TCP/IP Protocol Suite and IP Addresses – The Basics Idlehands sysop@kbnet.co.uk TCP/IP, Protocol, Security, IP Address 1.1 Introduction 2.1 Background on TCP/IP 3.1 IP and IP Addresses 3.2 Class of addresses 3.3 Important addresses to recognize. 4.1 Biography 4.2 Final Note 4.3 Credits 1.1 Introduction This file explains some of the topics that are associated with the TCP/IP protocol suite and IP addresses. The information here has been collected from numerous files on the topic. This file was also supposed to include a section on port scanning and a listing of ports. Unfortunately I’ve been slacking, so the other two sections will have to wait. As usual, I do not condone nor take responsibility for the actions of individuals, based upon the information contained within. All information here is for educational use only. 2.1 Background on TCP/IP TCP/IP is an open networking protocol, which means that all aspects of the protocol suite are published. They are also available for anyone to use on their hardware and software. TCP/IP is probably the most used protocol in the world. The main reason for TCP/IP being so popular is very simple. TCP/IP will allow a user to connect devices of almost all platforms together and talk in a universal language. TCP/IP is not just a single protocol, but is a whole suite of protocols, amounting to a dozen or so protocols, all designed to per task. All of the protocols use TCP and IP to transmit data. TCP (Transmission Control Protocol) and IP (Internet Protocol) are the two main protocols of the TCP/IP suite. All of the protocols can be grouped together according with the type of task that they fulfil. Transport These protocols are responsible for transmitting packets of data from one device to another through a network. TCP – Transmission Control Protocol TCP is a connection-based service, meaning that two devices transmitting data must be connected through a constant connection. UDP – User Datagram Protocol UDP is the opesite to TCP in that fact that it is a connectionless based service. This means that two devices exchanging data do not communicate with each other through a constant connection. Routing These protocols deal with the addressing of data and working out which is the best route for the data to take. They also deal with how large packets are broken up and reassembled. IP – Internet Protocol IP deals with the actual transmission of data. ICMP – Internet Control Message Protocol ICMP deals with status messages for IP, such as errors and network changes that may effect routing. RIP – Routing Information Protocol One of several protocols designed to determine the best routing method. OSPF – Open Shortest Path First Another protocol designed to determine the best routing method. Network Addresses These protocols are designed to handle the way that devices are addressed by both a unique number and a more common hostname. ARP – Address Resolution Protocol Figures out the unique address of devices on the network DNS – Domain Name System Works out a device’s numeric address from device hostnames. RARP – Reverse Address Resolution Protocol Works out the unique address of a device, but in a completely different method from ARP. BOOTP – Boot Protocol This protocol starts up a network device by reading the boot information from a server. BOOTP is most often used by diskless workstations. User Services These are services that users have access too. FTP – File Transmission Protocol This protocol transfers files from one machine to another. FTP uses TCP for transport. TFTP – Trivial File Transmission Protocol This simple file transport method uses UDP as transport. Telnet – Telnet This protocol allows remote logins. A user on one machine can login to another machine and behaves as if the user is sat at that machine. Gateway Protocols These protocols help networks communicate routing and status information, as well as handling data for local networks. EGP – Exterior Gateway Protocol This protocol transfers routing information for external networks. GGP – Gateway-to-Gateway Protocol This protocol handles routing information between Internet gateways. IGP – Interior Gateway Protocol This protocol deals with the transfer of routing information for internal networks. Other Protocols These protocols do not fit into any of the previous categories, but provide very important services for a network. NFS – Network File System This protocol means that a user can mount external directories to their machine as if they were hosted on the local machine. NIS – Network Information Service This service maintains user accounts across a network, easing the problem of username and passwd maintenance. RPC – Remote Procedure Call This protocol allows remote applications to communicate with one another using function calls. SMTP – Simple Mail Transfer Protocol This protocol is designed to deal with the problem of transferring E-mail between machines. SNMP – Simple Network Management Protocol This protocol is used to obtain status messages about TCP/IP configurations and software. SNMP requires a loopback to be in place for proper operation. 