Bài giảng Network+ Certification - Chapter 8, TCP/IP Fundamentals

Chapter 8, TCP/IP Fundamentals |1| Chapter Overview A. TCP/IP Protocols B. IP Addressing Chapter 8, Lesson 1 TCP/IP Protocols |2| 1. TCP/IP History A. Developed in the 1970s B. Created for use on the ARPANET, progenitor of the Internet C. Used by UNIX since the inception of the UNIX operating system D. TCP/IP predates the PC, the Open Systems Interconnection (OSI) model, and Ethernet. E. Designed to be platform and operating system independent |3| F. TCP/IP standards 1. Created with a collaborative development process 2. Published as Requests for Comments (RFCs) by the Internet Engineering Task Force (IETF) 3. In the public domain 2. TCP/IP Layers A. TCP/IP has its own system of layers that predates the OSI model. |4| B. Advantages of a multilayered design, versus a single monolithic protocol: 1. Platform independence a. Separate protocols make it easier to support a variety of computing platforms. b. Creating or modifying protocols to support new physical layer standards or networking application programming interfaces (APIs) does not require modification of the entire protocol stack. 2. Quality of service a. Having multiple protocols operating at the same layer makes it possible for applications to select the protocol that provides only the level of service required. 3. Simultaneous development a. Because the stack is split into layers, the development of the various protocols can proceed simultaneously, using personnel who are uniquely qualified in the operations of the particular layers. |5| C. The four TCP/IP layers 1. Link a. Comparable to the data-link layer in the OSI model b. Most data-link layer protocols used on local area networks (LANs) (such as Ethernet and Token Ring) are not part of the TCP/IP suite. 2 Outline, Chapter 8 Network+ Certification, Second Edition c. SLIP and PPP are TCP/IP link layer protocols, used on wide area networks (WANs). d. ARP functions partially at the link layer. 2. Internet a. Equivalent to the network layer in the OSI model b. Includes IP, ICMP, and Internet Group Membership Protocol (IGMP), plus some dynamic routing protocols 3. Transport a. Equivalent to the transport layer in the OSI model b. Includes TCP and UDP 4. Application a. Comparable to the session, presentation, and application layers in the OSI model b. Includes many protocols, such as Hypertext Transfer Protocol (HTTP) and File Transfer Protocol (FTP) |6| Instructor Note Use Slide 6 to compare the four layers of the TCP/IP model to the seven layers of the OSI model. |7| 3. SLIP and PPP A. Link layer protocols used for WAN communications B. Comparable in basic function to data-link layer protocols such as Ethernet and Token Ring, but not designed for use on LANs 4. ARP |8| A. ARP characteristics 1. ARP is the acronym for Address Resolution Protocol. 2. Defined in RFC 826, “Ethernet Address Resolution Protocol” 3. Can be considered a link layer protocol or an internet layer protocol a. Provides a service to IP, which indicates the link layer b. ARP messages are carried directly inside data-link layer frames (not in IP datagrams), which indicates the internet layer. B. ARP functions 1. At the network layer and above, the TCP/IP protocols use IP addresses to identify computers. 2. To transmit IP data to a computer on the LAN, IP must supply the destination computer’s hardware (or Media Access Control [MAC]) address to the link (or data-link) layer protocol. 3. IP generates and broadcasts ARP messages to resolve IP addresses into hardware addresses. |9| C. The ARP address resolution process 1. IP packages transport layer information into a datagram by inserting the IP address of the destination system into the Destination IP Address field of the IP header. 2. IP compares the network identifier in the destination IP address to its own network identifier and determines whether to send the datagram directly to the destination host or to a router on the local network. Outline, Chapter 8 3 Network+ Certification, Second Edition 3. IP generates an ARP Request packet containing its own hardware address and IP address in the Sender Hardware Address and Sender Protocol Address fields. a. The Target Protocol Address field contains the IP address of the datagram’s next destination (host or router), as determined in step 2. b. The Target Hardware Address Field is left blank. 4. The system passes the ARP Request message down to the data-link layer protocol, which encapsulates it in a frame, and transmits it as a broadcast to the entire local network. |10| 5. The systems on the LAN receive the ARP Request message and read the contents of the Target Protocol Address field. a. If the Target Protocol Address value does not match the system’s own IP address, the system silently discards the message and takes no further action. 