The ABCs of TCP/IP OTHER AUERBACH PUBLICATIONS The ABCs of IP Addressing Information Security Management Gilbert Held Handbook, 4th Edition, Volume 4 ISBN: 0-8493-1144-6 Harold F. Tipton and Micki Krause, Editors ISBN: 0-8493-1518-2 The ABCs of TCP/IP Gilbert Held Information Security Policies, ISBN: 0-8493-1463-1 Procedures, and Standards: Guidelines for Effective Information Building an Information Security Security Management Awareness Program Thomas R. Peltier Mark B. Desman ISBN: 0-8493-1137-3 ISBN: 0-8493-0116-5 Information Security Risk Analysis Building a Wireless Office Thomas R. Peltier Gilbert Held ISBN: 0-8493-0880-1 ISBN: 0-8493-1271-X A Practical Guide to Security Engineering The Complete Book of Middleware and Information Assurance Judith Myerson Debra Herrmann ISBN: 0-8493-1272-8 ISBN: 0-8493-1163-2 Computer Telephony Integration, 2nd Edition The Privacy Papers: Managing Technology and Consumers, William A. Yarberry, Jr. ISBN: 0-8493-1438-0 Employee, and Legislative Action Rebecca Herold Cyber Crime Investigator’s Field Guide ISBN: 0-8493-1248-5 Bruce Middleton ISBN: 0-8493-1192-6 Secure Internet Practices: Best Practices for Securing Systems in Cyber Forensics: A Field Manual for the Internet and e-Business Age Collecting, Examining, and Preserving Patrick McBride, Jody Patilla, Evidence of Computer Crimes Craig Robinson, Peter Thermos, Albert J. Marcella and Robert S. Greenfield, and Edward P. Moser Editors ISBN: 0-8493-1239-6 ISBN: 0-8493-0955-7 Securing and Controlling Cisco Routers Global Information Warfare: Peter T. Davis How Businesses, Governments, and ISBN: 0-8493-1290-6 Others Achieve Objectives and Attain Competitive Advantages Securing E-Business Applications and Andy Jones, Gerald L. Kovacich, Communications and Perry G. Luzwick Jonathan S. Held and John R. Bowers ISBN: 0-8493-1114-4 ISBN: 0-8493-0963-8 Information Security Architecture Securing Windows NT/2000: Jan Killmeyer Tudor From Policies to Firewalls ISBN: 0-8493-9988-2 Michael A. Simonyi ISBN: 0-8493-1261-2 Information Security Management Handbook, 4th Edition, Volume 1 Six Sigma Software Development Harold F. Tipton and Micki Krause, Editors Christine B. Tayntor ISBN: 0-8493-9829-0 ISBN: 0-8493-1193-4 Information Security Management A Technical Guide to IPSec Virtual Private Handbook, 4th Edition, Volume 2 Networks Harold F. Tipton and Micki Krause, Editors James S. Tiller ISBN: 0-8493-0800-3 ISBN: 0-8493-0876-3 Information Security Management Telecommunications Cost Management Handbook, 4th Edition, Volume 3 Brian DiMarsico, Thomas Phelps IV, Harold F. Tipton and Micki Krause, Editors and William A. Yarberry, Jr. ISBN: 0-8493-1127-6 ISBN: 0-8493-1101-2 AUERBACH PUBLICATIONS www.auerbach-publications.com To Order Call: 1-800-272-7737 • Fax: 1-800-374-3401 E-mail: [email protected] The ABCs of TCP/IP GILBERT HELD AUERBACH PUBLICATIONS A CRC Press Company Boca Raton London New York Washington, D.C. AU1463/frame/fm Page iv Tuesday, September 10, 2002 9:18 AM Library of Congress Cataloging-in-Publication Data Held, Gilbert, 1943- The ABCs of TCP/IP / Gilbert Held. p. cm. Includes index. ISBN 0-8493-1463-1 1. TCP/IP (Computer network protocol) I. Title. TK5105.585 .H44695 2002 004.6′2—dc21 2002028013 CIP This book contains information obtained from authentic and highly regarded sources. Reprinted material is quoted with permission, and sources are indicated. A wide variety of references are listed. Reasonable efforts have been made to publish reliable data and information, but the author and the publisher cannot assume responsibility for the validity of all materials or for the conse- quences of their use. Neither this book nor any part may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, microfilming, and recording, or by any information storage or retrieval system, without prior permission in writing from the publisher. The consent of CRC Press LLC does not extend to copying for general distribution, for promotion, for creating new works, or for resale. Specific permission must be obtained in writing from CRC Press LLC for such copying. Direct all inquiries to CRC Press LLC, 2000 N.W. Corporate Blvd., Boca Raton, Florida 33431. Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation, without intent to infringe. Visit the Auerbach Publications Web site at www.auerbach-publications.com © 2003 by CRC Press LLC Auerbach is an imprint of CRC Press LLC No claim to original U.S. Government works International Standard Book Number 0-8493-1463-1 Library of Congress Card Number 2002028013 Printed in the United States of America 1 2 3 4 5 6 7 8 9 0 Printed on acid-free paper AU1463/frame/fm Page v Tuesday, September 10, 2002 9:18 AM Contents Chapter 1 Overview .....................................................................................1 Applications............................................................................................................. 2 Current Applications........................................................................................ 2 Electronic Mail .................................................................................................2 File Transfers ....................................................................................................4 Remote Terminal Access .................................................................................7 Web Surfing ......................................................................................................7 Emerging Applications ...................................................................................10 Audio and Video Players ..............................................................................10 Voice-over-IP ..................................................................................................11 Virtual Private Networking ............................................................................14 Book Preview ........................................................................................................14 The Protocol Suite .........................................................................................15 The Standards Process ...................................................................................15 The Internet Protocol and Related Protocols.............................................. 16 Transport Layer Protocols.............................................................................. 16 Applications and Built-In Diagnostic Tools................................................. 16 Routing ............................................................................................................17 Security Threats ..............................................................................................17 Enhancing Security ........................................................................................17 Emerging Technologies.................................................................................. 17 Chapter 2 The Protocol Suite ...................................................................19 The ISO Reference Model ....................................................................................19 OSI Reference Model Layers......................................................................... 20 Layer 1: The Physical Layer ...................................................................20 Layer 2: The Data-Link Layer................................................................. 21 Layer 3: The Network Layer ..................................................................22 Layer 4: The Transport Layer................................................................. 22 Layer 5: The Session Layer ....................................................................23 Layer 6: The Presentation Layer............................................................. 23 Layer 7: The Application Layer.............................................................. 23 v AU1463/frame/fm Page vi Tuesday, September 10, 2002 9:18 AM vi The ABCs of TCP/IP Data Flow .......................................................................................................24 The TCP/IP Protocol Suite................................................................................... 24 The Network Layer ........................................................................................24 IP ..............................................................................................................25 ARP........................................................................................................... 25 ICMP......................................................................................................... 26 The Transport Layer....................................................................................... 26 TCP ...........................................................................................................26 UDP.......................................................................................................... 27 The Application Layer ...................................................................................27 Data Flow and Header Utilization................................................................ 27 Chapter 3 Internet Governing Bodies and the Standards Process........................................................................................ 31 Internet Governing Bodies ...................................................................................31 Internet Evolution........................................................................................... 