Internet Protocols 30-130 [607311]

CHAPTER
Internet Protocols 30-130
Internet Protocols
Background
The Internet protocols are the world’s most popular open-system (nonproprietary) protocol suite
becausetheycanbeusedtocommunicateacrossanysetofinterconnectednetworksandareequallywell suited for LAN and WAN communications. The Internet protocols consist of a suite ofcommunication protocols, of which the two best known are the Transmission Control Protocol(TCP) and the Internet Protocol (IP). The Internet protocol suite not only includes lower-layerprotocols (such as TCP and IP), but it also specifies common applications such as electronic mail,terminalemulation,andfiletransfer.Thischapterprovidesabroadintroductiontospecificationsthatcomprise the Internet protocols. Discussions include IP addressing and key upper-layer protocolsused in the Internet. Specific routing protocols are addressed individually in Part 6, RoutingProtocols.
Internet protocols were first developed in the mid-1970s, when the Defense Advanced Research
ProjectsAgency(DARPA)becameinterestedinestablishingapacket-switchednetworkthatwouldfacilitate communication between dissimilar computer systems at research institutions. With thegoal of heterogeneous connectivity in mind, DARPA funded research by Stanford University andBolt,Beranek,andNewman(BBN).TheresultofthisdevelopmenteffortwastheInternetprotocolsuite, completed in the late 1970s.
TCP/IPlaterwasincludedwithBerkeleySoftwareDistribution(BSD)UNIXandhassincebecome
the foundation on which the Internet and the World Wide Web (WWW) are based.
Documentation of the Internet protocols (including new or revised protocols) and policies are
specified in technical reports called Request For Comments (RFCs), which are published and thenreviewed and analyzed by the Internet community. Protocol refinements are published in the newRFCs. To illustrate the scope of the Internet protocols, Figure 30-1 maps many of the protocols ofthe Internet protocol suite and their corresponding OSI layers. This chapter addresses the basicelements and operations of these and other key Internet protocols.

Internet Protocol (IP)
Internetworking Technology Overview, June 199930-2Figure 30-1 Internet protocols span the complete range of OSI model layers.
Internet Protocol (IP)
TheInternetProtocol(IP)isanetwork-layer(Layer3)protocolthatcontainsaddressinginformation
and some control information that enables packets to be routed. IP is documented in RFC 791 andis the primary network-layer protocol in the Internet protocol suite. Along with the TransmissionControl Protocol (TCP), IP represents the heart of the Internet protocols. IP has two primaryresponsibilities: providing connectionless, best-effort delivery of datagrams through aninternetwork;and providingfragmentationandreassembly ofdatagramsto supportdatalinks withdifferent maximum-transmission unit (MTU) sizes.
IP Packet Format
An IP packet contains several types of information, as illustrated in Figure 30-2.PresentationApplication
NetworkTransport
Link
PhysicalOSI
Reference Model Internet Protocol Suite
SessionNFS
XDR
RPCFTP, Telnet,
SMTP, SNMP
Not SpecifiedICMP IPTCP, UDP
ith2801Routing Protocols
ARP, RARP

Internet Protocols 30-3IP Packet Format
Figure 30-2 Fourteen fields comprise an IP packet.
The following discussion describes the IP packet fields illustrated in Figure 30-2:
•Version— Indicates the version of IP currently used.
•IP Header Length ( IHL)—Indicates the datagram header length in 32-bit words.
•Type-of-Service —Specifies how an upper-layer protocol would like a current datagram to be
handled, and assigns datagrams various levels of importance.
•Total Length —Specifies the length, in bytes, of the entire IP packet, including the data and
header.
•Identification —Containsanintegerthatidentifiesthecurrentdatagram.Thisfieldisusedtohelp
piece together datagram fragments.
•Flags—Consists of a 3-bit field of which the two low-order (least-significant) bits control
fragmentation.Thelow-orderbitspecifieswhetherthepacketcanbefragmented.Themiddlebitspecifies whether the packet is the last fragment in a series of fragmented packets. The third orhigh-order bit is not used.
•Fragment Offset —Indicates the position of the fragment’s data relative to the beginning of the
dataintheoriginaldatagram,whichallowsthedestinationIPprocesstoproperlyreconstructtheoriginal datagram.
•Time-to-Live —Maintains a counter that gradually decrements down to zero, at which point the
datagram is discarded. This keeps packets from looping endlessly.
•Protocol—Indicateswhichupper-layerprotocolreceivesincomingpacketsafterIPprocessingis
complete.
•Header Checksum —Helps ensure IP header integrity.
•Source Address— Specifies the sending node.
•Destination Address —Specifies the receiving node.IdentificationVersion
Destination addressSource address
Options (+ padding)
Data (variable)32 bits
Time-to-liveTotal length
Fragment offset
Header checksumIHL Type-of-service
Protocol
S2539Flags

