SERIES
`
`
`DDISON-WESLEYPROFESSIONALCOMPUTING
`
`The
`
`Ex.1008.001
`DELL Ex.1008.001
`
`DELL
`
`

`

`Ex.1008.002
`DELL Ex.1008.002
`
`DELL
`
`

`

`AIX 3,2.2
`
`~1.92
`
`SunOS 4.1.1
`
`gemini
`
`Solaris 2.2
`
`solaris
`
`~ 1.32
`
`~themet
`
`Intemet
`
`gateway. J router
`
`TolA
`
`Telebit
`NetBlazer
`
`SLIP
`
`(dialup)
`
`BSD/386 1.0
`
`BSD/386 1.0
`
`SunOS 4.1.3
`
`.1o29
`
`SVR4
`
`Portion of the class B network 140.252 used for al! the examples in the text.
`All the hosts are in the tUCo noaoo edu domain.
`
`Ethemet
`
`Ex.1008.003
`
`DELL
`
`

`

`IP Header
`
`4-bit
`vemion
`
`4-bit header
`length
`
`15 16
`8-bit type of service
`(TOS)
`
`16-bit total length (in bytes)
`
`31
`
`3-bit
`16-bit identification I flags
`
`13-bit fragment offset
`
`8-bit time to live I
`(TTL)
`
`8-bit protocol
`
`16-bit header checksum
`
`20 bytes
`
`32-bit source IP address
`
`32-bit destination IP address
`
`7
`
`options (if any)
`
`data
`
`UDP Header
`0
`
`TCP Header
`0
`
`15 16
`16-bit source port number I
`
`16-bit destination port number
`
`16-bit UDP length
`
`16-bit UDP checksum
`
`data (if any)
`
`15 16
`
`7
`
`31
`
`31
`
`16-bit source port number
`
`16-bit destination port number
`
`32-bit sequence number
`
`32-bit acknowledgment number
`
`20 bytes
`
`reserved
`4-bit header
`I
`(6 bits)
`length ~_
`16-bit TCP checksum
`
`16-bit window size
`
`16-bit urgent pointer
`
`options (if any)
`
`data (if any)
`
`Ex.1008.004
`
`DELL
`
`

`

`TCP/IP Illustrated, Volume 1
`
`Ex.1008.005
`
`DELL
`
`

`

`Addison-Wesley Professional ComPuting Series
`Brian W. Kernighan, Consulting Editor
`
`Ken Arnold/John Peyton, A C User’s Guide to ANSI C
`Matthew H. Austern, Generic Programming and the STL: Using and Extending the C ++ Standard Template Library
`David R. Butenhof, Programming with POSIX~
`Threads
`Brent Callaghan, NFS Illustrated
`Tom Cargill, C++ Programming Style
`William R. Cheswick/Steven M. Bellovin, Firewalls and lnternet Security: Repelling the Wily Hacker
`David A. Curry, UNIX ~ System Security: A Guide for Users and System Administrators
`Erich Gamma/Richard Helm/Ralph Johnson/John Vlissides, Design Patterns: Elements of
`Reusable Object-Oriented Software
`Erich Gamma/Richard Helm/Ralph Johnson/John Vlissides, Design Patterns CD: Elements of
`Reusable Object-Oriented Software
`Peter Haggar, Practical Java
`TM Programming Language Guide
`David R. Hanson, C Interfaces and Implementations: Techniques for Creating Reusable Software
`Mark Harrison/Michael McLen_nan, Effective Tcl/Tk Programming: Writing Better Programs with TcI and Tk
`® Programming with C++
`
`Michi Henning/Steve Vinoski, Advanced CORBA
`Brian W. Kernighan/Rob Pike, The Practice of Programming
`S. Keshav, An Engineering Approach to Computer Networking: ATM Networks, the Internet, and
`the Telephone Network
`John Lakos, Large-Scale C++ Software Design
`Scott Meyers, Effective C++ CD: 85 Specific Ways to Improve Your Programs and Designs
`Scott Meyers, Effective
`C++, Second Edition: 50 Specific Ways to Improve Your Programs and Designs
`Scott Meyers, More Effective C++: 35 New Ways to Improve Your Programs and Designs
`Robert B. Murray, C++ Strategies and Tactics
`David R. Musser/Atul Saini, STL Tutorial and Reference Guide: C ++ Programming with the
`Standard Template Library
`John K. Ousterhout, Tcl and the Tk Toolkit
`Craig Partridge, Gigabit Networking
`J. Stephen Pendergrast Jr., Desktop KornShell Graphical Programming
`Radia Perlman, Interconnections, Second Edition: Bridges, Routers, Switches, and Internetworking Protocols
`David M. Piscitello/A. Lyman Chapin, Open Systems Networking: TCP/IP and OSI
`Stephen A. Rago, UNIX~ System V Network Programming
`Curt Schimmel, UNIX ~ Systems for Modern Architectures: Symmetric Multiprocessing and Caching
`for Kernel Programmers
`W. Richard Stevens, Advanced Programming in the UNIX~ Environment
`W. Richard Stevens, TCP/IP Illustrated, Volume 1: The Protocols
`W. Richard Stevens, TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNIX®
`Domain Protocols
`Gary R. Wright/W. Richard Stevens, TCP/IP Illustrated, Volume 2: The Implementation
`
`Please see our web site (http://www.awl.com/cseng/series/professionalcomputing) for more information on these titles.
`
`Ex.1008.006
`
`DELL
`
`

