Computer Communications

The best place to start looking at TCP/IP is probably the name itself. TCP/IP in fact consists of dozens of different protocols, but only a few are the “main” protocols that define the core operation of the suite. Of these key protocols, two are usually considered the most important. The Internet Protocol (IP) is the primary OSI network layer (layer three) protocol that provides addressing, datagram routing and other functions in an internetwork. The Transmission Control Protocol (TCP) is the primary transport layer (layer four) protocol, and is responsible for connection establishment and management and reliable data transport between software processes on devices.

Due to the importance of these two protocols, their abbreviations have come to represent the entire suite: “TCP/IP”. (In a moment we’ll discover exactly the history of that name.) IP and TCP are important because many of TCP/IP’s most critical functions are implemented at layers three and four. However, there is much more to TCP/IP than just TCP and IP. The protocol suite as a whole requires the work of many different protocols and technologies to make a functional network that can properly provide users with the applications they need.

TCP/IP uses its own four-layer architecture that corresponds roughly to the OSI Reference Model and provides a framework for the various protocols that comprise the suite. It also includes numerous high-level applications, some of which are well-known by Internet users who may not realize they are part of TCP/IP, such as HTTP (which runs the World Wide Web) and FTP. In the topics on TCP/IP architecture and protocols I provide an overview of most of the important TCP/IP protocols and how they fit together.

Early TCP/IP History

As I said earlier, the Internet is a primary reason why TCP/IP is what it is today. In fact, the Internet and TCP/IP are so closely related in their history that it is difficult to discuss one without also talking about the other. They were developed together, with TCP/IP providing the mechanism for implementing the Internet. TCP/IP has over the years continued to evolve to meet the needs of the Internet and also smaller, private networks that use the technology. I will provide a brief summary of the history of TCP/IP here; of course, whole books have been written on TCP/IP and Internet history, and this is a technical Guide and not a history book, so remember that this is just a quick look for sake of interest.

The TCP/IP protocols were initially developed as part of the research network developed by the United States Defense Advanced Research Projects Agency (DARPA or ARPA). Initially, this fledgling network, called the ARPAnet, was designed to use a number of protocols that had been adapted from existing technologies. However, they all had flaws or limitations, either in concept or in practical matters such as capacity, when used on the ARPAnet. The developers of the new network recognized that trying to use these existing protocols might eventually lead to problems as the ARPAnet scaled to a larger size and was adapted for newer uses and applications.

In 1973, development of a full-fledged system of internetworking protocols for the ARPAnet began. What many people don’t realize is that in early versions of this technology, there was only one core protocol: TCP. And in fact, these letters didn’t even stand for what they do today; they were for the Transmission Control Program. The first version of this predecessor of modern TCP was written in 1973, then revised and formally documented in RFC 675, Specification of Internet Transmission Control Program, December 1974.

Modern TCP/IP Development and the Creation of TCP/IP Architecture

Testing and development of TCP continued for several years. In March 1977, version 2 of TCP was documented. In August 1977, a significant turning point came in TCP/IP’s development. Jon Postel, one of the most important pioneers of the Internet and TCP/IP, published a set of comments on the state of TCP. In that document (known as Internet Engineering Note number 2, or IEN 2), he provided what I consider superb evidence that reference models and layers aren’t just for textbooks, and really are important to understand

We are screwing up in our design of internet protocols by violating the principle of layering. Specifically we are trying to use TCP to do two things: serve as a host level end to end protocol, and to serve as an internet packaging and routing protocol. These two things should be provided in a layered and modular way. I suggest that a new distinct internetwork protocol is needed, and that TCP be used strictly as a host level end to end protocol.

What Postel was essentially saying was that the version of TCP created in the mid-1970s was trying to do too much. Specifically, it was encompassing both layer three and layer four activities (in terms of OSI Reference Model layer numbers). His vision was prophetic, because we now know that having TCP handle all of these activities would have indeed led to problems down the road.

Postel’s observation led to the creation of TCP/IP architecture, and the splitting of TCP into TCP at the transport layer and IP at the network layer; thus the name “TCP/IP”. (As an aside, it’s interesting, given this history, that sometimes the entire TCP/IP suite is called just “IP”, even though TCP came first.) The process of dividing TCP into two portions began in version 3 of TCP, written in 1978. The first formal standard for the versions of IP and TCP used in modern networks (version 4) were created in 1980. This is why the first “real” version of IP is version 4 and not version 1. TCP/IP quickly became the standard protocol set for running the ARPAnet. In the 1980s, more and more machines and networks were connected to the evolving ARPAnet using TCP/IP protocols, and the TCP/IP Internet was born.