Internet Protocol (IP)
Internetworking Technology Overview, June 199930-4•Options—Allows IP to support various options, such as security.
•Data—Contains upper-layer information.
IP Addressing
As with any other network-layer protocol, the IP addressing scheme is integral to the process of
routingIPdatagramsthroughaninternetwork.EachIPaddresshasspecificcomponentsandfollowsabasicformat.TheseIPaddressescanbesubdividedandusedtocreateaddressesforsubnetworks,as discussed in more detail later in this chapter.
Each host on a TCP/IP network is assigned a unique 32-bit logical address that is divided into two
mainparts:thenetworknumberandthehostnumber.ThenetworknumberidentifiesanetworkandmustbeassignedbytheInternetNetworkInformationCenter(InterNIC)ifthenetworkistobepartoftheInternet.AnInternetServiceProvider(ISP)canobtainblocksofnetworkaddressesfromtheInterNIC and can itself assign address space as necessary. The host number identifies a host on anetwork and is assigned by the local network administrator.
IP Address Format
The 32-bitIP address is groupedeight bits ata time, separated bydots, and represented indecimalformat (known as dotted decimal notation ). Each bit in the octet has a binary weight (128, 64, 32,
16, 8, 4, 2, 1). The minimum value for an octet is 0, and the maximum value for an octet is 255.Figure 30-3 illustrates the basic format of an IP address.
Figure 30-3 An IP address consists of 32 bits, grouped into four octets.
IP Address Classes
IPaddressingsupportsfivedifferentaddressclasses:A,B,C,D,andE.OnlyclassesA,B,andCareavailableforcommercialuse.Theleft-most(high-order)bitsindicatethenetworkclass.Table 30-1provides reference information about the five IP address classes.32 Bits
Host Network
8 Bits
172Dotted
DecimalNotation
•••16 122 2048 Bits 8 Bits 8 Bits

Internet Protocols 30-5IP Address Classes
Table 30-1 Reference Information About the Five IP Address Classes
Figure 30-4illustratestheformatofthecommercialIPaddressclasses.(Notethehigh-orderbitsin
each class.)
Figure 30-4 IP address formats A, B, and C are available for commercial use.
The class of address can be determined easily by examining the first octet of the address andmapping that value to a class range in the following table. In an IP address of 172.31.1.2, forexample, the first octet is 172. Because 172 falls between 128 and 191, 172.31.1.2 is a Class Baddress.Figure 30-5summarizestherangeofpossiblevaluesforthefirstoctetofeachaddressclass.IP
AddressClass Format PurposeHigh-Or
derBit(s) Address RangeNo. Bits
Network/Host Max. Hosts
A N.H.H.H
1
1 N = Network number, H = Host number.Few large
organizations0 1.0.0.0 to 126.0.0.0 7/24 16,777, 2142
(224 – 2)
2 One address is reserved for the broadcast address, and one address is reserved for the network.B N.N.H.H Medium-size
organizations1, 0 128.1.0.0 to
191.254.0.014/16 65, 543 (216–
2)
C N.N.N.H Relatively small
organizations1, 1, 0 192.0.1.0 to
223.255.254.022/8 245 (28– 2)
D N/A Multicast groups
(RFC 1112)1, 1, 1, 0 224.0.0.0 to
239.255.255.255N/A (not for
commercial use)N/A
E N/A Experimental 1, 1, 1, 1 240.0.0.0 to
254.255.255.255N/A N/A
Class C Class BClass A
Network01
Network011 24 7 No. Bits
16 14
21 8 64 32 16 8 4 2 1 128Network0 Host Host Host
Host Host Network
Host Network Network
24143