32 The IAB and IETF.......................................................................................... 33 The IANA........................................................................................................ 34 Request for Comments.......................................................................................... 34 The Standards Process................................................................................... 35 Draft RFC.................................................................................................. 35 Proposed Standard and Draft Standard................................................. 35 RFC Standard........................................................................................... 35 RFC Details..................................................................................................... 36 RFC Categories......................................................................................... 36 Accessing RFCs............................................................................................... 36 Best Current Practice...................................................................................... 42 Chapter 4 The Internet Protocol and Related Protocols ....................43 The Internet Protocol ...........................................................................................44 Datagrams and Segments ..............................................................................44 Datagrams and Datagram Transmission .......................................................44 Routing ........................................................................................................... 45 The IP Header................................................................................................ 45 Bytes versus Octets................................................................................. 45 Vers Field .................................................................................................46 Hlen Field................................................................................................ 46 Service Type Field................................................................................... 47 Total Length Field ...................................................................................48 Identification and Fragment Offset Fields............................................. 48 Flags Field................................................................................................ 50 Time to Live Field ..................................................................................51 Protocol Field ..........................................................................................51 Header Checksum Field .........................................................................54 Source and Destination Address Fields................................................. 55 Options ....................................................................................................55 End of Option List ..................................................................................56 No Operation........................................................................................... 56 Security..................................................................................................... 56 Loose Source Routing .............................................................................56 AU1463/frame/fm Page vii Tuesday, September 10, 2002 9:18 AM Contents vii Record Route........................................................................................... 57 Stream ID .................................................................................................57 Strict Source Routing ..............................................................................57 IP Addressing ........................................................................................................57 Overview......................................................................................................... 58 The IP Addressing Scheme ...........................................................................59 Address Changes..................................................................................... 59 Rationale ..................................................................................................60 Overview .................................................................................................61 Class A Addresses.......................................................................................... 62 Loopback.................................................................................................. 63 Class B Addresses.......................................................................................... 63 Class C Addresses.......................................................................................... 65 Class D Addresses.......................................................................................... 65 Unicast, Broadcast, and Multicast Comparison ....................................66 Class E Addresses........................................................................................... 67 Dotted Decimal Notation............................................................................... 68 Basic Workstation Configuration................................................................... 69 Reserved Addresses........................................................................................ 73 The WINIPCFG Utility.................................................................................... 74 Subnetting....................................................................................................... 76 Overview.................................................................................................. 76 Subnetting Example................................................................................. 76 Host Restrictions .....................................................................................78 The Zero Subnet .....................................................................................78 Internal versus External Subnet Viewing.............................................. 79 Using the Subnet Mask........................................................................... 80 Multiple Interface Addresses......................................................................... 82 Address Resolution................................................................................................ 84 Ethernet and Token Ring Frame Formats.................................................... 84 LAN Delivery.................................................................................................. 85 Address Resolution Operation....................................................................... 85 ARP Packet Fields.................................................................................... 85 Locating the Required Address ..............................................................86 Gratuitous ARP........................................................................................ 87 Proxy ARP........................................................................................................87 RARP.................................................................................................................87 ICMP........................................................................................................................88 Overview......................................................................................................... 88 The ICMP Type Field..................................................................................... 89 The ICMP Code Field ....................................................................................89 Examining Message Types and Code Field Values ....................................90 Echo Reply............................................................................................... 92 Destination Unreachable......................................................................... 92 Network Unreachable....................................................................... 92 Host Unreachable............................................................................. 92 Protocol Unreachable........................................................................93 Port Unreachable...............................................................................93 Fragmentation Needed and Don’t Fragment Was Set................... 93 Source Route Failed..........................................................................93 AU1463/frame/fm Page viii Tuesday, September 10, 2002 9:18 AM viii The ABCs of TCP/IP Destination Network Unknown....................................................... 93 Source Host Isolated ........................................................................93 Destination Network Is Administratively Prohibited...................... 93 Destination Host Is Administratively Prohibited............................ 94 Destination Network Unreachable for Type of Service.................94 Destination Host Unreachable for Type of Service........................94 Communications Administratively Prohibited..................................94 Host Precedence Violation................................................................94 Precedence Cutoff in Effect............................................................. 