A Comprehensive Guide to TCP/IP

July 27, 2016 | Views: 15856

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

This is a comprehensive guide to TCP/IP. I’ll try to keep it as concise as possible. It may to be too simple for some of you.

If you need all the TCP/IP details, go to your local bookstore and buy on of these books with 1000+ pages on TCP/IP. We’ll gloss over the history of TCP/IP and the Internet, unless required for the understanding of the setup.


IP Address:
Each Ethernet board worldwide has a unique Ethernet-address. It’s a 48 bit number
(the first 24 bits indicate the manufacturer, the last 24 bits are a unique number for each
Ethernet board/controller-chip assigned by the manufacturer). This is also called the MAC-address.

When systems on a local area network (“LAN”) are configured with NetBEUI or IPX/SPX protocol, they use these hardware-addresses to identify each other, so there’s no need to manually define a network address. But, TCP/IP was designed as a Wide-area-network (“WAN”), which is able to continue to function, even if part of the network is not operating (damaged or destroyed).

TCP/IP uses IP-addresses, which are 32-bit numbers. To make it easier to memorize such IP-addresses, they’re usually expressed as 4 8-bit numbers (example:, where each of the 4 numbers is within the range of ‘0’ to ‘255’ (there are restrictions on using ‘0’ and ‘255’, avoid using them.).

When setting up a small private network, you’re free to use ANY IP-address. However, when you’re connected to a company network, you need to ask the Network-administrator to assign you an IP-address. And, if you’re connected to the Internet, your ISP (Internet Service Provider) will assign you an IP-address.

Even if a network is NOT connected to the Internet, it has become custom to use a range of IP-addresses on private networks, which are reserved for these networks (that makes it possible later to connect your private network to the Internet without having to re-configure everything). The reserved IP-address is: 192.168.x.y, where x=same number on all systems and y=different/unique number on all systems.
A small network of 3 systems would use:



You configure this IP-address in the properties of the TCP/IP-protocol:


(For now, simply enter as ‘Subnet Mask”, which will be explained later in this document.)

That’s it. If you’d just like to connect systems on a small network, the network should work and you can test the Connection using the TCP/IP ping.

On a small network, you can still memorize the IP-addresses used. But, if your network grows to 50+ systems, it becomes a serious management job. However, TCP/IP offers some help by allowing to configure it to:

“obtain an IP address automatically“:


To be able to make this automatic assignment, there needs to be a database on the network, keeping track of possible IP-addresses and noting to whom these addresses have been assigned:
DHCP (Dynamic Host Configuration Protocol)

On bootup, the system sends out a call on the network to find a DHCP-server, which assigns an IP-address to such a system. The IP-addresses are usually assigned NOT permanently, but for a specific time (could be days, weeks, months or on Internet-connections just for the ONE connection). If the system contacts the DHCP-server again during this time, the ‘lease’ on the IP-address is extended. But, if you come back from a long vacation, your ‘lease’ of the IP-address may have expired. The IP-address may have been assigned to somebody else, and you/your computer get now assigned a new IP-address.

Windows95 itself does NOT include any DHCP-server. You need to connect to a Windows NT (or similar class) server, which is configured as DHCP-server.


DHCP-server may also be a build-in to some other products (example :software Router for
Internet Connection Sharing

If you’re using/intend to use “obtain an IP address automatically,” please do NOT reply
on it without verifying that you did get an IP-address assigned.

Please make the check using either “winipcfg” , “ipconfig” or view the Status information.

Looks simple until now? Actually there are already a lot more ‘hidden’ actions:

The systems have IP-addresses, but Ethernet-boards ONLY know their Ethernet-address. As soon as a TCP/IP configured system is switched on, it’s advertising its presence onto the network: “Hey, I am alive, my Ethernet address is ‘08000b 0a0238’ and my IP-address is ‘’ ” Each TCP/IP system on the network builds up a table with all this information, which is usually checked/verified in time-intervals of 15 min.

If your system needs to communicate with a station, for which it does NOT have an entry in its table of IP/Ethernet-Addresses, it sends out a search-message to everybody (“Broadcast-Message“) like: “Hey, I’d like to communicate with the IP-address ‘’, but I do NOT know your Ethernet-Address. Please, identify yourself.” This causes the system, with the requested IP-address, to send out its advertising again.

These processes are called ARP (Address Resolution Protocol) and RARP (Reversed Address Resolution Protocol).

This ARP/RARP works fine on a local-area-network (on an Ethernet network), but will NOT work for Internet communications, because:

  • the Database of Ethernet-to-IP-address would need to have 10+ Million entries
  • the Internet would only be busy with ARP/RARP

To connect a TCP/IP local-area-network to another TCP/IP LAN (which could be the complete Internet) or via a Wide-Area-Network (WAN), you need a device called a: Gateway or Router.

The ‘Subnet-Mask’, which is usually ‘’, becomes important: if you’d like to connect to (which is the Website of Microsoft), TCP/IP checks your own IP-address and the IP-address of the destination against the Subnet-mask.

Let’s do a comparison on the binary level:

System: IP/subnet-mask Binary
your system 11000000 10101000 00001010 00000001
local server 11000000 10101000 00001010 00001010
Microsoft 11001111 01000100 10001001 00110101
Subnet-mask 11111111 11111111 11111111 00000000

TCP/IP compares the parts of the addresses, defined by the ‘1’s in the subnet-mask
(or simple: the part of the IP-addresses, where the subnet-mask is 255 ). xxx indicates that this part of an IP-address does not matter anymore.

