Preface
 |  |
It's 4:45 p.m. on a Friday afternoon, and you're looking forward to going home early for a change. All of a sudden the telephone rings. It's one of your users, unable to connect to the email server, yet again. Worse, he has to send a report to his boss before he can go home, which means that you've got to get the problem sorted out before you can go home.
But before you can fix anything, you've got to know what the problem is exactly. Is the user providing the wrong username or password? Is the user running an old email client that's incompatible with some new features on your brand-new server? Maybe the user's mailbox is locked by another process? Or are there basic network-connectivity problems keeping the computers from even being able to communicate?
Unfortunately, the unprecedented success and wide-scale adoption of Internet protocols and application services has resulted in an equally unprecedented number of complexities. And although there is a wealth of literature and documentation on how to implement a specific vendor's product, rarely can you find detailed information on how the underlying protocols used by those products are implemented. There's likely to be reams of documentation on the nifty email filters, but not a word will be printed on which POP3 or SMTP commands are supported. This makes troubleshooting difficult, to say the least. Worse, when vendors start pointing fingers at each other, you're stuck trying to figure out the problem on your own.
The point is, in order for you to be able to effectively design, implement, manage, and support different implementations of Internet-based, standards-centric protocols and services, you must educate yourself on how they actually work. Everything eventually boils down to the protocols (including the failed commands and the errors they generate). The fastest road to solution-ville is by understanding what's going on at the protocol level.
It's at times like this that you need to be able to capture the traffic on your network—and more importantly—be able to understand the packets that you're looking at. The purpose of this book is to show you the ins-and-outs of the most common protocols found on today's Internet-centric networks. Throughout this book, you'll find background information on the design of each of the core protocols used on TCP/IP networks, as well as detailed reference information that discusses the options and parameters available with each of them. Additional volumes in this series will explore the application-layer protocols in the same manner. When used in conjunction with a protocol analyzer, this book will prove to be a lifesaver when you need to find out why something isn't working exactly right.
Audience
This book is primarily intended for people who design, build, manage, or support computer networks using Internet-based protocols and services. While this book may be useful to power users and programmers, it is intended mostly to be used as a reference for people who live and breathe TCP/IP.
This book is optimized for people who already have a basic understanding of computer networks and how they work, and who may already know a little bit about how TCP/IP works, but who also want to know a lot more on the subject. If you don't know how to assign IP addresses to your computer, then you shouldn't be looking for help here. Instead, see TCP/IP Network Administration by Craig Hunt or Windows NT TCP/IP Network Administration by Craig Hunt and Robert Bruce Thompson (both books are published by O'Reilly & Associates, Inc.). However, if you want to know more about IP's Time-To-Live or Type-of-Service parameters and how they can affect your network, then this is the book for you.
Also, it is important to note that this book is not meant as a reference for any specific implementations or applications. While I may mention a specific implementation, it is for illustration purposes only, and should not be used instead of the official product documentation.
Organization
This book deals with the basic building block protocols that provide the networking and transport services that all TCP/IP applications and services use. There are chapters on IP, UDP, TCP, and the common support protocols like ICMP, IGMP and ARP. The end of this book also contains appendixes on material that is indirectly related to how these protocols function.
Here's a more detailed, chapter-by-chapter breakdown:
Chapter 1, An Introduction to TCP/IP, provides a history of TCP/IP, its design objectives, and an overview of the inter-relationships between the different protocols.
Chapter 2, The Internet Protocol, discusses the Internet Protocol in detail, including fundamentals of IP addresses, packet forwarding, the limited reliability services offered, fragmentation, and prioritization.
Chapter 3, The Address Resolution Protocol, illustrates how IP devices are able to locate each other on a network, and the variations of ARP that are commonly used for different types of tasks.
Chapter 4, Multicasting and the Internet Group Management Protocol, describes how multicasting works on a network, and how devices register with multicast routers in order to participate in distributed multicast feeds.
Chapter 5, The Internet Control Message Protocol, discusses the error-reporting services used by IP, how the different ICMP messages are implemented, and also shows how the interactive services offered over ICMP can be used to diagnose your network.
Chapter 6, The User Datagram Protocol, explores the lightweight, error-prone transport protocol used by applications that don't need TCP's reliability service.
