• Application services of tcp ip networks. SNMP protocol (basics)

    The TCP/IP protocol stack is the alpha and omega of the Internet, and you need to not only know, but also understand the model and operating principle of the stack.

    We figured out the classification, network standards and the OSI model. Now let's talk about the stack on which it is built world system united computer networks Internet.

    TCP/IP model

    Initially, this stack was created to combine large computers at universities according to telephone lines point-to-point communications. But when new technologies appeared, broadcast (Ethernet) and satellite, it became necessary to adapt TCP/IP, which turned out to be a difficult task. That is why, along with OSI, the TCP/IP model appeared.

    The model describes how it is necessary to build networks based on various technologies in order for the TCP/IP protocol stack to work in them.

    The table shows a comparison of OSI and TCP/IP models. The latter includes 4 levels:

    1. The lowest one, level network interfaces , provides interaction with network technologies(Ethernet, Wi-Fi, etc.). This is a combination of the functions of the OSI data link and physical layers.
    2. Internet level stands higher, and in terms of tasks has something in common with network level OSI models. It provides search optimal route, including troubleshooting network problems. It is at this level that the router operates.
    3. Transport is responsible for communication between processes on different computers, as well as for delivery of transmitted information without duplication, loss or error, in the required sequence.
    4. Applied combines 3 layers of the OSI model: session, presentation and application. That is, it performs functions such as session support, protocol and information conversion, and user-network interaction.

    Sometimes experts try to combine both models into something common. For example, below is a five-level representation of symbiosis from the authors of Computer Networks E. Tanenbaum and D. Weatherall:

    The OSI model has good theoretical development, but the protocols are not used. The TCP/IP model is different: the protocols are widely used, but the model is only suitable for describing TCP/IP-based networks.

    Don't confuse them:

    • TCP/IP is a protocol stack that forms the basis of the Internet.
    • OSI Model (Overall Reference Interconnection Model) Open Systems) is suitable for describing a wide variety of networks.

    TCP/IP protocol stack

    Let's look at each level in more detail.

    The lower level of network interfaces includes Ethernet, Wi-Fi and DSL (modem). These network technologies are not formally part of the stack, but are extremely important in the operation of the Internet as a whole.

    The main network layer protocol is IP (Internet Protocol). It is a routed protocol, part of which is network addressing (IP address). Additional protocols such as ICMP, ARRP and DHCP also work here. They keep networks running.

    At the transport level there is TCP, a protocol that provides data transfer with a delivery guarantee, and UDP, a protocol for fast data transfer, but without a guarantee.

    The application layer is HTTP (for the web), SMTP (mail transfer), DNS (assigning friendly domain names to IP addresses), FTP (file transfer). There are more protocols at the application level of the TCP/IP stack, but the ones listed can be called the most significant for consideration.

    Remember that the TCP/IP protocol stack defines the standards for communication between devices and contains internetworking and routing conventions.


    TCP/IP protocols are the basis of the global Internet. To be more precise, TCP/IP is a list or stack of protocols, and in fact, a set of rules by which information is exchanged (the packet switching model is implemented).

    In this article, we will analyze the principles of operation of the TCP/IP protocol stack and try to understand the principles of their operation.

    Note: Often, the TCP/IP abbreviation refers to the entire network operating on the basis of these two protocols, TCP and IP.

    In the model of such a network, in addition to the main protocols TCP (Transport Layer) and IP (Network Layer Protocol) includes application and network layer protocols (see photo). But let's return directly to the TCP and IP protocols.

    What are TCP/IP protocols

    TCP - Transfer Control Protocol. Transmission Control Protocol. It serves to ensure and establish a reliable connection between two devices and reliable data transfer. At the same time TCP protocol controls optimal size transmitted data packet, sending a new one if the transmission fails.

    IP - Internet Protocol. The Internet Protocol or Address Protocol is the basis of the entire data transmission architecture. The IP protocol is used to deliver network data packets over to the right address. In this case, the information is divided into packets, which independently move through the network to the desired destination.

    TCP/IP protocol formats

    IP protocol format

    There are two formats for IP protocol IP addresses.

    IPv4 format. This is 32 bit binary number. A convenient form of writing an IP address (IPv4) is as four groups of decimal numbers (from 0 to 255), separated by periods. For example: 193.178.0.1.

