\chapter{Fundamentals of TCP/IP} \label{cha:fundamentals-of-tcpip} {\mns \subsection{Objectives} This module is intended as an introduction to the the basic concepts of IP networking. By the end of it you should understand: \begin{itemize} \item The history and uses of various protocols \item How subnetting and netmasks work \item About interfaces \item The use of ports \end{itemize} \section{Fundamentals of TCP/IP Networking} Key concepts: \begin{itemize} \item Packets \item TCP vs UDP \item Services \item Subnetting inc /xx form \item Routing \end{itemize} \section{History} \begin{itemize} \item Developed by ARPA for university \& military research \item Robust, reliable, wide area network protocol, system-independent \item Will route traffic around network outages (if routing protocols used) \item Came into widespread use in mid-late 1970s \item Popularity hugely helped by free availability of the BSD Unix implementation \begin{quote} i.e. the pre-Linux reference platform \end{quote} \item Now the standard protocol --- the Internet based totally upon it \end{itemize} \section {Recap of basic IP Concepts --- Components} \begin{itemize} \item Properly, The Internet Protocol Suite (IP Suite) \item Usually erroneously referred to as TCP/IP \item Consists of numerous protocols \item IP is used to encapsulate: \begin{itemize} \item TCP (Transmission Control Protocol) \item UDP (User Datagram Protocol) \item ICMP (Internet Control Message Protocol) \item other routing \& management protocols \end{itemize} \end{itemize} \section {IP versions} \begin{itemize} \item Currently at Version 4 (IPV4) \begin{itemize} \item Entire Internet based on IPV4 \item Quickly running out of spare numbers \end{itemize} \item IPV6 well standardised \begin{itemize} \item Important improvements \item Currently in miniscule use \item Migration will occur eventually \item Support already in Linux \end{itemize} \end{itemize} \section{Packets} \begin{itemize} \item All data transferred in packets (datagrams) \item Each packet contains various flags \& admin information \begin{itemize} \item Source address (32 bits) \item Destination address (32 bits) \end{itemize} \item Addresses identify hosts \begin{itemize} \item Usually an interface on a host \end{itemize} \item Addresses are the basis of packet routing \item Packets can be split reassembled, differentially routed, arrive out-of-order or just get lost \item Higher-level protocols (e.g. TCP) add sequencing reliability, flow control etc. \end{itemize} \begin{center} \includegraphics{../images/fundamentals_of_TCPIP_packets} \end{center} \section{Encapsulation} \label{sec:encapsulation} \begin{itemize} \item As data sent by application to network passes through layers of TCP/IP protocol stack, headers are appended to it. \item As data received by application from network passes through layers of TCP/IP protocol stack, headers are stripped from it. \end{itemize} \begin{center} \includegraphics[width=\columnwidth]{../images/encapsulation} \end{center} \section{Internet Protocol Datagram} \label{sec:ip-headers} \begin{itemize} \item IP uses datagram packet switching \item each IP datagram has a max. length 65,535 bytes including a 60-byte header (20-byte + optional part). \item 64 bits in an IP datagram is used to represent the address of data terminals, 32 bits for the source and 32 bits for the destination. \item version now 4; soon 6 will be common \item IHL = Internet Header length = number of 32-bit words in header \item TOS = 3 bits for precedence, 4 TOS bits: delay, throughput, reliability, cost. \end{itemize} \begin{center} \includegraphics[width=\columnwidth]{../images/ipheader} \end{center} \section{TCP Header} \label{sec:tcp-header} \begin{center} \includegraphics[width=\columnwidth]{../images/tcpheader} \end{center} \section{UDP Header} \label{sec:udp-header} \begin{itemize} \item UDP is relatively simple: no ARQ \item So no need to keep track of sequence numbers, no acknowlegdment number \end{itemize} \begin{center} \includegraphics[width=0.7\columnwidth]{../images/udpheader} \end{center} \section{Addresses} \label{sec:lw_address_class} \begin{itemize} \item Addresses shown in `dotted decimal' --- break into 4 bytes \begin{itemize} \item 192.168.0.129 \end{itemize} \item Four address families \begin{itemize} \item Class A 0.x.x.x--127.x.x.x \item Class B 128.x.x.x--191.x.x.x \item Class C 192.x.x.x--223.x.x.x \item 'reserved' 224.x.x.x \end{itemize} \item Class A network 127 is special \begin{itemize} \item Refers to the current network (any network) \item Current host is {\em always} 127.0.0.1 \item {\em`loopback'} address \end{itemize} \end{itemize} \section{Addresses (continued)} \begin{itemize} \item Addresses identify: \begin{itemize} \item Network (used for routing between networks) \item Hosts on a particular network \begin{itemize} \item Class A 8 network bits, 24 host bits \item Class B 16 network bits, 16 host bits \item Class C 24 network bits, 8 host bits \end{itemize} \end{itemize} \begin{center} \includegraphics[width=\linewidth]{../images/fundamentals_of_TCPIP_address_classes} \end{center} \item In all networks, host-parts of all zeros (0) and all ones (255) are reserved \begin{itemize} \item Host-part zero refers to the network itself \item Host-part all ones is 'broadcast' address (all hosts) \end{itemize} \end{itemize} \section{Netmasks and subnetting} %% IMPROVEME: this foil needs an illustration showing addresses allowed through and blocked by the mask. Later (LW) \begin{itemize} \item Netmasks split host and network part of address \item Says which machines can be reached directly \item Example: {\myss \begin{verbatim} Netmask 255 .255 .255 .0 Binary 11111111.11111111.11111111.00000000 IP 192 .168 .0 .129 Binary 11000000.10101000.00000000.10000001 \end{verbatim}} \item To work out the network part {\myss \begin{verbatim} Netmask 11111111.11111111.11111111.00000000 IP 11000000.10101000.00000000.10000001 -------------------------------------------- Result 11000000.10101000.00000000.00000000 -------------------------------------------- 192 168 0 0 \end{verbatim}} \item To work out the host part {\myss \begin{verbatim} Netmask 11111111.11111111.11111111.00000000 IP 11000000.10101000.00000000.10000001 -------------------------------------------- Result 00000000.00000000.00000000.10000001 -------------------------------------------- 0 0 0 129 \end{verbatim}} \end{itemize} \section{CIDR: Classless Inter-Domain Routing} \begin{itemize} \item Classes A, B, C are now history. WHY? \item Class C too small, running out of class B! \item Solution: CIDR \item Specify network with two sets of numbers, e.g., \begin{itemize} \item 15/8 is the old class A network that starts with the bits 0001111. \item 128.32/16 is the old class B network 128.32.0.0 \item 192.168.0.128/25 is the 128 IP addresses from 192.168.0.128 to 192.168.0.255 \item 172.19.64/18 is the $2^{14}=16384$ addresses from 172.19.64.0 to 172.19.127.255 $14 = 32 - 18$ $172.19.64.0 \Rightarrow 1010\,1100.0001\,0011.0100\,0000.0000\,0000$ The netmask has 18 bits that are `1' (255.255.192.0) This is the range of addresses allocated to the CM labs from now on. \end{itemize} \end{itemize} \section{CIDR: Classless Inter-Domain Routing---examples} {\myss %\newcolumntype{C}{>{\centering\arraybackslash}X} % set in masterfile.tex. \begin{tabularx}{\linewidth}{|>{\myss}l|C|C|C|} \hline% \textbf{Address} & \textbf{Class} & \textbf{Network no.} & \textbf{Host no.}\\ \hline% 10.2.1.1 & & &\\ \hline% 128.63.2.100 & & & \\ \hline% 201.222.5.64 & & & \\ \hline% 192.6.141.2 & & & \\ \hline% 130.113.64.16 & & & \\ \hline% 192.168.129.49/23 & & & \\ \hline% 202.4.192.60/24 & & & \\ \hline% \end{tabularx}} % \begin{itemize} % \item Sometimes see IP addresses given as: % \begin{verbatim} % 192.168.0.129/24 % \end{verbatim} % \item {\cmdn /xx} is another form of netmask. Says that the left-most {\cmdn xx} bits specify the network % \begin{itemize} % \item i.e. /24 means 24 `1s', a netmask of: % \begin{verbatim} % 11111111.11111111.11111111.00000000 % \end{verbatim} % or % \begin{verbatim} % 255.255.255.0 % \end{verbatim} % \end{itemize} % \item Was rare, but becoming more common % \item Examples: % \begin{itemize} % \item 10/8 is old class A network 10.0.0.0 % \item 192.168.5.0 is network 192.168.5 % \item 10.255.255.255 is broadcast on network 10 % \item 192.168.5.255 is broadcast on network 192.168.5 % \end{itemize} % \end{itemize} \section{Transferring Data} \begin{itemize} \item IP allows datagrams to be sent and routed between hosts \item Contains no {\em application-level} data \item Data part will be one of UDP, TCP, ICMP etc. \item TCP is `session' oriented data, used for long-lived connections \item UDP used for fire-and-forget messages \item ICMP used for control \& testing, not seen by most applications or users \item Examples: \begin{itemize} \item Email transferred using SMTP over TCP, (maybe many bytes, order important) \item Web pages use HTTP over TCP \item UDP more obscure, used for {\cmdn NFS} \item ICMP: `{\cmdn ping}' utility, used to test visibility \end{itemize} \end{itemize} \section{Hosts \& Interfaces} \begin{itemize} \item Hosts are individual computers/systems \item Each host has one or more interfaces \begin{itemize} \item Each interface is a point of connection to a network (often a NIC or modem) \end{itemize} \item Many hosts have a single interface, so the address is the host \item May have more than one interface \begin{itemize} \item Interfaces could be on different networks \item Can act as routers, forwarding packets \end{itemize} \item Each `interface' will have a single address \end{itemize} %% IMPROVEME: diagram of multi-interface PC/s and network, next time maybe ... (LW) \section{Routing} \begin{itemize} \item