Internet Protocol (IP)
Internetworking Technology Overview, June 199930-6Figure 30-5 A range of possible values exists for the first octet of each address class.
IP Subnet Addressing
IP networks can be divided into smaller networks called subnetworks (or subnets). Subnetting
provides the network administrator with several benefits, including extra flexibility, more efficientuse of network addresses, and the capability to contain broadcast traffic (a broadcast will not crossa router).
Subnets are under local administration. As such, the outside world sees an organization as a single
network and has no detailed knowledge of the organization’s internal structure.
A given network address can be broken up into many subnetworks. For example, 172.16.1.0,
172.16.2.0,172.16.3.0,and172.16.4.0areallsubnetswithinnetwork171.16.0.0.(All0sinthehostportion of an address specifies the entire network.)
IP Subnet Mask
A subnet address is created by “borrowing” bits from the host field and designating them as thesubnet field. The number of borrowed bits varies and is specified by the subnet mask. Figure 30-6shows how bits are borrowed from the host address field to create the subnet address field.Class AAddress
ClassFirst Octet
in DecimalHigh-Order
Bits
1 Ð 126 0
Class B 128 Ð 191 10Class C 192 Ð 223 110Class D 224 Ð 239 1110Class E 240 Ð 254 1111
24144

Internet Protocols 30-7IP Address Classes
Figure 30-6 Bits are borrowed from the host address field to create the subnet address
field.
SubnetmasksusethesameformatandrepresentationtechniqueasIPaddresses.Thesubnetmask,
however,hasbinary1sinallbitsspecifyingthenetworkandsubnetworkfields,andbinary0sinallbits specifying the host field. Figure 30-7 illustrates a sample subnet mask.
Figure 30-7 A sample subnet mask consists of all binary 1s and 0s.
Subnet mask bits should come from the high-order (left-most) bits of the host field, as Figure 30-8illustrates.DetailsofClassBandCsubnetmasktypesfollow.ClassAaddressesarenotdiscussedin this chapter because they generally are subnetted on an 8-bit boundary.Network Host Host
Network Subnet Host NetworkClass B Address: Before Subnetting
Class B Address: After SubnettingNetwork01
01
Network
11111111Network
11111111Subnet
11111111Host
00000000
255 255 255 0Binary
representation
Dotted decimal
representation
24145

Internet Protocol (IP)
Internetworking Technology Overview, June 199930-8Figure 30-8 Subnet mask bits come from the high-order bits of the host field.
Various types of subnet masks exist for Class B and C subnets.
ThedefaultsubnetmaskforaClassBaddressthathasnosubnettingis255.255.0.0,whilethesubnet
mask for a Class B address 171.16.0.0 that specifies eight bits of subnetting is 255.255.255.0. Thereason for this is that eight bits of subnetting or 2
8– 2 (1 for the network address and 1 for the
broadcast address) = 254 subnets possible, with 28 – 2 = 254 hosts per subnet.
The subnet mask for a Class C address 192.168.2.0 that specifies five bits of subnetting is
255.255.255.248.With five bits available for subnetting, 25– 2 = 30 subnets possible, with
23– 2 = 6 hosts per subnet.
Thereferencechartsshownintable30–2andtable30–3canbeusedwhenplanningClassBandC
networks to determine the required number of subnets and hosts, and the appropriate subnet mask.
Table 30-2 Class B Subnetting Reference Chart
Number of Bits Subnet Mask Number of Subnets Number of Hosts
2 255.255.192.0 2 163823 255.255.224.0 6 81904 255.255.240.0 14 40945 255.255.248.0 30 20466 255.255.252.0 62 10227 255.255.254.0 126 5108 255.255.255.0 254 2549 255.255.255.128 510 12610 255.255.255.192 1022 6211 255.255.255.224 2046 3012 255.255.255.240 4094 141
11111110
11111110
01111110
00111110
00011110
00001110
00000110
00000011 2 86 43 21 6 8421
=
=======128
192224240248252254255
24146