6. If the system receiving the ARP Request message recognizes its own IP address in the Target Protocol Address field, it generates an ARP Reply message. a. The system copies the two sender address values from the ARP Request message into the respective target address values in the ARP Reply and copies the Target Protocol Address value from the request into the Sender Protocol Address field in the reply. b. The system then inserts its own hardware address into the Sender Hardware Address field. 7. The system transmits the ARP Reply message as a unicast message back to the computer that generated the request, using the hardware address in the Target Hardware Address field. 8. The system that originally generated the ARP Request message receives the ARP Reply and uses the newly supplied value in the Sender Hardware Address field to a. Encapsulate the datagram in a data-link layer frame b. Transmit it to the desired destination as a unicast message |11| D. The ARP message format 1. Hardware Type (2 bytes). Identifies the type of hardware addresses in the Sender Hardware Address and Target Hardware Address fields a. For Ethernet and Token Ring networks, the value is 1. 2. Protocol Type (2 bytes). Identifies the type of addresses in the Sender Protocol Address and Target Protocol Address fields a. The hexadecimal value for IP addresses is 0800 (the same as the Ethertype code for IP). 3. Hardware Size (1 byte). Specifies the size of the addresses in the Sender Hardware Address and Target Hardware Address fields, in bytes a. For Ethernet and Token Ring networks, the value is 6. 4. Protocol Size (1 byte). Specifies the size of the addresses in the Sender Protocol Address and Target Protocol Address fields, in bytes a. For IP addresses, the value is 4. 4 Outline, Chapter 8 Network+ Certification, Second Edition 5. Opcode (2 bytes). Specifies the function of the packet: ARP Request, ARP Reply, RARP Request, or RARP Reply 6. Sender Hardware Address (6 bytes). Contains the hardware address of the system generating the message 7. Sender Protocol Address (4 bytes). Contains the IP address of the system generating the message 8. Target Hardware Address (6 bytes). Contains the hardware address of the system for which the message is destined a. In ARP Request messages, this field is left blank. 9. Target Protocol Address (4 bytes). Contains the IP address of the system for which the message is intended E. Reverse Address Resolution Protocol (RARP) 1. Obsolete 2. Performs the opposite function of ARP 3. Resolves hardware addresses into IP addresses 4. Was once used by diskless workstations with no stored TCP/IP configuration data F. ARP caching 1. ARP stores its address resolution information in a memory cache. 2. The cache prevents the system from having to resolve the same address for each datagram. 3. The cache limits the amount of broadcast traffic generated by ARP. 4. Windows includes a program called Arp.exe that you can use to manipulate the cache. 5. IP A. Internet layer protocol used to carry traffic generated by most other TCP/IP protocols 6. ICMP |12| A. ICMP characteristics 1. ICMP is the acronym for Internet Control Message Protocol. 2. Defined in RFC 792 3. Used to perform network administration tasks a. Delivers error messages b. Carries query and response messages 4. ICMP messages are carried in IP datagrams. |13| B. ICMP message format 1. Type (1 byte). Contains a code that specifies the basic function of the message 2. Code (1 byte). Contains a code that indicates the specific function of the message 3. Checksum (2 bytes). Contains a checksum computed on the entire ICMP message that is used for error detection 4. Data (variable). May contain information related to the specific function of the message Outline, Chapter 8 5 Network+ Certification, Second Edition C. ICMP error messages 1. ICMP returns error messages generated by intermediate or end systems. 2. The error reporting capabilities of IP, TCP, and UDP are limited. a. Connectionless protocols like IP and UDP cannot return acknowledgments to the sender. b. TCP acknowledgments can only be generated by the destination end system. c. With TCP, ICMP enables an intermediate system (router) to return error messages to the source when it has a problem processing a packet. d. With IP or UDP, ICMP enables the destination end system to return an error message to the source. 3. In an ICMP error message, the Data field contains a. The entire 20-byte IP header of the datagram that caused the problem, plus b. The first 8 bytes of the datagram’s own Data field |14| D. The ICMP error message types are Destination Unreachable, Source Quench, Redirect, and Time Exceeded. 1. Destination Unreachable messages a. Used when an intermediate or end system attempts to forward a packet to an inaccessible resource b. The various codes for this message type specify the type of resource that is unreachable. 