Copyright 1994 AT&T and Lumeta Corporation. All Rights Reserved.
Notice: For personal use only. These materials may not be reproduced or distributed in any form
or by any means except that they may be downloaded from this source and printed for personal use.
An Overview of TCP/IP
In this chapter we present an overview of the TCP/IP protocol suite. Although we realize that this
is familiar material to many people who read this book, we suggest that you not skip the chapter;
our focus here is on security, so we discuss the protocols and areas of possible danger in that light.
A word of caution: a security-minded system administrator often has a completely different
view of a network service than a user does. These two parties are often at opposite ends of the
security/convenience balance. Our viewpoint is tilted toward one end of this balance.
2.1 The Different Layers
The phrase TCP/IP is the usual shorthand phrase for a collection of communications protocols.
It was originally developed under the auspices of the U.S. Defense Advanced Research Projects
Agency (then DARPA, now ARPA), andwas deployed on the old ARPANET in 1983. The overview
we can present here is necessarily sketchy. For a more thorough picture, the reader is referred to
any of a number of books, such as those by Comer
Comer, 1991; Comer and Stevens, 1994
A schematic of the data ﬂow is shown in Figure 2.1. Each row is a different protocol layer.
The top layer contains the applications: mail transmission, login, video servers, etc. They call the
lower layers to fetch and deliver their data. In the middle of the spider web is the Internet Protocol
. IP is a packet multiplexer. Messages from higher level protocols have an IP
header prepended to them. They are then sent to the appropriate device driver for transmission.
We will examine the IP layer ﬁrst.
IP packets are the bundles of data that form the foundation for the TCP/IP protocol suite. Every
packet carries a 32-bit source and destination address, some option bits, a header checksum, and a
payload of data. A typical IP packet is a few hundred bytes long. These packets ﬂow by the billions