Welcome to TCP/IP Part 5

Internet Control Message Protocol (ICMP) works at the Network Layer (Layer 3) and is used by Internet Protocol for several different purposes. ICMP is a managing protocol and messaging service provider for Internet Protocol.  The ICMP messages are carried as IP datagrams that afford a host’s capability to discover routes to gateways.  ICMP packets can provide hosts with information about network problems and are encapsulated within IP datagrams.

Destination Unreachable is where a router cannot send an IP datagram any further to its intended destination, it therefore uses ICMP to send a message back to the sender advising it that the destination Host is unreachable.

When Host A sends a packet whose destination is Host B, the Lab_B router is what sends and ICMP destination unreachable message back to the sending device, or Host A.


Buffer Full is the message sent out to the sending Host by using ICMP and will continue to do so until the congestion has subsided.


Hops is the number of routers and IP datagram is permitted to travel, or pass through, if it reaches its limit before arriving at its destination Host the last router to receive that datagram then deletes or drops it.  That router will then use ICMP to send a message back to the sending Host of the loss of the datagram due to the maximum number of hops.


Ping (Packet Internet Groper) uses ICMP echo requests and reply messages to check both the physical and logical connectivity of a Host to a network, or internetwork. 


Traceroute uses ICMP time-outs and is used to discover the path a packet as it travels through an internetwork.


Perhaps it would be good to see the routing of a packet, please click on the URL below the ICMP packet figure.



ICMP in Action shows how the dropped packet will be handled.  Server 1 ( Telnets to a Host ( using the DOS prompt.  The packet will be sent to the default gateway, since the Server (1) has no knowledge as to where is located.  The default gateway will drop the packet because there is no listing of in the routing table of the router.  After dropping the packet, the router will send an ICMP packet to Server 1 stating that the destination is unreachable.

See also: Part 1, Part 2, Part 3, Part 4, Part 5


Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.



Welcome to TCP/IP Part 4

Key Concepts of Host-to-Host Protocols have been reviewed in our last part, but like me some of you may be more visually oriented, so here you are:

…and just one more for you…

Now, Port Numbers are of great importance for both understanding and troubleshooting purposes.  You can find lists of Port Numbers for various applications, but for the CCENT/CCNA study purposes what follows should be sufficient.

Below is a rather extensive listing, but not all-inclusive, for the TCP/UDP Port Numbers.  It will be helpful in the big picture, but the above picture views will be more than sufficient for anyone testing out.

