Learning Resources
 

TCP IP Protocols and Ports


Protocols:

Network protocols are standards that allow computers to communicate. A protocol defines how computers identify one another on a network, the form that the data should take in transit, and how this information is processed once it reaches its final destination. Protocols also define procedures for handling lost or damaged transmissions or "packets." TCP/IP (for UNIX, Windows NT, Windows 95 and other platforms), IPX (for Novell NetWare), DECnet (for networking Digital Equipment Corp. computers), AppleTalk (for Macintosh computers), and NetBIOS/NetBEUI (for LAN Manager and Windows NT networks) are the main types of network protocols in use today.

Although each network protocol is different, they all share the same physical cabling. This common method of accessing the physical network allows multiple protocols to peacefully coexist over the network media, and allows the builder of a network to use common hardware for a variety of protocols. This concept is known as "protocol independence,"

Some Important Protocols and their job:

Protocol Acronym Its Job
Point-To-Point TCP/IP The backbone protocol of the internet. Popular also for intranets using the internet
Transmission Control Protocol/internet Protocol TCP/IP The backbone protocol of the internet. Popular also for intranets using the internet
Internetwork Package Exchange/Sequenced Packet Exchange IPX/SPX This is a standard protocol for Novell Network Operating System
NetBIOS Extended User Interface NetBEUI This is a Microsoft protocol that doesn't support routing to other networks
File Transfer Protocol FTP Used to send and receive files from a remote host
Hyper Text Transfer Protocol HTTP Used for the web to send documents that are encoded in HTML.
Network File Services NFS Allows network nodes or workstations to access files and drives as if they were their own.
Simple Mail Transfer Protocol SMTP Used to send Email over a network
Telnet   Used to connect to a host and emulate a terminal that the remote server can recognize

 

TCP stands for Transmission Control Protocol and IP stands for Internet Protocol. The term TCP/IP is not limited just to these two protocols, however. Frequently, the term TCP/IP is used to refer to a group of protocols related to the TCP and IP protocols such as the User Datagram Protocol (UDP), File Transfer Protocol (FTP), Terminal Emulation Protocol (TELNET), and so on.

The Origins of TCP/IP

In the late 1960s, DARPA (the Defense Advanced Research Project Agency), in the United States, noticed that there was a rapid proliferation of computers in military communications. Computers, because they can be easily programmed, provide flexibility in achieving network functions that is not available with other types of communications equipment. The computers then used in military communications were manufactured by different vendors and were designed to interoperate with computers from that vendor only. Vendors used proprietary protocols in their communications equipment. The military had a multi vendor network but no common protocol to support the heterogeneous equipment from different vendors


The Internet protocol suite is the set of communications protocols used for the Internet and similar networks, and generally the most popular protocol stack for wide area networks. It is commonly known as TCP/IP, because of its most important protocols: Transmission Control Protocol (TCP) and Internet Protocol (IP), which were the first networking protocols defined in this standard. It is occasionally known as the DoD model due to the foundational influence of the ARPANET in the 1970s (operated by DARPA, an agency of the United States Department of Defense).

TCP/IP provides end-to-end connectivity specifying how data should be formatted, addressed, transmitted, routed and received at the destination. It has four abstraction layers, each with its own protocols.From lowest to highest, the layers are:

  • The link layer (commonly Ethernet) contains communication technologies for a local network.
  • The internet layer (IP) connects local networks, thus establishing internetworking.
  • The transport layer (TCP) handles host-to-host communication.
  • The application layer (for example HTTP) contains all protocols for specific data communications services on a process-to-process level (for example how a web browser communicates with a web server).


The TCP/IP model and related protocols are maintained by the (IETF) or Internet Engineering Task Force.

Layers in the Internet protocol suite
The Internet protocol suite uses encapsulation to provide abstraction of protocols and services. Encapsulation is usually aligned with the division of the protocol suite into layers of general functionality. In general, an application (the highest level of the model) uses a set of protocols to send its data down the layers, being further encapsulated at each level.

