Before you start
Objectives: learn about important TCP/IP protocols in TCP/IP model.
Prerequisites: no prerequisites.
Key terms: protocol, port, network, transport, tcp, udp, ip, ftp, control, layer, host, internet, http
What is a Protocol
In networking, protocol is a set of standards and rules for communication between network hosts. Protocols often provide services, such as e-mail or file transfer. Most protocols perform a specific function. However, most protocols are not capable of performing every aspect of networking by itself. Most protocols rely on other protocols for a complete networking solution. A group of protocols that are to be used together is called a protocol suite. The most popular protocol suite is the TCP/IP protocol suite. TCP/IP is a set of protocols that is used on the Internet and on most networks.
TCP/IP Model or the Internet protocol suite is a set of communications protocols which is used on the Internet and similar networks. It is referred to as TCP/IP because of its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP). Those two protocols were the first networking protocols defined in this standard. The TCP/IP protocol suite has four abstraction layers (in contrast to OSI model which has 7), each with its own protocols. From highest to lowest the layers are:
- Application layer – handles application-based interaction on a process-to-process level between communicating Internet hosts
- Transport layer – handles host-to-host communication
- Internet layer – connects different networks
- Link layer – handles communication on a local network
Application Layer Protocols
Some of the well known protocols that reside at the Application layer of the OSI model are: DHCP, DHCPv6, DNS, FTP, HTTP, IMAP, IRC, LDAP, MGCP, NNTP, NTP, POP, RPC, RTP, RTSP, SIP, SMTP, SNMP, SOCKS, SSH, Telnet, TLS/SSL, XMPP, etc.
The first protocol that we are going to talk about is Hypertext Transfer Protocol (HTTP). The HTTPprotocol defines how websites exchange HTML documents. The protocol actually identifies how the browser submits a request to the server that holds the website, and how the server formats that data to return it back to the browser, and then how the browser displays the information. HTTP can be described as an information requesting and responding protocol. HTTP uses port number 80 by default and predominately uses TCP as the transport protocol, although it can use UDP also.
Another related protocol is a HTTPS. In HTTPS another protocol is added to HTTP, which is called SSL, or Secure Socket Layer. Secure socket layer is a method of encryption that protects data while traveling through the network. It uses RSA for authentication and encryption. Web browsers use SSL to ensure safe Web transactions. URLs that begin with https:// trigger our Web browser to use SSL. HTTPS is a secure form of HTTP that uses SSL to encrypt data before it is transmitted. HTTP and HTTPS are both transfer protocols that define how websites send information. HTTPS uses port number 443 by default, and uses TCP as the transport protocol. HTTPS should not be confused with the little-used Secure HTTP (S-HTTP).
Another protocol that’s similar to SSL is TLS or Transport Layer Security. Essentially they both provide encryption, but they are different in implementation. A protocol that uses TLS cannot use SSL, and vice-versa. SSL is probably more widely implemented, although TLS is more advanced then SSL because it includes other functionalities. TLS ensures that messages being transmitted on the Internet are private and tamper proof. TLS is implemented through two protocols: TLS Record (can provide connection security with encryption (with DES for example)), and TLS Handshake (provides mutual authentication and choice of encryption method).
FTP and TFTP
FTP or File Transfer Protocol and TFTP or Trivial File Transfer Protocol are both optimized for downloading and uploading data. FTP uses TCP as its transport protocol on port 20 for data transfer and on port 21 for control (commands). TFTP uses UDP on port 69. One of the main differences between FTP and TFTP is speed. Because UDP does not perform error checking or correction, TFTP is faster than the FTP. FTP provides a generic method of transferring files. It can include security through usernames and passwords, and it allows file transfer between dissimilar computer systems. FTP can transfer both binary and text files, including HTML, to another host. FTP URLs are preceded by ftp:// followed by the DNS name of the FTP server. To log in to an FTP server, use:ftp://username@servername. TFTP is similar to FTP. It lets us transfer files between a host and an FTP server. However, it provides no user authentication and no error detection. TFTP is often used when transferring files such as video, audio, or images. Because it does not perform error detection, TFTP is faster than FTP, but might be subject to file errors. One other file transfer protocol that we need to know about is SFTP. The S in this case stands for Secure. So we have Secure File Transfer Protocol. SFTP protocol uses another protocol called SSH to provide encryption of data and user authentication. SSH ensures that SFTP transmissions use encrypted commands and data which prevent data from being transmitted over the network in clear text. SFTP uses TCP as the transport protocol on port 115.
