TCP-IP Outlook
Al-Quds University
Thierry Coulbois
TCP/IP typical Architecture
| Application | Telnet | HTTP | FTP | SMTP | | | | NFS | TFTP |
| Transport | TCP | UDP |
| Network | |
| LLC | Ethernet (IEEE 802.3) |
| MAC |
| Physic |
ARP (Adress Resolution Protocole) and RARP (Reverse ARP) have to be added at the interface between Ethernet and IP.
The DNS (Domain Name Service) is at the interface between the Transport layer and the application layer. It uses UDP.
There are many more protocoles not mentionned here, and other possible architecture e.g. using different physical layer.
Encapsulation:
Protocoles are encapsulated one in another. So for a TCP segment on Ethernet you will receive a frame:
Ethernet Frame:
| Preamble | Ethernet Frame Header | Datas | Tailer |
| 7 bytes | FSD | 6 bytes | 6 bytes | 2 bytes | 4 bytes |
| AA AA AA AA AA AA AA | AB | Destination Adress | Source Adress | Protocole | FCS |
0xAA is the binary sequence 10101010.
FSD: Frame Start Delimiter (0xAB=10101011).
Protocole is 0x0800 for IP, 0x806 for ARP, etc.
Frame Check-Sum (FCS):This is a cyclic redundancy check (CRC) on the whole Ethernet Frame (Except the preamble and with 0x00000000 as the FCS). The generating polynomial is CRC-CCITT 32. The FCS is the remainder of the division of the frame (with 0x00000000 as FCS) viewed as a binary polynomial by the CRC-CCITT 32 polynomial:
X32+X26+X23+X22+X16+X12+X11+X10+X8+X7+X5+X4+X2+X+1.
Don't worry computer does not make this kind of awful calculation, they rather use shifting registers.
ARP Packets:
ARP Packets are encapsulated in Ethernet Frames with Protocole code : 0x0806
MAC Type: 0x0001 for Ethernet
Network Type: 0x0800 for IP
MAC Length: Length of the MAC address (6 for Ethernet)
Network Length: Length of the network protocol address (4 for IP)
Operation: 1 for request, 2 for response
IP Header:
Version: 4 for IPv4 and 6 for IPv6
Header Length: header length in words of 32 bits
Type of Service: deprecated
Total Length: length of the IP packet in bytes
Identity number: Number of the IP packet to which this fragment belongs
Don't Fragment (DF): 1 bit flag to allow o forbid fragmentation of this packet
More Fragments (MF): 1 bit flag this is (or not) the last fragment of this packet
Offset: (13 bits) Offset of this fragment in the packet (x8 bytes)
Time to Live (TTL): decreamented by each router, the packet is destroyed when TTL=0
Protocole: encapsulated protocole: 1 for ICMP, 6 for TCP, 17 for UDP, etc.
Header Check Sum (HCS): Check Sum for the IP Header. HCS is the 0xFFFF complement of the sum modulo 0xFFFF of all the 2-bytes words (except the check-sum) of the header. If the result of the previous calculation is 0 then the HCS is 0xFFFF, which is the same thing modulo 0xFFFF. A HCS of 0 means no check sum.
HCS=0xFFFF-(Σ 2-bytes words of the header) modulo 0xFFFF
ICMP Messages:
ICMP Messages are encapsulated in IP Packets. This protocole is used to deal with IP errors and IP control. ICMP error messages always contain the IP Header of the message that is responsible for the error + its 8 first bytes.
ICMP Type: ICMP messages are different according to their type and code. Possible value of type are
ICMP Check-Sum: A Check-sum similar to IP check-sum calculated on the whole ICMP message.
TCP Header:
Sequence Number:Sequence number of the first byte of the segment (in bytes)
Acknowledgement (ACK):Sequence number of the next byte expected (acknowledgement for all the previous bytes)
Header Length:in words of 32 bits
Urgent Flag (URG):The Urgent pointer is valid
ACK flag:The ACK field is valid
Push (PSH) flag:Deliver the datas to the application (used with interactive communications e.g. Telnet)
Reset (RST) flag:Reset TCP Connection
Synchronise (SYN) flag::Open Connection
Final (FIN) flag:Close Connection
Window:Reception Window size in bytes (sliding window algrithm)
TCP Header Check-Sum (HCS):Same calculation as for the IP HCS, but the IP adresses (dest. and source) are also added.
Urgent Pointer:The datas until this byte are urgent