    IPv6 format. This is a 128-bit binary number. As a rule, IPv6 addresses are written in the form of eight groups. Each group has four hexadecimal digits separated by a colon. Example IPv6 address 2001:0db8:85a3:08d3:1319:8a2e:0370:7889.

    How TCP/IP protocols work

    If it’s convenient, think of sending data packets over the network as sending a letter by mail.

    If it’s inconvenient, imagine two computers connected by a network. Moreover, the connection network can be any, both local and global. There is no difference in the principle of data transfer. A computer on a network can also be considered a host or node.

    IP protocol

    Each computer on the network has its own unique address. On the global Internet, a computer has this address, which is called an IP address (Internet Protocol Address).

    By analogy with mail, IP address this is the house number. But the house number is not enough to receive a letter.

    Information transmitted over the network is transmitted not by the computer itself, but by applications installed on it. Such applications are mail server, web server, FTP, etc. To identify the packet of transmitted information, each application is attached to a specific port. For example: web server listens on port 80, FTP listens on port 21, SMTP mail server listens on port 25, POP3 server reads mailbox mail on port 110.

    Thus, in the address packet in the TCP/IP protocol, one more line appears in the addressees: port. Analogue with mail - the port is the apartment number of the sender and the recipient.

    Example:

    Source address:

    IP: 82.146.47.66

    Destination address:

    IP: 195.34.31.236

    It’s worth remembering: IP address + port number is called a “socket”. In the example above: from socket 82.146.47.66:2049 a packet is sent to socket 195.34.31.236:53.

    TCP protocol

    The TCP protocol is the next layer protocol after the IP protocol. This protocol is intended to control the transfer of information and its integrity.

    For example, the transmitted information is divided into separate packets. The packages will be delivered to the recipient independently. During the transmission process, one of the packets was not transmitted. The TCP protocol provides retransmissions until the recipient receives the packet.

    The TCP transport protocol hides all problems and details of data transfer from higher-level protocols (physical, channel, network IP).

    TCP/IP protocol or how the Internet works for dummies:
    The operation of the global Internet is based on a set (stack) of TCP/IP protocols - this is a simple set of well-known rules for the exchange of information.
    Have you ever observed the panic and complete helplessness of an accountant when changing the version of office software - with the slightest change in the sequence of mouse clicks required to perform familiar actions? Or have you ever seen a person fall into a stupor when changing the desktop interface? In order not to be a sucker, you need to understand the essence. The basis of information gives you the opportunity to feel confident and free - quickly solve problems, correctly formulate questions and communicate normally with technical support.

    Operating principles of TCP/IP Internet protocols are essentially simple and reminiscent of the work of the Soviet postal service:
    First you write a letter, then you put it in an envelope, seal it, back side Write the addresses of the sender and recipient on the envelope, and then take it to the nearest post office. Next, the letter passes through a chain of post offices to the nearest post office of the recipient, from where it is delivered by the postman to the specified address recipient and dropped into his mailbox (with his apartment number) or delivered personally. When the recipient of the letter wants to answer you, he will swap the addresses of the recipient and the sender in his response letter, and the letter will be sent to you along the same chain, but in the opposite direction.

    Sender's address:
    From: Ivanov Ivan Ivanovich
    From: Ivanteevka, st. Bolshaya, 8, apt. 25
    Recipient address:
    To: Petrov Petr Petrovich
    Where: Moscow, Usachevsky lane, 105, apt. 110

    Let's consider the interaction of computers and applications on the Internet, and on a local network too. The analogy with regular mail will be almost complete.
    Each computer (aka: node, host) on the Internet also has a unique address, which is called IP (Internet Pointer), for example: 195.34.32.116. An IP address consists of four decimal numbers (0 to 255) separated by a dot. But knowing only the IP address of the computer is not enough, because... Ultimately, it is not the computers themselves that exchange information, but the applications running on them. And several applications can run simultaneously on a computer (for example, a mail server, a web server, etc.). To deliver a regular paper letter, it is not enough to know only the address of the house - you also need to know the apartment number. Also, every software application has a similar number called a port number. Most server applications have standard rooms, For example: postal service bound to port number 25 (they also say: “listens” to the port, receives messages on it), the web service is bound to port 80, FTP to port 21, and so on. Thus, we have the following almost complete analogy with our usual postal address: “house address” = “computer IP”, and “apartment number” = “port number”

    Source address:
    IP: 82.146.49.55
    Port: 2049
    Recipient address (Destination address):
    IP: 195.34.32.116
    Port: 53
    Package details:
    ...
    Of course, the packages also contain service information, but this is not important for understanding the essence.

