Data Encapsulation and the TCP/IP Protocol Stack
The packet is the basic unit of information that is transferred across a network. The packet consists, at a minimum, of a header with the sending and receiving hosts' addresses, and a body with the data to be transferred. As the packet travels through the TCP/IP protocol stack, the protocols at each layer either add or remove fields from the basic header. When a protocol on the sending host adds data to the packet header, the process is called data encapsulation. Moreover, each layer has a different term for the altered packet, as shown in the following figure.
Figure 2-1 How a Packet Travels Through the TCP/IP Stack
This section summarizes the life cycle of a packet. The life cycle starts when you issue a command or send a message. The life cycle finishes when the appropriate application on the receiving host receives the packet.
Application Layer--User Initiates Communication
The packet's history begins when a user on one host sends a message or issues a command that must access a remote host. The application protocol formats the packet so that the appropriate transport layer protocol, TCP or UDP, can handle the packet.
Suppose the user issues an rlogin command to log in to the remote host, as shown in Figure 2-1. The rlogin command uses the TCP transport layer protocol. TCP expects to receive data in the form of a stream of bytes that contain the information in the command. Therefore, rlogin sends this data as a TCP stream.
Not all application layer protocols use TCP, however. Suppose a user wants to mount a file system on a remote host, thus initiating the NIS+ application layer protocol. NIS+ uses the UDP transport layer protocol. Therefore, the packet that contains the command must be formatted in a manner that UDP expects. This type of packet is referred to as a message.
Transport Layer--Data Encapsulation Begins
When the data arrives at the transport layer, the protocols at the layer start the process of data encapsulation. The end result depends on whether TCP or UDP handles the information.
TCP Segmentation
TCP is often called a "connection-oriented" protocol because TCP ensures the successful delivery of data to the receiving host. Figure 2-1 shows how the TCP protocol receives the stream from the rlogin command. TCP divides the data that is received from the application layer into segments and attaches a header to each segment.
Segment headers contain sender and recipient ports, segment ordering information, and a data field that is known as a checksum. The TCP protocols on both hosts use the checksum data to determine if the data transfers without error.
Establishing a TCP Connection
TCP uses segments to determine whether the receiving host is ready to receive the data. When the sending TCP wants to establish connections, TCP sends a segment that is called a SYN to the TCP protocol on the receiving host. The receiving TCP returns a segment that is called an ACK to acknowledge the successful receipt of the segment. The sending TCP sends another ACK segment, then proceeds to send the data. This exchange of control information is referred to as a three-way handshake.
UDP Packets
UDP is a "connectionless" protocol. Unlike TCP, UDP does not check that data arrived at the receiving host. Instead, UDP formats the message that is received from the application layer into UDP packets. UDP attaches a header to each packet. The header contains the sending and receiving host ports, a field with the length of the packet, and a checksum.
The sending UDP process attempts to send the packet to its peer UDP process on the receiving host. The application layer determines whether the receiving UDP process acknowledges the reception of the packet. UDP requires no notification of receipt. UDP does not use the three-way handshake.
Internet Layer
As shown in Figure 2-1, both TCP and UDP pass their segments and packets down to the Internet layer, where the IP protocol handles the segments and packets. IP prepares them for delivery by formatting them into units called IP datagrams. IP then determines the IP addresses for the datagrams, so that they can be delivered effectively to the receiving host.
IP Datagrams
IP attaches an IP header to the segment or packet's header in addition to the information that is added by TCP or UDP. Information in the IP header includes the IP addresses of the sending and receiving hosts, datagram length, and datagram sequence order. This information is provided if the datagram exceeds the allowable byte size for network packets and must be fragmented.
Data-Link Layer--Framing Takes Place
Data-link layer protocols, such as PPP, format the IP datagram into a frame. These protocols attach a third header and a footer to "frame" the datagram. The frame header includes a cyclic redundancy check (CRC) field that checks for errors as the frame travels over the network media. Then the data-link layer passes the frame to the physical layer.
Physical Network Layer--Preparing the Frame for Transmission
The physical network layer on the sending host receives the frames and converts the IP addresses into the hardware addresses appropriate to the network media. The physical network layer then sends the frame out over the network media.
How the Receiving Host Handles the Packet
When the packet arrives on the receiving host, the packet travels through the TCP/IP protocol stack in the reverse order from that which the packet travels on the sender. Figure 2-1 illustrates this path. Moreover, each protocol on the receiving host strips off header information that is attached to the packet by its peer on the sending host. The following process occurs:
The physical network layer receives the packet in its frame form. The physical network layer computes the CRC of the packet, then sends the frame to the data link layer.
The data-link layer verifies that the CRC for the frame is correct and strips off the frame header and CRC. Finally, the data link protocol sends the frame to the Internet layer.
The Internet layer reads information in the header to identify the transmission. Then Internet layer determines if the packet is a fragment. If the transmission is fragmented, IP reassembles the fragments into the original datagram. IP then strips off the IP header and passes the datagram on to transport layer protocols.
The transport layer (TCP and UDP) reads the header to determine which application layer protocol must receive the data. Then TCP or UDP strips off its related header. TCP or UDP sends the message or stream up to the receiving application.
The application layer receives the message. The application layer then performs the operation that the sending host requested.
TCP/IP Internal Trace Support
TCP/IP provides internal trace support by logging TCP communication when an RST packet terminates a connection. When an RST packet is transmitted or received, information on as many as 10 packets, which were just transmitted is logged with the connection information.
Finding Out More About TCP/IP and the Internet
Information about TCP/IP and the Internet is widely available. If you require specific information that is not covered in this text, you can probably find what you need in the sources cited next.
Computer Books
Many books about TCP/IP and the Internet are available from your local library or computer bookstore. The following three books are recommended:
Craig Hunt. TCP/IP Network Administration - This book contains some theory and much practical information for managing a heterogeneous TCP/IP network.
W. Richard Stevens. TCP/IP Illustrated, Volume I - This book is an in-depth explanation of the TCP/IP protocols. This book is ideal for network administrators who require a technical background in TCP/IP and for network programmers.
Ed Krol. The Whole Internet User's Guide & Catalog - This book is ideal for anyone interested in using the many tools that are available for retrieving information over the Internet.
RFCs and FYIs
The Internet Architecture Board (IAB) must approve all RFCs before they are placed in the public domain. Typically, the information in RFCs is designed for developers and other highly technical readers.
Generally, for your information (FYI) documents appear as a subset of the RFCs. FYIs contain information that does not deal with Internet standards. FYIs contain Internet information of a more general nature. For example, FYI documents include a bibliography that list introductory TCP/IP books and papers. FYI documents provide an exhaustive compendium of Internet-related software tools. Finally, FYI documents include a glossary of Internet and general networking terms.
You'll find references to relevant RFCs throughout this guide and other books in the Solaris System Administrator set.