port / protocol service name common UNIX daemon(s) additional remarks
20/tcp and 21/tcp ftp (file transfer protocol) data and login control in.ftpd,wu.ftpd,proftpd; launched by inetd obsolete:insecure, because unencrypted and difficult to harden service, please use sshd and scp or sftp instead (see below)
22/tcp ssh (Secure SHell) sshd secure, because fully encrypted remote login (ssh) and copy (scp and sftp) service, please use exclusively this full substitute instead of the obsolete ftp, telnet, rlogin, rsh, rcp and so on!
23/tcp telnet (remote login) in.telnetd, launched by inetd obsolete: unencrypted login, use sshd and ssh instead, see above
25/tcp smtp (simple mail transfer protocol) sendmail, postfix, qmail, etc. standard mail protocol since 30 years, only way to communicate world wide with messages without http measures, for your privacy you need to encrypt mails preferably with the free PGP (pretty good privacy)
53/udp and 53/tcp DNS (domain name system) bind (Berkeley Internet Name Domain) the name service of the Internet, used by http, smtp and all others to resolve symbolic names into the IP layer addresses, name resolution is done via udp, zone transfers between several name servers via tcp
80/tcp http (Hyper Text Transfer Protocol) = www (World Wide Web) httpd (= apache, A PAtCHy [web] sErver) the Internet/web service, unencrypted port (see below, 443, for encrypted counterpart) for standard data transfer from web servers to user agents (browsers, robots, download tools)
88/tcp kerberos krshd high security special purpose protocol with ticket system and so on
110/tcp pop3 (Post Office Protocol version 3) popper, launched by inetd post retrieval service of storing mail servers with encryption possibilities
111/udp (sun)rpc (remote procedure call) rpc.statd, rpc.rusersd,rpc.walld insecure remote calls of special information services
119/tcp nntp (Network News Transfer Protocol) leafnode the internet news server query service
123/udp ntp (Network Time Protocol) (x)ntpd modern world wide time service for synchronisation with nuclear clock driven time standard
137/udp netbios-ns (NETBIOS Name Service) nmbd special name service for a still too widespread proprietary OS and its SMB (Server Message Block) system, needed in union with the following service
139/tcp netbios-ssn (NETBIOS Session Service Network) smbd (Samba daemon) special session service for that proprietary OS and its SMB (Server Message Block) system, works together with immediately above service
143/tcp imap2 (Internet Message Access Protocol version 2) imapd (Interactive Mail Access Protocol Daemon), launched by inetd rather insecure and therefore only locally suitable mail retrieval service, for non-local purposes prefer pop3 (see above)
161/tcp snmp (Simple Network Management Protocol) snmpd base of communication between very different technical units (not only computers), they have to share the network capability and these protocol rules only: CAUTION: very insecure (no limiting of allowed requesting IP addresses possible)
194/tcp irc (Internet Relay Chat) ircd the Internet chat service
220/tcp imap3 (Interactive Mail Access Protocol version 3) imapd modern mail retrieval service, successor of imap2 (see above), but still pop3 may the better alternative (see above too)
389/tcp ldap (Lightweight Directory Access Protocol) ldapd network distributed, domain organized directory service, connection part, see also immediately below
389/udp ldap (Lightweight Directory Access Protocol) slapd (Standalone Lightweight Access Protocol Daemon network distributed, domain organized directory service, listener/contoller part, see also immediately above
443/tcp https (HyperText Transfer Protocol Secure) httpd (= apache) encrypted (via TLS/SSL) counterpart to above http/80 entry, the only acceptable way, to do online credit card transactions
514/udp system log listener syslogd always active to log other hosts informations, because otherwise the daemon won’t start
515/tcp print spooler lpd (Line Printer Daemon) network printer queue
554/tcp rtsp (Real Time Stream Protocol) rsvpd (Resource reSerVations Protocol Daemon) used by Real Media for video and audio streaming
631/tcp ipp (Internet Printing Protocol) cupsd — CUPS (Common Unix Printing System) Daemon unencrypted port for (local) printer access via browser and CUPS client
744/udp flexlm (FLEXible License Manager) lmgrd (License ManaGeR Daemon) network bound license evaluation system
901/tcp swat (Samba Web Administration Tool) swat, launched by inetd browser/web bound Samba administration (see above, 137/nmbd and 139/smbd), use with care: it’s not encrypted without additional measures
993/tcp imaps (Interactive Mail Access Protocol Secure version 4) imapd, launched by inetd TLS/SSL encrypted mail retrieval system (see also imap above)
994/tcp ircs (Internet Relay Chat Secure) ircd the Internet chat system TLS/SSL encrypted, see also irc above
995/tcp pop3s (Post Office Protocol Secure version 3) popper, launched by inetd TLS/SSL encrypted mail retrieval system (see also pop3 above)
2049/tcp NFS (Network File System by Sun) nfsd, rpc.nfsd, needs (sun)rpc and portmap too network sharing of filesystems, only suitable for local networks
2049/udp NFS (Network File System by Sun) rpc.mountd needs (sun)rpc and portmap too network sharing of filesystems, only suitable for local networks
2401/tcp cvspserver (Concurrent Version System Password server) cvs, launched by inetd (alternatively by sshd, see above) RCS (revision control system) based network version control, suitable even for Internet cooperation, but than usage via ssh (see above) is recommended, because this pserver protocol does only a not really secure scrambling of passwords (only suitable for anonymous checkout otherwise)
6000/tcp (–6063/tcp) x11 X (X window system server) standard GUI base server of the X/Open Group, the ports above 6000 up to 6063 are addressed via display (variable: upper case) setting to 1, 2 and so on, instead of 0, for the ports 6001, 6002 and so on instead of 6000 (display number part 1 = port offset)
8080/tcp http-alt (alternative http) httpd (= apache) see http above: usually privately=non-public used http port