Internet Protocols 30-9IP Address Classes
Table 30-3 Class C Subnetting Reference Chart
How Subnet Masks are Used to Determine the Network Number
The router performs a set process to determine the network (or more specifically, the subnetwork)
address.First,therouterextractstheIPdestinationaddressfromtheincomingpacketandretrievesthe internal subnet mask. It then performs a logical AND operation to obtain the network number.
This causes the host portion of the IP destination address to be removed, while the destinationnetwork number remains. The router then looks up the destination network number and matches itwith an outgoing interface. Finally, it forwards the frame to the destination IP address. Specificsregarding the logical AND operation are discussed in the following section.
Logical AND Operation
Three basic rules govern logically “ANDing” two binary numbers. First, 1 “ANDed” with 1 yields1.Second,1“ANDed”with0yields0.Finally,0“ANDed”with0yields0.Thetruthtableprovidedin table 30–4 illustrates the rules for logical AND operations.
Table 30-4 Rules for Logical AND Operations
TwosimpleguidelinesexistforrememberinglogicalANDoperations:Logically“ANDing”a1witha 1 yields the original value, and logically “ANDing” a 0 with any number yields 0.
Figure 30-9illustratesthatwhenalogicalANDofthedestinationIPaddressandthesubnetmaskis
performed, the subnetwork number remains, which the router uses to forward the packet.13 255.255.255.248 8190 6
14 255.255.255.252 16382 2
Number of Bits Subnet Mask Number of Subnets Number of Hosts
2 255.255.255.192 2 623 255.255.255.224 6 304 255.255.255.240 14 145 255.255.255.248 30 66 255.255.255.252 62 2
Input Input Output
111100010000Number of Bits Subnet Mask Number of Subnets Number of Hosts

Internet Routing
Internetworking Technology Overview, June 199930-10Figure 30-9 Applying a logical AND the destination IP address and the subnet mask
produces the subnetwork number.
Address Resolution Protocol ( ARP) Overview
Fortwomachinesonagivennetworktocommunicate,theymustknowtheothermachine’sphysical
(orMAC)addresses.BybroadcastingAddressResolutionProtocols(ARPs),ahostcandynamicallydiscover the MAC-layer address corresponding to a particular IP network-layer address.
AfterreceivingaMAC-layeraddress,IPdevicescreateanARPcachetostoretherecentlyacquired
IP-to-MACaddressmapping,thusavoidinghavingtobroadcastARPSwhentheywanttorecontacta device. If the device does not respond within a specified time frame, the cache entry is flushed.
InadditiontotheReverseAddressResolutionProtocol(RARP)isusedtomapMAC-layeraddresses
toIPaddresses.RARP,whichisthelogicalinverseofARP,mightbeusedbydisklessworkstationsthatdonotknowtheirIPaddresseswhentheyboot.RARPreliesonthepresenceofaRARPserverwith table entries of MAC-layer-to-IP address mappings.
Internet Routing
Internet routing devices traditionally have been called gateways. In today’s terminology, however,thetermgatewayrefersspecificallytoadevicethatperformsapplication-layerprotocoltranslationbetween devices. Interior gateways refer to devices that perform these protocol functions betweenmachines or networks under the same administrative control or authority, such as a corporation’sinternal network. These are known as autonomous systems. Exterior gateways perform protocolfunctions between independent networks.
Routers within the Internet are organized hierarchically. Routers used for information exchange
within autonomous systems are called interior routers, which use a variety of Interior GatewayProtocols(IGPs)toaccomplishthispurpose.TheRoutingInformationProtocol(RIP)isanexampleof an IGP.
Routers that move information between autonomous systems are called exterior routers. These
routersuseanexteriorgatewayprotocoltoexchangeinformationbetweenautonomoussystems.TheBorder Gateway Protocol (BGP) is an example of an exterior gateway protocol.
NoteSpecific routing protocols, including BGP and RIP, are addressed in individual chapters
presented in Part 6 later in this book.Network Subnet Host
171171.16.1.2
255.255.255.0 Destination IP
Address
Subnet
Mask
16 1000000000 11111111 11111111 1111111100000010 00000001 00010000 10101011
00000000 00000001 00010000 10101011
24147

