Transmission Control Protocol / Internet Protocol (TCP/IP) is an industry standard protocol stack that is designed for communications across large-scale networks. To increase the efficiency of the communications process, TCP/IP arranges the various protocols into layers. TCP/IP uses a four layer communication model to transmit data from one location to another. The four layers in this model are application, transport, internet, and network interface.


TCP/IP Layers (Stack)

Application Layer

     The application layer is the uppermost layer in the TCP/IP stack. All applications and utilities are contained in this layer. The protocols in this layer are used for the formatting and exchange of user information. Some common application layer protocols most people are familiar with are: HTTP, FTP, SMTP, NNTP, Telnet, etc..

Transport Layer

     The transport layer provides the ability to order and guarantee communication between computers and passes the data up to the application layer or down to the internet layer. The transport layer also provides the unique identifier of the application of which data is to be delivered. The transport layer has two core protocols that control the method by which data is delivered:
Internet Layer

     The internet layer is responsible for addressing, packaging, and routing the data that is to be transmitted. This layer contains four core protocols:
Network Interface Layer

     The network interface layer is responsible for placing data on the network medium and receiving data off the network medium. This layer contains such physical devices as network cables and network adapters. The network layer does not contain the type of software-based protocols that are included in the other three layers, but it does contain such protocols as Ethernet and asynchronous transfer mode (ATM), which define how data is transmitted on the network.


IP Address + TCP/UDP Port = Socket

     To start a network communication, the location of the source and destination computers are identified with unique numbers, known as IP addresses, which are assigned to each computer on a TCP/IP network. A port is an identifier for an application within a computer. A port is associated with either TCP or UDP transport layer protocols. A socket is the combination of an IP address and the TCP or UDP port. An application creates a socket by specifying the IP address of the computer, the type of service (TCP or UDP), and the port that the application monitors.


The TCP/IP Protocol Suite

Transmission Control Protocol (TCP)

     Transmission Control Protocol (TCP) provides a reliable, connection-oriented data delivery service between only two computers (unicast). In connection-oriented communication, the connection must be established before data can be transmitted between the two computers.

     On the source computer, TCP organizes the data to be transmitted into packets. On the destination computer, TCP reorganizes the packets to recreate the original data. TCP transmits packets in groups to increase efficiency. It assigns a sequence number to each packet and uses an acknoledgement to verify that the destination computer has received a group of packets. If the destination computer does not return an acknoledgement for each group of packets send within a specified period of time, the source computer retransmits the data.

     TCP also adds the port information for both the source and the destination applications. The source computer uses the destination port to direct the packet to the proper application at the destination computer, and the destination computer uses the source port to return information to the correct source application.

     The connection that TCP uses to communicate is called a session. TCP establishes this session through a process known as a three-way handshake. This process synchronizes sequence numbers and provides other information needed to establish the session. The three-way handshake is a three-way process:
  1. The source computer initiates the connection by transmitting the session information, including the sequence number and size of the packet.
  2. The destination computer responds with its session information.
  3. The source computer agrees with and acknowledges the received information.
User Datagram Protocol (UDP)

     User Datagram Protocol (UDP) is a transport layer protocol that identifies the destination application in a network communications. UDP provides a connectionless packet delivery service that offers fast but unreliable delivery of data. UDP does not use the three-way handshake of TCP nor does it acknowledge the arrival of packets or their correct sequencing.

Internet Protocol (IP)

     Internet Protocol (IP) helps to identify the location of the destination computer in a network communication. IP is a connectionles, unreliable protocol that is primarily responsible for addressing packets and routing them between networked computers (or routers). IP always attempts to deliver a packet, however, a packet may be lost, corrupted, delivered out of sequence, duplicated, or delayed. IP does not attempt to recover from these errors, confirming the delivery of packets and recovering lost packets is the responsibility of a higher-layer protocol, such as TCP, or the application itself.

     Each packet includes the source IP address of the sender and the destination IP address of the intended recipient. These IP addresses in a packet remain the same throughout the packets life through a network. If IP identifies a destination address as an address from the same segment, it transmits the packet directly to that computer. If the destination IP address is not on the same segment, IP must use a router to send the information.

