Networking Protocols and Ports

TCP/IP
DNS
DHCP
Port Numbers
What is a fully qualified domain name (FQDN)?
Ping to Pong

Definition of:TCP/IP port

A number assigned to user sessions and server applications in an IP network. Port numbers, which are standardized by the Internet Assigned Numbers Authority (IANA), reside in the header area of the packet being transmitted and thus identify the purpose of the packet (Web, e-mail, voice call, video call, etc.).

Destination Ports Are Server Applications

Destination ports may be "well-known ports" (0-1023) for the major Internet applications, such as Web and e-mail. For example, all port 80 packets (HTTP packets) are directed to and processed by a Web server. User "registered ports" (1024-49151) are assigned to applications that are mostly vendor specific, such as Skype and BitTorrent. See well-known port, port forwarding and opening a port.

Source Ports Are the User Sessions

The source port is a next-available number assigned by TCP/IP to the user's machine. This assigned number is how the network address translation (NAT) determines which user to send back the responses to (see NAT). Although that same client number may be used simultaneously within thousands of organizations, each TCP/IP network keeps track of its own assigned numbers for internal use only. A "socket" is the combination of port number and IP address (see Unix socket).

Reverse Numbers for the Trip Back

In the response from the server, the port numbers and IP addresses are reversed. The packet's destination port becomes the unique source port number assigned to that user's TCP/IP session.

We're Listening

TCP/IP servers are said to be "listening" for their port numbers to know when to accept incoming packets. If a human action had to be chosen for this, "looking" would have been more accurate. People "listen to sounds" but "look" for data; however, computerese has never been known for clarity.

(www.pcmag.com n.d.)

 

Host Name Resolution Using a DNS Server

To make host name resolution scalable and centrally manageable, IP address mappings for FQDNs are stored on DNS servers , computers that stores FQDN-to-IP-address mappings. To enable the querying of a DNS server by a host computer, a component called the DNS resolver is enabled and configured with the IP address of the DNS server. The DNS resolver is a built-in component of TCP/IP protocol stacks supplied with most network operating systems, including Windows 2000.

When a Windows Sockets application is given an FQDN as the destination location, the application calls a Windows Sockets function to resolve the name to an IP address. The request is passed to the DNS resolver component in the TCP/IP protocol. The DNS resolver packages the FQDN request as a DNS Name Query packet and sends it to the DNS server.

DNS is a distributed naming system. Rather than storing all the records for the entire namespace on each DNS server, each DNS server only stores the records for a specific portion of the namespace. The DNS server is authoritative for the portion of the namespace that corresponds to records stored on that DNS server. In the case of the Internet, hundreds of DNS servers store various portions of the Internet namespace. To facilitate the resolution of any valid domain name by any DNS server, DNS servers are also configured with pointer records to other DNS servers.

The following process outlines what happens when the DNS resolver component on a host sends a DNS query to a DNS server. This process is shown in Figure 1.12 and is simplified so that you can gain a basic understanding of the DNS resolution process.

1.The DNS resolver component of the DNS client formats a DNS Name Query containing the FQDN and sends it to the configured DNS server.

2.The DNS server checks the FQDN in the DNS Name Query against locally stored address records. If a record is found, the IP address corresponding to the requested FQDN is sent back to the client.

3.If the FQDN is not found, the DNS server forwards the request to a DNS server that is authoritative for the FQDN.

4.The authoritative DNS server returns the reply, containing the resolved IP address, back to the original DNS server.

5.The original DNS server sends the IP address mapping information to the client.

(technet.microsoft.com n.d.)

 How DHCP works

The key word in DHCP is "dynamic." Because instead of having just one fixed and specific IP address, most computers will be assigned one that is available from a subnet or "pool" that is assigned to the network. The Internet isn't one big computer in one big location. It's an interconnected network of networks, all created to make one-on-one connections between any two clients that want to exchange information.

One of the features of DHCP is that it provides IP addresses that "expire." When DHCP assigns an IP address, it actually leases that connection identifier to the user's computer for a specific amount of time. The default lease is five days.

Here is how the DHCP process works when you go online:

Your go on your computer to connect to the Internet.

The network requests an IP address (this is actually referred to as a DHCP discover message).

On behalf of your computer's request, the DHCP server allocates (leases) to your computer an IP address. This is referred to as the DHCP offer message.

Your computer (remember—you're the DHCP client) takes the first IP address offer that comes along. It then responds with a DHCP request message that verifies the IP address that's been offered and accepted.

DHCP then updates the appropriate network servers with the IP address and other configuration information for your computer.

Your computer (or whatever network device you're using) accepts the IP address for the lease term.

Typically, a DHCP server renews your lease automatically, without you (or even a network administrator) having to do anything. However, if that IP address's lease expires, you'll be assigned a new IP address using the same DHCP protocols.

(whatismyipaddress.com/dhcp n.d.)

A port number is a way to identify a specific process to which an Internet or other network message is to be forwarded when it arrives at a server. For the Transmission Control Protocol and the User Datagram Protocol, a port number is a 16-bit integer that is put in the header appended to a message unit. This port number is passed logically between client and server transport layers and physically between the transport layer and the Internet Protocol layer and forwarded on.