2. Source Quench messages a. Provide a rudimentary form of flow control b. When an intermediate system has a full buffer, it sends Source Quench messages to the source system, which instructs it to slow down its transmission rate. c. The source gradually increases its transmission rate when the Source Quench messages stop. 3. Redirect messages a. Routers generate Redirect messages to inform a system that there is a more efficient route to a particular destination. |15| (1) If System 1 sends a packet to Router A in an attempt to get it to System 2, Router A forwards the packet to Router B, but (2) It also transmits an ICMP Redirect message back to System 1, informing it that it can send packets destined for System 2 directly to Router B. b. Includes a 4-byte Gateway Internet Address field that contains the IP address of the router that the source system should use to reach the destination 4. Time Exceeded messages a. Used to inform the source system that the Time To Live value in the IP header has reached 0 and the packet was discarded 6 Outline, Chapter 8 Network+ Certification, Second Edition b. Another form of Time Exceeded message informs the source system that all of the fragments of a datagram have not arrived in a timely manner. E. ICMP query message characteristics 1. Not sent in reaction to an outside process, as error messages are 2. Often generated by programs such as Ping 3. Do not carry IP header information in their Data fields |16| F. ICMP query message types 1. Echo Request and Echo Reply messages a. Diagnostic messages used to test TCP/IP connectivity b. Used by Ping and Traceroute c. Contain 2-byte Identifier and 2-byte Sequence Number subfields in the Data field, to associate requests with reply messages d. Request messages contain padding in the data field, which the destination system duplicates in the reply message. 2. Router Solicitation and Router Advertisement messages a. Enable a TCP/IP system to discover the address of a default gateway on the local network b. Use the following process: (1) A workstation broadcasts a Router Solicitation message to the local network. (2) The routers on the network respond with unicast Router Advertisement messages containing the router’s IP address. (3) The workstation uses the information in the replies to configure the default gateway entry in its routing table. |17| 7. TCP and UDP A. Transport layer protocols providing connection-oriented and connectionless service for application layer processes 8. Application Layer Protocols A. Provide communications between client and server services on different computers 1. Not involved in network communication issues B. Use various combinations of protocols at the lower layers to achieve the level of service required |18| C. Commonly used application layer protocols 1. Hypertext Transfer Protocol (HTTP). The protocol used by Web clients and servers to exchange file requests and files a. Uses the following process: (1) A client browser opens a TCP connection to a server and requests a particular file. (2) The server replies by sending the requested file, which the browser displays as a home page. b. HTTP messages also contain a variety of fields containing information about the communicating systems. Outline, Chapter 8 7 Network+ Certification, Second Edition 2. Secure Hypertext Transfer Protocol (S-HTTP or HTTPS). A security protocol that works with HTTP to provide user authentication and data encryption services to Web client/server transactions 3. File Transfer Protocol (FTP). A protocol used to transfer files between TCP/IP systems a. An FTP client can browse through the directory structure of a connected server and select files to download or upload. b. FTP is unique in that it uses two separate ports for its communications. (1) When an FTP client connects to a server, it uses TCP port 21 to establish a control connection. (2) When the user initiates a file download, the program opens a second connection using port 20 for the data transfer. This data connection is closed when the file transfer is complete, but the control connection remains open until the client terminates it. c. FTP is also unusual because on most TCP/IP systems, it is a self- contained application rather than a protocol used by other applications. 