3.1 IP and IP Addresses IP is a connectionless network protocol within the TCP/IP suite; unfortunately, it is also very unreliable, containing two 32-bit header fields (network address and terminal address). IP is also the busiest of the TCP/IP protocols because almost all TCP/IP traffic is encapsulated within an IP packet. It’s IP’s job to route packets around the network, but it provides no means for reliability or accountability (IP relies on upper layers for that). IP can try to send an ICMP error message back to the source, but this can be lost as well. ICMP is used to relay network conditions and errors to IP and the other layers. As IP is connectionless, it doesn’t store any connection state information. Each IP packet is sent out without regard to the last one or the next packet. IP Addresses are 32-bit numbers that uniquely identify any machine on a TCP/IP based network. These “addresses” allow proper routing within the network. Each 32-bit IP address is broken up into four parts 8-bit segments. Each segment can have a range of 0 to 255 (2 to the power of 8, minus 1) and each 8-bit segment is separated by a dot. This type of notation is called dotted quad. An example of an IP address is 194.156.169.3 The two fields (network address and terminal address) allow for two networks to have the same terminal address. All IP addresses must be assigned by NIC (network information center) based on the size of the proposed network. All IP addresses must be assigned by NIC to prevent duplication of addresses. 3.2 Classes of IP Addresses IP addresses are assigned relating to the size of a network. There are three categories in this classification: class A, class B and class C. The three network classifications break the IP address into different sizes for the network and terminal addresses. A class A network only uses one byte for the network addresses and the other three bytes are used for the terminal address. This allows for over 16 million different terminal addresses. Class B addresses uses two bytes for the network address and two bytes for the terminal address. This combination allows for over 65,000 possible terminal address, but only a few large companies are limited to this address. Type C addresses have three bytes assigned for the network address and a single byte for the terminal address. This means that the network has a maximum of 254 terminal addresses (255 and 0 are reserved for special use). There are limitations for the first value of the IP address. A class A network’s first value must be between 0 and 127. A class B network must have a first value of between 128 and 191. Finally, a class C network’s first value must be between 192 and 233. This is because of the way the first byte is broken up, with a few bits at the front to identify the class of network. The values 0 and 255 are reserved for special use. Messages sent through TCP/IP use the IP address to identify devices on the network that are receiving and transmitting data, as well as routing information contained with the message headers. 3.3 Important IP Addresses to Recognize These IP addresses are pretty-much standard among TCP/IP networks and are handy to know. 127.0.0.1 – Loopback A Loopback or “Dummy Interface” is used to give a machine an IP address to work with when it only uses SLIP (Serial Line Internet Protocol) and PPP (Point-to-Point Protocol) interfaces. A Loopback solves the problem of a machine with no network cards communicating with another machine. Almost all TCP/IP Protocols need an IP address, something usually lacking in a standalone config. Therefore a Loopback is configured to the standard IP address of 127.0.0.1 Broadcast Address The broadcast address is used when one machine wants to send the same packet of data to all the machines on the network. To get the broadcast address, you set the terminal address to 255. For example, if your IP address it 194.168.148.6, then your broadcast address is 194.168.148.255. This address is very useful when trying to determine the number of hosts on a network. This will be explained later in the file. Gateway Address The gateway address is the IP address of the machine that is the network’s gateway out to other networks, including the Internet (such as a router). Normally, the gateway has the same IP address as that of your machine, but the terminal address is set to the value of 1. For example, if your IP address as 192.168.148.6, then your gateway address would be 192.168.148.1. Network Address The network address is basically the network proportion of your IP address. For example, if your IP address was 194.168.148.6… Class B network address – 194.168.0.0 Class C network address – 194.168.148.0 4.1 Biography This file is based upon the information contained in: Linux Unleashed (v.4) Various issues of Phrack Personal knowledge 4.2 Final Note This file only scratches the surface of the topic. With a little more time sober, I’ll either add topics or rewrite it completely, but life’s been a little complicated of late. Idle Hands