Internet Protocols 30-11IP Routing
IP Routing
IProutingprotocolsaredynamic.Dynamicroutingcallsforroutestobecalculatedautomaticallyat
regularintervalsbysoftwareinroutingdevices.Thiscontrastswithstaticrouting,whereroutersareestablishedbythenetworkadministratoranddonotchangeuntilthenetworkadministratorchangesthem.
AnIProutingtable,whichconsistsofdestinationaddress/nexthoppairs,isusedtoenabledynamic
routing. An entry in this table, for example, would be interpreted as follows: to get to network172.31.0.0, send the packet out Ethernet interface 0 (E0).
IProutingspecifiesthatIPdatagramstravelthroughinternetworksonehopatatime.Theentireroute
is not known at the onset of the journey, however. Instead, at each stop, the next destination iscalculated by matching the destination address within the datagram with an entry in the currentnode’s routing table.
Each node’s involvement in the routing process is limited to forwarding packets based on internal
information.Thenodesdonotmonitorwhetherthepacketsgettotheirfinaldestination,nordoesIPprovide for error reporting back to the source when routing anomalies occur. This task is left toanotherInternetprotocol,theInternetControl-MessageProtocol(ICMP),whichisdiscussedinthefollowing section.
Internet Control Message Protocol (ICMP)
TheInternet Control Message Protocol (ICMP) is a network-layer Internet protocol that provides
message packets to report errors and other information regarding IP packet processing back to thesource. ICMP is documented in RFC 792.
ICMP Messages
ICMPsgenerateseveralkindsofusefulmessages,includingDestinationUnreachable,EchoRequestandReply,Redirect,TimeExceeded,andRouterAdvertisementandRouterSolicitation.IfanICMPmessagecannotbedelivered,nosecondoneisgenerated.ThisistoavoidanendlessfloodofICMPmessages.
WhenanICMPdestination-unreachablemessageissentbyarouter,itmeansthattherouterisunable
tosendthepackagetoitsfinaldestination.Therouterthendiscardstheoriginalpacket.Tworeasonsexist for why a destination might be unreachable. Most commonly, the source host has specified anonexistent address. Less frequently, the router does not have a route to the destination.
Destination-unreachablemessagesincludefourbasictypes:networkunreachable,hostunreachable,
protocol unreachable, and port unreachable. Network-unreachable messages usually mean that a
failure has occurred in the routing or addressing of a packet. Host-unreachable messages usually
indicates delivery failure, such as a wrong subnet mask. Protocol-unreachable messages generally
mean that the destination does not support the upper-layer protocol specified in the packet.Port-unreachable messages imply that the TCP socket or port is not available.
AnICMPecho-requestmessage,whichisgeneratedbythepingcommand,issentbyanyhosttotest
nodereachabilityacrossaninternetwork.TheICMPecho-replymessageindicatesthatthenodecanbe successfully reached.
An ICMP Redirect message is sent by the router to the source host to stimulate more efficient
routing. The router still forwards the original packet to the destination. ICMP redirects allow hostroutingtablestoremainsmallbecauseitisnecessarytoknowtheaddressofonlyonerouter,evenifthat router does not provide the best path. Even after receiving an ICMP Redirect message, somedevices might continue using the less-efficient route.

Transmission Control Protocol (TCP)
Internetworking Technology Overview, June 199930-12An ICMP Time-exceeded message is sent by the router if an IP packet’s Time-to-Live field
(expressed in hops or seconds) reaches zero. The Time-to-Live field prevents packets fromcontinuouslycirculatingtheinternetworkiftheinternetworkcontainsaroutingloop.Therouterthendiscards the original packet.
ICMP Router-Discovery Protocol (IDRP)
IDRP uses Router-Advertisement and Router-Solicitation messages to discover the addresses ofrouters on directly attached subnets. Each router periodically multicasts Router-Advertisementmessages from each of its interfaces. Hosts then discover addresses of routers on directly attachedsubnets by listening for these messages. Hosts can use Router-Solicitation messages to requestimmediate advertisements rather than waiting for unsolicited messages.
IRDPoffersseveraladvantagesoverothermethodsofdiscoveringaddressesofneighboringrouters.
Primarily, it does not require hosts to recognize routing protocols, nor does it require manualconfiguration by an administrator.
Router-Advertisement messages enable hosts to discover the existence of neighboring routers, but
notwhichrouterisbesttoreachaparticulardestination.Ifahostusesapoorfirst-hoproutertoreacha particular destination, it receives a Redirect message identifying a better choice.
Transmission Control Protocol (TCP)
The TCP provides reliable transmission of data in an IP environment. TCP corresponds to thetransportlayer(Layer4)oftheOSIreferencemodel.AmongtheservicesTCPprovidesarestreamdata transfer, reliability, efficient flow control, full-duplex operation, and multiplexing.
With stream data transfer , TCP delivers an unstructured stream of bytes identified by sequence
numbers.Thisservicebenefitsapplicationsbecausetheydonothavetochopdataintoblocksbeforehanding it off to TCP. Instead, TCP groups bytes into segments and passes them to IP for delivery.
TCPoffersreliabilitybyprovidingconnection-oriented,end-to-endreliablepacketdeliverythrough
an internetwork. It does this by sequencing bytes with a forwarding acknowledgment number thatindicates to the destination the next byte the source expects to receive. Bytes not acknowledgedwithin a specified time period are retransmitted. The reliability mechanism of TCP allows devicesto deal with lost, delayed, duplicate, or misread packets. A time-out mechanism allows devices todetect lost packets and request retransmission.
TCP offers efficient flow control, which means that, when sending acknowledgments back to the
source, the receiving TCP process indicates the highest sequence number it can receive withoutoverflowing its internal buffers.
Full-duplex operation means that TCP processes can both send and receive at the same time.Finally, TCP’s multiplexing means that numerous simultaneous upper-layer conversations can be
multiplexed over a single connection.
TCP Connection Establishment
Tousereliabletransportservices,TCPhostsmustestablishaconnection-orientedsessionwithoneanother. Connection establishment is performed by using a “three-way handshake” mechanism.
Athree-wayhandshakesynchronizesbothendsofaconnectionbyallowingbothsidestoagreeupon
initialsequencenumbers.Thismechanismalsoguaranteesthatbothsidesarereadytotransmitdataand know that the other side is ready to transmit as well. This is necessary so that packets are nottransmitted or retransmitted during session establishment or after session termination.

