An Introduction to the Internet Protocols

NELUG meeting 16/2/2000
Richard Mortimer


  • Internet connects millions of machines around the world.
  • Allows machines to find/talk to each other.
  • No one machine knows the whole of the network (knowledge is distributed).
  • Supports the “languages” (protocols) that various applications use to talk to each other – done in layers.
  • Example:
    protocol layer – http, ftp, nfs
    tcp udp
    ip icmp
    Hardware layer (ethernet, token ring, ppp)

    These are the user and system programs which talk to each other using IP.
    protocol layer
    These are application/domain specific languages which the various applications understand. These hide the gory details of ip, tcp and udp from the user.
    These are basic protocols that the higher level protocols use.
    The basic unit of information transmission. The higher layers use one or more ip packets to transfer data.
    internet control message protocol – a close friend of ip which is used to pass various control messages between different machines. This is normally only used by the operating system.
    hardware layer
    This is the actual hardware which is used to transmit network packets.

IP addresses

  • Each machine on the internet has a (unique) IP address.
  • Written as four digits with values between 0 & 255 e.g.
  • To talk to a machine you address packets of data with your address (source) and the targets address (destination).

Subnets (and netmasks)

  • Subnets are used to group a number of machines which are directly connected together.
  • A netmask defines the subnet by separating the network and subnet parts of the address parts form the host part.
  • For example a netmask of specifies a subnet which has up to 254 (0 and 255 are special addresses) hosts connected to it.
  • Historically networks were classed as either class A (netmask, B ( and C ( These represent the way in which addresses were allocated to individual institutions. i.e a university may have a class B network allocated and it is responsible for allocating all of the addresses within that range.
  • In most cases you should probably assume that you are connected to a class C network and set the netmask appropriately.

DNS – Domain Name Service

  • IP addresses are not easy to remember (names are easier).
  • The Domain Name Service provides a mapping from names to IP addresses.
  • Makes the net more user friendly.
  • Allows particular name to move between machines – e.g. to a new service provider.
  • Multiple names may map to the same address (often used for web sites).


  • Machines are not directly connected to all other machines.
  • To talk to non local machines you go via a gateway (often an ISP).
  • That gateway machine is connected to other gateways.
  • Any machine can act as a gateway if it has two or more network interfaces. So to talk to machine z you may have to go via
    me -> a -> b -> c -> z
    or maybe
    me -> w -> x-> z
  • Routing protocols allow machines to work out the best way to get to another machine.
  • This allows problems to be worked around (i.e. broken gateway machine).
  • In most cases we only need to know one gateway machine (our ISP) – this is known as the default route.


  • IP (internet protocol) is the core internet message format.
  • This consists of the header and a message body.
  • The message body carries sub protocols.
  • The most widely used are:
    • tcp – transmission control protocol – a reliable bidirectional stream of data.
    • udp – user datagram protocol – an unreliable packet based protocol.

tcp (also known as tcp/ip)

  • tcp uses IP packets to construct a reliable bidirectional data stream.
  • It handles lost, corrupted and reordered IP packets presenting a stream of data to the application.
  • This is a connection oriented protocol, i.e. the user makes a connection and may then use that connection until it breaks it (or omeone else does).
  • http (hypertext transmission protocol), ftp (file transfer protocol), telnet all use this protocol.

udp (also known as udp/ip)

  • udp does not provide a connection oriented protocol.
  • Instead each packet of data has to be individually addressed and
  • The user is responsible for handling lost packets (corrupted packets are detected by the IP layer and discarded).
  • This is useful where a machine must talk to multiple machines and where it does not want the overhead of a connection oriented protocol.
  • Examples: nfs (network file system), tftp (trivial file transfer protocol).


  • An ip address allows a packet to be delivered to a specific machine.
  • But the machine must work out which application should receive that packet.
  • Ports are used to do this (both tcp and udp use these).
  • A port is effectively an address within a machine. They are usually specified as an ip addr/port/protocol combination i.e. (tcp)
  • Programs bind to a port to say that they wish to receive packets which are addressed to that port or that they wish to transmit packets from that port.
  • A port is identified by a 16 bit integer e.g. 0 to 65535.
  • There are a number of well known ports:

    echo – echos back everything that is sent to it
    echo – echos back everything that is sent to it
    telnet – remote terminal protocol
    smtp – simple mail transfer protocol

    Note that tcp and udp have separate port numberings.

  • Most systems define well known ports in the file /etc/services.

arp – address resolution protocol

  • Machines on the local area network must be able to address each other directly (in terms of hardware addresses).
  • arp allows machines to find others and to dynamically account for new machines which are added/removed.
  • Put simply it maps ip addresses to mac (ethernet) addresses.
  • Only those machines which you are currently (or have recently been) talking to are kept in the arp cache.

