basic concepts of tcp/ip training module from artisoft 5/24/1996

8/9/2019 Basic Concepts of TCP/IP training module from Artisoft 5/24/1996

1/25

Basic Concepts of TCP/ IP

Module TECH01

05/24/96


2/25

ARTISOFT CORPORATE MISSION

To be a leading developer and marketer of network solutions to workgroups, small businesses, andremote network users.

MISSION

To establish channel franchises through sales execution, support, and technical services on a global

basis.

CUSTOMER SUPPORT DEPARTMENT MISSION

To Serve customers...

Better than yesterday

Better than our competitors

Better than our customers expect.

EDUCATION SERVICES DEPARTMENT MISSION

To provide Artisoft Technical Support and Sales associates with the best training and best information

tools in the industry.

Prepared by Curt Langley

PLEASE NOTE: This is a training document. It is not intended for use as a troubleshooting reference. Product featuresand concerns can and often do change without notice. Please refer to source documents or Folios for the most current

product information.

1996 ARTISOFT, INC. All rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,stored in a retrieval system, or translated into any language in any form by any means without the written permission of

ARTISOFT, INC.


3/25

Module TECH01 05/24/96 1Basic Concepts of TCP/IP

Basic Concepts of TCP/ IP

Introduction

The TCP/IP protocol has been around for many years. Its popularity has increaseddramatically with the growth of the Internet. It is becoming more and morecommonplace in the networking environments of business, large and small.

Users of LANtastic are no strangers to TCP/IP. LANtastic has been used for years tomanage workgroups on larger LANs running TCP/IP. The LANtastic for TCP/IP productwas designed to allow machines running LANtastic to also load a TCP/IP protocol stackand talk to all machines on their internet running both LANtastic and TCP/IP. As an addon product, LANtastic for TCP/IP allowed a user to run both stacks, but not a singlestack. They still had to run the Artisoft NetBIOS if they wished to communicate withother LANtastic machines. Machines running the LANtastic NetBIOS could not beeasily routed using industry standard devices.

LANtastic 7.0 has changed that situation. With the inclusion of the NTS TCP/IP stack, a

machine running LANtastic can now run the TCP/IP stack exclusively. This reduces thememory overhead of running multiple stacks and allows LANtastic users to becomepart of the Internet by easily crossing IP gateways and routers.

LANtastics full leap forward into the TCP/IP realm makes it necessary to educatesupport staff in the basics of TCP/IP.

The following concepts and terms will be discussed in this module:

TCP, IP and UDP.

IP Addressing.

Sub Netting

HOSTS and LMHOSTS files.

DNS. DHCP.

BootP.

WINS.

PPP/SLIP. NetBIOS Encapsulation.

WinSock.

ARP/RARP.

Performance Objectives

The subject of TCP/IP and the many functions associated with it encompass such abroad spectrum that it would take a series of modules equal in size to a set ofencyclopedias to cover the material. The purpose of this module is to introduce you tothe basic concepts and terminology that are most likely to be encountered by supportpersonnel and users of LANtastic 7.0 in a TCP/IP environment.


4/25


To accomplish this, the scope of this module will be very limited. This module will notgive a history of TCP/IP from its Department of Defense origins or explain the scope ofthe Internet in great detail. Readers with extensive knowledge of TCP/IP and theInternet may find it lacking, but the intended audience for this module are people whohave only a general understanding of TCP/IP. Each specific concept will be presentedin an abbreviated form. You are not expected to memorize all of the material in thismodule, but when you are finished, you should have an understanding of the mostcommon terms and concepts.

This module will assume that you are an experienced LANtastic user who understandsconcepts such as:

What defines a network?

What is Ethernet?

What is the OSI model. What is a router?

These concepts are covered in other training modules such as LAN9507, LANDS05,NETWRK01, NOS04 and NOS07.

When you have completed this module, you should be able to do/ understand thefollowing:

Define the TCP and IP protocols and the purpose of each.

Describe the three main classes of IP addresses and identify them.

Explain the purpose of sub netting and the Subnet mask.

Describe the purpose and use of HOSTS and LMHOSTS files.

Describe the purpose and use of a Domain Name Servers (DNS).

Describe the purpose and use of a Dynamic Host Configuration Protocol servers(DHCP).

Define BootP.

Describe NetBIOS Name resolution and the use of a WINS server.

Describe the PPP and SLIP protocols.

Describe NetBIOS Encapsulation in IP.

Describe the purpose and use of the WinSock API.

Describe address resolution using ARP and RARP.

Hardware/Software Requirements

This module requires no hardware or software to complete. Access to a TCP/IP basednetwork may be helpful, but is not required.

TCP/ IP and the OSI M odel

The OSI (Open Systems Interconnect) model is a structure used to describe thecomponents that comprise a network stack. Although few network vendorsspecifications are designed to match this model exactly, every specification can bemapped to this model for the purpose of comparing and contrasting them witheach other.


5/25


In the OSI model, each layer performs a specific function. Each layer can only

communicate with the layer directly above or below it. But, through the use of VirtualCircuits, the corresponding layer of two different stacks can be led to believe that theyare communicating directly with each other.

When Machine 1 wishes to talk to Machine 2, it must send out an initial request lookingfor Machine 2. If Machine 2 responds, then they have established a session. In theabove graphic, the Network layer of Machine 1 will think it is talking directly to theNetwork layer of Machine 2, when in reality, the Network layer of Machine 1 must talkto the Data Link layer below it, which must talk to the Physical layer below it, and so on.The session that is established is also known as a Virtual Circuit (VC).

Physical

Data Link

Network

Transmission Medium (Coax, Twisted Pair, ETC.)

OSI TCP/IP

Transport

Session

Presentation

Application

Network Interface Cards

Internet Protocol (IP)Address Resolution Protocol

(ARP)

Internet Control Message

Protocol (ICMP)

Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

File

Transfer

Protocol (FTP)

File

Transfer

TELNET

Terminal

Emulation

Simple Mail

Transfer

Protocol

(SMTP)

Electronic Mail

Simple

Network

Management

Protocol

(SNMP)

Trivial File

Transfer

Protocol

(TFTP)

Network

Management

File

Transfer

Network File

System (NFS)

Client/Server

The above graphic demonstrates how the TCP/IP protocol would map to the OSImodel. Note the TCP/IP components and where they fit in the model.

