TCP/IP Advanced guide

In this article, we will take a look at the TCP/IP protocol stack to help us better understand how TCP/IP functions in the network. We'll look at the Department of Defense (DoD) protocol layers and the Open Systems Interconnect (OSI) model to help us better understand how the protocols and utilities function at the various layers. This is what I think to be a very easy ISO/OSI and DoD overview. But I guess that will be up to the readers.

First of all I'm going to talk about ISO/OSI.

The Open Systems Interconnect Model (OSI)

The Open Systems Interconnect (OSI) model was developed by the International Standards Organization (ISO) and helps to identify how the functions of the protocols relate to each other. By showing how the functions relate, we'll define how the parts of the protocol stack connect to permit machines to effectively communicate. As we look at the OSI model, remember it is just a model concept- we don't actually see it when two hosts work together :]. The model, however, is the standard and to communicate we must adhere to it. Basically if two computers that are have similar configuration, they will communicate. If their not, you may end up get nasty error messages, failure to initialize services, or no communication at all.
The OSI Model contains seven layers:
-Application Layer
-Presentation Layer
-Transport Layer
-Network Layer
-Datalink Layer
-Physical Layer

The chart below compares the layers of the ISO-OSI model to the layers of the DoD model. These models give us a sense of how the communication is expected to take place. Moving from the highest layers down to the wire, we see the application needs to be able to operate without being concerned about identifying all of the lower-level hardware and maintaining drivers for each device.

1. The Application Layer provides support to any end user application programming interface. This layer is responsible for working with the originated data stream and communicates them with lower levels. Examples of Applications Programming Interface (API) would be Mail API (MAPI), MS Fax API (FAPI), Telephone API (TAPI), and internet Server API (ISAPI).

2. The Presentation Layer provides platform to platform translation of syntax for the purpose of data exchange. Modification of data according to a common set of rules is done at this layer. Compression and encryption, for instance, are also done here.

3. The Sessions Layer provides for the establishment, maintenance, and recovery form failures that occur between applications. When 2 computers establish a session to share data, control of the flow and direction, and the recovery of missing and corrupt data, is the responsibility of this layer. Depending on the type of application, you might see a simplex, a half-duplex, or a full-duplex of data flow. Simplex is a one-way data flow. Half duplex is basically the same as simplex but implies that there is a duplex channel to permit full duplex if configured to do it. Full duplex provides two-way data flow. By providing appropriate checkpoint methods, the wire between both the computers can stay full of data. Only the data that does not make it properly to the other computer needs to be resent.

4. The Transport Layer guarantees the data is delivered in the right order and in a reliable manner. Here again we consider error checking and correction as a means to put the information in the right order and to make certain that the whole message is received.

5. The Network Layer provides routing between internetworks and shields the layers above from the details of the lower layers (the physical topology for example). It is at this level that we first find addressing (IP Address)

6. The Datalink Layer provides reliable transfer of data across the physical link (i.e. the LAN cable). The datalink layer functions to provide formatting, error detection, link management, and data flow control. Again we find addressing, this time at the hardware layer (Example: Hardware address of the network interface card.)

7. The Physical Layer accepts data from the datalink layer and puts in the right format for the physical medium. this layer specifies the requirements for the wire such as voltage levels, connector types, and handshake.

Department of Defense (DoD) Overview

More than one theory can be used to identify how components in the TCP/IP protocol stack connect dissimilar systems. This is how each Microsoft TCP/IP component or utility fits this model.
The DoD four-layer mode contains:
Network Interface Layer
Internet Layer
Transport (transmission) Layer
Application Layer (known earlier as process layer)

The Network Interface Layer is the lowest layer in the model. It is responsible for putting frames on and off the wire. In order to get the frames to higher levels, which is where the routing and switching take place, there must be information that permits computers to find each other on the subnetwork. This is the network address of the network card. The Network Interface Card (NIC) contains a hardware address that is mapped to and used by the higher level protocols to pass the information up and down the stack and back and forth across the wire.

TCP/IP can be used in a wide variety of LAN, WAN, and dial-up environments. Supported LAN typed include: Ethernet, Token Ring, Fiber Distributed Data Interface (FDDI), and ARCnet. Supported WAN types include serial lines and packet-switched networks such as X.25, Frame Relay, and ATM. Metropolitan Area Network (MAN) types of topologies supported using TCP/IP are the same as the previously mentioned WAN types.