Internet Protocols 30-13Positive Acknowledgment and Retransmission (PAR)
Each host randomly chooses a sequence number used to track bytes within the stream it is sending
and receiving. Then, the three-way handshake proceeds in the following manner:
The first host (Host A) initiates a connection by sending a packet with the initial sequence number
(X) and SYN bit set to indicate a connection request. The second host (Host B) receives the SYN,records the sequence number X, and replies by acknowledging the SYN (with an ACK = X + 1).Host B includes its own initial sequence number (SEQ = Y). An ACK = 20 means the host hasreceived bytes 0 through 19 and expects byte 20 next. This technique is called forward
acknowledgment .HostAthenacknowledgesallbytesHostBsentwithaforwardacknowledgment
indicating the next byte Host A expects to receive (ACK = Y + 1). Data transfer then can begin.
Positive Acknowledgment and Retransmission (PAR)
A simple transport protocol might implement a reliability-and-flow-control technique where thesource sends one packet, starts a timer, and waits for an acknowledgment before sending a newpacket. If the acknowledgment is not received before the timer expires, the source retransmits thepacket. Such a technique is called positive acknowledgment and retransmission (PAR).
By assigning each packet a sequence number, PAR enables hosts to track lost or duplicate packets
caused by network delays that result in premature retransmission. The sequence numbers are sentback in the acknowledgments so that the acknowledgments can be tracked.
PAR is an inefficient use of bandwidth, however, because a host must wait for an acknowledgment
before sending a new packet, and only one packet can be sent at a time.
TCP Sliding Window
ATCP sliding window provides more efficient use of network bandwidth than PAR because it
enables hosts to send multiple bytes or packets before waiting for an acknowledgment.
In TCP, the receiver specifies the current window size in every packet. Because TCP provides a
byte-stream connection, window sizes are expressed in bytes. This means that a window is thenumberofdatabytesthatthesenderisallowedtosendbeforewaitingforanacknowledgment.Initialwindow sizes are indicated at connection setup, but might vary throughout the data transfer toprovide flow control. A window size of zero, for instance, means “Send no data.”
InaTCPsliding-windowoperation,forexample,thesendermighthaveasequenceofbytestosend
(numbered 1 to 10) to a receiver who has a window size of five. The sender then would place awindow around the first five bytes and transmit them together. It would then wait for anacknowledgment.
The receiver would respond with an ACK = 6, indicating that it has received bytes 1 to 5 and is
expectingbyte6next.Inthesamepacket,thereceiverwouldindicatethatitswindowsizeis5.Thesender then would move the sliding window five bytes to the right and transmit bytes 6 to 10. ThereceiverwouldrespondwithanACK=11,indicatingthatitisexpectingsequencedbyte11next.Inthis packet, the receiver might indicate that its window size is 0 (because, for example, its internalbuffersarefull).Atthispoint,thesendercannotsendanymorebytesuntilthereceiversendsanotherpacket with a window size greater than 0.

