Part I: TCP/IP
1 IP Concepts
2 Introduction to TCPdump and TCP
3Fragmentation
4ICMP
5Stimulus and Response
6DNS
Chapter 1. IP Concepts
As you read this chapter, it will become apparent that you belong in one of two categories: the beginner category or that of the seasoned veteran. The Internet Protocol (IP) is a large and potentially intimidating topic that requires a gentle introduction for uninitiated beginners so as not to overwhelm them with foreign acronyms, details, and concepts. Therefore, the purpose of this first chapter is to expose newcomers to terms, concepts, and the ever-present acronyms of IP. The suite of protocols covered here is more commonly known as Transmission Control Protocol/Internet Protocol (TCP/IP). These protocols are required to communicate between hosts on the Internet—the worldwide infrastructure of networked hosts. Indeed, communication protocols other than TCP/IP exist (for instance, AppleTalk for Apple computers). These protocols are typically found on intranets, where associated hosts talk on a private network. Most Internet communications require TCP/IP, which is the standard for global communications between hosts and networks.
Those seasoned veteran readers who dabble in TCP/IP daily might be tempted to skip this chapter. Even so, you should give it a quick skim. If you ever need to explain a concept about IP (perhaps to the individual who signs off on your pay raise or bonus, for example), you might find this chapter's approach useful. Those of you who are getting your feet wet in this area will certainly benefit from this introduction.
This is an around-the-world introduction to TCP/IP presented in a single chapter. Many of the topics discussed in this introductory chapter are covered in much greater detail and complexity in upcoming chapters; those chapters contain the core content, but you need to be able to peel away the theoretical skin to understand them. Specifically, this chapter covers the following topics:
●The TCP/IP Internet model. This section examines the foundations of communications over the Internet, specifically communications made possible by using a common model known as the TCP/IP Internet model.
●Packaging of data on the Internet. This section reviews the encapsulation of data to be sent through different legs of a journey to its destination.
●Physical and logical addresses. This section highlights the different ways to identify a computer or host on the Internet.
●TCP/IP services and ports. This section explores how hosts communicate with each other for different purposes and through different applications.
●Domain Name System. This section focuses on the importance of host names and IP number translations.
●Routing. This section explains how data is directed from the sending computer to the receiving computer.
The TCP/IP Internet Model
Computer users often want to communicate with another computer on the Internet for some purpose or another (to view a web page on a remote web server, for instance). A response from a web server can seem almost instantaneous, but a lot of processes and infrastructures actually support this seemingly trivial act behind the scenes.
Layers
Figure 1.1 shows a logical roadmap of some of the processes involved in host-to-host communications. You begin the process of downloading a web page in the box labeled "Web browser." Before your request to see a web page can get to the web server, your computer must package the request and send it through various processes and layers. Each layer represents a logical leg in the journey from the sending computer to the receiving computer. After the sending computer packages the data through the different layers, it is delivered to the receiving computer over the Internet. The receiving computer unwraps the data layer by layer. An individual layer gets the data intended for it and passes the remainder of the message to upper layers.
Figure 1.1. The TCP/IP Internet model.
Although discussed in more detail later in this chapter, it is important now to briefly look at each layer. The following four layers comprise the TCP/IP Internet model:
∙Application layer. The application layer is the topmost layer (the request for a web page in the preceding example). Software on the sending and receiving computers supports the implementation of the application (the web browser and web server, for instance).
∙Transport layer. Below the application layer lays the transport layer. This layer encompasses many aspects of how the two hosts will communicate. This transport layer is often concerned with providing reliability over other inherently unreliable layers.
Two transport layers protocols will be covered: TCP, which is referred to as a reliable protocol because mechanisms ensure data delivery, and User Datagram Protocol (UDP), which makes no promise of reliable delivery. In this example application, TCP is required because of the unacceptability of data loss.
∙Network layer. Below the transport layer is the network layer, which is responsible for moving the data from the source computer to the destination computer (the web server in this case), often one hop or leg of the journey at a time. This hop is between a computer and a router or a router and a router, but it ultimately takes the data closer in routing space to its destination.
∙Link layer. The bottom layer is the link layer, which is the component that takes care of communications from a host to the physical medium on which it resides. In this case, that component is Ethernet. This layer is concerned with receiving and sending data from the host over a specific interface to the network.
Data Flow
Look at Figure 1.1 again. In theory, the data flow activity is this: The request for a web page "descends" the sender's layers, often referred to as the TCP/IP stack. It gets directed to the destination computer and "ascends" its TCP/IP stack. The vertical arrows between layers represent the up and down flow on the same computer. The horizontal arrows between computers signify that each layer talks to its "peer" layer on the communicating host. The two computers do not directly interact with each other, per se. When the request descends the sending computer's TCP/IP stack, it is packaged in such a manner that each layer has a message for its counterpart layer, and so they appear to be talking directly.
This concept is quite important and crucial to understanding this chapter and the TCP/IP model, in general. Therefore, it is important to reiterate the poignant points and elaborate on terminology. The term TCP/IP stack is used to denote the layered structure of processing a TCP/IP request or response. A process known as encapsulation does the implementation of the layering. This means that data on the sender's host gets wrapped with identifying information to assist the receiving host in parsing the received message layer by layer. Each layer on the sending host adds its own header, and the receiving host reverses the process by examining the message, stripping it of its header, and directing it to the appropriate layer. This process is repeated for the higher layers until the data reaches the uppermost layer, which finally processes the web page request. When the response is sent back, the entire process is repeated; now the web server host packages the data to be sent, it is delivered and received,