Wednesday, April 27, 2011

TCP/IP Transmission Control Protocol/Internet Protocol

TCP/IP – Transmission Control Protocol / Internet Protocol

TCP/IP is an industry standard suite of protocols designed for local and wide area networks (LAN – WAN). It was developed by the United States Department of Defense Advanced Research Projects Agency (ARPA) in 1969 for a research sharing project called ARPANET. Their purpose in creating TCP/IP was to provide high-speed communication links. The Internet was built on the foundation of the original ARPANET project.

The TCP/IP protocol suite can be mapped directly to the seven-layer Open Systems Interconnection (OSI) model.

OSI ModelInternet Protocol Suite
Data-LinkNetwork Interface
  • Network Interface – responsible for putting frames on and pulling frames off the network wire.
  • Internet – responsible for addressing, packaging, and routing. Three protocols make up this layer:
    • IP – responsible for addressing and routing packets between networks and hosts.
    • ARP – responsible for obtaining hardware (NIC) addresses of hosts located on the same physical network.
    • ICMP – responsible for messages and reporting errors regarding the delivery of packet(s).
  • Transport – responsible for providing communications between two hosts. Two protocols make up this layer:
    • TCP
    • – provides connection-oriented, reliable communications for applications that transfer large amounts of data at one time or that requires an acknowledgement of data received.
    • UDP
    • – provides connectionless communications and does not guarantee a packet will be delivered. Applications that use UDP transfer small amounts of data at one time, and pass responsibility of the reliable delivery of packet(s) to the application.
  • Application – responsible for allowing applications to gain access to the physical network.
When an application sends data to another host on the network, a data packet is assembled by combining the output of each of the TCP/IP protocol layers. The protocol layers adds their own information to a header that is encapsulated as data by the protocol in the layer below.

When the destination host receives the packet, the corresponding layer(s) strips off the header(s) and treat the remainder of the packet as data for the protocol that is above it.

IP Addresses

Every device that communicates on a network, utilizing the TCP/IP protocol, is identified by a unique IP address. The IP address identifies a host’s location on the network, much like a street address identifies a house location. The IP address must be unique for the network that it is a member of. Just like a house address, the IP address must be unique and be created using a uniform format.

Each IP address defines the network ID and the host ID of the device. The network ID defines devices that are on the same physical network. All devices on the same physical network must have the same network ID, and this ID must be unique for the network that the device is a member of. The host ID defines the actual device on the physical network, and must be unique for the network ID the device is a member of.

Each IP address is 32 bits long and made up of four 8-bit fields, called octets. Each of the four octets is separated by a period (.). Each of the four octets represents a decimal number between 0 and 255. This format is called dotted decimal notation. The following is an example:

Binary FormatDotted Decimal Notation
10000011 01101011 00000011 00011000131.107.3.24

Each bit position of an octet has an assigned decimal value or number. If a bit is set to 0 (zero), the bit position value is 0 (zero). If a bit position is set to 1 (one), then the bit position is converted to the decimal value or number assigned to that position. All of the decimal values of the bit positions of an octet are added together to get it’s decimal value. The low-order bit of the octet represents a decimal value of 1 (one), while the high-order bit represents 128. The highest decimal value that an octet may represent is 255 – or all bit positions set to 1 (one). The following table illustrates the bit position values of an octet.

Decimal Bit Values
Binary Bit Values

Given the example above, to find the decimal number associated with this octet, we would add all of the decimal values of the bit positions that have a binary value of 1 (one) together to come up with the octet’s decimal value. So we would add 1 + 2 + 128 together, which equals 131. So this octets value is a decimal dotted notation of 131.

IP Address Classes

There are 5 classes of IP addresses, A, B, C, D, and E. These addresses have a standard range of addresses that are assigned to them, with specific network IDs and host IDs associated as the next table illustrates.

