Did you know Cybrary's video training is FREE? Join more than 2,500,000 IT and cyber security professionals, students, career changers, and more, growing their careers on Cybrary.
We will be talking about TCP/IP. Transmission control protocol, internet protocol. We look at the TCP portion of the name and then we will discuss the IP part of that. The transmission control protocol is the protocol that is largely used for transmitting packets across the internet. It is widely preferred to transmit packet from one system to another across the internet. We have a few properties of TCP/IP that make it a protocol of choice. It is what is called a connection oriented protocol. Connection oriented protocol, meaning that it establishes a logical connection in what we call a 3-way hand shake. It establishes the dual negotiation. There is the sim and there is an acknowledgment between TCP on both sides as to how packets would be sent in what size and what frequencies and what speed they will do the transmissions. TCP also does proper sequencing. It does a proper sequencing of packets to be sent from one session to another. This is very essential so that it can track what packets have been sent to know what needs to be re-sent. It also has something we call the sliding window. The sliding window allows TCP to check for messages that have been sent, if they've been received. If not received the messages will be resent so TCP will not go past one sliding window until the message has been acknowledged as received. It would check with the other side to say, "Hey did you get that packet?" That is the 'acknowledge' so essentially TCP does something we call guaranteed delivery. These properties are very good properties about TCP so as a result of this we say TCP is a reliable protocol. It does guarantee delivery sequencing, connection oriented and it is preferred as a protocol of choice for delivery across the internet. The IP part of the name TCP/IP is something called internet protocol, IP. The sole purpose of IP is for logical addressing. We need to know devices from where packets are coming and we need to know devices through which packets are moving on the network. When we talk about IP, we have internet protocol version 4, internet protocol version 6. These are 2 types of protocol completely different from each other. Basically they do achieve the same purpose because they are used for addressing. Let us look at IPv4 in some detail, internet protocol version 4, this is a 32 bit address. It is expressed in decimals. It has 4 octets and each octet is 8 bits long. The octets are punctuated by period signs. If we were to look at an IP address we will show an IP address could be written in this way. Remember it's in decimals, so we would say maybe, 192.168.10.150. We can see one octet, 2nd octet, the 3rd octet, the 4th octet. Each octet is 8 bits long. When we look at the IP address, we could tell different classes of IP addresses. This is where another chart needs to be learnt. We need to understand that by looking at the value of the first octet we can determine the class of the IP addresses. If we have anything between, we have a class A, class B and class C. Anything between 1 and 126 in the first octet is a class A IP address. 128 to 191 is a class B. 192 all the way 23, that's a class C. Remember to find the class of IP address, we consider the value of the first octet. So if you look at this IP address, this is would be considered A class C IP address because it falls in that range. Someone would ask me, what about 127? We reserve 127 for loop bug testing. We reserve 127 for loop bug testing so the address is read in this fashion, 192.168.10.150. You can tell the different classes of the IP address. This way, remember that each octet is 8 bits long punctuated by the period sign. When we talk about IPv4 addresses, we have something called private IPv4 addresses. These are addresses that can only be used on your local intranet, used within your organization. We also have 3 classes of that. Class A, class B, class C private address. Private addresses cannot go to the internet and the table reads this way for class A we have 10.0.0.0 all the way to 10.255.255.255 and next would be class B. That would be 172.16.0.0 to 172.16.255.255. The last class is the class C, this will be 192.168.0.0 all the way to 192.168.255.255. These are referred to as private addresses. Organizations will use private addresses for hosts on their intranet to configure devices such that they can function on the network. We now discuss the methods by which we assign IP addresses. The first method to assign an IP address to a system is something we call the manual method. The manual method of assigning the IP addresses is also regarded as a static address. When we do IP addresses, manually, the administrator has to visit the system. It's a very lengthy procedure. You click on start, you move to control panel, network and sharing center. You have to do change adaptor settings on the left hand side and on the system, you would select the local area network. You right click on it, select properties, a page pops up and on that page you scroll down, you see IPv4, you click on the name IPv4, select properties to the right hand side, another box shows up, in that box that shows up, you have 2 [radial] buttons at the top. Obtain IP address automatically. Use the following IP address. If you are going to be doing manual assignment you click on use the following IP address. The page now becomes active for you to punch in the IP address. This is a very lengthy procedure, if you have to do it for one