• Five layers of TCP-IP protocol are;
    • Physical layer : deals with how bits are identified and transmitted, voltage values etc
    • Data-link layer: how the device on medium is identified and how it is accessed or shared and how the frame is constructed. Deal with MAC in case of ethernet medium.
    • Internet(IP) layer: protocols to communicate across network. IP routing. OSPF
    • Host-to-host layer: Logical connection between two communicating hosts. TCP/UDP etc
    • Application layer: individual process running on end host.
  • IPv4 header Fields:

    • Version: set to 4
    • Header length: minimum header length is 20 bytes. Options field can make upto 60 byte
    • TOS: First 6 bits are DSCP and last 2 bits are ECN. Used for QOs.
    • Total length: Maximum value is 65535. Maximum possible IPv4 packet size
    • Identification: Router which fragments a packet places same value on all chunk packets for end host to identify fragments of same packet.
    • Flags: 3 bits:
      • First bit is unused.
      • Second bit is DF (don’t fragment) bit. If set, router will drop packet and send ICMP if packet has to be fragmented.
      • 3rd bit is More Bit (MF): The last fragment MF is set to 0.
    • Fragment offset: to identify at which location this fragments fits into.
    • TTL: hop limit.
    • Protocols: To identify host-host layer protocol. 1 for ICMP. 2 for IGMP. 6 for TCP. 17 for UDP. 89 for OSPF.
    • Header checksum: For error detection.
    • Source and destination IP address.
    • Options:
      • Loose source routing: List of IP addresses are added which the packet has to travel through. Multiple hops can be taken between two addresses.
      • Strict source routing: List of IP addresses are added which the packet has to travel through in strict order.
      • Record route: allows router to add its outgoing interface while packet is routed.
      • Timestamp: similar to RR expect timestamp is also added.
      • All options can be invoked via extended ping.
  • First octet rule:

  • IPv4 address has 3 parts: Network part, subnet and host part.
  • Network mask can be represented in dotted decimal (default), bitcount (/24 via “ip netmask-format bit-count” command on VTY lines) or hexadecimal\
  • ARP:
    • RFC – 826
    • Important fields: Protocol type, opcode, sender ip address, sender mac address, target ip address, target mac address. If sender IP == target IP in an ARP, then it is GARP.
    • ARP entries are hold for 4 hours.Can be changed on per interface using “arp time-out x”
    • Static ARP via “arp <ip> <mac> <encap type>”
    • Proxy ARP: when a router receives ARP request on a network with target IP address belonging to another network and if the router has that network in its routing table, it sends ARP reply on behalf on another network.
    • Enabled by default. Can be disabled per interface via “no ip proxy-arp”
    • GARP: detect IP duplication. Disabled by default.Can be enabled via “ip gratuitous-arps”
    • ICMP redirects are enabled by default.Can be disabled per interface via “no ip redirects”
  • TCP header format:

    • Sequence number: to identify where the data sits in the data stream
    • Ack number: to identify seq number of next packet SRC expects from the receiver.
    • Window size: it specifies how many octets starting from ACK number can be sent next.
    • Urgent pointer: used only if URG flag is set. This value + seq. number is end of data.
  • UDP header: Has only SRC port, DES port, checksum (set to zeros if not used) and length
This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s