Physical

Data Link

Network

Physical

The OSI Model

Machine 1 Machine 2

Transport

Session

Presentation

Application

Data Link

Network

Transport

Session

Presentation

Application


6/25


What is TCP/ IP?

TCP/IP refers to two separate protocols.

IP (Internet Protocol)

This protocol operates at the Network layer of the OSI model. The Network layer isresponsible for the routing of information between different networks, not justindividual machines. Packets are created at this layer.

About PacketsThe term PACKET is generically used to describe a package of data exchanged betweentwo network clients. What is really exchanged between two network clients is apacket, which is contained in a FRAME.

IP is referred to as a connectionless protocol. Connectionless means that an IPdatagram has no mechanism for guaranteeing delivery of a packet. The IP layer of amachine will simply send a packet to another machine without ever checking to insure

that the packet was received and without errors. This lack of error checking andacknowledgment make IP ideal for sending data through numerous routers andgateways because it does not need to check on the status of that packet during its

journey. For users of LANtastic, a correlation would be the datagrams sent out by theLANCHECK program. LANCHECK sends out simple datagrams broadcasting a machinename with no interest in whether or not the datagram ever arrived anywhere.

TCP (Transmission Control Protocol)

TCP is the upper layer protocol that guarantees delivery of a packet and provides errorchecking to insure that the packet is good. It takes data from an ULP (Upper LayerProtocol), processes it, then gives it to the IP protocol for delivery. Once a packet isreceived, the destination TCP will acknowledge the receipt of that packet to the TCPlayer of the sender. Having the TCP layer of two machine communicating with eachother establishes the virtual circuit that was referred to in the previous section.

TCP is responsible for functions such as adding a sequence number to each packet thatis sent. It does this because as the packets are sent through various routers andgateways, IP cannot guarantee that they will arrive at their destination in the same orderthey were sent. By numbering each packet, the TCP at the destination machine canreassemble the packets in the correct order for the upper layer protocol that it will givethe information to. In essence, TCP is pre-processing a packet before giving it to IP,where the final packet is created.

UDP (User Datagram Protocol)

Normally, any upper layer protocol must pass through TCP to send data to thecorresponding upper layer protocol on another machine. This would imply that TCPmust perform all of its normal processing, error checking and acknowledgment on eachpacket. This is what you would normally expect to happen when data is sent that thesender needs to ensure gets to its destination. What if the upper layer protocol onlywants to send a simple datagram to another machine? If it doesnt care if the packet


7/25


gets to its destination and is not concerned about error checking, how can the ULPaccomplish this?

The ULP issues a request to the TCP layer to send a User Datagram Protocol packet, orUDP. This service is not as primitive as IP, but requires less processing than TCP.

Network Addressing

For users new to TCP/IP, perhaps the single most difficult concept to grasp if that of IPaddressing. Terms such as class, subnetting, address resolut ion and the like are a lot tolearn when all you want to know is:

How does Machine A know where to find Machine B on the network?

An excellent example of network addressing can be found by looking at how the U.S.Postal Service handles mail. This section will use this example extensively. While it isnot intended to bore you with a simplistic description of how mail is delivered, theprocess lends itself to a very close approximation of how a network delivers informationusing an example, the Postal Service, that everyone can understand and relate to.

When a letter is sent from Joe in Los Angeles to Tom in New York, Joe must supply twopieces of information:

Toms address in New York. Usually a numerical address such as 115 Main St.

Joe must supply his own address, to allow Tom to send a reply back to him ifdesired. This address could be 200 North Ave.

The letter is then given to the Postal Service for delivery.

With all networking protocols, three main pieces of information are needed for twomachines to establish a session and communicate with each other.

Source Address - what machine did the packet come from?

Destination Address - what machine is the packet going to?

Route Addressing - what path must the packet take to get to its destination?

Using the mail example, Joes address is the Source address. Toms address is theDestination address. The Route Addressing is supplied by the Postal Service. If Joe andTom lived in the same neighborhood, then the Postal Service could deliver the letterdirect ly from Joe to Tom. But, if they lived in other cites, then the Postal service mustroute the letter through intermediate offices to finally get it from Los Angeles to NewYork. For example, it may have to go by plane to Chicago, then by a different plane toNew York.

On an Ethernet network, every adapter is identified by a unique number that is burned

into the adapters ROM chip. This is known as a MAC (Media Access Control) address.With that address, another machine can send a message specifically to the physicallocation of another machine. In the mail example, the MAC addresses would be theactual street addresses, such as 115 Main St. and 200 North Ave. These addressesidentify the physical locations of Joe and Tom.


8/25


Well, with the physical locations of Joe and Tom, you would assume that the PostalService would have no problem delivering the letter. But, the Postal Service is a hugeorganization attempting to deliver millions of letters every day over a wide geographicalarea. It cannot operate using only a simple source and destination address. It doesnot have a dedicated delivery service between any two addresses. It cannot:

Send a postman to Joes address to pick up the mail.

Have the postman drive to the airport and fly a plane directly to New York.

Then have that same postman drive a car directly to Toms address and deliver theletter.

The Postal Service must rely on many different people and processes to deliver thatletter. All of those people and processes must be able to act in unison and perform thesame exact steps over and over again. These steps must be followed exactly, if millionsof letters are to be delivered every day. Of course, the Postal Service must also be ableto deal with the occasional exception and still deliver all of its mail in the normalmanner.

To be able to effectively deliver the mail, it must break up the country in logical regionsthat can be used to first route the letter to the general geographical region of thecountry that Tom is in. From that point, it can deliver the letter directly to Toms

address. To accomplish this, the Postal Service has assigned specific numbers todifferent parts of the country called ZIP codes. The New York area is divided intoseveral different ZIP codes. Joe must supply the ZIP code that identifies the generalarea that Tom lives in. Using that code, the Postal Service will send the letter to a localoffice in the area Tom is in. That local office will then deliver it directly to Tom.