`

`TCP/IP Illustrated, Volume 1
`
`The Protocols
`
`W. Richard Stevens
`
`¯
`
`ADDISON-WESLEY
`Boston ¯ San Francisco ¯ New York ¯ Toronto ¯ Montreal
`London ° Munich ¯ Paris ¯ Madrid
`° Tokyo ¯ Singapore ¯ Mexico City
`Capetown ° Sydney
`
`Ex.1008.007
`
`DELL
`
`

`

`Many of the designations used by manufacturers and sellers to distinguish their products are claimed as
`trademarks. Where those designations appear in this book, and we were aware of a trademark claim, the
`designations have been printed in initial capital letters or in all capitals.
`
`The author and publisher have taken care in the preparation of this book, but make no expressed or
`implied warranty of any kind and assume no responsibility for errors or omissions. No liability is
`assumed for incidental or consequential damages in connection with or arising out of the use of the
`information or programs contained herein.
`
`The publisher offers discounts on this book when ordered in quantity for special sales. For more ~nforma-
`tion, please contact:
`
`Pearson Education Corporate Sales Division
`One Lake Street
`Upper Saddle River, NJ 07458
`(800) 382-3419
`corpsales @pearsontechgroup .corn
`
`Visit AW on the Web: www.awl.com/cseng/
`
`Library of Congress Cataloging-in-Publication Data
`Stevens, W. Richard
`TCP/IP Illustrated: the protocols/W. Richard Stevens.
`p. cm.-(Addison-Wesley professional computing series)
`Includes bibliographical references-and index.
`ISBN 0-201-63346-9 (v.1)
`1.TCP/IP (Computer network protocol) I. Title. II. Series.
`TK5105.55S74 1994
`004.6’2~c20
`
`Copyright © 1994 by Addxson Wesley
`
`UNIX is a technology trademark of X/Open Company, Ltd.
`
`All rights reserved. No part of this publication may be reproduced, stored in a retrieval system,
`or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording,
`or other-wise, without the prior consent of the publisher. Printed in the United States of
`America. Published
`simultaneously in Canada.
`
`ISBN 0-201-63346-9
`Text printed on recycled paper
`18 19 20 21 22--MA--0403020100
`18th printing, October 2000
`
`Ex.1008.008
`
`DELL
`
`

`

`To Brian Kernighan and John Wait,
`for their encouragement, faith, and support
`over the past 5 years.
`
`Ex.1008.009
`
`DELL
`
`

`

`Praise for TCP/IP illustrated, Volume 1: The Protocols
`
`"This is sure to be the bible for TCP/IP developers and users. Within minutes of picking up the text,
`I encountered several scenarios which had tripped-up both my colleagues and myself in the past.
`Stevens reveals many of the mysteries once held tightly by the ever-elusive networking gums.
`Having been involved in the implementation of TCP/IP for some years now, I consider this by far
`the finest text to date."
`
`-- Robert A. Ciampa, Network Engineer, Synernetics, division of 3COM
`
`"While all of Stevens’ books are readable and technically excellent, this new opus is awesome.
`Although many books describe the TCP/IP protocols, Stevens provides a level of depth and real-
`world detail lacking from the competition. He puts the reader inside TCP/IP using a visual approach
`and shows the protocols in action."
`
`-- Steven Baker, Networking Columnist, Unix Review
`
`"TCP/IP Illustrated, Volume 1 is an excellent reference for developers, network administrators, or
`anyone who needs to understand TCP/IP technology. TCP/IP Illustrated is comprehensive in its
`coverage of TCP/IP topics, providing enough details to satisfy the experts while giving enough
`background and commentary for the novice."
`
`-- Bob Williams, V.P. Marketing, NetManage, Inc.
`
`"... the difference is that Stevens wants to show as well as tell about the protocols. His principal
`teaching tools are straight-forward explanations, exercises at the ends of chapters, byte-by-byte
`diagrams of headers and the like, and listings of actual traffic as examples."
`
`-- Walter Zintz, UnixWorld
`
`"Much better than theory only ... W. Richard Stevens takes a multihost-based configuration and uses
`
`
`it as a travelogue of TCP/IP examples with illustrations. TCP/IP Illustrated, Volume I is based on
`practical examples that reinforce the theory -- distinguishing this book from others on the subject,
`and making it both readable and informative."
`
`-- Peter M. Haverlock, Consultant, IBM TCP/IP Development
`
`"The diagrams he uses are excellent and his writing style is clear and readable. In sum, Stevens has
`made a complex topic easy to understand. This book merits everyone’s attention. Please read it and
`keep it on your bookshelf."
`-- Elizabeth Zinkann, Sys Admin
`
`"W. Richard Stevens has produced a fine text and reference work. It is well organized and very
`clearly written with, as the title suggests, many excellent illustrations exposing the intimate details
`of the logic and operation of IP, TCP, and the supporting cast of protocols and applications."
`
`-- Scott Bradner, Consultant, Harvard University OIT/NSD
`
`Ex.1008.010
`
`DELL
`
`

