Lab 3 - The Internetwork Layers

In this lab, you will be examining the transport/network properties of a typical TCP/IP computer.  Recall that these layers act successively to ensure that application data are properly passed between the network hardware (network interface card) and the network software (network application). Most importantly, these two layers allow different types of LANs to communicate to form a much larger network commonly referred to as the Internet.

(Note: The following figure is based on the OSI model. The application layer of the Internet model used in the text includes the Application, Presentation, and Session layers of the OSI model resulting in a 5 rather than 7 layer model).

 

Think about each TCP/IP packet as a letter in the postal system. A letter will have various "carriers" including  sorting machines, aircraft, trucks, and human mail carriers. In the same way, a TCP/IP packet may be handled by a dialup connection (e.g., PPP), a high-speed backbone (e.g., SONET), and finally arrive a local area network (e.g., Ethernet) before arriving at its destination. Though we take it for granted, there has to be a way for the sender to turn the mailing address into a physical address for the letter's next stop. For example, we look at the address and determine if it should go in the local mail "mailbox" or the "out of town" mailbox (address resolution). The address information (data link) on the outside helps the each carrier determine the next place to take the letter. In a sense, the carrier really only needs to know the "address" of the next carrier rather than the actual destination (i.e, routing). At some point, the final carrier (the intended recipient), will see that the letter has his or her own address, will open the letter rather than pass it on to another carrier.

At that point, the headers "inside of the envelope" help the recipient decipher the message. If the letter is very large and requires multiple envelopes,  page numbers could be used to reassemble the message. TCP plays a similar role with network messages by numbering the pieces of the messages. Another problem is that two people can have the same address as is the case with most families. Similarly, two Web browsers will have the same data link and IP addresses so more information is needed to determine who gets what data. As long as the sender didn't address the letter to the "recipient" and every resident's name is unique we can still deliver mail to the right person. TCP provides unique numbers to applications running in the same "residence" so each can get its own letter. Unlike IP functions which are active on every computer between the sender and the receiver, TCP is only active on the sending and receiving computers (why would a mail carrier care about the recipient's first name, anyway?)

 

Network layer messages (packets)

The network layer performs two key functions: routing (determining the packet path) and addressing. The network layer address provides a transparency to allow different data link "networks" to be inter-networked (hence the name). To facilitate internetworking, most LANs have a dedicated computer (a gateway) to handle messages to and from the outside world. Gateways (or routers) exchange information to help determine the best path to use to send data. Determining the best route is a complicated process based on such factors as distance, bandwidth, and cost. To help simplify the process, a number of protocols have been developed to standardize the process including (RIP, OSPF, and BGP). 

IP addresses act a bridge between human-readable addresses and hardware-readable addresses. Changing IP addresses into data link addresses is known as address resolution protocol (ARP). At present, two varieties of IP are in use, IPv4 and the newer IPv6. There are also network messages for transmitting to multiple computers (IGMP) and sending status information (ICMP).

 

Transport layer messages (segments)

The transport layer performs three key functions: packetizing, addressing (determining which application should receive the data/response), and "session" management (negotiating and updated transmission rates to accommodate both sender and receiver).

Packetizing is necessary to ensure that the application layer messages are compatible with the data link protocol in terms of size. For example, Ethernet has a maximum data size of 1500 bytes, so sending a 3MB file will require that the file be split up into parts.

TCP addresses, in conjunction with IP addresses, allow multiple instances of the same application (e.g., two Internet Explorer Windows) to communicate properly. On the client side, the transport layer creates a new ID for each application instance (the port number) so that each application can be uniquely identified. This allows you to run an email client and a Web browser using the same IP address. On the server side, these port numbers let the server know which of its running applications is being addressed. These numbers are (somewhat) standardized. For example port 80 usually refers to a Web (http) server so that the URL http://indy.kelley.iupui.edu:80 can be shortened to just indy.kelley.iupui.edu

Finally, session management includes a number of methods of "structuring" the conversation between the sending and receiving computers. For example, if some data loss is acceptable (for instance, streaming audio), then the receiver doesn't need to waste time asking for that missing packet. In this case UDP can be used instead of TCP. The transport layer includes functions for adjusting transmission rates so that the receiving computer is not "overrun" by data during the conversation.

 

TCP/IP networking

While each network interface card (NIC) has a permanent data link layer address, each computer connected to the Internet also has a network [IP] address assigned by the network.  Network addressing is very similar to post office mail. In TCP/IP networks, 4 network "addresses" are needed for successful communications.

  1. The computer's own network [IP] address (the proper "return address" for receiving replies)
  2. The subnet mask so the computer knows whether a destination address is inside or outside of its subnet (similar to a ZIP code to determine whether to use the "local" or "out of town" mailbox).
  3. The gateway's network [IP] address for messages with destinations outside of the subnet (i.e., the location of the "out of town" mailbox)
  4. The Domain Name Server (DNS) address for looking up unknown addresses (similar to business "Yellow pages").

 

Tools

Versions of the Windows operating system include a number of tools for examining transport/network a properties and functions (Note that  some of these utilities are "command line" programs so you'll have to open a DOS window. Also, you will need to replace computer_name with the name or IP address of the computer you are trying to examine).

Configuration and Statistics

 

IP Routing

 

IP Name Resolution

 

Connection (i.e., TCP and UDP) Information

   

The network icon in the Windows Control Panel also provides useful information on the transport/network and data link layer protocols.  Network/transport protocols in use by the computer are denoted by in the network configuration tab.

.
The Windows Control Panel Network Connections Applet (Windows XP)

 

Internetwork Layer Exercises 

Configuration and Statistics

  1. Open one application from each of the following tables (FTP and WWW) and complete the following table (ipconfig). 
     
 

IP Address

Your computer  
Your subnet mask  
Your gateway  
Your DNS  

  Are these addresses fixed or obtained automatically?

 

  1. When does your IP “lease” expire?



     
  2. Which transport/network layer protocols are used by your computer? (control panel)
     


IP Routing

  1. What computers are used for packets traveling between the Ball State Web server (http://www.bsu.edu) and your computer? (tracert)


 

 

  1. Display your computer's routing table. How many unique gateways are listed? Which of these gateway addresses also appear in our configuration data (ipconfig /all)?




 

 

IP Name Resolution and Connection Information

  1. Clear your server name resolution table (ipconfig /flushdns) and check to see if the table is cleared (ipconfig /displaydns). Now open a new window for the links in the table below and complete the following table of network connections (netstat). Also, redisplay the name resolution table (ipconfig /displaydns). Why did visiting these two sites create so many connections and DNS entries?  
     
Site Source address 
(application address: port #)
Destination address (application address: port #)
Unix Systems Group (FTP)

IN.gov (HTTP)

   

 

Internetwork layer thought exercise

Since acquiring an IP address (using DHCP) takes extra time, why do many organizations choose not to use the following options:

a) fixed IP numbers on all their computers?

 

b) DHCP but using "infinite" leases?

 

First, clear both your DNS (ipconfig /flushdns) and arp (arp -d *) caches. Then visit your favorite three or four Web sites. Why are there so few entries in the ARP table (arp -a) as compared to the DNS table (netstat /displaydns) for Web sites you visited?

 

Transport/Network layer references

TCP/IP protocols reference page
IP tutorial
 
Try it out
OSI Model Online Quiz (19 Questions)
VisualRoute - A visual tool for displaying routing information your computer and their server
 
Security
A collection of tools (http://www.network-tools.com)