TCP/IP Basic

Shyamalendu Kandar
internet vs Internet
internet (small ‘i’):
 Connecting many computer
network together.
 use of gateways that provide a
common method of routing
information packets between
the networks.
 is a logical network, which is
built out of a collection of
physical networks.
Internet:
 global internetwork to which a large percentage of networks
are now connected.
 is one of internets, and is the largest one.
 In some of the first printed mentions of the Internet, like
many other US government projects of the period, it was
referred to in all caps as INTERNET.
----Some guides specify -----capitalized as a noun but not
capitalized as an adjective, e.g., "internet resources"
TCP/IP basic
• designed in 1970s by 2 DARPA scientists—Vint Cerf and Bob Kahn
basic communication protocol of the
Internet.
higher layer, Transmission Control Protocol.
 manages the assembling of a message or file
into smaller packets that are transmitted over
the Internet and received by a TCP layer that
reassembles the packets into the original
message.
The lower layer, Internet Protocol.
It handles the address part of each packet so
Cerf (left) and Kahn being awarded the Presidential Medal Of Freedom
that it gets to the right destination. by Former President Bush in 2005

Each gateway computer checks this address

to see where to forward the message.
• uses the client/server model of communication.--- A computer user (a
client) requests and is provided a service (such as sending a Web page) by
another computer (a server) in the network.
• communication is primarily point-to-point, meaning each communication
is from one point (or host computer) in the network to another point or
host computer.
• Stateful protocol-- both systems maintain information about the session
itself during its life.
• Connection orriented– need to establish an end-to-end connection before
any data is sent.
• sometimes called a "reliable" network service, because it guarantees that
data will arrive in the proper sequence.
Layers in TCP/IP
• TCP/IP developed before
OSI
• Instead TCP/IP consists of 4
layers.
• Data link and Physical
merged
• Network access--Deals with hardware level, voltage etc.
• covers media access and control(MAC) strategies i.e who can send data
and when. Deals with frame format.
• Internet layer: Concerned with the format of datagram. Forwarding
datagram from source to destination via one or more routers.
• Transport layer: ensures reliable communication between sender and
receiver, error free communication, in-sequence communication
• Application: Runs various applications.
Protocol in different layers
General TCP/IP Packet format
Addressing
• like the postal address on envelope
4 types of computer address:

Address Type Purpose

Physical Used in network access layer
Logical Used in network layer
Port Used in transport layer
Specific Used by application layer
Physical address:
 hardware-level address
 MAC address (burned into the ROM of the NIC card )
 used by the Ethernet interface
 Every device must have a unique physical address. 
 used to communicate on the network
 hardware manufacturer obtains a block of physical address numbers from the IEEE
(When a manufacturer has exhausted all MAC addresses available under their first
three bits, then they apply to the IEEE for another manufacturer address.)
 Size vary across technology.
 Eathernet use 48 bit.
mm:mm:mm:cc:cc:cc
OUI: Organizationally unique identifier
How to get physical address
Windows 7, 8, 8.1, and 10

 Start button Control Panel.

View network status and
tasks Change adapter
settingsselect Status Details

Or

Start  run cmd ipconfig/all

Physical address:
Is MAC address unique?

“Devices are Uniquely Identified by Their MAC Addresses”

------incorrect.
Vendor may put same MAC for two devices by mistake or
intentionally.
By MAC Spoofing it can be changed. There are tools which can make
an operating system believe that the NIC has the MAC address of a
user's choosing. 
If manufacturer assigns same MAC to two devices and ships those in
different parts of the world.
Very little chance network cards with the same MAC Address will end
up on the same network.
Reason: Physical address has authority within LAN or WAN.
Format of MAC
MM:MM:MM:SS:SS:SS
Serial no of NIC

Manufacturer

1 2 3 4 5 6

7 6 5 4 3 2 1 0

0: Unicast
1: Multicast
0: Unique globally
1: Locally administered
Logical Address
• first deployed in 1983 in the ARPANET.
• universal address , known as IP address
• independent of the underlying network infrastructure.
• 32 bit address (four decimal numbers separated by period ‘.’ characters for IPV4)
• a network-layer address that is interpreted by a protocol handler.
• assigned to it for the purpose of routing between networks.

When a packet sent from a sender for a receiver,

it goes through one or more routers.
IP never change. But source and destination physical
Address keep changing at each step..
Logical Address
Private IP: For local network, Not
recognized for Internet, Assigned
by LAN administrator
Public IP : for Internet, assigned by service provider
(For home network every device has private IP, where as router
has public IP )
Static IP: Fixed, created manually. Needs for devices having
constant access.
Dynamic IP: Changes.
assigned, as needed, by Dynamic Host Configuration
Protocol (DHCP) servers.
STATIC IP
Advantages Disadvantages
Better DNS support: much easier to set up more hackable: hackers know exactly
and manage with DNS servers where your server is on the Internet. That
makes it easier for them to attack it.
Server hosting: web server, email server, or Higher cost: ISPs generally charge more for
any other kind of server, having a static IP static IP addresses.
address makes it easier for customers to Real-world security concerns: Anyone with
find you via DNS. the right network tools can find where you
Convenient remote access: easier to work and your computers are located.
remotely using a Virtual Private Network
(VPN) or other remote access programs.

More reliable communication: easier to

use Voice over Internet Protocol (VoIP) for
teleconferencing or other voice and video
communications.
More reliable geo-location services: easier
to get services can match the IP address
with its physical location. Weather forecast
 Port address
• ensures packets reach to right application. is an endpoint of communication
• logical address of each application or process that uses a network or the Internet to
communicate.
• Router job is to send the packet to the receiver. Port address uniquely identifies an
network application on the receiving computer.
• Each application run with a port no.(logically) on the computer.
• Each application/program is allocated a 16-bit integer port number. This number is
assigned automatically by the OS, manually by the user or is set as a default for some
popular applications.
• logical construct that identifies a specific process or a type of network service.
• Transmission Control Protocol and the User Datagram Protocol, a port number is 16-
bit unsigned numbers that is put in the header appended to a message unit.
 Port address
• Port numbers work in collaboration with networking protocols.
-----incoming message/packet, IP address is used to identify the
destination computer/node, whereas the port number further
specifies the destination application/program in that computer.
• Similarly, all outgoing network packets contain application port
numbers in the packet header to enable the receiver to
distinguish the specific application.
• mainly used in TCP and UDP based networks, with an available
range of 65,535 for assigning port numbers.
Specific Address
• Application specific
• user-friendly addresses designed for that specific application.
• email address, web address
• Conversion required (from human to machine and vice versa)
 Three networks.

A real scenario… Governed by eathernet, X.25, Token ring protocol

Connected by router R1 and R2.
If network1 wants to send message to network3 ?
End user and other people dealing with their own network.

Single large n/w of Free to choose the H/W and n/w

computers technology that suit their
requirements

How to identify a computer in the n/w?

• MAC is there why IP is required?

• IP is there why MAC is required?

 IP datagram
Version: Current version. Now 4 In future 6
Header Length:
size of the header
length of the header is variable (between 20
and 60 bytes).
default length is 20 bytes, and the value of
this field is 5 (5 x 4 = 20).
When the option field is at its maximum
size, the value of this field is 15 (15 x 4 = 60).

