Computer Science (9645) | The Transmission Control Protocol/Internet Protocol (TCP/IP) protocol

📚 Comprehensive Study Notes: The TCP/IP Protocol Stack (9645)

Welcome to one of the most fundamental chapters in networking! The Transmission Control Protocol/Internet Protocol (TCP/IP) suite is the foundational architecture of the entire internet. Everything you do online—streaming, emailing, browsing—relies on these protocols working perfectly.
Don't worry if this seems tricky at first; we will break down this massive system into four easy-to-understand layers, complete with real-world analogies!

Key Takeaway for this chapter: TCP/IP is not one protocol, but a *stack* (a collection) of protocols that governs how data travels reliably from one device to another across the globe.

---

1. The TCP/IP Layered Model (The Communication Stack)

Imagine sending a package internationally. You don't just throw it in a box; there are specific steps for labelling, security, and transportation. The TCP/IP model organises network functions into four manageable layers. This layered approach is brilliant because it allows engineers to update one layer (e.g., faster Wi-Fi) without having to rebuild the entire system.

The Four Layers of the TCP/IP Stack

We usually describe the layers from top (what the user sees) to bottom (the physical cable).

1. Application Layer (The User Interaction)

Role: This is where applications (like your browser or email client) create and receive data. It deals with protocols that users directly interact with.
Analogy: Writing and reading the content of the letter.
Key Protocols: HTTP, FTP, SMTP, POP3, IMAP, SSH (We cover these in detail later!).

2. Transport Layer (The Reliability Checker)

Role: Responsible for managing the connection between the sender and receiver. It ensures data is delivered correctly and in the right order (using TCP), or sends data quickly without checks (using UDP).
Analogy: Deciding whether to send the letter via a registered service (TCP, guaranteed) or standard post (UDP, quicker but less reliable).
Key Concept: Sockets (The entry/exit point for applications).

3. Internet Layer (The Router/Direction Finder)

Role: Handles the logical addressing (IP addresses) and routing of data packets across different networks. It determines the best path for the packet to reach its destination.
Analogy: The sorting office applying the street address (IP address) to determine the route.
Key Protocol: IP (Internet Protocol).

4. Link Layer (The Hardware Connector)

Role: Deals with the physical network components (cables, network cards) and protocols for getting data from one device to the *next* device on the same local network segment.
Analogy: The delivery truck moving the physical package along one specific road.
Key Concept: MAC addresses (Physical hardware identifiers).

The Role of Sockets

A socket is the endpoint of a connection in the Transport layer. It's how specific applications on a device communicate.

Example: If your computer (IP address 192.168.1.5) is browsing a website (using port 80 for HTTP), the socket address might look like: 192.168.1.5:80.

---

2. Addressing: IP Addresses and MAC Addresses

Media Access Control (MAC) Addresses

The MAC address is a unique, physical identifier assigned to a network interface card (NIC) by the manufacturer.
It operates at the Link Layer.

Analogy: The MAC address is like the serial number engraved on your device. It never changes, regardless of where you plug it in.

Internet Protocol (IP) Addresses

The IP address is the logical address used by the Internet Layer to route data across different networks.

Analogy: The IP address is like your current mailing address. It tells the global network where your device is located right now.

IP Structure and Subnetting

An IP address is split into two parts:

• Network Identifier Part: Identifies the specific network the device is on.
• Host Identifier Part: Identifies the specific device (host) within that network.

The Subnet Mask is used to determine which part of the IP address is the Network ID and which is the Host ID. It acts like a stencil, telling the router which bits to look at for routing decisions.

IPv4 vs IPv6

• IPv4: Uses 32 bits, offering about 4.3 billion unique addresses. We have essentially run out of these.
• IPv6: Uses 128 bits, offering a virtually inexhaustible supply of addresses (\(2^{128}\)).

Why IPv6 was introduced: To solve the severe shortage of IPv4 addresses caused by the explosion of internet-connected devices (laptops, phones, IoT devices).

Routable vs Non-Routable IP Addresses

• Routable (Public) IP: Addresses that can be reached directly from the wider internet. These are unique globally and are required for a server to host a public website.
• Non-Routable (Private) IP: Addresses reserved for use exclusively within private local networks (LANs). They are not unique globally and cannot be used to route data across the wider internet.

Common Private Ranges: 192.168.x.x, 10.x.x.x.

---

3. Dynamic Host Configuration Protocol (DHCP)

DHCP is a crucial service that manages IP addresses automatically within a network.