Chapter 7, The Transmission Control Protocol, covers all the major aspects of this excruciatingly complex transport protocol, including the flow-control, reliability, network- and application-management services that are used by almost every Internet-based application today.
Appendix A, The Internet Standardization Process, discusses the process by which Internet developers write proposals that eventually become standards, and also describes the authoritative bodies that oversee the process.
Appendix B, IP Addressing Fundamentals, provides a detailed discussion on IP addresses and their formatting rules.
Appendix C, Using the CD-ROM, contains installation instructions for Shomiti Surveyor Lite, the network analysis tool that is on the accompanying CD. The CD also contains all of the published RFCs available, as well as the captures used in the book.
Each chapter is divided roughly into three sections: an introduction to the protocol, the details of the protocol's syntax, and some real-time usage and trouble-shooting notes. How you read this book will depend on who you are and what you're trying to do.
Beginners
If you're new to TCP/IP networks and want to learn more about the general concepts and architectural issues of the protocol suite (or of the Internet in general), you should read Chapter 1, An Introduction to TCP/IP, followed by the introductory material in Chapter 2, The Internet Protocol, and Chapter 7, The Transmission Control Protocol. By reading this material, you'll get a sound understanding of how TCP/IP really works.
Working managers
If you're responsible for managing a network and are looking for a thorough understanding of the core protocols, then you may want to read the introductory material provided at the beginning of Chapter 2, The Internet Protocol, Chapter 7, The Transmission Control Protocol and Chapter 5, The Internet Control Message Protocol. In fact, you probably should do this as soon as possible, before you start having problems. You can then come back and read the reference material and troubleshooting tips whenever problems do crop up.
If you're already having some kind of problem with a particular protocol or service, then you should probably start capturing packets, and study the detailed reference sections for the specific protocols that are giving you grief. Study the packet captures, and try to see where things start breaking down. Then look at the packets that are having problems, locate the appropriate parts in the reference section of the appropriate chapter, and see if you can figure out what the problem might be.
Finally, the CD contains Shomiti Surveyor Lite, a full-featured tool for analyzing network traffic. (For more information about this product, contact Shomiti at www.shomiti.com.) It also contains the full text of all the RFCs—another tool that no network manager should be without. Ultimately, the RFCs (and not this book) define how your network should work. Granted, the RFCs are all available online, but if your network isn't working, you might not be able to access them. With this book, a network analyzer, and the RFCs, you'll have everything you need for a late-night troubleshooting session—except coffee.
How to Read This Book
This book does not use any code samples, and only rarely uses program output in examples or illustrations. When the latter is used, a screenshot of the application is always supplied, and the program output is not displayed in-line with the book's text.
Terminology
Most network managers refer to data that is sent across a network using generic terms such as packet or datagram. However, as TCP/IP has evolved, a variety of terms have been used to describe the units of data that are transmitted by specific protocols. RFC 1122 brought all of these terms together and defined the usage for each term according to specific protocols. These terms are used throughout this book in the same manner.
Frame
A frame is the unit of data that is sent across a network using the link-layer protocol appropriate for that network. This includes link-layer encapsulation technologies such as Ethernet II frames, 802.3 Ethernet frames, or Token Ring frames.
IP datagram
An IP datagram is the unit of data that is managed by the Internet Protocol, including whatever data is being transmitted, as well as the IP headers associated with that data. In essence, an IP datagram is the unit of data that IP works with explicitly.
IP packet
An IP packet is another term for IP datagrams, although this term is most often used to refer to the datagram portion of a frame, rather than referring to the datagram itself. For example, a sending and receiving system will look at an IP datagram as a single entity, while that datagram may have been split into multiple IP packets for transmission across a set of intermediary networks. Typically speaking, hosts deal with IP datagrams, while routers deal with IP packets.
Message
A message is the unit of data sent from one of the upper-layer protocols (such as UDP or TCP), including the data being transferred and the related transport-specific headers associated with that data. Although most of the time the message data will be generated by an application-specific protocol, ICMP and IGMP also communicate with IP directly and will therefore also generate message data. Messages eventually become the data portion of an IP datagram.
TCP segment
Although the headers and data that are generated by TCP are considered to be messages, TCP messages can be spread across multiple messages. In this scenario, the messages are typically referred to as segments.