This ZIP code represents the Route Addressing referred to earlier. The ZIP code pointto a specific post office in the New York area. This local post office routes the letterdirectly to Toms address.

When delivering network packets from one location to a physically different location, aNetwork Number (or ZIP code) is needed to identify the general network the

destination is located on. Once the packet reaches the router that is located on thatnetwork, then the MAC address can be used to deliver the packet directly to itsdestination.

Moving Information in Packets and Frames

Network information is placed into packets, which are placed into frames to be sent onthe network medium, such as Ethernet. Joes letter to Tom can be thought of as apacket, while the envelope he addresses and places the letter in can be thought of as aframe.

The frame is created at the Data Link layer because each sequence of bits that arebroadcast on a network must have some kind of organization that all nodes subscribe

to. That way, when node A sends a series of bits containing information to node B,node B will know how to decode that information. Its like having a form where yourname goes at the top of the form, your address just below it, and so on. If you knowhow the form is supposed to be organized, you quickly know where to look for aspecific type of information. There are many types of information kept with packetheaders and frames. This module will not attempt to cover them all. For the sake of


9/25


brevity, it will give general descriptions of packet and frame data to familiarize you withthe concepts.

Frames come in the following types:

Ethernet_II - the original frame type created for Ethernet by Xerox and Digital. Thisis the frame type, most commonly used by TCP/IP in the UNIX world. It is also thedefault type used by LANtastic 5.x and higher.

Ethernet_802.3 - a variation of the ETHERNET_II type created by Novell for its IPXprotocol.

Ethernet_802.2 - a variation of the ETHERNET_II type adopted by the IEEEcommittee. Novell adopted this as its default frame type.

Ethernet_Snap - a type that falls in between ETHERNET_II and 802.2. Usedprimarily by the Apple protocol.

Token_Snap - the frame type most commonly used by Token Ring networks.

For any two machines to communicate, they must be running the same frame type. Ifone machine is broadcasting using 802.3, and another machine is broadcasting usingETHERNET_II, then they will not communicate, even if the transport protocols they areusing are the same. Both machine must be using the same, agreed upon packaging.

Each frame contains at least a source and destination address. This address is a MACaddress. In the case of Ethernet, it would be the Ethernet node address of each adapter.Every packet must close with some kind of network trailer data that contains at least aCRC (Cyclical Redundancy Check) number for calculating errors in the frame.

Each packet must start with a header that identifies what kind of data is containedwithin the packet.

1. In the OSI model with TCP/IP, the Network layer would take data from a ULP andcreate a TCP packet or UDP datagram. It would append a header, such as TCP, tothe start of the packet.

2. TCP would then pass this packet to the Data Link layer, or IP.

FRAME

PACKET

Basic Structure of a TCP/IP Network Frame

Source

Addres

Destination

Address

IP

Header

TCP

Header

Network

TrailerDATA


10/25


3. IP would create an IP datagram with this information, append an IP header to thestart of the packet (in front of the TCP header) and package that information into aframe for transmission on the network.

4. The frame would be given to the Physical layer to actually be broadcast on themedium.

When the destination machine received the packet, the process would be reversed.

5. The Physical layer would pass the frame to the Data Link, or IP layer.6. The Data Link layer would strip the frame information away to look at the first

header. Seeing that it was an IP header, IP would handle it.7. IP would look at the header(s) in the packet to determine what ULP the data is

intended for.8. Assuming it finds the TCP header, IP would pass it up to the Network, or TCP layer.9. TCP would then interpret the data in the packet and give it to the appropriate ULP.

IP Addressing

All of this data about network addressing leads right into the subject of IP addressing

because, apart from the physical (MAC) layer addressing of a frame, IP addressingspecifically identifies a host on the network. These mysterious IP address are containedwithin the IP header of each packet. This module will not dissect all of the fields in an IPheader, but be aware that the MAC address in a frame only indicates what the nextphysical hop is to send a packet. The IP address, once resolved to a physical address,tells a router what exact host to send a packet to. Essentially, when the MAC layeraddress and the IP address point to the same place, the packet is home.

Data Link

Layer

IP

Network Layer

TCP

Transport Layer

Physical

Layer

Physical

Layer

SOURCE

Data Link

Layer

IP

Network Layer

TCP

Transport Layer

DESTINATION

TCP/IP Packet Flow from Source to Destination


11/25


IP addressing is controlled and managed by the Internet Registry. This organizationmust be contacted to acquire any official block of IP addresses. An IP address iscomprised of 32 bits, divided into four, 8 bit octets. A standard IP address would be:198.17.250.244. This is known as dotted decimal notation. In binary, the same addresswould be: 11000110.00010001.11111010.11110100

NOTEThroughout this section, there will be references made to binary numbers, 1s and 0s.Do not worry if you cannot do binary math in your head. The important point is tounderstand how the addresses are divided and what the maximum values are for eachtype of address.

Addresses are divided into the Network ID and Host ID and fall into a category called aClass. Class A through Class E are available, but the world at large using only A, B andC. the Network ID indicates which Class the address belongs to while the Host IDindicates exactly which host (or machine) the address points to.

Each of the three main classes of IP addresses have these properties:

CLASS A

The first octet (8 bits) represents the Network ID.

The last three octets (24 bits) represents the Host ID.

The first bit of the first octet is set to 0, indicating a Class A address.

Since only the last seven digits of the first octet can be used for Network IDs, thisallows for 126 Class A addresses, ranging from 1 to 126. 0 and 127 are reserved.

Using the full 24 bits of the last three octets, Class A networks can define up to16,777,214 unique Host IDs.

The first octet of a Class A address will range from 1 - 127.

CLASS B

The first two octets (16 bits) represents the Network ID.

The last two octets (16 bits) represents the Host ID.

The first two bits of the first octet are 1 and 0, indicating a Class B address.

Host ID

Structure of an IP Address

Network ID

198 17 250 245


12/25


Since only the last 14 digits of the first two octets can be used for Network IDs, thisallows for 16,384 Class B addresses.