system or 5 systems it's okay. Imagine if you have to do it for 3000 systems. Oh my goodness! That would be too difficult. It is also a method that is prone to errors. Some people want to type very fast or they want to, they have very big fingers they make a mistake. You make a typo while you're putting in the IP address, the system cannot effectively function on the network. As a result of these errors, and not scalable methods, we move away from manual for large networks, we go automatic. When we do automatic, we call it dynamic. You can see that the names have changed now. If you're doing it manually we say it's static. It is static because if you assign the IP address, it doesn't change. You can come back, unless someone else has changed the IP address, the IP address remains what was assigned. However when we do automatic addressing, the addresses could change periodically, hence we call it dynamic. So how do we do automatic addressing? We install something called the DHCP server. Dynamic Host Configuration Protocol. The Dynamic Host Configuration Protocol is installed on the server. We install this on the server, you [through] your server manager, you install the server, you assign the role for the DHCP for the server, you then go ahead to authenticate your server on the network. One of the things you want to create is something called a DHCP scope. A DHCP scope is a range of available IP addresses from which the system will lease out possible IP addresses. The key word is lease, so addresses are leased out. Usually the administrators will configure the lease period. The default lease period is 8 days. Administrators could then change this to suit the dictation of the policy. Addresses are leased out from the DHCP scope to devices on the network. Having created your DHCP scope should also create what is called a reservation. The purpose of the reservation is to isolate some particular IP addresses. You have some network devices, you never want their addresses to change. Every time they make a request for IP address based on their mark address, specific IP addresses could be assigned to these devices. Devices like printers, servers on your network. Using the addresses that are kept in the reservation you could configure the server, the DHCP server to assign specific addresses to such devices, every time they request an address. Using the DHCP we can do automatic addressing. It is dynamic because the lease would expire after a certain number of days. An IP address would then change on the machine. If the machine is on your network and the machine attempts to get an IP address, for some reasons the DHCP server is unavailable to lease out an IP address. What will the system do? At this point, the system will self-assign something called APIPA. APIPA is Automatic Private IP addressing. How do we recognize it? We recognize APIPA if you see on the system 169.254.0.1 All the way to 169.254.255.255. The machine could use any one of those numbers. Usually it would do a test to see if the number is in use on the network, if not then it would assign itself an APIPA IP address. APIPA IP addresses will only enable the system access to the network. APIPA IP addresses are not internet routable. So APIPA IP addresses will not allow a system access to the internet. So when you troubleshoot and you find your system is having an APIPA address, you know something was either wrong with your DHCP server. We now look at IPV6, another class of IP address. This is internet protocol version 6. The internet protocol version 6 is a 128 bit address. It's expressed in hexadecimals. This means we are going to be seeing numbers and alphabets for IPV6. It has 8 quartets. This is a very important property of IPV6 we need to know. It has 8 quartets and it's punctuated by colon signs. If we have an IPV6 address 1, 2, 3, 4, 5, 6, 7, 8 quartets. You can see we have-it's represented in hexadecimal, so you have letters, you have numbers. There are some rules we need to know when we write down the IPV6 addresses. We could shrink the name by following some standard rules. You can drop a leading zero but you cannot drop a trailing zero. You see here you have a trailing zero, you can't drop a trailing zero, you can drop a leading zero. Wherever you have zeros, you can shrink them. If you happen to have zeros in multiple places like this, you can also shrink them down. If we were to compress this address we could have something like this. We see we lost from zeros, we shrunk them down, we can drop a leading zero but you can't a trailing zero. And if you have repeating zeros following each other, we could still shrink this down some more, we now say this could appear like this. These have been shrunk down to 2 sets of colons. We have to be very careful with this. Say we have 3 sets or 4 sets of double zeros, If you have maybe 2 over there and another 2 over here, once you do this on one side, you can't do it on another side. You can only perform this once within the IPV6 address. So looking at this and knowing the rule that it has 8 quartets, you know this is 1, 2, 3, 4, 5, 6, 7, 8 quartets. That tells you this is one set of 4 zeros and that's another set of 4 zeros. If you're assigning IPV6 addresses manually it could also be a tedious process. So we could also assign IPV6 addresses their DHCP. If we are doing DHCP for IPV6, we denote it as DHCP version 6. This lets us know that we are doing DHCP for IPV6, and this is it for IPV4 and IPV6.
CISSP CISM CISA CHFI CSXF CEH, Cyber Security Specialist & Trainer
Subscribe to become an Insider Pro and get access to premium content such as: