In this lab, you will be examining the transport/network properties of a typical TCP/IP computer. Recall that these layers act successively to ensure that application data are properly passed between the network hardware (network interface card) and the network software (network application). Most importantly, these two layers allow different types of LANs to communicate to form a much larger network commonly referred to as the Internet.
(Note: The following figure is based on the OSI model. The application layer of the Internet model used in the text includes the Application, Presentation, and Session layers of the OSI model resulting in a 5 rather than 7 layer model).
Think about each TCP/IP packet as a letter in the postal system. A letter will have various "carriers" including sorting machines, aircraft, trucks, and human mail carriers. In the same way, a TCP/IP packet may be handled by a dialup connection (e.g., PPP), a high-speed backbone (e.g., SONET), and finally arrive a local area network (e.g., Ethernet) before arriving at its destination. Though we take it for granted, there has to be a way for the sender to turn the mailing address into a physical address for the letter's next stop. For example, we look at the address and determine if it should go in the local mail "mailbox" or the "out of town" mailbox (address resolution). The address information (data link) on the outside helps the each carrier determine the next place to take the letter. In a sense, the carrier really only needs to know the "address" of the next carrier rather than the actual destination (i.e, routing). At some point, the final carrier (the intended recipient), will see that the letter has his or her own address, will open the letter rather than pass it on to another carrier.
At that point, the headers "inside of the envelope" help the recipient decipher the message. If the letter is very large and requires multiple envelopes, page numbers could be used to reassemble the message. TCP plays a similar role with network messages by numbering the pieces of the messages. Another problem is that two people can have the same address as is the case with most families. Similarly, two Web browsers will have the same data link and IP addresses so more information is needed to determine who gets what data. As long as the sender didn't address the letter to the "recipient" and every resident's name is unique we can still deliver mail to the right person. TCP provides unique numbers to applications running in the same "residence" so each can get its own letter. Unlike IP functions which are active on every computer between the sender and the receiver, TCP is only active on the sending and receiving computers (why would a mail carrier care about the recipient's first name, anyway?)
The network layer performs two key functions: routing (determining the packet path) and addressing. The network layer address provides a transparency to allow different data link "networks" to be inter-networked (hence the name). To facilitate internetworking, most LANs have a dedicated computer (a gateway) to handle messages to and from the outside world. Gateways (or routers) exchange information to help determine the best path to use to send data. Determining the best route is a complicated process based on such factors as distance, bandwidth, and cost. To help simplify the process, a number of protocols have been developed to standardize the process including (RIP, OSPF, and BGP).
IP addresses act a bridge between human-readable addresses and hardware-readable addresses. Changing IP addresses into data link addresses is known as address resolution protocol (ARP). At present, two varieties of IP are in use, IPv4 and the newer IPv6. There are also network messages for transmitting to multiple computers (IGMP) and sending status information (ICMP).
The transport layer performs three key functions: packetizing, addressing (determining which application should receive the data/response), and "session" management (negotiating and updated transmission rates to accommodate both sender and receiver).
Packetizing is necessary to ensure that the application layer messages are compatible with the data link protocol in terms of size. For example, Ethernet has a maximum data size of 1500 bytes, so sending a 3MB file will require that the file be split up into parts.
TCP addresses, in conjunction with IP addresses, allow multiple instances of the same application (e.g., two Internet Explorer Windows) to communicate properly. On the client side, the transport layer creates a new ID for each application instance (the port number) so that each application can be uniquely identified. This allows you to run an email client and a Web browser using the same IP address. On the server side, these port numbers let the server know which of its running applications is being addressed. These numbers are (somewhat) standardized. For example port 80 usually refers to a Web (http) server so that the URL http://indy.kelley.iupui.edu:80 can be shortened to just indy.kelley.iupui.edu
Finally, session management includes a number of methods of "structuring" the conversation between the sending and receiving computers. For example, if some data loss is acceptable (for instance, streaming audio), then the receiver doesn't need to waste time asking for that missing packet. In this case UDP can be used instead of TCP. The transport layer includes functions for adjusting transmission rates so that the receiving computer is not "overrun" by data during the conversation.
While each network interface card (NIC) has a permanent data link layer address, each computer connected to the Internet also has a network [IP] address assigned by the network. Network addressing is very similar to post office mail. In TCP/IP networks, 4 network "addresses" are needed for successful communications.
Versions of the Windows operating system include a number of tools for examining transport/network a properties and functions (Note that some of these utilities are "command line" programs so you'll have to open a DOS window. Also, you will need to replace computer_name with the name or IP address of the computer you are trying to examine).
The network icon in the Windows Control Panel also provides useful
information on the transport/network and data link layer protocols.
Network/transport protocols in use by the computer are denoted by
in the network configuration tab.
.
The Windows Control Panel Network Connections Applet (Windows XP)
|
IP Address |
|
| Your computer | |
| Your subnet mask | |
| Your gateway | |
| Your DNS |
Are these addresses fixed or obtained automatically?
| Site | Source address (application address: port #) |
Destination address (application address: port #) |
|
Unix Systems Group
(FTP)
IN.gov (HTTP) |
Since acquiring an IP address (using DHCP) takes extra time, why do many organizations choose not to use the following options:
a) fixed IP numbers on all their computers?
b) DHCP but using "infinite" leases?
First, clear both your DNS (ipconfig /flushdns) and arp (arp -d *) caches. Then visit your favorite three or four Web sites. Why are there so few entries in the ARP table (arp -a) as compared to the DNS table (netstat /displaydns) for Web sites you visited?
| TCP/IP protocols reference page |
| IP tutorial |
| Try it out |
| OSI Model Online Quiz (19 Questions) |
| VisualRoute - A visual tool for displaying routing information your computer and their server |
| Security |
| A collection of tools (http://www.network-tools.com) |