Solved

TCP/IP stack question

Posted on 2004-09-01
12
2,282 Views
Last Modified: 2008-02-01

Say a user does a telnet to host 172.16.0.2. The request is handed down from the application layer to the Transport Layer.  The transport layer then sees that telnet is going to be used, and telnet utilizes TCP, so that is what is chosen. Transport layer adds the destination port (23) and src  port (empherical port of 1043?), sets the TCP timer  and then passes the completed TCP segment to the network layer. The Network layer, adds src IP and dest IP and encapsulates the TCP segment in a packet. The network layer then sets the appropriate flags (Fragment/DF) and  passes the packet to the bottom layer which places the packet in a frame (frame type is dependant upon network topology type being used. 802.3, 802.2 etc). The frame is sent across the wire as electrical signals.  

The destination computer's network card  receives the electrical signals and interprets them. It removes the frame from the packet and passes the packet to the network layer. De-encapsulation begins.  Network layer runs a CRC on the packet and looks at where it's heading. If it doesnt match the dest IP, the packet is discarded. If it indeed matches the dest IP, it de-encapsulates the packet (leaving only a TCP segment) and  passes the TCP segment to it's Transport layer. It's transport layer receives  the TCP segment and ack's the original sender. Here is where dissolved gets lost.

Please help me fill in the gaps. I know not everything above is correct. Anyway:

1   How does the transport layer communicate with the application layer?  Isnt the application layer unaware the 3 bottom layers are there?

2. Framing is done at layer 2 correct? What happens in situations like in VLANs where 802.1q is used.  Do regular ethernet frames get framed within 802.1q? Or is 802.1q their primary framing method?

3. What is the primary framing method for ethernet LANs?

4. How would the above look, if we were using the OSI model? I know that the TCP/IP protocol suite was based on the OSI.

Thanks.
0
Comment
Question by:dissolved
  • 4
  • 4
  • 3
  • +1
12 Comments
 
LVL 16

Assisted Solution

by:JammyPak
JammyPak earned 150 total points
ID: 11958136
Here's a shot:

1. The ip stack is implemented as part of the O/S. The applications are written to APIs as specified by the O/S. So, a Windows programmer can make generic Windows calls to the APIs, and the O/S will pass those calls to the Windows TCP/IP stack. The programmer doesn't have to deal directly with TCP/IP, because the Windows kernel and base O/S services do that for them.
Each layer *is* aware of the layers directly above and below it. So, the application layer knows that a transport layer exists, and knows how to communicate with it.  (assuming that the transport and app layer are side-by-side, not using the OSI model) Applications take advantage of that by calling standard API functions that are part of the O/S.

4. typical interpretation for the 'MS model' vs the OSI model is this:
MS Physical Layer = OSI Physical layer, DataLink layer
MS Network Layer = OSI Network layer
MS Transport Layer = OSI Transport layer
MS Application Layer = OSI Session layer, Presentation layer, Application layer

In most MS courses and docs, they just lump some of the OSI layers together for simplicity.

Ps. in your above description, the physical layer will examine the packet to see if it is a broadcast or if it is destined for it's own MAC address before passing it up to the network layer. This way, it will most likely be the correct IP address when the network layer looks at it, since the packet would have typically been discarded already.

If I can find some good articles on 2. and 3. I'll post links...
0
 
LVL 15

Accepted Solution

by:
scampgb earned 150 total points
ID: 11958466
Hi dissolved,

If you're really interested in this stuff, get yourself a copy of "TCP/IP Illustrated" :-)

1
As JammyPak says, how each "layer" communicates with each other is through a series of APIs.  
For example, Internet Explorer doesn't need to know (or care) that you've got an CAT5e cable connected to your PC.

2
Correct, framing happens at layer two.
You can find some info on 802.1q VLANS at: http://www.zyxel.com/support/supportnote/ies1000/app/8021q.htm
Basically, an 802.1q is standard Ethernet but with 2 extra bytes in the header.

3
IEEE 802.2 / 802.3
You can find more at : http://www.auggy.mlnet.com/ibm/3376c28.html

4
It's worth pointing out that the OSI model is exactly that, it's a theoretical model.  Systems don't adhere to it perfectly, so you'll often have "blurring" between the layers.
However, it's a good way of understanding what's happening.

A rough approximation (and it's not exactly like this!) would be:

Application                 Internet Explorer
Presentation                Data formats (GIF, ASCII text)
Session                     Established sockets
Transport                   TCP
Network                     IP
Data Link                   Ethernet frame
Physical                    CAT5 cable


This reminds me of being at school.  I didn't pay any attention then either :-)

Does that help?


0
 
LVL 11

Assisted Solution

by:PennGwyn
PennGwyn earned 200 total points
ID: 11958684
> 1   How does the transport layer communicate with the application layer?  Isnt the application layer unaware the 3 bottom
> layers are there?

The TU buffer is not the only data structure shared between the layers.  Somewhere there is probably a "socket" structure which associates a source and destination IP address and source and destination port numbers together as a session, and the application's interactions with the stack are tied to this structure.  It may also include options, status, etc.