Transmission Control Protocol (TCP)
Internetworking Technology Overview, June 199930-14TCP Packet Format
Figure 30-10 illustrates the fields and overall format of a TCP packet.
Figure 30-10 Twelve fields comprise a TCP packet.
TCP Packet Field Descriptions
The following descriptions summarize the TCP packet fields illustrated in Figure 30-10:
•SourcePort andDestinationPort —Identifiespointsatwhichupper-layersourceanddestination
processes receive TCP services.
•SequenceNumber —Usuallyspecifiesthenumberassignedtothefirstbyteofdatainthecurrent
message.Intheconnection-establishmentphase,thisfieldalsocanbeusedtoidentifyaninitialsequence number to be used in an upcoming transmission.
•AcknowledgmentNumber —Containsthesequencenumberofthenextbyteofdatathesenderof
the packet expects to receive.
•Data Offset —Indicates the number of 32-bit words in the TCP header.
•Reserved—Remains reserved for future use.
•Flags—Carries a variety of control information, including the SYN and ACK bits used for
connection establishment, and the FIN bit used for connection termination.
•Window—Specifiesthesizeofthesender’sreceivewindow(thatis,thebufferspaceavailablefor
incoming data).
•Checksum —Indicates whether the header was damaged in transit.
•Urgent Pointer —Points to the first urgent data byte in the packet.
•Options—Specifies various TCP options.
•Data—Contains upper-layer information.Sequence number
Options (+ padding)Checksum
Data (variable)Destination port
Acknowledgment numberSource port
Reserved Data offset Window
Urgent pointerFlags
S1344a

Internet Protocols 30-15User Datagram Protocol (UDP)
User Datagram Protocol (UDP)
The User Datagram Protocol (UDP) is a connectionless transport-layer protocol (Layer 4) that
belongs to the Internet protocol family. UDP is basically an interface between IP and upper-layerprocesses.UDPprotocolportsdistinguishmultipleapplicationsrunningonasingledevicefromoneanother.
UnliketheTCP,UDPaddsnoreliability,flow-control,orerror-recoveryfunctionstoIP.Becauseof
UDP’s simplicity, UDP headers contain fewer bytes and consume less network overhead than TCP.
UDP is useful in situations where the reliability mechanisms of TCP are not necessary, such as in
cases where a higher-layer protocol might provide error and flow control.
UDPisthetransportprotocolforseveralwell-knownapplication-layerprotocols,includingNetwork
FileSystem(NFS),SimpleNetworkManagementProtocol(SNMP),DomainNameSystem(DNS),and Trivial File Transfer Protocol (TFTP).
The UDP packet format contains four fields, as shown in Figure 30-11. These include source and
destination ports, length, and checksum fields.
Figure 30-11 A UDP packet consists of four fields.
Source and destination ports contain the 16-bit UDP protocol port numbers used to demultiplexdatagrams for receiving application-layer processes. A length field specifies the length of the UDP
header and data. Checksum provides an (optional) integrity check on the UDP header and data.
Internet Protocols Application-Layer Protocols
The Internet protocol suite includes many application-layer protocols that represent a wide varietyof applications, including the following:
•File Transfer Protocol (FTP) —Moves files between devices
•Simple Network-Management Protocol (SNMP) —Primarily reports anomalous network
conditions and sets network threshold values
•Telnet—Serves as a terminal emulation protocol
•X Windows —Serves as a distributed windowing and graphics system used for communication
between X terminals and UNIX workstations
•Network File System (NFS), External Data Representation (XDR), and Remote Procedure Call(RPC)—Work together to enable transparent access to remote network resources
•Simple Mail Transfer Protocol (SMTP) —Provides electronic mail services
•Domain Name System (DNS) —Translates the names of network nodes into network addresses
Table 30-5 lists these higher-layer protocols and the applications that they support.32 Bits
Destination Port Source Port
Checksum Length
24148

Internet Protocols Application-Layer Protocols
Internetworking Technology Overview, June 199930-16Table 30-5 Higher-Layer Protocols and Their Applications
Application Protocols
File transfer FTPTerminal emulation TelnetElectronic mail SMTPNetwork management SNMPDistributed file services NFS, XDR, RPC, X Windows