Chapter 2

How TCP/IP Works

• How TCP/IP and IPX Work on Intranets
• How the OSI Model Works
• How TCP/IP Packets Are Processed

As we saw in Chapter 1 an intranet is a private network built using the Internet's technology and communication protocols. At the heart of this technology-and what makes all intranet communications possible-are two protocols for exchanging information: The Transmission Control Protocol (TCP) and the Internet Protocol (IP). Together, these protocols are known as TCP/IP. They are separate protocols, not a single one, although they are tightly woven together to allow for the most efficient communications.

These two protocols perform their magic by doing something that seems deceptively simple. They break data into sections called packets, deliver those packets to the proper destinations on an intranet (or onto the Internet), and after they've been delivered, they reassemble the packets into their original form so that they can be viewed and used by the recipient. TCP performs the work of separating the data into packets and reassembling it, while IP is responsible for making sure that the packets are sent to the right destination.

TCP/IP is used because intranets (and the Internet) are what is known as packet-switched networks. In a packet-switched network, information is sent in many small packets over many different routes at the same time and reassembled at the receiving end. Because packet-switched networks can always use the most efficient means of delivery by tapping into unused network resources, they make the best use of the network's resources.

By contrast, the telephone system is a circuit-switched network. In a circuit-switched network, there is a single, unbroken connection between the sender and the receiver. Once a connection is made to a resource on the network (as with a telephone call), even if no data is being sent (such as when a call is on hold), that physical connection remains exclusively dedicated to that single connection.

In order for personal computers to take full advantage of intranets, they need to use TCP/IP protocols. Winsock functions as an intermediary between the personal computers and intranet (and Internet) hosts. For Macintoshes, the software is called Mac/TCP. Winsock is an application program interface (API) that handles the sending and receiving data to the TCP/IP systems.

An intranet may not be the only network used within a corporation. An intranet may be connected to other corporate networks, in particular to NetWare-based networks. When this happens, the intranet can be used as a way to route data between the NetWare networks. To do this a NetWare network sends packets of data, and essentially disguises its own network protocols inside IP packets, and then uses IP protocols to send the data from one network to another. When an intranet is used like this, it is referred to as IP tunneling.

How TCP/IP and IPX Work on Intranets

What distinguishes an intranet from any other kind of private network is that it is based on TCP/IP-the same protocols that apply to the Internet. TCP/IP refers to two protocols that work together to deliver data: the Transmission Control Protocol (TCP) and the Internet Protocol (IP). When you send information across an intranet, the data is broken into small packets. The packets are sent independently through a series of switches called routers. Once all the packets arrive at their destination, they are recombined into their original form. The Transmission Control Protocol breaks the data into packets and recombines them on the receiving end. The Internet Protocol handles the routing of the data and makes sure it gets sent to the proper destination.

1. In some companies, there may be a mix of TCP/IP-based intranets and networks based on other networking technology, such as NetWare. In that instance, the TCP/IP technology of an intranet can be used to send data between NetWare or other networks, using a technique called IP tunneling. In this instance, we'll look at data being sent from one NetWare network to another, via an intranet. NetWare networks use the IPX (Internet Packet Exchange) protocol as a way to deliver data-and TCP/IP networks can't recognize that protocol. To get around this, when an IPX packet is to be sent across an intranet, it is first encapsulated inside an IP packet by a NetWare server specifically for and dedicated to providing the IP transport mechanism for IPX packets.
2. Data sent within an intranet must be broken up into packets of less than 1,500 characters each. TCP breaks the data into packets. As it creates each packet, it calculates and adds a checksum to the packet. The checksum is based on the byte values, that is, the precise amount of data in the packet.
3. Each packet, along with the checksum, is put into separate IP wrappers or "envelopes." These wrappers contain information that details exactly where on the intranet-or the Internet-the data is to be sent. All of the wrappers for a given piece of data have the same addressing information so that they can all be sent to the same location for reassembly.
4. The packets travel between networks by intranet routers. Routers examine all IP wrappers and look at their addresses. These routers determine the most efficient path for sending each packet to its final destination. Since the traffic load on an intranet often changes, the packets may be sent along different routes, and the packets may arrive out of order. If the router sees the address is one located inside the intranet, the packet may be sent directly to its destination, or it may instead be sent to another router. If the address is located out on the Internet, it will be sent to another router so it can be sent across the Internet.
5. As the packets arrive at their destination, TCP calculates a checksum for each packet. It then compares this checksum with the checksum that has been sent in the packet. If the checksums don't match, TCP knows that the data in the packet has been corrupted during transmission. It then discards the packet and asks that the original packet be retransmitted.
6. TCP includes the ability to check packets and to determine that all the packets have been received. When all the non-corrupt packets are received, TCP assembles them into their original, unified form. The header information of the packets relays the sequence of how to reassemble the packets.
7. An intranet treats the IP packet as it would any other, and routes the packet to the receiving NetWare network. On the receiving NetWare network, a NetWare TCP/IP server decapsulates the IP packet-it discards the IP packet, and reads the original IPX packet. It can now use the IPX protocol to deliver the data to the proper destination.

How the OSI Model Works

A group called the International Standards Organization (ISO) has put together the Open Systems Interconnect (OSI) Reference Model, which is a model that describes seven layers of protocols for computer communications. These layers don't know or care what is on adjacent layers. Each layer, essentially, only sees the reciprocal layer on the other side. The sending application layer sees and talks to the application layer on the destination side. That conversation takes place irrespective of, for example, what structure exists at the physical layer, such as Ethernet or Token Ring. TCP combines the OSI model's application, presentation, and session layers into one which is also called the application layer.

• The application layer refers to application interfaces, not programs like word processing. MHS (Message Handling Service) is such an interface and it operates at this level of the OSI model. Again, this segmentation and interface approach means that a variety of email programs can be used on an intranet so long as they conform to the MHS standard at this application interface level.
• The presentation layer typically simply provides a standard interface between the application layer and the network layers. This type of segmentation allows for the great flexibility of the OSI model since applications can vary endlessly, but, as long as the results conform to this standard interface, the applications need not be concerned with any of the other layers.
• The session layer allows for the communication between sender and destination. These conversations avoid confusion by speaking in turn. A token is passed to control and to indicate which side is allowed to speak. This layer executes transactions, like saving a file. If something prevents it from completing the save, the session layer, which has a record of the original state, returns to the original state rather than allowing a corrupt or incomplete transaction to occur.
• The transport layer segments the data into acceptable packet sizes and is responsible for data integrity of packet segments. There are several levels of service that can be implemented at this layer, including segmenting and reassembly, error recovery, flow control, and others.
• The IP wrapper is put around the packet at the network or Internet layer. The header includes the source and destination addresses, the sequence order, and other data necessary for correct routing and rebuilding at the destination.
• The data-link layer frames the packets-for example, for use with the PPP (Point to Point). It also includes the logical link portion of the MAC sublayer of the IEEE 802.2, 802.3 and other standards.
• Ethernet and Token Ring are the two most common physical layer protocols. They function at the MAC (Media Access Control) level and move the data over the cables based on the physical address on each NIC (Network Interface Card). The physical layer includes the physical components of the IEEE 802.3 and other specifications.

How TCP/IP Packets Are Processed

Protocols such as TCP/IP determine how computers communicate with each other over networks such as the Internet. These protocols work in concert with each other, and are layered on top of one another in what is commonly referred to as a protocol stack. Each layer of the protocol is designed to accomplish a specific purpose on both the sending and receiving computers. The TCP stack combines the application, presentation, and the session layers into a single layer also called the application layer. Other than that change, it follows the OSI model. The illustration below shows the wrapping process that occurs to transmit data.

• The TCP application layer formats the data being sent so that the layer below it, the transport layer, can send the data. The TCP application layer performs the equivalent actions that the top three layers of OSI perform: the application, presentation, and session layers.
• The next layer down is the transport layer, which is responsible for transferring the data, and ensures that the data sent and the data received are in fact the same data-in other words, that there have been no errors introduced during the sending of the data. TCP divides the data it gets from the application layer into segments. It attaches a header to each segment. The header contains information that will be used on the receiving end to ensure that the data hasn't been altered en route, and that the segments can be properly recombined into their original form.
• The third layer prepares the data for delivery by putting them into IP datagrams, and determining the proper Internet address for those datagrams. The IP protocol works in the Internet layer, also called the network layer. It puts an IP wrapper with a header onto each segment. The IP header includes information such as the IP address of the sending and receiving computers, and the length of the datagram, and the sequence order of the datagram. The sequence order is added because the datagram could conceivably exceed the size allowed for network packets, and so would need to be broken into smaller packets. Including the sequence order will allow them to be recombined properly.
• The Internet layer checks the IP header and checks to see whether the packet is a fragment. If it is, it puts together fragments back into the original datagram. It strips off the IP header, and then sends the datagram to the transport layer.
• The transport layer looks at the remaining header to decide which application layer protocol-TCP or UDP-should get the data. Then the proper protocol strips off the header and sends the data to the receiving application.
• The application layer gets the data and performs, in this case, an HTTP request.
• The next layer down, the data link layer, uses protocols such as the Point-to-Point Protocol (PPP) to put the IP datagram into a frame. This is done by putting a header-the third header, after the TCP header and the IP header-and a footer around the IP datagram to fra-me it. Included in the frame header is a CRC check that checks for errors in the data as the data travels over the network.
• The data-link layer ensures that the CRC for the frame is right, and that the data hasn't been altered while it was sent. It strips off the frame header and the CRC, and sends the frame to the Internet layer.
• On the receiving computer, the packet travels through the stack, but in the opposite order from which the packet was created. In other words, it starts at the bottom layer, and moves its way up through the protocol stack. As it moves up, each layer strips off the header information that was added by the TCP/IP stack of the sending computer.
• The final layer is the physical network layer, which specifies the physical characteristics of the network being used to send data. It describes the actual hardware standards, such as the Ethernet specification. The layer receives the frames from the data link layer, and translates the IP addresses there into the hardware addresses required for the specific network being used. Finally, the layer sends the frame over the network.
• The physical network layer receives the packet. It translates the hardware address of the sender and receiver into IP addresses. Then it sends the frame up to the data link layer.