Each of the LAN, MAN, WAN, and Dial-up types have different requirements for cables, signaling, data encoding, and so on. The Network Interface layer specifies is the equivilent to the Datalink and Physical layers of the OSI Model as shown up on the chart.

The Internet Layer has protocols that provide three specific serives:
1. A connectionless delivery service
2. A mechanism to break the data up into individual packets of frames on the transmitting side and to put back together on the recievers side. This is process I believe is also known as Fragmentation and Reassembly.
3. The routing functions necessary to interoperate with other networks.

Five protocols are implemented at this layer:
-The Internet Protocol (better known as IP) which addresses and routes packets
-The Address Resolution Protector (ARP) which determines the hardware address at the recieving host.
-Internet Control Message Protocol (ICMP) which sends error messages to the IP when problems crop up.
-Internet Group Management Protocol (IGMP) which informs the routers of the availability of multicast groups.

These protocols do their jobs by encapsulating internet datagrams and running all the necessary routing algorithms. (A datagram is a connectionless or one way communication--It is sent with no configuration. Just like when you send a letter to someone) The user data orriginates in one of the higher level protocols and is passed down to the internet layer. The router, then, examines the IP of the datagram to determine whether the destination is local or not (remote). If both machines are on the same network (this is called a local network), the datagram is forwarded directly to the destination of the host. If the destination is on another network (this is called a remote network), the datagram is forwarded to the default gateway (locally attached gateway--router--to remote networks).

When a network joins the Internet, the administrator must apply for and recieve a valid IP network and host the number from Internet and Information Center (InterNIC). The hosts carry out the functions mentioned here through the use of these numbers, which, when combined, is known as an IP address.

The Transport Layer has protocols that provide communications sessions between connected computers. The desired method of data delivery determines the transport protocol. The two transport protocols provided within TCP/IP are the transmission control protocols, and the User Datagram Protocol (UDP). TCP provides the virtual circuit service to make the end-to-end connection for the applications. Data Transfer is made reliable throught the use of connections and acknowledgements. The UDP provides delivery but does not use connections or acknowledgements, so it is less reliable but faster. These connectionless protocols I think are define unreliable because nothing is telling you the data was received at the right place. If that's confusing, try to think of it as a letter. You send the message but their is no way of knowing it reached it's intended recipient. A connection-oriented protocol however is kind of like making a phone call. You can tell the person on the other side received the message, and possibly understood it.

The terms "host-to-host" or transmission layer are used interchangeably with the transport layer. The Transport Layer is responsible for error detection and correction in the DoD model and is analogous to the Transport Layer in the OSI model.

In the Application Layer Microsoft implements two program interfaces at the application layer to allow the applications to utilize the services of the TCP/IP Protocol Stack. These are Windows Sockets and NetBIOS.

The windows sockets interface provide a standard API under Microsoft Windows to many transport protocols such as IPX and TCP/IP. This open standard library of function calls, data structures, and programming procedures permits Windows applications to take advantage of the TCP/IP. This will pretty much allow you to exchange data with foreign or non-NetBIOS systems.

NetBIOS provides a standard interface to protocols that support NetBIOS naming and message services, like TCP/IP and NetBEUI. NetBIOS is used in Microsoft products to permit application communication, with lower layer protocols as well. Three TCP ports provide NetBIOS support. These are port 137 which is NetBIOS Name Service, port 138 which is Datagram Service, and port 139 for session service.

Here are some TCP/IP utilities and services at the application layer:
FTP, SMTP, SNMP, and Telnet

Oh by the way, I may not have been very clear on encapsulation. it's basically the process of adding a header to the data accepted from a higher protocol. When the application originates data, or sends a request to get data , the data or request moves down the total size of the information until it reaches the wire. The individual ones and zeros are sent via the wire to the remote computer where each of the headers is opened or peeled off, I try to think of it as peeling an onion.. idk =D. Anyways... The header information is stripped off at each layer and sent upward to reach, finally, the intended application.

Created By VAX


Need to say something ? Spell it out :)