Using the full 16 bits of the last two octets, Class B networks can define up to65,534 unique Host IDs.

The first octet of a Class B address will range from 128 - 191.

CLASS C

The first three octets (24 bits) represents the Network ID.

The last octets (8 bits) represents the Host ID.

The first three bits of the first octet are 1,1 and 0, indicating a Class C address.

Since only the last 21 digits of the first three octets can be used for Network IDs,this allows for 2,097,152 Class C addresses.

Using the full 8 bits of the last octet, Class C networks can define up to 254 uniqueHost IDs.

The first octet of a Class C address will range from 192 - 223

All Class A licenses are currently in use. There are very few, if any, Class B licensesavailable and the world is gradually running out of Class C licenses. There is a planunder development to increase the standard IP address above the 32 bits currently usedto allow for more addresses. The problem with implementing this change ismaintaining compatibility with all of the hardware and software currently designedaround the 32 bit address.

Special Addressing

Within the IP addressing spectrum, there are some addresses which are reserved orhave special meaning.

A Network ID and Host ID of all zeros indicates the local host, or machine.

Example: 0.0.0.0

A Network ID of all zeros and non zero Host ID indicate a host on the samenetwork.

Example: 0.0.125.63

A Network ID of all ones and a Host ID of al ones indicates a broadcast packet.This is a packets intended for all IP hosts.

Example: 111.111.111.111

A specific Network ID (non zero) and a Host ID of all ones indicates a packetintended for every node on a specific network.

Example: 125.241.111.111 A Network ID of 127 with a Host ID of any number is a loopback address. It is

used to test connectivity to the local host from the local host. This verifies that yourlocal TCP/IP stack is loaded and functioning.

Example: 127.0.0.1

Subnetting


13/25


A subject that is always confusing to the TCP/IP novice is that of subnetting. Acommon cause of problems on a TCP/IP network is derived from the improper oruneducated use of subnetting.

Contrary to some popular mythology, subnetting is not a way to get more addressesthan your class of license allows. If you have a Class C license, you can only have 254unique Host IDs. If you subnet with the same Class C license, you still only have 254total unique Host IDs. In fact, subnetting can actually reduce the number of unique

Host IDs you have available. Subnetting does allow you to logically segment your localnetwork, thereby possibly improving performance.

Subnetting is a way to divide your existing licenses into smaller workgroups for thepurposes of routing traffic within your local organization. A common use forsubnetting is to subnet a Class B address into multiple Class C addresses for internaluse. To the outside world, your organization is still a Class B address, but internally,packets will be routed as if you had multiple Class C networks.

Subnett ing is performed by sub dividing the Host ID into two address ranges. Eachrange can be used to route traffic to a specific group. To achieve this subnetting, asubnet mask is used. The subnet mask is an special address that is overlaid on anexisting IP address to isolate the portion of the Host ID that will used for addressing.

Confused? Dont worry. This is always confusing at first.

When a packet arrives at a router on your network, whether it came from an externalhost or a host located within your organization, the router will apply a subnet mask tothe address to determine what internal host it is destined for. A subnet mask is anaddress that has all ones in the Network ID and a combination of zeros and ones in theHost ID. Each network class has a default subnet mask.

Default Subnet Masks

Network Class Subnet Mask(decimal)

Subnet Mask(binary)

Class A 255.0.0.0 11111111.00000000.00000000.00000000Class B 255.255.0.0 11111111.11111111.00000000.00000000

Class C 255.255.255.0 11111111.11111111.11111111.00000000

Lets assume a host on the internet with an address of 196.123.112.151 sends a packetto a host on your Class B network with a destination address of 192.115.121.135. Letsalso assume that your router has a default subnet mask of 255.255.0.0. When thepacket reaches your router, it will apply the default subnet mask to the destinationaddress.

First, a Network ID must be determined.

A bitwise AND is performed between the subnet mask and the source address.

196.123.112.151 11000100.01111011.01110000.10010111

255.255.000.000 11111111.11111111.00000000.00000000

--------------- -----------------------------------

196.123.000.000 11000100.01111011.00000000.00000000


14/25


This results in a source Network ID of 196.123.

A bitwise AND is then performed between the subnet mask and the destinationaddress.

192.115.121.135 11000000.01110011.01111001.10001111

255.255.000.000 11111111.11111111.00000000.00000000

--------------- -----------------------------------

192.115.000.000 11000000.01110011.00000000.00000000

This results in a Network ID of 192.115.

The two addresses are then compared to make a routing decision. If the numbers areidentical, then the source and destination are on the same subnetwork and should notneed to be routed. If they are not identical, then a decision about where to route thepacket is made based upon the subnet mask and information in the local routing table.

Using the default mask, there is no actual subnett ing being performed. Since all 16 bitsof the Host ID are zeros in the mask, any legal Host ID is allowed, up to a total of16,534.

How Subnett ing Actually Works

On an Ethernet network, by default, every node must listen for and test every packetthat is broadcast on the wire, even though that packet is not addressed to them directly.This results in higher network traffic and less available bandwidth for receiving packetsthat are destined for a specific node. That is why bridges and routers are used to breakup an Ethernet network into smaller subnetworks. These devices can filter out packetsbased upon their MAC layer addresses and send a packet out only on the physicalsegment that the destination node is located on. This results in less traffic and higheravailable bandwidth on each segment.

By default, IP addressing is handled the same way. By using IP bridges and routers, youcan segment your network and improve throughput. Ethernet bridges and routers

maintain tables of MAC addresses and their associated ports for determining where tosend a packet. IP bridges and routers maintain tables of IP addresses and theirassociated ports and routes, then use the subnet mask to determine where to send thepacket.

If your organization was comprised of several departments on different segments, youwould want to route packets specified for each department only to that specificdepartment. To do this, each department must be assigned a Subnet ID. The SubnetID is derived by masking some of the bits in the Network ID.

For example, lets use the same numbers from the previous section with one difference.Instead of a subnet mask of 255.255.0.0, we will use a subnet mask of 255.255.224.0Now, lets perform the same calculation.

A bitwise AND is performed between the subnet mask and the destination address.