IMPORTANT FEATURES IN THE SUCCESS OF TCP/IP

TCP/IP was at one time just “one of many” different sets of protocols that could be used to provide network-layer and transport-layer functionality. Today there are still other options for internetworking protocol suites, but TCP/IP is the universally-accepted world-wide standard. Its growth in popularity has been due to a number of important factors. Some of these are historical, such as the fact that it is tied to the Internet as described above, while others are related to the characteristics of the protocol suite itself. Chief among these are the following:

Integrated Addressing System: TCP/IP includes within it (as part of the Internet Protocol, primarily) a system for identifying and addressing devices on both small and large networks. The addressing system is designed to allow devices to be addressed regardless of the lower-level details of how each constituent network is constructed. Over time, the mechanisms for addressing in TCP/IP have improved, to meet the needs of growing networks, especially the Internet. The addressing system also includes a centralized administration capability for the Internet, to ensure that each device has a unique address.

Design For Routing: Unlike some network-layer protocols, TCP/IP is specifically designed to facilitate the routing of information over a network of arbitrary complexity. In fact, TCP/IP is conceptually concerned more with the connection of networks, than with the connection of devices. TCP/IP routers enable data to be delivered between devices on different networks by moving it one step at a time from one network to the next. A number of support protocols are also included in TCP/IP to allow routers to exchange critical information and manage the efficient flow of information from one network to another.

Underlying Network Independence: TCP/IP operates primarily at layers three and above, and includes provisions to allow it to function on almost any lower-layer technology, including LANs, wireless LANs and WANs of various sorts. This flexibility means that one can mix and match a variety of different underlying networks and connect them all using TCP/IP.

Scalability: One of the most amazing characteristics of TCP/IP is how scalable its protocols have proven to be. Over the decades it has proven its mettle as the Internet has grown from a small network with just a few machines to a huge internetwork with millions of hosts. While some changes have been required periodically to support this growth, these changes have taken place as part of the TCP/IP development process, and the core of TCP/IP is basically the same as it was 25 years ago.

Open Standards and Development Process: The TCP/IP standards are not proprietary, but open standards freely available to the public. Furthermore, the process used to develop TCP/IP standards is also completely open. TCP/IP standards and protocols are developed and modified using the unique, democratic “RFC” process, with all interested parties invited to participate. This ensures that anyone with an interest in the TCP/IP protocols is given a chance to provide input into their development, and also ensures the world-wide acceptance of the protocol suite.

Universality: Everyone uses TCP/IP because everyone uses it!

By default tcpdump produces one line of text per every packet it intercepts. It prints out the headers of packets on a network interface that match the boolean expression.  It can also be run  with the  -w  flag,  which causes it to save the packet data to a file for later analysis, and/or with  the -b  flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

Each line starts with a time stamp. It tells you very precise time when packet arrived.

Next comes protocol name. Unfortunately, tcpdump understands very limited number of protocols. It won’t tell you the difference between packets belonging to HTTP and for instance FTP stream. Instead, it will mark such packets as IP packets. It does have some limited understanding of TCP. For instance it identifies TCP synchronization packets such as SYN, ACK, FIN and others. This information printed after source and destination IP addresses (if it IP packet).Source and destination addresses follow protocol name. For IP packets, these are IP addresses. For other protocols, tcpdump does not print any identifiers unless explicitly asked to do so (using -e command line switch).

Finally, tcpdump prints some information about the packet. For instance, it prints TCP sequence numbers, flags, ARP/ICMP commands, etc.

Here’s an example of typical tcpdump output.

17:50:03.089893 IP 69.61.72.101.www > 212.150.66.73.48777: P 1366488174:1366488582

(408) ack 2337505545 win 7240 <nop,nop,timestamp 1491222906 477679143>

This packet is the part of HTTP data stream. We can understand the meaning of each and every field in the packet description in later part of our discussion.

Here’s an other example.

17:50:00.718266 arp who-has 69.61.72.185 tell 69.61.72.1

This is ARP packet. It’s slightly more self explanatory than TCP packets. Again, to see exact meaning of each field in the packet description we will discuss it later on.

Here are some more examples for understanding tcpdump with their explanation.