`

`Contents
`
`Preface
`
`Chapter 1.
`1.1
`1.2
`1.3
`1.4
`1.5
`1.6
`1.7
`1.8
`1.9
`1.10
`1.11
`1.12
`1.13
`1.14
`1.15
`1.16
`1.17
`
`6
`
`Introduction
`Introduction 1
`Layering 1
`TCP/IP Layering
`7
`Internet Addresses
`The Domain Name System
`9
`Encapsulation
`Demultiplexing
`11
`Client-Server Model 12
`Port Numbers 12
`Standardization Process 14
`RFCs 14
`Standard, Simple Services
`The Internet 16
`Implementations 16
`Application Programming Interfaces
`Test Network 18
`Summary 19
`
`9
`
`15
`
`xv
`
`17
`
`vii
`
`Ex.1008.011
`
`DELL
`
`

`

`viii
`
`TCP/IP Illustrated
`
`Chapter 2.
`2.1
`2.2
`2.3
`2.4
`2.5
`2.6
`2.7
`2.8
`2.9
`2.10
`2.11
`
`Chapter 3.
`3.1
`3.2
`3.3
`3.4
`3.5
`3.6
`3.7
`3.8
`3.9
`3.10
`3.11
`
`Chapter 4.
`4.1
`4.2
`4.3
`4.4
`4.5
`4.6
`4.7
`4.8
`4.9
`
`Chapter 5.
`5.1
`5.2
`5.3
`5.4
`5.5
`
`Link Layer
`
`21
`
`Introduction 21
`Ethernet and IEEE 802 Encapsulation
`Trailer Encapsulation
`23
`SLIP: Serial Line IP
`24
`Compressed SLIP
`25
`PPP: Point-to-Point Protocol 26
`Loopback Interface
`28
`MTU 29
`Path MTU 30
`Serial Line Throughput Calculations 30
`Summary 31
`
`IP: Internet Protocol
`Introduction
`33
`34
`IP Header
`37
`IP Routing
`Subnet Addressing 42
`Subnet Mask 43
`Special Case IP Addresses
`A Subnet Example
`46
`±fconf±g Command
`47
`49
`neLsLaL Command
`IP Futures
`49
`Summary
`50
`
`45
`
`ARP: Address Resolution Protocol
`Introduction
`53
`An Example
`54
`ARP Cache
`56
`ARP Packet Format
`ARP Examples
`57
`60
`Proxy ARP
`Gratuitous ARP
`arp Command
`Summary 63
`
`62
`63
`
`56
`
`RARP: Reverse Address Resolution Protocol
`Introduction 65
`RARP Packet Format 65
`RARP Examples 66
`RARP Server Design 67
`Summary 68
`
`Contents
`
`21
`
`33
`
`53
`
`65
`
`Ex.1008.012
`
`DELL
`
`

`

`TCP/IP Illustrated
`
`Contents
`
`ix
`
`Chapter 6.
`6.1
`6.2
`6.3
`6.4
`6.5
`6.6
`6.7
`
`Chapter 7.
`7.1
`7.2
`7.3
`7.4
`7.5
`
`Chapter 8.
`8.1
`8.2
`8.3
`8.4
`8.5
`8.6
`
`Chapter 9.
`9.1
`9.2
`9.3
`9.4
`9.5
`9.6
`9.7
`
`Chapter 10.
`10.1
`10.2
`10.3
`10.4
`10.5
`10.6
`10.7
`10.8
`10.9
`
`ICMP: Internet Control Message Protocol
`Introduction 69
`ICMP Message Types 70
`ICMP Address Mask Request and Reply 72
`ICMP Timestamp Request and Reply 74
`ICMP Port Unreachable Error 77
`4.4BSD Processing of ICMP Messages 81
`Summary 83
`
`Ping Program
`85
`Introduction
`85
`Ping Program
`IP Record Route Option
`IP Timestamp Option
`Summary 96
`
`91
`95
`
`Traceroute Program
`Introduction 97
`Traceroute Program Operation
`LAN Output
`99
`WAN Output
`102
`IP Source Routing Option 10z~
`Summary 109
`
`97
`
`117
`
`IP Routing
`Introduction 111
`Routing Principles 112
`ICMP Host and Network Unreachable Errors
`To Forward or Not to Forward
`119
`ICMP Redirect Errors 119
`ICMP Router Discovery Messages 123
`Summary 125
`
`Dynamic Routing Protocols
`Introduction 127
`Dynamic Routing 127
`Unix Routing Daemons 128
`RIP: Routing Information Protocol
`RIP Version 2 136
`OSPF: Open Shortest Path First
`137
`138
`BGP: Border Gateway Protocol
`CIDR: Classless Interdomain Routing 140
`Summary 141
`
`129
`
`69
`
`85
`
`97
`
`111
`
`127
`
`t
`
`Ex.1008.013
`
`DELL
`
`

`

`x
`
`TCP/IP Illustrated
`
`Chapter 11. UDP: User Datagram Protocol
`11.1
`Introduction
`143
`11.2
`UDP Header
`144
`11.3
`UDP Checksum 144
`11.4
`A Simple Example
`147
`11.5
`IP Fragmentation
`148
`11.6
`ICMP Unreachable Error (Fragmentation Required)
`11.7
`Determining the Path MTU Using Traceroute
`153
`Path MTU Discovery with UDP 155
`11.8
`11.9
`Interaction Between UDP and ARP 157
`11.10 Maximum UDP Datagram. Size
`159
`11.11
`ICMP Source Quench Error
`160
`11.12 UDP Server Design 162
`11.13 Summary 167
`
`151
`
`Chapter 12.
`12.1
`12.2
`12.3
`12.4
`12.5
`
`Chapter 13.
`13.1
`13.2
`13.3
`13.4
`13.5
`
`Broadcasting and Multicasting
`Introduction
`169
`Broadcasting
`171
`Broadcasting Examples
`M ulticasting
`175
`Summary
`178
`
`172
`
`IGMP: Internet Group Management Protocol
`Introduction 179
`180
`IGMP Message
`180
`IGMP Protocol
`An Example 183
`Summary 186
`
`Chapter 14. DNS: The Domain Name System
`14.1
`Introduction
`187
`14.2
`DNS Basics
`188
`14.3
`DNS Message Format 191
`14.4
`A Simple Example 194
`14.5
`Pointer Queries 198
`14.6
`Resource Records 201
`14.7 Caching 203
`14.8 UDP or TCP 206
`14.9
`Another Example
`14.10 Summary 208
`
`206
`
`Contents
`
`143
`
`169
`
`179
`
`187
`
`Ex.1008.014
`
`DELL
`
`

`

`TCP/IP Illustrated
`
`Contents
`
`xi
`
`Chapter 15.
`15.1
`15.2
`15.3
`15.4
`15.5
`
`Chapter 16.
`16.1
`16.2
`16.3
`16.4
`16.5
`16.6
`16.7
`
`Chapter 17.
`17.1
`17.2
`17.3
`17.4
`
`Chapter 18.
`18.1
`18.2
`18.3
`18.4
`18.5
`18.6
`18.7
`18.8
`18.9
`18.10
`18.11
`18.12
`
`Chapter 19.
`19.1
`19.2
`19.3
`19.4
`19.5
`19.6
`
`TFTP: Trivial File Transfer Protocol
`Introduction 209
`Protocol 209
`An Example 211
`Security
`213
`Summary
`213
`
`BOOTP: Bootstrap Protocol
`Introduction 215
`BOOTP Packet Format
`An Example 218
`219
`BOOTP Server Design
`BOOTP Through a Router 220
`Vendor-Specific Information 221
`Summary 222
`
`215
`
`TCP: Transmission Control Protocol
`Introduction
`223
`TCP Services
`223
`TCP Header
`225
`S.ummary
`227
`
`229
`
`TCP Connection Establishment and Termination
`Introduction 229
`Connection Establishment and Termination
`Timeout of Connection Establishment
`235
`Maximum Segment Size
`236
`TCP Half-Close 238
`TCP State Transition Diagram
`Reset Segments 246
`Simultaneous Open
`250
`Simultaneous Close
`252
`TCP Options 253
`TCP Server Design 254
`Summary 260
`
`240
`
`TCP Interactive Data Flow
`Introduction 263
`Interactive Input 263
`Delayed Acknowledgments
`Nagle Algorithm 267
`Window Size Advertisements
`Summary 274
`
`265
`
`274
`
`209
`
`215
`
`223
`
`229
`
`263
`
`Ex.1008.015
`
`DELL
`
`

