b0g!#@! Magazine

[home] [<-back] [index] [next->]

[ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]
[ b0g article # 2 :::::::::::::::::::::::::::::::::::::::::::::: b0g ]
[ ::::::::: Guide to TCP/IP - redpriest - priest@hack3r.com :::::::: ]
[ :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: ]

Ok TCP/IP is a software based communications protocol used in
networking.

Although the name may appear to be a entire combination of just two
protocols, The term refers not to a single entity combining two
protocols but rather a set of software programs that provide network
services such as the many things you use on the Internet today (Remote
login, FTP, And e-mail)

Although those are the basic services that the protocol suite provides
that isn't the boundaries many other things use tcp/ip to communicate,
TCP/IP basically provides a method of transferring information from
one computer to another.

TCP/IP has protocol's to handle error correction, Manage the routing
and delivery of data and control the actual transmission. And many
other things you will find out later in this lecture.

Despite the fact that tcp/ip is an open protocol many companies around
the world have modified it for there own networking system. You should
be careful in choosing to modify it because it needs to be combatable
with hardware and software and can cause problems

TCP/IP is very often referred to as an Internet architecture because
TCP/IP and the Internet are closely woven

The Internet was originally proposed by the precursor of DARPA, called
(ARPA) Advanced research projects agency, as a method of testing the
viability of packet-switching networks, During the tenure with the
project , ARPA foresaw a network of leased lines connected by
switching nodes. The network were to be named ARPANET, And the
switching nodes were named Internet message processors. (IMP'S)

After so they developed a "Remote login" protocol/feature it was
called the (NCP) Network Control Program, Later on Electronic mail was
added through the File transfer protocol (FTP)

After this many events occurred but there isn't the bandwidth to tell
them here and they have almost no importance to explain here..

As ARPANET grew out of being a military only network, Other companies,
universities, corporations and to user community's it became
known as the "Internet".

Note: There is no single network called the Internet. The term refers
to a collective network of subnetworks, The only one thing they have
in common is TCP/IP

Another thing that was developed later was the Domain Name System but
we wont get into that much i decided i would mention the . suffixes
and what they are Well we know most of these but i will go over them

.com, Would be owned by a commercial company

.net, Was meant for networks used by Internet service providers

.arpa, Was and is an ARPANET Internet identification addy

.gov, Any goverment body

.mil, Any military orginization

.edu, Educational Institution

.org, Anything that dosent fall into one of these categories.

Although the suffix's were categorized into those topics today you can
basically register any one of them for a price,

Ok here i will explain the second part of TCP/IP IP and what its all
about.

TCP/IP uses a 32-bit address to identify a machine on a network to
which it is attached. Ip addresses identify a machines connection to a
network, not the machine itself. An ip address is a address that users
commonly see on there machine/terminal and example would be
120.43.2.45, Which uniquely identifies that device.

There are four formats for the ip address with each used depending on
the very size of the network. The four formats have been named the
Class of the ip.

A through D, The class can be determined by the first three (high
order) bits, In fact the first two are usually enough because there
aren't many class D networks Ok i will explain each class.

Class A addy's are for networks that have many machines on them. The
24 bits for the local address are needed in these cases. The network
is usually kept in 7 bits, Which limits the number of networks that
can be identified

Class B addresses are usually for intermediate networks, with local 16
bit local or host addresses and 14 bit network addresses.

Class C networks have only 8 bits for the local or host address,
Limiting the number of devices to 256. There are 21 bits for the
network addresses.

Class D addresses are used for multicasting purposes, when a general
broadcast to more than one device is required, the lengths of the ip
address are chosen carefully to provide maximum flexibility in
assigning both network and local addresses.

IP addresses are four sets of 8 bits, for a total 32bits. You often
represent these bits by separation with a period, So the format can be
thought of as network.local.local.local But for Class A
network.network.network.local

This is where ARP slips in (Address Resolution Protocol), ARP'S job is
to IP address to physical addresses (Network & Local)

Next i will explain the Internet protocol datagram header when
ethernet receives and IP-Assembled datagram (which includes the ip
header), it adds a header to the front to create a frame this process
is called encapsulation.

One common difference between the IP and Ethernet headers is that
ethernets headers contain the physical address of the destination
machine, whereas the ip header contains the ip address

This translation is performed by ARP.

Note: Encapsulation is the process of adding something to the start
and sometimes the end of data

Ok next i will cover the IP header layout this is a long ass part but
that will be basically it for IP next we will move onto TCP.

