TCPIP Transmission Control Protocol Internet Protocol Netprog 2002

TCP/IP Transmission Control Protocol / Internet Protocol Netprog 2002 TCP/IP 1

TCP/IP & OSI • In OSI reference model terminology the TCP/IP protocol suite covers the network and transport layers. • TCP/IP can be used on many data- link layers (can support many network hardware implementations). Netprog 2002 TCP/IP 2

Ethernet - A Real Data-Link Layer • It will be useful to discuss a real • • data-link layer. Ethernet (really IEEE 802. 3) is widely used. Supported by a variety of physical layer implementations. Netprog 2002 TCP/IP 3

Ethernet • Multi-access (shared medium). • Every Ethernet interface has a unique • • • 48 bit address (a. k. a. hardware address). Example: C 0: B 3: 44: 17: 21: 17 The broadcast address is all 1’s. Addresses are assigned to vendors by a central authority. Netprog 2002 TCP/IP 4

CSMA/CD Carrier Sense Multiple Access with Collision Detection • Carrier Sense: can tell when another host is transmitting • Multiple Access: many hosts on 1 wire • Collision Detection: can tell when another host transmits at the same time. Netprog 2002 TCP/IP 5

An Ethernet Frame Preamble 8 bytes Destination Source Address 6 6 Len DATA CRC 2 0 -1500 4 • The preamble is a sequence of alternating 1 s • and 0 s used for synchronization. CRC is Cyclic Redundency Check Netprog 2002 TCP/IP 6

Ethernet Addressing • Each interface looks at every frame and • inspects the destination address. If the address does not match the hardware address of the interface or the broadcast address, the frame is discarded. Some interfaces can also be programmed to recognize multicast addresses. Netprog 2002 TCP/IP 7

Internet Protocol The IP in TCP/IP • IP is the network layer • packet delivery service (host-to-host). • translation between different data-link protocols. Netprog 2002 TCP/IP 8

IP Datagrams • IP provides connectionless, • • unreliable delivery of IP datagrams. Connectionless: each datagram is independent of all others. Unreliable: there is no guarantee that datagrams are delivered correctly or at all. Netprog 2002 TCP/IP 9

IP Addresses same as the underlying data-link (MAC) addresses. Rensselaer • IP addresses are not the Why ? Netprog 2002 TCP/IP 10

IP Addresses • IP is a network layer - it must be • capable of providing communication between hosts on different kinds of networks (different data-link implementations). The address must include information about what network the receiving host is on. This makes routing feasible. Netprog 2002 TCP/IP 11

IP Addresses • IP addresses are logical addresses (not physical) • 32 bits. • Includes a network ID and a host ID. • Every host must have a unique IP address. • IP addresses are assigned by a central authority (American Registry for Internet Numbers) Netprog 2002 TCP/IP 12

The four formats of IP Addresses Class A 0 Net. ID B 10 Host. ID Net. ID C 110 D 1110 8 bits Host. ID Net. ID Multicast Address 8 bits Netprog 2002 TCP/IP 13

l l Class A 128 possible network IDs over 4 million host IDs per network ID Class B l 16 K possible network IDs l 64 K host IDs per network ID Class C l over 2 million possible network IDs l about 256 host IDs per network ID Netprog 2002 TCP/IP 14

Network and Host IDs • A Network ID is assigned to an organization by a global authority. • Host IDs are assigned locally by a system administrator. • Both the Network ID and the Host ID are used for routing. Netprog 2002 TCP/IP 15

IP Addresses • IP Addresses are usually shown in dotted decimal notation: 1. 2. 3. 4 000000010 00000011 cs. rpi. edu is 128. 213. 1. 1 • 00000100 10000000 11010101 00000001 CS has a class B network Netprog 2002 TCP/IP 16

Host and Network Addresses • A single network interface is • • assigned a single IP address called the host address. A host may have multiple interfaces, and therefore multiple host addresses. Hosts that share a network all have the same IP network address (the network ID). Netprog 2002 TCP/IP 17

IP Broadcast and Network Addresses • An IP broadcast addresses has a host ID of all 1 s. • IP broadcasting is not necessarily a • true broadcast, it relies on the underlying hardware technology. An IP address that has a host ID of all 0 s is called a network address and refers to an entire network. Netprog 2002 TCP/IP 18

Subnet Addresses • An organization can subdivide it’s host address space into groups called subnets. • The subnet ID is generally used to group hosts based on the physical network topology. 10 Net. ID Subnet. ID Host. ID Netprog 2002 TCP/IP 19