`

`xii
`
`TCP/IP Illustrated
`
`TCP Bulk Data Flow
`Chapter 20.
`Introduction 275
`20.1
`275
`Normal Data Flow
`20.2
`280
`Sliding Windows
`20.3
`282
`20.4 Window Size
`284
`20.5
`PUSH Flag
`285
`20.6
`Slow Start
`20.7
`Bulk Data Throughput
`20.8
`Urgent Mode 292
`20.9
`Summary 296
`
`286
`
`Chapter 21.
`21.1
`21.2
`21.3
`21.4
`21.5
`21.6
`21.7
`21.8
`21.9
`21.10
`21.11
`21.12
`
`TCP Timeout and Retransmission
`Introduction 297
`Simple Timeout and Retransmission Example
`Round-Trip Time Measurement
`299
`An RTT Example 301
`Congestion Example 306
`Congestion Avoidance Algorithm
`310
`Fast Retransmit and Fast Recovery Algorithms
`Congestion Example (Continued)
`313
`Per-Route Metrics 316
`ICMP Errors 317
`Repacketization 320
`Summary 321
`
`298
`
`312
`
`TCP Persist Timer
`Chapter 22.
`Introduction
`323
`22.1
`An Example
`22.2
`323
`Silly Window Syndrome
`22.3
`22.4 Summary 330
`
`325
`
`Chapter 23.
`23.1
`23.2
`23.3
`23.4
`
`TCP Keepaiive Timer
`Introduction
`331
`Description
`332
`Keepalive Examples
`Summary 337
`
`333
`
`TCP Futures and Performance
`Chapter 24.
`Introduction 339
`24.1
`Path MTU Discovery 340
`24.2
`Long Fat Pipes 344
`24.3
`24.4 Window Scale Option 347
`
`Contents
`
`275
`
`297
`
`323
`
`331
`
`339
`
`Ex.1008.016
`
`DELL
`
`

`

`TCP/IP Illustrated
`
`Contents
`
`xiii
`
`24.5
`24.6
`24.7
`24.8
`24.9
`
`Timestamp Option 349
`PAWS: Protection Against Wrapped Sequence Numbers 351
`T/TCP: A TCP Extension for Transactions 351
`TCP Performance
`354
`Summary 356
`
`Chapter 25. SNMP: Simple Network Management Protocol
`25.1
`Introduction 359
`25.2
`Protocol 360
`25.3
`Structure of Management Information 363
`25.4
`Object Identifiers 364
`25.5
`Introduction to the Management Information Base
`25.6
`Instance Identification 367
`25.7
`Simple Examples 370
`Management Information Base (Continued) 372
`25.8
`25.9
`Additional Examples 382
`25.10 Traps 385
`25.11 ASN.1 and BER
`25.12 SNMP Version 2
`25.13 Summary 388
`
`386
`387
`
`365
`
`Chapter 26. Telnet and Rlogin: Remote Login
`26.1
`Introduction 389
`Rlogin Protocol
`26.2
`26.3
`Rlogin Examples
`26.4
`Telnet Protocol
`26.5
`Telnet Examples
`Summary 417
`26.6
`
`391
`396
`401
`406
`
`Chapter 27.
`27.1
`27.2
`27.3
`27.4
`
`FTP: File Transfer Protocol
`Introduction
`419
`FTP Protocol
`419
`FTP Examples 426
`Summary 439
`
`Chapter 28.
`28.1
`28.2
`28.3
`28.4
`28.5
`
`SMTP: Simple Mail Transfer Protocol
`Introduction 441
`SMTP Protocol
`SMTP Examples
`SMTP Futures
`Summary 459
`
`442
`448
`452
`
`359
`
`389
`
`419
`
`441
`
`Ex.1008.017
`
`DELL
`
`

`

`xiv
`
`TCP/IP Illustrated
`
`Chapter 29.
`29.1
`29.2
`29.3
`29.4
`29.5
`29.6
`29.7
`29.8
`
`Chapter 30.
`30.1
`30.2
`30.3
`30.4
`30.5
`30.6
`
`NFS: Network File System
`Introduction 461
`Sun Remote Procedure Call 461
`XDR: External Data Representation
`Port Mapper
`465
`NFS Protocol
`467
`NFS Examples
`474
`NFS Version 3 479
`Summary 480
`
`465
`
`Other TCP/IP Applications
`Introduction 481
`Finger Protocol
`481
`483
`Whois Protocol
`Archie, WAIS, Gopher, Veronica, and WWW
`X Window System
`486
`Summary 490
`
`484
`
`Appendix A.
`A.1
`A.2
`A.3
`A.4
`A.5
`A.6
`
`The tcpdump Program
`BSD Packet Filter 491
`SunOS Network Interface Tap 493
`SVR4 Data Link Provider Interface
`t cpdump Output 495
`Security Considerations
`Socket Debug Option
`
`496
`496
`
`494
`
`Appendix B.
`
`Computer Clocks
`
`Appendix C.
`
`The sock Program
`
`Appendix D.
`
`Solutions to Selected Exercises
`
`Appendix E.
`E.1
`E.2
`E.3
`E.4
`E.5
`E.6
`
`Configurable Options
`BSD/386 Version 1.0
`SunOS 4.1.3 527
`System V Release 4
`Solaris 2.2
`529
`AIX 3.2.2
`536
`4.4BSD
`537
`
`526
`
`529
`
`Appendix F.
`
`Source Code Availability
`
`Bibliography
`
`Index
`
`Contents
`
`461
`
`481
`
`491
`
`499
`
`503
`
`507
`
`525
`
`539
`
`543
`
`555
`
`Ex.1008.018
`
`DELL
`
`

