Understanding the TCP/IP Protocol (Part 1) !!!!

[fmfm]

The world of computer networking is built upon a series of protocols. These very same protocols are the worker bees that keep the packets flowing from one computer to another. Gaining an understanding of them greatly helps one to understand how computers talk to each other. This series of articles will attempt to convey that very knowledge.

[size=x-large]Joined at the hip[/size]

Quite a few system administrators I am sure, are familiar with the TCP/IP protocol suite. By extension many of us are also used to looking at packets composed of both the TCP and IP protocols. A large amount of traffic, have both of them in it, so they could considered to be joined at the hip for lack of a better term. Thus the bulk of the Internet traffic that we see today, is largely composed of both TCP, and IP ferrying around whatever application layer protocol they may be carrying. That being said, as many of us remember, the computer world is not all just composed of application layer protocols, and the aforementioned TCP and IP protocols carrying them around. What this introductory three part article will do is convey to you exactly what is going on in both the TCP and IP header.

There exists quite a few other protocols though that don’t reside at the application, transport, or networking layer. While you may be asking yourself “why the devil is he talking about the OSI reference model, is this article not about protocols!?” Well, simply put, using the OSI reference model as our template, it will give us a great way to map protocols to specific layers. In essence it allows us to give some order to what can quickly become an unwieldy beast; the understanding of computer to computer communications. Think of it this way, using the skeletal outline of the OSI model we can add bits and pieces to it allowing us to flesh it out. It really simplifies our life as networking professionals if we use the OSI reference model in such a fashion.

[size=x-large]Bring on the gory details![/size]

For any of you system administrators reading this article you are probably familiar with the tool ethereal. What this tool does is break down the contents of a packet for you, and maps all of the hex values found in them. Not only that, but it will also tell the name of these values. What values you ask? Well good question! Values such as win size, ttl values, and mss amongst others. These terms may seem a little cryptic to you right now, but rest assured you will understand them shortly. I have always loved the details, and metrics such as. For they are very much the types of details that we must understand, in order to gain a deep understanding of TCP/IP.

Explaining such difficult concepts as the minutiae of TCP/IP can be a difficult task. Not to mention the reader trying to grasp all of the dry text. With that in mind I always strive to give some visual cues. This helps the reader to put some context to all of the new words, and terms they are encountering. I mentioned earlier the tool ethereal, and that it does a fine job of breaking out packets for us. Well to be honest you are best not using such a tool when first learning the contents of a packet. You are far better off trying to do so by hand. One of the best resources I have to found to date is the TCP/IP and tcpdump flyer provided by the SANS institute. Just look at the bottom of the page provided by the hyperlink and you will see the flyer. It is there under the “Additional Resources” category.

All of the information contained on the TCP/IP, and tcpdump flyer will be put to use during this two part series. This document is, simply put, the best of its kind out there today. All you need to do is simply follow the breakdown of the packet as it lays it out for you. Not only that, but the metrics themselves also get a quick explanation at the bottom of the page. You will also note at the bottom of the page that there are also many options that are associated for that protocol listed. Having the options listed there is very handy as many of them may seem very arcane to you. Lastly, please note as well that the size of the option in bytes is also listed before the option itself.

[size=x-large]Will we ever see an actual packet![/size]

'Patience is a virtue that takes entirely too long to master' is my motto! That being said let the much mentioned packet make an appearance. What you see below is two packets that were sniffed off of the wire, using a program such as windump, which required winpcap to work.



What we see above us is two packets. Notably the SYN and the SYN/ACK. Those two packets actually represent two thirds of the TCP/IP handshake. You may note that the remaining part of the handshake ie; the ACK packet is missing. Well simply put, not every operating systems actually uses the last portion of the handshake to set up communications. So in an effort to keep things as realistic as possible I have only listed the portions of the handshake that you will usually see.

[عزيزي الزائر يتوجب عليك التسجيل للمشاهدة الرابطللتسجيل اضغط هنا]
[عزيزي الزائر يتوجب عليك التسجيل للمشاهدة الرابطللتسجيل اضغط هنا]