Network Protocols: A Comprehensive Guide to ICMP, UDP, TCP, Routing, and Address Translation

Posted on Aug 1, 2024 in Computers

ICMP (Internet Control Message Protocol)

ICMP is responsible for reporting protocol, IP level, in different situations, such as errors, unreachable routes, problems, etc.

Each ICMP message contains a Message Type field, type code, checksum, IP header that caused the error, and special information by type of message.

Use:

  • Ping: to check the IP level connectivity between two hosts, ensuring that it works with the software and the network path is correct. In his field data include an identifier and a sequence number to associate questions and answers.
  • Destination unreachable: a router that does not know how to route a datagram, it responds with an ICMP message to the source of the error report.
  • Decrease Font: A congested router sends this message when it starts to discard ICMP datagrams.
  • TTL Exceeded: When a router receives a datagram whose TTL value becomes zero, discards and sends an ICMP message to the source.
  • Traceroute: application that displays the routes through an IP datagram. It is based on UDP messages whose TTL is low, and is responsible for capturing the ICMP TTL exceeded reply to show breaks the datagram path.
  • Fragmentation time exceeded, Clock Synchronization, Getting the subnet mask, etc.

UDP (User Datagram Protocol)

UDP is a protocol that is at the transport layer, just a level above the IP layer. Applications use transport protocols to communicate over an IP network.

The UDP protocol to identify an application by the pair (IPDestino, Port). It is a connection orientated protocol and unreliable (including error handling are not applying for retransmission, or ensure the order of arrival of the packages).

Ports can be classified as:

  • Acquaintances: 0 to 1023, used by popular protocols such as FTP or HTTP.
  • Registered: from 1024 to 49,151, used by ordinary applications.
  • Dynamic or Private: No recommendations by the IANA.

TCP (Transmission Control Protocol)

TCP is a transport protocol, and used the most complex of all the TCP / IP.

It is a connectionless protocol that supports bidirectional communication, the order ensures the delivery of data, including flow control to prevent traffic crashes, congestion control (reduce traffic in the event of network congestion, and then recover when everything returns to normal).

Each TCP connection is identified by (IPOrigen, Puerto origin IPDestino, Puerto destination).

Stages of establishing the connection (using 3-WHS):

  1. A → B: Top of connection, the message includes the SYN flag set (indicating it is sending the first segment), the field SN (Sequence Number) and the MSS (Maximum Segment Size), the maximum segment size provisions to receive.
  2. B → A: Send a message with the SYN flag set, the ACK flag as well (indicated in the ACK field includes the value of the next byte it expects to receive, in this case, the NP A +1), the SN field and the MSS accepts.
  3. A → B: ACK flag set (indicating that the ACK field includes the value of the next byte it expects B, SN B +1).

During the closure, each one end sends a message with the FIN flag set, and the other must respond with an ACK byte to expect. Therefore, to close the connection you need 4 messages.

Field MSS: is the maximum size of data field that can send TCP, appropriate so as to avoid fragmentation at IP level and building on the bedside radio / data.

Sliding Window: It is the mechanism to promote incorporating TCP error control, flow and congestion.

Extensions to routing

  • Proxy ARP: The objective is to share a single network address among several different physical networks. For this, the border router between the networks must know the IP interfaces on each of its outputs, and answering ARP requests generated from the side of the network and are directed towards the other side.
  • PPP anonymous: is not to assign IP addresses to the ends of the networks point to point, to save on addressing. When one of the devices have to generate traffic that uses the IP of another interface connected to another network.
  • Subnets fixed-size section is to divide the host of a network address into two parts, one for identifying the subnet and the other to identify the host.
  • Variable-sized subnets: same methodology, but in this case, each party can be resized to best suit a number of subnets per subnet or host.
  • Not class-based addressing: Removes the limitation of using classes, allowing different prefixes of 8, 16 and 24 bits. Thus, you can assign address ranges to organizations, and they take care of handing.

By using this technique, also used longest-prefix-match indicating that, in several possible paths of a path, having used the longest prefix.

Routing algorithms

There are three types of algorithms capable of generating routing tables dynamically:

  • Centralized: a network node is responsible for receiving information from their bonds by all nodes in the network, and from there, calculate the routing tables of each of them.
  • Isolated: decisions are made independently. For example, send each packet received by all output unless the input, output or send it by random.
  • Distributed: no central authority that decides the routing tables. They are used in IP networks. They are of two types: distance vector and link-state.

Distance vector algorithms

Each node stores a table of values: RedDestino, Gateway, Range. This table is shared among neighboring nodes, and those calculated using these tables the fastest routes to reach destinations.

Advantages:

  • Simplicity
  • Small number of messages.