Purpose and Operation

The purpose of DHCP is to automate the assignment of configuration parameters, particularly IP addresses, to devices on a network. This prevents human error and saves administration time.

How DHCP works (The Simple Steps):

1. A new device connects to the network (e.g., your laptop).
2. The device sends out a request asking, "Is there a DHCP server? I need an IP address."
3. The DHCP Server responds, offering a temporary IP address, subnet mask, and gateway details.
4. The device accepts the offer and uses the assigned IP address for a specified period (the 'lease').

Advantage over Manual Configuration: DHCP eliminates the risk of IP address conflicts (where two devices accidentally use the same address) and massively reduces the setup time for new devices.

---

4. Standard Application Layer Protocols (Layer 4 Deep Dive)

These protocols govern how specific tasks—like viewing a webpage or sending an email—are performed.

Web and Transfer Protocols

• HTTP (Hypertext Transfer Protocol): Used by web browsers to request and receive web pages (in text form) and other resources from a web server.
• HTTPS (HTTP Secure): The secure version of HTTP. It encrypts the data transfer, typically using SSL/TLS, ensuring privacy.
• FTP (File Transfer Protocol): Used to transfer files between a client (the user's device) and an FTP server. This is often used for uploading large websites.
  • Note: FTP is increasingly replaced by SFTP (Secure File Transfer Protocol), which encrypts the file transfer for security.
• SSH (Secure Shell): Used to log in securely to a remote computer, manage systems, and execute commands from a distance. It provides a text-based, encrypted command prompt.

Email Protocols

Email involves two main stages: sending and receiving.

Sending (SMTP):

• SMTP (Simple Mail Transfer Protocol): Used to send emails from an email client to an email server, and between email servers.

Receiving (POP3 or IMAP):

• POP3 (Post Office Protocol v3): Downloads emails from the server to the client and then typically deletes them from the server. (Like checking a physical post office box).
• IMAP (Internet Message Access Protocol): Synchronises emails, keeping them stored on the server so they can be accessed from multiple devices. (Modern standard).

---

5. Cyber Security Fundamentals

Since TCP/IP governs all network traffic, securing that traffic is vital. This section covers key security tools and threats.

Firewalls: The Network Gatekeeper

A firewall is a system designed to prevent unauthorized access to or from a private network. It applies rules to network traffic to decide what is allowed through.

• Packet Filtering: Examines the headers of individual packets (source IP, destination IP, port numbers). If the packet doesn't meet the rules, it is blocked. (Basic, quick check).
• Proxy Server: Acts as an intermediary between the internal network and the outside. All external requests go through the proxy, hiding the identity of the internal client. (Better for anonymity and controlling content).
• Stateful Inspection: Monitors the state of active connections. It tracks which connections were initiated internally and automatically allows returning traffic. (Smarter and more secure than simple packet filtering).

Analogy: Imagine a gatekeeper. Packet filtering checks the name tag (header). Stateful inspection checks the name tag AND remembers if you entered the building recently.

Encryption and Key Exchange

Encryption scrambles data (plaintext) into an unreadable form (ciphertext) using a key and an algorithm.

1. Symmetric Encryption

• Uses the same key for both encryption and decryption.
• Examples: Caesar cipher, Vernam cipher (which can be perfectly secure if conditions are met).
• Problem: The key exchange problem—how do the sender and receiver safely share the secret key without it being intercepted?

2. Asymmetric (Public Key) Encryption

• Uses two mathematically related keys: a Public Key (shared widely, used for encryption) and a Private Key (kept secret, used for decryption).
• This solves the key exchange problem because the public key can be shared openly.

Digital Certificates and Signatures

These are essential for establishing trust on the internet (especially with HTTPS).

• Digital Signatures: Used to authenticate the sender of a message or the creator of a document. It proves the message originated from the claimed source and hasn't been tampered with.
• Digital Certificates: A file that cryptographically links a public key to an entity (like a website server). Issued by a trusted third party (Certificate Authority), they prove that the owner of the public key is who they claim to be.

Malware: Threats to Vulnerabilities

Malware exploits weaknesses (vulnerabilities) in software or systems:

• Virus: Malicious code that replicates itself by attaching to other legitimate programs. Requires a "host" file to spread.
• Worm: Standalone malicious software that replicates and spreads itself across networks without needing a host program. They exploit network security vulnerabilities to spread rapidly.
• Trojan (Horse): Malicious software disguised as a legitimate or desirable program. They do not replicate on their own but trick the user into installing them.

Vulnerabilities exploited: Outdated software (unpatched security holes), poor user training, weak passwords, and inadequate firewall configurations.