They will be listed in order first comes

Version number, this is a 4-bit field that contains the IP version
number the protocol the software is using this is needed so that the
receiving IP software knows how to decode the rest of the header,
Which changes with each new release of the ip standards. The most
widely used version i have noticed is IPv4

Although several systems are testing a version called IPng (v.4) the
Internet and most lan's do not support IP6 right now.

Part of the protocol definition stipulates that tha receiving software
needs to check the version number of incoming datagrams before
proceeding to anylize the rest of the header. If it cannot handle the
Version the machine ignores the content completely

Header Length, This 4-bit field reflects the total legnth of the Ip
header built by the sending machine. It is specified in 32 bit words.
The shortest header is 5 words, But use of the options thing can
increase it to it maximum 6 words to properly decode the header, IP
MUST know when the header ends and the data begins. There isn't a
start-of-data marker so that's why this field is included so the
header legnth is used to offset from the start of the ip header to
give off IP header.

Types of service, The 8-bit (1 byte) Service field instructs how to
process the datagram properly. The fields 8 bits are read and
assigned. The first 3 bits indicate the datagrams precedence from a
value from 0 (normal) to 7 (network control) The higher the number the
more important the more import the datagram and in theorie the lower

the faster it is routed.

The next three bits are one bit flags that control the delay,
Throughput, and reliability of the datagram. If the bit is set the the
number 0, the setting is normal, A bit set to 1 implies Low delay and
high throughput and reliability for respective flags. The last two
bits of the fields aren't used.

Datagram Length or packet legnth, This one just basically gives the
total legnth of the datagram including the header in bytes

Next is Identification this field hold a number this is a unique
identify created by the sending node, this is required in reassembling
fragmented messages, Ensuring that the fragments of one message aren't
intermixed with another.

Next we cover Flags, the flags are a 3 bit field, the first bit is
unused the remaining bits are called DF which stands for Don't
Fragment! and MF More fragments, which control handling of the
datagrams when the fragmentation is requested

The DF flag is set to 1 and cant ever be fragmented if it is so the
packet will be returned as an error.

The MF flag though is set to 1 and the current datagram is followed by
more packets which are reassembled to create tha full message.

Next i will skip to TTL (Time to live) i wont get in depth about this
one because there isn't much depth to reach, This basically tells the
computer the time that the datagram can remain on the network before
the datagram is discarded

Header Checksum, The number in this field of the IP header is a
checksum for tha protocol header field, but not the data fields to
enable faster processing of data fields

The almost last is the Sending address and destination address, These
fields contain 32-bit ip addy's of the sending and destination
devices. This is established while the datagram is created not changed
during routing

Next we cover the ] EVIL [ option field heh ] The option field is of
corse optional. It is composed of several codes of variable length. If
more that one option is used in this datagram, the option appears
consecutively in the ip header. All the options are controlled by a
byte

This is usually divided into three fields a 1-bit copy flag a 2-bit
option class and a 5-bit option number... Damn im up on the typo's

Padding isn't a hard one and has a pretty simple job the content of it
depends on the options selected the padding is usually to ensure that
the datagram header is a round number of bytes

In this lecture i will not cover IPv6 because it is a hell of a topic
and i wont cover ICMP packets for reasons that any advanced user will
know (TO goddamn big :p) I might choose to do a separated lecture y
never know

Ok next we will look @ the wonderful world of TCP and UDP but first we
take a brake for a few minutes as you can imagine im very tired.

Ok back from our brake if you didn't remember we are covering TCP and
UDP first i will cover alot of TCP then UDP will follow

Ok we just covered IP in considerable detail i hope TCP will be also
this way, as you might remember, the Internet protocol handles the
lower-layer functionality. Right now we look at the transport layer
where the TCP and UDP protocols come into play

TCP/IP has alot of inner protocols here i will display there names and
there function then move onto tcp etc..

(UDP) User Datagram Protocol: Connectionless services

The following are routing protocols in the TCP/IP protocol family
(IP) Internet Protocol: Handles transmission of information.

(ICMP) Internet Message Control Protocol: A maintenance protocol used
between two systems to share status and error information

(RIP) Routing Information Protocol: determines routing

(OSPF) Open shortest path first: Alternate protocol for determining
routing

The following are Network Address protocols of the TCP/IP suite,
remember all of these services will be explained later on in the
lecture.

(ARP) Address Resolution Protocol: A protocol used to determine the
hardware address from the ip address of the destination computer

(DNS) Domain Name System: Translates host names into ip one example is
www.hackphreak.org after a DNS request would be 206.186.182.10

(RARP) Reverse Address Resolution Protocol: Required when a computer
must determine an ip address when it already has a physical hardware
address.

