Protocol tcp ip definition. SNMP protocol (basics)

TCP/IP protocol (Transmission Control Protocol/Internet Protocol) is a network protocol stack commonly used for the Internet and other similar networks (for example, this protocol is also used in a LAN). The name TCP/IP comes from two of the most important protocols:

• IP (Internet Protocol) - is responsible for the transmission of a data packet from node to node. IP forwards each packet based on a four-byte destination address (IP address).
• TCP (Transmission Control Protocol) - is responsible for verifying the correct delivery of data from the client to the server. Data may be lost in the intermediate network. TCP added the ability to detect errors or lost data and, as a result, the ability to request a retransmission until the data is correctly and completely received.

Main features of TCP/IP:

• Standardized high-level protocols used for well-known user services.
• Open protocol standards are used, which makes it possible to develop and refine standards regardless of software and hardware;
• Unique addressing system;
• Independence from the used physical communication channel;

The principle of operation of the TCP / IP protocol stack is the same as in the OSI model, the upper layer data is encapsulated in lower layer packets.

If the packet moves down the level, at each level service information is added to the packet in the form of a header and possibly a trailer (information placed at the end of the message). This process is called. Service information is intended for an object of the same level on the remote computer. Its format and interpretation are determined by the protocols at that layer.

If the packet moves up the level from the bottom up, it is divided into a header and data. The packet header is analyzed, service information is extracted and, in accordance with it, the data is redirected to one of the higher-level objects. The higher level, in turn, analyzes this data and also separates it into a header and data, then the header is analyzed and service information and data are allocated for the higher level. The procedure is repeated until the user data, freed from all service information, reaches the application layer.

It is possible that the package will never reach the application layer. In particular, if the computer acts as an intermediate station on the path between the sender and the recipient, then the object at the appropriate level, when analyzing the service information, will determine that the packet at this level is not addressed to it, as a result of which the object will take the necessary measures to redirect the packet destination or return to sender with an error message. But one way or another, it will not carry out the promotion of data to the upper level.

An example of encapsulation can be represented as follows:

Consider each level functions

Application layer

Applications that work with the TCP/IP stack can also perform the functions of the presentation layer and part of the session layer of the OSI model.

Common examples of applications are programs:

• telnet
• http
• Email protocols (SMTP, POP3)

To send data to another application, the application refers to one or another module of the transport module.

transport layer

Transport layer protocols provide transparent delivery of data between two application processes. A process that receives or sends data is identified at the transport layer by a number called a port number.

Thus, the role of the address of the sender and recipient at the transport level is performed by the port number. Analyzing the header of its packet received from the gateway layer, the transport module determines by the port number of the recipient to which of the application processes the data is directed and transfers this data to the corresponding application process.

The port number of the recipient and sender is written in the header by the transport module sending the data. The transport header also contains some other service information, and the format of the header depends on the transport protocol used.

The transport layer tools are a functional add-on over the network layer and solve two main tasks:

• ensuring the delivery of data between specific programs that operate, in the general case, on different network nodes;
• ensuring guaranteed delivery of data arrays of arbitrary size.

Currently, the Internet uses two transport protocols - UDP, which provides non-guaranteed delivery of data between programs, and TCP, which provides guaranteed delivery with the establishment of a virtual connection.

Network (internet) layer

The main protocol of this layer is the IP protocol, which delivers blocks of data (datagrams) from one IP address to another. An IP address is a unique 32-bit computer identifier, or rather its network interface. The data for the datagram is passed to the IP module by the transport layer. The IP module adds a header to this data containing the IP address of the sender and recipient, and other service information.

Thus, the generated datagram is passed to the media access layer to be sent over the data link.

Not all computers can directly communicate with each other, often in order to transfer a datagram to its destination it is necessary to send it through one or more intermediate computers along one or another route. The task of determining the route for each datagram is handled by the IP protocol.

When the IP module receives a datagram from a lower level, it checks the destination IP address, if the datagram is addressed to this computer, then the data from it is transferred to the processing of the higher level module, if the destination address of the datagram is someone else's, then the IP module can make two decisions:

• Destroy the datagram;
• Send it further to its destination by determining the route, this is how intermediate stations do - routers.

It may also be necessary at the edge of networks with different characteristics to break the datagram into fragments, and then reassemble them into a single whole on the recipient's computer. This is also the task of the IP protocol.

Also, the IP protocol can send messages - notifications using the ICMP protocol, for example, in the event of the destruction of a datagram. There are no more means of controlling the correctness of data, confirmation or delivery, there is no preliminary connection in the protocol, these tasks are assigned to the transport layer.

Media access level

The functions of this level are as follows:

• Mapping IP addresses to physical network addresses. This function is performed by the ARP protocol;
• Encapsulation of IP datagrams into frames for transmission over the physical link and extraction of datagrams from frames, without the need for any error-free transmission control, since in the TCP / IP stack such control is assigned to the transport layer or to the application itself. The frame header indicates the access point to the SAP service, this field contains the protocol code;
• Definition of the media access method, i.e. the way in which computers establish their right to transmit data;
• Determining the representation of data in the physical environment;
• Sending and receiving a frame.

Consider encapsulation on the example of intercepting an HTTP protocol packet using the wireshark sniffer, which works at the application layer of the TCP / IP protocol:

In addition to the captured HTTP protocol itself, the sniffer describes each underlying layer based on the TCP/IP stack. HTTP is encapsulated in TCP, TCP in IPv4, IPv4 in Ethernet II.

This article will cover the basics of the TCP/IP model. For a better understanding, the main protocols and services are described. The main thing is not to rush and try to understand each thing in stages. All of them are interconnected and without understanding one, it will be difficult to understand the other. Very superficial information is arranged here, so this article can be safely called "TCP / IP protocol stack for dummies." However, many things here are not as difficult to understand as it might seem at first glance.

TCP/IP

The TCP / IP stack is a network model for transmitting data on a network; it determines the order in which devices interact. Data enters the data link layer and is processed in turn by each layer above. The stack is presented as an abstraction that explains the principles of processing and receiving data.

The TCP/IP network protocol stack has 4 layers:

1. Channel (Link).
2. Network (Internet).
3. Transport (Transport).
4. Applied (Application).

Application layer

The application layer allows interaction between the application and other layers of the protocol stack, parses and converts incoming information into a format suitable for software. It is closest to the user and interacts with him directly.