Service type:
 allow different types of IP datagrams (for example, datagrams particularly requiring low delay, high
throughput, or reliability) to be distinguished from each other.
[it might be useful to distinguish real-time datagrams such as those used by an IP telephony application)
 is a policy issue determined by the router’s administrator.
first 3 bits are called precedence bits. The next 4 bits are called type of service (TOS)
bits and the last bit is not used.
 is now used by Differentiated Services and is called the Diff Serv Code Point (DSCP).
Precedence:
 used for QOS (Quality of Service) Purposes.
 defines the priority of the datagram in issues such as congestion
 some data has higher importance than other.
 Higher priority data should be processed first because it could contain packets which are
important to run network communication such as routing protocols data.
• Precedence value, higher has more priority
• 000 (0) - Routine
• 001 (1) - Priority
• 010 (2) - Immediate
• 011 (3) - Flash
• 100 (4) - Flash Override
• 101 (5) - Critical
• 110 (6) - Internetwork Control
• 111 (7) - Network Control

 If a router is congested and needs to discard some datagrams, those datagrams with
lowest precedence are discarded first
Type of service:
Bits 0-2: Precedence.
Bit 3: Delay (0 = Normal Delay, 1 = Low Delay)
Bit 4: Throughput (0 = Normal Throughput, 1 = High Throughput)
Bit 5: Reliability (0 = Normal Reliability, 1 = High Reliability)
Bits 6: Reserved
Bit 7 : Not used
IP Datagram
Total length:
 denotes total length of the IP datagram.
 theoretical maximum size of the IP datagram is 65,535 bytes.
 However, datagrams are rarely larger than 1,500 bytes.

if that packet goes into an interface that has a less than 1500 byte MTU? 

Identification:
 incremented by 1 each time a datagram is sent.
 Used in a situation when datagram is fragmented
 assigned to manage fragmentation and reassembly.
• Uniquely identifies the datagram.
• All fragments of a datagram contain the same identification value.
• allows the destination host to determine which fragment belongs to which datagram.

[Datagram passes through different n/w s. May need to be fragmented to sub-datagram to match the
physical frame size of the underlying n/w]
Flag:
 has three bits: one unused bit (always 0), one “don’t fragment”(DF) bit, and one
“more fragment”(MF) bit.
 DF bit is 1, it forces the router not to fragment the packet.
 DF bit is 1---packet length > maximum transmission unit (MTU) -- the router will
have to discard the packet and send an error message to the source host.
 If there are more, the MF bit is set to 1; otherwise it is set to 0.
 whether the datagram is the last fragment, or there are more fragments.
Fragmentation offset:
 datagram is fragmented,
 it is necessary to reassemble the
fragments in the correct order.
 The fragment offset numbers the
fragments in such a way that they can be
reassembled correctly.
 fragment offset field is measured in units
of eight-byte blocks. 
 allows a maximum offset of (213 – 1) × 8 =
65,528 bytes, which would exceed the
maximum IP packet length of 65,535
bytes with the header length included
(65,528 + 20 = 65,548 bytes). [Seems
odd? If header is 60? ]

Actually this will be

1480/8=185, next will be 370…
Packet fragmentation
Fragmentation
 To fragment a long internet packet, a router creates a new IP packet 
 copies the contents of the IP header fields from the long packet into the new IP
header.
 The data of the long packet is divided into two portions on a 8 byte (64 bit)
boundary so that the first packet is less than the MTU of the out-going interface.
 max size of each fragment is the MTU minus the IP header size (20 bytes
minimum; 60 bytes maximum).
 The  MF in the first packet is set to one (to indicate that more fragments of this
packet follow).
 The MF may already be set in this packet if it has already been fragmented by
another system. This packet is forwarded.
 Second packet header field is identical to that of the original packet. MF is 0 is it is
the last one..

For example, for an MTU of 1,500 bytes with a header size of 20 bytes, the fragment
offsets would be multiples of (1500–20)/8 = 185. These multiples are 0, 185, 370,
555, 740, ..
Answer…
• a packet of 4,520 bytes, including the 20 bytes of the IP header (without
options) is fragmented to two packets on a link with an MTU of 2,500
bytes. What will be the Flag and fragmentation offset?

Let this fragmented datagram again encountered with a link with an MTU of
1,500 bytes. What will be the Flag and fragmentation offset?
 IP Datagrams
Time to live:
A datagram has a limited lifetime in its travel through an
internet.
originally designed to hold a timestamp, which was
decremented by each visited router.
 datagram discarded when the value became zero.
 now all the machines must have synchronized clocks .
 Today, this field is used mostly to control the maximum number of hops (routers) visited
 When a source host sends the datagram, it stores a number in this field.
 value is approximately 2 times the maximum number of routes between any two hosts.
 Each router that processes the datagram decrements this number by 1.
 after being decremented, is zero, the router discards the datagram.
 may travel between two or more routers for a long time without ever getting delivered to
the destination host. This field limits the lifetime of a datagram.
[Avoids congestion]
 IP Datagram
Protocol:
 8-bit field defines the higher-level protocol that
uses the services of the IPv4 layer.
 IPv4 datagram can encapsulate data from
several higher-level protocols such as TCP, UDP,
ICMP, and IGMP.
 This field specifies the final destination protocol
to which the IPv4 datagram is delivered.
 value of this field helps the receiving network
layer know to which protocol the data belong
 When a router receives a packet destined for
itself, it examines this Protocol field to learn
how to interpret data which are encapsulated
in the IP packet.
 Maintains by Internet Assigned Numbers
Authority (IANA).
Checksum:
 to protect the header of IPv4 data packets against data corruption.
 has to be calculated on each hop(router) and if it does not matches then packet
has to be discarded. 
 First, the value of the checksum field is set to 0.
 Then the entire header is divided into 16-bit sections and added together.
 The result (sum) is complemented and inserted into the checksum field.
 The checksum in the IPv4 packet covers only the header, not the data.
Checksum calculation
I. 16 bit block formation:
 version(4), Header length(20) ToS(0) [all default] is a one block of 16 bit fields ----
hex turns to 4500.
 Total length and Identification are two 16 bit field
 Flags(001) and fragment offset(2560) make another 16 bit field---2140 in hex.
 In the same way all the fields are arranged to make blocks of 16 bits each. Hence
complete IP packet header can be represented as(hex):
 4500 0514 42A2 2140 8001 50B2(Header Checksum) C0A8 0003 C0A8 0001
 II. Calculating Checksum
 First calculate the sum of each 16 bit value within the header, skipping only the
checksum field itself. [Taking it zero] 

 4500+0514+42A2+2140+8001+0000+C0A8+0003+C0A8+0001 = 2AF4B

 Calculating further, adding carrys: 2+AF4B = AF4D

 Converted it to binary AF4D = 1010111101001101

 Compute one’s complement. = 0101000010110010

 represented in hex  50B2

The packet
4500 0514 42A2 2140 8001 50B2(Header Checksum) C0A8 0003 C0A8 0001

-------------------Checksum in IP covers only the header, not the data.

III. Checksum calculation at receiver

• Add all the 16 bit fields including the checksum:

• 4500+0514+42A2+2140+8001+50B2+C0A8+0003+CoA8+0001 = 2FFFD
• Calculating further, adding carry: 2+FFFD = FFFF which is
• all ones hence the header checksum is correct.
IP Datagrams
Source and destination address: Required*

Options:
 made of two parts: a fixed part and a variable part.
 The fixed part is 20 bytes long and the variable part comprises the options that can
be a maximum of 40 bytes.
 Options, as the name implies, are not required for a datagram.
 They can be used for network testing and debugging.
 contains routing details, timing, management

this may be changed in transit by a network address

translation device.
IP Address—Classful and Classless
• Started with the concept of classful
• From mid 90 new architecture proposed---classless

Classful: 5 classes
IP address
Class Address Range
Class A 1.0.0.1 to 126.255.255.254
Class B 128.1.0.1 to 191.255.255.254
Class C 192.0.1.1 to 223.255.254.254
Class D 224.0.0.0 to 239.255.255.255
Class E 240.0.0.0 to 254.255.255.254
Who issue?
Who issues IP address?
Internet assigned number authority (ISNA) issues the prefix
or network portion and give it to Internet service provider.
Organization approaches to ISP.

Wholesaler retailer  customer !!!