The following is a group of user services if the TCP/IP suite.

(FTP) File transfer protocol: transfers files

(BOOTP) Boot protocol: Starts up a network machine

(telnet): Allows remote login

The following are the gateway protocols they will also along with all
others be explained at the end of the lecture

(EGP) Exterior Gateway Protocol: transfers routing information for
external networks

(GGP) Gateway-to-Gateway Protocol transfers routing information
between gateways

(IGP) Interior Gateway Protocol: transfers routing information for
internal networks

The following are the LAST types of protocols i call them the OTHER
group because they really cant be placed in the other groups.

(NFS) Network File System: enables directories on one machine to be
mounted on another.

(NIS) Network Information Service: Maintains user accounts across
networks.

(RPC) Remote Procedure Call: enables remote applications to
communicate.

(SMTP) Simple Main Transfer Protocol: transfers electronic mail

(SNMP) Simple Network Management Protocol: Sends status message about
the network

Ok so we got all the protocols and what they do for your reference.

TCP is one of the most widely used transport layer protocols,
expanding from its original implementation on the ARPANET to
connecting commercial sites all over the world.

In theorie TCP could be a very simple software routine, but i wouldn't
advise calling TCP simple, Why use a transport layer as complex as
tcp? the most important reasons depend on Ips unreliability as you
have seen ip dosent guarantee delivery of a datagram packet its a
connection less

system with no reliability IP simply handles the routing of datagrams,
and if a problem occurs during transfer ip just discards the packet
generating an ICMP error message back to the sender most people think
of TCP and IP as a close pair but in some instances TCP uses itself
without the IP protocol

Like in FTP and SMTP both of which don't use IP

What ip TCP? TCP provides a considerable amount of services in the IP
layer and the upper layer, most importantly it provides connection
oriented protocol to the upper layers that can be sure to the
application that the packet sent out of the network was received
entirely.

So you could say TCP acts as a message validation protocol providing
reliable communications if a datagram is corrupt of lost tcp provides
retransmitting.

Note: TCP is not a piece of software. its a communications protocol.

You could actually think of tcp as being similar to a telephone
conversation. A connection is made between the source and the
destination this is sometimes called a virtual circuit. But files and
data can

be transferred during the conversation like a two way phone
conversation. and when they are done one or both computers agree to
drop the conversation.

Because tcp is a connection-oriented protocol responsible for ensuring
the transfer of datagram from the source to the destination machine
(end-to-end communications, TCP MUST receive communications messages
from the destination machine to acknowledge receipt of the datagram,

The is a stream of individual characters send asynchronous. This is in
contrast to most protocols which use fixed blocks of data. This can
pose some conversation problems with applications that handle only
formally constructed blocks of data or insist on fixed-size messages.

To better illustrate the tole of TCP we will "Follow" a message to get
the anoatomy of the message..

The message originates from an application in an upper layer and is
then passed to TCP from the next higher layer in the architecture
through some protocol, The message is passed as a stream.

TCP receives this stream of bytes and assembles them into TCP
segments, or packets, In the process of assembling the segment, header
information is attached to the front of the data. Each segment has a
checksum calculated then embedded within the header

as well as a sequence number if there is more than one segment in the
entire message. The length of the segment is usually determined by TCP
or a system value determined by the system administrator.

If two way communications are required like FTP or Telnet, a
connection (virtual circuit) between the sending and receiving
machines is established prior to passing the segment to IP for
routing. This process starts with the sending TCP software issuing a
request for a TCP connection

with the receiving machine. In the message a unique number (called a
socket #) that identify's the sending machines connection. The
receiving TCP software assigns its own unique number and sends it back
it to the sending machine

The two unique numbers then define the connection the two machines
until the virtual circuit is terminated, After the virtual circuit,
TCP sends the segment to the IP software, which issues the message
over the

network as a datagram IP can perform and of the changes to the segment
that you saw earlier, such as fragmenting it and reassembling it at
the destination machine, These steps are completely transparent over
the TCP layers however. After winding its way over the network, the

receiving machines ip passes the received segment to the recipient
machines TCL layer where it is processed and passed up to the
applications using an upper-layer protocol

If the message was more than one segment long (Not ip datagrams), the
receiving TCP software reassembles the message using the sequence
numbers contained in each segment header. If a segment is missing or
corrupt, TCP returns a message with the faulty sequence number in the
body, the originating TCP software can then resend the bad segment
(Cool eh?)