192.115.121.135 11000000.01110011.01111001.10001111

255.255.224.000 11111111.11111111.11100000.00000000

--------------- -----------------------------------

192.115.096.000 11000000.01110011.01100000.00000000


15/25


This results in a Network ID of 195.115 plus a Subnet ID of 096.000.

The IP router then searches it local address tables to see which segment the Subnet ID.96 is located on. Once it determines the proper segment, it will send the packet out ofthat specific port. By default, each machine of that segment will have an IP address of192.115.96.xxx where xxx is the actual Host ID. In a real organization, the Subnet ID.96 could be assigned to the Accounting department. That way, all packets which have

that ID will only be sent to machines belonging to the Accounting department.

Externally, the address 192.115.121.135 is seen as the XYZ company. Internally,.96.135 is seen as a user in the Accounting department.

How many Subnets are allowed?

The number of subnets allowed internally depends on the number of bits that are usedin the Network ID to create a Subnet ID. The following table displays how manysubnets are possible in a Class B network based upon the number of bits used for aSubnet ID.

Class B Subnetting

Maximum Number

of Subnets

Maximum Number

of Hosts per Subnet

Subnet Mask

Required

Subnet ID

(in bits)

Host ID

(in bits)

2 16382 255.255.192.0 2 14

6 8190 255.255.224.0 3 13

14 4094 255.255.240.0 4 12

30 2046 255.255.248.0 5 11

62 1022 255.255.252.0 6 10

126 510 255.255.254.0 7 9

254 254 255.255.255.0 8 8

510 126 255.255.255.128 9 7

1022 62 255.255.255.192 10 6

2046 30 255.255.255.224 11 5

4094 14 255.255.255.240 12 4

8190 6 255.255.255.248 13 3

16382 2 255.255.255.252 14 2

Class C networks could also be subnetted, although there is less reason to do so, giventhe limit of 254 unique Host Ids.

Class C Subnetting

Maximum Number

of Subnets

Maximum Number

of Hosts per Subnet

Subnet Mask

Required

Subnet ID

(in bits)

Host ID

(in bits)

2 62 255.255.192.0 2 6

6 30 255.255.224.0 3 5

14 14 255.255.240.0 4 4

30 6 255.255.248.0 5 462 2 255.255.252.0 6 2

Since all Class A licenses are in use, and Class B licenses are nearly impossible to get,many companies have taken to using multiple Class C licenses to manage their growingnetworks. This usually means they may not subnet, but instead assign a separate ClassC license to each internal department.


16/25


Using HOSTS Files

IP addresses are viewed in decimal dot notation, such as 198.17.250.213. Knowing theIP address of another host, you can find that host anywhere on the Internet, assumingyour network is set up for that kind of connectivity. But having to memorize that

TOMs machine is really 198.17.250.213 can be trying. If you have to remember manyhosts numbers, it can be almost impossible. For example, to use a standard TCP/IPutility such as PING, you would normally enter PING 198.17.250.213 and wait for aresponse. Wouldnt i t be easier if you could just enter PING TOM and accomplish thesame thing? This is done using a TCP/IP standard lookup file called a HOSTS file.

The HOSTS file is a text file that resides on your local machine. Where exactly it residesdepends upon the implementation of TCP/IP you are running. It is usually in the \ETCdirectory on your root drive. This file uses the concept of aliases to map a characterbased name to an IP address. This way you only have to remember more familiarnames when invoking TCP/IP utilit ies, rather that a series of numbers. A sample HOSTSfile would look similar to this:

198.17.250.213 TOM tom Tom # Toms address196.254.13.216 MARY.XYZ.COM mary Mary # Marys address

127.0.0.1 LOOP, loop Loop # Loopback address

The first field is the actual IP address you wish to reference.

The second field if the name or names you wish to associate with that IP address.Note that this example uses more than one capitalization scheme. This is becausemost TCP/IP hosts are case sensitive.

The last field with a # sign represents a remark. Everything after the # sign will beignored.

The IP address is separated from the aliases by a TAB character, with each aliasseparated by a single space.

When you type in a command such as PING TOM, the TCP/IP stack will search thelocal HOSTS file for a matching name, including a matching case. If the name is found,the corresponding IP address is used. If the name is not found, exactly as you typed it,then an error will be returned to the effect that the name could not be found in thelocal table.

The advantage of this table is clear, but its benefits are limited to the entries in yourlocal table only. Other TCP/IP hosts on your network may have their own local HOSTSfiles with address entries you could use. One way to get this information is to get acopy of every users HOSTS file and combine them into a single HOSTS file that youcan use. This can be clumsy if there are many hosts on your network.

The most common problems that arise using HOSTS files are:

An entry in the file is misspelled. missing, or in the incorrect case.

The HOSTS file is not located where the TCP/IP stack expects it to be.

Default Gateways


17/25


Every IP host on a network needs three pieces of information to function:

An IP address.

A Subnet mask. A Default Gateway address.

A Default Gateway address is the address of a host on the local subnet that will be used

to get to other subnets or out to the Internet. When a host sends a packet, it will beread by every host on the same segment. If that destination is not located on the samelocal network, it may be out on the Internet. To make sure the packet doesnt simplydisappear because it cannot find the location locally, the TCP/IP standard dictates that itmust have an IP address to send such a packet to, rather than sending it nowhere. Thegateway will then attempt to locate the destination host, if possible. If it cant, amessage will be returned to the source indicating this.

A Default Gateway address is required for all TCP/IP hosts, even if one does not exist.

Domain Name Servers (DNS)

Internet addresses such as artisoft.com are known as domain names. To provideresolution of host names to IP addresses, a hierarchical naming system, known as theDomain Name System, was created on the Internet. It acts in the same fashion as aHOSTS file, but is not local to your machine. This network of DNS servers stretchesthroughout the Internet and acts to match a name such as artisoft.com, with an IPaddress, which is what is needed to actually contact the host.