For example, a request from a client (perhaps on behalf of you at your PC) to a server on the Internet may request a file be served from that host's File Transfer Protocol (FTP) server or process. In order to pass your request to the FTP process in the remote server, the Transmission Control Protocol (TCP) software layer in your computer identifies the port number of 21 (which by convention is associated with an FTP request) in the 16-bit port number integer that is appended to your request. At the server, the TCP layer will read the port number of 21 and forward your request to the FTP program at the server.

Some services or processes have conventionally assigned permanent port numbers. These are known as well-known port numbers. In other cases, a port number is assigned temporarily (for the duration of the request and its completion) from a range of assigned port numbers. This is called an ephemeral port number.

(Rouse 2006)

The TCP layer requires what is called a port number to be assigned to each message. This way it can determine the type of service being provided. Please be aware here, that when we are talking about "ports" we are not talking about ports that are used for serial and parallel devices, or ports used for computer hardware control. These ports are merely reference numbers used to define a service. For instance, port 23 is used for telnet services, and HTTP uses port 80 for providing web browsing service. There is a group called the IANA (Internet Assigned Numbers Authority) that controls the assigning of ports for specific services. There are some ports that are assigned, some reserved and many unassigned which may be utilized by application programs. Port numbers are straight unsigned integer values which range up to a value of 65535.

(www.comptechdoc.org n.d.)

 What is a fully qualified domain name (FQDN)?

A fully qualified domain name (FQDN) is the complete domain name for a specific computer, or host, on the Internet. The FQDN consists of two parts: the hostname and the domain name. For example, an FQDN for a hypothetical mail server might bemymail.somecollege.edu. The hostname is mymail, and the host is located within the domain somecollege.edu.

In this example, .edu is the top-level domain (TLD). This is similar to the root directory on a typical workstation, where all other directories (or folders) originate. (Within the .edu TLD, Indiana University Bloomington has been assigned theindiana.edu domain, and has authority to create subdomains within it.)

The same applies to web addresses. For example, www.indiana.edu is the FQDN on the web for IU. In this case, www is the name of the host in the indiana.edu domain.

When connecting to a host (using an SSH client, for example), you must specify the FQDN. The DNS server then resolves the hostname to its IP address by looking at its DNS table. The host is contacted and you receive a login prompt.

If you are using only the hostname (without the domain information) to connect to a server, the application you're using may not be able to resolve the hostname. This can happen if either the DNS suffix search order in your computer's TCP/IP properties is incorrect, or the DNS table is corrupted. In these cases, entering the host's FQDN will allow DNS to locate the server. Also, if you are trying to connect to a remote host that is not local to your Internet service provider (ISP), you will probably have to use the FQDN. For example, it's unlikely that a DNS server at IU would have a listing for remote hosts at another university or an unrelated ISP.

(kb.iu.edu n.d.)

(

Ping is the name of a standard software utility (tool) used to test network connections. It can be used to determine if a remote device (such as Web or game server) can be reached across the network and, if so, the connection's latency. Ping tools are part of Windows, Mac OS X and Linux as well as some routers and game consoles.

(Note: The term "ping" is also used colloquially by computer enthusiasts when initiating contact with another person via email, instant message or other online tools.)

Most ping tools use Internet Control Message Protocol (ICMP). They send request messages to a target network address at periodic intervals and measure the time it takes for a response message to arrive. These tools typically support options like

how many times to send requests

how large of a request message to send

how long to wait for each reply

The output of ping varies depending on the tool. Standard results includes

IP address of the responding computer

length of time (in milliseconds) between sending the request and receiving the response

an indication of how many network hops between the requesting and responding computers

error messages if the target computer did not respond

(Mitchell n.d.)

When you Ping, you get a "Pong" back, hence the picture.  : )

Layers 1 and 2 are defined by IEEE802.3 which we know as “Ethernet.” To overstate this: Ethernet is just the Physical layer and the Data Link layer. By itself Ethernet does nothing; it’s just the “pipe.” What comes down the pipe? Whatever IP sends down the pipe (when TCP/IP is used). IP is at layer 3. IP sends the message it received up to layer 4, TCP. So what do TCP and IP do? Just send the message on to where they’re told. Up at the top of the stack is the application layer, at layer 7. The application layer is where the protocol resides. Only the application layer actually does more than send the message along its way.

(Henning n.d.)

A subnet allows the flow of network traffic between hosts to be segregated based on a network configuration. By organizing hosts into logical groups, subnetting can improve network security and performance.

Subnet MaskPerhaps the most recognizable aspect of subnetting is the subnet mask . Like IP addresses, a subnet mask contains four bytes (32 bits) and is often written using the same "dotted-decimal" notation. For example, a very common subnet mask in its binary representation11111111 11111111 11111111 00000000

is typically shown in the equivalent, more readable form255.255.255.0

Applying a Subnet MaskA subnet mask neither works like an IP address, nor does it exist independently from them. Instead, subnet masks accompany an IP address and the two values work together. Applying the subnet mask to an IP address splits the address into two parts, an " extended network address " and a host address.

For a subnet mask to be valid, its leftmost bits must be set to '1'. For example,00000000 00000000 00000000 00000000is an invalid subnet mask because the leftmost bit is set to '0'.

Conversely, the rightmost bits in a valid subnet mask must be set to '0', not '1'. Therefore,11111111 11111111 11111111 11111111is invalid.

All valid subnet masks contain two parts: the left side with all mask bits set to '1' (the extended network portion) and the right side with all bits set to '0' (the host portion), such as the first example above.

(Mitchell n.d.)

Subnets