In this blog, we will cover a brief history of the TCP/IP stack and list some of the popular networking tools that are based on it, such as telnet, SNMP, SSH, and DNS.
Brief History of TCP/IP
The TCP/IP was first developed by two DARPA (Defense Advanced Research Projects Agency) scientists: Vint Cerf and Bob Kahn, often referred to as the fathers of the Internet. In their work, Vint and Bob implemented the lessons learned from a previous network protocol, the Network Control Protocol (NCP). NCP was at the time the main transmission protocol in use by the ARPAnet, which is the predecessor to today’s Internet. The improvements brought by TCP/IP were so noticeable that in 1983 it replaced NCP as the official way of transmitting data for anything connecting to the ARPAnet.
After its inception at ARPAnet, TCP/IP became more popular thanks to a project that was being developed at the University of California, Berkeley. There, a group of scientists were working on a new version of the Unix operating system, which became known as Berkeley Software Distribution (BSD). In 1989, the BSD developers selected TCP/IP as the protocol stack to communicate with other systems. Since their operating system became very popular with other universities and institutions, TCP/IP followed suit. We can say that BSD paired with TCP/IP became one of the first “shareware” of the Internet. Shortly after that, also the US federal government started testing TCP/IP for adoption, further solidifying its role as a building block of the Internet as we know it.
TCP/IP and the OSI model
The TCP/IP stack is a condensed version of the OSI Model. The TCP/IP has only four layers (versus seven in the OSI model): the application layer, the host-to-host layer, the Internet layer, and the network access layer. The following picture compares the two models, OSI and TCP/IP, by matching one model’s layer with the other’s.
In each of the four layers that make the TCP/IP stack, we find different tools and protocols:
- Application layer: Telnet, FTP, SNMP, TFTP, SMTP, NFS, …
- Host-to-host layer: TCP and UDP
- Internet layer: IP, ICMP, ARP, …
- Network access layer: Wi-Fi, Ethernet, Token Ring, FDDI, …
In the following section, we’ll go through some of the most popular application layer protocols.
TCP/IP applications, tools, and protocols.
Simple Mail Transfer Protocol (SMTP) is still the current standard to send emails over the Internet. This is used for mail delivery in either a spooled or queue fashion. A destination server regularly checks for spooled or queued messages and when it detects any, the messages get delivered to the destination (mailbox). SMTP is used for sending emails whereas POP3 (see below) is used for receiving. By default, SMTP uses the TCP protocol on port 25.
Post Office Protocol (POP) is a protocol used to check for incoming mail. An email client connects to the POP3 server and downloads all messages that are addressed to that client. This method is different from IMAP, where the messages reside on the server until the client deletes them. By default, POP3 uses the TCP protocol on port 110.
Session Initiation protocol (SIP) is utilized to construct and deconstruct multimedia communication sessions. These sessions include voice and video conferencing, streaming, instant messaging, and online gaming. By default, SIP uses the UDP protocol on port 5060.
Real-Time Transport Protocol (RTP) is a packet-formatting standard for video and audio transmission over the Internet. It was designed as a multicast protocol but now it’s also leveraged for unicast communication. You’ll see this for streaming, video conferencing and push to talk applications. By default, RTP uses the UDP protocol on an unprivileged port (1024 and above).
Simple Network Management Protocol (SNMP) collects and manipulates network information by pooling the data from devices on the network at fixed or random intervals. This is useful for a very basic network monitoring system as it can send an alert called a trap when aberrations occur. SNMP uses a mix of TCP and UDP protocol and ports.
Secure Shell (SSH) is a telnet session setup over an SSL encrypted connection. This is utilized to log into other remote systems and check logs, perform troubleshooting, and more. By default, SSH uses the TCP protocol on port 22.
Hypertext Transfer Protocol (HTTP) is a standard that is used to transfer web pages, formatted in HTML format. Web browsers such as Internet Explorer and Chrome download and render HTML pages. HTTP data is passed in cleartext: for this reason it’s now replaced by HTTPS, its secure version. By default, HTTP uses the TCP protocol on port 80.
Hypertext Transfer Protocol Secure (HTTPS) is the secure version of HTTP by adding additional layers of security (SSL) to the transactions between a web browser and a server. It is required to fill out forms, sign in, authenticate and encrypt HTTP transactions or messages. By default, HTTPS uses the TCP protocol on port 443.
Network Time Protocol (NTP) is the protocol used to synchronize the clock of a host. NTP ensures that all devices on a given network are synchronized within a few milliseconds, which is a requirement for some distributed services to function correctly. By default, RTP uses the UDP protocol on port 123.
Domain name Server (DNS) DNS is a protocol used to translate a Fully Qualified Domain Name (FQDN) into an IP address. This service is used because while humans use words to communicate, computers use IP addresses. When we type a URL in a web browser, the operating system translates that into an IP address by performing a DNS query to a server. DNS failures or misconfigurations will prevent a user from accessing web pages. For this reason, a running joke in the networking world is that DNS is always the root cause of any user issues.
I hope this was a nice refresher on networking protocols both past and present. For many of us, it may be crazy to think that the Internet originated decades before AOL, when the DoD developed ARPAnet all the way back in the 60’s.