Subnetting router Subnet 1 128. 213. 1. x Subnet 2 128. 213. 2. x Subnet 3 128. 213. 3. x Netprog 2002 TCP/IP 20

Subnetting • Subnets can simplify routing. • IP subnet broadcasts have a host. ID of • all 1 s. It is possible to have a single wire network with multiple subnets. Netprog 2002 TCP/IP 21

Mapping IP Addresses to Hardware Addresses • IP Addresses are not recognized by hardware. • If we know the IP address of a • host, how do we find out the hardware address ? The process of finding the hardware address of a host given the IP address is called Address Resolution Netprog 2002 TCP/IP 22

Reverse Address Resolution • The process of finding out the IP address of a host given a hardware address is called Reverse Address Resolution • Reverse address resolution is needed by diskless workstations when booting. Netprog 2002 TCP/IP 23

ARP Arp! • The Address Resolution Protocol is • • used by a sending host when it knows the IP address of the destination but needs the Ethernet address. ARP is a broadcast protocol - every host on the network receives the request. Each host checks the request against it’s IP address - the right one responds. Netprog 2002 TCP/IP 24

ARP (cont. ) • ARP does not need to be done every • time an IP datagram is sent - hosts remember the hardware addresses of each other. Part of the ARP protocol specifies that the receiving host should also remember the IP and hardware addresses of the sending host. Netprog 2002 TCP/IP 25

ARP conversation HEY - Everyone please listen! Will 128. 213. 1. 5 please send me his/her Ethernet address? not me Hi Green! I’m 128. 213. 1. 5, and my Ethernet address is 87: A 2: 15: 35: 02: C 3 Netprog 2002 TCP/IP 26

RARP conversation HEY - Everyone please listen! My Ethernet address is 22: BC: 66: 17: 01: 75. Does anyone know my IP address ? not me Hi Green! Your IP address is 128. 213. 1. 17. Netprog 2002 TCP/IP 27

Services provided by IP • Connectionless Delivery (each datagram is treated individually). • Unreliable (delivery is not guaranteed). • Fragmentation / Reassembly (based on hardware MTU). • Routing. • Error detection. Netprog 2002 TCP/IP 28

IP Datagram 1 byte VERS HL Service Fragment Length Datagram ID FLAG Fragment Offset TTL Protocol Header Checksum Source Address Destination Address Options (if any) Data Netprog 2002 TCP/IP 29

IP Datagram Fragmentation • Each fragment (packet) has the same structure as the IP datagram. • IP specifies that datagram • reassembly is done only at the destination (not on a hop-by-hop basis). If any of the fragments are lost - the entire datagram is discarded (and an ICMP message is sent to the sender). Netprog 2002 TCP/IP 30

IP Flow Control & Error Detection • If packets arrive too fast - the • receiver discards excessive packets and sends an ICMP message to the sender (SOURCE QUENCH). If an error is found (header checksum problem) the packet is discarded an ICMP message is sent to the sender. Netprog 2002 TCP/IP 31

ICMP Internet Control Message Protocol • ICMP is a protocol used for • • exchanging control messages. ICMP uses IP to deliver messages. ICMP messages are usually generated and processed by the IP software, not the user process. Netprog 2002 TCP/IP 32

ICMP Message Types • Echo Request • Echo Response • Destination Unreachable • Redirect • Time Exceeded • Redirect (route change) • there are more. . . Netprog 2002 TCP/IP 33

Transport Layer & TCP/IP Q: We know that IP is the network layer - so TCP must be the transport layer, right ? A: No… well, almost. TCP is only part of the TCP/IP transport layer - the other part is UDP (User Datagram Protocol). Netprog 2002 TCP/IP 34

Process TCP UDP ICMP, ARP & RARP Process Layer Transport Layer Network Layer IP Data-Link Layer 802. 3 Netprog 2002 TCP/IP 35

UDP User Datagram Protocol • UDP is a transport protocol • communication between processes • UDP uses IP to deliver datagrams • to the right host. UDP uses ports to provide communication services to individual processes. Netprog 2002 TCP/IP 36

Ports • TCP/IP uses an abstract • • destination point called a protocol port. Ports are identified by a positive integer. Operating systems provide some mechanism that processes use to specify a port. Netprog 2002 TCP/IP 37

UDP • Datagram Delivery • Connectionless • Unreliable • Minimal UDP Datagram Format Source Port Destination Port Length Checksum Data Netprog 2002 TCP/IP 38