Address ClassIP AddressNetwork IDHost IDAddress RangeUse
Aw.x.y.zwx.y.z1.x.y.z – 126.x.y.zVery large networks – 191.255.y.zLarge networks – 223.255.255.zSmall networks
D224.x.y.z – 239.x.y.zIP Multicasting
E240.x.y.z – 255.x.y.zExperimental

Notice that all addresses that start with 127 are omitted, as these addresses are associated with loop back addresses and local hosts. Do not use any address that starts with 127.

IP Subnet Mask

An IP address by itself is only one half of the required information for TCP/IP addressing to work. Every IP address class has a default subnet mask associated with it. The subnet mask is what differentiates the network ID and the host ID for a given TCP/IP address. In the table above, you can see that for a given class of address, there is a network ID and a host ID associated with it. The subnet mask is what breaks the address into these different pieces. The table below illustrates the default subnet mask for the three main TCP/IP address classes.

Address ClassDefault Subnet Mask

Along with this, there are ways of supernetting, i.e., applying subnet masks that allow a specific class of addresses to be split up, providing more network addresses, and fewer host addresses, for network segmentation than does the default class subnet mask. The table below illustrates some common subnet masks for class C addresses.

Additional bitsSubnet MaskBinary Mask# of Subnets# of hosts per subnet

Using the subnet mask for a class C address, we can figure the actual network numbers and the usable host addresses. The lowest high-order bit has a value of 128 for the subnet mask. If you divide the maximum number of addresses (256) by the lowest high-order bit (128) we find that the number of networks that we end up with is 2 (256/128=2). This lowest high-order bit value also tells us the number of nodes per network (128), but we cannot use the first address in a segment as this is the physical network number, and we cannot use the last address in a segment as this is the broadcast address for the physical network number. So the actual number of usable host addresses is the lowest high-order bit (128) minus 2 (the network number and the broadcast address) or 128-2=126 usable host addresses per segment. If the IP addresses use a subnet mask of, then the network segments would have addresses – and – Since the first address of each segment is the network number, and we cannot use this, so the first usable number is the next IP address of each segment, i.e., for network 0 and for network 128. We also loose the highest IP number for use as the network broadcast address in each segment. So the last IP address that we can use is for network 0 and for network 128. This gives you 2 networks with 126 usable IP addresses for hosts or devices.

Default Gateway

If a host needs to access a resource on another host, the first step is to resolve the host name to an IP address. This can be done in numerous ways depending on the OS that you are using. Some ways are MS WINS, DNS, ARP, etc. Once the requesting host has the Name to IP resolution, it must then decide if the resource host is on the same physical network or not. This is accomplished by ANDING the requesting host’s subnet mask to its IP address. The result is the requesting host’s physical network ID where it resides. The requesting host then ANDs the resource host’s IP address with the requesting host’s subnet mask to see if the result is the same physical address ID. If the physical network ID is the same, then the requesting host sends it’s request directly to the resource host. If the physical network ID is not the same, then the requesting host will send its request to the physical network’s default gateway (router) for submission to the resource host. When the requesting host does an ANDING with the subnet mask and the IP address, the rules that are applied are: 0 AND 0 = 0, 0 AND 1 = 0, 1 AND 0 = 0, 1 AND 1 = 1. The following table illustrates ANDING an IP address to a subnet mask to get the physical network ID and the host ID.

Description BinaryDecimalDotted Notation
Host IP Address11001000.11001000.11001000.11001000200.200.200.200
Host Subnet Mask11111111.11111111.11111111.10000000255.255.255.128
ANDING Result11001000.11001000.11001000.10000000200.200.200.128
Physical Network ID11001000.11001000.11001000.10000000200.200.200.128
Host ID00000000.00000000.00000000.0100100072

Domain Names

An Internet host name, like an IP address, is divided into two distinct parts. One part identifies the domain in which the host is located and the other identifies the host, itself. The host identifier is a single word, while the domain name consists of at least two words. For example, in a common host name allotted to a web server, like, www identifies the host and the domain. Like IP addresses, Internet host names must be unique, and the responsibility for assigning and maintaining them is divided between the Internet authorities and the individual network administrators.

