1.
TCP/IP and EthernetTCP/IP and Ethernet
FundamentalsFundamentals
(For Engineers)(For Engineers)
Leif Bloomquist P.EngLeif Bloomquist P.Eng
December 16, 2009December 16, 2009

2.
““Dr. Seuss” meets NetworkingDr. Seuss” meets Networking
If a packet hits a pocket on a socket on a portIf a packet hits a pocket on a socket on a port
and the bus is interrupted at a very last resort,and the bus is interrupted at a very last resort,
and the access of the memory makes your floppy disk abort,and the access of the memory makes your floppy disk abort,
then the socket packet pocket has an error to report!then the socket packet pocket has an error to report!
The label on the cable on the table at your houseThe label on the cable on the table at your house
says the network is connected to the button on your mouse,says the network is connected to the button on your mouse,
but your packets want to tunnel on another protocol,but your packets want to tunnel on another protocol,
that's repeatedly rejected by the printer down the hall!that's repeatedly rejected by the printer down the hall!
Gene_Ziegler@Cornell.edu

3.
Course OutlineCourse Outline
1.1. The very basicsThe very basics
2.2. The TCP/IP “stack” modelThe TCP/IP “stack” model
3.3. Interfaces and interactionsInterfaces and interactions
4.4. Under the hood: TCP, UDP, ARP, netmasks,Under the hood: TCP, UDP, ARP, netmasks,
broadcasting, dynamic addressesbroadcasting, dynamic addresses
5.5. TradeoffsTradeoffs
6.6. Tools and resourcesTools and resources
7.7. Code examples (Java)Code examples (Java)
8.8. Troubleshooting TCP/IP NetworksTroubleshooting TCP/IP Networks
9.9. ExercisesExercises
10.10. Wireshark Demo (Hands-on)Wireshark Demo (Hands-on)

4.
Why TCP/IP (and Ethernet)?Why TCP/IP (and Ethernet)?
By far the most popular set of networkingBy far the most popular set of networking
protocols – thanks to the Internetprotocols – thanks to the Internet
Finding its way into industrial/control applicationsFinding its way into industrial/control applications
(including our products + systems)(including our products + systems)
IPN – InterPlanetary Network (NASA)IPN – InterPlanetary Network (NASA)

5.
Internet Protocol v4 vs. v6Internet Protocol v4 vs. v6
IPv4: 192.168.1.22IPv4: 192.168.1.22
IPv6: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334IPv6: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
This course focuses on IPv4, IPv6 willThis course focuses on IPv4, IPv6 will
come “eventually”.come “eventually”.
IPv6 uses many of the same concepts andIPv6 uses many of the same concepts and
terminology.terminology.
Much, much larger address space.Much, much larger address space.
Internet providers slow to move over to IPv6.Internet providers slow to move over to IPv6.

6.
The BasicsThe Basics
(What the User Sees)(What the User Sees)
IP Address: 192.168.1.100IP Address: 192.168.1.100
Gateway: 192.168.1.1Gateway: 192.168.1.1
Netmask: 255.255.255.0Netmask: 255.255.255.0
What do these mean, and what goes onWhat do these mean, and what goes on
“under the hood”?“under the hood”?

7.
The Simplest Ethernet NetworkThe Simplest Ethernet Network
Computer #1
IP: 192.168.1.101
Computer #2
IP: 192.168.1.102
Crossover
Cable

8.
A Basic Ethernet NetworkA Basic Ethernet Network
Ethernet
“segment”
Straight-Through
Cable
Usually a Hub or Switch
Computer #1
IP: 192.168.1.101
Computer #2
IP: 192.168.1.102

9.
Exercise: “ping”Exercise: “ping”
ping 192.168.1.102

10.
Exercise: “ping”Exercise: “ping”
1.1. How did ping know what “192.168.1.102” was?How did ping know what “192.168.1.102” was?
2.2. How did it know how to send the data?How did it know how to send the data?
3.3. How did the data get there?How did the data get there?
4.4. How did Computer #2 know where to send theHow did Computer #2 know where to send the
reply?reply?
5.5. How did the reply data get there?How did the reply data get there?

