The easiest way to understand how IP works is to think about telephone numbers. IP addresses are just telephone numbers assigned to a computer. When one computer wants to talk to another computer, you can connect to it by using its telephone number (IP address).
I mentioned that TCP/IP is actually two protocols bundled together: TCP and IP. These protocols sit on a four- layer TCP/IP model.
Details of the TCP/IP Model
The four layers of the TCP/IP model are as follows (see Figure 4.1):
Application Layer The Application layer is where the applications that use the protocol stack reside. These applications include File Transfer Protocol (FTP), Trivial File Transfer Protocol (TFTP), Simple Mail Transfer Protocol (SMTP), and Hypertext Transfer Protocol (HTTP).
Understanding TCP/IP
Transport Layer The Transport layer is where the two Transport layer protocols reside. These are TCP and the User Datagram Protocol (UDP). TCP is a connection- oriented protocol, and delivery is guaranteed. UDP is a connectionless protocol. This means that UDP does its best job to deliver the message, but there is no guarantee.
Internet Layer The Internet layer is where IP resides. IP is a connectionless protocol that relies on the upper layer (Transport layer) for guaranteeing delivery. Address Resolution Protocol (ARP) also resides on this layer. ARP turns an IP address into a Media Access Control (MAC) address. All upper and lower layers travel through the IP protocol.
Link Layer The data link protocols like Ethernet and Token Ring reside in the Link layer. This layer is also referred to as the Network Access layer.
FIGURE 4.1 TCP/IP model
| FTP Application Layer | TFTP |
| UDP | |
How TCP/IP Layers Communicate
When an application like FTP is called upon, the application moves down the layers and TCP is retrieved. TCP then connects itself to the IP protocol and gets released onto the network through the Link layer (see Figure 4.2). This is a connection- oriented protocol because TCP is the protocol that guarantees delivery.
FIGURE 4.2 TCP/IP process
When an application like TFTP gets called, the application moves down the layers and UDP is retrieved. UDP then connects itself to the IP protocol and gets released onto the network through the Link layer. This is a connectionless protocol because UDP does not have guaranteed delivery.
Understanding Port Numbers
TCP and UDP rely on port numbers assigned by the Internet Assigned Numbers Authority (IANA) to forward packets to the appropriate application process. Port numbers are 16- bit integers that are part of a message header. They identify the application software process with which the packet should be associated. For example, let’s say that a client has a copy of Internet Explorer and a copy of Mail open at the same time. Both applications are sending TCP requests across the Internet to retrieve web pages and email, respectively. How does the computer know which return packets to forward to Internet Explorer and which packets to forward to Mail?
When making a connection, the client chooses a source port for the communication that is usually in the range 1024–65535 (or sometimes in the range 1–65535). This source port then communicates with a destination port on the server side. Every packet destined for unsecure Internet traffic has a source port number of 80 in the header, and every packet destined for Mail has a source port number of 110 in the header.
Understanding TCP/IP
Table 4.1 describes the most common port numbers (you might need to know these for the exam). You can visit www.iana.org to get the most current and complete list of port numbers. It’s good to become familiar with specific port numbers because it’s a benefit to be able to determine from memory the ports that, for example, allow or block specific protocols in a firewall. Allowing only port 80, for instance, does not ensure that all web traffic will be allowed. You must also allow port 443 for certain secure web traffic.
Simply because a port is “well known” doesn’t mean that a given service must run on it. It’s technically valid to run any service on any port, but doing so is usually a bad idea. For example, if you chose to run your web server on TCP port 25, clients would need to type www.example.com:25 to reach your website from most browsers.
TABLE 4.1 Common port numbers
| Port number | Description |
| 20 | FTP data |
| 21 | FTP control |
| 22 | Secure Shell (SSH) |
| 23 | Telnet |
| 25 | Simple Mail Transfer Protocol (SMTP) |
| 53 | Domain Name System (DNS) |
| 80 | Hypertext Transfer Protocol (HTTP), Web |
| 88 | Kerberos Network Authentication |
| 110 | Post Office Protocol v3 (POP3) |
| 443 | Secure HTTP (HTTPS) |
| 464 | Kerberos Changes (for example, setting a password) |
| 902 | VMware ESXi |