System: IP/subnet-mask Binary
your system 192.168.10.xxx 11000000 10101000 00001010 xxxxxxxx
local server 192.168.10.xxx 11000000 10101000 00001010 xxxxxxxx
Microsoft 207.68.137.xxx 11001111 01000100 10001001 xxxxxxxx
Subnet-mask 11111111 11111111 11111111 00000000


If your system connects to another system on the same network (like a local server, in this
example:, that part of the address (the first 24-bits in this example) are the same (192.168.10.xxx ). TCP/IP looks up the Ethernet address in its ARP table and connects directly
to that system.

But, if there’s a difference in these 24 bits, then TCP/IP connects to the Gateway (in this example: It’s now the job of the Gateway to establish the connection to the destination system (somewhere inside that Internet ‘cloud’). The Gateway/Router keeps special tables and passed on the request to the next router, which itself goes to the next, which itself goes to the next…until you reach the destination.

(On your network, if you have multiple gateways/routers – maybe one for a permanent Internet connection and another for a company internal WAN – you need to program the systems to select the proper gateway using the ROUTE-command )

Each Router/gateway on the network (which could be the Internet or a Wide-Area-Network WAN)
passes on the message until it reaches its destination. The reply comes back the same way
(for more details on Routing: Setup TCP/IP Routing).


The above assumes, that all systems have an IP-address, which is valid on the Internet!
If you connect via dialup connection to the Internet, but like to use the connection on
multiple systems on a network, you need a Proxy.
When explaining the use of a Gateway / Router, I usually use this story:

Compare it to sending out invitations to a party…

You’ve decided to celebrate your birthday (or something else ).
You’ll invite your good friends, your neighbors (because your party may become
a little noisy, it’s better to invite them) and some relatives.

You design a nice invitation letter and print it.

How will you deliver it to your neighbors?
Most probably, you’ll simply walk over in the evening and drop it yourself
in the mailbox of your neighbor.

But your brother/sister lives on another continent!
Will you make a direct delivery? Most probably, no.

You’ll put the invitation in an envelope, write the address and drop it into
the next collection box of your postal service. They’ll come (maybe with a car, maybe
on a bike), bring it to the next post-office, then on a truck to the next railroad station to
the next airport, then onto a plane, again a truck, again a car/bike, until it arrives at
your brother/sister’s house.

The delivery via postal-service is equivalent to the TCP/IP Gateway/Router :
You just drop your message and then don’t think about it anymore. It’s now the
job of the postal-service (for your invitation letter) or the Gateway/Router (for your
TCP/IP Network traffic) to make sure that it arrives at the proper destination.


You can check this yourself. Open Win95 a DOS-window and run the ‘tracert‘ command (which is installed as part of the TCP/IP protocol).
In my example, I traced the router to “ourworld.compuseve.com”:


It’s it is difficult to remember IP-addresses. It’s much easier to remember names (and having the computer lookup the name and find the IP-address). That’s the purpose of the ‘HOSTS‘-file and ‘LMHOSTS‘-file. Windows95 TCP/IP installs in “C:WINDOWS” a file called ‘hosts.sam’ and ‘lmhosts.sam’, renames/copies it to ‘hosts’/’lmhosts’ and then uses it to define the names:


All lines starting with an ‘#’ are comment lines.
The formatting of ‘hosts‘ and ‘lmhosts‘ is the same:
IP-address, some spaces, computername

-> used for internal purposes (loopback), do NOT delete
-> refering to a system on the local network
-> such Internet-Websites URL’s are just names for an IP-address


When should you use HOSTS and LMHOSTS?

That’s a confusing subject: having 2 files with a very similar job.

  • HOSTS is read by basic TCP/IP software (ping, ftp, ……)
  • LMHOSTS is used by the Microsoft Networking/Client/Workgroupmanagement. If systems are on the same cable segment, the system broadcast their presence and find each other automatically, no need to enter anything in LMHOSTS.

However, such broadcast-packets to NOT get routed. Adding the IP-address manually in LMHOSTS makes the system aware about a system on different segments.

NOTE: LMHOSTS originates from “Lan Manager HOSTS,” a name from the history of Microsoft networks.

An example for using LMHOSTS : Connection via a Router to a NT Domain Server

Is it much work to type these IP-addresses? Looks like another item for automation: DNS (Domain Name Service) – which allows you to use names instead of IP-addresses, but you need to configure it as part of the TCP/IP-properties:


If you define an address (like: www.microsoft.com orsomeserver.com in the picture below), TCP/IP will make:

  1. a call out to a DNS-server, asking for the IP of someserver.com
  2. the DNS server will reply with the IP-address (in this example192.5.6.111)
  3. TCP/IP makes the connection to the requested serversomeserver.com,
    using the IP-address :


TCP/IP is a complex protocol, offering multiple services (especially on the Internet), like:

  • HTTP (=Web-Browsing)
  • FTP
  • e-mail
  • file sharing

For each of these services, a port is used for the specific type of communication (advanced TCP/IP). It’s possible to have Multiple IP-addresses on a Network Card.

That’s it for this basic course on TCP/IP. For more info, see FTP: File Transfer Protocol. (Yes, I know, I did not touch on ‘telnet, and the other TCP/IP goodies, maybe later in another post.)


Share with Friends
Use Cybytes and
Tip the Author!
Share with Friends
Ready to share your knowledge and expertise?
  1. Very nice introduction article… also agree with FionaMaha “copy/paste” isn’t nice and proper authorization or credit for the source is a must (or clarification if RAJESHKUMAR is indeed the same author).

    Hopefully CYBRARY will sort it out soon enough 🙂

  2. This article was also written at this website http://www.windowsnetworking.com/j_helmig/tcpip.htm
    Paul Rouk stated as much. Unless Raj wrote the article for the website which is copyrighted I think Cybrary should look into. He needs to reference the website as his source and give the website credit. Unless I am missing the refrence to the website. Thank you

  3. Thanks for the brief

  4. thank you so much

Page 6 of 6« First...«23456
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?