ActiveSocket Network Communication Toolkit by ActiveXperts Software - HTTP, HTTPs, FTP, ICMP, SNMP Get/GetNext/Set, SNMP Traps, NTP, RSH, Telnet and more
Visit ActiveSocket Web Site
Download ActiveSocket Network Communication Toolkit
Network Basics: Internet Protocol (IP)
IP provides communication between hosts on different kinds of networks (i.e., different data-link implementations
such as Ethenet and Token Ring). It is a connectionless, unreliable packet delivery service.
Connectionless means that there is no handshaking, each packet is independent of any other packet. It is
unreliable because there is no guarantee that a packet gets delivered; higher-level protocols must deal with
IP defines an addressing scheme that is independent of the underlying physical address (e.g, 48-bit MAC
address). IP specifies a unique 32-bit number for each host on a network. This number is known as the
Internet Protocol Address, the IP Address or the Internet Address. These terms are interchangeable. Each
packet sent across the internet contains the IP address of the source of the packet and the IP address of its
For routing efficiency, the IP address is considered in two parts: the prefix which identifies the physical
network, and the suffix which identifies a computer on the network. A unique prefix is needed for each
network in an internet. For the global Internet, network numbers are obtained from Internet Service Providers
(ISPs). ISPs coordinate with a central organization called the Internet Assigned Number Authority
IP Address Classes
The first four bits of an IP address determine the class of the network. The class specifies how many of the
remaining bits belong to the prefix (aka Network ID) and to the suffix (aka Host ID). The first three
classes, A, B and C, are the primary network classes.
When interacting with mere humans, software uses dotted decimal notation; each 8 bits is treated as an
unsigned binary integer separated by periods. IP reserves host address 0 to denote a network. 18.104.22.168
denotes the network that was assigned the class B prefix 140.211.
Netmasks are used to identify which part of the address is the Network ID and which part is the Host ID.
This is done by a logical bitwise-AND of the IP address and the netmask. For class A networks the netmask
is always 255.0.0.0; for class B networks it is 255.255.0.0 and for class C networks the netmask is
All hosts are required to support subnet addressing. While the IP address classes are the convention, IP
addresses are typically subnetted to smaller address sets that do not match the class system. The suffix bits
are divided into a subnet ID and a host ID. This makes sense for class A and B networks, since no one
attaches as many hosts to these networks as is allowed. Whether to subnet and how many bits to use for the
subnet ID is determined by the local network administrator of each network.
If subnetting is used, then the netmask will have to reflect this fact. On a class B network with subnetting,
the netmask would not be 255.255.0.0. The bits of the Host ID that were used for the subnet would need to
be set in the netmask.
Directed Broadcast Address
IP defines a directed broadcast address for each physical network as all ones in the host ID part of the
address. The network ID and the subnet ID must be valid network and subnet values. When a packet is
sent to a network’s broadcast address, a single copy travels to the network, and then the packet is sent to
every host on that network or subnetwork.
Limited Broadcast Address
If the IP address is all ones (255.255.255.255), this is a limited broadcast address; the packet is addressed
to all hosts on the current (sub)network. A router will not forward this type of broadcast to other (sub)networks.
Each IP datagram travels from its source to its destination by means of routers. All hosts and routers on an
internet contain IP protocol software and use a routing table to determine where to send a packet next. The
destination IP address in the IP header contains the ultimate destination of the IP datagram, but it might go
through several other IP addresses (routers) before reaching that destination.
Routing table entries are created when TCP/IP initializes. The entries can be updated manually by a network
administrator or automatically by employing a routing protocol such as Routing Information Protocol
(RIP). Routing table entries provide needed information to each local host regarding how to
communicate with remote networks and hosts.
When IP receives a packet from a higher-level protocol, like TCP or UDP, the routing table is searched for
the route that is the closest match to the destination IP address. The most specific to the least specific route
is in the following order:
- A route that matches the destination IP address (host route).
- A route that matches the network ID of the destination IP address (network route).
- The default route.
IP provides several other services:
- Fragmentation: IP packets may be divided into smaller packets. This permits a large packet to travel
across a network which only accepts smaller packets. IP fragments and reassembles packets transparent
to the higher layers.
- Timeouts: Each IP packet has a Time To Live (TTL) field, that is decremented every time a packet
moves through a router. If TTL reaches zero, the packet is discarded.