• HTTP;
• SMTP

Each protocol defines its own order and principles for working with data.

HTTP (HyperText Transfer Protocol) is designed for data transfer. It sends, for example, HTML documents that serve as the basis of a web page. Simplified, the scheme of work is presented as "client - server". The client sends a request, the server accepts it, properly processes it, and returns the final result.

Serves as a network file transfer standard. The client sends a request for a certain file, the server searches for this file in its database and, if it is successfully found, sends it as a response.

Used to send email. The SMTP operation includes three consecutive steps:

1. Determining the sender's address. This is necessary to return letters.
2. Recipient definition. This step can be repeated a number of times when specifying multiple recipients.
3. Determine the content of the message and send. Data about the message type is transmitted as service information. If the server confirms its readiness to accept the packet, then the transaction itself is committed.

Header

The header contains service data. It is important to understand that they are intended only for a specific level. This means that as soon as the packet is sent to the recipient, it will be processed there according to the same model, but in reverse order. The nested header will carry special information that can only be processed in certain ways.

For example, a header nested at the transport layer can only be processed by the transport layer on the other side. Others will simply ignore it.

transport layer

At the transport layer, the received information is processed as a single unit, regardless of the content. The received messages are divided into segments, a header is added to them, and all this is sent below.

Data transfer protocols:

The most widely used protocol. It is responsible for guaranteed data transfer. When sending packets, their checksum, the transaction process, is controlled. This means that the information will reach "safe and sound" regardless of the conditions.

UDP (User Datagram Protocol) is the second most popular protocol. It is also responsible for data transfer. Its distinguishing feature lies in its simplicity. The packets are simply sent without any special association.

TCP or UDP?

Each of these protocols has its own scope. It is logically determined by the features of the work.

The main advantage of UDP is its transmission speed. TCP is a complex protocol with many checks, while UDP seems to be more simplified and therefore faster.

The downside is simplicity. Due to the lack of checks, data integrity is not guaranteed. Thus, the information is simply sent, and all checks and similar manipulations remain with the application.

UDP is used, for example, to watch videos. For a video file, the loss of a small number of segments is not critical, while download speed is the most important factor.

However, if you need to send passwords or bank card details, then the need to use TCP is obvious. The loss of even the smallest piece of data can have catastrophic consequences. Speed ​​in this case is not as important as security.

network layer

The network layer forms packets from the received information and adds a header. The most important piece of data is the IP and MAC addresses of senders and recipients.

IP-address (Internet Protocol address) - logical address of the device. Contains information about the device's location on the network. Recording example: .

MAC-address (Media Access Control address) - the physical address of the device. Used for identification. Assigned to network equipment at the manufacturing stage. Represented as a six-byte number. For example: .

The network layer is responsible for:

• Determination of delivery routes.
• Transferring packets between networks.
• Assignment of unique addresses.

Routers are network layer devices. They pave the way between the computer and the server based on the data received.

The most popular protocol of this layer is IP.

IP (Internet Protocol) is an Internet protocol designed for network addressing. It is used to build routes along which packets are exchanged. It does not have any means of checking and confirming the integrity. To provide delivery guarantees, TCP is used, which uses IP as the transport protocol. Understanding the principles of this transaction explains much of the basis of how the TCP/IP protocol stack works.

Types of IP addresses

Networks use two types of IP addresses:

1. Public.
2. Private.

Public (Public) are used on the Internet. The main rule is absolute uniqueness. An example of their use is routers, each of which has its own IP address for interacting with the Internet. Such an address is called a public address.

Private (Private) are not used on the Internet. In the global network, such addresses are not unique. An example is a local network. Each device is assigned a unique IP address within the network.

Interaction with the Internet is carried out through a router, which, as mentioned above, has its own public IP address. Thus, all computers connected to the router appear on the Internet on behalf of one public IP address.

IPv4

The most widely used version of the Internet Protocol. Predates IPv6. The record format is four eight-bit numbers separated by dots. The subnet mask is indicated through the fraction sign. The address length is 32 bits. In the vast majority of cases, when we talk about an IP address, we mean exactly IPv4.

Recording format: .

IPv6

This version is intended to solve problems with the previous version. The address length is 128 bits.

The main problem that IPv6 solves is the exhaustion of IPv4 addresses. The prerequisites began to appear already in the early 80s. Despite the fact that this problem entered an acute stage already in 2007-2009, the introduction of IPv6 is very slowly “gaining momentum”.

The main benefit of IPv6 is a faster internet connection. This is because this version of the protocol does not require address translation. Simple routing is in progress. This is less costly and, therefore, access to Internet resources is provided faster than in IPv4.

Recording example: .

There are three types of IPv6 addresses:

1. Unicast.
2. anycast.
3. multicast.

Unicast is a type of unicast IPv6. When sent, the packet only reaches the interface located at the corresponding address.

Anycast refers to multicast IPv6 addresses. The sent packet will get to the nearest network interface. Used only by routers.

Multicast are multicast. This means that the sent packet will reach all the interfaces in the multicast group. Unlike broadcast, which is "broadcast to everyone", multicast broadcasts only to a specific group.

Subnet mask

The subnet mask reveals the subnet and host number from an IP address.

For example, an IP address has a mask. In this case, the record format will look like this. The number "24" is the number of bits in the mask. Eight bits equals one octet, which can also be called a byte.

In more detail, the subnet mask can be represented in binary notation as follows: . It has four octets, and the entry consists of "1" and "0". If we add the number of units, we get a total of "24". Fortunately, counting by one is not necessary, because there are 8 values ​​​​in one octet. We see that three of them are filled with units, add up and get "24".

If we talk specifically about the subnet mask, then in binary representation it has either ones or zeros in one octet. In this case, the sequence is such that bytes with ones come first, and only then with zeros.

Let's consider a small example. There is an IP address and a subnet mask. We count and write: . Now we compare the mask with the IP address. Those mask octets in which all values ​​are equal to one (255) leave their corresponding octets in the IP address unchanged. If the value is zeros (0), then the octets in the IP address also become zeros. Thus, in the subnet address value we get .

Subnet and host

The subnet is responsible for the logical separation. In fact, these are devices that use the same local network. Defined by a range of IP addresses.