Images.
Throughout this book, a variety of images are used to represent different types of network devices, including hosts, routers, modems, and other infrastructure equipment. In order to minimize any possible confusion, these symbols are shown in the three figures in this Preface to provide a common interpretation throughout the various chapters.
For example, Figure P-1 shows the common symbols that are used for Token Ring and Ethernet networks, the symbols used for application clients and servers, and a network router.
 | ||||
| Figure P-1. Common symbols used with local area networks | ||||
Figure P-2 shows the symbols that are commonly used to represent wide area networks (WANs), including those that incorporate modems, satellites, microwave radio, and generic WANs (such as Frame Relay or leased-line networks). Notice that the figures used for network routers, application clients, and servers are the same as those used for LAN-based topologies.
Note that sometimes a generic host will be identified using the Application Client symbol, indicating that the device is either sending data to or receiving data from another network device, which may be another client or server, indicating that the role played by the devices is irrelevant to the discussion at hand.
 | ||||
| Figure P-2. Common symbols used with wide area networks | ||||
The Author's Test Network
Almost all of the packet captures and examples used throughout this book are based on my own test network, as is shown in Figure P-3. The operating systems used on that equipment are listed in Table P-1.
|
| ||||
| Figure P-2. Common symbols used with wide area networks | ||||
The Author's Test Network
Almost all of the packet captures and examples used throughout this book are based on my own test network, as is shown in Figure P-3. The operating systems used on that equipment are listed in Table P-1.
|
 | ||||
| Figure P-3. Network devices on the author's test network | ||||
Font Conventions
The following conventions are used in this book:
Italics
is used for filenames, directory paths, URLs, hostnames, and emphasis.
 The owl icon designates a note, which is an important aside to the nearby text. | ||||
 The turkey icon designates a warning relating to the nearby text. | ||||
How to Contact Us
We have tested and verified the information in this book to the best of our ability, but you may find that features have changed (or even that we have made mistakes!). Please let us know about any errors you find, as well as your suggestions for future editions, by writing to:
O'Reilly & Associates, Inc.
101 Morris Street
Sebastopol, CA 95472
1-800-998-9938 (in the U.S. or Canada)
1-707-829-0515 (international/local)
1-707-829-0104 (fax)
You can also send us messages electronically. To be put on the mailing list or request a catalog, send email to:
info@oreilly.com
To ask technical questions or comment on the book, send email to:
bookquestions@oreilly.com
We have a web site for the book, where we'll list information, errata, and any plans for future editions. You can access this page at:
http://www.oreilly.com/catalog/coreprot/
For more information about this book and others, see the O'Reilly web site:
http://www.oreilly.com
Acknowledgments
I would like to thank several people who have helped make this book happen. In particular, I'm indebted to Bob Quinn from Stardust Forums for his work on Chapter 4, Multicasting and the Internet Group Management Protocol, Greg Shipley for his feedback on Chapter 5, The Internet Control Message Protocol (which resulted in a major rewrite), Barry Margolin, who pointed out holes in each of the chapters and Appendix B, IP Addressing Fundamentals in particular, and Bob Packer, the CTO of Packeteer, Inc., who contributed heavily to both the conceptual and practical aspects of Chapter 7, The Transmission Control Protocol. Many questions were also answered by a variety of participants from the TCP-IMPL mailing list. I'm extremely grateful for the unselfish assistance that those folks provided.
I'm especially indebted to Mike Sullenberger, who provided detailed comments, criticisms, and compliments on each and every chapter in this book. Without Mike's feedback, this book would be riddled with errors.
On another note, I never really understood why so many people thanked their editors in the acknowledgments, but now I do. Michael Loukides makes things happen. This book would never have been possible without his many efforts, would never have been written without his determination, and would never have been shipped without his flexibility.
In addition, I would like to thank Tim Bean at Shomiti Systems, who worked hard to give us access to Surveyor Lite for distribution with this book, allowing you to use the same decoding tools that we did. Thanks also goes to Fritz Nelson and Kevin Cooke at Network Computing Magazine, who gave me writing assignments (and thus kept me funded) during this book's development.
| | |
EAN: 2147483647
Pages: 17