The "layers" of the protocol suite near the top are logically closer to the user application, while those near the bottom are logically closer to the physical transmission of the data. Viewing layers as providing or consuming a service is a method of abstraction to isolate upper layer protocols from the nitty-gritty detail of transmitting bits over, for example, Ethernet and collision detection, while the lower layers avoid having to know the details of each and every application and its protocol.

Even when the layers are examined, the assorted architectural documents—there is no single architectural model such as ISO 7498, the Open Systems Interconnection (OSI) model—have fewer and less rigidly defined layers than the OSI model, and thus provide an easier fit for real-world protocols. In point of fact, one frequently referenced document, RFC 1958, does not contain a stack of layers. The lack of emphasis on layering is a strong difference between the IETF and OSI approaches. It only refers to the existence of the "internetworking layer" and generally to "upper layers"; this document was intended as a 1996 "snapshot" of the architecture: "The Internet and its architecture have grown in evolutionary fashion from modest beginnings, rather than from a Grand Plan. While this process of evolution is one of the main reasons for the technology's success, it nevertheless seems useful to record a snapshot of the current principles of the Internet architecture."

RFC 1122, entitled Host Requirements, is structured in paragraphs referring to layers, but the document refers to many other architectural principles not emphasizing layering. It loosely defines a four-layer model, with the layers having names, not numbers, as follows:

  • Application layer (process-to-process): This is the scope within which applications create user data and communicate this data to other processes or applications on another or the same host. The communications partners are often called peers. This is where the "higher level" protocols such as SMTP, FTP, SSH, HTTP, etc. operate.
  • Transport layer (host-to-host): The transport layer constitutes the networking regime between two network hosts, either on the local network or on remote networks separated by routers. The transport layer provides a uniform networking interface that hides the actual topology (layout) of the underlying network connections. This is where flow-control, error-correction, and connection protocols exist, such as TCP. This layer deals with opening and maintaining connections between Internet hosts.
  • Internet layer (internetworking): The internet layer has the task of exchanging datagrams across network boundaries. It is therefore also referred to as the layer that establishes internetworking, indeed, it defines and establishes the Internet. This layer defines the addressing and routing structures used for the TCP/IP protocol suite. The primary protocol in this scope is the Internet Protocol, which defines IP addresses. Its function in routing is to transport datagrams to the next IP router that has the connectivity to a network closer to the final data destination.
  • Link layer: This layer defines the networking methods within the scope of the local network link on which hosts communicate without intervening routers. This layer describes the protocols used to describe the local network topology and the interfaces needed to affect transmission of Internet layer datagrams to next-neighbor hosts. (cf. the OSI data link layer).

The Internet protocol suite and the layered protocol stack design were in use before the OSI model was established. Since then, the TCP/IP model has been compared with the OSI model in books and classrooms, which often results in confusion because the two models use different assumptions, including about the relative importance of strict layering.

This abstraction also allows upper layers to provide services that the lower layers cannot, or choose not, to provide. Again, the original OSI model was extended to include connectionless services (OSIRM CL). For example, IP is not designed to be reliable and is a best effort delivery protocol. This means that all transport layer implementations must choose whether or not to provide reliability and to what degree. UDP provides data integrity (via a checksum) but does not guarantee delivery; TCP provides both data integrity and delivery guarantee (by retransmitting until the receiver acknowledges the reception of the packet).

This model lacks the formalism of the OSI model and associated documents, but the IETF does not use a formal model and does not consider this a limitation, as in the comment by David D. Clark, "We reject: kings, presidents and voting. We believe in: rough consensus and running code." Criticisms of this model, which have been made with respect to the OSI model, often do not consider ISO's later extensions to that model.

  1. For multiaccess links with their own addressing systems (e.g. Ethernet) an address mapping protocol is needed. Such protocols can be considered to be below IP but above the existing link system. While the IETF does not use the terminology, this is a subnetwork dependent convergence facility according to an extension to the OSI model, the internal organization of the network layer (IONL).
  2. ICMP & IGMP operate on top of IP but do not transport data like UDP or TCP. Again, this functionality exists as layer management extensions to the OSI model, in its Management Framework (OSIRM MF)
  3. The SSL/TLS library operates above the transport layer (uses TCP) but below application protocols. Again, there was no intention, on the part of the designers of these protocols, to comply with OSI architecture.
  4. The link is treated like a black box here. This is fine for discussing IP (since the whole point of IP is it will run over virtually anything). The IETF explicitly does not intend to discuss transmission systems, which is a less academic but practical alternative to the OSI model.