`

`Preface
`
`Introduction
`
`This book describes the TCP/IP protocol suite, but from a different perspective than
`other texts on TCP/IP. Instead of just describing the protocols and what they do, we’ll
`use a popular diagnostic tool to watch the protocols in action. Seeing how the protocols
`operate in varying circumstances provides a greater understanding of how they work
`and why certain design decisions were made. It also provides a look into the imple-
`mentation of the protocols, without having to wade through thousands of lines of
`source code.
`When networking protocols were being developed in the 1960s through the 1980s,
`expensive, dedicated hardware was required to see the packets going "across the wire."
`Extreme familiarity with the protocols was also required to comprehend the packets dis-
`played by the hardware. Functionality of the hardware analyzers was limited to that
`built in by the hardware designers.
`Today this has changed dramatically with the ability of the ubiquitous workstation
`to monitor a local area network [Mogul 1990]. Just attach a workstation to your net-
`work, run some publicly available software (described in Appendix A), and watch what
`
`goes by on the wire. While many people consider this a tool to be used for diagnosing
`
`network problems, it is also a powerful tool for understanding
`how the network proto-
`cols operate, which is the goal of this book.
`This book is intended for anyone wishing to understand how the TCP/IP protocols
`operate: programmers writing network applications, system administrators responsible
`for maintaining computer systems and networks utilizing TCP/IP, and users who deal
`with TCP/IP applications on a daily basis.
`
`XV
`
`Ex.1008.019
`
`DELL
`
`

`

`xvi
`
`TCP/IP Illustrated
`
`Organization of the Book
`
`Preface
`
`The following figure shows the various protocols and applications that are covered.
`The italic number by each box indicates the chapter in which that protocol or applica-
`tion is described.
`
`Chap. 7 26
`
`27
`
`28
`
`30
`
`8
`
`14
`
`15
`
`16
`
`25
`
`29
`
`5
`
`~
`
`media
`
`(Numerous fine points are missing from this figure that will be discussed in the appro-
`priate chapter. For example, both the DNS and RPC use TCP, which we don’t show.)
`We take a bottom-up approach to the TCP/IP protocol suite. After providing a
`basic introduction to TCP/IP in Chapter 1, we will start at the link layer in Chapter 2
`and work our way up the protocol stack. This provides the required background for
`later chapters for readers who aren’t familiar with TCP/IP or networking in general.
`This book also uses a functional approach instead of following a strict bottom-to-
`top order. For example, Chapter 3 describes the IP layer and the IP header. But there
`are numerous fields in the IP header that are best described in the context of an applica-
`tion that uses or is affected by a particular field. Fragmentation, for example, is best
`understood in terms of UDP (Chapter 11), the protocol often affected by it. The time-to-
`live field is fully described when we look at the Traceroute program in Chapter 8,
`because this field is the basis for the operation of the program. Similarly, many features
`of ICMP are described in the later chapters, in terms of how a particular ICMP message
`is used by a protocol or an application.
`We also don’t want to save all the good stuff until the end, so we describe TCP/IP
`applications as soon as we have the foundation to understand them. Ping and Trace-
`route are described after IP and ICMP have been discussed. The applications built on
`UDP (multicasting, the DNS, TFTP, and BOOTP) are described after UDP has been
`
`Ex.1008.020
`
`DELL
`
`

