of bits allocated to the network ID and host ID and are distinguished by the first three bits of the 32 bit address.

The TCP portion of TCP/IP comes into operation once a packet is delivered to the correct Internet address. In contrast to IP, which is a connectionless protocol, TCP is connectionoriented. It establishes a logical end-to-end connection between two communicating nodes or devices. TCP operates at the transport layer of the OSI model and provides a virtual circuit service between end-user applications, with reliable data transfer, which is lacking in the datagram-oriented IP.

Software packages that follow the TCP standard run on each machine, establish a connection to each other, and manage the communications exchanges. TCP provides the flow control, error detection, and sequencing of the data; looks for responses; and takes the appropriate action to replace missing data blocks.

The end-to-end connection is established through the exchange of control information. This exchange of information is called a three-way handshake. This handshake is necessary to establish the logical connection and to allow the transmission of data to begin.

In its simplest form, host A would transmit to host B the synchronize sequence number bit set. This tells host B that host A wishes to establish a connection and informs host B of the starting sequence number for host A. Host B sends back to host A an acknowledgment and confirms its starting sequence number. Host A acknowledges receipt of host B's transmission and begins the transfer of data. Later, in this tutorial, I will explain how this three-way handshake can be exploited to disrupt the operation of a system.

Another important TCP/IP protocol is the user datagram protocol (UDP). Like TCP, UDP operates at the transport layer. The major difference between TCP and UDP is that UDP is a connectionless datagram protocol. UDP gives applications direct access to a datagram delivery service-like the service IP provides. This allows applications to exchange data with a minimum of protocol overhead. Figure below illustrates the hierarchical relationship between IP and TCP/UDP and the applications that rely upon the protocols.

OSI model

The UDP protocol is best suited for applications that transmit small amounts of data, where the process of creating connections and ensuring delivery may be greater than the work of simply retransmitting the data. Another situation where UDP would be appropriate is when an application provides its own method of error checking and ensuring delivery.

[Previous] [Contents] [Next]

In this tutorial:

  1. Threats and Attacks
  2. The OSI Reference Model
  3. TCP/IP Protocol Suite
  4. Threats, Vulnerabilities, and Attacks
  5. Attacks
  6. Viruses
  7. Worm
  8. Trojan Horses
  9. Trap Doors
  10. Logic Bombs
  11. Port Scanning
  12. Spoofs
  13. Sequence Number Spoofing
  14. DNS
  15. DNS Poisoning
  16. Redirects
  17. Password Cracking
  18. Sniffing
  19. War Dialing
  20. Denial of Service
  21. Ping of Death
  22. SYN Flooding
  23. SPAM
  24. Smurf Attack