Host is the address of the network interface (network card). Determined from the IP address using a mask. For example: . Since the first three octets are the subnet, . This is the host number.

The range of host addresses is from 0 to 255. Host number "0" is, in fact, the address of the subnet itself. And host number "255" is a broadcast host.

Addressing

Three types of addresses are used for addressing in the TCP/IP protocol stack:

1. Local.
2. Network.
3. Domain names.

MAC addresses are called local. They are used for addressing in LAN technologies such as Ethernet. In the context of TCP/IP, "local" means that they only operate within a subnet.

The network address in the TCP/IP protocol stack is the IP address. When a file is sent, the recipient's address is read from its header. With it, the router learns the host number and subnet and, based on this information, lays a route to the end node.

Domain names are the human-readable addresses of websites on the Internet. Web servers on the Internet are accessible through a public IP address. It is successfully processed by computers, but it seems too inconvenient for people. In order to avoid such complications, domain names are used, which consist of areas called "domains". They are arranged in a strict hierarchy, from top to bottom.

The first level domain represents specific information. General (.org, .net) is not limited to any strict boundaries. The reverse situation is with local (.us, .ru). They are usually geographically tied.

The lower level domains are everything else. It can be of any size and contain any number of values.

For example, "www.test.quiz.sg" is a valid domain name, where "sg" is a local first (top) level domain, "quiz.sg" is a second level domain, "test.quiz.sg" is a third level domain . Domain names may also be referred to as DNS names.

DNS (Domain Name System) establishes a correspondence between domain names and a public IP address. When typing a domain name in a browser string, DNS will detect the corresponding IP address and report to the device. The device will process this and return it as a web page.

Link layer

At the link layer, the relationship between the device and the physical transmission medium is determined, a header is added. Responsible for encoding data and preparing frames for transmission over the physical medium. Network switches work at this level.

The most common protocols:

1. ethernet.
2. WLAN.

Ethernet is the most common wired LAN technology.

WLAN - local area network based on wireless technologies. Devices interact without physical cable connections. An example of the most common method is Wi-Fi.

Configuring TCP/IP to use a static IPv4 address

A static IPv4 address is assigned directly in the device settings or automatically when connected to a network and is permanent.

To configure the TCP / IP protocol stack to use a permanent IPv4 address, enter the ipconfig / all command in the console and find the following data.

Configuring TCP/IP to use a dynamic IPv4 address

A dynamic IPv4 address is used for a period of time, leased out, and then changed. Assigned to the device automatically when connected to the network.

To configure the TCP / IP protocol stack to use a non-permanent IP address, you need to go to the properties of the desired connection, open the IPv4 properties and check the boxes as indicated.

Data transfer methods

Data is transmitted through the physical medium in three ways:

• simplex.
• half duplex.
• full duplex.

Simplex is a one-way communication. The transmission is carried out by only one device, while the other only receives the signal. We can say that information is transmitted only in one direction.

Examples of simplex communication:

• TV broadcasting.
• Signal from GPS satellites.

Half-duplex is a two-way communication. However, only one node can transmit a signal at a given time. With such communication, two devices cannot use the same channel at the same time. Full two-way communication may not be physically possible or may result in collisions. It is said that they conflict over the transmission medium. This mode is used when using a coaxial cable.

An example of half-duplex communication is communication by walkie-talkie on the same frequency.

Full Duplex - full two-way communication. Devices can transmit and receive at the same time. They do not conflict over the transmission medium. This mode is used when using Fast Ethernet technology and a twisted-pair connection.

An example is a telephone conversation over a mobile network.

TCP/IP vs OSI

The OSI model defines the principles of data transmission. The layers of the TCP/IP protocol stack correspond directly to this model. Unlike the four-layer TCP / IP, it has 7 layers:

1. Physical (Physical).
2. Channel (Data Link).
3. Network (Network).
4. Transport (Transport).
5. Session (Session).
6. Executive (Presentation).
7. Applied (Application).

At the moment, it is not worth going deep into this model, but at least a superficial understanding is necessary.

The application layer in the TCP/IP model corresponds to the top three OSI layers. All of them work with applications, so you can clearly trace the logic of such a combination. This generalized structure of the TCP/IP protocol stack makes the abstraction easier to understand.

The transport layer remains unchanged. Performs the same functions.

The network layer is also unchanged. Performs exactly the same tasks.

The link layer in TCP/IP corresponds to the last two OSI layers. The link layer establishes protocols for transferring data across the physical medium.

Physical represents the actual physical connection - electrical signals, connectors, etc. In the TCP / IP protocol stack, it was decided to combine these two layers into one, since they both work with the physical medium.

Let's assume that you have a poor command of network technologies, and do not even know the basics. But you were given a task: to quickly build an information network in a small enterprise. You have neither the time nor the inclination to study thick Talmuds on network design, instructions for using network equipment, and delve into network security. And, most importantly, in the future you have no desire to become a professional in this field. Then this article is for you.

The second part of this article, which covers the practical application of the basics outlined here: Notes on Cisco Catalyst: VLAN setup, password reset, flashing the IOS operating system

The concept of the protocol stack

The task is to transfer information from point A to point B. It can be transmitted continuously. But the task becomes more complicated if it is necessary to transfer information between points A<-->B and A<-->C over the same physical channel. If information is transmitted continuously, then when C wants to transmit information to A, he will have to wait until B completes the transmission and releases the communication channel. Such a mechanism for transmitting information is very inconvenient and impractical. And to solve this problem, it was decided to divide the information into portions.

At the recipient, these portions need to be compiled into a single whole, to receive the information that came out from the sender. But on recipient A, now we see portions of information from both B and C mixed up. This means that an identification number must be entered for each portion so that the recipient A can distinguish the pieces of information from B from the pieces of information from C and collect these portions into the original message. Obviously, the recipient must know where and in what form the sender attributed the identification data to the original piece of information. And for this they must develop certain rules for the formation and writing of identification information. Further, the word "rule" will be replaced by the word "protocol".

To meet the needs of modern consumers, it is necessary to specify several types of identification information at once. It also requires protection of transmitted portions of information both from random interference (during transmission over communication lines) and from deliberate sabotage (hacking). To do this, a portion of the transmitted information is supplemented by a significant amount of special, service information.