11.
The TCP/IP Stack ModelThe TCP/IP Stack Model

12.
The TCP/IP Stack ModelThe TCP/IP Stack Model
Email, WWW, FTP, etc. (Data)Email, WWW, FTP, etc. (Data)
TCP,UDP,ICMP (Connections or Paths)TCP,UDP,ICMP (Connections or Paths)
IP (Packets)IP (Packets)
Ethernet (Frames)Ethernet (Frames)
Cable (Bits / Voltages)Cable (Bits / Voltages)Physical
Data Link
Network
Transport
Application
OSI (7 layers) vs. TCP (5 layers)OSI (7 layers) vs. TCP (5 layers)

13.
Layers “talk” to their equivalent on either endLayers “talk” to their equivalent on either end
Physical
Data Link
Network
Transport
Application
Physical
Data Link
Network
Transport
Application
Virtual
Connection
Physical
Connection
Computer AComputer A Computer BComputer B

14.
Who Provides Which Parts?Who Provides Which Parts?
Physical
Data Link
Network
Transport
Application
Your program!
Operating System
Network Card
Physical Cable

15.
A Basic Ethernet NetworkA Basic Ethernet Network
Ethernet
“segment”
Straight-Through
Cable
Usually a Hub or Switch
Computer #1
IP: 192.168.1.101
MAC: 00-90-4B-1F-13-17
Computer #2
IP: 192.168.1.102
MAC: 00-90-4B-14-23-65

16.
A More Complete Ethernet NetworkA More Complete Ethernet Network
Computer #1
192.168.1.101
MAC: 00-90-4B-1F-13-17
Gateway
Private IP: 192.168.1.1
MAC: 00-40-41-14-20-61
Public IP: 216.3.6.99
MAC: 00-30-44-17-95-45Computer #3
192.168.1.103
MAC: 00-80-1B-34-55-16
Other
Segment
s
(Internet)
Computer #2
192.168.1.102
MAC: 00-90-4B-14-23-65

17.
Exercise: “ping”Exercise: “ping”
ping www.google.ca

18.
Exercise: “ping”Exercise: “ping”
1.1. How did ping know whereHow did ping know where www.google.cawww.google.ca was?was?
2.2. What data did it send?What data did it send?
3.3. How did it know where to send the data?How did it know where to send the data?
4.4. How did the data get there?How did the data get there?
5.5. How did Google know where to send the reply?How did Google know where to send the reply?
6.6. How did the data get here?How did the data get here?

19.
Interfaces and InteractionsInterfaces and Interactions
between layersbetween layers

20.
InterfacesInterfaces andand interactionsinteractions between layersbetween layers
Physical
Data Link
Network
Transport
Application
Sockets and Ports
Encapsulation and Routing
Address Resolution Protocol (ARP)
Carrier Sense Multiple Access

21.
Sockets and PortsSockets and Ports
Provide logical endpoints for communication.Provide logical endpoints for communication.
1003
1004
…
…
PortsSockets
Independent ports for TCP and UDPIndependent ports for TCP and UDP
Ports can be 0-65535 but most < 1024 are definedPorts can be 0-65535 but most < 1024 are defined
1002 Application 1
Application 2
1001

22.
Data Link
EncapsulationEncapsulation
Network
Transport
Application
All layers have a “header” followed by dataAll layers have a “header” followed by data
Higher-level layers reside inside data area of lower layer
High-level packets are broken up across lower-level packets if needed

23.
Under the HoodUnder the Hood

24.
Transport Control Protocol (TCP)Transport Control Protocol (TCP)
““Phone call”Phone call”
Guarantees delivery and packet order.Guarantees delivery and packet order.
Heartbeats, ACKs and timeouts built-in.Heartbeats, ACKs and timeouts built-in.
More background “stuff” on network.More background “stuff” on network.
Use when the data must arrive, but timing isUse when the data must arrive, but timing is
not important.not important.

25.
User Datagram Protocol (UDP)User Datagram Protocol (UDP)
““Postcard”Postcard”
No guarantees.No guarantees.
Heartbeats, checksums, ACKs and timeoutsHeartbeats, checksums, ACKs and timeouts
provided by...you! (if needed)provided by...you! (if needed)
Question:Question: Which layer?Which layer?
Use when fast/predictable delivery is need,Use when fast/predictable delivery is need,
but can tolerate lost or out-of order of data.but can tolerate lost or out-of order of data.

