History

Protocol suite designed for Wide Area Networks (WAN's)
Originally used by the department of defense back in the late 60's, TCP/IP is now the common Protocol used for the Internet.
All major operating systems offer support for TCP/IP. 
The standards for TCP/IP are published in a series of documents called Request for Comments (RFC's). 

TCP/IP utilities
FTP - File Transfer Protocol - provides file transfers between TCP/IP hosts with one running FTP software.
Telnet - Provides Terminal Emulation to a TCP/IP host running Telnet server software.

RSH - Remote Shell - runs commands on a UNIX host.

REXEC - Remote Execution - Runs a process on a remote computer.

LPR - Line Printer Remote - Prints a file to a host running the LPD Service.

LPQ - Line Printer Queue - Obtain status of a print queue on a host running the LPD Service.

LPD - Line Printer Daemon - Services LPR requests and submits print jobs to a printer device.

PING - Packet Internet Groper - Verifies that TCP/IP is configured correctly and that another host is available.

IPCONFIG - Verifies TCP/IP information.  with a /all switch will give DHCP, DNS and WINS addresses.  WINIPCFG is used in Win9.x

NSlookup - examines entries in the DNS database pertaining to a particular host or domain.

Hostname - returns the local computers host name.

Netstat - Displays Protocol statistics and the current state of TCP/IP connections.

NBTstat - Checks the state of current NetBIOS over TCP/IP connections, updates LMHOSTS cache, determines registered name.

Route - views or modifies the local routing table.

Tracert - verifies the route used from the local host to the remote host.

ARP - Address Resolution Protocol - displays a cache of locally resolved IP addresses to Media Access Control(MAC) addresses. 

Finger - Retrieves system info from a remote computer that supports the TCP/IP finger service.

TCP/IP Address Properties.

IP Address - 32 bit address used to uniquely identify a TCP/IP host.   The address has two parts.  The network ID and the host ID. 

The network ID identifies all hosts that are on the same logical network.

The host ID identifies the host.  Hosts can be workstations, Servers, Routers, et.al.  A sample IP address is 24.128.102.7

Lets compare this to the Calendar.  We have 12 Networks:   January, February, March.... On each Network, we have hosts: 1,2,3,4...

January 1 and January 14 are unique hosts on the same network.   March 4 and June 17 are on different networks.

Subnet Mask - Blocks part of the IP address to distinguish the network ID from the Host ID.  This will determine if the TCP/IP clients are on the same network or on a remote network.  An example of a subnet mask is 255.255.255.0.   An improper Subnet mask can cause connectivity problems.

Default Gateway - If a packet is determined not to be on the same network, it is sent to the default gateway.  This is usually a router.  An incorrect default gateway will produce errors when trying to communicate outside of your network.

A TCP/IP client must at least have an IP address and a subnet mask for communications to work.

A TCP/IP client must have a minimum of IP address, Subnet mask and default gateway for TCP/IP to work through a router.

Hosts communicate by Media Access Control(MAC) address.  If a MAC address is not known then an ARP broadcast is sent out.  The destination hardware will respond with its MAC address and its IP address and these are stored in the ARP cache.  The ARP cache is always checked before doing an ARP broadcast.

IP Addresses dissected.

The 32 bit IP Address is broken down into 4 8-bit fields called octets separated by a period.  Each octet represents a number between 0 and 255.

To understand the addresses you must look at them in binary form.  

Lets look at IP address 24.128.102.7

In binary form this would translate to:

24=00011000(the bits at 16 + 8 are turned on)

128=10000000(the bit at 128 is turned on)

102=01100110(the bits at 64+32+4+2 are turned on)

7=00000111(the bits at 4+2+1 are turned on)

00011000 . 10000000 . 01100110 . 00000111

The Network portion of the IP is on the left side.  The host portion of the ID is on the right side.

Which part is the Network and which is the Host? 

In the early days things were simple and IP addresses fell into classes.  Let's start with the default classful IP addresses.  Class A or /8(pronounced slash 8) network, Class B or /16 network, Class C or /24 network.

Class A or /8 network.

The first 8 bits to the left(the first octet) are the network ID and the next 24 bits(3 octets) are the host ID.  The first bit in a class A address is always set to zero which actually leaves us 7 bits to toggle for the network ID. 

This leaves our first octet as 00000001 to 01111111or 1 to 127. 

The 127 addresses are reserved for the loopback addresses thus leaving us 1 to 126.

Class B or /16 network.