The following is a description of each layer in the TCP/IP networking model starting from the lowest level.

Link layer
The link layer is the networking scope of the local network connection to which a host is attached. This regime is called the link in Internet literature. This is the lowest component layer of the Internet protocols, as TCP/IP is designed to be hardware independent. As a result TCP/IP is able to be implemented on top of virtually any hardware networking technology.

The link layer is used to move packets between the Internet layer interfaces of two different hosts on the same link. The processes of transmitting and receiving packets on a given link can be controlled both in the software device driver for the network card, as well as on firmware or specialized chipsets. These will perform data link functions such as adding a packet header to prepare it for transmission, then actually transmit the frame over a physical medium. The TCP/IP model includes specifications of translating the network addressing methods used in the Internet Protocol to data link addressing, such as Media Access Control (MAC), however all other aspects below that level are implicitly assumed to exist in the link layer, but are not explicitly defined.

This is also the layer where packets may be selected to be sent over a virtual private network or other networking tunnel. In this scenario, the link layer data may be considered application data which traverses another instantiation of the IP stack for transmission or reception over another IP connection. Such a connection, or virtual link, may be established with a transport protocol or even an application scope protocol that serves as a tunnel in the link layer of the protocol stack. Thus, the TCP/IP model does not dictate a strict hierarchical encapsulation sequence.

Internet layer
The internet layer has the responsibility of sending packets across potentially multiple networks. Internetworking requires sending data from the source network to the destination network. This process is called routing.

In the Internet protocol suite, the Internet Protocol performs two basic functions:

  • Host addressing and identification: This is accomplished with a hierarchical addressing system (see IP address).
  • Packet routing: This is the basic task of sending packets of data (datagrams) from source to destination by sending them to the next network node (router) closer to the final destination.

The internet layer is not only agnostic of application data structures as the transport layer, but it also does not distinguish between operation of the various transport layer protocols. So, IP can carry data for a variety of different upper layer protocols. These protocols are each identified by a unique protocol number: for example, Internet Control Message Protocol (ICMP) and Internet Group Management Protocol (IGMP) are protocols 1 and 2, respectively.

Some of the protocols carried by IP, such as ICMP (used to transmit diagnostic information about IP transmission) and IGMP (used to manage IP Multicast data) are layered on top of IP but perform internetworking functions. This illustrates the differences in the architecture of the TCP/IP stack of the Internet and the OSI model.

The internet layer only provides an unreliable datagram transmission facility between hosts located on potentially different IP networks by forwarding the transport layer datagrams to an appropriate next-hop router for further relaying to its destination. With this functionality, the internet layer makes possible internetworking, the interworking of different IP networks, and it essentially establishes the Internet. The Internet Protocol is the principal component of the internet layer, and it defines two addressing systems to identify network hosts computers, and to locate them on the network. The original address system of the ARPANET and its successor, the Internet, is Internet Protocol version 4 (IPv4). It uses a 32-bit IP address and is therefore capable of identifying approximately four billion hosts. This limitation was eliminated by the standardization of Internet Protocol version 6 (IPv6) in 1998, and beginning production implementations in approximately 2006.

Transport layer
The transport layer establishes host-to-host connectivity, meaning it handles the details of data transmission that are independent of the structure of user data and the logistics of exchanging information for any particular specific purpose. Its responsibility includes end-to-end message transfer independent of the underlying network, along with error control, segmentation, flow control, congestion control, and application addressing (port numbers). End to end message transmission or connecting applications at the transport layer can be categorized as either connection-oriented, implemented in TCP, or connectionless, implemented in UDP.

The transport layer can be thought of as a transport mechanism, e.g., a vehicle with the responsibility to make sure that its contents (passengers/goods) reach their destination safely and soundly, unless another protocol layer is responsible for safe delivery. The layer simply establishes a basic data channel that an application uses in its task-specific data exchange.