Diagnostic/fault finding tools


  • Ping uses low level packets to talk to a machine to check if it is responding (these are not actually IP packets (they are icmp packets) but are very closely related).
  • This is useful to check if things are setup correctly.
  • It also helps to diagnose slow/busy links.
  • Example use of ping (localhost is loopback interface which talks to your own machine)
    richm@patricia richm]$ ping localhost
    PING localhost ( from : 56(84) bytes of data.
    64 bytes from icmp_seq=0 ttl=255 time=0.2 ms
    64 bytes from icmp_seq=1 ttl=255 time=0.2 ms
    64 bytes from icmp_seq=2 ttl=255 time=0.1 ms
    64 bytes from icmp_seq=8 ttl=255 time=0.1 ms
    --- localhost ping statistics ---
    9 packets transmitted, 9 packets received, 0% packet loss
    round-trip min/avg/max = 0.1/0.1/0.2 ms
  • Note that when using ping on a dialup connection expect to see times or 100 or 200ms.
  • If a machine is very busy or there is congestion somewhere in the network some packets may get lost. This is normal but if a large percentage of packets are being lost then connection to that machine may be very difficult.


  • ifconfig is used to configure network interfaces.
  • It is seldom used by the user – scripts turn you configuration into appropriate ifconfig commands.
  • It can be useful to look at your current network setup. e.g.
    [richm@patricia richm]$ /sbin/ifconfig -a
    eth0      Link encap:Ethernet  HWaddr 00:00:C0:A0:CE:14
              inet addr:  Bcast:  Mask:
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:100
              Interrupt:7 Base address:0x290 Memory:d0000-d2000
    lo        Link encap:Local Loopback
              inet addr:  Mask:
              UP LOOPBACK RUNNING  MTU:3924  Metric:1
              RX packets:1024 errors:0 dropped:0 overruns:0 frame:0
              TX packets:1024 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0

    This shows two interfaces:

    an ethernet interface
    the loopback interface – this is present on all machines and always has address (localhost)


  • netstat shows network statistics.
  • with no parameters it shows the current connections (we are only concerned with “internet connections” here. UNIX domain sockets are covered in many books on networking.
  • Example (from Solaris netstat):
    ws-csm2:819 $ netstat -f inet
    TCP: IPv4
       Local Address        Remote Address    Swind Send-Q Rwind Recv-Q  State
    -------------------- -------------------- ----- ------ ----- ------ -------
    ws-csm2.658          patricia.nfsd         8760      0 24820      0 ESTABLISHED
    ws-csm2.56332        patricia.32784        8760      0 24820      0 ESTABLISHED
    localhost.56334      localhost.32804      32768      0 32768      0 ESTABLISHED
    localhost.32804      localhost.56334      32768      0 32768      0 ESTABLISHED
    localhost.56337      localhost.56331      32768      0 32768      0 ESTABLISHED
    ws-csm2.56904        tux.39504             8760      0 24820      0 ESTABLISHED
    ws-csm2.56906        tux.44245             8760      0 24820      0 ESTABLISHED

netstat -r

  • This shows the current routing table (where the computer will send packets based on their destination addresses) e.g.
    richm@patricia richm]$ netstat -r
    Kernel IP routing table
    Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface     *      UH        0 0          0 eth0     *        U         0 0          0 eth0
    loopback        *            U         0 0          0 lo
    default         *              U         0 0          0 eth0
  • Note the “default” entry – any packet addressed to an address which does not appear in the routing table goes to the default route.
  • Sometimes it is useful to use “netstat -nr” to stop and addresses being converted to machine names. Try this is netstat -r appears to hang.


  • Traceroute is useful for diagnosing routing problems.
  • It determines the route which a packet is taking to get to a specified machine.
  • There may be 10 to 20 hops on the way to a machine.
  • Some gateways are setup to not respond to traceroute. In these cases you will get a * in the listing.
  • Example:
    # traceroute webserver
    traceroute to webserver ( 1-30 hops, 38 byte packets
     1  gateway (  2.81 ms  1.97 ms  3.49 ms
     2  isp-relay1 (  14.0 ms  13.4 ms  14.1 ms
     3  isp-relay2 (  17.7 ms  17.0 ms  17.7 ms
     4  webserver (  24.7 ms  *  19.7 ms

tcpdump (snoop is similar on Solaris)

  • tcpdump analyses network packets on your local network and prints summaries of their contents.
  • It is useful when looking for a subtle network problem.
  • *** Care *** this program has access to all of the traffic on your network. If used inappropriately it can decode all manner of information. Unauthorised use can get you in serious trouble.


  • The arp command allows you to examine the arp cache and find out the hardware addresses of local machines.
  • Example:
    # arp -a
    Net to Media Table: IPv4
    Device   IP Address               Mask      Flags   Phys Addr
    ------ -------------------- --------------- ----- ---------------
    hme0   ws-csm2           08:00:20:34:9a:15
    hme0   patricia          00:d0:58:00:d8:e1
    hme0   tux               08:00:20:89:7e:34
    hme0   nelug             08:00:20:43:0f:a4


  • To test that DNS lookups are working correctly nslookup can be used to perform name lookups
  • patricia:15 $ nslookup
    Default Server:
    > phileas

Richard Mortimer

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.