The DNS root is divides into the following primary categories:

EDU EducationalCOM ComercialMIL U.S. MilitaryGOV Other U.S. GovernmentORG Non-profit organizationsCON Represents specific countries by a two letter country codeNET NICs and NOCs

The COM in artisoft.com is the root domain for that name. Artisoft is a commercialorganization. Fully Qualified Domain Names (FQDN) are names that start at the rootof the DNS hierarchy. A relative name is one that does not. It is possible for anorganization to assign sub domains to their existing domains. The Sales department atArtisoft could be called sales.artisoft.com. Joe in the sales department at Artisoft couldbe called joe.sales.artisoft.com. If the domain of Artisoft is artisoft.com, then Sales is asub domain of artisoft.com and Joe is a zone with the sub domain. The FQDN to

contact Joe at Artisoft would bejoe.sales.artisoft.com. Another example would besending e-mail to Joe. Typically, you would send it to [email protected].

Did you ever wonder what happens when you type www.artisoft.com in a programsuch as NetScape? How does it know what IP address to look up? Does it use a localHOSTS file? The answer is no. A HOSTS file only exists if you create it. It uses a DNS(Domain Name Server) to resolve the host name to an IP address.


18/25


First, the ISP (Internet Service Provider) you are using would check its local DNSserver. DNS servers contain databases that relate host names to IP addresses,similar to a HOSTS file.

If the name artisoft.com is not in its local table, the DNS server would send out aspecial DNS query packet asking other DNS servers on the Internet if they knowwhich IP address points to artisoft.com. If one of them responds, then the localserver of your ISP will then use that address to contact artisoft.com directly.

If no DNS server responds, then an error is returned to the effect that an entry foryour host could not be found on a DNS server. The main reasons you might getthis error are:

No entry exists on any DNS server for your host name.The Internet is very busy and the DNS server sending the query packet timedout before it could receive a response.

Dynamic Host Configuration Protocol (DHCP )

Every host on a TCP/IP network must have a unique IP address. If a business has aClass C license, then they have 254 such addresses available. These addresses can be

assigned in one of two ways:

Every host can be configured with an IP address that is permanently assigned to them.In essence, each host has an IP address hard coded to them in a similar fashion to theway an Ethernet address is hard coded on an adapter. Normally, this is defined in anenvironment where there are plenty of IP addresses available. But, what if you had only100 addresses available and 150 people that needed to use them? This problem issolved by setting up a server on your network that assigns IP addresses to each host asthey need them.

The Dynamic Host Configuration Protocol specification allows a server to have a staticlist of IP addresses in its local table. Each host would then be configured to query allDHCP servers for an address when it first comes on line. The client could have aparameter that points to the DHCP servers IP address. By default, each TCP/IP hostneed an IP address, subnet mask, and default gateway address to operate. All of thisinformation can be supplied to a client by a DHCP server. When the DHCP clientcomes on line:

It sends a DHCP discover packet out on the network.

All DHCP servers (there may be more than one) that receive the packet willrespond with an offer packet indicating that a server can fulfill the request.

The DHCP client enters a selection state where it chooses which offer to accept.

When the client decides which offer to accept, it sends a packet to that specificserver.

The DHCP server selected will send a packet to the client containing the actual IP

addressing information it can use. The client then enters a bound state where it can now use the information received

from the server.

IP addresses are not permanently assigned from a DHCP server, they are leased. Whenthe client accepts the servers address, it caches the information locally for a specifiedlength of time, set up by the network administrator. The lease period can vary


19/25


depending on how DHCP is configured. When the lease time is up, the client mustagain bid for a new address. There is no guarantee that it will receive the same addresseach time.

Each DHCP server contains a static table of addresses for DHCP clients. This tablemust be created manually at the server. This table is usually a range of addresses, suchas 198.17.250.5 to 198.17.250.20. This example would allow a server to lease out alladdresses from 198.17.250.5 to 198.17.250.20, inclusive. A total of 15 IP addresses in

all. This is known as the DHCP scope.

The main types of information a DHCP server can make available to a client is:

IP address.

Subnet mask.

Default Gateway address. DNS server address.

WINS server address.

NetBIOS scope.

NetBIOS node type.

Using the previous example of 100 available addresses and 150 users needing them, aDHCP server would help if it was known that there will never be more than 100 userson the network at any one time. This would allow a DHCP server to dynamicallyallocate addresses as users enter and leave the network. If it were known that 120users would always be on the network, DHCP could not be of much help. The onlysolution would be to acquire more IP addresses. One possible problem with DHCPallocation is that some applications, Lotus Notes for example, require a permanentlyassigned address. These types of applications may not function in a DHCPenvironment.

In a very large corporate network, it is normal to have multiple DHCP servers availableto distribute the configuration load. A single server containing several hundred IPaddresses could get very bogged down each morning when several hundred clients

come on line. If several servers contain a smaller number of addresses, then all DHCPclients will get a faster response.

BootP

BootP is a specification originally designed for remote booting diskless workstations in aTCP/IP environment. Typically, the client has a ROM chip in their adapter that has thebootstrap code need to initialize a connection when the client is first powered up. Itfunctions in a fashion similar to most other remote booting protocols.

When a BootP client powers up, it sends out a Boot request packet. The request is

broadcast to all segments on the network, even onto the Internet, if attached. A TCP/IPhost must be configured as a BootP server to respond. It would be similar to a DHCPserver in that it would contain static IP addresses and other startup information neededby the client. When a BootP server receives a Boot request packet, it will respond witha Boot reply packet containing the needed information.


20/25


Although originally designed for remote booting from a diskless workstation, BootP hasbeen adapted to work with or without a boot ROM present. This means it can functionas a DHCP client would, allowing clients to have their TCP/IP startup informationdynamically assigned for the BootP server. The BootP server can be on the local subnetor several hops away across multiple routers.

NetBIOS Name Resolution and WINS

WINS is a extension of the NetBIOS name resolution specification created byMicrosoft. It requires a Windows NT server.

NetBIOS Names and the LMHOSTS File

It has been covered many times in this module that local HOSTS names and domainnames need to be resolved to IP addresses. These situations are addressed by HOSTSfiles and DNS servers. But, in the world of M icrosoft networking, the dominant ULP(Upper Layer Protocol) is NetBEUI, a extended version of the IBM NetBIOS standard.NetBIOS is a Session layer protocol that communicates with the Network layer, or TCP.