> 2. Framing is done at layer 2 correct? What happens in situations like in VLANs where 802.1q is used.  Do regular ethernet
> frames get framed within 802.1q? Or is 802.1q their primary framing method?

802.1q introduces a modification of the standard Ethernet frame to include a "tag" header.  At the receiving end, there's a default VLAN for untagged frames, and a mapping of recognized tag values to other VLANs.  The receiving end strips the tag, reverting to a normal Ethernet frame, and passes it to the apecified VLAN.

A more interesting case is VPN, where a complete layer 2 frame may get encapsulated inside a layer 3 packet.  The VPN server undoes the encapsulation (which may include encryption...) and forwards the original frame.

> 3. What is the primary framing method for ethernet LANs?

destination MAC address and source MAC address at the front, and FCS at the end.  Afew other small headers, such as the type value that says "this frame contains an IP (or IPX or whatever) packet".

> 4. How would the above look, if we were using the OSI model? I know that the TCP/IP protocol suite was based on the OSI.

It's not, actually, but rather on the similar ARPA model.  The most obvious difference is that there are no layer 5 & 6, for which there is no OSI/ISO standard anyway.

0
 

Author Comment

by:dissolved
ID: 11959157
Gotcha. Thanks guys. The problem I think I'm having, is the framing.  Can someone specifically elaborate on framing methods?

I keep hearing 802. numbers thrown around.  Framing is when a IP packet (from the network layer) is placed in a frame so it can traverse the network. Is that correct?  The type of framing depends on what type of topology you're running???? (token ring, or ethernet??)


Thanks!
0
 

Author Comment

by:dissolved
ID: 11959572
Ok, let me rephrase things a bit.  Here's a snapshot of some traffic I captured:
http://mvpbaseball.cc/capture.jpg

In this example, we have a breakdown of the packet in 5 different fields:

-Frame
-Ethernet II
-Internet Protocol
-Transmission Control Protocol
-HTTP protocol (not shown)

Frame is the final product I assume?

Ethernet II is the encapsulation method?

Internet Protocol is what's doing the routing obviously

TCP was chosen because it works with HTTP

HTTP is listed because it is what the user was accessing

Am I correct?
Thanks
0
 
LVL 15

Assisted Solution

by:scampgb
scampgb earned 150 total points
ID: 11961744
You're pretty much there.

The frame is what goes on the wire.  The physical interface converts that into all the little 1s and 0s that we all know and love.

Ethernet II is the format of the frame.  It's what a frame looks like.  It contains things like the datalink (MAC) layer address.

IP is the format of the packet.  It contains things like logical (IP) address.

TCP becomes encapsulated in the IP packet, and includes things like sequence numbers.

HTTP is the protocol for transferring data from websites :-)

The word "encapsulation" can cause a little confusion because it happens at each layer. The HTTP request is encapsulated in a TCP packet, the TCP packet is encapsulated in IP, the IP packet is encapsulated in the Ethernet II frame....
0
New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

 

Author Comment

by:dissolved
ID: 11962280
Ok so the frame is what is transmitted on wire.

The ethernet II is the type of frame. This could also be 802.3 etc right?

Thanks
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11962610
Well, the frame is converted to bits which it then transmitted on the wire - but that's it.

Here's a good answer to Ethernet II vs 802.3:
Xerox developed the first version of Ethernet, Ethernet I. The second version of Ethernet, Ethernet II, was developed by DEC, Intel and Xerox. After this the Ethernet was standardized by IEEE and the new format is known as 802.3 format. To provide backward compatibility with Ethernet II, 802.2 SNAP format was developed.

You can find more info on this, including frame formats, at : http://www.geocities.com/SiliconValley/Vista/8672/network/ethernet.html
0
 
LVL 16

Expert Comment

by:JammyPak
ID: 11963274
and Token Ring uses 802.5!
0
 
LVL 15

Expert Comment

by:scampgb
ID: 11963329
JammyPak: Don't confuse the kid! :)
0
 

Author Comment

by:dissolved
ID: 11963480
lol thanks guys.  I ran a sniffer and noticed a few things.

Most of my frame formats were Ethernet II. Probably 95%.  Almost every single Ethernet II packet had ARP being utilized


A few of my other frames were 802.3.  Each time I saw 802.3 I saw LLC.  What is up with the correlation?  Most of these frames were either ciscos STP protocol or cisco's CDP protocol (which shows up in ethereal as LLC  protocol for some reason instead of CDP protocol)


Now for the obvoius question. Why are some packets being framed Ethernet II and some being framed 802.3.  Is it in their design? For example, the CDP and STP protocol was designed to be framed in 802.3?  (did i say that right?)

Sorry if I'm repeating myself, but I'm trying to comprehend. Thanks!
0
 
LVL 16

Assisted Solution

by:JammyPak
JammyPak earned 150 total points
ID: 11963807
ARP (address resolution protocol) will be used everytime you send an IP-based packet to a host that is not already in your ARP cache. Run arp -a to see the ARP cache - it's just a mapping of IP addresses to MAC addresses. ARP sits at the network layer along with IP in the protocol stack.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now