TCP/IP

This is a high-level overview of the TCP/IP protocol suite. At the bottom is the Physical Layer with protocols like 10baseT add G703 that specify line voltages, cable characteristics and connector types. V90 encodes data as audio tones, and is used by modems. There are other kinds of physical protocols, like "Tunnel" that we'll talk about later. The protocols shown are only a sample of the many available.

Above this is the Device Layer which is a set of software protocols. These check for transmission errors in the device layer and control the "line discipline" of setting up the connection. PPP - Point to Point Protocol - is a common device-level protocol, because it can run over various physical protocols.

IP stands for Internetworking Protocol. It ties all the device layers together, enabling messages to be routed between networks that are not directly connected. Each packet has to go through multiple hops. ICMP provides the control messages this requires like "Host unreachable" and "Connection refused". BGP and OSPF are vital, because they let routers exchange information about who is connected to who. This is what enables a packet to go from your computer to anywhere in the world.

Above IP there are various protocols in the Transport Layer. UDP provides a quick, but not-guaranteed way to send individual packets. TCP uses a complex system of acknowledgements and retransmissions to provide a reliable two-way data stream. An important feature of these transport protocols is that they contain the port number, that enables multiple network applications to run on a single computer.

At the top is the Application Layer which contains all the protocols used for web, email, remote administration, etc. An important one of these is DNS - the Domain Name System, which translates host names into IP addresses. Because the rest of TCP/IP does so much work, these protocols can be relatively simple. In the simplest case a web browser just says "GET /" and the server dumps back the index page. Complexities arise when you need to do more complicated things, but you can always talk the basic protocol by hand.

There are two main provisions for Security - SSL and IPsec. SSL - Secure Sockets Layer - provides encryption for a TCP connection. First a digital certificate is presented by the server, so the client knows that the site really does match the domain name, and then all communication is encrypted to prevent eavesdropping. Most protocols just work the same over SSL, e.g. HTTPS is just HTTP over SSL, nothing more. IPsec is an alternative approach that provides encryption without the TCP layer; this is more useful for doing Virtual Private Networking (VPN).

Further Reading

Introduction to DNS
A practical guide to using and debugging the domain name system. more...

External Links

© 1998 - 2012 Paul Johnston, distributed under the BSD License   Updated:13 Jul 2009