NetBIOS names are also known as dynamic computer names. There are used in everytransaction between NetBIOS machines. An example with the LANtastic networkwould be the name used on the REDIR command line. The machine name is aNetBIOS name. When two nodes establish a NetBIOS session, they use these namesto communicate at the Session layer. When an application makes a NetBIOS API callusing a NetBIOS name, there must be some mechanism in place to resolve a NetBIOSname to an IP address. This is something a traditional DNS server cannot do. Microsoftoffers two ways to resolve these names, LMHOSTS files and WINS servers.

LMHOSTS

One way to resolve NetBIOS names is using a local fi le called an LMHOSTS file. This isa local text file that works exactly as a HOSTS file does, but for NetBIOS names. Thefile is structured differently. It looks similar to this:

198.17.250.123 TOM #DOM:Accounting # the Accounting domain server

There are additional commands available in the LMHOSTS file. They will not becovered in any detail here, but be aware that the LMHO STS file is different from aHOSTS file. When the IP layer needs to match an IP address to a NetBIOS name, itwould check this local file for a match. If a match is found, the IP address is used in theIP datagram. If a match was not found, rather than return an error, the local host willissue a broadcast to all other IP hosts requesting them to check their local LMHOSTSfiles for an address resolution.

WINS (Windows Internet Naming Service)

A WINS server provides the same function, only it can be configured dynamically orstatically. LMHOSTS files can only be built manually (statically). A client configured touse a WINS server will register its name with the WINS server when it comes on line.This ensures that the table in the WINS server is current. As NetBIOS names are used


21/25


by clients, the WINS server will map IP addresses to each name and supply them asneeded by any host on the network that supports WINS.

Since WINS is a Microsoft specification, only Microsoft network clients and servers canbe configured to use this service directly. Not every TCP/IP client running NetBIOS canbe configured to use a WINS server. Microsoft offers a solution for this problem byallowing the configuration of a WINS Proxy agent. This would be a Windows NTworkstation or server configured to provide indirect access to a WINS servers

database. It would attempt to intercept all NetBIOS broadcasts and resolve the nameto an IP address using its access to a WINS database.

As with DHCP servers, it may be advantageous to have more than one WINS server onlarge network to prevent a single server from being bogged down with requests.

PPP and SLIP

Connecting LANs into WANs was originally supported by using analog and digitalleased lines. Two protocols were created for providing access over serial lines withTCP/IP, PPP and SLIP.

SLIP (Serial Line Internet Protocol)

SLIP defines a simple protocol for framing IP datagrams for transmission over seriallines, such as a modem. It is a non standard protocol that has, theoretically, no packetsize limit. This was the standard originally used for dial up connections into a TCP/IPnetwork. Due to its non standard nature, when using SLIP from a client, you must besure that the SLIP server also has the same implementation.

PPP (Point to Point Protocol)

PPP is a newer protocol that works over synchronous or asynchronous serialconnections. It is an Internet standard that provides more reliable dial up connectivitythan SLIP. As a well defined standard, most dial up programs today, such as the dial upnetworking used in Windows 95 and Windows NT, support PPP.

NetBIOS Encapsulation

We have already established that Microsoft networking uses the NetBIOS standard forcommunication. That is why the TCP/IP stack that ships with Windows 95 andWindows NT supports NetBIOS services as defined in RFC 1001 and 1002. LANtastichas always used the NetBIOS standard. With the inclusion of the NTS TCP/IP stack in

LANtastic 7.0, LANtastic can now use TCP/IP as its transport layer using EncapsulatedNetBIOS.

Encapsulated NetBIOS refers to the addit ion of another header in the IP datagram. Thisheader defines the NetBIOS information needed for a destination host running NetBIOSto identify that the packet contains NetBIOS information.


22/25


The NetBIOS header contains the source and destination NetBIOS names as well asother NetBIOS information. The NetBIOS data is not transmitted in a TCP packet, but a

UDP datagram.

NOTETwo machines using TCP/IP with Encapsulated NetBIOS must still be running the sameULP if they are going to communicate. For example, a LANtastic 7.0 machine runningTCP/IP and Encapsulated NetBIOS could not communicate with a Windows 95 runningTCP/IP and Encapsulated NetBIOS because they each have different Upper LayerProtocols. LANtastic uses its REDIR for client services and Microsoft uses their ownVREDIR.

WinSock (Windows Sockets)

WinSock is a very popular buzzword in the TCP/IP and internet community. It is astandard set of programmers APIs that allows a Windows based application tocommunicate with a TCP/IP protocol stack also written to be WinSock compliant. Thisallows applications developers to write programs to the WinSock standard withoutworrying about whose protocol stack you might be running it on. For example,NetScapes Navigator will run on TCP/IP stacks from Trumpet, Wollongong, FTP, ETC.It does not care as along as they are written to the same standard.

WinSock is based upon the BSD Sockets standard. It is a Windows specificationproviding services only to Windows based applications. A vendors TCP/IP stack mustbe able to run and communicate with Microsoft Windows. WinSock integrates with the

message driven environments of Windows, Windows 95 and Windows NT.

WinSock services are provided by a WINSOCK.DLL that runs in the Windows protectedmode system. The current WinSock standard is version 1.1, but 2.0 is close on thehorizon. Each TCP/IP vendor will supply their own version of a version 1.1 compliantWINSOCK.DLL, but they may add their own custom extensions to it. This can result incompatibility problems if a certain application is written to not only look for a 1.1version of WinSock, but also certain extensions to that specification. An example of

FRAME

PACKET

TCP/IP Network Frame with Encapsulated NetBIOS

Source

Addres

Destination

Address

IP

Header

UDP

Header

Network

TrailerDATA

NetBIOS

Header


23/25


this would be the Internet Explorer that ships with Windows 95. It utilizes extensions tothe 1.1 specification added by Microsoft. Therefore, it may not work with somevendors implementations of WinSock.

Address Resolution (ARP/RARP)

The subject of resolving IP addresses to host names, domain names, and NetBIOSnames has been covered in this module. But, there is one final type of addressresolution that must occur for a packet to reach its destination. IP address to MACaddress resolution. Once the packet has crossed all of the necessary routers andbridges to finally reach the device that is attached to the proper network, it must beable to get to the exact machine whose Ethernet address points to the destination IPaddress.

IP addresses are 32 bits in length. All Ethernet addresses are 48 bits in length. It is notpossible to get 48 bits out of 32. When the Network layer on a source machine isgiven a packet whose IP address is specified, but its Ethernet address is not, it musthave a mechanism for discovering which IP address maps to that Ethernet address.

ARP (Address Resolution Protocol)

To resolve a known IP address to an unknown Ethernet address, a host will broadcastan ARP packet on the network, requesting that someone return a valid Ethernet addressto the next hop, or the destination host itself. Usually, the destination host will respondwith the correct Ethernet address, but depending on how many routers (hops) arebetween the source and destination, it may get a response back from an intermediaterouter. Once it has this address, the source machine will keep it in its local ARP cache,which is located in memory. The next time the local machine receives a packet with thesame IP address, it will have the correct Ethernet address already in memory.

The local ARP cache has a time limit on how long it can go before the data is flushedfrom the cache. This prevents the cache from growing too large.

RARP (Reverse Address Resolution Protocol)

Now, wouldnt it seem logical that if the Network layer could receive a packet thatcontains the IP address, but not the Ethernet address, it could also receive a packet thatcontains an Ethernet address, but no IP address? The answer is yes. When thissituation happens, the local host will broadcast out a RARP packet to resolve theEthernet address to an IP address. It functions in the same way as an ARP packet andthe data is cached locally for future use.

You might wonder how a host could not know its own local hardware and IP address.The primary case where this situation arises is with diskless workstations. They mayknow their local Ethernet address from the adapter, but not know of an IP address thatwas assigned by a server. A packet being sent from such a machine may contain only ahardware address.


24/25


NOTEARP and RARP are not restricted to resolving Ethernet addresses. These protocol arebasically hardware independent, so they can be used to resolve other hardware MACaddress types such as Arcnet, AppleTalk, Token Ring, ETC.

Summary

This module is designed to introduce the novice, but not inexperienced user to basicTCP/IP concepts and terms they are likely to encounter when using LANtastic 7.0 withthe TCP/IP protocol stack. Because the subject is so broad, this module can only covera few key concepts, and only in slim detail. A lot of information has been left out forthe sake of brevity. When this module is completed, the reader should have a basicunderstanding of how TCP/IP works, and be familiar with the most common conceptsand terms involved with the protocol.

In a TCP/IP network, a host is defined as any machine running the TCP/IP protocol.

IP stands for Internet Protocol - a connectionless datagram service designed todeliver packets from point A to point B, but with no guarantee of their arrival or

acknowledgment of their delivery. IP operates at the Network layer of the OSImodel.

TCPstands for Transmission Control Protocol - a connections oriented protocolthat is used to guarantee the delivery of packets from one IP host to another, andtheir delivery to proper Upper Layer Protocol in the correct sequence. TCPoperates at the Transport layer of the OSI model.

UDP stands for User Datagram Protocol - a connectionless datagram created at theTransport layer.

For any machine on a network to locate any other machine on a network, thesource machine needs:

A source address.A destination address.Route addressing.

Data is formed into packets by the Network layer protocols, then enclosed inframes by the Data Link layer protocols for transmission over the network.

IP address are 32 bit numbers divided into four 8 bit fields (octets). They areusually shown in decimal dot notation. For example: 198.17.250.123.

The IP address is divided into a Network ID and a Host ID.

There are three main classes of IP addresses:

Class A uses the first octet as a Network ID and the last three octets as a HostID. It is limited to 16,777,214 unique hosts.Class B uses the first two octets as a Network ID and the last two octets as a

Host ID. It is limited to 65,534 unique hosts.Class C uses the first three octets as a Network ID and the last octet as a HostID. It is limited to 254 unique hosts.

Subnetting is used to divide an existing address range into logical sub networks forrouting purposes within an organization. It cannot be used to create more IPaddresses than you have a license for. Subnetting is accomplished by applying a


25/25


subnet mask to the destination IP address of a packet. This extracts the localSubnet ID, which can be used for internal routing.

A HOSTS file is a local text file that is used to map standard names to IP addresses.It must be manually created and edited.

The Default Gateway is a machine on your network that can route packets whoseaddresses cannot be found on the local network. The address of the defaultgateway is required for every client.

DNS (Domain Name Servers) are machines that resolve domain names, such as

artisoft.com, to an IP address. DHCP (Dynamic Host Configuration Protocol) is a specification that allows a

DHCP client to receive an IP address and other protocol information from a DHCPserver at boot t ime, rather than having this information hard coded andpermanently assigned.

BootP is a protocol similar to DHCP used for assigning IP addressing informationdynamically from a server. Though the function was created primarily for remotebooting workstations, it can be used in a standard TCP/IP network.

NetBIOS name resolution is accomplished using local LMHOSTS files, or a WINS(Windows Internet Naming Service) server. These are Microsoft standards used tomap NetBIOS names to IP addresses.

PPP (Point to Point Protocol) and SLIP (Serial Line Protocol) are protocolsdeveloped for dial up connections from remote clients using TCP/IP. SLIP is theolder protocol and is gradually being replaced by PPP.

NetBIOS Encapsulation is a technique used to place NetBIOS information into astandard IP datagram. This allows networks that support NetBIOS to use TCP/IP astheir transport protocol.

WinSock (Windows Sockets) is a set of Microsoft Windows programming APIs thatallow applications, such as NetScape, to run with any Windows TCP/IP transport,such as Trumpet WinSock, as long as both vendors support the same WinSock APIcalls. The current standard is version 1.1.

ARP (Address Resolution Protocol) is used to resolve IP addresses to MAC layeraddresses.

RARP (Reverse Address Resolution Protocol) is used to resolve MAC layeraddresses to IP addresses.

END OF TRAINING M ODULE

basic concepts of tcp/ip training module from artisoft 5/24/1996

Documents