TCP Transmission Control Protocol • TCP is an alternative transport layer • protocol supported by TCP/IP. TCP provides: Connection-oriented Reliable Full-duplex Byte-Stream • • Netprog 2002 TCP/IP 39

Connection-Oriented • Connection oriented means that a • • virtual connection is established before any user data is transferred. If the connection cannot be established - the user program is notified. If the connection is ever interrupted - the user program(s) is notified. Netprog 2002 TCP/IP 40

Reliable • Reliable means that every • transmission of data is acknowledged by the receiver. If the sender does not receive acknowledgement within a specified amount of time, the sender retransmits the data. Netprog 2002 TCP/IP 41

Byte Stream • Stream means that the connection is treated as a stream of bytes. • The user application does not need to package data in individual datagrams (as with UDP). Netprog 2002 TCP/IP 42

Buffering • TCP is responsible for buffering data and determining when it is time to send a datagram. • It is possible for an application to tell TCP to send the data it has buffered without waiting for a buffer to fill up. Netprog 2002 TCP/IP 43

Full Duplex • TCP provides transfer in both directions. • Piggybacking Netprog 2002 TCP/IP 44

TCP Ports • Interprocess communication via TCP is achieved with the use of ports (just like UDP). • UDP ports have no relation to TCP ports (different name spaces). Netprog 2002 TCP/IP 45

TCP Segments • The chunk of data that TCP asks IP to deliver is called a TCP segment. • Each segment contains: • data bytes from the byte stream • control information that identifies the data bytes Netprog 2002 TCP/IP 46

TCP Segment Format 1 byte Source Port Destination Port Sequence Number Request Number offset Reser. Control Window Checksum Urgent Pointer Options (if any) Data Netprog 2002 TCP/IP 47

If Ifthe thisset, is the. SYNflagisisset, NOT thisinitial is thesequencenumber The sequence number thedata actual first data byte will of theoffirst byte then be this sequence number plus 1. Netprog 2002 TCP/IP 48

if the ACK flag is set then the value of this field is the next expected sequence number that the receiver is expecting. Netprog 2002 TCP/IP 49

The size of the TCP header in 32 -bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data. Netprog 2002 TCP/IP 50

For future use and should be set to 0 s. Netprog 2002 TCP/IP 51

Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism. Netprog 2002 TCP/IP 52

indicates (1) that the TCP peer is ECN capable during 3 -way handshake, and (2) that a packet with Congestion Experienced flag in IP header set is received during normal transmission. Netprog 2002 TCP/IP 53

indicates that the URGent pointer field is significant. Netprog 2002 TCP/IP 54

indicates that the ACKnowledgment field is significant. Netprog 2002 TCP/IP 55

Push function. The set ensures that data will be delivered immediately to the application layer by the receiving transport layer Netprog 2002 TCP/IP 56

Reset the connection. Tells receiver to tear down connection immediately Netprog 2002 TCP/IP 57

Synchronize sequence numbers. Netprog 2002 TCP/IP 58

No more data from sender. Netprog 2002 TCP/IP 59

the size of the receive window, which specifies the number of bytes (beyond the sequence number in the acknowledgment field) that the receiver is currently willing to receive. Netprog 2002 TCP/IP 60

The 16 -bit checksum field is used for error-checking of the header and data. Netprog 2002 TCP/IP 61

if the URG flag is set, then this 16 -bit field is an offset from the sequence number indicating the last urgent data byte. The Urgent Pointer is used when some information has to reach the server ASAP. When the TCP/IP stack at the other end sees a packet using the Urgent Pointer, it is duty bound to stop all it's doing and immediately send this packet to the relevant server Netprog 2002 TCP/IP 62

Example • Lets assume we've got this data to send across to the guy at the other end. ABCDEFGHIJ Now for some reason or another, we're going to send the bytes across only four bytes at a time. The First Packet: ABCD The Second Packet: EFGH The Third Packet: IJ Netprog 2002 TCP/IP 63

Example • In the very first packet we send across we set the four byte sequence number to 1 i. e. the number of the first byte in the packet and the acknowledgement number as 0. ABCD 1 2 3 4 The computer across the wire will respond with an ACK packet (an acknowledgement packet with the ACK flag on in the TCP header) holding an acknowledgement number of ? . Netprog 2002 TCP/IP 64

Example • The next packet we send will have a sequence number of 5 i. e. the number of the first byte in the packet relative to the start of the data stream. The acknowledgment number will be the other guys sequence number + 1. EFGH 5 6 7 8 Netprog 2002 TCP/IP 65

Example • We will then receive an ACK with the acknowledgement number set to 9; the byte we have to start our next packet with. We then shot off the last two bytes and wait for the ACK and when that comes, we know that all the bytes we've sent across has reached the computer at the other end. IJ 9 10 Netprog 2002 TCP/IP 66

Three-way Handshake • Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3 -step) handshake occurs: üThe active open is performed by the client sending a SYN to the server. It sets the segment's sequence number to a random value. Netprog 2002 TCP/IP 67

Three-way Handshake üIn response, the server replies with a SYN-ACK. The acknowledgment number is set to one more than the received sequence number, and the sequence number is random. üFinally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgement value, and the acknowledgement number is set to one more than the received sequence number. Netprog 2002 TCP/IP 68

Three-way Handshake üAt this point, both the client and server have received an acknowledgment of the connection. Netprog 2002 TCP/IP 69

Connection Termination • A four-way handshake, with each side of the • • connection terminating independently When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. A typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. Netprog 2002 TCP/IP 70

TCP : Connection Client Host Client Send SYN seq=x Receive SYN +ACK segment Host Send FIN seq=x Receive SYN segment Send SYN seq=y, ACK x+1 Send ACK y+1 Receive ACK segment Establishing a TCP Connection Receive ACK segment Receive FIN + ACK segment Send ACK y+1 Receive FIN segment Send ACK x+1 Send FIN seq=y, ACK x+1 Receive ACK segment Closing a TCP Connection Netprog 2002 TCP/IP 71

TCP : Data transfer Client Timer Send Packet 1 Start Timer Host Packet Lost ACK would normally Arrive at this time Packet should arrive ACK should be sent Time Expires Timer Retransmit Packet 1 Start Timer Receive Packet 1 Send ACK 1 Receive ACK 1 Cancel Timer Netprog 2002 TCP/IP 72

TCP vs. UDP Q: Which protocol is better ? A: It depends on the application. TCP provides a connection-oriented, reliable byte stream service (lots of overhead). UDP offers minimal datagram delivery service (as little overhead as possible). Netprog 2002 TCP/IP 73

TCP/IP Summary • IP: network layer protocol • unreliable datagram delivery between hosts. • UDP: transport layer protocol • unreliable datagram delivery between processes. • TCP: transport layer protocol • reliable, byte-stream delivery between processes. Netprog 2002 TCP/IP 74

Hmmmmm. TCP or UDP ? • Internet commerce ? • Video server? • File transfer? • Email ? • Chat groups? • Robotic surgery controlled remotely over a network? Netprog 2002 TCP/IP 75

Example 1: Server Sends IP datagram to PC • How to routing, i e. , why server knows to send the IP packet to the router first ? Look up routing table, in detail, • • by complete destination IP address, if not found • by network ID of destination IP address, if not found • the default router is selected. (In this example, we assume the router r is the default router). • The IP address of a home computer connected to the Internet through modem is dynamically assigned (DHCP). Netprog 2002 TCP/IP 76

S sends a packet to R: 1. 2. 3. 4. 5. Find R’s IP address by DNS. Check its routing table for R, if find (next hop), send to it. Otherwise, send to default router Needs to find the physical address of the next hop router. The router checks its routing table for the next hop and send to it. s G net 1 net 3 G G G net 2 net 5 G net 4 G R 6. continue until the packet reaches the router in the same LAN with R. 7. The router finds R’s physical address and sends to it. Netprog 2002 TCP/IP Figure 2. 8 77

Big picture: web document browsing • • Suppose a user on PC clicks a link of a document contained in the server, and HTTP client passes a request to TCP layer asking for setting up a TCP connection, and the TCP connection between the PC and the server has been established. The http client then passes http request message (such as GET /…. ) to TCP layer. Netprog 2002 TCP/IP 78

Big picture: HTTP request is passed down HTTP Request c, 80 Header contains source and destination port numbers TCP Header contains source and destination IP addresses; transport protocol type Header contains source and destination physical addresses; network protocol type IP Header Frame Check Sequence ppp Header Netprog 2002 TCP/IP 79

Big picture: web document browsing • • The ppp driver (data link entity) in PC forms a PPP frame and sends the frame to the other end of the PPP link, i. e. , router The router extracts IP packet (from the PPP frame), makes routing decision according on destination IP address, forms an Ethernet frame (encapsulating the IP packet) and broadcasts it onto Ethernet The server NIC captures the frame, extracts the IP packet and passes it to IP entity, then to TCP entity and then to HTTP server Finally the server retrieves the document and puts it in HTTP response packet and sends back to PC. Netprog 2002 TCP/IP 80