26.
Internet Control Message ProtocolInternet Control Message Protocol
(ICMP)(ICMP)
Diagnostics, errors, routingDiagnostics, errors, routing
Not typically used by end-user applications.Not typically used by end-user applications.
i.e.: pingi.e.: ping

27.
BroadcastingBroadcasting
Ethernet: FF:FF:FF:FF:FFEthernet: FF:FF:FF:FF:FF
Only to local Ethernet segmentOnly to local Ethernet segment
IP: Bit Compliment of Netmask, OR’d withIP: Bit Compliment of Netmask, OR’d with
the IP addressthe IP address
Exercise: Work out Broadcast addressExercise: Work out Broadcast address
Question:Question: This only makes sense for UDP. Why?This only makes sense for UDP. Why?

28.
CSMA/CDCSMA/CD
Prevents multiple computers accessing the physical layer simultaneouslyPrevents multiple computers accessing the physical layer simultaneously..
Collision DetectionCollision Detection
JammingJamming
Random back-off and retryRandom back-off and retry
Hence, not a “true” real-time busHence, not a “true” real-time bus
Rarely an issue with modern hubs – intelligent devicesRarely an issue with modern hubs – intelligent devices

29.
Address Resolution ProtocolAddress Resolution Protocol
Maps between IP addresses to MAC addresses.Maps between IP addresses to MAC addresses.
1.1. Sender sends aSender sends a broadcastbroadcast, asking for the holder of the, asking for the holder of the
destination IP to respond. (destination IP to respond. (QuestionQuestion: On which layer?): On which layer?)
2.2. Destination replies directly to sender to indicate that itDestination replies directly to sender to indicate that it
holds the desired IP address.holds the desired IP address.
3.3. Sender sends the data, and caches that IP/MACSender sends the data, and caches that IP/MAC
mapping formapping for 5 minutes5 minutes (Windows default)(Windows default)
QuestionQuestion: What’s the MAC address for: What’s the MAC address for www.google.cawww.google.ca ??
(Not what you might think)(Not what you might think)

30.
Dynamic Host Control ProtocolDynamic Host Control Protocol
Assigns IP addresses dynamically.Assigns IP addresses dynamically.
Addresses are dispensed+managed by aAddresses are dispensed+managed by a DHCP ServerDHCP Server..
Computer sends aComputer sends a broadcastbroadcast, asking for an IP address., asking for an IP address.
((QuestionQuestion: On which layer?): On which layer?)
DHCP Server replies and assigns the computer an IPDHCP Server replies and assigns the computer an IP
address to begin using.address to begin using.
DHCP Server typically remembers computers by MACDHCP Server typically remembers computers by MAC
and sets same IP later, but not guaranteed.and sets same IP later, but not guaranteed.

31.
NetmasksNetmasks
Used to filter out which IP addresses are on your segment,Used to filter out which IP addresses are on your segment,
and which are notand which are not
192.168.1.102 = 11000000 10101000 00000001 1100110192.168.1.102 = 11000000 10101000 00000001 1100110
255.255.255.0 = 11111111 11111111 11111111 0000000255.255.255.0 = 11111111 11111111 11111111 0000000
Boolean AND: 11000000 10101000 00000001 0000000Boolean AND: 11000000 10101000 00000001 0000000
Therefore, any IP address starting with 192.168.1.___ is onTherefore, any IP address starting with 192.168.1.___ is on
the local network.the local network.
All others are external and data is sent to the router.All others are external and data is sent to the router.

32.
Network Address Translation (NAT)Network Address Translation (NAT)
Question:Question:
From the outside, how do you send aFrom the outside, how do you send a
packet to a specific machine on a LAN?packet to a specific machine on a LAN?

33.
TradeoffsTradeoffs
TCP vs. UDPTCP vs. UDP
DHCP vs. Static AddressingDHCP vs. Static Addressing
Blocking vs. Non-blockingBlocking vs. Non-blocking
Cable lengthsCable lengths
Understanding Latency vs. ThroughputUnderstanding Latency vs. Throughput

34.
Special IP AddressesSpecial IP Addresses
127.0.0.x – Loopback127.0.0.x – Loopback
192.168.x.x - LANs192.168.x.x - LANs
10.x.x.x – LANs10.x.x.x – LANs
172.16.x.x to 172.31.x.x - LANs172.16.x.x to 172.31.x.x - LANs
169.254.x.x – DHCP Fall-back169.254.x.x – DHCP Fall-back

35.
WirelessWireless
Ad-hoc vs. Access PointAd-hoc vs. Access Point
QuestionsQuestions::
What layer does this handle?What layer does this handle?
What are the implications?What are the implications?