4. Trivial File Transfer Protocol (TFTP). A minimalized, low-overhead version of FTP that can transfer files across a network a. Uses the UDP protocol instead of TCP b. Does not include FTP’s authentication and user interface features c. Originally designed for use on diskless workstations that had to download an executable system file from a network server to boot 5. Simple Mail Transport Protocol (SMTP). The protocol that e-mail servers use to transmit messages to each other across a network 6. Post Office Protocol 3 (POP3). One of the protocols that e-mail clients use to retrieve their messages from an e-mail server 7. Internet Mail Access Protocol 4 (IMAP4). An e-mail protocol that clients use to access mail messages on a server. a. Expands on the capabilities of POP3 by adding services such as the ability to store mail in individual folders created by the user on the server, rather than downloading it to an e-mail client 8. Network Time Protocol (NTP). A protocol that allows computers to synchronize their clocks with other computers on the network by exchanging time signals 9. Domain Name System (DNS). TCP/IP systems use DNS to resolve Internet host names to IP addresses. 10. Dynamic Host Configuration Protocol (DHCP). A protocol that workstations use to request TCP/IP configuration parameter settings from a server 11. Simple Network Management Protocol (SNMP). A network management protocol used by network administrators to gather information about various network components. a. Remote programs called agents use SNMP messages to gather information and transmit it to a central network management console. 8 Outline, Chapter 8 Network+ Certification, Second Edition 12. Telnet. A command-line terminal emulation program that lets a user log in to a remote computer on the network and execute commands there Chapter 8, Lesson 2 IP Addressing |19| 1. IP Address Characteristics A. An IP address is a 32-bit value that contains a network identifier and a host identifier. B. An IP address is expressed in dotted decimal notation. 1. Each IP address contains four decimal numbers ranging from 0 to 255, separated by periods. 2. Each decimal number represents 8 binary bits. 3. Each of the four decimal numbers is called an octet, a quad, or a byte. C. IP addresses are assigned to network interface adapters, not computers. 1. A system with two network interface adapters (such as a router) has two IP addresses. |20| 2. IP Address Assignments A. Every network interface adapter on a network must have 1. The same network identifier as the others on the network 2. A unique host identifier B. On the Internet, network identifiers are assigned by the Internet Assigned Numbers Authority (IANA). 1. Although the IANA has the ultimate responsibility for assigning network identifiers, you typically obtain network addresses from an Internet service provider (ISP). C. Network administrators are responsible for assigning host identifiers to the network interface adapters on the network. 3. IP Address Classes A. The division between the network identifier and the host identifier is not always in the same place. |21| B. The IANA defines three IP address classes that support networks of different sizes: Class A, Class B, and Class C. 1. The first bit values for each class are the binary values for the first few bits of the first octet. |22, 23| 2. The first bit values determine the possible first byte values. a. Example: the first byte of a Class A address must have a binary value in the range 00000001 to 01111111, which in decimal form is the range 1 to 127. 3. The number of bits allotted to the network and host identifiers determines a. How many networks of that class there can be b. How many hosts can be in a network of each class Outline, Chapter 8 9 Network+ Certification, Second Edition |24| C. IP addressing rules 1. All the bits in the network identifier cannot be set to zeros. 2. All the bits in the network identifier cannot be set to ones. 3. All the bits in the host identifier cannot be set to zeros. 4. All the bits in the host identifier cannot be set to ones. 5. These rules explain why there are only 254 hosts in a Class C network, not 256 (28). 4. Subnet Masking A. A subnet is a subdivision of a network address that can be used to represent one LAN on an internetwork or the network of one of an ISP's clients. |25| B. What is a subnet mask? 1. A subnet mask is a 32-bit binary number that indicates which bits of an IP address identify the network and which bits identify the host. 2. The 1 bits are the network identifier bits and the 0 bits are the host identifier bits. 3. Typically expressed in dotted decimal notation 4. Example: the Class A subnet mask is 255.0.0.0, which in binary form is 11111111 00000000 00000000 00000000. |26| C. Subnet masks for IP address classes 1. Class A: 255.0.0.0 2. Class B: 255.255.0.0 3. Class C: 255.255.255.0 D. Why are subnet masks needed? 1. Under normal conditions, you can tell the class of an IP address from its first few bits (in binary) or the value of its first octet (in decimal). a. If you know the class, you know which bits are the network address and which are the host address. 