`

`TCP/IP Illustrated
`
`Preface xvii
`
`examined. The TCP applications, however, along with network management, must be
`saved until the end, after we’ve thoroughly described TCP. This text focuses on how
`these applications use the TCP/IP protocols. We do not provide all the details on run-
`ning these applications.
`
`Readers
`
`This book is self-contained and assumes no specific knowledge of networking or
`TCP/IP. Numerous references are provided for readers interested in additional details
`on specific topics.
`This book can be used in many ways. It can be used as a self-study reference and
`covered from start to finish by someone interested in all the details on the TCP/IP
`protocol suite. Readers with some TCP/IP background might want to skip ahead and
`start with Chapter 7, and then focus on the specific chapters in which they’re interested.
`Exercises are provided at the end of the chapters, and most solutions are in Appen-
`dix D. This is to maximize the usefulness of the text as a self-study reference.
`When used as part of a one- or two-semester course in computer networking, the
`focus should be on IP (Chapters 3 and 9), UDP (Chapter 11), and TCP (Chapters 17-24),
`along with some of the application chapters.
`Many forward and backward references are provided throughout the text, along
`with a thorough index, to allow individual chapters to be studied by themselves. A list
`of all the acronyms used throughout the text, along with the compound term for the
`acronym, appears on the inside back covers.
`If you have access to a network you are encouraged to obtain the software used in
`this book (Appendix F) and experiment on your own. Hands-on experimentation with
`the protocols will provide the greatest knowledge (and make it more fun).
`
`Systems Used for Testing
`
`Every example in the book was run on an actual network and the resulting output
`saved in a file for inclusion in the text. Figure 1.11 (p. 18) shows a diagram of the differ-
`ent hosts, routers, and networks that are used. (This figure is also duplicated on the
`inside front cover for easy reference while reading the book.) This collection of net-
`works is simple enough that the topology doesn’t confuse the examples, and with four
`systems acting as routers, we can see the error messages generated by routers.
`Most of the systems have a name that indicates the type of software being used:
`and so on. In this way we can identify the type
`bsdi, svr4, sun, solaris, aix, slip,
`of software that we’re dealing with by looking at the system name in the printed output.
`A wide range of different operating systems and TCP/IP implementations are used:
`
`BSD/386 Version 1.0 from Berkeley Software Design, Inc., on the hosts named
`bsdi and slip. This system is derived from the BSD Networking Software,
`Release 2.0. (We show the lineage of the various BSD releases in Figure 1.10 on
`p. 17.)
`
`Ex.1008.021
`
`DELL
`
`

`

`xviii TCP/IP Illustrated
`
`Preface
`
`Unix System V/386 Release 4.0 Version 2.0 from U.H. Corporation, on the host
`named svr4. This is vanilla SVR4 and contains the standard implementation of
`TCP/IP from Lachman Associates used with most versions of SVR4.
`
`SunOS 4.1.3 from Sun Microsystems, on the host named sun. The SunOS 4.1.x
`systems are probably the most widely used TCP/IP implementations. The
`TCP/IP code is derived from 4.2BSD and 4.3BSD.
`Solaris 2.2 from Sun Microsystems, on the host named solaris. The Solaris 2.x
`systems have a different implementation of TCP/IP from the earlier SunOS 4.1.x
`systems, and from SVR4. (This operating system is really SunOS 5.2, but is com-
`monly called Solaris 2.2.)
`
`AIX 3.2.2 from IBM on the host "named aix. The TCP/IP implementation is
`based on the 4.3BSD Reno release.
`
`4.4BSD from the Computer Systems Research Group at the University of Califor-
`nia at Berkeley, on the host
`edu. This system has the
`vangogh, cs. berkeley,
`latest release of TCP/IP from Berkeley. (This system isn’t shown in the figure on
`the inside front cover, but is reachable across the Internet.)
`
`Although these are all Unix systems, TCP/IP is operating system independent, and is
`available on almost every popular non-Unix system. Most of this text also applies to
`these non-Unix implementations, although some programs (such as Traceroute) may
`not be provided on all systems.
`
`Typographical Conventions
`
`When we display interactive input and output we’ll show our typed input in a bold
`font, and the computer output like this. Comments are added in italics.
`
`bsdi % telnet svr4 discard
`Trying 140.252,13.34...
`Connected to svr4.
`
`connect to the discard server
`this line and next output by Telnet client
`
`Also, we always include the name of the system as part of the shell prompt (bsdi in
`this example) to show on which host the command was run.
`
`Throughout the text we’ll use indented, parenthetical notes such as this to describe historical
`points or implementation details,
`
`We sometimes refer to the complete description of a command in the Unix manual
`as in ifconfig(8). This notation, the name of the command followed by a number in
`parentheses, is the normal way of referring to Unix commands. The number in paren-
`theses is the section number in the Unix manual of the "manual page" for the com-
`mand, where additional information can be located. Unfortunately not all Unix systems
`organize their manuals the same, with regard to the section numbers used for various
`groupings of commands. We’ll use the BSD-style section numbers (which is the same
`for BSD-derived systems such as SunOS 4.1.3), but your manuals may be organized
`differently.
`
`Ex.1008.022
`
`DELL
`
`

