December 15, 2022
CISSP Study Guide: TCP/IP Protocols
December 15, 2022
Transmission Control Protocol/Internet Protocol (TCP/IP) is constructed of a host of protocols that were originally developed by the U.S. Department of Defense (DoD) in the 1970s to accommodate the construction of the Internet. The protocols are:
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
- Internet Protocol (IP)
- Address Resolution Protocol (ARP)
- Reverse Address Resolution Protocol (RARP)
- Internet Control Message Protocol (ICMP)
Transmission Control Protocol (TCP), the most commonly used protocol, accounts for the bulk of the traffic on a TCP/IP network. TCP is a connection-oriented protocol that offers a full-duplex. TCP safeguards data delivery across any IP link by implementing controls such as connection startup, flow control, slow start, and acknowledgments. TCP packets that are received are arranged to match the original transmission sequence numbers. Because any absent or corrupted packets are present, TCP is an expensive network tool.
User Datagram Protocol (UDP) is comparable to TCP in terms of connectionless support, and does not generate a virtual circuit nor does it signal the destination before delivering the data. Additionally error correction is not provided with UDP, and there is no sequencing of packet segments as it isn’t concerned with what order the packet segments are received by the destination. In this case it’s labeled as an “unreliable protocol.” Therefore UDP has much less overhead making it an optimal choice for applications, such as streaming video or audio, that don’t sustain any detrimental effect by occasional packet loss. TCP and UDP use port numbers to interact with the upper layers.
Internet Protocol (IP) is a commonly used network layer protocol that implements unique IP addresses to identify or define each distinct host or end system on a network. This IP address allows communication between hosts on an IP network. Each IP packet contains the source IP address (or sender), and the destination IP address (or recipient). Intermediary devices between the sender and recipient make routing determinations based on the packet’s destination IP address.
Address Resolution Protocol (ARP) generates a blueprint for the destination IP address to the physical hardware address, called the MAC address, of the recipient host. An ARP request containing the recipient IP address, the sender’s IP address and MAC address is sent to each host within a subnet when the destination MAC address is not indicated in the ARP table. When a device accepts the ARP request, and has the IP address, it transmits the corresponding MAC address to the sender of the ARP request.
Reverse Address Resolution Protocol (RARP) maps the MAC address to the IP address. When the MAC address is known and the IP address is not known, the RARP protocol responds by sending out a packet that includes its MAC address and a request for the IP address that should be assigned to that MAC address. A RARP server will then send the correct IP address.
Internet Control Message Protocol (ICMP) is a protocol for management and messaging service for internet protocol (IP). It logs system errors and supplies additional information relevant to IP packet processing, such as alerting hosts of an alternate route to a destination if there are issues with an existing route, and can help find the source of the problem with that route. The ‘PING’ command is a utility that utilizes an ICMP echo request to test connectivity between two points on the network.
Let's build your cybersecurity career together
Accelerate in your role, prepare for certifications, and develop cutting edge skills with the most in-demand training in the industry.
2,000+learning activities led by highly experienced cybersecurity professionals