Important TCP/UDP Port Numbers

Port 21 –> TCP –> FTP (File Transfer Protocol)
Port 22 –> TCP/UDP –> SSH (ssh,scp copy or sftp)
Port 23 –> TCP/UDP –> Telnet
Port 25 –> TCP/UDP –> SMTP (for sending outgoing emails)
Port 43 –> TCP –> WHOIS function
Port 53 –> TCP/UDP –> DNS Server (DNS lookup uses UDP and Zone transfers use TCP)
Port 70 –> TCP –> Gopher Protocol
Port 79 –> TCP –> Finger protocol
Port 110 –> TCP –> POP3 (for receiving email)
Port 119 –> TCP –> NNTP (Network News Transfer Protocol)
Port 143 –> TCP/UDP –> IMAP4 Protocol (for email service)
Port 194 –> TCP –> IRC
Port 389 –> TCP/UDP –> LDAP (light weight directory access)
Port 443 –> TCP –> Secure HTTP over SSL (https)
Port 465 –> TCP –> Secure SMTP (email) using SSL
Port 990 –> TCP/UDP –> Secure FTP using SSL
Port 993 –> TCP –> Secure IMAP protocol over SSL (for emails)
Port 1433 –> TCP/UDP –> Microsoft SQL server port
Port 2082 –> TCP –> CPanel default port
Port 2083 –> TCP –> CPanel over SSL
Port 2086 –> TCP –> CPanel Webhost Manager (default)
Port 2087 –> TCP –> CPanel Webhost Manager (with https)
Port 2095 –> TCP –> CPanel Webmail
Port 2096 –> TCP –> Cpanel secure webmail over SSL
Port 2222 –> TCP –> DirectAdmin Server Control Panel
Port 3306 –> TCP/UDP –> MySQL Database Server
Port 4643 –> TCP –> Virtuosso Power Panel
Port 5432 –> TCP –> PostgreSQL Database Server
Port 8080 –> TCP –> HTTP port (alternative one for port 80)
Port 8087 –> TCP –> Plesk Control Panel Port (default)
Port 8443 –> TCP –> Plesk Server Control Panel over SSL
Port 9999 –> TCP –> Urchin Web Analytics
Port 10000 –> TCP –> Webmin Server Control Panel
Port 19638 –> TCP –> Ensim Server Control Panel

Each and every listing of Port Numbers is in-fact, an important list to someone in some fashion or form.  The reason being is that each list has some meaning for all of the applications that someone is dealing with in the specific system infrastructure that they have to work with.  So, do not limit yourself by having just one list at your fingertips.  It will be helpful to have many and use your search engine to your benefit!

See also: Part 1, Part 2, Part 3, Part 4

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.



Welcome to TCP/IP Part 3

Host-to-Host Layer Protocols essentially shields the upper layer applications from the complex inner workings of the network.  This layer takes the data from the application layer along with any specific instructions and prepares the information to be sent.  There are two protocols at this layer:  Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

Transmission Control Protocol (TCP) is a connection-oriented protocol that takes large blocks of data from an application and breaks it into segments.  Each segment is numbered and sequenced so that the destination TCP stack can reorder and properly sequence the information as was intended by the application layer.  After the segments are sent, TCP (on the sending side) awaits acknowledgement by the receiving end within the TCP virtual circuit session, and any segments not acknowledged will be retransmitted.

User Datagram Protocol (UDP) is essentially the scaled down version of TCP, also known as the thin protocol.  Unlike TCP, UDP does not include all of the bells and whistles; there is no sequencing, no acknowledgement, etc. The purpose is to send the data out and not worry about it.  With TCP there is the necessity for sequencing and acknowledgement because everything is necessary for the data to be complete; on the other hand, with UDP, such as a phone call, not all of the data is necessary for you to understand the message being transmitted.

The information may sound jittery and chunky but it is understandable in the long run.  UDP is classified as a connectionless protocol.

One important thing you need to keep in mind is the ability to differentiate between the two models.

See also: Part 1, Part 2, Part 3

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1 640-822. Indianapolis, IN: Cisco Press.

Odom, W. (2011). Official Cert Guide ICND2 640-816. Indianapolis, IN: Cisco Press.

Welcome to TCP/IP Part 2


(Please note the differences between the OSI & the TCP/IP Reference Models.   will try to maintain certain understanding, as well as reference.)

As mentioned before the Application Layer is where the user has a direct connection to the computer by inputting data, or making requests.  This layer is also responsible for resolving the availability of communication and sufficiency of resources for data input.  The protocols associated with this layer are HTTP, FTP, and SMTP.

HTTP began as an extremely basic protocol, which permitted a client to send a simple request and to receive the hypertext file from the server. As the web has grown so has the complexity of the request, but the simplistic job of http has truly stayed the same.

