Existing Network Protocols

CS 493/693 Lecture, Dr. Lawlor, 2006/01/30

See page 23 of "Network Intrusion Detection" and onward for details on TCP, which we'll talk about today.

Network Protocol Design (by example)

An Ethernet packet has a binary header consisting of a "preamble" (for clock synchronization), a source and destination address, a big chunk of binary data, and a packet checksum.

Any IPv4 packet has a binary header consisting of 5 big-endian 32-bit integers, which include all the good stuff we've said a header should have: the version number, the length of the data to follow, a *header* checksum, a source and destination address, and other housekeeping. Note that the destination address is used to deliver the packet. The source address can be used to call the sender back, but like anything in a network packet, the source address might be "spoofed"--i.e., not the IP address of the real sender.

UDP adds just two ints to IP, divided up into four 16-bit ints. These are the source and destination UDP port number, packet length, and a packet checksum. UDP is connectionless, so a single UDP packet is self-contained (as far as UDP goes).

TCP adds five more ints to IP, including the source and destination 16-bit port numbers again, a "sequence number" used to arrange the packets into a single data stream, "acknowledgements" used for retransmissions, flow control options, and connection data. These fields are used to reassemble packets into a reliable byte stream. The extra work done by TCP to provide reliable access over arbitrary networks is quite useful, which is why almost all higher-level protocols are built on TCP (instead of UDP or bare IP).

HTTP (the standard protocol of the web) sends and receives data over TCP. The client sends an ASCII "GET" request header. The server responds with an ASCII response header followed by binary data. Official details are in rfc2068.

So, for example, to read this web page, your machine probably received:

An ethernet packet, containing
An IP packet, containing
A TCP packet, containing
HTTP request data

This "nesting" design is extremely common on networks and file formats.

Good protocol meta references:

"Request For Comment" (RFC) is the unassuming name for the offical internet standards.
NetworkSorcery.com has a very well-hyperlinked set of protocol descriptions, including port numbers and RFCs.
The Cisco Internetworking Handbook has in-depth descriptions of the more common protocols, including nice figures.