The multiple words of a domain name reflect the order formed by an Internet naming hierarchy. This is used to implement the DNS. A domain is a logical identifier for a collection of hosts, which may or may not be located on the same TCP/IP network. Organizations register their domain names with an Internet authority like InterNIC, just as they do their IP network addresses (but the two are completely separate). You need not register one in order to use the other.

Internet domains are hierarchical, and can be displayed in a tree diagram, much like a directory structure. At the top of the hierarchy is the root domain, which consists of a collection of root servers. Beneath the root are the top-level domains, which have been established by the Internet authorities to provide basic categories for organizations using the Internet. There are two basic principles used in the creation of the top-level domains: geographical and organizational.

Most of the world outside the U.S. uses geographical domains. Based on the X.500 directory service structure, these top-level domains use two letter codes to represent countries. The domain name uk is used for the United Kingdom, for example, and fr for France. The domain name for Germany is de, for Deutschland, because the names are abbreviations of the country's name, in its native language. There is also a us domain name, which is coming into more popular use because of the serious depletion of effective names in the com domain.

Com is an organizational name, and is the prevalent system used in the U.S. There are six organizational top-level domain names. Used by various bodies according to their primary function, they are as follows:
  • com - used by commercial organizations
  • mil - used by military organizations
  • gov - used by government agencies
  • edu - used by educational institutions
  • net - used by network support organizations, such as ISPs
  • org - used by non-profit organizations, and other uncategorizable bodies
In addition, seven new generic top-level domains (gTLDs) have been approved by the Internet Ad Hoc Committee (IAHC). Currently in the process of being assigned official registrars, they are as follows:
  • firm - used for businesses or firms
  • store - used for businesses offering goods for purchase
  • web - used for organizations emphasizing World Wide Web-related activities
  • arts - used for organizations emphasizing cultural and entertainment activities
  • rec - used for organizations emphasizing recreation/entertainment activities
  • info - used for organizations providing information services
  • nom - used for those wishing individual or personal nomenclature
The top-level domains are not registered or owned by particular organizations (but all of those below the top level are). A Company, school, or other organization registers its selected name with the authority controlling the appropriate top-level domain. They are then assigned exclusive rights to that name. Domain names must be unique. In the past, failure to create unique names resulted in conflicts between companies seeking to obtain rights to the same name. As the primary contact mechanism used by Internet clients, domain names possess a marketing value that far extends any technical considerations (particularly in the commercial arena).

Having registered a domain name, an organization can assign host names to individual systems, or they can choose to create subdomains. Like subnetting IP addresses, the responsibility of creating subdomains lies exclusively with the organization's network administrators. The owners of the domain can create subdomains for each of their branch offices, such as and—or use any organizational principle they wish, without consulting InterNIC or registering the names.

Host names are always written in the reverse order of IP addresses. The least significant word, the host identifier, comes first and each name in the domain hierarchy follows. The hierarchy culminates in the name of the top-level domain. The host identifier is also assigned by the network administrator, and must be unique within the domain (or subdomain). Systems are often named for the services they provide, such as www for web servers and ftp for FTP servers. There is no official standard that controls host naming.

IP Address for networks NOT on the Internet

There are specific IP address that have been set aside for networks that do not need to be part of the Internet. These addresses are not routable on the Internet, thus making them perfect for use by private Intranet LANs and WANs. Even though a private closed network can choose to use any IP addressing scheme that the administrators desire, it is better to be safe and use these non-routable addresses. The addresses are specified in the table below.

Address ClassIP Address Ranges
A10.0.0.0 –
B172.16.0.0 –
C192.168.0.0 –

Note that the first block is nothing but a single class A network number, while the second block is a set of 16 contiguous class B network numbers, and the third block is a set of 255 contiguous class C network numbers. The complete RFC 1597 can be found via FTP on, in the RFC directory.

Herb McBrude, MCSE - tcpIP.doc - 6/1/1998