     IP is responsible for ensuring that a packet does not remain on the network forever by limiting the number of networks across which the packet can travel. This is done by assigning a Time to Live (TTL) number to every packet. A TTL specifies the maximum length of time that the packet can travel on the network before being discarded. The TTL is not really a number of seconds or minutes, but is a number representing how many networks a packet can cross. If a packet has a TTL of 10, it can only pass through 10 networks before it is dropped. Each time a packet crosses a network, the device or router will subtract 1 from the TTL, place the new TTL in the packet, and send it to its next destination. If the receiving router gets a packet that has a TTL of 0, and the packet is not on the destination network, it will discard the packet.

Internet Control Message Protocol (ICMP)

     Internet Control Message Protocol (ICMP) provides troubleshooting facilities and error reporting for undeliverable packets. With ICMP, computers and routers that use IP communications can report errors and exchange limited control and status information. If IP is unable to deliver a packet to a destination computer, ICMP sends a Destination Unreachable message to the source computer.

Internet Group Management Protocol (IGMP)

     Internet Group Management Protocol (IGMP) is a protocol that manages the membership lists of IP multicasting in a TCP/IP network. IP multicasting is a process by which a message is transmitted to a select group of recipients, known as a multicast group. IGMP maintains the list of members who subscribe to each multicast group. IGMP transmissions are sent using the UDP protocol. For multicast information to reach its receipients, it is important that each router in the path of communications supports multicasting.

Address Resolution Protocol (ARP)

     Located in the internet layer of the TCP/IP suite, Address Resolution Protocol (ARP) performs address resolution for outgoing packets. Address resolution is the process by which IP addresses are mapped to MAC addresses. The network adapters use the MAC address to determine if a packet is meant for that computer. Without the MAC address, the network adapters do not know if they are to pass the data to a higher layer for further processing. As the outgoing packets in the IP layer are being readied for transmission on the network, the source and destination MAC addresses must be added.

     ARP uses the ARP cache to determine the MAC address to which the packet will be sent. If there is no matching entry in the ARP cache, ARP broadcasts a request for the computer corresponding to the destination IP address to reply with its MAC address. The destination stores the requesting computers MAC address in it's own ARP cache and then replies with its own MAC address. When an ARP reply is received from the destination computer, the ARP cache on the sending computer is updated and the packet is sent. If the packet is going to another segment, ARP resolves the MAC address for the router responsible for that segment, rather than resolving the address for the final destination computer. The router is then responsible for either finding the MAC address fo the destination computer or forwarding the packet to another router.


TCP/IP Packets

     TCP/IP transmits data on a network by dividing it into smaller portions called packets. Packets are often referred to by different terms based on the protocol with which they are associated. The division of data is necessary because a large unit of data takes takes a long time to move on the network and can clog the network. If any errors occured, only the corrupted packet needs to be retransmitted, instead of the entire data.

     When a packet is transmitted in the network interface layer, it is referred to as a frame. A frame consists of different components that have specific functions in the flow of data in the network interface layer.

     As a packet of data moves from one layer to another in the TCP/IP stack, each protocol addes its own header information. The packet, along with the information added to it, is referred to by a different technical name as it is identified with different protocols. These names are segment, message, datagram, and frame.

IP Routing

     Large TCP/IP networks, referred to as internetworks, are broken up into smaller segements to reduce the amount of communications within the segment. An internetwork is a network consisting of multiple segments that are connected by routers. Routers are basically computers with two network adapters that provide the primary means of joining two or more physically separated segments.

     Routers pass IP packets from one network segment to another. This process of forwarding IP packets in known as routing. Routers are attached to two or more IP network segments, enabling packets to be forwarded from one segment to another.

Packet Delivery

     Forwarded IP packets use at least one of two types of delivery, based on whether the IP packet is forwarded to the final destination or whether it is forwarded to a router. The two types of delivery are known as direct and indirect delivery. The difference is how the computer encapsulates the IP packet for the interface layer. Direct encapsulates the MAC address of the destination computer when in the same segment, indirect encapsulates the the packet addressed to the IP router's MAC address.