In this segment we will discuss the Application layer protocols, which are: Telnet, FTP, TFTP, NFS, SMTP, LPD, X-Window, SNMP, DNS, and DHCP/BootP.  Each protocol has a different function and is used in different ways.  So, let us start…

Telnet:  This is represented as the chameleon of protocols, because its specialty is terminal emulation.  It allows a user on a remote client computer, etc., also called the Telnet client, to access the resources of another machine, the Telnet server.  It does so by creating the illusion that the Telnet server is connected to a valid Telnet client machine, but is virtual in nature.  It is able to execute and determine system statuses as well as being the causation of procedural execution.

FTP:  File Transfer Protocol is the protocol responsible for allowing us to transfer files…really big surprise, eh?  FTP is both a protocol and a program.  As a protocol it is used by applications; as a program it is used by operators to perform file tasks manually.  It teams up with Telnet to permit logging in to the FTP server and then provides for file transferring.

TFTP:  Trivial File Transfer Protocol is a stripped down, no bells, and no whistles version of FTP.  If you know exactly what you want, where it is, this is what you want.  It is fast and because it is stripped down it does not have an abundance of functions to bog it down.

NFS:  Network File System is a protocol that specializes in file sharing, allowing two different types of files to interoperate. It permits and allocates RAM on the server to transparently store another operating system based application so that it may run along side of the operating system of the server itself. (i.e., Server runs NT, Win2003, etc, will allow a portion of the RAM to store and run an application which is Unix or Linux based.)

SMTP:  Simple Mail Transfer Protocol is another tough one to figure out…it aids us in our desire to stay in touch with others through email by using a spooled or queued method of mail delivery.  SMTP is used to send email and POP3 is used for receiving email.

LPD:  Line Printer Daemon protocol is used for…printer sharing.  LPD along with the Line Printer (LPR) program allows jobs to be spooled and sent to the network’s printers using TCP/IP.

X-Window:  This is designed for client/server operations; X Window defines a protocol for writing client/server applications based on a graphical user interface (GUI).  The purpose is to run a program (a client) run on one computer and permit it to be displayed through a window server on another computer.

SNMP:  Simple Network Management Protocol collects and manipulates data.  The data manipulated is valuable network information.  Data is gathered by polling devices on the network from a management station at designated intervals, which requires those devices to disclose certain information.  SNMP receives what is called a “baseline” which is a report that delimits the operations of a healthy or unhealthy network.  This protocol can be a watchdog over the network by advising of any sudden events.

DNS:  Domain Name Service resolves “hostnames”, such as www.google.com, www.yahoo.com, etc., to an internet provider (IP) address, such as  If you type in an IP address DNS is not being used, because the software knows what to do with it and how to use it.  DNS simply makes our lives easier as users so we are not required to type in IP addresses for any specific thing we desire.

DHCP/BootP:  Dynamic Host Configuration Protocol assigns IP addresses to hosts.  It creates an easier environment for both small and very large scale networks administratively.  All types of hardware can be used as a DHCP server; most home networks use their router as a DHCP server.  The difference between DHCP and BootP is that with BootP the addresses must be manually keyed in to the BootP table.  The DHCP server can provide this information:

  • IP address
  • Subnet mask
  • Domain Name
  • Default gateway routes
  • DNS
  • WINS information.

See also: Part 1, Part 2, Part 3

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1. Indianapolis: Cisco Press.



Welcome to TCP/IP Part 1

In Part 4 and Part 5 of the Internetworking series we brushed on the TCP/IP, DoD, and OSI Models that are used within internetworking communications, before going any further it would be wise to touch base on these subjects again and then carry on with the TCP/IP in more depth.

Internetworking Part 4

Now is a good time to introduce the networking reference models that permit the communications within our internetworking up through the previous sessions (Part 3).

In the beginning, most computers were only able to communicate with other computers from the same manufacturer.  In the 1970s the Open Systems Interconnection (OSI) reference model was created to overcome these communications problems.  There are other models  in use such as the DoD Reference and the Cisco Hierarchical Models, which we will discuss.

First, the OSI Model.  This is a reference model, or set of guidelines, that application developers can use in the creation and implementation of applications that run on a network, which provides a  framework within which network standards can be managed.

The OSI model has 7 distinct layers, which are divided in to two groups. The upper group (top 3 layers) define how the end-to-end host applications will communicate with each other.  The bottom group (bottom 4 layers)  define how the data is to be handles and transmitted between the hosts, end-to-end.  The top group are the Application, Presentation, and Session layers; the bottom group  The following operate at all seven layers of the OSI model:  Network management stations (NMSs); web and application servers; gateways (not default gateways); and network hosts.

The upper layers:  Application layer, Presentation layer, and the Session layer furnishes a user interface, “presents” data to the application layer, and maintains data separation between different applications.