Hosts receive packets on one or more interfaces \item Check to see if packet is for current host \begin{itemize} \item If so, deliver to the UDP/TCP etc mechanisms \end{itemize} \item Otherwise \begin{itemize} \item If routing enabled~\footnote{Often referred to as `IP forwarding'} \begin{itemize} \item Forward packet to appropriate host \end{itemize} \item Routing based on internal routing table \item Manipulated by {\pgn route} command \begin{itemize} \item Superuser only \end{itemize} \end{itemize} \end{itemize} \begin{center} \includegraphics{../images/fundamentals_of_TCPIP_routing} \end{center} \section{Ports} \begin{itemize} \item Not enough just to deliver packets to hosts \item Deliver to correct applications on the host \begin{itemize} \item Hosts presumed to be multitasking \end{itemize} \item UDP \& TCP both include port numbers \begin{itemize} \item 16 bit numbers (0--65535) \item Each UDP/TCP packet contains source \& destination port \item sourceport/sourceaddress \& destinationport/destinationaddress uniquely identify a conversation \end{itemize} \end{itemize} \begin{center} \includegraphics{../images/fundamentals_of_TCPIP_ports} \end{center} \section{Ports cont..} \begin{itemize} \item Many `well known' ports published for client-server applications \item See {\fn /etc/services} under Linux \begin{itemize} \item TCP/25 --- SMTP mail \item TCP/23 --- telnet (remote terminal access) \item TCP/80 --- HTTP (web protocol) \end{itemize} \item Unix-like systems reserve ports below 1024 for super-user \item Ordinary users cannot run `special' services without authorisation \item This cannot be trusted in other environments, such as Windows \end{itemize} \section{Exercises} %% IMPROVEME: These are poor, improve them, done some(LW), could probably do with some more, but this *is* introductory ... {\normalsize \begin{enumerate} \item Using {\cmdn ifconfig}, explore the interfaces available on your current system \item Discover the IP addresses of some other machines on your network and check that you can ping them all. What {\cmdn class} (A, B or C) of network are they on? \item From the man page for {\cmdn ping}, discover how to set a regular ping running every five seconds. Then investigate how you can send extra-long ping packets (try sending a ping longer than 2K bytes). \item What ports and protocols are used to run the following services? \begin{itemize} \item Telnet \item SMTP \item Printer \item Talk \end{itemize} \item What happens if you {\cmdn telnet} to various ports? (Try 25 or 110) \item Use this fact to discover what mail system your machine runs, and see if it runs a webserver (Port 80) \end{enumerate} \section{Solutions} \begin{enumerate} \item {\pgn ifconfig} by default shows a list of the currently configured interfaces including the IP addresses and netmasks. \item {\pgn ping 10.0.0.2} will send pings to the {\cmdn 10.0.0.2} interface provided routing is set up correctly. You should be able to find out what class of network you are on from the IP address. See section~\ref{sec:lw_address_class} for details. \item To send a regular ping every 5 seconds use \begin{verbatim} $ ping -i 5 \end{verbatim} To alter the packet size you use the {\cmdn -s option} to give a size in bytes \begin{verbatim} $ ping -s 3000 \end{verbatim} \item The following values are taken from {\fn /etc/services}\\ \begin{tabular}[t]{|p{50pt}|>{\PBS\rr}p{103pt}|} \hline Port & Service \\ \hline \hline 23 & Telnet \\ 25 & SMTP \\ 515 & Printer\\ 517 & Talk\\ \hline \end{tabular} \item You should be able to talk directly to the daemon at the other end, e.g. \begin{verbatim} $ telnet localhost 110 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. +OK POP3 localhost v4.47 server ready USER lee +OK User name accepted, password please PASS ******** +OK Mailbox open, 2 messages RETR 1 +OK 332 octets Return-Path: Received: (from lee@localhost) by gbdirect.co.uk (8.8.7/8.8.7) id LAA12997 for lee@localhost; Mon, 14 Feb 2000 11:39:19 GMT Date: Mon, 14 Feb 2000 11:39:19 GMT From: Lee Message-Id: <200002141139.LAA12997@gbdirect.co.uk> To: lee@gbdirect.co.uk Subject: Test Status: RO This is a test. . QUIT +OK Sayonara Connection closed by foreign host. \end{verbatim} \item You can sometimes find out what webserver a site is using by telnetting to port 80 and requesting the headers of the main page, e.g. \begin{verbatim} $ telnet www.bbc.co.uk 80 Trying 212.58.224.31... Connected to www.bbc.net.uk. Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 302 Moved Temporarily Date: Mon, 14 Feb 2000 11:43:06 GMT Server: Apache/1.3.1 (Unix) Location: http://www.bbc.co.uk/home/today/ Connection: close Content-Type: text/html Connection closed by foreign host. \end{verbatim} \end{enumerate} } }% End of mns from beginning of module %%% Local Variables: %%% mode: latex %%% TeX-master: "planet_intermediate_0-0_masterfile" %%% End: