Network+ Guide to Networks, Fourth Edition

Chapter 4
Network Protocols

Confidential
Objectives

 Identify the characteristics of TCP/IP, IPX/SPX, NetBIOS, and

AppleTalk
 Understand how network protocols correlate to layers of the OSI
Model
 Identify the core protocols of the TCP/IP suite and describe their
functions
 Identify the well-known ports for key TCP/IP services

Confidential
2
Objectives (continued)

 Understand addressing schemes for TCP/IP, IPX/SPX, NetBEUI,

and AppleTalk
 Describe the purpose and implementation of DNS (Domain Name
System) and WINS (Windows Internet Naming Service)
 Install protocols on Windows XP clients

Confidential
3
Introduction to Protocols

 Protocols vary according to purpose, speed, transmission efficiency,

utilization of resources, ease of setup, compatibility, and ability to
travel between different LANs
 Multiprotocol networks: networks running more than one protocol
 Most popular protocol suite is TCP/IP
 Others: IPX/SPX, NetBIOS, and AppleTalk

Confidential
4
TCP/IP (Transmission Control
Protocol/Internet Protocol)

 Suite of specialized subprotocols

 TCP, IP, UDP, ARP, and many others

 De facto standard on Internet

 Protocol of choice for LANs and WANs

 Protocols able to span more than one LAN are routable

 Can run on virtually any combination of NOSs or network media
 TCP/IP core protocols operate in Transport or Network layers

Confidential
5
The TCP/IP Core Protocols: TCP
(Transmission Control Protocol)

 Provides reliable data delivery services

 Operates in Transport layer
 Connection-oriented
 Ensures reliable data delivery through sequencing and checksums
 Provides flow control

 Port hosts address where an application makes itself available to

incoming or outgoing data

Confidential
6
 NetBIOS/NetBEUI

 Network Basic Input/Output System (NetBIOS) used for communication

within LAN
 Operates at Transport and Session layers of OSI model
 NetBIOS Extended User Interface (NetBEUI) adds capabilities to NetBIOS
and an advanced version of NetBIOS
 Widely used in Ethernet, Token Ring and Windows NT networks

Confidential
7
NetBIOS Services

 NetBIOS Name Service is implemented in Microsoft Windows as Windows

Internet Name Service (WINS).

NetBIOS
Services

Session Datagram
Name Service
Service Service

Confidential
8
Name Service

 Implemented in Microsoft Windows as Windows Internet Name

Service (WINS).
 Provides means to application to register its NetBIOS name
 Name Service functions include
 Add Name
 Add Group Name
 Delete Name
 Find Name

Confidential
9
Session Service

Establishes session for data exchange between computers using TCP port 139

Session Establishment Process Session Termination Process

Confidential
10
Datagram Service

 Uses the UDP port 138 and provides a connectionless and

broadcast-oriented data communication between two devices.
 Divides data in datagrams before sending
 Datagram service functions include:
 Send Datagram
 Send Broadcast Datagram
 Receive Datagram
 Receive Broadcast Datagram

Confidential
11
NetBIOS Name Resolution

 Used to map NetBIOS names to IP addresses

 Methods used to resolve names:
 NetBIOS Name Cache
 NetBIOS Name Server (NBNS)
 Local Broadcast
 Order of resolving names depends on node types:
 B-node (broadcast)
 P-node (peer-peer)
 M-node (mixed)
 H-node (hybrid)

Confidential
12
NetBEUI

 Enhanced version of NetBIOS

 NetBIOS is used in Ethernet and Win NT where as NetBEUI is used in Win
95, Win 98 and LAN
 Uses unacknowledged connectionless mode for name service and datagram
service
 Uses virtual circuit approach for session service
 NetBEUI provides name service, datagram service and session service

Confidential
13
TCP/IP

 Two layer communication protocol used by Internet

 TCP provides connection-oriented reliable transport service
 Divides the message into smaller packets called segments
 IP is a connectionless and unreliable datagram protocol and provides no
error checking
 IP transfers data in the form of packets called datagrams

