Identify the RFC for each protocol, by RFC number: RFC 791 Internet Protocol
RFC 793 Transmission Control Protocol
Ques What two basic functions does IP implement
Ans The two basic function are :
name indicates what we seek. An address indicates where it is. A
route indicates how to get there. The internet protocol deals
primarily with addresses. It is the task of higher level (i.e.,
host-to-host or application) protocols to make the mapping from
names to addresses. The internet module maps internet addresses to
local net addresses. It is the task of lower level (i.e., local net
or gateways) procedures to make the mapping from local net addresses
Fragmentation of an internet datagram is necessary when it
originates in a local net that allows a large packet size and must
traverse a local net that limits packets to a smaller size to reach
An internet datagram can be marked “don’t fragment.” Any internet
datagram so marked is not to be internet fragmented under any
circumstances. If internet datagram marked don’t fragment cannot be
delivered to its destination without fragmenting it, it is to be
Fragmentation, transmission and reassembly across a local network
which is invisible to the internet protocol module is called
intranet fragmentation and may be used
Ques What four key mechanisms does IP use to provide its service?
Ans The internet protocol uses four key mechanisms in providing its
Type Of Service :
- Type of Service
- Time to Live
- Header Checksum.
The Type of Service is used to indicate the quality of the service
desired. The type of service is an abstract or generalized set of
parameters which characterize the service choices provided in the
networks that make up the internet. This type of service indication
is to be used by gateways to select the actual transmission parameters
for a particular network, the network to be used for the next hop, or
the next gateway when routing an internet datagram.
Time to Live :
The Time to Live is an indication of an upper bound on the lifetime of
an internet datagram. It is set by the sender of the datagram and
reduced at the points along the route where it is processed. If the
time to live reaches zero before the internet datagram reaches its
destination, the internet datagram is destroyed. The time to live can
be thought of as a self destruct time limit.
The Options provide for control functions needed or useful in some
situations but unnecessary for the most common communications. The
options include provisions for timestamps, security, and special
Header CheckSum :
The Header Checksum provides a verification that the information used
in processing internet datagram has been transmitted correctly. The
data may contain errors. If the header checksum fails, the internet
datagram is discarded at once by the entity which detects the error.
Ques Via what protocol does IP communicate errors?
Ans Internet Control Message Protocol is used to transmit error.
When a datagram arrives at the internet protocol module from the local
network, either there is a pending RECV call from the user addressed
or there is not. In the first case, the pending call is satisfied by
passing the information from the datagram to the user. In the second
case, the user addressed is notified of a pending datagram. If the
user addressed does not exist, an ICMP error message is returned to
the sender, and the data is discarded.
Ques In the IP header, what is the Identification field used for?
Ans The identification field is used to distinguish the fragments of one
datagram from those of another. The originating protocol module of
an internet datagram sets the identification field to a value that
must be unique for that source-destination pair and protocol for the
time the datagram will be active in the internet system. The
originating protocol module of a complete datagram sets the
more-fragments flag to zero and the fragment offset to zero.
Ques A number of bits within the IP header are designated reserved or optional; why would these be important in network security?
Ans Protocol Version(4 bits) : This is the first field in the protocol header. This field occupies 4 bits. This signifies the current IP protocol version being used. Most common version of IP protocol being used is version 4 while version 6 is out in market and fast gaining popularity.
Header Length(4 bits) : This field provides the length of the IP header. The length of the header is represented in 32 bit words. This length also includes IP options (if any). Since this field is of 4 bits so the maximum header length allowed is 60 bytes. Usually when no options are present then the value of this field is 5. Here 5 means five 32 bit words ie 5 *4 = 20 bytes.
Type of service(8 bits) : The first three bits of this field are known as precedence bits and are ignored as of today. The next 4 bits represent type of service and the last bit is left unused. The 4 bits that represent TOS are : minimize delay, maximize throughput, maximize reliability and minimize monetary cost.
Total length(16 bits): This represents the total IP datagram length in bytes. Since the header length (described above) gives the length of header and this field gives total length so the length of data and its starting point can easily be calculated using these two fields. Since this is a 16 bit field and it represents length of IP datagram so the maximum size of IP datagram can be 65535 bytes. When IP fragmentation takes place over the network then value of this field also changes. There are cases when IP datagrams are very small in length but some data links like ethernet pad these small frames to be of a minimum length ie 46 bytes. So to know the exact length of IP header in case of ethernet padding this field comes in handy.
Identification(16 bits): This field is used for uniquely identifying the IP datagrams. This value is incremented every-time an IP datagram is sent from source to the destination. This field comes in handy while reassembly of fragmented IP data grams.
Flags(3 bits): This field comprises of three bits. While the first bit is kept reserved as of now, the next two bits have their own importance. The second bit represents the ‘Don’t Fragment’ bit. When this bit is set then IP datagram is never fragmented, rather its thrown away if a requirement for fragment arises. The third bit represents the ‘More Fragment’ bit. If this bit is set then it represents a fragmented IP datagram that has more fragments after it. In case of last fragment of an IP datagram this bit is not set signifying that this is the last fragment of a particular IP datagram.