For this purpose the layer establishes the concept of the port, a numbered logical construct allocated specifically for each of the communication channels an application needs. For many types of services, these port numbers have been standardized so that client computers may address specific services of a server computer without the involvement of service announcements or directory services.

Since IP provides only a best effort delivery, the transport layer is the first layer of the TCP/IP stack to offer reliability. IP can run over a reliable data link protocol such as the High-Level Data Link Control (HDLC).

For example, the TCP is a connection-oriented protocol that addresses numerous reliability issues to provide a reliable byte stream:

  • data arrives in-order
  • data has minimal error (i.e. correctness)
  • duplicate data is discarded
  • lost/discarded packets are resent
  • includes traffic congestion control


The newer Stream Control Transmission Protocol (SCTP) is also a reliable, connection-oriented transport mechanism. It is message-stream-oriented — not byte-stream-oriented like TCP — and provides multiple streams multiplexed over a single connection. It also provides multi-homing support, in which a connection end can be represented by multiple IP addresses (representing multiple physical interfaces), such that if one fails, the connection is not interrupted. It was developed initially for telephony applications (to transport SS7 over IP), but can also be used for other applications.

User Datagram Protocol is a connectionless datagram protocol. Like IP, it is a best effort, "unreliable" protocol. Reliability is addressed through error detection using a weak checksum algorithm. UDP is typically used for applications such as streaming media (audio, video, Voice over IP etc.) where on-time arrival is more important than reliability, or for simple query/response applications like DNS lookups, where the overhead of setting up a reliable connection is disproportionately large. Real-time Transport Protocol (RTP) is a datagram protocol that is designed for real-time data such as streaming audio and video.

The applications at any given network address are distinguished by their TCP or UDP port. By convention certain well known ports are associated with specific applications. (See List of TCP and UDP port numbers.)
Application layer

The application layer contains the higher-level protocols used by most applications for network communication. Examples of application layer protocols include the File Transfer Protocol (FTP) and the Simple Mail Transfer Protocol (SMTP). Data coded according to application layer protocols are then encapsulated into one or (occasionally) more transport layer protocols (such as TCP or UDP), which in turn use lower layer protocols to effect actual data transfer.

Since the IP stack defines no layers between the application and transport layers, the application layer must include any protocols that act like the OSI's presentation and session layer protocols. This is usually done through libraries.

Application layer protocols generally treat the transport layer (and lower) protocols as black boxes which provide a stable network connection across which to communicate, although the applications are usually aware of key qualities of the transport layer connection such as the end point IP addresses and port numbers. As noted above, layers are not necessarily clearly defined in the Internet protocol suite. Application layer protocols are most often associated with client–server applications, and the commoner servers have specific ports assigned to them by the IANA: HTTP has port 80; Telnet has port 23; etc. Clients, on the other hand, tend to use ephemeral ports, i.e. port numbers assigned at random from a range set aside for the purpose.

Transport and lower level layers are largely unconcerned with the specifics of application layer protocols. Routers and switches do not typically "look inside" the encapsulated traffic to see what kind of application protocol it represents, rather they just provide a conduit for it. However, some firewall and bandwidth throttling applications do try to determine what's inside, as with the Resource Reservation Protocol (RSVP). It's also sometimes necessary for Network Address Translation (NAT) facilities to take account of the needs of particular application layer protocols. (NAT allows hosts on private networks to communicate with the outside world via a single visible IP address using port forwarding, and is an almost ubiquitous feature of modern domestic broadband routers).

An image of IP connection stack -

An image of UDP encapsulation -

 

Port List --

Application Layer Protocols

    DNS – DOMAIN NAME SYSTEM, PORT – 53

              Translates domain names (computer hostnames) to IP addresses.

    TFTP - Trivial File Transfor Protocol, PORT – 69

               A file transfer protocol, with the functionality of a very basic form of File Transfer

               Protocol (FTP).

    DHCP – Dynamic Host Configuration Protocol, PORT – 67

                A computer networking protocol used by hosts, DHCP clients, to retrieve IP address

                assignments and other configuration information.

