TCP/IP Quick Reference

What is TCP/IP
Mapping Names to Numbers
- The services file
- Host names: DNS and the hosts file
Glossary
References
Feedback

What is TCP/IP

TCP/IP was developed during the late 1960s and early 1970s sponsored by the Advanced Research Project Agency (ARPA) of the american Department of Defense (DoD). The goal was to develop a family of network protocols reliable enough to allow communication even if some network nodes are no longer working. Although the accurate name for this family of protocols is "DARPA Internet protocol suite" (ARPA was later renamed to DARPA, the "D" standing for "Defense"), it is commonly just referenced as "TCP/IP". The protocol started to be used as 'The Internet' protocol when an implementation of TCP/IP was included with BSD Unix 1982. The complete documentation for TCP/IP and related issues is available as so called Requests For Comments (RFCs).

TCP/IP consists of the following Layers:

The lowest layer in this diagram is the Hardware Layer. This layer consists of the physical hardware (cables and network adapters) being used to form the network.
The second layer in the is the Network Layer. The Network Interfaces with the Local Network Protocol is located in this layer which is dependent on the network hardware being used. Some common Local Network Protocols protocols are DIX (this standard was created by Digital, Intel and Xerox) for Ethernet, SLIP (Serial Line Internet Protocol) or PPP (Point to Point Protocol) for serial lines.
The third layer is the Gateway Layer. It mainly consists of IP (Internet Protocol) and (depending on the network interface) of some auxiliary protocols to map addresses between the network interface and IP. IP provides a universal internet address called IP Address to the layers above. This IP Address is a 32bit number which is unique for each network interface in the internet. Internet addresses are normally written in 4 x 8bit decimals seperated by 3 dots like i.e. 130.96.15.38. The IP manages all necessary routing so higher layers need not care about how a certain package reaches its destination.
The forth layer is the Host Layer. UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) are two alternative protocol that build this layer of TCP/IP and are directly used by user-written applications. Both protocols add a second address to each network connection, so that multiple connections between the same machines are possible. This second address is a 16bit number known as the port number. TCP provides a connection oriented, reliable, full-duplex stream protocol where as UDP is still connectionless, unreliable but keeps the size of the packets (datagram protocol). As the most commonly used protocols are TCP on top of IP, the network protocol suite got its nickname TCP/IP.
The last layer is the Application Layer which is formed by the various applications which make use of TCP/IP. Some examples for this layer are FTP (File Transfer Protocol), TELNET and NFS (Network File System).

The communication between different applications takes place using sockets. A socket is an end point of a network connection used to communicate over the network. To get an unambiguous relation between the network traffic and the applications, each socket in the network must be different in either local IP address, remote IP address, local port number or remote port number. Unconnected sockets don't have a remote IP address and remote port number, so they must differ in either the local IP address or local port number.

Mapping Names to Numbers

One problem of the TCP/IP protocol is that if a host changes its IP address or if a service changes its port number, all references have to be changed all over the network. For this reason, host and service are normally not directly referenced by the IP address and port number, but by a host name and service name which are mapped to the corresponding IP address and port number.

The services file

The service names are mapped to the corresponding port numbers using the services file. This services file is found at /etc/services under Unix. On other platforms, the location of this file is dependent on the software being used and sometimes even on the software setup. This file has the following syntax:

service_name     port_number/protocol  aliases  # comments

An example services may look like this:

tcpmux             1/tcp                # TCP Port Service Multiplexer
discard		   9/tcp  sink null	# Discard
discard		   9/udp  sink null	#
ftp-data	  20/tcp		# File Transfer Protocol (Data)
ftp		  21/tcp		# File Transfer Protocol (Control)
telnet		  23/tcp  		# Virtual Terminal Protocol
smtp		  25/tcp		# Simple Mail Transfer Protocol
shr1		5010/tcp		# SAS/Share server 1
shr2		5011/tcp		# SAS/Share server 2
shr3		5012/tcp		# SAS/Share server 3
shr4		5013/tcp		# SAS/Share server 4

One note for choosing port numbers: On Unix and most other platforms there are certain restrictions for the port numbers. Port numbers 1-1023 are normally reserved for privilegded processes. These ports cannot be assigned to a local end of an TCP/IP connection by a normal process. Port numbers 1024-4999 are used as so called ephemeral port numbers. These port numbers are assigned automatically by TCP and UDP if no specific port number was requested. Therefore, any normal user service should be mapped to port numbers greater or equal than 5000.
Sometimes, this services file can also be distributed or referenced using the Network Information Service (NIS).

Host names: DNS and the hosts file

Another mapping exists between host names and IP addresses. This mapping can either be done using a host file or using the Domain Name System (DNS). The hosts file is mainly used in smaller networks that can easily be administered. The hosts file can be found in /etc/hosts under Unix. On other platforms, the location of this file is dependent on the software being used and sometimes even on the software setup. This file has the following syntax:

ipaddress	hostname aliases # comments

An example hosts may look like this:

# This is a sample hosts file
127.0.0.1      localhost                   # Local loopback
192.168.99.13  jupiter.scram.de jupiter

A hosts file can also be distributed or referenced using the Network Information Service (NIS).
As an alternatice to the hosts file, a DNS lookup may be done. In Unix, the DNS is set up using the /etc/resolv.conf file. On other platforms, the setup is again dependent on the software and setup. Normally, up to 3 DNS servers can be specified in this configuration file. An example may look like this:

domain scram.de
nameserver 194.162.91.71
nameserver 194.162.162.194

Glossary

ARP: Address Resolution Protocol. Used to map IP addresses to network specific addresses like i.e. Ethernet addresses. Defined for Ethernet in RFC826.
DNS: Domain Name System. This is an application used to map host names to their IP addresses. Defined in RFC1034 and RFC1035.
FTP: File Transfer Protocol. This is a protocol being used to transfer files over the network using TCP/IP. Defined in RFC959.
ICMP: Internet Control Message Protocol. Used internally by IP. All ICMP messages are handled by the TCP/IP software internally. Used i.e. by PING. Defined in RFC792.
ICMPv6: Internet Control Message Protocol for IPv6. Defined in RFC1885.
IMAP4: Interactive Mail Access Protocol - Version 4. Allows access to remote email and news storage. Defined in RFC1730. There are multiple models supported as explained in RFC1733
IP: Internet Protocol. Non-reliable, connectionless protocol with basic internetworking features as routing and fragmentation. Defined in RFC791.
IPv6: Internet Protocol Version 6. Proposed Standard to replace IP. Defined in RFC1883.
IPL: Initial Program Load. The boot process.
MIME: Multipurpose Internet Mail Extensions. Defined in RFC2045, RFC2046, RFC2047, RFC2048 and RFC2049.
NAT: Network Address Translation (RFC1631)
NIS (also YP): Network Information Service. A protocol defined by sun to allow a central store of system files like /etc/hosts, /etc/services, /etc/passwd, etc.
NFS: Network File System. Application that allows sharing filesystems over a TCP/IP network. Latest version defined in RFC1813.
OSPF: "Open Shortest Path First". Advanced Routing algorithm and distribution protocol. Defined in RFC2178.
PING: Packet InterNet Groper. This program directly accesses the IP layer for sending ICMP ECHO_REQUEST messages to a remote machine to verify the machine is reachable in the net.
POP3: Post Office Protocol - Version 3. Protocol to access email on a remote machine. Defined in RFC1939.
PPP: Point to Point Protocol. Advanced Network Interface protocol used for serial connections between LANs. Defined in RFC1661.
RADIUS: Remote Authentication Dial In User Service. Usually used for dial-in authentification and accounting. Defined in RFC2138 and RFC2139.
RARP: Reverse Address Resolution Protocol. Used to map a network specific address into an IP address. I.e. discless workstations and X-Terminals may use this to get their IP address during IPL. Defined for Ethernet in RFC903.
RIP: Routing Information Protocol. Dynamic routing protocol. Defined in RFC1058
SLIP: Serial Line Internet Protocol. Network Interface Protocol used for serial connections between LANs. Defined in RFC1055.
TCP: Transmission Control Protocol. Connection oriented, reliable, full duplex, stream protocol on top of IP. Most commonly used. Defined in RFC793.
UDP: User Datagram Protocol. Connectionless, unreliable datagram protocol. Used by services that use their own optimized flow control like i.e. NFS. Defined in RFC768.

References

Andrew S. Tanenbaum "Computer Networks"
W. Richard Stevens, "Unix Network Programming"
Various Request For Comments (RFCs)

Feedback

Please send your comments on this page to Jochen Friedrich (jochen@scram.de).

Jochen Friedrich jochen@scram.de

Last Modified and Validated: Sun Jan 18 1998.