36.
““Tunneling”Tunneling”
Encapsulate one protocol inside another –Encapsulate one protocol inside another –
at an equal or higher layerat an equal or higher layer

37.
FirewallsFirewalls
Filter out packets by port and typeFilter out packets by port and type
Allows incoming packets in response to anAllows incoming packets in response to an
outgoing packet throughoutgoing packet through
Often used in conjunction with NATOften used in conjunction with NAT

38.
ToolsTools
OS tools – ping, netstat, i[p|f]config,OS tools – ping, netstat, i[p|f]config,
traceroute, nslookuptraceroute, nslookup
““Packet sniffer” software – puts networkPacket sniffer” software – puts network
card intocard into promiscuous modepromiscuous mode – all packets– all packets
visible -visible -

EtherealEthereal

WiresharkWireshark

39.
ResourcesResources
IETF –IETF – www.ietf.orgwww.ietf.org
Wikipedia (with caution)Wikipedia (with caution)

40.
Sending UDP in JavaSending UDP in Java
try try
{{
String host = "www.host.com"; String host = "www.host.com";
int port = 3000; int port = 3000;
byte[] message = “Hello World".getBytes(); byte[] message = “Hello World".getBytes();
// Get the internet address of the specified host // Get the internet address of the specified host
InetAddress address = InetAddress.getByName(host); InetAddress address = InetAddress.getByName(host);
// Initialize a datagram packet with data and address // Initialize a datagram packet with data and address
DatagramPacket packet = new DatagramPacket(message, message.length DatagramPacket packet = new DatagramPacket(message, message.length
, address, port);, address, port);
// Create a datagram socket, send the packet through it, close it. // Create a datagram socket, send the packet through it, close it.
DatagramSocket dsocket = new DatagramSocket(); DatagramSocket dsocket = new DatagramSocket();
dsocket.send(packet); dsocket.send(packet);
dsocket.close(); dsocket.close();
} }
catch (Exception e) catch (Exception e)
{{
System.err.println(e); System.err.println(e);
} }

41.
Receiving UDP in JavaReceiving UDP in Java
trytry
{{
int port = 3000; int port = 3000;
DatagramSocket socket = new DatagramSocket(port); DatagramSocket socket = new DatagramSocket(port);
// Create a packet object. // Create a packet object.
DatagramPacket packet = new DatagramPacket(new byte[256],256);DatagramPacket packet = new DatagramPacket(new byte[256],256);
// Loop Forever, waiting for packets.// Loop Forever, waiting for packets.
while (true) while (true)
{{
socket.receive(packet); // This blocks! socket.receive(packet); // This blocks!
// Handle it// Handle it
handlePacket(packet);handlePacket(packet);
}}
}}
catch (SocketException ex)catch (SocketException ex)
{{
ex.printStackTrace();ex.printStackTrace();
System.exit(1);System.exit(1);
}}

42.
Debugging TCP/IP NetworksDebugging TCP/IP Networks
Bugs in your program?Bugs in your program?
Protocols, ports, match? Any firewalls in the way? IsProtocols, ports, match? Any firewalls in the way? Is
routing set up properly?routing set up properly?
Are all IP addresses, netmasks set correctly?Are all IP addresses, netmasks set correctly?
Ethernet send/receive? (need sniffer)Ethernet send/receive? (need sniffer)
Are the cables undamaged and plugged in? Are hubsAre the cables undamaged and plugged in? Are hubs
powered? Do you have Link lights?powered? Do you have Link lights?Physical
Data Link
Network
Transport
Application
Recommended approach:Recommended approach:
Start at the lowest layer and work “up”.Start at the lowest layer and work “up”.

43.
Other TopicsOther Topics
WindowingWindowing
Domain Name SystemDomain Name System
RoutingRouting
SpoofingSpoofing
StreamingStreaming

44.
ExercisesExercises
1.1. Devise a method for measuring the latency ofDevise a method for measuring the latency of
a TCP/IP and Ethernet link.a TCP/IP and Ethernet link.
2.2. Devise a method for measuring the throughputDevise a method for measuring the throughput
of a TCP/IP and Ethernet link.of a TCP/IP and Ethernet link.
3.3. Debugging: Computer cannot be accessed orDebugging: Computer cannot be accessed or
pinged, but ARP is functioning. Why?pinged, but ARP is functioning. Why?

45.
Wireshark DemoWireshark Demo