Fragment offset(13 bits): In case of fragmented IP data grams, this field contains the offset( in terms of 8 bytes units) from the start of IP datagram. So again, this field is used in reassembly of fragmented IP datagrams.
Time to live(8 bits) : This value represents number of hops that the IP datagram will go through before being discarded. The value of this field in the beginning is set to be around 32 or 64 (lets say) but at every hop over the network this field is decremented by one. When this field becomes zero, the data gram is discarded. So, we see that this field literally means the effective lifetime for a datagram on network.
Protocol(8 bits) : This field represents the transport layer protocol that handed over data to IP layer. This field comes in handy when the data is demultiplex-ed at the destination as in that case IP would need to know which protocol to hand over the data to.
Header Checksum(16 bits) : This fields represents a value that is calculated using an algorithm covering all the fields in header (assuming this very field to be zero). This value is calculated and stored in header when IP data gram is sent from source to destination and at the destination side this checksum is again calculated and verified against the checksum present in header. If the value is same then the datagram was not corrupted else its assumed that data gram was received corrupted. So this field is used to check the integrity of an IP datagram.
Source and destination IP(32 bits each) : These fields store the source and destination address respectively. Since size of these fields is 32 bits each so an IP address os maximum length of 32 bits can be used. So we see that this limits the number of IP addresses that can be used. To counter this problem, IP V6 has been introduced which increases this capacity.
Options(Variable length) : This field represents a list of options that are active for a particular IP datagram. This is an optional field that could be or could not be present. If any option is present in the header then the first byte is represented as follows :
|copy flag||option class||option num|
In the description above, the ‘copy flag’ means that copy this option to all the fragments in case this IP datagram gets fragmented. The ‘option class’ represents the following values : 0 -> control, 1-> reserved, 2 -> debugging and measurement, and 3 -> reserved. Some of the options are given below :
|0||0||–||end of option list|
|0||3||var.||loose source routing|
|0||9||var.||strict source routing|
|2||4||var.||INTERNET time stamp|
Data: This field contains the data from the protocol layer that has handed over the data to IP layer. Generally this data field contains the header and data of the transport layer protocols. Please note that each TCP/IP layer protocol attaches its own header at the beginning of the data it receives from other layers in case of source host and in case of destination host each protocol strips its own header and sends the rest of the data to the next layer.
Ques What is the difference between a socket and a connection?
Ans Socket connection implies two peer connected with each other,Protocol can be TCP or UDP.So connection does not specify type of connection.it is generic term for connection.
When you say TCP connection it implies two nodes are connected using TCP protocol.
Ques Name five of the six calls the TCP interface provides (to applications)
Ans a ) Basic Data Transfer:
The TCP is able to transfer a continuous stream of octets in each
direction between its users by packaging some number of octets into
segments for transmission through the internet system. In general,
the TCPs decide when to block and forward data at their own
Sometimes users need to be sure that all the data they have
submitted to the TCP has been transmitted. For this purpose a push
function is defined. To assure that data submitted to a TCP is
actually transmitted the sending user indicates that it should be
pushed through to the receiving user. A push causes the TCPs to
promptly forward and deliver data up to that point to the receiver.
The exact push point might not be visible to the receiving user and
the push function does not supply a record boundary marker.
The TCP must recover from data that is damaged, lost, duplicated, or
delivered out of order by the internet communication system. This
is achieved by assigning a sequence number to each octet
transmitted, and requiring a positive acknowledgment (ACK) from the
receiving TCP. If the ACK is not received within a timeout
interval, the data is retransmitted. At the receiver, the sequence
numbers are used to correctly order segments that may be received
out of order and to eliminate duplicates. Damage is handled by
adding a checksum to each segment transmitted, checking it at the
receiver, and discarding damaged segments.
c) Flow Control:
TCP provides a means for the receiver to govern the amount of data
sent by the sender. This is achieved by returning a “window” with
every ACK indicating a range of acceptable sequence numbers beyond
the last segment successfully received. The window indicates an
allowed number of octets that the sender may transmit before
receiving further permission.
To allow for many processes within a single Host to use TCP
communication facilities simultaneously, the TCP provides a set of
addresses or ports within each host. Concatenated with the network
and host addresses from the internet communication layer, this forms
a socket. A pair of sockets uniquely identifies each connection.
That is, a socket may be simultaneously used in multiple connections.
The reliability and flow control mechanisms described above require
that TCPs initialize and maintain certain status information for
each data stream. The combination of this information, including
sockets, sequence numbers, and window sizes, is called a connection.
Each connection is uniquely specified by a pair of sockets
identifying its two sides.
Ques What are active and passive OPEN requests?
Processes can issue passive OPENs and wait for matching active OPENs
from other processes and be informed by the TCP when connections have
been established. Two processes which issue active OPENs to each
other at the same time will be correctly connected. This flexibility
is critical for the support of distributed computing in which
components act asynchronously with respect to each other.