- Options: IP allows a packet's sender to set requirements on the path the packet takes through the network
(source route); the route taken by a packet may be traced (record route) and packets may be
labeled with security features.
The Address Resolution Protocol is used to translate virtual addresses to physical ones. The network hardware
does not understand the software-maintained IP addresses. IP uses ARP to translate the 32-bit IP
address to a physical address that matches the addressing scheme of the underlying hardware (for Ethernet,
the 48-bit MAC address).
There are three general addressing strategies:
TCP/IP can use any of the three. ARP employs the third strategy, message exchange. ARP defines a
request and a response. A request message is placed in a hardware frame (e.g., an Ethernet frame), and
broadcast to all computers on the network. Only the computer whose IP address matches the request sends
If a matching route is not found, IP discards the datagram.
- Table lookup
- Translation performed by a mathematical function
- Message exchange
The Transport Layer
There are two primary transport layer protocols: Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP). They provide end-to-end communication services for applications.
This is a minimal service over IP, adding only optional checksumming of data and multiplexing by port
number. UDP is often used by applications that need multicast or broadcast delivery, services not offered
by TCP. Like IP, UDP is connectionless and works with datagrams.
TCP is a connection-oriented transport service; it provides end-to-end reliability, resequencing, and flow
control. TCP enables two hosts to establish a connection and exchange streams of data, which are treated
in bytes. The delivery of data in the proper order is guaranteed.
TCP can detect errors or lost data and can trigger retransmission until the data is received, complete and
A TCP connection is done with a 3-way handshake between a client and a server. The following is a simplified
explanation of this process.
• The client asks for a connection by sending a TCP segment with the SYN control bit set.
• The server responds with its own SYN segment that includes identifying information that was sent
by the client in the initial SYN segment.
• The client acknowledges the server’s SYN segment.
The connection is then established and is uniquely identified by a 4-tuple called a socket or socket pair:
(destination IP address, destination port number)
(source IP address, source port number)
During the connection setup phase, these values are entered in a table and saved for the duration of the
Every TCP segment has a header. The header comprises all necessary information for reliable, complete
delivery of data. Among other things, such as IP addresses, the header contains the following fields:
- Sequence Number - This 32-bit number contains either the sequence number of the first byte of data
in this particular segment or the Initial Sequence Number (ISN) that identifies the first byte of data that
will be sent for this particular connection.
The ISN is sent during the connection setup phase by setting the SYN control bit. An ISN is chosen by
both client and server. The first byte of data sent by either side will be identified by the sequence number
ISN + 1 because the SYN control bit consumes a sequence number.
- Acknowledgement Number - This 32-bit number is the other host’s sequence number + 1 of the last
successfully received byte of data. It is the sequence number of the next expected byte of data. This
field is only valid when the ACK control bit is set. Since sending an ACK costs nothing, (because it
and the Acknowledgement Number field are part of the header) the ACK control bit is always set after
a connection has been established.
The Acknowledgement Number ensures that the TCP segment arrived at its destination.
- Control Bits - This 6-bit field comprises the following 1-bit flags (left to right):
URG - Makes the Urgent Pointer field significant.
ACK - Makes the Acknowledgement Number field significant.
PSH - The Push Function causes TCP to promptly deliver data.
RST - Reset the connection.
SYN - Synchronize sequence numbers.
FIN - No more data from sender, but can still receive data.
- Window Size - This 16-bit number states how much data the receiving end of the TCP connection will
allow. The sending end of the TCP connection must stop and wait for an acknowledgement after it has
sent the amount of data allowed.
- Checksum - This 16-bit number is the one’s complement of the one’s complement sum of all bytes in
the TCP header, any data that is in the segment and part of the IP packet. A checksum can only detect
some errors, not all, and cannot correct any.
Internet Control Message Protocol is a set of messages that communicate errors and other conditions that
require attention. ICMP messages, delivered in IP datagrams, are usually acted on by either IP, TCP or
UDP. Some ICMP messages are returned to application protocols.
A common use of ICMP is “pinging” a host. The Ping command (Packet INternet Groper) is a utility that
determines whether a specific IP address is accessible. It sends an ICMP echo request and waits for a reply.
Ping can be used to transmit a series of packets to measure average round-trip times and packet loss percentages.