Sever processes multiple requests • Q: there is one http server, there may be several http clients which sends http requests to the http server simultaneously, so there are several connections at the same with the same destination IP address, same port number: 80, and the same protocol type: TCP. How does the server distinguish these connections and process them separately? http client http server http client Netprog 2002 TCP/IP 81

Sever processes multiple requests • Answer: the way to specify the end-to-end process-toprocess connection. • • Socket address: port number + IP address + protocol type Sender socket address: sender port number + sender IP address + protocol type Receiver socket address: receiver port number + receiver IP address + protocol type. Connection = sender socket address + receiver socket address http client c 2, m 1; s, 80, TCP m 1 http client http server cc, m 3; s, 80, TCP c 1, m 1; s, 80, TCP m 2 http client m 3 Netprog 2002 TCP/IP 82

Application protocols and TCP/IP utilities • telnet: remote login. Also a tool to test other protocols. • FTP: File Transfer Protocols. • Ping: determine whether a host is reachable • Traceroute: determine the route that a packet will take to another host • Netstate: provide information about the network status of a local host • TCPdump: capture and observe packet exchange in a link. Netprog 2002 TCP/IP 83

A simple TCP/IP Example • A user on host argon. tcpip-lab. edu (“Argon”) makes a web access to URL http: //neon. tcpip-lab. edu/index. html. Netprog 2002 TCP/IP 84

HTTP Request and HTTP response • Web browser runs an HTTP client program • Web server runs an HTTP server program • HTTP client sends an HTTP request to HTTP server • HTTP server responds with HTTP response Netprog 2002 TCP/IP 85

From HTTP to TCP • To send request, HTTP client program establishes an • TCP connection to the HTTP server Neon. The HTTP server at Neon has a TCP server running Netprog 2002 TCP/IP 86

Resolving hostnames and port numbers • Since TCP does not work with hostnames and also would not know how to find the HTTP server program at Neon, two things must happen: 1. The name “neon. tcpip-lab. edu” must be translated into a 32 -bit IP address. 2. The HTTP server at Neon must be identified by a 16 -bit port number. Netprog 2002 TCP/IP 87

Translating a hostname into an IP address • The translation of the hostname neon. tcpip-lab. edu into an IP address is done via a database lookup • • The distributed database used is called the Domain Name System (DNS) All machines on the Internet have an IP address: argon. tcpip-lab. edu 128. 143. 137. 144 neon. tcpip-lab. edu 128. 143. 71. 21 Netprog 2002 TCP/IP 88

Finding the port number • Note: Most services on the Internet are reachable via • well-known ports. E. g. All HTTP servers on the Internet can be reached at port number “ 80”. So: Argon simply knows the port number of the HTTP server at a remote machine. • The well-known port numbers of some of the most popular services are: ftp 21 telnet 23 smtp 25 finger 79 http 80 nntp 119 Netprog 2002 TCP/IP 89

Requesting a TCP Connection • The HTTP client at argon. tcpip-lab. edu requests the TCP client to establish a connection to port 80 of the machine with address 128. 141. 71. 21 Netprog 2002 TCP/IP 90

Invoking the IP Protocol • The TCP client at Argon sends a request to establish a connection to port 80 at Neon • This is done by asking its local IP module to send an IP datagram to 128. 143. 71. 21 Netprog 2002 TCP/IP 91

Sending the IP datagram to an IP router • Argon (128. 143. 137. 144) can deliver the IP datagram directly to Neon (128. 143. 71. 21), only if it is on the same local network (“subnet”) • • But Argon and Neon are not on the same local network (Q: How does Argon know this? ) So, Argon sends the IP datagram to its default gateway The default gateway is an IP router The default gateway for Argon is Router 137. tcpip-lab. edu (128. 143. 137. 1). Netprog 2002 TCP/IP 92

The route from Argon to Neon • Note that the gateway has a different name for each of its interfaces. Netprog 2002 TCP/IP 93

Finding the MAC address of the gateway • • To send an IP datagram to Router 137, Argon puts the IP datagram in an Ethernet frame, and transmits the frame. However, Ethernet uses different addresses, so-called Media Access Control (MAC) addresses (also called: physical address, hardware address). Therefore, Argon must first translate the IP address 128. 143. 137. 1 into a MAC address. The translation of addressed is performed via the Address Resolution Protocol (ARP). Netprog 2002 TCP/IP 94