    The combination of "IP address and port number" is called a "socket".
    In our example, we send a packet from socket 82.146.49.55:2049 to socket 195.34.32.116:53, i.e. the package will go to a computer with an IP address of 195.34.32.116, to port 53. And port 53 corresponds to a name recognition server (DNS server) that will receive this packet. Knowing the sender's address, this server will be able, after processing our request, to form a response packet that will go in the opposite direction to the sender socket 82.146.49.55:2049, which for the DNS server will be the recipient socket.

    As a rule, interaction is carried out according to the “client-server” scheme: the “client” requests some information (for example, a website page), the server accepts the request, processes it and sends the result. The port numbers of server applications are well known, for example: an SMTP mail server “listens” on port 25, a POP3 server that allows reading mail from your mailboxes “listens” on port 110, a web server listens on port 80, etc. Most programs on home computer are clients - for example mail client Outlook, web browsers IE, FireFox, etc. The port numbers on the client are not fixed like those on the server, but are assigned dynamically by the operating system. Fixed server ports usually have numbers up to 1024 (but there are exceptions), and client ports start after 1024.

    IP is the address of a computer (node, host) on the network, and port is the number specific application running on this computer. However, it is difficult for a person to remember digital IP addresses - it is much more convenient to work with alphabetic names. After all, it is much easier to remember a word than a set of numbers. This is done - any digital IP address can be associated with an alphanumeric name. As a result, for example, instead of 82.146.49.55, you can use the name www.ofnet.ru. And the domain name service - DNS (Domain Name System) - is responsible for converting a domain name into a digital IP address.

    Type in the address bar of the browser domain name www.yandex.ru and click. Next, the operating system performs the following actions:
    - A request is sent (more precisely, a packet with a request) DNS server to socket 195.34.32.116:53.
    Port 53 corresponds to the DNS server, an application that resolves names. And the DNS server, having processed our request, returns the IP address that matches the entered name. The dialogue is as follows: What IP address corresponds to the name www.yandex.ru? Answer: 82.146.49.55.
    - Next, our computer establishes a connection to port 80 of the computer 82.146.49.55 and sends a request (request packet) to receive the page www.yandex.ru. Port 80 corresponds to the web server. Port 80 is not written in the address bar of the browser, because... is used by default, but it can be specified explicitly after the colon - http://www.yandex.ru:80.
    - Having received a request from us, the web server processes it and sends us a page in several packets HTML language- a text markup language that the browser understands. Our browser, having received the page, displays it. As a result, we see on the screen home page this site.

    Why do I need to know this?
    For example, did you notice strange behavior your computer - incomprehensible network activity, slowdowns, etc. What to do? Open the console (click the “Start” button - “Run” - type cmd - “Ok”). In the console, type the command netstat -an and click. This utility will display a list established connections between the sockets of our computer and the sockets of remote hosts.
    If we see some foreign IP addresses in the “External Address” column, and the 25th port after the colon, what could this mean? (Remember that port 25 corresponds to the mail server?) This means that your computer has established a connection to some mail server (servers) and is sending some letters through it. And if your email client (Outlook for example) is not running at this time, and if there are still many such connections on port 25, then probably a virus has appeared on your computer that sends spam on your behalf or forwards your numbers credit cards along with passwords to attackers.
    Also, an understanding of how the Internet works is necessary for correct settings firewall (firewall) - a program (often supplied with an antivirus) designed to filter “friend” and “enemy” packets. For example, your firewall reports that someone wants to establish a connection to some port on your computer. Allow or deny?

    All this knowledge is extremely useful when communicating with technical support - list of ports that you will have to face:
    135-139 - these ports are used by Windows to access shared computer resources - folders, printers. Do not open these ports to the outside, i.e. to the regional local network and the Internet. They should be closed with a firewall. Also, if on the local network you do not see anything in the network environment or you are not visible, then this is probably due to the fact that the firewall has blocked these ports. Thus, these ports must be open for the local network, but closed for the Internet.
    21 - FTP server port.
    25 - postal port SMTP servers. Your email client sends letters through it. The IP address of the SMTP server and its port (25th) should be specified in the settings of your mail client.
    110 - POP3 server port. Through it, your mail client picks up letters from your mailbox. The IP address of the POP3 server and its port (110th) should also be specified in the settings of your mail client.
    80 - WEB server port.
    3128, 8080 - proxy servers (configured in browser settings).