Fragmentation
• Each protocol has a specific frame format.---Maximum data field.
• MTU differs from one physical network protocol to another.
• Fragmentation is required

IP datagram

Header MTU Trailer

• A fragmented datagram may need to be fragmented again.

• When a datagram is fragmented, required parts of the header must be copied by all
fragments.
• The host or router that fragments a datagram must change the values of three
fields:
flags, fragmentation offset, and total length.
The rest of the fields must be copied. Only the value of the checksum must be
recalculated regardless of fragmentation.
Fields related to fragmentation
Identification:
If a datagram is fragmented a counter is initialized to a positive number.
• When IP sends the datagram it copies the current value of the counter in the
identification field.
• Increase counter by one---For next datagram.
• When datagram is fragmented the value of identification is copied to all fragments.
• Helps the destination to reassemble.

Only data in a datagram is fragmented

• Flag: Second bit 1: Do not fragment
Third bit 1: More fragment

• If it cannot pass the datagram through any available physical network, it discards
the datagram and sends an ICMP error message to the source host
• last bit is 1, it means the datagram is not the last fragment; there are more
fragments after this one.
• If its value is 0, it means this is the last or only fragment
• Fragmentation offset: shows the relative position of this fragment with respect to
the whole datagram.
• It is the offset of the data in the original datagram measured in units of 8 bytes.

• Data size of 4000 bytes fragmented into three fragments.

• bytes in the original datagram are numbered 0 to 3999. The first fragment carries
bytes 0 to 1399. The offset for this datagram is 0/8=0
• The second fragment carries bytes 1400 to 2799;offset value 1400/8= 175.
• Third fragment carries bytes 2800 to 3999.  offset value 2800/8= 350.
• length of the offset field 13 bits cannot represent a sequence of bytes greater
than 8191.
• forces hosts or routers that fragment datagrams to choose the size of each
fragment so that the first byte number is divisible by 8.
Questions
Q. A packet has arrived with an M bit value of 1 and a fragmentation offset value of
zero. Is this the first fragment, the last fragment, or a middle fragment?

Because the M bit is 1, it is either the first fragment or a middle one. Because the
offset value is 0, it is the first fragment.

Q. A packet has arrived in which the offset value is 100. What is the number of the
first byte? Do we know the number of the last byte?

Multiply the offset value by 8. This means that the first byte number is 801.(800 is
already been sent.) We cannot determine the number of the last byte unless we
know the length of the data.

Q. A packet has arrived in which the offset value is 100, the value of HLEN is 5
and the value of the total length field is 1000. What is the number of the first
byte and the last byte?
Question
• An IP packet has arrived with the first 8 bits as shown: 01000010. The receiver
discards the packet. Why?

Error in this packet. The 4 left-most bits (0100) show the version, which is correct. The
next 4 bits (0010) show the wrong header length (2 × 4= 8). The minimum number of
bytes in the header must be 20. The packet has been corrupted in transmission.

Q. In an IP packet, the value of HLEN is 1000 in binary. How many bytes of options are
being carried by this packet?
Total number of bytes in the header is 8
  1000
 
 
 
 
 
× 4 or 32 bytes.
   
 
 
The first 20 bytes are the base header, the
next 12 bytes are the options.
 

Option 12 bit  

Q. In an IP packet, the value of HLEN is 516 and the value of the total length field is
002816. How many bytes of data are being carried by this packet?
Length of data = total length-header length
Question
• An IP packet has arrived with the first few hexadecimal digits as shown below:
45000028000100000102 . . .
How many hops can this packet travel before being dropped? The data belong to what
upper layer protocol?

       

TTL
 
 
Protocol 
 

 
 
Discard 16 hexadecimal digit
 
  45000028000100000102 . . .
 

Only one hop.

02 means IGMP (Internet Group

Management Protocol)
GATE
• In an IPv4 datagram, the M bit is 0, the value of HLEN is 10 (decimal), the value of
total length is 400 and the fragment offset value is 300. The position of the
datagram, the sequence numbers of the first and the last bytes of the payload,
respectively are
(A) Last fragment, 2400 and 2789
(B) First fragment, 2400 and 2759
(C) Last fragment, 2400 and 2759
(D) Middle fragment, 300 and 689

M = 0 indicates that this packet is the last packet among all fragments of original packet.
So the answer is either A or C.
It is given that HLEN field is 10. Header length is number of 32 bit words. So header
length = 10 * 4 = 40
Also, given that total length = 400.
Total length indicates total length of the packet including header.
So, packet length excluding header = 400 – 40 = 360
Last byte address = 2400 + 360 – 1 = 2759 (Because numbering starts from 0)
(C)
 GATE
• An IP router with a Maximum Transmission Unit (MTU) of 1500 bytes has received
an IP packet of size 4404 bytes with an IP header of length 20 bytes. The values of
the relevant fields in the header of the third IP fragment generated by the router
for this packet are
(A)MF bit: 0, Datagram Length: 1444; Offset: 370
(B) MF bit: 1, Datagram Length: 1424; Offset: 185
(C) MF bit: 1, Datagram Length: 1500; Offset: 37
(D) MF bit: 0, Datagram Length: 1424; Offset: 2960
Number of packet fragments = ⌈ (total size of packet)/(MTU) ⌉
= ⌈ 4404/1500 ⌉
= ⌈ 2.936 ⌉
=3
 So Datagram with data 4404 byte fragmented into 3 fragments.

The first frame carries bytes 0 to 1479 (because MTU is 1500 bytes and HLEN is 20
byte so the total bytes in fragments is maximum 1500-20=1480). the offset for this
datagram is 0/8 = 0.
The second fragment carries byte 1480 to 2959. The offset for this datagram is 1480/8
= 185.finally the third fragment carries byte 2960 to 4404.the offset is 370.and for all
fragments except last one the M bit is 1.so in the third bit M is 0..
• An IP datagram of size 1000 bytes arrives at a router. The router has to forward this packet
on a link whose MTU (maximum transmission unit) is 100 bytes. Assume that the size of the
IP header is 20 bytes. The number of fragments that the IP datagram will be divided into for
transmission is :
 
(A) 10
(B) 50
(C) 12
(D) 13

Explanation: MTU = 100 bytes

Size of IP header = 20 bytes
So, size of data that can be transmitted in one fragment = 100 – 20 = 80
bytes
Size of data to be transmitted = Size of datagram – size of header = 1000 –
20 = 980 bytes
 
Now, we have a datagram of size 1000 bytes.
So, we need ceil(980/80) = 13 fragments.
 
Thus, there will be 13 fragments of the datagram.
• Consider an IP packet with a length of 4,500 bytes that includes a 20-byte IPv4
header ans 40-byte TCP header. The packet is forwarded to an IPv4 router that
supports a Maximum Transmission Unit (MTU) of 600 bytes. Assume that the
length of the IP header in all the outgoing fragments of this packet is 20 bytes.
Assume that the fragmentation offset value stored in the first fragment is 0.
The fragmentation offset value stored in the third fragment is ______ .

Explanation: MTU = 600 bytes and IP Header = 20 bytes

So, Payload will be 600 – 20 = 580 bytes
580 is not multiple of 8, but we know fragment size should be multiple of 8. So
fragment size = 576 bytes
Kth fragmentation offset value = Fragment Size * (K th fragment – 1) / Scaling Factor
Offset value of 3rd fragment = 576 * (3 – 1) / 8 = 144
Option
• Header has two parts: fixed part and variable part.
• Fixed part is 20 bytes long.
• The variable part comprises the options, which can be a maximum of 40 bytes.
(15*4=60-20=40)
• The name implies, OPTION not required for a datagram.
• Used for network testing and debugging.
• Although options are not a required part of the IP header, option processing is
required of the IP software.
• This means that all implementations must be able to handle options if they are
present in the header.
Format of OPTION
Type: 8 bits long and contains three
subfields: copy, class, and number.

