Five layers of TCP-IP protocol are;
- Physical layer : deals with how bits are identified and transmitted, voltage values etc
- Data-link layer: how the device on medium is identified and how it is accessed or shared and how the frame is constructed. Deal with MAC in case of ethernet medium.
- Internet(IP) layer: protocols to communicate across network. IP routing. OSPF
- Host-to-host layer: Logical connection between two communicating hosts. TCP/UDP etc
- Application layer: individual process running on end host.
IPv4 header Fields:
- Version: set to 4
- Header length: minimum header length is 20 bytes. Options field can make upto 60 byte
- TOS: First 6 bits are DSCP and last 2 bits are ECN. Used for QOs.
- Total length: Maximum value is 65535. Maximum possible IPv4 packet size
- Identification: Router which fragments a packet places same value on all chunk packets for end host to identify fragments of same packet.
Flags: 3 bits:
- First bit is unused.
- Second bit is DF (don’t fragment) bit. If set, router will drop packet and send ICMP if packet has to be fragmented.
- 3rd bit is More Bit (MF): The last fragment MF is set to 0.
- Fragment offset: to identify at which location this fragments fits into.
- TTL: hop limit.
- Protocols: To identify host-host layer protocol. 1 for ICMP. 2 for IGMP. 6 for TCP. 17 for UDP. 89 for OSPF.
- Header checksum: For error detection.
- Source and destination IP address.
- Loose source routing: List of IP addresses are added which the packet has to travel through. Multiple hops can be taken between two addresses.
- Strict source routing: List of IP addresses are added which the packet has to travel through in strict order.
- Record route: allows router to add its outgoing interface while packet is routed.
- Timestamp: similar to RR expect timestamp is also added.
- All options can be invoked via extended ping.
First octet rule:
- IPv4 address has 3 parts: Network part, subnet and host part.
- Network mask can be represented in dotted decimal (default), bitcount (/24 via “ip netmask-format bit-count” command on VTY lines) or hexadecimal\
- RFC – 826
- Important fields: Protocol type, opcode, sender ip address, sender mac address, target ip address, target mac address. If sender IP == target IP in an ARP, then it is GARP.
- ARP entries are hold for 4 hours.Can be changed on per interface using “arp time-out x”
- Static ARP via “arp <ip> <mac> <encap type>”
- Proxy ARP: when a router receives ARP request on a network with target IP address belonging to another network and if the router has that network in its routing table, it sends ARP reply on behalf on another network.
- Enabled by default. Can be disabled per interface via “no ip proxy-arp”
- GARP: detect IP duplication. Disabled by default.Can be enabled via “ip gratuitous-arps”
- ICMP redirects are enabled by default.Can be disabled per interface via “no ip redirects”
TCP header format:
- Sequence number: to identify where the data sits in the data stream
- Ack number: to identify seq number of next packet SRC expects from the receiver.
- Window size: it specifies how many octets starting from ACK number can be sent next.
- Urgent pointer: used only if URG flag is set. This value + seq. number is end of data.
- UDP header: Has only SRC port, DES port, checksum (set to zeros if not used) and length