To  print  all  packets arriving at or departing from game:

# tcpdump host game

To print traffic between helios and either hot or ace:

# tcpdump host helios and \( hot or ace \)

To print all IP packets between ace and  any  host  except helios:

# tcpdump ip host ace and not helios

To print all traffic between local hosts and hosts at IIT:

# tcpdump net iit-ether

To print all ftp traffic through  internet  gateway  snup:

# tcpdump ‘gateway snup and (port ftp or ftp-data)’

To print traffic neither sourced  from  nor  destined  for local  hosts  (if you gateway to one other net, this stuff should never make it onto your local net).

# tcpdump ip and not net localnet

USES:

We use tcpdump to measure the response time and the packet loss percentages. It can also tell us about lack of reachability for some distant server.

Using tcpdump we have a view on any TCP/UDP connection Establishment and Termination. TCP uses a special mechanism to set and close connections (we will discuss this later on); we measure the time lapse between the packets involved with this mechanism in order to know how fast some connections operate.

To install tcmdump

#apt-get install tcpdump

The TCPDUMP Syntax and there explanations are as following:

LAN: Local area network.
A local area network (LAN) supplies networking capability to a group of computers in close proximity to each other such as in an office building, a school, or a home.
LAN allows certain computers on the network to offer their resources such as printers, Hard disks, floppy, printers etc..for use by other computers on the network as if hey were their own.
The computer which provides resources are called as “SERVER” and the computer which uses is called as “WORKSTATIONS”. If a computer works as a server and a workstation simultaneously it is called as peer and the network without dedicated server is called as peer-to-peer networks and in a dedicated server environment, its called a Client-Server based network.

How it works:
A LAN consists of two or more computers each equipped with a communication device called network interface or network adapter. Network interfaces are connected to one another by some type of communications medium, which provide pathway for electrical signals that connect all of the computers on the LAN. The most widely used, cost-effective and highest performance network medium in use today is twisted pair ETHERNET CABLE. The transfer of data, file access are controlled by an administrator
Relatively new technology called wireless ethernet uses radio signal instead of copper cables.

For ex: Assume two computers, say COMPUTER A and COMPUTER B are connected by a LAN newtork, Computer A contains a CD ROM and Computer B doesn’t have CD ROM, B wil be able to access A’s CD ROM through LAN.

TCPDUMP is a network protocol analyser which works on command line.it is the pre version of network protocol analysers like ethereal and wireshark

TCP Dump allows you to examine the header or content of each packet flowing over an interface or data link. To begin monitoring, select the desired interface from the “Monitor interface” popup and press “Start”.

TCP Dump in IPNetMonitorX is a simple User Interface to the underlying unix “tcpdump” facility. Unix tcpdump has many options allowing you to specify in detail what packets you want to capture including protocols, interfaces, and link layer headers. The Options field accepts standard tcpdump options (“-n -p -t” for example to show numeric addresses, do not set promiscuous mode, and no time stamps).

Naturally you can run tcpdump directly from a terminal window if desired. The reason to incorporate TCP Dump in IPNetMonitorX is simple user convenience.

While TCP Dump is well suited to capturing packet headers and protocol information, it is less ideal for viewing the actual TCP data flow between a client and server. For this purpose, you can “Use TCP Flow” instead of TCP Dump. tcpflow is an open source utility distributed under GNU .

picture source-

http://sustworks.com/site/prod_ipmx_help/html/TCPDumpHelp.html

The grab of TCPDUMP from ethereal

tcpdump is used on platforms like ethereal by network professionals for troubleshooting, analysis, software and protocol development. It has all of the standard features you would expect in a protocol analyzer, and several features not seen in any other product. Its open source licence allows people in the networking community to add enhancements. It runs on all popular computing platforms, including Unix, Linux, and Windows.although the windows version is enhanced with ethereal modern day network analyzers like wireshark are more popular and have made it redundant.

abridged from-http://www.ethereal.com/
parisparfait.typepad.com

As said previously, tcp dump is an analyser tool which displays the packets which flow in a network or an interface in a computer or a server(which analyses the packets which the server is using) and displays them. It allows us to view entire ethernet frame or other link layer and if required print the frame header. By default, tcp dump prints the packets at the IP layer. TCPdump generally helps in solving a variety of problems and analysts say that the number of server based problems that could be solved by using TCPdump is limitless since it prints detailed information about network traffic, helps in debug denial and during service attacks. If a network is flooded and all other attempts to determine the source or destination of the traffic fail, tcpdump will show you the source address, destination address, and type of traffic involved.