The first 16 bits(2 octets) to the left are the network ID and the next 16 bits(2 octets) are the host ID.  The first two bits in a class B address are always set to 1-0 which actually leaves us 14 bits to toggle for our Network ID.

This leaves our first octet as 10000000 to 10111111or 128 to 191.

Class C or /24 network.

The first 24 bits(3 octets) to the left are the network ID and the next 8 bits(1octet) are the host ID.  The first three bits in a class C address are always set to 1-1-0 which actually leaves us 21 bits to toggle for our network ID.

This leaves our first octet as 11000000 to 11011111or 192 to 223..

Class D network.  Class D addresses are reserved for multicasting.  The first four bits in a class D address are always set to 1-1-1-0.

This leaves our first octet as 11100000 to 11101111or 224 to 239..

Class E network.  Class E addresses are reserved for future and experimental use.  The first four bits in a class E address are always set to 1-1-1-1.

This leaves our first octet as 11110000 to 11111111or 240 to 255..

(1) - Number of available networks is determined by using powers of 2.  There are 2 possible positions for a bit.  On(1)and Off(0).  Keeping in mind that the first bit is always set to 0, we have 7 bits left to toggle.  This means that there are 2^7 networks available for a Class A.  By rule(because some older routers can't route them) the all(0)'s and all (1)'s networks are not used which leaves us with 2^7-2 Networks available for the Class A.  Using this same 2^x-2 formula we can determine the number of networks for Class B and Class C.  Remember that in Class B, the first two bits are always set to 1-0 giving us 14 bits to toggle for a formula of 2^14-2.   Remember that in Class C, the first three bits are always set to 1-1-0 giving us 21 bits to toggle for a formula of 2^21-2. 

(2) - Number of Hosts is derived using the same formula as the number of networks.   Class A network uses 8 bits for the Network ID leaving us 24 bits for the Host ID.   Using our formula 2^24-2, we get 16777214.  We can calculate the Hosts for Class B and Class C the same way.

I have two IP Addresses.  Are they on the same network?

To decide whether or not two IP addresses are on the same network, we use a subnet mask.  This is used to mask the network portion of the IP Address.  The network portion of the IP address has a 1 in the corresponding bit of the subnet mask.  The host portion of the IP has a 0 in the corresponding bit of the subnet mask.  Lets take a look at the subnet mask in binary form.

Class A addressing.

01110111 . 00100010 . 00010100 . 00010101 = 119.34.20.21

11111111 . 00000000 . 00000000 . 00000000 = 255.0.0.0 - This is the default Subnet Mask for Class A networks.

01110111 . 00111000 . 00101011. 01000000 = 119.56.43.64

In the above example, 119 is the network ID because it corresponds with the bits turned on in the subnet mask.  Both of the above IP's are on the same network.

Subnetting

The choice to go to a 32 bit number was poor as it did not offer enough IP addresses.   This along with some poor decisions in handing out IP addresses based on want and not on need left us running short on addresses.  In 1985 a RFC was put out which introduced us to subnetting.  Subnetting is the process of borrowing bits from the Host ID.  This process allowed organizations to gain extra subnets(networks) without requesting additional network numbers from the Internet.  Taking an example of a class A subnet of 24.x.x.x.  We have 126 networks and 16777214 hosts available.   Suppose you need more networks.  You can either get another IP or you can subnet yours. 

11111111 . 00000000 . 00000000 . 00000000 = 255.0.0.0 - This is the default Subnet Mask for Class A networks.

11111111 . 11100000 . 00000000 . 00000000 = 255.224.0.0 - This is a subnetted Class A ID.   3 bits were borrowed from the host ID to use as the subnet ID.

Using the 3 bits that we borrowed, the possible combination of bits is 000,001,010,011,100,101,110,111.   The 000 and 111 we exclude by rule thus leaving us 6 subnets.  This follows our formula 2^x-2.  borrowing 3 bits gives us 2^3-2 or 6 subnets.

Here is your standard subnet mask

11111111 . 00000000 . 00000000 . 00000000 = 255.0.0.0 - This is the default Subnet Mask for Class A networks.

11111111 . 11100000 . 00000000 . 00000000 = 255.224.0.0 - This is a subnetted Class A ID.   3 bits were borrowed from the host ID to use as the subnet ID.

Using our formula for borrowing 3 bits, 2^3-2, the subnet mask 255.224.0.0 on a class A network will give you six subnets.

Lets create a quick chart of the different subnet masks and the number of networks you gain.

©2000 www.CERTguide.com