    Several special IP addresses:
    127.0.0.1 - this is localhost, address local system, i.e. local address your computer.
    0.0.0.0 - this is how all IP addresses are designated.
    192.168.xxx.xxx- addresses that can be used arbitrarily in local networks; they are not used on the global Internet. They are unique only within the local network. You can use addresses from this range at your discretion, for example, to build a home or office network.

    What's happened subnet mask and default gateway, is it a router and a router? These parameters are set in the settings network connections. Computers are connected into local networks. On a local network, computers directly “see” only each other. Local networks are connected to each other through gateways (routers, routers). The subnet mask is designed to determine whether the recipient computer belongs to the same local network or not. If the receiving computer belongs to the same network as the sending computer, then the packet is sent to it directly, otherwise the packet is sent to the default gateway, which then, using routes known to it, transmits the packet to another network, i.e. to another post office (similar to paper mail). So:
    TCP/IP- this is the name of the set network protocols. In fact, the transmitted packet goes through several layers. (Like in the post office: first you write a letter, then you put it in an addressed envelope, then the post office puts a stamp on it, etc.).
    IP protocol- This is a so-called network layer protocol. The task of this level is to deliver IP packets from the sender's computer to the recipient's computer. In addition to the data itself, packets at this level have a source IP address and a recipient IP address. Port numbers are not used at the network level. To which port = application this packet was addressed, whether this packet was delivered or was lost is unknown at this level - this is not its task, this is the task of the transport layer.
    TCP and UDP These are protocols of the so-called transport layer. The transport layer sits above the network layer. At this level, a source port and a destination port are added to the packet.
    TCP is a connection-oriented protocol with guaranteed packet delivery. First, special packets are exchanged to establish a connection, something like a handshake occurs (-Hello. -Hello. -Shall we chat? -Come on.). Further, packets are sent back and forth over this connection (a conversation is ongoing), and a check is made to see whether the packet has reached the recipient. If the packet is not received, it is sent again (“repeat, I didn’t hear”).
    UDP is a connectionless protocol with non-guaranteed packet delivery. (Like: shouted something, but whether they heard you or not - it doesn’t matter).
    Above the transport layer is the application layer. Protocols such as http, ftp, etc. operate at this level. For example HTTP and FTP- use the reliable TCP protocol, and the DNS server operates through the unreliable UDP protocol.

    How to view current connections?- using the netstat -an command (the n parameter specifies to display IP addresses instead of domain names). This command is launched as follows: “Start” - “Run” - type cmd - “Ok”. In the console that appears (black window), type the command netstat -an and click. The result will be a list of established connections between the sockets of our computer and remote nodes. For example we get:

    In this example, 0.0.0.0:135 means that our computer listens (LISTENING) to port 135 at all its IP addresses and is ready to accept connections from anyone on it (0.0.0.0:0) via the TCP protocol.
    91.76.65.216:139 - our computer listens to port 139 on its IP address 91.76.65.216.
    The third line means that the connection is now established (ESTABLISHED) between our machine (91.76.65.216:1719) and the remote one (212.58.226.20:80). Port 80 means that our machine made a request to the web server (I actually have pages open in the browser).

    (c) Free abbreviations of the article are mine.
    (c) Dubrovin Boris

    Lecture 3. TCP/IP stack. Basic TCP/IP protocols

    The TCP/IP protocol is the basic transport network protocol. The term "TCP/IP" usually refers to everything related to the TCP and IP protocols. It covers an entire family of protocols, application programs, and even the network itself. The family includes protocols UDP, ARP, ICMP, TELNET, FTP and many others.

    The TCP/IP protocol architecture is designed for an integrated network consisting of separate heterogeneous packet subnets connected to each other by gateways, to which heterogeneous machines are connected. Each of the subnetworks operates in accordance with its own specific requirements and has its own nature of communication media. However, it is assumed that each subnet can accept a packet of information (data with the appropriate network header) and deliver it to a specified address in that particular subnet. The subnet is not required to guarantee mandatory packet delivery and have a reliable end-to-end protocol. This way, two machines connected to the same subnet can exchange packets.

    The TCP/IP protocol stack has four layers (Figure 3.1).