SMTP, POP and IMAP
Another set of protocol that we’ll talk about that are email transfer protocols. The first is the Simple Mail Transport Protocol or SMTP. SMTP is used between email servers and clients on each end that need to send mail. SMTP is used by email clients to send mail to the mail server. Then it’s used between mail servers to send mail from one server to the next. SMTP uses TCP transport protocol on port 25.
On the end, a different protocol may be used by the client to download or receive the mail. For example, client can use a protocol called Post Office Protocol or POP, or POP3 which is the third version of POP. By some e-mail client programs, such as Microsoft Outlook, SMTP can be used for receiving mail from an Exchange server. POP3 is used to retrieve e-mail from a remote server to a local client over a TCP/IP connection. With POP3, e-mail messages are downloaded to the client. Remember, an e-mail client that uses POP3 for receiving mail, uses SMTP for sending mail. POP3 uses TCP as the transport protocol on port 110.
Another protocol used by clients to download email is IMAP. There are various versions of IMAP as well, IMAP4 being the latest one. IMAP supports both on-line and off-line modes of operation. E-mail clients using IMAP generally leave messages on the server until the user explicitly deletes them. This and other characteristics of IMAP operation allow multiple e-mail clients to manage the same mailbox. IMAP offers access to the mail store which means that with IMAP the mail stays on the server, so as we read the mail it’s not copied to the local system. Clients may store local copies of the messages, but these are considered to be a temporary cache. Remember, an e-mail client that uses IMAP for receiving mail uses SMTP for sending mail. IMAP uses TCP as the transport protocol on port 143.
Another well known protocol is DHCP or Dynamic Host Configuration Protocol. DHCP is a method for automatically assigning addresses and other configuration parameters to network hosts. Using a DHCP server, hosts receive configuration information at startup, reducing the amount of manual configuration required on each host. This protocol is crucial in environments with many computers. Without DHCP we would have to go to each computer to configure, for example, an IP address. DHCP uses UDP as the transport protocol on ports 67 and 68 (the client uses its own port 68 as the source port with port 67 as the destination port on the server to send the request to the server).
Another great protocol is DNS or the Domain Name System. DNS is a system that is distributed throughout the internetwork to provide address to name resolution. DNS allows us to use host names to identify computers instead of using an IP address. For instance, www.google.com is a logical name that identifies a web server. When we use this name we initiate the HTTP protocol to read the information that’s on that server. DNS allows us to use logical names like this instead of remembering an IP address for the computer that we need to get to. DNS uses TCP and UDP as transport layers, on port 53.
Another protocol is the Network Time Protocol or NTP. NTP allows devices to synchronize their clocks through a network. The NTP is a method that allows devices to synchronize time, and it takes into effect the lag time between the networks as they try to synchronize their time. NTP uses UDP on port 123.
Another protocol is NNTP or Network News Transport Protocol. Network news transport protocol is used for reading news messages on the Internet. It’s often used with usenet news groups. NNTP uses TCP as the transport protocol on port 119.
Another protocol is LDAP or Lightweight Directory Access Protocol. LDAP is used to allow searching and updating of a directory service. The LDAP directory service follows a client/server model. One or more LDAP servers contain the directory data, and the LDAP client connects to an LDAP Server to make a directory service request. LDAP can use TCP and UDP as the transport protocol, on port 389.
SNMP, TELNET and SSH
These protocols are used for network management. SNMP or Simple Network Management Protocol is a protocol designed for managing complex networks. SNMP lets network hosts exchange configuration and status information. Information can be gathered by management software and used to monitor and manage the network. SNMP allows us to take a central computer and communicate with other devices on the network to find out information about those devices. We can send commands to other devices, tell them to do things like to start-up and to shutdown, or we can just monitor those computers. SNMP is the protocol that enables the communication and also the transfer of information from those other computers. SNMP uses UDP as the transport protocol on port 161.
Telnet or Remote Terminal Emulation allows an attached computer to act as a dumb terminal, with data processing taking place on the TCP/IP host computer. It provides interactive control of remote systems and is still widely used to provide connectivity between dissimilar systems. Telnet can also be used to test a service by the use of HTTP commands. Note that Telnet is unencrypted. Telnet uses TCP as the transport protocol, on port 23.
Similar to TELNET is SSH, or Secure Shell Protocol. SSH allows secure interactive control of remote systems. SSH uses RSA public key cryptography for both connection and authentication. SSH uses the IDEA algorithm for encryption by default, but is able to use Blowfish and DES. SSH is a secure and acceptable alternative to Telnet. SSH uses TCP as the transport protocol on port 22.