The receiving machines TCP implementation can perform a simple flow
control to prevent buffer overload it does this by sending a buffer
size called a window value to the sending machine, Following which the
sender can only enough bytes to fill the window, After that the sender
must wait for another value to be

received. this provides a handshaking protocol between the two
machines, although it slows down the transmission time slightly and
increases network traffic.

I wont get into TCP timers two much. here go's some stuff on TCB and
flow Overflow (Overflow)

TCP has alot to keep tract of, information about each connection, It
does this through transmission control block which contains
information about the local and remote socket numbers, the send and
receive buffers, security and priority values, and current segment
queue. The TCB

As mentioned earlier TCP must communicate with IP in the layer below
and applications in the upper layer. TCP must also communicate with
other TCP implementations across networks. To do this, it uses
Protocol Data Units (PDUs), which are called segments in TCP parlance

The following is a layout of one of those units

The different fields are as follows

* Source port: A 16-bit field that identifies the local TCP user
(usually an upper-layer application program).

* Destination port: A 16-bit field that identifies the remote
machine's TCP user.

* Sequence number: A number indicating the current block's position in
the overall message. This number is also used between two TCP
implementations to provide the initial send sequence (ISS) number.

* Acknowledgment number: A number that indicates the next sequence
number expected. In a backhanded manner, this also shows the sequence
number of the last data received; it shows the last sequence number
received plus 1.

* Data offset: The number of 32-bit words that are in the TCP header.
This field is used to identify the start of the data field.

* Reserved: A 6-bit field reserved for future use. The six bits must
be set to 0.

* Urg flag: If on (a value of 1), indicates that the urgent pointer
field is significant.

* Ack flag: If on, indicates that the Acknowledgment field is
significant.

* Psh flag: If on, indicates that the push function is to be
performed.

* Rst flag: If on, indicates that the connection is to be reset.

* Syn flag: If on, indicates that the sequence numbers are to be
synchronized. This flag is used when a connection is being
established.

* Fin flag: If on, indicates that the sender has no more data to send.
This is the equivalent of an end-of-transmission marker.

* Window: A number indicating how many blocks of data the receiving
machine can accept.

* Checksum: Calculated by taking the 16-bit one's complement of the
one's complement sum of the 16-bit words in the header (including
pseudo-header) and text together. (A rather lengthy process required
to fit the checksum properly into the header.)

* Urgent pointer: Used if the urg flag was set; it indicates the
portion of the data message that is urgent by specifying the offset
from the sequence number in the header. No specific action is taken by
TCP with respect to urgent data; the action is determined by the
application.

* Options: Similar to the IP header option field, this is used for
specifying TCP options. Each option consists of an option number (one
byte), the number of bytes in the option, and the option values. Only
three options are currently defined for TCP:

* Padding: Filled to ensure that the header is a 32-bit multiple.

Next i will cover how TCP establishes a connection in EXACT process
this will help you understand TCP i think

A connection can be established between two machines only if a
connection between the two sockets does not exist, both machines agree
to the connection (Like a handshake eh) and both machines have the
resources available. If any of them conditions aren't met then the
connection cant be made

The acceptance of connections can be triggered by an application or a
system administration routine. Once a connection is established, it is
given certain properties that are valid until the connection is closed

Typically, these are a precedence value and a security value. These
settings are agreed upon by the two applications when the connection
is in the process of being established

(Sends a global notice for hackphreak users to wake up :p)

In most cases, a connection is expected by two applications, so they
issue active or passive open requests, (Ok lets get how its really
done), The process begins with

Machine A's TCP receiving a request for a connection from its ULP, to
which it sends an active or primitive to Machine B. The segment that
is constructed has the SYN flag set on (set to 1) and has a sequence
number assigned

The application on machine B has issued a passive open instruction to
its TCP. When the SYN SEQ 50 segment is received, Machine B's TCP
sends an acknowledgment back to machine A with the sequence number of
51. Machine B also sets an ISS

Number of its own (Initial Send Sequence number) This shows this
message as "ACK 51; SYN 200," indicating that the message is an
acknowledgment with sequence number 51, it has the SYN flag set, and
has an IIS of 200

upon receipt, Machine A sends back its own acknowledgment message with
sequence number set to 201. This is "ACK 201" Then, having opened and
acknowledged the connection machine a and machine B both send

connection open messages through the ULP to the requesting
applications it is not necessary for the remote machine to have
passive open instruction, as mentioned earlier. In this case the
sending

machine provides both the sending and receiving socket numbers, as
well as precedence, security, and timeout values. It is common for two
applications to request an active open at the same time. This is
resolved quite easily, Although it does involve a little

more network traffic.