Address resolution with ARP Netprog 2002 TCP/IP 95

Invoking the device driver • The IP module at Argon, tells its Ethernet device driver to send an Ethernet frame to address 00: e 0: f 9: 23: a 8: 20 Netprog 2002 TCP/IP 96

Sending an Ethernet frame • The Ethernet device driver of Argon sends the • Ethernet frame to the Ethernet network interface card (NIC) The NIC sends the frame onto the wire Netprog 2002 TCP/IP 97

Forwarding the IP datagram • The IP router receives the Ethernet frame at interface • 128. 143. 137. 1, recovers the IP datagram and determines that the IP datagram should be forwarded to the interface with name 128. 143. 71. 1 The IP router determines that it can deliver the IP datagram directly Netprog 2002 TCP/IP 98

Another lookup of a MAC address • • The router needs to find the MAC address of Neon. Again, ARP is invoked, to translate the IP address of Neon (128. 143. 71. 21) into the MAC address of neon (00: 20: af: 03: 98: 28). Netprog 2002 TCP/IP 99

Invoking the device driver at the router • The IP protocol at Router 71, tells its Ethernet device driver to send an Ethernet frame to address 00: 20: af: 03: 98: 28 Netprog 2002 TCP/IP 100

Sending another Ethernet frame • The Ethernet device driver of Router 71 sends the Ethernet frame to the Ethernet NIC, which transmits the frame onto the wire. Netprog 2002 TCP/IP 101

Data has arrived at Neon • • Neon receives the Ethernet frame The payload of the Ethernet frame is an IP datagram which is passed to the IP protocol. The payload of the IP datagram is a TCP segment, which is passed to the TCP server Note: Since the TCP segment is a connection request (SYN), the TCP protocol does not pass data to the HTTP program for this packet. Instead, the TCP protocol at neon will respond with a SYN segment to Argon. Netprog 2002 TCP/IP 102

Wrapping-up the example • • • So far, Neon has only obtained a single packet Much more work is required to establish an actual TCP connection and the transfer of the HTTP Request The example was simplified in several ways: No transmission errors The route between Argon and Neon is short (only one IP router) Argon knew how to contact the DNS server (without routing or address resolution) …. • • Netprog 2002 TCP/IP 103

How many packets were really sent? tcpdump: listening on fxp 0 16: 54: 51. 340712 16: 54: 51. 341749 16: 54: 51. 342539 16: 54: 51. 343436 16: 54: 51. 344147 16: 54: 51. 345220 128. 143. 137. 144. 1555 > 128. 143. 137. 11. 53: 128. 143. 137. 11. 53 > 128. 143. 137. 144. 1555: 128. 143. 137. 144. 1556 > 128. 143. 137. 11. 53: 128. 143. 137. 11. 53 > 128. 143. 137. 144. 1556: 128. 143. 137. 144. 1557 > 128. 143. 137. 11. 53: 128. 143. 137. 11. 53 > 128. 143. 137. 144. 1557: 1+ A? neon. cs. (25) 1 NXDomain* 0/1/0 (98) (DF) 2+ (41) 2 NXDomain* 0/1/0 (109) (DF) 3+ (38) 3* 1/1/2 (122) (DF) 16: 54: 51. 350996 arp who-has 128. 143. 137. 1 tell 128. 143. 137. 144 16: 54: 51. 351614 arp reply 128. 143. 137. 1 is-at 0: e 0: f 9: 23: a 8: 20 16: 54: 51. 351712 128. 143. 137. 144. 1558 > 128. 143. 71. 21: S 607568: 607568(0) win 8192 <mss 1460> (DF) 16: 54: 51. 352895 128. 143. 71. 21. 80 > 128. 143. 137. 144. 1558: S 3964010655: 3964010655(0) ack 607569 win 17520 <mss 1460> (DF) 16: 54: 51. 353007 128. 143. 137. 144. 1558 > 128. 143. 71. 21. 80: . ack 1 win 8760 (DF) 16: 54: 51. 365603 128. 143. 71. 21. 80 > 128. 143. 137. 144. 1558: P 1: 60(59) ack 1 win 17520 (DF) [tos 0 x 10] 16: 54: 51. 507399 128. 143. 137. 144. 1558 > 128. 143. 71. 21. 80: . ack 60 win 8701 (DF) Netprog 2002 TCP/IP 104