    Figure 3.1 – TCP/IP stack

    Layer IV corresponds to the network access layer, which operates on standard physical and data link layer protocols such as Ethernet, Token Ring, SLIP, PPP and others. Protocols at this level are responsible for packet data transmission in the network at the hardware level.

    Layer III provides internetworking when transmitting data packets from one subnet to another. In this case, the IP protocol works.

    Layer II is the main one and operates based on the TCP transmission control protocol. This protocol is necessary for the reliable transmission of messages between hosted different cars application programs due to the formation of virtual connections between them.

    Level I – applied. The TCP/IP stack has been around for a long time and it includes large number protocols and services application level(transmission protocol FTP files, Telnet protocol, Gopher protocol for accessing resources of the GopherSpace world space, the most famous HTTP protocol for accessing remote hypertext databases on the World Wide Web, etc.).

    All stack protocols can be divided into two groups: data transfer protocols, which transfer useful data between two parties; service protocols required for correct operation networks.

    Service protocols necessarily use some kind of data transfer protocol. For example, the ICMP service protocol uses the IP protocol. The Internet is a collection of all connected computer networks using TCP/IP stack protocols.

    Transport layer functions. Protocols TCP, UDP.

    The fourth level of the model is designed to deliver data without errors, losses and duplication in the sequence in which they were transmitted. It does not matter what data is transmitted, from where and where, that is, it provides the transmission mechanism itself. The transport layer provides the following types of services:

    – establishing a transport connection;

    – data transfer;

    – disruption of the transport connection.

    Functions performed by the transport layer:

    – converting a transport address to a network address;

    – multiplexing transport connections into network connections;

    – establishing and breaking transport connections;

    – ordering data blocks into individual connections;

    – detection of errors and necessary control over the quality of services;

    – recovery from errors;

    – segmentation, association and concatenation;

    – data flow control over individual connections;

    – supervisory functions;

    – transmission of urgent transport data blocks.

    The TCP Transmission Control Protocol provides a reliable, connection-oriented packet delivery service.

    TCP protocol:

    – guarantees delivery of IP datagrams;

    – performs segmentation and assembly of large blocks of data sent by programs;

    – ensures delivery of data segments in the required order;

    – checks the integrity of the transmitted data using a checksum;

    – sends positive acknowledgments if data is received successfully. Using selective acknowledgments, you can also send negative acknowledgments for data that was not received;

    – Offers the preferred transport for programs that require reliable session-based data transfer, such as client-server databases and email programs.

    TCP is based on point-to-point communication between two network nodes. TCP receives data from programs and processes it as a stream of bytes. The bytes are grouped into segments, which are assigned sequential numbers by TCP to enable proper assembly of the segments at the receiving host.

    In order for two TCP nodes to communicate, they must first establish a session with each other. A TCP session is initiated using a process called three-way handshake, which synchronizes sequence numbers and transmits the control information necessary to establish a virtual connection between the nodes. Once this handshake process is completed, packet forwarding and acknowledgment begins in sequential order between these nodes. A similar process is used by TCP before terminating a connection to ensure that both nodes have finished sending and receiving data (Figure 3.2).


    Figure 3.2 – TCP segment header format

    The source port and destination port fields occupy 2 bytes and identify the sending process and the recipient process. The sequence number and acknowledgment number fields (4 bytes long) number each sent or received byte of data. Implemented as unsigned integers that are reset when they reach maximum value. Each party maintains its own serial numbering. The header length field is 4 bits long and represents the length of the TCP segment header, measured in 32-bit words. The length of the header is not fixed and can vary depending on the values ​​​​set in the parameters field. The reserve field occupies 6 bits. The flags field is 6 bits long and contains six 1-bit flags:

    – the URG (Urgent Pointer) flag is set to 1 if the pointer to urgent data field is used;

    – the ACK (Acknowledgment) flag is set to 1 if the acknowledgment number field contains data. Otherwise this field is ignored;



    – the PSH (Push) flag means that the receiving TCP stack should immediately inform the application of incoming data, rather than wait until the buffer is full;

    – the RST (Reset) flag is used to cancel a connection: due to an application error, rejection of an incorrect segment, an attempt to create a connection in the absence of the requested service;

    – the SYN (Synchronize) flag is set when initiating a connection and synchronization serial number;

    – the FIN (Finished) flag is used to terminate the connection. It indicates that the sender has finished transmitting data.