    RIP – Routing Information Protocol, PORT – 520

             A dynamic routing protocol used in local and wide area networks. As such it is classified as

             an Interior Gateway Protocol (IGP). It uses the distance-vector routing algorithm.

    TLS/SSL – (TLS (also known as NNTPS) – Transport Layer Security, PORT - 563), (SSL – Secure

                    Sockets Layer, PORT – 443)

                   Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are

                   cryptographic protocols that provide security for communications over networks such as

                   the Internet. TLS and SSL encrypt the segments of network connections at the Transport

                   Layer.

    FTP – File Transfer Protocol, PORTS – 20 & 21

             Used for interactive file transfer between systems.

    Gopher , PORT - 70

               Application layer protocol designed for distributing, searching, and retrieving documents

               over the Internet.

    HTTP – Hypertext Transfer Protocol, PORT – 80

               Is used to transfer files that make up the web pages of the World Wide Web.

    IMAP – Internet Message Access Protocol, PORT – 143

               One of the two most prevalent Internet standard protocols for e-mail retrieval, the other

               being the Post Office Protocol (POP).

    IRC – Internet Relay Chat, PORT – 194

             A form of real-time Internet text messaging or synchronous conferencing. It is mainly

             designed for group communication in discussion forums, called channels, but also allows

             one-to-one communication via private message as well as chat and data transfers via Direct

             Client-to-Client.

    NNTP – Network News Transfer Protocol, PORT - 119

               An Internet application protocol used for transporting Usenet news articles between news  

               servers, also for reading and posting articles by end user client applications.

    POP3 – Post Office Protocol, PORT - 110

                An application-layer Internet standard protocol used by local e-mail clients to retrieve

                e-mail from a remote server over a TCP/IP connection. POP and IMAP (Internet Message

                Access Protocol) are the two most prevalent Internet standard protocols for e-mail

                retrieval.

    SIP – Session Initiation Protocol, PORT - 5060

             A signaling protocol, widely used for controlling multimedia communication sessions such as

             voice and video calls over Internet Protocol (IP).

    SMTP – Simple Mail Transfer Protocol – PORT – 25

                Used for the transfer of mail messages and attachments.

    SMPP – Short Message Peer-to-peer Protocol, PORT - 2775

               A telecommunications industry protocol for exchanging SMS messages between SMS peer

               entities such as short message service centers and/or External Short Messaging Entities. It

               is often used to allow third parties to submit messages, often in bulk.

    SNMP – Simple Network Managment Protocol, PORT – 161

                SNMP is an UDP-based network protocol. It is used mostly in network management

                systems to monitor network-attached devices for conditions that may need attention.

                SNMP is a component of the Internet Protocol Suite as defined by the Internet

                Engineering Task Force (IETF).

    SSH – Secure Shell, PORT – 22

              A network protocol that allows data to be exchanged using a secure channel between two

              networked devices. Generally on GNU/Linux and Unix based systems to access shell

              accounts. It was designed as a replacement for Telnet and other insecure remote shells,

              which send information in plaintext, rendering them susceptible to packet analysis.

    Telnet – PORT – 23

                 A terminal emulation protocol, is used to provide remote access to servers and

                 networking  services.

    Echo – PORT – 7

               Originally proposed for testing and measurement of round-trip times in IP networks.

               A host may connect to a server that supports the echo protocol on either TCP or UDP port

               7. The server then sends back any data it receives, with no modification by the echo server.

    RTP – Real-time Transfer Protocol, PORT – 5004

             Defines a standardized packet format for delivering audio and video over the Internet.

    PNRP – Peer Name Resolution Protocol, PORT – UNKNOWN

               A secure, scalable, and dynamic name registration and name resolution protocol first

              developed for Windows XP and then upgraded in Windows Vista.  This protocol will most

              likely be a replacement for the DNS protocol. PNRP works very differently from traditional

              name resolution systems, opening up exciting new possibilities for application developers.

    rlogin – PORT – 513

               A software utility for Unix-like computer operating systems that allows users to log in on

               another host via a network, communicating via TCP port 513.