There are two principal cases for matching the sockets in the local
passive OPENs and an foreign active OPENs. In the first case, the
local passive OPENs has fully specified the foreign socket. In this
case, the match must be exact. In the second case, the local passive
OPENs has left the foreign socket unspecified. In this case, any
foreign socket is acceptable as long as the local sockets match.
Other possibilities include partially restricted matches.
A passive OPEN request means that the process wants to accept incoming
connection requests rather than attempting to initiate a connection.
Often the process requesting a passive OPEN will accept a connection
request from any caller. In this case a foreign socket of all zeros
is used to denote an unspecified socket. Unspecified foreign sockets
are allowed only on passive OPENs.
A service process that wished to provide services for unknown other
processes would issue a passive OPEN request with an unspecified
foreign socket. Then a connection could be made with any process that
requested a connection to this local socket. It would help if this
local socket were known to be associated with this service.
Ques Describe the three-way handshake.
Ans The “three-way handshake” is the procedure used to establish a
connection. This procedure normally is initiated by one TCP and
responded to by another TCP. The procedure also works if two TCP
simultaneously initiate the procedure. When simultaneous attempt
occurs, each TCP receives a “SYN” segment which carries no
acknowledgment after it has sent a “SYN”. Of course, the arrival of
an old duplicate “SYN” segment can potentially make it appear, to the
recipient, that a simultaneous connection initiation is in progress.
Proper use of “reset” segments can disambiguate these cases.
Several examples of connection initiation follow. Although these
examples do not show connection synchronization using data-carrying
segments, this is perfectly legitimate, so long as the receiving TCP
doesn’t deliver the data to the user until it is clear the data is
valid (i.e., the data must be buffered at the receiver until the
connection reaches the ESTABLISHED state). The three-way handshake
reduces the possibility of false connections. It is the
implementation of a trade-off between memory and messages to provide
information for this checking.
The simplest three-way handshake is shown in figure 7 below. The
figures should be interpreted in the following way. Each line is
numbered for reference purposes. Right arrows (–>) indicate
departure of a TCP segment from TCP A to TCP B, or arrival of a
segment at B from A. Left arrows (<--), indicate the reverse.
Ellipsis (…) indicates a segment which is still in the network
(delayed). An “XXX” indicates a segment which is lost or rejected.
Comments appear in parentheses. TCP states represent the state AFTER
the departure or arrival of the segment (whose contents are shown in
the center of each line). Segment contents are shown in abbreviated
form, with sequence number, control flags, and ACK field. Other
fields such as window, addresses, lengths, and text have been left out
in the interest of clarity.
TCP A TCP B
1. CLOSED LISTEN
2. SYN-SENT –>
3. ESTABLISHED <--
4. ESTABLISHED –>
5. ESTABLISHED –>
Basic 3-Way Handshake for Connection Synchronization
In line 2 of figure 7, TCP A begins by sending a SYN segment
indicating that it will use sequence numbers starting with sequence
number 100. In line 3, TCP B sends a SYN and acknowledges the SYN it
received from TCP A. Note that the acknowledgment field indicates TCP
B is now expecting to hear sequence 101, acknowledging the SYN which
occupied sequence 100.
At line 4, TCP A responds with an empty segment containing an ACK for
TCP B’s SYN; and in line 5, TCP A sends some data. Note that the
sequence number of the segment in line 5 is the same as in line 4
because the ACK does not occupy sequence number space (if it did, we
would wind up ACKing ACK’s!).
Simultaneous initiation is only slightly more complex, as is shown in
figure 8. Each TCP cycles from CLOSED to SYN-SENT to SYN-RECEIVED to
TCP A TCP B
1. CLOSED CLOSED
2. SYN-SENT –>
3. SYN-RECEIVED <--
5. SYN-RECEIVED –>
6. ESTABLISHED <--
Simultaneous Connection Synchronization
The principle reason for the three-way handshake is to prevent old
duplicate connection initiations from causing confusion. To deal with
this, a special control message, reset, has been devised. If the
receiving TCP is in a non-synchronized state (i.e., SYN-SENT,
SYN-RECEIVED), it returns to LISTEN on receiving an acceptable reset.
If the TCP is in one of the synchronized states (ESTABLISHED,
FIN-WAIT-1, FIN-WAIT-2, CLOSE-WAIT, CLOSING, LAST-ACK, TIME-WAIT), it
aborts the connection and informs its user. We discuss this latter
case under “half-open” connections below.
Ques First googlenetstatand understand what it is. At a workstation, open some web pages and then at a command prompt type:
Ans Displays protocol statistics and current TCP/IP network connections.
|-a||Displays all connections and listening ports. (Server-side connections are normally not shown).|
Ques Identify the ports your machine is listening on and the state of the various connections it is holding
Ans Find the screenshot of the port and state of the connection it is holding
Click following link to download this document
UNDERSTANDING INTERNET PROTOCOLS.docx