Confidential
14
TCP/IP Protocol Suite

 Designed before OSI model

 Consists of five layers
 Provides independent
protocols at each layer

Confidential
15
TCP Segment Format

Confidential
16
IPv4 Datagram Format

Confidential
17
IP Datagram Fragmentation

 Fragmentation refers to breaking datagrams into pieces

 Maximum Transfer Unit (MTU) is maximum amount of data that frame can
carry
 Datagram is fragmented when its size exceeds MTU of network
 Fragments follow different paths to reach destination

Confidential
18
ARP/RARP

 To deliver packet both physical and logical addresses are necessary

 Address Resolution Protocol (ARP) provides physical address when logical
address is known
 Reverse Address Resolution Protocol (RARP) maps logical address to
physical address
 RARP is useful when device is booted for first time

Confidential
19
ICMP/IGMP

 Internet Control Message Protocol (ICMP) provides error reporting and

query management mechanism
 ICMP handles problems occurring while packet transmission
 Internet Group Message Protocol (IGMP) manages multicasting and group
membership of devices

Confidential
20
ICMP Message Types

ICMP Messages
Error Reporting Query
Destination Echo request
Unreachable and reply
Source Quench Timestamp request
and reply
Time Exceeded Address Mask
Request and reply
Parameter Problem Router Solicitation
and Advertisement
Redirection

Confidential
21
IGMP Message Types

IGMP Messages

Membership
Query Leave Report
Report

General Query Special Query

Confidential
22
UDP

 User Datagram Protocol (UDP) provides connectionless process-to-process

communication
 UDP packets are called user data grams.
 User Datagram Format:

Confidential
23
UDP Operation - I

Encapsulation Decapsulation

Confidential
24
UDP Operation - II

Client Queue Server Queue

Confidential
25
IPX/SPX

 Novell NetWare system uses IPX/SPX as communication protocol within

networks
 IPX operates at Network layer for connectionless communication
 SPX operates at Transport layer for connection-oriented communication
 Together, IPX/SPX provides same services as TCP/IP

Confidential
26
IPX/SPX Protocol Suite

Confidential
27
IPX/SPX Naming Conventions

 IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink) uses two types

of IPX network numbers for routing purposes:
 Internal network number – Mentioned as Internal network number in
NWLink IPX/SPX/NetBIOS Compatible Transport Protocol Properties dialog
box
 External network number – Mentioned as Network number in Manual Frame
Detection dialog box

Confidential
28
HDLC/SDLC

 High Level Data Link Control (HDLC) and Synchronous Data Link Control
(SDLC) are bit-oriented synchronous protocols in which data frames are
interpreted as series of bits
 Both are useful for half-duplex and full-duplex communication
 Windows XP still support DLC

Confidential
29
HDLC Nodes and Configurations

 Types of HDLC nodes are:

 Primary Station
 Secondary Station
 Combined Station

 Supported link configurations:

 Unbalanced
 Balanced

Confidential
30
HDLC Data Transfer Modes

 Normal Response Mode (NRM) – Secondary station requires permission

from primary station before sending data
 Asynchronous Response Mode (ARM) – Secondary station can transfer
without permission from primary station
 Asynchronous Balanced Mode (ABM) – Either of the combined station can
initiate the transmission

Confidential
31
SDLC

 Bit-oriented protocol and similar to HDLC

 Only primary and secondary stations are used

Configurations

Point-to-Point Multipoint Loop Hub go-ahead

Confidential
32
Protocols at Different Layers

OSI Layers Protocols

Physical Layer No protocols defined

Data Link Layer HDLC, SDLC

Network Layer NetBEUI, IP, ICMP, IGMP, ARP, RARP, IPX

Transport Layer NetBEUI, TCP, UDP, SPX

Session Layer NetBIOS, SAP, SMTP, FTP, DNS, SNMP,

Presentation Layer NCP, RIP, NLSP, SMTP, FTP, DNS, SNMP, NFS

Application Layer SMTP, DNS, SNMP, NFS, TFTP

Confidential
33
The TCP/IP Core Protocols:
TCP (continued)

Figure 4-1: A TCP segment

Confidential
34
The TCP/IP Core Protocols:
TCP (continued)

Figure 4-2: TCP segment data

Confidential
35
The TCP/IP Core Protocols:
TCP (continued)

Figure 4-3: Establishing a TCP connection

Confidential
36
UDP (User Datagram Protocol)

Figure 4-4: A UDP segment

Confidential
37
IP (Internet Protocol)

 Provides information about how and where data should be delivered

 Data’s source and destination addresses
 Network layer protocol
 Enables TCP/IP to internetwork
 Unreliable, connectionless protocol

 IP datagram: packet, in context of TCP/IP

 Envelope for data

Confidential
38
IP (continued)

Figure 4-5: An IP datagram

Confidential
39
IP (continued)

Figure 4-6: IP datagram data

Confidential
40
ICMP (Internet Control
Message Protocol)

 Network layer protocol that reports on success or failure of data

delivery
 Indicates when part of network congested
 Indicates when data fails to reach destination
 Indicates when data discarded because allotted time for delivery (TTL)
expired
 Cannot correct errors it detects

Confidential
41
IGMP (Internet Group
Management Protocol)

 Network layer protocol that manages multicasting

 Transmission method allowing one node to send data to defined group
of nodes
 Point-to-multipoint method
 Teleconferencing or videoconferencing over Internet

 Routers use IGMP to determine which nodes belong to multicast

group and to transmit data to all nodes in that group

Confidential
42
ARP (Address Resolution Protocol)

 Network layer protocol

 Obtains MAC (physical) address of host
 Creates database that maps MAC address to host’s IP (logical) address

 ARP table or cache: local database containing recognized MAC-to-

IP address mappings
 Dynamic ARP table entries created when client makes ARP request that
cannot be satisfied by data already in ARP table
 Static ARP table entries entered manually using ARP utility

Confidential
43
RARP (Reverse Address
Resolution Protocol)

 Allows client to broadcast MAC address and receive IP address in

reply
 If device doesn’t know own IP address, cannot use ARP

 RARP server maintains table of MAC addresses and associated IP

addresses

Confidential
44
Addressing in TCP/IP

 IP core protocol responsible for logical addressing

 IP Address: unique 32-bit number
 Divided into four octets separated by periods
 0 reserved as placeholder referring to entire group of computers on a network
 255 reserved for broadcast transmissions

Confidential
45
Addressing in TCP/IP (continued)

Figure 4-8: IP addresses and their classes

Confidential
46
Addressing in TCP/IP (continued)

 Many Internet addresses go unused

 Cannot be reassigned because they are reserved
 IP version 6 (IPv6) will incorporate new addressing scheme

 Some IP addresses reserved for special functions

 127 reserved for a device communicating with itself
 Loopback test

 ipconfig: Windows XP command to view IP information

 ifconfig on Unix and Linux

Confidential
47
Binary and Dotted Decimal Notation

 Most common way of expressing IP addresses

 Decimal number between 0 and 255 represents each binary octet
 Separated by period

 Each number in dotted decimal address has binary equivalent

Confidential
48
Subnet Mask

 Every device on TCP/IP-based network identified by subnet mask

 32-bit number that, when combined with device’s IP address, informs
rest of network about segment or network to which a device is attached
 Subnetting: subdividing single class of networks into multiple,
smaller logical networks or segments

Confidential
49
Assigning IP Addresses

 Nodes on a network must have unique IP addresses

 Static IP address: manually assigned
 Can easily result in duplication of addresses

 Most network administrators rely on network service to automatically

assign IP addresses

Confidential
50
BOOTP (Bootstrap Protocol)

 Uses central list of IP addresses and associated devices’ MAC

addresses to assign IP addresses to clients dynamically
 Dynamic IP addresses
 Application layer protocol
 Client broadcasts MAC address, BOOTP server replies with:
 Client’s IP address
 IP address of server
 Host name of server
 IP address of a default router

Confidential
51
DHCP (Dynamic Host Configuration
Protocol)

 Automated means of assigning unique IP address to every device

on a network
 Application layer protocol
 Reduces time and planning spent on IP address management
 Reduces potential for errors in assigning IP addresses
 Enables users to move workstations and printers without having to
change TCP/IP configuration
 Makes IP addressing transparent for mobile users

Confidential
52
DHCP (continued)

Figure 4-11: The DHCP leasing process

Confidential
53
APIPA (Automatic Private
IP Addressing)

 Provides computer with IP address automatically

 For Windows 98, Me, 2000, XP client and
Windows 2003 server
 For situations where DHCP server unreachable
 Assigns computer’s network adapter IP address from predefined pool of
addresses
 169.254.0.0 through 169.254.255.255

 Computer can only communicate with other nodes using addresses in

APIPA range

Confidential
54
Sockets and Ports

 Every process on a machine assigned a port number 0 to 65535

 Process’s port number plus host machine’s IP address equals
process’s socket
 Ensures data transmitted to correct application

 Well Known Ports: in range 0 to 1023

 Assigned to processes that only the OS or system administrator can
access

Confidential
55
Sockets and Ports (continued)

 Registered Ports: in range 1024 to 49151

 Accessible to network users and processes that do not have special
administrative privileges

 Dynamic and/or Private Ports: in range 49152 through 65535

 Open for use without restriction

Confidential
56
Addressing in IPv6

 IPv6 slated to replace current IP protocol, IPv4

 More efficient header, better security, better prioritization
 Billions of additional IP addresses

 Differences:
 Address size
 Representation
 Distinguishes among different types of network interfaces
 Format Prefix

Confidential
57
Host Names and DNS (Domain Name
System): Domain Names

 Every host can take a host name

 Every host is member of a domain
 Group of computers belonging to same organization and has part of
their IP addresses in common
 Domain name usually associated with company or other type of
organization

 Fully qualified host name: local host name plus domain name
 Domain names must be registered with an Internet naming authority
that works on behalf of ICANN

Confidential
58
Host Files

 ASCII text file called HOSTS.TXT

 Associate host names with IP addresses
 Growth of Internet made this arrangement impossible to maintain

Figure 4-13: Example host file

Confidential
59
DNS (Domain Name System)

 Hierarchical method of associating domain names with IP

addresses
 Refers to Application layer service that accomplishes association and
organized system of computers and databases making association
possible
 Relies on many computers around world
 Thirteen root servers
 Three components:
 Resolvers
 Name servers
 Name space

Confidential
60
DNS (continued)

Figure 4-14: Domain name resolution

Confidential
61
DNS (continued)

Figure 4-14 (continued): Domain name resolution

Confidential
62
DDNS (Dynamic DNS)

 DNS is reliable as long as host’s address is static

 Many Internet users subscribe to type of Internet service in which IP
address changes periodically

 In DDNS, service provider runs program on user’s computer that

notifies service provider when IP address changes
 DNS record update effective throughout Internet in minutes

Confidential
63
Zeroconf (Zero Configuration)

 Collection of protocols designed by IETF to simplify setup of nodes

on TCP/IP networks
 Assigns IP address
 Resolves node’s host name and IP address without requiring DNS
server
 Discovers available services
 Enables directly connected workstations to communicate without relying
on static IP addressing
 IP addresses are assigned through IPv4LL (IP version 4 Link Local)

Confidential
64
Some TCP/IP
Application Layer Protocols

 Telnet: terminal emulation protocol used to log on to remote hosts

using TCP/IP protocol suite
 TCP connection established
 Keystrokes on user’s machine act like keystrokes on remotely
connected machine

 FTP (File Transfer Protocol): Application layer protocol used to send

and receive files via TCP/IP
 Server and clients
 FTP commands work from OS’s command prompt
 Anonymous logons

Confidential
65
Some TCP/IP Application Layer Protocols
(continued)

 Trivial File Transfer Protocol (TFTP): enables file transfers between

computers
 Simpler than FTP
 Relies on UDP at Transport layer
 Connectionless

 Network Time Protocol (NTP): Application layer protocol used to

synchronize clocks of computers
 Network News Transfer Protocol (NNTP): facilitates exchange of
newsgroup messages between multiple servers and users

Confidential
66
Some TCP/IP Application Layer Protocols
(continued)

 Packet Internet Groper (PING): utility that can verify that TCP/IP is
installed, bound to the NIC, configured correctly, and
communicating
 Pinging:
 Echo request and echo reply
 Can ping either an IP address or a host name
 Pinging loopback address, 127.0.0.1, to determine whether
workstation’s TCP/IP services are running
 Many useful switches
 e.g., -?, -a, -n, -r

Confidential
67
IPX/SPX (Internetwork Exchange/Sequenced
Packet Exchange)

 Required to ensure interoperability of LANs running NetWare

versions 3.2 and lower
 Replaced by TCP/IP on Netware 5.0 and higher

Confidential
68
The IPX and SPX Protocols

 Internetwork Packet Exchange (IPX): provides logical addressing

and internetworking services
 Operates at Network layer
 Similar to IP
 Connectionless

 Sequenced Packet Exchange (SPX): Works with IPX to ensure data

received whole, in sequence, and error free
 Belongs to Transport layer
 Connection-oriented

Confidential
69
Addressing in IPX/SPX

 Each node on network must be assigned unique address

 IPX address
 Network address: chosen by network administrator
 Node address: by default equal to network device’s MAC address

Confidential
70
NetBIOS and NetBEUI

 NetBIOS originally designed to provide Transport and Session layer

services for applications running on small, homogenous networks
 Microsoft added standard Transport layer component called
NetBEUI
 Efficient on small networks
 Consumes few network resources
 Provides excellent error correction
 Does not allow for good security
 Few possible connections
 Cannot be routed

Confidential
71
Addressing in NetBEUI

 Network administrators must assign NetBIOS name to each

workstation
 After NetBIOS has found workstation’s NetBIOS name, it discovers
workstation’s MAC address
 Uses this address in further communications

Confidential
72
WINS (Windows Internet
Naming Service)

 Provides means to resolve NetBIOS names to

IP addresses
 Used exclusively with systems using NetBIOS
 Microsoft Windows

 Automated service that runs on a server

 Guarantees unique NetBIOS name used for each computer on
network
 Clients do not have to broadcast NetBIOS names to rest of network
 Improves network performance

Confidential
73
AppleTalk

 Protocol suite originally designed to interconnect Macintosh

computers
 Can be routed between network segments and integrated with
NetWare-, UNIX-, Linux-, or Microsoft-based networks

 AppleTalk network separated into logical groups of computers called

AppleTalk zones
 Enable users to share file and printer resources

 AppleTalk node ID: Unique 8- or 16-bit number that identifies

computer on an AppleTalk network

Confidential
74
Binding Protocols on a
Windows XP Workstation

 Windows Internet Naming Service (WINS): process of assigning one

network component to work with another
 Core Network and Transport layer protocols normally included with
OS
 When enabled, attempt to bind with network interfaces on computer
 For optimal network performance, bind only protocols absolutely
needed
 Possible to bind multiple protocols to same network adapter

Confidential
75
Summary

 Protocols define the standards for communication between nodes

on a network
 TCP/IP is most popular protocol suite, because of its low cost, open
nature, ability to communicate between dissimilar platforms, and
routability
 TCP provides reliability through checksum, flow control, and
sequencing information
 IP provides information about how and where data should be
delivered
 Every IP address contains two types of information: network and
host

Confidential
76
Summary (continued)

 Subnetting is implemented to control network traffic and conserve a

limited number of IP addresses
 Dynamic IP address assignment can be achieved using BOOTP or
the more sophisticated DHCP
 A socket is a logical address assigned to a specific process running
on a host
 IPv6 provides several other benefits over IPv4
 A domain is a group of hosts that share a domain name and have
part of their IP addresses in common

Confidential
77
Summary (continued)

 DNS is a hierarchical way of tracking domain names and their

addresses
 IPX/SPX is a suite of protocols that reside at different layers of the
OSI Model
 NetBEUI is a protocol that consumes few network resources,
provides error correction, and requires little configuration
 WINS is a service used on Windows systems to map IP addresses
to NetBIOS names
 AppleTalk is the protocol suite originally used to interconnect
Macintosh computers

Confidential
78