`

`TCP/IP Illustrated
`
`Acknowledgments
`
`Preface
`
`Although the author’s name is the only one to appear on the cover, the combined effort
`of many people is required to produce a quality text book. First and foremost is the
`author’s family, who put up with the long and weird hours that go into writing a book.
`Thank you once again, Sally, Bill, Ellen, and David.
`The consulting editor, Brian Kernighan, is undoubtedly the best in the business. He
`was the first one to read various drafts of the manuscript and mark it up with his infi-
`nite supply of red pens. His attention to detail, his continual prodding for readable
`prose, and his thorough reviews of the manuscript are an immense resource to a writer.
`Technical reviewers provide a different point of view and keep the author honest by
`catching technical mistakes. Their comments, suggestions, and (most importantly) criti-
`cisms add greatly to the final product. My thanks to Steve Bellovin, Jon Crowcroft, Pete
`Haverlock, and Doug Schmidt for comments on the entire manuscript. Equally valu-
`able comments were provided on portions of the manuscript by Dave Borman, Tony
`DeSimone, Bob Gilligan, Jeff Gitlin, John Gulbenkian, Tom Herbert, Mukesh Kacker,
`Barry Margolin, Paul Mockapetris, Burr Nelson, Steve Rago, James Risner, Chris
`Walquist, Phil Winterbottom, and Gary Wright. A special thanks to Dave Borman for
`his thorough review of all the TCP chapters, and to Bob Gilligan who should be listed as
`a coauthor for Appendix E.
`An author cannot work in isolation, so I would like to thank the following persons
`for lots of small favors, especially by answering my numerous e-mail questions: Joe
`Godsil, Jim Hogue, Mike Karels, Paul Lucchina, Craig Partridge, Thomas Skibo, and
`Jerry Toporek.
`This book is the result of my being asked lots of questions on TCP/IP for which I
`could find no quick, immediate answer. It was then that I realized that the easiest way
`to obtain the answers was to run small tests, forcing certain conditions to occur, and just
`watch what happens. I thank Pete Haverlock for asking the probing questions and Van
`Jacobson for providing so much of the publicly available software that is used in this
`book to answer the questions.
`A book on networking needs a real network to work with along with access to the
`Internet. My thanks to the National Optical Astronomy Observatories (NOAO), espe-
`cially Sidney Wolff, Richard Wolff, and Steve Grandi, for providing access to their net-
`works and hosts. A special thanks to Steve Grandi for answering lots of questions and
`providing accounts on various hosts. My thanks also to Keith Bostic and Kirk McKu-
`sick at the U.C. Berkeley CSRG for access to the latest 4.4BSD system.
`Finally, it is the publisher that pulls everything together and does whatever is
`required to deliver the final product to the readers. This all revolves around the editor,
`and John Wait is simply the best there is. Working with John and the rest of the profes-
`sionals at Addison-Wesley is a pleasure. Their professionalism and attention to detail
`show in the end result.
`Camera-ready copy of the book was produced by the author, a Troff die-hard, using
`the Groff package written by James Clark. I welcome electronic mail from any readers
`with comments, suggestions, or bug fixes.
`Tucson, Arizona
`October 1993
`
`Wo Richard Stevens
`rstevens@noao, edu
`http : //www. noao. edu/-rstevens
`
`Ex.1008.023
`
`DELL
`
`

`

`"|||||
`
`Ex.1008.024
`DELL Ex.1008.024
`
`DELL
`
`

`

`Introduction
`
`1.1
`
`Introduction
`
`The TCP/IP protocol suite allows computers of all sizes, from many different computer
`vendors, running totally different operating systems, to communicate with each other.
`It is quite amazing because its use has far exceeded its original estimates. What started
`in the late 1960s as a government-financed research project into packet switching net-
`works has, in the 1990s, turned into the most widely used form of networking between
`computers. It is truly an open system
`in that the definition of the protocol suite and
`many of its implementations are publicly available at little or no charge. It forms the
`basis for what is called the worldwide Internet,
`or the Internet,
`a wide area network
`(WAN) of more than one million computers that literally spans the globe.
`This chapter provides an overview of the TCP/IP protocol suite, to establish an ade-
`quate background for the remaining chapters. For a historical perspective on the early
`development of TCP/IP see [Lynch 1993].
`
`1.2
`
`Layering
`
`Networking protocols are normally developed in layers, with each layer responsible for a
`different facet of the communications. A protocol suite, such as TCP/IP, is the combina-
`tion of different protocols at various layers. TCP/IP is normally considered to be a
`4qayer system, as shown in Figure 1.1.
`
`Ex.1008.025
`
`DELL
`
`

`

`2
`
`Introduction
`
`Chapter I
`
`Application
`
`Telnet, FTP, e-mail, etc.
`
`Transport
`
`TCP, UDP
`
`Network
`
`IP, ICMP, IGMP
`
`Link
`
`device driver and interface card
`
`Figure 1.1 The four layers of the TCP/IP protocol suite.
`
`Each layer has a different responsibility.
`
`The link layer, sometimes called the data-link layer or network interface layer, nor-
`
`
`
`mally includes the device driver in the operating system and the corresponding
`network interface card in the computer. Together they handle all the hardware
`details of physically interfacing with the cable (or whatever type of media is
`being used).
`
`layer) handles the movement of
`The network layer (sometimes called the
`internet
`packets around the network. Routing of packets, for example, takes place here.
`IP (Internet Protocol), ICMP (Internet Control Message Protocol), and IGMP
`(Internet Group Management Protocol) provide the network layer in the
`TCP/IP protocol suite.
`
`The transport layer provides a flow of data between two hosts, for the applica-
`tion layer above. In the TCP/IP protocol s