The Ethernet protocol contains the number of the sender's network adapter (MAC address), the number of the destination's network adapter, the type of data being transmitted, and the data being directly transmitted. A piece of information compiled in accordance with the Ethernet protocol is called a frame. It is believed that there are no network adapters with the same number. Network equipment extracts the transmitted data from the frame (hardware or software), and performs further processing.

As a rule, the retrieved data, in turn, is formed in accordance with the IP protocol and has a different kind of identification information - the recipient's ip address (a 4-byte number), the sender's ip address and data. As well as a lot of other necessary service information. Data generated in accordance with the IP protocol is called packets.

Next, the data is retrieved from the package. But this data, as a rule, is not yet the initially sent data. This piece of information is also compiled in accordance with a certain protocol. The most widely used protocol is TCP. It contains such identification information as the sender's port (a two-byte number) and the source's port, as well as data and service information. The extracted data from TCP is usually the data that the program running on computer B sent to the "receiver program" on computer A.

The nesting of protocols (in this case, TCP over IP over Ethernet) is called the protocol stack.

ARP: Address Resolution Protocol

There are class A, B, C, D and E networks. They differ in the number of computers and in the number of possible networks/subnets in them. For simplicity, and as the most common case, we will consider only a class C network whose ip address starts at 192.168. The next number will be the subnet number, followed by the network equipment number. For example, a computer with ip address 192.168.30.110 wants to send information to another computer with number 3, located in the same logical subnet. This means that the ip address of the recipient will be: 192.168.30.3

It is important to understand that an information network node is a computer connected by one physical channel to switching equipment. Those. if we send data from the network adapter "to the wild", then they have one way - they will come out from the other end of the twisted pair. We can send absolutely any data formed according to any rule invented by us, without specifying either the ip address, or the mac address, or other attributes. And if that other end is connected to another computer, we can take them there and interpret them as we need. But if this other end is attached to the switch, then in this case the packet of information must be formed according to strictly defined rules, as if giving instructions to the switch what to do next with this packet. If the packet is formed correctly, then the switch will send it further, to another computer, as indicated in the packet. After that, the switch will delete this packet from its RAM. But if the package was not formed correctly, i.e. the instructions in it were incorrect, then the package will “die”, i.e. the switch will not send it anywhere, but will immediately delete it from its RAM.

To transfer information to another computer, three identification values ​​\u200b\u200bmust be specified in the sent information packet - mac address, ip address and port. Relatively speaking, a port is a number that the operating system issues to each program that wants to send data to the network. The IP address of the recipient is entered by the user, or the program itself receives it, depending on the specifics of the program. The mac address remains unknown, i.e. the network adapter number of the recipient's computer. To obtain the necessary data, a "broadcast" request is sent, compiled according to the so-called "ARP address resolution protocol". Below is the structure of an ARP packet.

Now we do not need to know the values ​​of all the fields in the above picture. Let's just focus on the main ones.

The fields contain the source ip address and destination ip address, as well as the source mac address.

The "Ethernet destination address" field is filled with units (ff:ff:ff:ff:ff:ff). Such an address is called a broadcast address, and such a frame is sent to all “interfaces on the cable”, i.e. all computers connected to the switch.

The switch, having received such a broadcast frame, sends it to all computers on the network, as if addressing everyone with the question: "if you are the owner of this ip address (destination ip address), please tell me your mac address." When another computer receives such an ARP request, it checks the destination ip address against its own. And if it matches, then the computer inserts its mac address instead of units, swaps the ip and mac addresses of the source and destination, changes some service information and sends the packet back to the switch, which back to the original computer, the initiator of the ARP request.

This way your computer will know the mac address of the other computer you want to send data to. If there are several computers on the network at once responding to this ARP request, then we get an "ip address conflict". In this case, you need to change the ip address on the computers so that there are no identical ip addresses on the network.

Building networks

The task of building networks

In practice, as a rule, it is required to build networks, the number of computers in which will be at least one hundred. And besides the file-sharing features, our network must be secure and easy to manage. Thus, when building a network, three requirements can be distinguished:

1. Simplicity in management. If accountant Lida is transferred to another office, she will still need access to the computers of accountants Anna and Yulia. And if the information network is built incorrectly, the administrator may have difficulty in giving Lida access to the computers of other accountants in her new place.
2. Security. To ensure the security of our network, access rights to information resources must be differentiated. The network must also be protected from disclosure, integrity, and denial of service threats. Read more in the book "Attack on the Internet" by Ilya Davidovich Medvedovsky, chapter "Basic concepts of computer security".
3. Network speed. When building networks, there is a technical problem - the dependence of the transfer rate on the number of computers in the network. The more computers - the lower the speed. With a large number of computers, network performance can become so slow that it becomes unacceptable to the customer.

What causes network speed to decrease with a large number of computers? - the reason is simple: because of the large number of broadcast messages (SHS). AL is a message that, upon arriving at the switch, is sent to all hosts on the network. Or, roughly speaking, all computers on your subnet. If there are 5 computers in the network, then each computer will receive 4 loops. If there are 200 of them, then each computer in such a large network will receive 199 loops.

There are a large number of applications, software modules and services that, for their work, send broadcast messages to the network. Described in paragraph ARP: address determination protocol is only one of many loops that your computer sends to the network. For example, when you go to "Network Neighborhood" (Windows OS), your computer sends several more ALs with special information generated by the NetBios protocol to scan the network for computers that are in the same workgroup. After that, the OS draws the found computers in the "Network Neighborhood" window and you see them.

It is also worth noting that during the scanning process by one or another program, your computer sends not a single broadcast message, but several, for example, in order to establish virtual sessions with remote computers or for any other system needs caused by software problems. implementation of this application. Thus, each computer in the network is forced to send many different ALs to interact with other computers, thereby loading the communication channel with information that the end user does not need. As practice shows, in large networks, broadcast messages can make up a significant part of the traffic, thereby slowing down the network that is visible to the user.

Virtual LANs

To solve the first and third problems, as well as to help solve the second problem, the mechanism of partitioning the local network into smaller networks, like separate local networks (Virtual Local Area Network), is widely used. Roughly speaking, VLAN is a list of ports on the switch that belong to the same network. "One" in the sense that another VLAN will contain a list of ports belonging to another network.

In fact, creating two VLANs on one switch is equivalent to buying two switches, i.e. creating two VLANs is like dividing one switch into two. Thus, a network of one hundred computers is divided into smaller networks, of 5-20 computers - as a rule, this number corresponds to the physical location of computers for the need for file sharing.

• When dividing the network into VLANs, ease of management is achieved. So, when the accountant Lida moves to another office, the administrator just needs to remove the port from one VLAN and add it to another. This is discussed in more detail in the VLANs, theory section.
• VLANs help solve one of the network security requirements, namely the delimitation of network resources. So, a student from one classroom will not be able to penetrate the computers of another classroom or the rector's computer, because. they are actually on different networks.
• Because our network is divided into VLANs, i.e. to small "like networks", the problem with broadcast messages disappears.

VLANs, theory

Perhaps the phrase “it is enough for the administrator to remove a port from one VLAN and add it to another” could be incomprehensible, so I will explain it in more detail. The port in this case is not a number issued by the OS to the application, as described in the Protocol Stack paragraph, but a socket (place) where you can attach (insert) an RJ-45 connector. Such a connector (i.e., a tip to a wire) is attached to both ends of an 8-wire wire, called a "twisted pair". The figure shows a 24-port Cisco Catalyst 2950C-24 switch:
As mentioned in the ARP paragraph: address determination protocol, each computer is connected to the network by one physical channel. Those. 24 computers can be connected to a 24 port switch. The twisted pair cable physically permeates all the premises of the enterprise - all 24 wires from this switch are pulled to different rooms. Let, for example, 17 wires go and connect to 17 computers in the classroom, 4 wires go to the office of the special department and the remaining 3 wires go to the newly renovated, new accounting room. And the accountant Lida, for special merits, was transferred to this very office.

As mentioned above, VLANs can be represented as a list of ports belonging to the network. For example, there were three VLANs on our switch, i.e. three lists stored in the switch's flash memory. In one list the numbers 1, 2, 3 ... 17 were written, in another 18, 19, 20, 21 and in the third 22, 23 and 24. The lead computer was previously connected to the 20th port. And so she moved to another office. They dragged her old computer to a new office, or she sat down at a new computer - it doesn't matter. The main thing is that her computer was connected by a twisted pair cable, the other end of which is inserted into port 23 of our switch. And in order for her to continue sending files to her colleagues from her new location, the administrator must remove the number 20 from the second list and add the number 23. I note that one port can belong to only one VLAN, but we will break this rule at the end of this paragraph.

I also note that when changing the port membership in the VLAN, the administrator does not need to “poke” the wires in the switch. Moreover, he does not even have to get up from his seat. Because the administrator's computer is connected to the 22nd port, with which he can manage the switch remotely. Of course, thanks to special settings, which will be discussed later, only the administrator can manage the switch. For information on how to configure VLANs, see VLANs, practice [in the next article].

As you probably noticed, initially (in the Building Networks section) I said that there will be at least 100 computers in our network. But only 24 computers can be connected to the switch. Of course, there are switches with more ports. But there are still more computers in the corporate/enterprise network. And to connect an infinite number of computers to a network, switches are interconnected via the so-called trunk port (trunk). When configuring the switch, any of the 24 ports can be defined as a trunk port. And there can be any number of trunk ports on the switch (but it is reasonable to do no more than two). If one of the ports is defined as a trunk, then the switch forms all the information that has come to it into special packets, using the ISL or 802.1Q protocol, and sends these packets to the trunk port.

All incoming information - meaning, all the information that came to it from other ports. And the 802.1Q protocol is inserted into the protocol stack between Ethernet and the protocol by which the data was generated, which carries this frame.

In this example, as you probably noticed, the administrator is sitting in the same office with Lida, because the twisted time from ports 22, 23 and 24 leads to the same cabinet. Port 24 is configured as a trunk port. And the switchboard itself is located in the back room, next to the old accountants' office and the auditorium, which has 17 computers.

The twisted pair that goes from port 24 to the administrator's office connects to another switch, which in turn is connected to a router, which will be discussed in the following chapters. Other switches that connect other 75 computers and are located in other back rooms of the enterprise - they all have, as a rule, one trunk port connected by twisted pair or fiber optics to the main switch, which is located in the office with the administrator.

It was said above that it is sometimes reasonable to make two trunk ports. The second trunk port in this case is used to analyze network traffic.

This is what large enterprise networks looked like back in the days of the Cisco Catalyst 1900 switch. You may have noticed two big disadvantages of such networks. First, using a trunk port causes some complexity and creates unnecessary work when configuring the equipment. And secondly, and most importantly, suppose that our “sort of networks” of accountants, economists and dispatchers want to have one database for three. They want the same accountant to be able to see the changes in the database that the economist or dispatcher made a couple of minutes ago. To do this, we need to make a server that will be available to all three networks.

As mentioned in the middle of this paragraph, a port can only be in one VLAN. And this is true, however, only for switches of the Cisco Catalyst 1900 and older series and for some younger models, such as the Cisco Catalyst 2950. For other switches, in particular the Cisco Catalyst 2900XL, this rule can be violated. When configuring ports in these switches, each port can have five modes of operation: Static Access, Multi-VLAN, Dynamic Access, ISL Trunk, and 802.1Q Trunk. The second mode of operation is exactly what we need for the above task - to give access to the server from three networks at once, i.e. make the server belong to three networks at the same time. This is also called VLAN traversal or tagging. In this case, the connection scheme may be as follows.

Good day, dear readers.
By popular demand, today I am publishing an article for you that will introduce you to the basics of the basic terms of a computer network, namely:

• Network protocols - what are these terrible names and what do they eat with
• UDP, TCP, ICMP- what, why and what is the difference
• IP-address, - everyone has, but not everyone knows what for this thing :-)
• Address mask (subnet)
• Gateway
• A few words about routing tables
• Ports - what is it really
• MAC-address

More or less like this.

The article, I think, will be useful to everyone, young and old, because it contains not so much a set of strange incomprehensible actions or words as a block of information presented in an accessible language, which, at least, will give you an understanding of how it all works and why it is needed. Go.

Network Protocols TCP/IP, NWLink IPX/SPX, NetBEUI

Let's start with what a network protocol is and what it is eaten with.
network protocol is a set of software-implemented communication rules between computers. A sort of language in which computers talk to each other and transmit information. Previously, computers were, so to speak, multilingual and in older versions Windows used a set of protocols, - TCP/IP, NWLink IPX/SPX, NetBEUI. Now they have come to a general agreement, and the use of the protocol exclusively has become the standard. TCP/IP, and therefore it will be discussed further on it.

When talking about TCP/IP, then this name usually means a lot of different .. rules or, say, standards that are written using (or using) this protocol. So, for example, there are rules by which messages are exchanged between mail servers and there are rules by which the end user receives letters in his mailbox. There are rules for conducting video conferences and rules for organizing "telephone" conversations over the Internet. In fact, it's not even that the rules .. Rather, a kind of grammar, or something. Well, you know, in English there is one structure for constructing dialogues, in French it’s different .. So in TCP/IP something similar, i.e. a certain bunch of different grammatical rules is just an integral protocol TCP/IP or, more precisely, TCP/IP protocol stack.

Network protocols UDP, TCP, ICMP

Within the protocol TCP/IP protocols are used to transfer data - TCP and UDP. Many have probably heard that there are ports like TCP, and UDP, but not everyone knows what the difference is and what it is in general. So..

Protocol data transfer TCP(Transmission Control Protocol - Transmission Control Protocol) provides for the presence of confirmation of receipt of information. "Well, they say, - got it? - Got it!" If the transmitting party does not receive the necessary confirmation within the established time frame, the data will be retransmitted. Therefore, the protocol TCP referred to as connection protocols, and UDP(User Datagram Protocol - User Datagram Protocol) - no. UDP is used in cases where no confirmation of receipt is required (for example, DNS queries or IP telephony (a prominent representative of which is Skype)). That is, the difference lies in the presence of confirmation of receipt. It would seem "That's all!", but in practice it plays an important role.

There is also a protocol ICMP(Internet Control Message Protocol - Internet Control Message Protocol), which is used to transfer data about network parameters. It includes utility package types such as ping, distance unreachable, TTL etc.

What is an IP address

Everyone has it, but not everyone has an idea what kind of address this is and why it’s impossible to do without it at all. I'm telling.

IP-address - 32 -x bit number used to identify a computer on a network. It is customary to write the address in decimal values ​​of each octet of this number, separating the received values ​​with dots. For example, 192.168.101.36

IP addresses are unique, which means that each computer has its own combination of numbers, and there cannot be two computers on the network with the same addresses. IP-addresses are distributed centrally, Internet providers make requests to national centers in accordance with their needs. The address ranges received by the providers are distributed further among the clients. Clients, in turn, can themselves act as a provider and distribute the received IP-addresses between subclients, etc. With this kind of distribution IP-addresses the computer system knows exactly the "location" of the computer, which has a unique IP-address; - it is enough for it to send data to the "owner's" network, and the provider, in turn, will analyze the destination and, knowing who this part of the addresses is given to, will send information to the next owner of the subrange IP-addresses until the data reaches the destination computer.

For the construction of local networks, special address ranges are allocated. These are the addresses 10.x.x.x,192.168.x.x, 10.x.x.x, c 172.16.x.x on 172.31.x.x, 169.254.x.x, where under x- meaning any number that is from 0 before 254 . Packets transmitted from the specified addresses are not routed, in other words, they are simply not sent over the Internet, and therefore, computers in different local networks may have matching addresses from the specified ranges. That is, in the company OOO " Horns and hooves"and OOO" Vasya and company"there can be two computers with addresses 192.168.0.244 , but cannot, say, with addresses 85.144.213.122 received from the Internet provider, because no two are the same on the internet IP-addresses. To transfer information from such computers to the Internet and back, special programs and devices are used that replace local addresses with real ones when working with the Internet. In other words, data is sent to the Network from a real IP-addresses, not from local. This process happens invisibly to the user and is called address translation. I would also like to mention that within the same network, say, a company, LLC " Horns and hooves", there cannot be two computers with the same local IP address, i.e., in the above example, it meant that one computer with the address 192.168.0.244 in one company, the second with the same address - in another. In the same company, two computers with the address 192.168.0.244 simply won't get along.

You have probably heard terms such as external IP and internal IP, fixed (static IP) and variable (dynamic) IP. In a nutshell about them:

• external IP- it's just the same IP, which is given to you by the provider, i.e. Your unique Internet address, for example, - 85.144.24.122
• interior IP, is a local IP, i.e. Your IP in the local network, for example, - 192.168.1.3
• static IP- this is IP, which does not change with each connection, i.e. secured to you firmly and forever
• dynamic IP, is floating IP-address that changes with each connection

Your type IP(static or dynamic) depends on the settings of the provider.

What is an address mask (subnet)

The concept of a subnet is introduced so that it is possible to distinguish a part IP-addresses of one organization, part of another, and so on. A subnet is a range of IP addresses that are considered to belong to the same local network. When working on a local network, information is sent directly to the recipient. If the data is destined for computers with an IP address that does not belong to the local network, then special rules are applied to them to calculate the route for forwarding from one network to another.

The mask is a parameter that tells the software how many computers are in a given group (subnet). The address mask has the same structure as the IP address itself: it is a set of four groups of numbers, each of which can be in the range from 0 to 255 . In this case, the smaller the mask value, the more computers are united in this subnet. For small company networks, the mask is usually 255.255.255.x(for example, 255.255.255.224). The netmask is assigned to the computer at the same time as the IP address. So, for example, the network 192.168.0.0 with a mask 255.255.255.0 may contain computers with addresses from 192.168.0.1 before 192.168.254 192.168.0.0 with a mask 255.255.255.128 allows addresses from 192.168.0.1 before 192.168.0.127 . I think the meaning is clear. As a rule, networks with a small possible number of computers are used by providers in order to save IP addresses. For example, a client may be assigned an address with a mask 255.255.255.252 . Such a subnet contains only two computers.

After the computer has obtained an IP address and knows the value of the subnet mask, the program can start working on this local subnet. However, in order to exchange information with other computers in the global network, you need to know the rules where to send information for the external network. For this, such a characteristic as the address of the gateway (Gateway) is used.

What is a Gateway

A gateway is a device (computer or router) that provides information forwarding between different IP subnets. If the program determines (by IP and mask) that the destination address is not part of the local subnet, then it sends this data to the device that acts as a gateway. The protocol settings indicate the IP address of such a device.

Do you want to know and be able to do more yourself?

We offer you training in the following areas: computers, programs, administration, servers, networks, site building, SEO and more. Find out the details now!

To work only in the local network, the gateway may not be specified.

For individual users connecting to the Internet, or for small businesses with a single connection channel, there should be only one gateway address in the system - this is the address of the device that has an Internet connection. If there are multiple routes, there will be multiple gateways. In this case, the routing table is used to determine the data transfer path.

What are routing tables

And so we slowly got to them. And so .. What kind of tables are these.

An organization or user can have several points of connection to the Internet (for example, backup channels in case something goes wrong with the first provider, but the Internet is still very necessary) or contain several IP-networks. In this case, in order for the system to know which way (through which gateway) to send this or that information, routing tables are used. The routing tables for each gateway indicate those Internet subnets for which information should be transmitted through them. At the same time, for several gateways, you can set the same ranges, but with different data transfer costs: for example, information will be sent over the channel that has the lowest cost, and if it fails for one reason or another, the next available most cheap connection.

What are network ports

When transferring data other than IP-addresses of the sender and recipient of the information packet contains port numbers. Example: 192.168.1.1: 80 , - in this case 80 is the port number. A port is a number that is used when receiving and transmitting data to identify the process (program) that must process the data. So if the packet is sent to 80 -th port, then this indicates that the information is intended for the server http.

Port numbers with 1 th to 1023 th are assigned to specific programs (the so-called well-known ports). Ports with numbers 1024 -65 535 can be used in programs of own development. In this case, possible conflicts should be resolved by the programs themselves by choosing a free port. In other words, the ports will be distributed dynamically: it is possible that at the next start the program will choose a different port value, unless, of course, you manually set the port through the settings.

What is a MAC address

The fact is that the packets forwarded on the network are addressed to computers not by their names and not to IP-address. The packet is destined for a device with a specific address, which is called MAC-address.

MAC address- this is a unique address of a network device, which is embedded in it by the equipment manufacturer, i.e. this is a sort of stamped number of your network card. First half MAC-address is the identifier of the manufacturer, the second is the unique number of this device.

Usually MAC-address is sometimes required for identification, say, with a provider (if the provider uses a MAC address binding instead of a login-password) or when configuring a router.

Where to see all network settings

I almost forgot to say a few words about where you can look and change it all.

13.10.06 5.6K

Most of us know TCP/IP as the "glue" that holds the Internet together. But not many people are able to give a convincing description of what this protocol is and how it works. So what exactly is TCP/IP?

TCP/IP is a means of exchanging information between computers on a network. It doesn't matter if they are part of the same network or connected to separate networks. It doesn't matter that one of them can be a Cray computer and the other a Macintosh. TCP/IP is a platform-independent standard that bridges the gap between heterogeneous computers, operating systems, and networks. It is the protocol that governs the Internet globally, and it is largely thanks to the TCP/IP network that it gained its popularity.

Understanding TCP/IP primarily involves being able to understand the mysterious protocol suites that TCP/IP hosts use to exchange information. Let's take a look at some of these protocols and find out what makes up the TCP/IP shell.

Basics of TCP/IP

TCP/IP is an abbreviation for the term Transmission Control Protocol/Internet Protocol. In computer network terminology, a protocol is a pre-agreed standard that allows two computers to communicate. In fact, TCP / IP is not one protocol, but several. That is why you often hear it referred to as a set, or set of protocols, of which TCP and IP are the two main ones.

The TCP/IP software on your computer is a platform-specific implementation of TCP, IP, and other members of the TCP/IP family. It also typically includes high-level applications such as File Transfer Protocol (FTP) that allow you to control network file transfers from the command line.

TCP/IP was born out of research funded by the US government's Advanced Research Project Agency (ARPA) in the 1970s. This protocol was developed so that the computer networks of research centers around the world could be connected in the form of a virtual "network of networks" (internetwork). The original Internet was created by converting an existing conglomerate of computer networks called ARPAnet using TCP/IP.

The reason TCP/IP is so important today is because it allows networks of their own to connect to the Internet or to join together to form private intranets. The computer networks that make up an intranet are physically connected through devices called routers or IP routers. A router is a computer that transmits data packets from one network to another. On a TCP/IP-based intranet, information is transmitted in discrete units called IP packets or IP datagrams. Thanks to TCP / IP software, all computers connected to a computer network become "close relatives". Essentially it hides routers and the underlying architecture of networks and makes it all look like one big network. Just as Ethernet connections are identified by 48-bit Ethernet IDs, intranet connections are identified by 32-bit IP addresses, which we express as dotted decimal numbers (for example, 128.10.2.3). By taking the IP address of a remote computer, a computer on an intranet or on the Internet can send data to it as if they were part of the same physical network.

TCP/IP provides a solution to the data problem between two computers connected to the same intranet but belonging to different physical networks. The solution consists of several parts, with each member of the TCP / IP protocol family contributing to the overall cause. IP, the most fundamental protocol in the TCP/IP suite, transports IP datagrams over an intranet and performs an important function called routing, essentially choosing the route that the datagram will take from point A to point B, and using routers to "hop" between networks.

TCP is a higher-level protocol that allows applications running on different network hosts to exchange data streams. TCP divides data streams into chains, called TCP segments, and transmits them using IP. In most cases, each TCP segment is sent in one IP datagram. However, if necessary, TCP will split the segments into multiple IP datagrams that fit into the physical data frames that are used to transfer information between computers on the network. Because IP does not guarantee that datagrams will be received in the same sequence in which they were sent, TCP "reassembles" the TCP segments at the other end of the route to form a continuous stream of data. FTP and telnet are two examples of popular TCP/IP applications that rely on TCP.

Another important member of the TCP/IP suite is the User Datagram Protocol (UDP), which is similar to TCP but more primitive. TCP is a "reliable" protocol because it provides error checking and acknowledgment messages so that data reaches its destination without any corruption. UDP is an "unreliable" protocol because it does not guarantee that datagrams will arrive in the order they were sent, or even that they will arrive at all. If reliability is a desirable condition, software will be required to implement it. But UDP still has its place in the TCP/IP world, and is used in many programs. The Simple Network Management Protocol (SNMP) application implemented in many TCP/IP implementations is one example of a UDP program.