94 Source Quench........................................................................................ 94 Redirect......................................................................................................95 Echo...........................................................................................................95 Time Exceeded........................................................................................ 95 Router Advertisement and Solicitation................................................... 95 Parameter Problem...................................................................................95 Timestamp and Timestamp Reply...........................................................96 Information Request and Information Reply.........................................96 Address Mask Request and Reply...........................................................96 Traceback..................................................................................................97 ICMP Vulnerabilities....................................................................................... 97 Chapter 5 The Transport Layer.............................................................. 99 TCP .........................................................................................................................99 The TCP Header........................................................................................... 100 Source and Destination Port Fields ............................................................100 Multiplexing and Demultiplexing......................................................... 101 Port Numbers ........................................................................................102 Well-Known Ports.................................................................................. 105 Registered Ports..................................................................................... 105 Dynamic or Private Ports...................................................................... 107 Sequence and Acknowledgment Number Fields....................................... 107 Hlen Field..................................................................................................... 108 Code Bits Field..............................................................................................108 URG Bit.................................................................................................. 108 ACK Bit................................................................................................... 109 PSH Bit................................................................................................... 109 RST Bit.................................................................................................... 109 SYN Bit................................................................................................... 109 FIN Bit.................................................................................................... 109 Window Field............................................................................................... 109 Checksum Field............................................................................................ 110 Urgent Pointer Field ....................................................................................110 Options......................................................................................................... 111 Padding Field ...............................................................................................112 Connection Establishment............................................................................ 112 Connection Function Calls ..........................................................................112 Port Hiding............................................................................................. 112 Passive OPEN........................................................................................ 113 Active OPEN...........................................................................................113 The Three-Way Handshake .........................................................................114 AU1463/frame/fm Page ix Tuesday, September 10, 2002 9:18 AM Contents ix Overview................................................................................................ 114 Operation................................................................................................114 The TCP Window..........................................................................................116 Avoiding Congestion..............................................................................117 TCP Slow Start....................................................................................... 117 The Slow Start Threshold .....................................................................118 TCP Retransmissions............................................................................. 118 Keep-Alives............................................................................................ 119 Session Termination.............................................................................. 119 TCP Timers ...................................................................................................120 Delayed ACK Timer.............................................................................. 120 Keep-Alive Timer................................................................................... 120 Persist Timer ..........................................................................................121 FIN-WAIT-2 Timer .................................................................................121 UDP ......................................................................................................................121 The UDP Header .........................................................................................121 Source and Destination Port Fields..................................................... 122 Length Field ...........................................................................................122 Checksum Field..................................................................................... 122 Operation ......................................................................................................123 Applications.................................................................................................. 123 Chapter 6 Applications and Built-in Diagnostic Tools .......................125 The DNS................................................................................................................125 Purpose .........................................................................................................126 The Domain Name Structure...................................................................... 126 The Domain Name Tree........................................................................127 Zones and Zone Transfers.....................................................................128 The Name Resolution Process.................................................................... 129 Data Flow................................................................................................130 Message Format......................................................................................132 Identification Field.......................................................................... 132 Flags Field....................................................................................... 133 Number of Questions Field........................................................... 133 Number of Answers Field.............................................................. 134 Answers, Authority, and Additional Information Fields.............. 134 Question Field Composition ................................................................134 Answers Field Composition.................................................................. 134 Time Consideration............................................................................... 135 DNS Records................................................................................................. 135 The SOA Record ...................................................................................136 Checking Records.................................................................................. 137 Diagnostic Tools.................................................................................................. 137 Ping.................................................................................................................137 Operation................................................................................................138 Implementation.......................................................................................138 Using Windows NT Ping...................................................................... 139 Resolution Time Considerations............................................................140 Applications............................................................................................141 Traceroute......................................................................................................141