2. Subnet masks are needed when you divide a network into multiple subnets. |27| E. Creating subnets 1. Creating a subnet is a process of borrowing bits from the host identifier and using them as a subnet identifier. |28| a. Example: a Class B address (with a subnet mask of 255.255.0.0) has 16 network bits and 16 host bits. (1) By borrowing 4 bits from the host address, you change the mask to 255.255.255.0. (2) The third octet becomes the subnet identifier, and you can create up to 254 subnets of 254 hosts each. b. An IP address of 131.24.67.98 would therefore indicate that (1) The network is using the Class B address 131.24.0.0, and (2) The interface is host number 98 on subnet 67. 10 Outline, Chapter 8 Network+ Certification, Second Edition c. To compute the IP addresses, you begin with the binary value of the network address, increment the subnet identifier and the host identifier separately, and then convert the address to a decimal. 2. The boundary between the network identifier and the host identifier does not have to fall in between two bytes. a. You can use any number of bits for a subnet identifier. b. When the boundary does not fall between two bytes, calculating the subnet mask is more difficult. c. Example: borrowing 4 bits from the fourth byte of a Class C address leaves you with a binary subnet mask of 11111111 11111111 11111111 11110000, or in decimal form, 255.255.255.240. 3. The Windows Calculator, in scientific mode, can convert numbers between binary values and decimal values. 4. The IP Subnet Calculator is a freeware utility available at www.wildpackets.com/products/ipsubnetcalculator/ that simplifies the process of calculating subnet masks and IP addresses. 5. Registered and Unregistered Addresses A. Registered addresses are IP addresses with a network identifier obtained from the IANA or an ISP. B. Registered addresses are required for computers that are accessible from the Internet. C. Computers on a network behind a firewall use other techniques to access the Internet and do not need registered addresses. D. Unregistered addresses 1. The IANA has allotted a range of addresses in each class for use on private (unregistered) networks. |29| 2. Private network addresses a. Class A uses network addresses 10.0.0.0 through 10.255.255.255. b. Class B uses network addresses 172.16.0.0 through 172.31.255.255. c. Class C uses network addresses 192.168.0.0 through 192.168.255.255. 3. Private network addresses are not registered to anyone and are inaccessible from the Internet. |30| 6. IPv6 Addressing A. IPv6 is a revised IP addressing system currently in development. B. Expands the address space from 32 to 128 bits C. Designed to prevent the depletion of IP addresses D. An IPv6 address appears as follows: XX:XX:XX:XX:XX:XX:XX:XX, where each X is a single byte, in hexadecimal form. E. IPv6 unicast addresses have six sections: 1. Format prefix. Specifies the type of address, such as provider-based unicast or multicast a. A new type of address called an anycast causes a message to be sent to only one of a specified group of interfaces. Outline, Chapter 8 11 Network+ Certification, Second Edition 2. Registry ID. Identifies the Internet address registry that assigned the Provider ID 3. Provider ID. Identifies the ISP that assigned this portion of the address space to a particular subscriber 4. Subscriber ID. Identifies a particular subscriber to the service provided by the ISP specified in the Provider ID field 5. Subnet ID. Identifies all or part of a specific physical link on the subscriber’s network a. Subscribers can create as many subnets as needed. 6. Interface ID. Identifies a particular network interface on the subnet specified in the Subnet ID field |31| Chapter Summary A. TCP/IP protocols 1. The TCP/IP protocols were developed for use on the fledgling Internet and are designed to support systems that use any computing platform or operating system. 2. The TCP/IP protocol stack consists of four layers: link, internet, transport, and application. 3. The ARP protocol is used by IP to resolve IP addresses into the hardware addresses needed for data-link layer protocol communications. 4. The ICMP protocol performs numerous functions at the internet layer, including reporting errors and querying systems for information. 5. Application layer protocols are not involved in the data transfer processes performed by the lower layers, but instead they enable specific programs and services running on TCP/IP computers to exchange messages. |32| B. IP addressing 1. IP addresses are 32 bits long and consist of a network identifier and a host identifier, expressed as four decimal numbers separated by periods. 2. Every network interface adapter on a TCP/IP network must have a unique IP address. 3. The IANA assigns IP network addresses in three classes, and network administrators assign the host addresses to each individual system. 4. The subnet mask specifies which bits of an IP address identify the network and which bits identify the host. 5. Modifying the subnet mask for an address in a particular class lets you create subnets by “borrowing” some of the host bits to create a subnet identifier.