Transport Layer Protocols
Some of the Transport layer protocols in the TCP/IP model are: TCP, UDP, DCCP, SCTP, RSVP, RIP, BGP, ECN, etc. A transport protocol determines how information is sent through the various devices on the network.
TCP and UDP
The most common transport protocols used are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The difference between these two protocols is that TCP is a connection oriented protocol. That means that TCP ensures that information sent is actually received. TCP detects errors and acknowledge sent and received data. TCP provides Sequencing of data packets, flow control and error checking to ensure message delivery.
UDP is a connectionless protocol. It’s not concerned about whether the data gets to the destination. It makes the most efficient use of the network. UDP is typically used in situations where some level of loss is acceptable. It’s also used when we want to ensure speed over delivery, for example, for streaming video or audio. UDP is a host-to-host protocol like TCP, however, it does not include mechanisms for ensuring timely and accurate delivery. Because it has less overhead, it offers fast communications, but at the expense of possible errors or data loss.
Network Layer Protocols
Some of the Network layer protocols are: IP (IPv4 or IPv6), ICMP, ICMPv6, IGMP, OSPF, IPsec, etc. Note that we don’t have ports for these protocols.
ICMP or the Internet Control Message Protocol works closely with IP in providing error and control information, by allowing hosts to exchange packet status information, which helps move the packets through the internetwork. Two common management utilities, ping and traceroute, use ICMP messages to check network connectivity. ICMP also works with IP to send notices when destinations are unreachable, when devices’ buffers overflow, the route and hops packets take through the network, and whether devices can communicate across the network. For example, if we PING computer B from computer A, computer A sends out a message that in general says something like this – if you’re there please respond. If computer B is turned on and is correctly configured, it will respond back with an answer. This is called an Echo Response Pattern.
The last interesting protocol is IGMP or Internet Group Management Protocol. IGMP allows us to take a single message and send it out to multiple hosts throughout the network. In general, most communications that happen is between a single host to one destination host. This kind of communication is called unicast. With multicast we can send a single message out and that message is replicated to the various devices that need to receive it. IGMP is a protocol for defining host groups. All group members can receive broadcast messages intended for the group (called multicasts). Multicast groups can be composed of devices within the same network or across networks (connected with a router).
Link Layer Protocols
Protocols which reside at the Link layer are: ARP/InARP, NDP, Tunnels (L2TP), PPP, Media access control (Ethernet, DSL, ISDN, FDDI), etc.
The TCP/IP protocol suite was developed to work independently of the physical network architecture. We can use a wide variety of architectures with the TCP/IP protocol suite.
Protocol is a set of standards and rules for communication between network hosts. TCP/IP Model is referred to as TCP/IP because of its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP). HTTP identifies how the browser submits a request to the server that holds the website, and how the server formats that data to returns it back to the browser. Http uses TCP or UDP on port 80. HTTPS is a secure form of HTTP that uses SSL to encrypt data before it is transmitted. HTTPS uses TCP on port 443. FTP and TFTP are both optimized for downloading and uploading data. FTP uses TCP as its transport protocol on port 20 for data transfer and on port 21 for control (commands). TFTP uses UDP on port 69. SMTP is used by email clients to send mail to the mail server. SMTP uses TCP on port 25. POP3 is used to retrieve e-mail from a remote server to the local client. POP3 uses TCP on port 110. IMAP is another protocol which can be used to retrieve mail. IMAP uses TCP on port 143. DHCP is a method for automatically assigning addresses and other configuration parameters to network hosts. DHCP uses UDP as the transport protocol on ports 67 and 68 (the client uses its own port 68 as the source port with port 67 as the destination port on the server to send the request to the server). DNS allows us to use host names to identify computers instead of using an IP address. DNS uses TCP and UDP on port 53. NTP allows devices to synchronize their clocks through a network NTP uses UDP on port 123. NNTP is used for reading news messages on the Internet. NNTP uses TCP on port 119. LDAP is used to allow searching and updating of a directory service. LDAP can use TCP and UDP on port 389. SNMP lets network hosts exchange configuration and status information. SNMP uses UDP on port 161. Telnet provides interactive control of remote systems. Telnet uses TCP on port 23. SSH allows secure interactive control of remote systems. SSH uses TCP on port 22. The most common transport protocols used are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). The difference between these two protocols is that TCP is a connection oriented protocol. ICMP works closely with IP in providing error and control information, by allowing hosts to exchange packet status information. IGMP allows us to take a single message and send it out to multiple hosts throughout the network.