Copy:
1-bit subfield controls the presence of the option in fragmentation.
value is 0, ---option must be copied only to the first fragment.
value is 1--- option must be copied to all fragments

Class:
2-bit subfield defines the general purpose of the option.
00 used for datagram control.
10  used for debugging and management.
01 and 11  Reserved

Number
5-bit subfield defines the type of option.
currently only 6 types are in use.
 Format of Option
Length
• Defines the total length of the option including the type field and the length field itself.
• This field is not present in all of the option types.
Value
• Contains the data that specific options require.
• This field is also not present in all option types.
Option type (5 bit number field)
• options are currently being used.
• Two of these are 1-byte options, and they do not require the length or the data
fields.
• Four of them are multiple-byte options; they require the length and the data fields.
No-Operation Option:
1-byte option used as a
filler between options.
used as “internal padding”
to align certain options on a
16 or 32-bit boundary when
Value Type required.
00001 No option
00000 End of option
00111 Record route
01001 Strict source to route
00011 Loose source route
00100 Time stamp
Option type (5 bit number field)
End of option:
 used for padding at the end of the option field.
 It, however, can only be used as the last option.
 Only one end-of-option option can be used.
 After this option, the receiver looks for the payload data
 if more than 1 byte is needed to align the option field, some no-operation options
must be used, followed by an end-of-option option
Option type (5 bit number field)
Record-Route Option: record the routers that handle the datagram
 Used to record the Internet routers that handle the datagram.
 Can list up to nine router IP addresses. [In header 15 * 4 =60 . Option is max 40
byte. IP 9 * 4=36 + 3 (Type, length and pointer)].
 Source creates placeholder fields in the option to be filled by the visited routers.
 pointer field (1 byte)offset integer field containing the byte number of the first
empty entry. In other words, it points to the first available entry.
• Datagram from source, all of the fields are empty. Pointer field has a value of 4,
pointing to the first empty field.
• passing a router that processes the datagram finds the value of the pointer with the
value of the length. If pointer value >value of the length, the option is full and no
changes are made.
• If not router adds the IP address of its interface from which the datagram is leaving.
• Increase the pointer value by 4.
Option type (5 bit number field)
Strict-Source-Route Option:
• Used by the source to predetermine a route for the datagram as it travels through
the Internet.
• Advantages:
 For specific type of service minimum delay or maximum throughput.
 May choose a route that is safer or more reliable. for the sender’s purpose.
[For example, a sender can choose a route so that its datagram does not travel
through a competitor’s network.]
• all of the routers defined in the option must be visited by the datagram.
• A router must not be visited if its IP address is not listed. If the it visits a router not
listed the datagram is discarded and an error message is issued.
• If the datagram arrives at the destination and some of the entries were not visited,
it will also be discarded and an error message issued. ----Problem
• General users, however, are not usually aware of the physical topology of the
Internet. Thus strict source routing is not the choice of most users.
• Similar to record route, but the entry are done by sender
router that processes the datagram compares value of the pointer with the value of
the length.
If the value of the pointer > value of the length, the datagram has visited all of the
predefined routers. cannot travel anymore discarded and an error message is
created
If not router compares the destination IP address with its incoming IP address: If
they are equal,  process the datagram swaps the IP address pointed by the
pointer with the destination addressincrements the pointer by 4  forwards the
datagram. If they are not equal, it discards the datagram and issues an error message.
Option type (5 bit number field)
Loose-Source-Route Option:
 Similar to the strict source route, but more relaxed.
 Each router in the list must be visited, but the datagram can visit other routers as
well.
Time stamp:
• Used to record the time of datagram processing by a router.
• Time is expressed in milliseconds from midnight, universal time.
• All routers may use Universal Time (Network time protocol), their local clocks may
not be synchronized.
• Time stamp help users and managers track the behavior of the routers in the
Internet.
• Timestamp option is not a choice for most users. [Not aware of physical topology]
Option type (5 bit number field)
• Overflow field records the number of routers that could not add their timestamp.
(because no more fields were available.)
• The flags field specifies the visited router responsibilities.
0  each router adds only the timestamp in the provided field.
1  each router add its outgoing IP address and the timestamp.
3  IP addresses are given, and each router check the given IP address with its
own incoming IP address. If match, the router overwrites the IP address with its
outgoing IP address and adds the timestamp.

To add
timestamp
Question
• For a datagram HLEN field is 1001 in binary. Type bit is 111. How many IP address
it can record?

9*4=36-20=16 (Option field)

16-3=13 byte is left to record IP. Max 3.

• For a datagram HLEN is 1011 in binary. Option type is 137. Pointer value after
released by a router is 20. Whether it will be accepted by the next router?
11*4=44-20=24
24-3=21 left to record IP
Entry of 5 IP addresses. Pointer is initialized by 4 when released by source.
Maximum possible value is 4+20=24.
20 means will be accept.
Question
• Value of HLEN is 1110. Option type value is 137. Pointer value 36 or 40 , which is
possible?

56-20=36-3=33
33/4=8
Pointer value max = 4+32=36.

• Value of HLEN is 1110. Option type value is 68.

How may entries will be there if Flag value of option is a) 0 b) 1 c) 3

56-20=36-4 (one extra byte for overflow+flag)=32 byte

a) 0 only timestamp so 8
b) 1 IP+ timestamp so 4
c) 3 same as b
Checksum
• Error detection method used by most TCP/IP protocols
• Protects against the corruption that may occur during the transmission of a packet.
• Redundant information added to the packet.
• Calculated at the sender and the value is sent with the packet.
• Receiver recalculates on the whole packet including the checksum. If satisfactory
the packet is accepted; otherwise, rejected.

a. Checksum calculation at sender

b. Checksum calculation at receiver

Checksum in IP covers only the header, not the data.

Checksum calculation at sender and receiver
Sender:
• The packet is divided into k sections, each of n bits. [Generally n=16]
• All sections are added together using one’s complement arithmetic.
• The final result is complemented to make the checksum.
Receiver:
• packet is divided into k sections and all sections are added.
• The result is complemented.
• Final result is 0 ? Yes  Accepted; Else  Rejected.
7+11+12+0+6=36=(100100)2

(10)2 + (0100)2 = (0110)2 =(6)2

15-6=9 (actual checksum)
Security
• Earlier no security was provided for the IPv4 protocol. Internet runs on trust.
• Security issues particularly applicable to the IP protocol: packet sniffing, packet
modification, and IP spoofing.
Packet Sniffing:
A passive attack. (Does not change the content of the packet)
An intruder may intercept an IP packet and make a copy of it.
• Very difficult to detect because the sender and the receiver may never know that
the packet has been copied.
• Sniffing cannot be stopped. Solution  Encryption
• Sniffer cannot find its contents.
Packet Modification:
• Attacker intercepts the packet, changes its contents, and
sends the new packet to the receiver.
• Receiver believes that the packet is coming from the original
sender.
• Can be detected using a data integrity mechanism.
Security
IP Spoofing:
• technique used to gain unauthorized access to machines.
• an attacker illicitly impersonates another machine by manipulating IP packets.
• involves modifying the packet header with a forged (spoofed) source IP address, a
checksum, and the order value. 
•  starts by identifying the host and finding the IP address trusted by the host so that
user can send data packets and the host will see them as originating from a trusted
IP address
• This type of attack can be prevented using an origin authentication mechanism.
• perform activities that are malicious and illegal. Like--Service denial and man in
the middle attacks.
Properties of IP.
Unreliable: Does not provide any datagram will definitely reach
to the destination. Best-effort delivery mechanism.
IP lets the reliability become the responsibility of the transport
layer.

Connectionless: Each datagram send by IP is considered to be an

independent.
all packets in IP network are routed independently, they may not
necessarily go through the same route, while in a virtual
circuit network which is connection oriented, all packets go
through the same route.
Router and IP address
• If a router connects networks it will have an IP addresses.
Public IPs are used by routers and by computers connected directly to DSL modems
without a router.
Private IP addresses are special IP addresses that are known only to a router and
its home network. is used to assign computers within your private space without
letting them directly expose to the Internet.
A Web server will not deliver Internet data to a private IP address. It will deliver the
data to the router (which has a public IP address) and then the router will deliver
the data to the computer that has the private IP address.
How to get the two IP addresses?
• Private IP
Type ipconfig.
• Private IP
type ip4.me in the URL bar of the browser.

Or type in cmd prompt

nslookup myip.opendns.com resolver1.opendns.com
(some ISP bans to enter)
Who decides IP?
• Internet assigned number authority (IANA) allocates IP prefix
to ISP.
• ISP allocates host number and suffixes.

192.168.123.0

Network ID Host ID

Subnet mask determines the network part and host part by the
presence of consecutive ‘1’ s.
 Subnetting
 breaking a large network into smaller networks by adding ones to the
subnet mask.
 Host's formula: how many hosts will be allowed on a network that has a
certain subnet mask.
 2h - 2. h : number of zeros in the subnet mask converted to binary.
(The first and last addresses are reserved. First: to identify the network
and the last to be used as the broadcast address)
 Example: IP address space 192.168.0.0. Number of node is 100.
 Use 255.255.255.0 as subnet mask. (28 – 2= 254 ) 254>100
 We would have 192.168.0.1 through 192.168.0.254 for your hosts. (2
addresses are reserved)
 Next year node become 300. Make subnet mask 255.255.254.0.(29 – 2 )
 Adding ones to the subnet mask means you get fewer hosts per
network subnet but more network subnets. If you remove ones from
the subnet mask, you get more hosts per network but fewer networks.
Subnetting
• Subnet formula : 2S where S denotes number of ‘1’ added to
the subnet mask.
• As we add subnet bits, the number of subnets increases by a
factor of two, and the number of hosts per subnet decreases
by a factor of two. 
Classless Inter-Domain Routing (CIDR) representation: appends
the number of subnet mask bits to the network address.
we append a forward slash (/) and the number of ‘1’ bits in the
subnet mask.
192.168.0.1/23 means
IP : 192.168.0.1 Subnet mask: 255.255.254.0
Subnetting
• IP address 192.168.10.44
• Subnet Mask 255.255.255.248
Binary 11111111.11111111.11111111.11111000
Bitwise AND
Subnet Address 192.168.10.40
Binary 11000000. 10101000.00001010.00101000

Subnet counting range Host counting range

First address 192.168.10.41

Last Address 192.168.10.46
Broadcast 192.168.10.47
Next subnet 11000000. 10101000.00001010.00110000
192.168.10.48 Total no of Subnet 32
Number of nodes per subnet 6 (8-2)
Benefits of subnetting

• Improve network performance and speed.

A single broadcast packet sends out information that
reaches every device connected to that network because each
device has an entry point into the network.
• Reduce network congestion.
• Boost network security.
• Control network growth.
• Ease administration.
Communication in Same network

Direct and indirect delivery

Source and destination are in same network.—Direct.
How to know?
AND operation is performed between source IP address , source
subnet mask and destination IP address, source subnet
mask. If the two results matches then both nodes resides in
same n/w.

If does not matches –Indirect

Forward the packet to the router.
 Communication in Same network

192.168.20.1/24
10.10.10.1/24
R

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.11/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
 Communication in Same network
• Let node A wants to communicate with C
• Bitwise AND with IP of A with A’s subnet mask and IP of C and A’s subnet
mask. The two results are same. Thus A and C are in same network.
• If A does not know the MAC address of C it broadcast a ARP request packet
with the MAC address of A in the same network. It reaches to all nodes
including Router interface to the n/w
• All except C will reject but C will accept with a ARP reply packet (unicast)
with its MAC address.
[ARP cache is a table maintained by ARP which contains IP address with its associated MAC
address and type. If MAC address is learned dynamically then the type will be dynamic and
if MAC address is added manually then type will be static.]

Let two nodes are in same network.

You know the IP of the node. From arp
-a you are not getting the MAC in ARP
table. Just ping that address. If
successfully ping then again type arp –
a. The MAC for the new address is
added.
 10.10.10.1/24 192.168.20.1/24
9b-fc-5g-56-f3- R
45

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.12/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
8b-9c-fg-cc-f3- 9a-8c-ff-ab-3f- 9d-6f-7d-af-f7-
94 67 89

A wants to communicate with C

 10.10.10.1/24 192.168.20.1/24
9b-fc-5g-56-f3- R
45

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.12/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
8b-9c-fg-cc-f3- 9a-8c-ff-ab-3f- 9d-6f-7d-af-f7-
94 67 89

A does not know the MAC address of C

A generates an ARP request with the IP address of C.
 10.10.10.1/24 192.168.20.1/24
9b-fc-5g-56-f3- R
45

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.12/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
8b-9c-fg-cc-f3- 9a-8c-ff-ab-3f- 9d-6f-7d-af-f7-
94 67 89

A makes OPERATION FLAG to broadcast and it reaches to

switch, which broadcast to all its outgoing nodes
 10.10.10.1/24 192.168.20.1/24
9b-fc-5g-56-f3- R
45

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.12/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
8b-9c-fg-cc-f3- 9a-8c-ff-ab-3f- 9d-6f-7d-af-f7-
94 67 89

All except C will accept it

 10.10.10.1/24 192.168.20.1/24
9b-fc-5g-56-f3- R
45

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.12/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
8b-9c-fg-cc-f3- 9a-8c-ff-ab-3f- 9d-6f-7d-af-f7-
94 67 89

C will unicast an ARP reply to A via switch. In the traversal process S also updates
its ARP cache. A also updates its ARP cache and from further communication A
does not need to generate ARP request.
 10.10.10.1/24 192.168.20.1/24
9b-fc-5g-56-f3- R
45

S S

A B C D E F
10.10.10.10/24 10.10.10.11/24 10.10.10.12/24 192.168.20.10/24 192.168.20.11/24 192.168.20.12/24
8b-9c-fg-cc-f3- 9a-8c-ff-ab-3f- 9d-6f-7d-af-f7-
94 67 89

Now A can directly send the message to C

Communication in different network
• AND operation is performed between source IP address ,
source subnet mask and destination IP address, source subnet
mask. If the two results does not matches then both nodes
resides in same n/w.
 NAT Private IP
Public IP
INTERNET

Network address Translation. Operates mainly in router and firewall

Technique to is to allow multiple devices to access the Internet
through a single public address.
Use: to limit the number of public IP addresses an organization or
company must use, for both economy and security purposes.
Packet from private IP address and port number (source) is translated
to public IP and port is also masked.
corresponding entries of IP address and port number in the NAT
table.
NAT works at the border router, whose one interface is in private
network and another one is in private network.
Source:
wikipedia
 NAT
• Why port number is translated?

Types:
Static NAT: Used in web hosting. private IP are
mapped to public IP in 1:1 basic

Dynamic NAT: Maps a private IP address to a

public IP address from a group of public IP
addresses.

PORT NAT: A form of dynamic NAT that maps

multiple public IP addresses to a single public
IP address by using different ports. This is
known also as PAT (Port Address Translation),
single address NAT or port-level multiplexed Image source:
https://computer.howstuffworks.co
NAT.
m/nat.htm
NAT and Proxy
• Proxy function at layer 7 where as NAT in layer 3 or 4.
• Proxy used for security purpose whereas NAT is used for
network administration.
More on IP
• IP is unreliable: does not guarantee the delivery of a datagram to its
destination.
• Best effort delivery mechanism.
• IP does not support flow control, retransmission,
acknowledgement and error recovery. (Surprised? Actually IP lets it
over upper layer protocol TCP)
• IP does not have any tracking mechanism to check whether a
datagram is sent to next hop or not.
• IP is connectionless thus stateless. all packets in IP network are
routed independently, they may not necessarily go through the
same route, (except virtual circuit network)
• The minimum size of an IP datagram is 576 bytes and the maximum
size is 65535 bytes.
From Internet layer to Transport layer
• Mainly concerned with the transportation of packets from
source to the destination. (end to end delivery)
• Ensures correct delivery.
• In TCP/IP the transport layer has two protocols. TCP and UDP
Transmission Control Protocol(TCP)
• Process to process communication.
• Done through port number.
• provides reliable, ordered, and error-checked delivery of a stream of octets (bytes)
between applications running on hosts communicating via an IP network.
TCP
• allows the sending process to deliver data as a stream of bytes and allows the
receiving process to obtain data as a stream of bytes.
• Creates an environment in which the two processes seem to be connected by an
imaginary “tube” that carries their bytes across the Internet
• The sending process produces (writes to) the stream of bytes and the receiving
process consumes (reads from) them.
Sending and Receiving Buffers
• Sending and the receiving processes may not necessarily write or read data at the
same rate.
• TCP needs buffers for storage.
• Two buffers, the sending buffer and the receiving buffer, one for each direction.
• Buffers are circular array of 1-byte locations.
• Has three types of chambers.
• Sending buffer has three types of chambers
a)empty chambers –that can be filled by the sending process (producer),
b) Chamber with byte been sent but not yet acknowledged. (TCP sender keeps these
bytes in the buffer until it receives an acknowledgment)
c) Chamber contains bytes to be sent by the sending TCP.
• After getting acknowledgement those become empty.
Sending and Receiving Buffers
Two types of chambers in receiving buffer.
a) empty chambers to be filled by bytes received from the network.
b) received bytes that can be read by the receiving process.
(When a byte is read by the receiving process, the chamber is recycled)
 Features of TCP
• Reliability
• Point to point communication
• Connection oriented approach
Reliability
Reliability:
 Ensures end to end delivery
 No data loss or change in the order of the data.

Error control: Has own checksum.

[Q. CRC is already there why extra?
A. Data link layer ensures error free delivery between two networks. If error is
introduced in router? Beyond the reach of data link layer. ]
Connection oriented service
If process at node A wants to communicate with another process at node B

a. The two TCPs establish a virtual connection between them.

b. Data are exchanged in both directions.
c. The connection is terminated.
Loss control: provides segment number while breaking
original message into segments. If one of them is
loss (IP is connection less and does not guarantee delivery)
destination will find the mismatch.
Sequence control: Different segment takes different
route in routing.
They are arranged properly at destination
Duplication control: opposite to loss control
Same datagram may reach to destination twice or
more through different paths.
destination must have the mechanism to detect the
duplication
Point to point communication: port to port communication

Connection oriented:
 Connection provided by TCP is called virtual connection
 connection must be established between two ends of a transmission before either
can transmit data.
 Regarding virtual connection sender and receiver are aware but intermediate
router do not have any clue.
Relationship between TCP and IP
Communication using TCP/IP
TCP features
I. Numbering System:
 In TCP there is no field for segment number in header.
 There are two fields called the sequence number and the acknowledgment number.
 These fields refer to a byte number and not a segment number.

a) Byte Number:
TCP numbers all data bytes (octets) that are
transmitted in a connection.
Numbering is independent in each direction.
TCP
TCP receives bytes from a process and stores
them in the sending buffer and numbers them.
TCP chooses an arbitrary number between 0
and 232− 1 for the number of the first byte.

Example: Let the number is 1,057 and the

total data to be sent is 6,000 bytes, the bytes
are numbered from 1,057 to 7,056.
TCP features
b) Sequence number:
• After the bytes are numbered, TCP assigns a sequence number to each segment that is
being sent.
• The sequence number for each segment is the number of the first byte of data carried
in that segment.

c) Acknowledgment Number:
• Communication in TCP is full duplex; when a connection is established, both parties can
send and receive data at the same time.
• sequence number in each direction shows the number of the first byte carried by the
segment.
• Each party uses an acknowledgment number to confirm the bytes it has received.
• Acknowledgment number defines the number of the next byte that the party expects
to receive.
• Acknowledgment number is cumulative, ---party takes the number of the last byte that
it has received, safe and sound, adds 1 to it, and announces this sum as the
acknowledgment number.
TCP features
II. Flow Control:
• TCP controls how much data can be accepted from the sending process; the
receiving TCP controls how much data can to be sent by the sending TCP.
• Done to prevent the receiver from being overwhelmed with data.
• Numbering system allows TCP to use a byte oriented flow control.

III. Error Control:

 TCP implements an error control mechanism.
 Includes mechanisms for detecting corrupted segments, lost segments, out-of-
order segments, and duplicated segments.
 Error control also includes a mechanism for correcting errors after they are
detected.
 Error detection and correction in TCP is achieved using checksum,
acknowledgment, and time-out.
TCP features
III.a. TCP uses a 16-bit checksum that is mandatory in every segment.

III.b.
 TCP uses acknowledgments to confirm the receipt of data segments.
 Control segments that carry no data but consume a sequence number are also
acknowledged.
 ACK segments are never acknowledged.

III.c.
 Retransmission of segments.
 When a segment is corrupted, lost, or delayed, it is retransmitted.
 A segment is retransmitted when a retransmission timer expires.
 TCP segment format
• Has header of size 20 to 60 byte followed
by actual data.
• TCP segment without option –20 byte else
60 byte
Source port number: port number of the
source computer corresponding to the
application that is sending this TCP
segment FLAG

Destination port number: corresponding to

the application that is expected to receive
this TCP segment
 TCP segment format
Sequence number:
 TCP is connection oriented.
 Each byte to be transmitted from source to destination is numbered in an increasing sequence.
• sequence number tells the destination which byte in this sequence is the first byte in the
segment.
• During connection establishment (discussed later) each party uses a random number
generator to create an initial sequence number (ISN), which is usually different in each
direction.
 If ISN is ‘n’ and first TCP segment is carrying 2000 byte, then sequence number will be n+2. [n
and n+1 are used in connection establishment]. Next it will be (n+2+2000).
Acknowledgement number:
If destination host receives a byte number X correctly [last byte of a sequence], it sends X+1 as
acknowledgement back to source.
• Acknowledgment and data can be piggybacked together.
Header length:
 4 bit field specifies the number of 4 byte words in the TCP header.
 Field can be between 5 to 15 (5 X4 =20 to 15 x 4=60 header length)

Reserved: Currently unused

TCP segment format
Flag: 6 bit field defines 6 different control flags
each occupying one bit.

Subfield name Description

URG Urgent bit: 1: Priority transfer
ACK Acknowledgement: 1 means carrying an acknowledgement.
Value of the Acknowledgement number field is valid carrying
next sequence number expected from destination of this
segment
PSH Push bit: data in this segment be immediately pushed to the
application on the receiving device
RST Reset bit: sender encounters a problem and want to reset the
connection.
SYN source wants to establish a connection with the destination
FIN Finish bit: 1 --sender wants to terminate the TCP connection
TCP segment format
Window size: determines the size of the sliding window that the other party must
maintain.
Checksum: for facilitating error detection and correction.
Urgent pointer: Used in situation where some data in a TCP segment is more
important or urgent that other data in the same TCP connection.
TCP connection--A three way handshaking
• Requires three phases: connection establishment, data transfer, and connection
termination.
Connection Establishment:
 TCP transmits data in full-duplex mode.
 TCP in two machines able to send segments to each other simultaneously.
 This implies that each party must initialize communication and get approval from
the other party before any data are transferred.
 Connection establishment in TCP is called Three way handshaking
TCP connection
• Application program of client, wants to make a connection with another
application program of server, using TCP.
• Process starts with the server. Server program tells its TCP that it is ready to accept
a connection. This request is called a passive open.
• Client program issues a request for an active open.
• A client that wishes to connect to an open server tells its TCP to connect to a
particular server.
Steps: I. Synchronization:
i) client sends the first segment, a SYN segment, in which only the SYN flag is set.
ii) Used for synchronization of sequence numbers.
iii) The client chooses a random number [initial sequence number(ISN)] as the first
sequence number and sends this number to the server.
iv) This segment does not contain an acknowledgment number. Does not define the
window size [window size definition makes sense only when a segment includes
an acknowledgment]
v) SYN segment is a control segment and carries no data. However, it consumes one
sequence number. When the data transfer starts, the ISN is incremented by 1
Three way handshaking
Three way handshaking
II. Server synchronization and acknowledgement:
• Server sends the second segment, a SYN + ACK segment with two flag bits set: SYN
and ACK.
• Serves dual purposes. First, it is a SYN segment for communication with INS
number sent from the server to the client.
• Second acknowledgement of the receipt of the SYN segment from the client by
setting the ACK flag and displaying the next sequence number it expects to receive
from the client.
• Needs to define the receive window size, rwnd (to be used by the client)
TCP connection
III.
• Client sends the third segment. Just an ACK segment.
• Acknowledges the receipt of the second segment with the ACK flag and
acknowledgment number field.
• Sequence number in this segment is the same as the one in the SYN segment; the
ACK segment does not consume any sequence numbers.
• The client must also define the server window size.
 SYN flooding attack
• serious security problem in TCP connection.
• Several malicious attackers send a large number of SYN segments to a server
pretending that each of them is coming from a different client (by faking the
source IP addresses in the datagrams)
• The server, assuming that the clients are issuing an active open, allocates the
necessary resources.
• The TCP server then sends the SYN + ACK segments to the fake clients, which are
lost.
• When the server waits for the third leg of the handshaking process, however,
resources are allocated without being used.
• If, during this short period of time, the number of SYN segments is large, the server
eventually runs out of resources and may be unable to accept connection requests
from valid clients
• Distributed Denial of Service (DDoS) attack
TCP connection
Data Transfer:
• After connection is established, bidirectional data transfer can take place.
• Client and server can send data and acknowledgments in both directions.
• These are numbered as discussed earlier.

Last segment carries only an

acknowledgment because there is no more
data to be sent.
The data segments sent by the client have
the PSH (push) flag set so that the server
TCP tries to deliver data to the server
process as soon as they are received.
TCP connection
• In data transfer two types of bit play role a) PSH bit b) URG bit.
• Buffering of data in receiving TCP --delivered them to the application program
when it is ready or when it is convenient for the receiving TCP.
• Situation when delayed transmission and delayed delivery of data may not be
acceptable by the application program.
• Application program at sender can request a push operation. Indicates sending
TCP must not wait for the window to be filled. It must create a segment and send
it immediately.
• This is done by setting PSH bit.
• There are occasions in which an application program needs to send urgent bytes,
some bytes that need to be treated in a special way by the application at the
other end. Send a segment with the URG bit set.
 TCP connection
Connection Termination:
• Usually initiated by the client.
• Most implementations today allow two options for connection termination: three-
way handshaking and four-way handshaking with a half-close option.

i)
Three way handshaking: TCP at client receives a close command from
the client process.
Send FIN segment in which the FIN flag is set.
it consumes only one sequence number and
contains last chunk of data if exist.
ii)
Server receives the FIN segment
informs its process of the situation
and sends the second segment, a FIN+ACK
segment.
it consumes only one sequence number and
contains last chunk of data if exist.
TCP connection
iii)
 Client TCP sends the last segment, an ACK segment.
 Confirm the receipt of the FIN segment from the TCP server. Contains the
acknowledgment number, which is one plus the sequence number received in the
FIN segment from the server.
 This segment cannot carry data and consumes no sequence numbers.
Half close operation
• Here one end can stop sending data while still receiving data.
• Server or the client both can issue a half-close request.
• occur when the server needs all the data before processing can begin.
[Example: Sorting at server. Server needs to receive all the data before sorting starts. Client, after
sending all data, can close the connection in the client-to-server direction. However, the
server-to-client direction must remain open to return the sorted data. The server, after
receiving the data, still needs time for sorting; its outbound direction must remain open.]
 UDP
• User datagram protocol.
• far simpler but less reliable than TCP
• connectionless protocol.
• No error checking involved
• Does not provide any acknowledgement
• Do not have any sequence or reordering mechanism
• is a connectionless, unreliable transport protocol
• provides process-to-process communication
• Left on application program that uses UDP to accept full responsibility to handle
issues as reliability, data loss, duplication, delay, loss of connection.
• UDP is a better choice for voice or video communication as lost of few bit does not
effect so much on QoS.
• For data transmission TCP is the best.
• UDP is faster than TCP
 UDP datagram
Source port number: Port number used by the process running on the source host. It is 16
bits long.
Destination port number: Port number used by the process running on the destination
host. It is also 16 bits long.

Total packet length: total length of UDP datagram (header + data)

UDP datagram length = IP datagram length – IP header length
The length field in a UDP user datagram is actually not necessary.
A UDP is encapsulated in an IP datagram. IP datagram has the field total length.
Has also length of the header. So UDP length= IP length− IP header’s length

Till why?
However, the designers of the UDP protocol felt
that it was more efficient for the destination
UDP to calculate the length of the data from
the information provided in the UDP user
datagram rather than ask the IP software to
supply this information.
We should remember that when the IP
software delivers the UDP user datagram to the
Checksum: For error detection. UDP layer, it has already dropped the IP header.
Question
UDP header in hexadecimal format
CB84000D001C001C

a. What is the source port number?

b. What is the destination port number?
c. What is the total length of the user datagram?
d. What is the length of the data?
e. Is the packet directed from a client to a server or vice versa? (Hint: Destination
port number 13.)
f. What is the client process?
TCP VS UDP
TCP UDP
Connection connection-oriented connection-less

Function As a message makes its way across one program can send a load of packets
the internet from one computer to to another and that would be the end of
another. This is connection based. the relationship.
Usage suited for applications that require suitable for applications that need fast,
high reliability, and transmission efficient transmission, such as games.
time is relatively less critical. useful for servers that answer small
queries from huge numbers of clients.
Use by other HTTP, HTTPs, FTP, SMTP, Telnet DNS, DHCP, TFTP, SNMP, RIP, VOIP.
protocols
Ordering of rearranges data packets in the order no inherent order as all packets are
data packets specified. independent of each other. If ordering is
required, it has to be managed by the
application layer.
Speed of slower than UDP faster because error recovery is not
transfer attempted. 
Reliability  absolute guarantee that the data There is no guarantee that the messages
transferred remains intact and or packets sent would reach at all.
arrives in the same order in which it
was sent.
 TCP UDP
Header Size 20 bytes 8 bytes.
Common Source port, Destination port, Source port, Destination port, Check Sum
Header Fields Check Sum
Weight heavy-weight. requires three lightweight. no ordering of messages, no
packets to set up a socket tracking connections, etc. small transport
connection, before any user data layer designed on top of IP.
can be sent. handles reliability and
congestion control.
Data Flow does Flow Control. requires three UDP does not have an option for flow
Control packets to set up a socket control
connection, before any user data
can be sent. TCP handles reliability
and congestion control.
Error Checking does error checking and error UDP does error checking but simply
recovery. Erroneous packets are discards erroneous packets. Error
retransmitted from the source to recovery is not attempted.
the destination.
Acknowledge Acknowledgement segments No Acknowledgment
ment
Handshake SYN, SYN-ACK, ACK No handshake (connectionless
protocol)
 ARP
• Logical address is usually implemented in software.
• Every protocol that deals with interconnecting networks requires logical addresses.
• The logical addresses in the TCP/IP protocol suite are called IP addresses.
• Packets pass through physical networks to reach these hosts and routers.
• Hosts and routers are recognized by their physical addresses----the local address.
• Delivery of a packet to a host or a router requires two levels of addressing: logical and
physical.
• Must be able to map a logical address to its corresponding physical address and vice
versa.
• Done using either static or dynamic mapping
ARP
Static mapping:
• Creating a table that associates a logical address with a physical address.
• Table is stored in each machine on the network.
• Machine knowing the IP address of another machine but not its physical address
can look it up in the table.
Have some limitations
• A machine could change its NIC, resulting in a new physical address.
• Some LANs, like LocalTalk, the physical address changes every time the computer is
turned on. (by MAC spoofing)
• A mobile computer can move from one physical network to another, resulting in a
change in its physical address.
• Static table must be updated periodically.
ARP
Dynamic Mapping:
• Each time a machine knows the logical address of another machine.
• Use two protocols to find the physical address. Address Resolution Protocol (ARP)
and Reverse Address Resolution Protocol (RARP).
• ARP maps a logical address to a physical address; RARP maps a physical address to
a logical address.
ARP
The Protocol:
• Anytime a host, or a router, needs to find the physical address of another host or
router on its network.
• Sends an ARP query packet.
• The packet includes the physical and IP addresses of the sender and the IP address
of the receiver.
• Sender does not know the physical address of the receiver, the query is broadcast
over the network.
• Every host or router on the network receives and processes the ARP query packet,
but only the intended recipient recognizes its IP address and sends back an ARP
response packet.
• It contains the recipient’s IP and physical addresses.
• The packet is unicasted directly to the inquirer using the physical address received
in the query packet.
ARP
ARP Packet format
Hardware type:

Protocol Type: For IPv4 addresses, this value is

2048 (0800 hex), which corresponds to the
EtherType code for the Internet Protocol.

Hardware Address Length: Specifies how long

hardware addresses are in this message. For
Ethernet or other networks using IEEE 802
MAC addresses, the value is 6.
ARP Packet format
Protocol Length: For IP(v4) addresses this value is of course 4.

Operation: Specifies nature of ARP message being sent.

1 and 2 for regular ARP.

Sender physical Address:

Sender IP Address:

Target physical Address : Empty in request message

Target IP Address:
ARP
Searching operation:
1. The sender knows the IP address of the target.
2. IP asks ARP to create an ARP request message, filling in the sender physical address, the
sender IP address, and the target IP address. The target physical address field is filled
with 0s.
3. The message is passed to the data link layer where it is encapsulated in a frame using
the physical address of the sender as the source address and the physical broadcast
address as the destination address.
4. Every host or router receives the frame. Because the frame contains a broadcast
destination address, all stations remove the message and pass it to ARP. All machines
except the one targeted drop the packet. The target machine recognizes the IP address.
5. The target machine replies with an ARP reply message that contains its physical
address. The message is unicast.
6. The sender receives the reply message. It now knows the physical address of the target
machine.
7. The IP datagram, which carries data for the target machine, is now encapsulated in a
frame and is unicast to the destination.
ARP
Four different cases:
four different cases in which the services of ARP can be used
Case 1: The sender is a host and wants to send a packet to another host on the same
network. In this case, the logical address that must be mapped to a physical
address is the destination IP address in the datagram header.
Case 2: The sender is a host and wants to send a packet to another host on another
network. In this case, the host looks at its routing table and finds the IP address of
the next hop (router) for this destination. If it does not have a routing table, it
looks for the IP address of the default router. The IP address of the router becomes
the logical address that must be mapped to a physical address.
Case 3: The sender is a router that has received a datagram destined for a host on
another network. It checks its routing table and finds the IP address of the next
router. The IP address of the next router becomes the logical address that must be
mapped to a physical address.
Case 4: The sender is a router that has received a datagram destined for a host in
the same network. The destination IP address of the datagram becomes the logical
address that must be mapped to a physical address.
 RARP
• Finds IP address from physical address.
• Used when a new host is connected. Or a hard disk less
workstation
• RARP query datagram send to all nodes including
server.
• Server recognizes the kind of datagram
ICMP
• Internet control message protocol.
• IP does not guarantee datagram delivery correctly while TCP does.
• IP does not have error detection/retransmission/ acknowledgement mechanism. (TCP
has)
• The issues of connection management between source to destination, correct
delivery are handled by ICMP.
• Let a router receiving datagrams too fast to handle, or may be one host is down,
without knowing another host try to send datagram to the host repetedly.
• If this occur to a number of nodes the server may crash.
• ICMP serves as an error reporting mechanism.
• Does not play any role in correction of the problems.
• can be used to show when a particular End System (ES) is not responding, when an IP
network is not reachable, when a node is overloaded, when an error occurs in the IP
header information, etc. to verify correct operations of End Systems (ES) and to
check that routers are correctly routing packets to the specified destination address.
ICMP datagram
• ICMP message:
Type Code Checksum
Error Code Error message
8bit (error) 16bit
8bit
3 Destination unreachable

4 Source quench

5 Redirect

11 Time exceed
ping
• helps to verify IP-level connectivity.
• use ping to send an ICMP echo request to a target host name
or IP address.
• Use ping whenever you need to verify that a host computer
can connect to the TCP/IP network and network resources.
SMTP
• Simple mail transfer protocol
• defined in 1982
• specified for outgoing mail uses
• uses TCP port 25
Shortage of IPV4 address…

For IPv4, this pool is 32-bits (232) in size and contains 4,294,967,296 IPv4

addresses. 
Shortage of IPV4 address…
What happened to IPv5?
• It was designated to an experimental protocol called “internet
streaming protocol” but unfortunately it was never fully
deployed.
• was developed as a means of streaming video and voice data,
and it was experimental.
• never transitioned to public use in part because of its 32-bit
limitations.
• IPV6 came to play its role
An example of an IPv6 address is
2001:0db8:0000:0000:1234:0ace:6006:001e
 IPV6
• 32 bit address will be insufficient in coming years to cope up with large
number of devices.
• IP addresses are exhausting too fast
• IPV4 is unable to deal real time audio video collaborating technology.
• IP version 6 is also known as IP next generation (IPng).
• Has 128 bit IP address.
• has been under development now since the mid-1990s.
• IPv6 address is represented as eight groups of four hexadecimal digits, each
group representing 16 bits (two octets, a group sometimes also called a
hextet).
The groups are separated by colons (:).
An example : 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
IPV6 Header format

IPV4
IPV6
• Version:  
 size 4 bits.
 shows the version of IP and is set to 6.
• Traffic Class: 
 size 8 bits.
 similar to the IPv4 Type of Service (ToS) field.
 field indicates the IPv6 packet’s class or priority.
• Flow Label: 
 size is 20 bits.
 provide additional support for real-time datagram delivery and quality of service
features.
 The purpose is to indicate that this packet belongs to a specific sequence of packets
between a source and destination and can be used to prioritized delivery of packets
for services like voice.
• Payload Length: 
size is 16 bits.
shows the length of the IPv6 payload, including the extension headers and the upper layer
protocol data
IPV6
• Next Header: 
 size is 8 bits.
 shows either the type of the first extension (if any extension header is available) or
the protocol in the upper layer such as TCP, UDP, or ICMPv6.
• Hop Limit: 
 size is 8 bits
 shows the maximum number of routers the IPv6 packet can travel.
 similar to IPv4 Time to Live (TTL) field.
 typically used by distance vector routing protocols, like Routing Information
Protocol (RIP) to prevent layer 3 loops (routing loops).
• Source Address: 
 size is 128 bits.
 field shows the IPv6 address of the source of the packet.
• Destination Address: 
 size is 128 bits.
 shows the IPv6 address of the destination of the packet.
Thank You