Other TCP/IP protocols play less prominent but equally important roles in the operation of TCP/IP networks. For example, the Address Resolution Protocol (ARP) translates IP addresses into physical network addresses, such as Ethernet identifiers. A related protocol, the Reverse Address Resolution Protocol (RARP), does the reverse by converting physical network addresses to IP addresses. The Internet Control Message Protocol (ICMP) is a maintenance protocol that uses IP to exchange control information and control errors related to the transmission of IP packets. For example, if a router cannot send an IP datagram, it uses ICMP to inform the sender that there is a problem. A brief description of some of the other protocols that "hide under the TCP/IP umbrella" is given in the sidebar.

A brief description of the protocols of the TCP / IP family with decoding of abbreviations
ARP (Address Resolution Protocol): Converts 32-bit IP addresses to physical computer network addresses, such as 48-bit Ethernet addresses.

FTP (File Transfer Protocol): allows you to transfer files from one computer to another using TCP connections. Its sister but less common file transfer protocol, the Trivial File Transfer Protocol (TFTP), uses UDP rather than TCP to transfer files.

ICMP (Internet Control Message Protocol): Allows IP routers to send error messages and control information to other IP routers and network hosts. ICMP messages "travel" as data fields in IP datagrams and must be implemented in all IP variants.

IGMP (Internet Group Management Protocol): Allows IP datagrams to be multicasted to computers that belong to the appropriate groups.

IP (Internet Protocol): A low-level protocol that routes data packets over separate networks linked together by routers to form the Internet or intranet. Data "travels" in the form of packets called IP datagrams.

RARP (Reverse Address Resolution Protocol): Converts physical network addresses to IP addresses.

SMTP (Simple Mail Transfer Protocol): Defines a message format that an SMTP client running on one computer can use to forward email to an SMTP server running on another computer.

TCP (Transmission Control Protocol) is a connection-oriented protocol that transmits data as streams of bytes. Data is sent in packets—TCP segments—that consist of TCP headers and data. TCP is a "reliable" protocol because it uses checksums to check data integrity and sending acknowledgments to ensure that transmitted data is received without corruption.

UDP (User Datagram Protocol): A connection-independent protocol that transmits data in packets called UDP datagrams. UDP is an "unreliable" protocol because the sender does not receive information indicating whether the datagram was actually received.

TCP/IP architecture

Computer network designers often use the ISO/OSI (International Standards Organization/Open Systems Interconnect) seven-layer model that describes the architecture of networks. Each layer in this model corresponds to one layer of network functionality. At the very base is the physical layer, which represents the physical medium through which the data "travels" - in other words, the cable system of a computer network. Above it is the link layer, or data link layer, which is provided by network interface cards. At the very top is the application program layer, where programs that use network service functions run.

The figure shows how TCP/IP fits into the ISO/OSI model. This figure also illustrates the layer structure of TCP/IP and shows the relationships between the major protocols. When a data block is transferred from the network application program to the network adapter card, it passes through a series of TCP/IP modules in sequence. At the same time, at each step, it is completed with the information necessary for the equivalent TCP / IP module at the other end of the chain. By the time the data reaches the NIC, it is a standard Ethernet frame, assuming the network is based on this interface. The TCP/IP software at the receiving end recreates the original data for the receiving program by capturing an Ethernet frame and passing it in reverse order through the set of TCP/IP modules. (One of the best ways to understand the internals of TCP/IP is to use spyware to look inside frames as they "fly" over the network for information added by various TCP/IP modules.)

Network Layers and TCP/IP Protocols

ISO/OSI TCP/IP _____________________________ __________________________ | Application level | | | |____________________________| | _________ _________ | _____________________________ | | Network | | Network | | Level | Presentation layer | | |Program| |Program| | applied |____________________________| | |_________| |_________| | programs _____________________________ | | | Session level | | | |____________________________| |__________________________| | | _____________________________ ____|_____________|______ | Transport layer | | TCP/UDP | Transport |____________________________| |_____|______|______| level | | _____________________________ ____|_____________|______ | Network layer | | | | | Network |_____________________________| | ---->IP<--- | уровень |__________________________| _________ _____________________________ _______| Сетевая |________ | Уровень звена данных | | ARP<->| fee |<->RARP | Level |____________________________| |_______|_________|_________| link | data _____________________________ | | Physical layer | _____________|______________ Physical |_____________________________| Cabling network level

The left side of this diagram shows the layers of the ISO/OSI model. The right side of the diagram illustrates the correlation of TCP/IP with this model.

To illustrate the role that TCP/IP plays in real-world computing networks, consider what happens when a Web browser uses HTTP (HyperText Transfer Protocol) to retrieve a page of HTML data from a Web server connected to the Internet. . The browser uses a high-level software abstraction called a socket to form a virtual connection to the server. And to retrieve a Web page, it sends a GET HTTP command to the server, writing it to the socket. The socket software, in turn, uses TCP to send the bits and bytes that make up the GET command to the Web server. TCP segments the data and passes the individual segments to the IP module, which forwards the segments in datagrams to the Web server.

If the browser and the server are running on computers connected to different physical networks (as is usually the case), datagrams are passed from network to network until they reach the one to which the server is physically connected. Eventually the datagrams reach their destination and are reassembled so that the Web server that reads the data strings from its socket receives a continuous stream of data. For the browser and server, data written to the socket at one end magically pops up at the other end. But between these events, all sorts of complex interactions take place to create the illusion of a continuous transfer of data between computer networks.

And that's pretty much all TCP/IP does: turn many small networks into one big one, and provide the services that applications need to communicate with each other over the resulting Internet.

Brief conclusion

Much more could be said about TCP/IP, but there are three key points:

* TCP/IP is a set of protocols that allow physical networks to join together to form the Internet. TCP/IP connects individual networks to form a virtual computer network, in which individual hosts are identified not by physical network addresses, but by IP addresses.
* TCP/IP uses a layered architecture that clearly describes what each protocol is responsible for. TCP and UDP provide high-level data transfer overhead for network programs, and both rely on IP to transmit data packets. IP is responsible for routing packets to their destination.
* Data moving between two applications running on Internet hosts "travels" up and down the TCP/IP stacks on those hosts. The information added by the TCP/IP modules on the sender side is "cut" by the corresponding TCP/IP modules on the receiving end and used to recreate the original data.

Good bad