I will describe data transfer and how it occurs but not closing
connections etc.. because that's long stuff :p

Transferring information is straightforward, For each block of data
received my machines A's TCP from the ULP, TCP encapsulates it and
sends it to Machine B with an increasing sequence number. After
Machine B receives the message it acknowledges it with a segment a
acknowledgement that

increments the next sequence number (and hence indicates that it has
received everything up to that sequence)

The TCP data transport actually embodies six subservices

1. Full duplex: Enables both ends of a connection to transmit at any
time, even simultaneously

2. Timeliness: Use of timers to ensure that data is transmitted within
a reasonable amount of time

3. Ordered: Data sent from one application is received in the same
order at the other end this occurs despite the fact that the datagrams
might be received out of order through IP, because TCP reassembles the
message in the correct order before passing it up to higher layers

4. Labeled: All connections have an agreed-upon precedence and
security value

5. TCP can regulate the flow of information through the use of buffers
and window limits

6. Checksums ensure that data is free of errors (Within checksums
algorithm's limits)

Ok now that i have completed that lets move on to the promised stuff
on UDP

UDP: User Diagram Protocol just for your notes or whatever just an
explanation of the acronym

TCP is a connection-based protocol. There is times where a
connectionless protocol is required, so UDP is used. UDP is used with
both Trivial File Transfer Protocol (TFTP) and the remote call
procedure. Connectionless communications don't provide reliability,

meaning that there is no indication to the sending device that a
message has been received correctly. Connectionless protocols also do
not offer error-recovery capabilities which must be either ignored

or provided in the higher or lower layers. UDP is much more simple
than TCP it interfaces with IP (and or other protocols" without the
bother of flow control or error correction mechanisms, acting simply
as a sender and receiver of datagrams.

The UDP message header is much much simpler than TCP's. the following
is the fields of a UDP header

* Source port: An optional fields with the port number. If a port
number is not specifies, the field is set to 0

* Destination port: The port on the destination machine

* Length: The length of the datagram, including header and data

* Checksum: A 16-bit one's complement of ones's complement sum of the
datagram, including a pseudoheader similar to that of TCP.

Well thats basicly it for UDP a very simple protocol.

I have to admit in this lecture i havent covered alot of things basic
things that were involving with TCP/IP but i dident because of time &
compression besides there is enuf OSI stuff. But expect to see more
text from me here.

Well i dident cover UDP but hell. I will make more text files on like
UDP and IPv6, IPv6 isn't ANSI yet but i suppose it will be

Shouts : B0g, Rhino9, b0g, gH, b0g, #hackphreak, b0g, mosthated, b0g,
#k-rad, grimreapa, b0g, rafay, b0g, system_v, b0g, HFG and all u's i
missed.

b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!

b0g b0g!# !b0 b0 #@! b0g!# #@!
b0g !b0g!#@ !b0 b0 #@ @!b0g!#@ #@!
b0g @!b0g!#@! !b0 !b0 #@ #@! #@! #@!
b0g @! @!b !#@! !b0 #@!b0g!#@!b !#@ 0 @!b #@!
b0g #@!b #@!b #@! !#@!b0g! !b0 !#@!b0g!#@!b !# b0g!#@!b #@!
b0g!#@!b0 #@!b #@! g!#@!b0g! !b0 !#@!b0g!#@!b g!# !b0g!#@ b0 #@!
b0g!#@!b0g #@!b #@! 0g!# b0g! !b0 !b !# g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g!# b0g! !b0 @!b !# g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g! b0g! !b0 @!b !# g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g! b0g! !b0 !#@!b0g!#@! g! @!b !#@ b0 #@!
b0g !b0g #@!b #@! 0g! b0g! !b !#@!b0g!#@! g! @!b !#@ b0 #@
b0g !b0g #@!b #@! 0g!# !b0g! @! g! g!# !b0g!#@!b0
b0g!#@!b #@!b0g!#@! g!#@!b0g! !b0 #@! g! !# !b0g!#@!b #@!
b0g!#@!b @!b0g!#@ g!#@!b0g! !b0 #@! 0g! !#@ b0 !#@!b #@!
0g!#@! !b0g!# !#@ b0g! !b0 #@ 0g #@! #@!
b0g! !b0g!#@!
g!#@!b0g b0g!#@
g!#@!b0
g!#@!b

b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!b0g!#@!

Hint: 30,31

[^-top] [next->]