Disadvantages:

  • Slow convergence.
  • The message size grows if the number of networks increases.

RIP (Routing Information Protocol)

RIP algorithm is a distance vector type, whose metric to calculate distances is the number of hops to destination. The distance is 1 for directly connected networks, and 16 for networks with no connectivity.

RIP is low in sending Request, requesting a router sending his neighbor network information available, and Response, which sends information to another router available. Each message can have more than 25 routes, in case you need more you send another message.

When receiving a Response message, we act as follows:

  • If the route is new, is added to the routing table, with GW the neighbor router that sent the route.

  • If not,

    • Response If the message comes from the GW where I get to the destination Ipred, update the entry.
    • If the number of hops indicates a shorter route, learn the new entry.
    • If not, discard the route.

To avoid problems associated with the RIP protocol uses different techniques:

  • Split Horizon is not to inform a neighbor router on routes learned from himself.
  • Hold Down Timer: when a network becomes innacesible, launches a timer to avoid that field is updated until the neighbor told us to tell us that is accessible again.

Link-state algorithms

Each node sends to all nodes in the network a message on the distance to its neighbors.

Steps of the algorithm:

  1. Discover neighboring nodes.
  2. Calculate the distance to them (value constant., Time RTT, link speed, etc.).
  3. Creating the link-state packet (LSP) including the unique identifier of the router, a sequence number and a TTL value.
  4. Spreading the word LSP, each router that receives broadcast too (only if your SN is greater than it had for that identifier).
  5. Receive the remaining packages and create graph LSP to calculate the shortest path by Dijkstra’s algorithm.

Advantages:

  • Converge faster to changes in topology.
  • Robustness.
  • The messages are short.

Disadvantages:

  • LSP require storage of all nodes.
  • Requires broadcast to all nodes in the network.

OSPF (Open Shortest Path First)

The OSPF algorithm is a dynamic routing algorithm based on link-state, and uses the Dijkstra algorithm for calculating the routing tables. An algorithm is widely used on the Internet, and supports load balancing and authentication.

Autonomous systems

They are used today on the Internet. It consists of separate sets of networks in large companies or institutions, so that internally managed through protocols such as RIP or OSPF, and using a border router to be set to inform the routers on the internal organization of how to access the rest autonomous systems, using protocols such as BGP-4 (Border Gateway Protocol).


Address Translation Mechanisms

NAT (Network Address Translation)

NAT is a set of procedures that can translate IP addresses. It can be used, for example, to separate a single router through a network of private Internet address, or an ISP to assign IPs to their customers.

Static NAT: translation of the IPs is done through a static table IpInterna / IpExterna

Ports NAT (NAPT) support for address translation using ports UDP and TCP protocols. For this, the border router uses a table with values (IPOrigen, PuertoInicial, PuertoNAPT), which uses each time it receives a packet to see if NAT or not.

Advantages:

  • Transparent to internal and external network.
  • Enables IP reuse.

Disadvantages:

  • The initiator of the connection must be an internal network node. This can be remedied with the table of ports visible (associates a port with an internal IP port on the external IP), and the table of subnets visible (NAPT to disable certain network IPs).
  • It is a costly process that requires updating of checksums and field data, timers, collecting fragments of TCP, etc..


Protocol PPP (Point to Point Protocol)

A point to point network is one that connects two and only two IP devices. Given the diversity of establishing a valid protocol on the existing physical layers, there were several protocols.

SLIP (Serial Line Internet Protocol)

It is a simple protocol that adds an END character to delimit the data transmitted and escapes that character if found in the data area. Does not include error detection.

PPP (Point to Point Protocol)

The PPP protocol is more advanced than SLIP protocol, which provides a connection-oriented service, packet framing, data transparency, multiplexing of different network layer protocols, error detection (no correction), quality control, authentication, and data compression negotiation address.


A communication via PPP includes various tasks such as setting the parameters of the link authentication (optional), parameter configuration network level, exchange of datagrams, and close connection.

PPP distributes part of its functionality in other protocols, such as:

LCP (Link Control Protocol): in charge of configuring the physical link, maximum size datagram protocol used for authentication, quality control protocol, etc.. Also provide transparency, escaping control characters within the data field.

PAP (Password Authentication Protocol): Basic protocol for authentication, login and password data are sent as clear text and should be accepted by the remote end.

CHAP (Challenge-Handshake Authentication Protocol): Uses a hash function to encrypt the password along the sequence number and a random text generator by the server. This text is sent encrypted to the server, which compares with the one with him and decides whether the authentication is successful or not.

IPCP (IP Control Protocol): allows you to set the compression level IP addresses of remote endpoints, and so on.