    The window size field (2 bytes long) contains the number of bytes that can be sent after a byte that has already been acknowledged. The checksum field (length 2 bytes) is used to increase reliability. It contains a checksum of the header, data, and pseudo-header. When performing calculations, the checksum field is set to zero, and the data field is padded with a zero byte if its length is an odd number. The checksum algorithm simply adds all 16-bit words into additional code, and then calculates the complement of the entire sum.

    The UDP protocol, being a datagram protocol, implements the service whenever possible, that is, it does not guarantee the delivery of its messages, and, therefore, in no way compensates for the unreliability of the IP datagram protocol. Data unit UDP protocol called a UDP packet or user datagram. Each datagram carries a separate user message. This results in a limitation: the length of a UDP datagram cannot exceed the length of the IP protocol data field, which in turn is limited by the size of the underlying technology frame. Therefore, if the UDP buffer becomes full, the application data is discarded. The UDP packet header, consisting of four 2-byte fields, contains the fields source port, destination port, UDP length and checksum (Figure 3.3).

    The source port and destination port fields identify the sending and receiving processes. The UDP length field contains the length of the UDP packet in bytes. The checksum field contains the UDP packet checksum, calculated over the entire UDP packet with the pseudo-header added.

    Figure 3.3 – UDP packet header format

    Basic literature: 2

    Further reading: 7

    Security questions:

    1. What protocol in OSI is TCP/IP?

    2. What is the purpose of the TCP/IP protocol architecture?

    3. What layers does the TCP/IP stack have?

    4. What functions does the TCP Transmission Control Protocol perform?

    5. What differences exist between the TCP and UDP protocols?

    UNIX, which contributed to the growing popularity of the protocol, as manufacturers included TCP/IP in the set software every UNIX computer. TCP/IP finds its mapping in reference model OSI, as shown in Figure 3.1.

    You can see that TCP/IP is located at layers three and four of the OSI model. The point of this is to leave the LAN technology to the developers. The purpose of TCP/IP is message transmission in local networks of any type and establishing communication using any network application.

    The TCP/IP protocol works by being associated with the OSI model at the two lowest layers - the data transfer layer and physical level. This allows TCP/IP to work well with virtually any network technology and, as a result, with any computer platform. TCP/IP includes four abstract layers, listed below.


    Rice. 3.1.

    • Network interface. Allows TCP/IP to actively interact with all modern network technologies based on the OSI model.
    • Internetwork. Defines how IP controls forwarding messages through routers of a network space such as the Internet.
    • Transport. Defines a mechanism for exchanging information between computers.
    • Applied. Specifies network applications to perform tasks such as forwarding, e-mail and others.

    Due to its widespread use, TCP/IP has become the de facto Internet standard. The computer on which it is implemented network technology, based on the OSI model (Ethernet or Token Ring), has the ability to communicate with other devices. In "Networking Fundamentals" we looked at layers 1 and 2 when discussing LAN technologies. Now we'll move on to the OSI stack and look at how a computer communicates over the Internet or private network. This section discusses the TCP/IP protocol and its configurations.

    What is TCP/IP

    The fact that computers can communicate with each other is itself a miracle. After all, these are computers from different manufacturers working with various operating systems and protocols. Without some kind of common basis, such devices would not be able to exchange information. When sent over a network, data must be in a format that is understandable to both the sending device and the receiving device.

    TCP/IP satisfies this condition through its internetworking layer. This layer directly matches the network layer of the OSI reference model and is based on a fixed message format called an IP datagram. A datagram is something like a basket in which all the information of a message is placed. For example, when you load a web page into a browser, what you see on the screen is delivered piecemeal by datagram.

    It's easy to confuse datagrams with packets. Datagram is information item, while a packet is a physical message object (created on a third or more high levels), which is actually sent on the network. Although some consider these terms interchangeable, their distinction actually matters in a specific context - not here, of course. It is important to understand that the message is broken into fragments, transmitted over the network and reassembled at the receiving device.


    The positive thing about this approach is that if a single packet is corrupted during transmission, then only that packet will need to be retransmitted, not the entire message. Another positive is that no host has to wait indefinitely for a long time until the other host has finished transmitting to send its own message.

    TCP and UDP

    When sending an IP message over a network, one of the transport protocols is used: TCP or UDP. TCP (Transmission Control Protocol) makes up the first half of the acronym TCP/IP. The User Datagram Protocol (UDP) is used instead of TCP to transport less than important messages. Both protocols are used for the correct exchange of messages in TCP/IP networks. There is one significant difference between these protocols.

    TCP is called a reliable protocol because it communicates with the recipient to verify that the message was received.

    UDP is called an unreliable protocol because it does not even attempt to contact the recipient to verify delivery.


    It is important to remember that only one protocol can be used to deliver a message. For example, when a web page is loaded, TCP controls packet delivery without any UDP intervention. On the other hand, Trivial File Transfer Protocol File Transfer Protocol, TFTP) downloads or sends messages under the control of the UDP protocol.

    The transport method used depends on the application - it could be email, HTTP, the application responsible for networking work, and so on. Developers network programs use UDP wherever possible, since this protocol reduces excess traffic. The TCP protocol makes more effort to guarantee delivery and transmits many more packets than UDP. Figure 3.2 shows the list network applications, and shows which applications use TCP and which use UDP. For example, FTP and TFTP do essentially the same thing. However, TFTP is mainly used for downloading and copying network device programs. TFTP can use UDP because if a message fails to be delivered, nothing bad happens because the message was not intended end user, but to the network administrator, whose priority level is much lower. Another example is a voice video session, in which ports for both TCP and UDP sessions can be used. Thus, a TCP session is initiated to exchange data during installation telephone communication, while himself telephone conversation transmitted via UDP. This is due to the speed of voice and video streaming. If a packet is lost, there is no point in resending it, since it will no longer match the data flow.


    Rice. 3.2.
    IP Datagram Format

    IP packets can be broken down into datagrams. The datagram format creates fields for the payload and for message transmission control data. Figure 3.3 shows the datagram diagram.

    Note. Don't be fooled by the size of the data field in a datagram. The datagram is not overloaded with additional data. The data field is actually the largest field in the datagram.


    Rice. 3.3.

    It is important to remember that IP packets can have different lengths. In "Networking Fundamentals" it was said that information packets in Ethernet networks have a size from 64 to 1400 bytes. In the Token Ring network their length is 4000 bytes, in the ATM network - 53 bytes.

    Note. The use of bytes in a datagram can be confusing, since data transfer is often associated with concepts such as megabits and gigabits per second. However, because computers prefer to work with data bytes, datagrams also use bytes.

    If you look again at the datagram format in Figure 3.3, you'll notice that the leftmost margins are a constant value. This happens because CPU A person working with packets must know where each field begins. Without standardization of these fields, the final bits will be a jumble of ones and zeros. On the right side of the datagram are packets of variable length. The purpose of the various fields in a datagram is as follows.

    • VER. The version of the IP protocol used by the station where the original message appeared. Current version IP is version 4. This field ensures concurrent existence different versions in the internetwork space.
    • HLEN. The field informs the receiving device of the length of the header so that the CPU knows where the data field begins.
    • Service type. Code that tells the router the type of packet control in terms of service level (reliability, priority, deferment, etc.).
    • Length. The total number of bytes in the packet, including header fields and data fields.
    • ID, frags and frags offset. These fields tell the router how to fragment and reassemble the packet and how to compensate for differences in frame size that may occur as the packet traverses LAN segments with different network technologies (Ethernet, FDDI, etc.).
    • TTL. An abbreviation for Time to Live is a number that decreases by one each time a packet is sent. If the lifetime becomes zero, the packet ceases to exist. TTL prevents loops and lost packets from wandering endlessly across the Internet.
    • Protocol. The transport protocol to use to transmit the packet. The most common protocol specified in this field is TCP, but other protocols may be used.
    • Header checksum. A checksum is a number that is used to verify the integrity of a message. If checksums all message packets do not match the correct value, this means that the message has been corrupted.
    • Source IP address. The 32-bit address of the host that sent the message (usually personal computer or server).
    • Destination IP address. The 32-bit address of the host to which the message was sent (usually a personal computer or server).
    • IP options. Used for network testing or other special purposes.
    • Padding. Fills all unused (empty) bit positions so that the processor can correctly determine the position of the first bit in the data field.
    • Data. The payload of the sent message. For example, the package data field may contain the text of an email.

    As mentioned earlier, the packet consists of two main components: data about message processing, located in the header, and the information itself. The information part is located in the payload sector. You can imagine this sector as the cargo compartment of a spaceship. The header is all of the shuttle's onboard computers in the control cabin. It manages all the information needed by all the different routers and computers along the message path, and is used to maintain a certain order in assembling the message from individual packets.

    Read more: