Transmission Control Protocol/Internet Protocol (TCP/IP)
In order for communication to occur on a network all parties must use a common language. In IT networks this is known as a protocol. There are many different protocols available for computer networks. The most common and widely used being TCP/IP.
TCP/IP is the standard protocol that is used on the internet. In order for any network to access the internet you must use the TCP/IP protocol suite. TCP/IP is required by Active Directory. For this reason, TCP/IP is the default protocol for Windows XP and 2003.
Reference is often made to the TCP/IP stack. This consists of layers of mini applications which perform the discrete job of sorting and filtering the data packets picked up by the NIC and then passing the packet on to the next layer for further processing. Eventually a coherent message pops out of the top of the stack into the operating system for the user to read. The reverse is also true i.e. converting of the reply into data packets that can be sent over the network media.
The layers in a TCP/IP stack write headers for network messages as well as decoding them. Each level in the stack adds a portion to the network packet which its counterpart in the receiving computer will understand. Strictly speaking, the NIC isn’t part of TCP/IP, but protocols are bound to a particular adapter.
At the receiving computer, the headers are stripped off as they pass up through the TCP/IP stack until only the bare payload is presented to the user.
The DOD Four Layer Model
The Application Layer
The Application Layer contains the applications that use TCP/IP such as Internet Explorer and Outlook. The Application Layer also contains Application Programming Interfaces (API) such as Winsock, which enables applications to use TCP/IP.
The Transport Layer
The Transport Layer is responsible for the transfer of data on the network. There are two different transport protocols TCP and UDP. Both protocols provide transport but work in different ways.
Transmission Control Protocol (TCP)
TCP is a connection-orientated protocol. Both sides confirm that the data is being sent and received.
User Datagram Protocol (UDP)
UDP is a connectionless-orientated Protocol. Both computers presume the other side has received the data. As an example, name resolution uses UDP. If the query fails then a TCP name query is made.
The Internet Layer
To send data the sender must have a method of distinguishing the recipient. This is called an IP address and they take the form of a unique number on the network . The Internet Protocol is responsible for these addresses. The Internet Control Messaging Protocol (ICMP) is used to test connectivity between machines by sending ICMP messages using the PING command. The Internet Group Messaging Protocol (IGMP) is used to send data to groups of machines, e.g. Streaming Video. This is known as Multicast. The Address Resolution Protocol (ARP) is responsible for changing an IP address into the network card’s physical address. Every network card has a unique physical address hardwired into the card itself which is needed for communication on a network.
The Physical Layer
The Physical Layer is responsible for the actual physical media and how the data is sent to another machine, e.g. Fibre Optic, ATM. There are many ways to send data down the cable, the most common technologies for LANs are Token Ring and Ethernet. In order for two machines to communicate they must be using the same technology or be connected via a bridge .
Binary Numbers
The thinking bits of a computer use “flip-flops” to show “up” or “down” or “ on” or “off”. It’s just as easy to think of these as on/off light bulbs. Arrays of these flip-flops are used for storing and manipulating numbers. The point is that they can only have two states like a light bulb. These two states can also be stores as N/S magnets on a hard disk, or pits in foil on CD, or high and low voltages in a cable etc. etc.
Computers similarly use groups of switches to represent numbers and perform calculations. These groups of switches are known as registers and show numbers in Binary form. Denary numbers (which we also call Decimal) use 10 symbols to represent numbers – 0123456789, whereas Binary needs just two symbols 01.
The number of digits in a binary number can be represented by a corresponding number of switches. In computer parlance, these are bits.
A bit is either a 1 or a 0. The different bits in a binary number represent different values which are used to create a number.
If the bit is switched on (1) then we use that bit. If the bit is switched off (0) then we ignore it. Add all the (1) switches together, 128+64+16+8+1, and you get the number 217. So the binary number for 217 is 11011001.
Binary Number Examples
11111010 128+64+32+16+8+2=250
00011010 16+8+2=26
11110000 128+64+32+16=240
The IP Address
Every computer on a network and the internet needs an address. This address is known as an IP address. Two computers can never have the same address. An IP Address is a group of 4 eight bit binary numbers represented in decimal. Each number is separated by a period, e.g. Any machines that are connected to a network will each need a unique address. Two machines cannot use the same address.
The IP address is divided into the network ID and the host ID. The network ID represents what network the machine is on. For two machines to communicate they have to be using the same network ID. The host ID represents a unique number assigned to the machine attached to the end of the network ID. For two machines to communicate they need to Have the same network address. They must, however have different host numbers.
A machine can identify which part of its IP address is the host ID and which part is the network ID by using a set of numbers called a subnet mask.
Subnet Masks
As well as an IP address every machine using TCP/IP needs a subnet mask. The subnet mask splits the IP address into two parts, allowing the computer to identify which part is the network ID and which part is the host ID.
The subnet mask divides the IP address into two parts by using on (1) and off (0) switches. 1 represents a network ID and 0 represents a host ID.
A computer with an IP address of and a subnet mask of would have a network ID of 10.1 and a host ID of 0.1. This is worked out by converting both numbers into binary.
10 .1 .0. 1
255 .255. 0. 0
10 .1 .0. 1
255 .255. 0. 0
Using the subnet mask, divide the IP address up by using the 1’s to represent the network ID and the 0’s to represent the host ID.
Using this, we can assume that the network ID is 00001010.00000001 (10.1) and the host ID is 00000000.00000001 (0.1).
A subnet mask doesn’t have to be a full octet. It is possible to use a subnet mask that is only a partial octet.
For example This enables the administrator to create custom subnets to divide a private network into several discrete sub- networks
Bit Notation
An easier way of writing an IP address and its subnet mask is by using the form in the mask. The address with a subnet mask of can also be written as
This form of notation shows the number of Bits in the subnet mask, e.g. /8 represents 11111111.00000000.00000000.00000000 or
/20 would represent 11111111.11111111.11110000.00000000 or
IP Address Classes
When TCP/IP first appeared, IP addresses were placed into different classes A,B,C and D. The subnet mask of the machine would be determined by its IP address class. To determine what class an IP address is , refer to the first octet of the address, e.g. 100 for
To determine what class an IP address is , refer to the first octet of the address, e.g. 100 for
Class Subnet Mask Host ID’s
A 16,777,214
B 65,534
C 254
D (Multicast) N/A
A 16,777,214
B 65,534
C 254
D (Multicast) N/A
You have been assigned the address, how many hosts will you have?
/20 represents the subnet mask of 11111111.11111111.11110000.00000000 (
Therefore the Host ID is 0000.00000000, giving a total of 12 host ID’s to play with.
Therefore (212)-2=4094. So there are 4092 different host ID’s
Therefore the Host ID is 0000.00000000, giving a total of 12 host ID’s to play with.
Therefore (212)-2=4094. So there are 4092 different host ID’s
Why take off 2?
Two host ID addresses are reserved for every network.
If the host ID contains all 0’s it represents the Network it is on and can’t be used, e.g. (00000000) is invalid. This is known as the Network Address.
If the host ID contains all 1’s then this represents every computer in the network. This is known as the Broadcast Address, e.g. (11111111) represents every computer in the 194.34.23 network.
If the host ID contains all 0’s it represents the Network it is on and can’t be used, e.g. (00000000) is invalid. This is known as the Network Address.
If the host ID contains all 1’s then this represents every computer in the network. This is known as the Broadcast Address, e.g. (11111111) represents every computer in the 194.34.23 network.
Reserved addresses:
If the host part of the address is all zeroes, this looks similar to the subnet mask and is called the Network Address. By convention, this address is not used for any host. If the host part of the address is all ones, this represents not a single host but all hosts on that network. It is termed the broadcast address, and it shouldn’t be used for any host.
Although these days you can have any subnet mask, classes are still used when a subnet mask isn’t given. There are a number of private address ranges available for use in internal networks. These addresses will never be seen on the internet. As internet routers will not pass packets that originate from these addresses.
Class A : –
Class B : –
Class C : –
Class B : –
Class C : –
Custom Subnet Masks
Imagine a scenario where you have been assigned the address range for your company’s network. You need to have 14 separate networks each with ten computers in. is a class C address which means you have 254 hosts but only the one network (the 193.28.34) network.
Considering that you only need 10 hosts and not 254 we can take some of the host ID’s and turn them into Network ID’s. You can do that by creating a custom subnet mask…
We have the 8 host digits to play with. This equates to (28)-2=254 addresses. However we only need 140. Some of the host ID’s can be used as network ID’s.
Routers are network devices that are used to connect separate networks and to enable network traffic to pass between the networks. We have seen that machines on separate networks cannot pass data between themselves without assistance. A router or default gateway passes data to addresses that are not on the senders network.
With the help of a router computers on both networks would be able to communicate. The router is physically connected to both networks and has two IP addresses.
When a client wants to send a packet out on the network it checks the network ID of the destination machine. If it is different from its own it would send the packet to its default gateway.
Routers can communicate with other routers so that network packets can be passed to their correct destinations.
A network packet travelling out on the internet may pass through several routers before reaching its target. Each router forwards the packet on to the next router until it either reaches or fails to reach its destination.
Routing is covered in much greater detail later on in this course.
Configuring TCP/IP
This free lesson will teach you how to configure TCP/IP in windows and how to use the ipconfig command.
To configure TCP/IP click on Start.
Right-click on My Network Places.
Select Properties.
Right-click on the connection you want to configure and select Properties.
Highlight Internet Protocol (TCP/IP).
Select Properties.
This machine is currently configured to obtain an IP address automatically. Select Use the following IP address and fill out the relevant details.
Additional gateways and IP addresses can be added by clicking the Advanced Button…
..and configuring the appropriate options.
Using the ipconfig command
The ipconfig command can be used to display IP address information from a command prompt
Running ipconfig with /all switch produces a much more verbose display.
Internet Connection Firewall
Windows XP ships with a basic built-in firewall. The firewall helps protect the computer from outside attacks on the internet. A firewall controls which network traffic is allowed in and out of a computer. It does this by opening and closing ports.
When communications take place between two machines different port numbers are used depending on the service. As an example a Web Browser will communicate with a Web Server on port 80, which is the default port for HTTP (The language used to display web pages).
There a thousands of port numbers available many of the lower range numbers being reserved for common services. A few of the common port numbers are listed below.
Port 80: HTTP (Web Pages)
Port 21: FTP (File Transfer Protocol)
Port 25: SMTP (E-Mail)
Port 110: POP3 (E-Mail)
Port 443: SSL (Secure Web Pages)
Port 21: FTP (File Transfer Protocol)
Port 25: SMTP (E-Mail)
Port 110: POP3 (E-Mail)
Port 443: SSL (Secure Web Pages)
A hacker can sometimes compromise security on a machine by gaining access to the machine through an unused port. A Trojan horse virus opens a port on a client machine allowing a hacker to gain access to the machine. A firewall can be configured to allow only specific ports in and out of the computer thus greatly reducing the risk of a cracker gaining access.
To enable and configure the Internet Connection Firewall navigate to the properties of your network connection and selected Advanced.
Check the Internet Connection Firewall box to enable the firewall.
And select Settings to configure it.
A list of services allowed to connect to this machine is shown. New services can be added by selecting Add.
And filling out the details for the service.
For example this machine is hosting a Puma chat room server. Click on OK to add the service.
Connections on port 270 are now allowed to connect to this machine.
The Security Logging Tab specifies settings relating to the security log. For example you can log any unsuccessful connections.
The ICMP tab can be used to configure ICMP packets on the computer. ICMP packets are used during ping requests.
The options for the Internet Connection Firewall have been improved slightly for Windows XP Service Pack 2 however the principals remain exactly the same. Although the firewall is good enough to protect home users, for larger corporate networks and servers a third-party firewall should be used such as Microsoft ISA server.
Troubleshooting TCP/IP
These are the two main utilities for troubleshooting TCP/IP:
ping – used to test connectivity
ipconfig – used to view IP address information.
Before launching into detailed settings investigation, always check that the hub/switch has power to it, or that the network cable hasn’t been pulled out.
The ping command does the following:
Verifies connections to one or more remote computers by sending ICMP echo packets to the computer and listening for echo reply packets.
Waits for up to one second for each packet sent.
Prints the number of packets transmitted and received.
Each received packet is validated against the transmitted message to check that no data loss occurs.
The first item to ping is the local NIC. The loopback address is (Pinging “localhost” does pretty much the same thing.). If this fails then either your TCP/IP stack isn’t installed correctly, or the network card is not functioning.
The first item to ping is the local NIC. The loopback address is (Pinging “localhost” does pretty much the same thing.). If this fails then either your TCP/IP stack isn’t installed correctly, or the network card is not functioning.
Note that an address or computer name can be pinged.
Here a computer “jacklap” (ip address can’t be pinged. This doesn’t necessarily imply a connection problem. It may be a name resolution problem, and can be tested by pinging the ip address.
Here a computer “jacklap” (ip address can’t be pinged. This doesn’t necessarily imply a connection problem. It may be a name resolution problem, and can be tested by pinging the ip address.
If you can ping your own machine and others on the local network, then try pinging the default gateway. A message such as the one above implies that either the address is a wrong one, or if the report reads destination host unavailable then there may a problem with the gateway machine (router).
Default gateways or DNS servers can be discovered using the Ipconfig utility.
Typing Ipconfig at a command prompt brings up useful information. No settings can be altered from this window, but it reports the current settings for TCP/IP.
Typing Ipconfig with the /all switch presents additional items such as the adapter’s MAC address and name resolution information.