The Application Layer:  This is where you (the user) has a direct connection to the computer by inputting data, or making requests.  This layer is also responsible for resolving the availability of communication and sufficiency of resources for data input.  The protocols associated with this layer are HTTP, FTP, and SMTP.

The Presentation Layer:  As mentioned before, this layer “presents” the data to the Application layer, which is where its name originates.  It is also in control of the data translation, code formatting and conversion functions (i.e., receives generically formatted data and converst it to its original format).  The protocols associated with this layer are ASCII, EBCDIC, JPEG, GIF, and MPEG.

The Session Layer:  This layer’s operation is to create, organize, and disassemble between Presentation layer components.  In essence, this layer can open many “seesions” and will keep all of those “sessions” and their respective data separate.

Internetworking Part 5

The lower layers, or the Transport Set, are for the transportation of the segments, packets, frames, and bits.

Transport Layer (Layer 4) provides for reliable or unreliable delivery and performs error correction before retransmit.  This layer segments and reassembles data into data stream by providing end-to-end  data transport service which creates a logical connection between the sending and destination hosts.

Network Layer (Layer 3) provides for logical addressing, which the routers use for path determination.  This layer manages device addressing, tracks the location of devices on the internetwork, and determines the best path available.

Data Link Layer (Layer 2) combines packets into bytes and bytes into frames, provides access to media using MAC address, performs error detection – not correction.  This layer provides for the transmission of data and handles error notification, topology of the network, and flow control.

Physical Layer (Layer 1) moves the bits between devices, specifies wire speed, voltage, and the pin-out of cable.  Sends and receives bits, some use tones, and others can use variations of voltage or signals

Data integrity is maintained through flow control whose purpose is to govern the amount of data sent by the sender.

Connection-Oriented Communication is where the transmitting device first creates a session with its peer system through a call setup, or three-way handshake.  The three-way handshake is a series of synchronization, negotiation, synchronization, acknowledgement, connection, and finally data transfer.


See also: Part 1, Part 2, Part 3

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.

Odom, W. (2012). Official Cert Guide ICND1. Indianapolis: Cisco Press.

Internetworking Part 10

Cisco Three-Layer Hierarchical Model

This is the last part of the Internetworking series and we will move on to another area of Cisco CCENT/CCNA Certification.

We have been exposed to hierarchies all throughout our lives.  Hierarchies work within the human race as well as the electronic and computer fields…this is just how everything seems to work, meaning through a set and organized fashion.  Well, not so much with the human race, but you get the idea.

There are three layers to the Cisco Hierarchical Model, which essentially equates to a pyramid:

  • The core layer: backbone
  • The distribution layer: routing
  • The access layer: switching

Each layer has specific duties and responsibilities.

  1. The Core Layer, or the backbone, is truly the core of the network itself because it is responsible for the transporting of large amounts of traffic and must do it both reliably and quickly.  If there is a failure at the core, then potentially every user may be affected.  So, latency and and speed are a big concern to keep in mind.
  2. The Distribution Layer also referred to as the workgroup which provides routing.  This is the layer where all user data is processed which forwards requests if necessary.  The main function is to provide routing, filtering, WAN access and to determine how packets will access the core, if necessary.
  3. The Access Layer and is sometimes referred to as the desktop layer.  The network resources most users need will be available local to this layer.  Some functions are as follows:
  • Use of access control and policies, which are a continuation from the distribution layer
  • Segmentation or the creation of separate collision domains
  • Workgroup connectivity via the distribution layer

Though, I have not seen any reference to this 3 layer hierarchical model, as it is more than likely Cisco proprietary – because it is a Cisco test, it is testable.  But my personal & non-professional, opinion is that you will not see much of this outside of an all Cisco system.

See also: Part 1, Part 2, Part 3, Part 4, Part 5, Part 6, Part 7, Part 8, Part 9

Works Cited

Lammle, T. (2007). CCNA Cisco Certified Network Associate Study Guide. Indianapolis: Wiley Publishing, Inc.


CCENT/CCNA Certification


Well, I have decided to follow a different path in preparing for the CCNA.  As I have already obtained my CCENT Certification using the Todd Lammle book for the single test CCNA 640-802, without too much difficulty…other than my own foolishness, etc…but I thought I would try the Wendell Odom books through Ciscopress, Official Cert Guides CCNA1 and CCNA2 (640-822 and 640-816 test).  Both authors are CCIEs and are very well qualified for the task.  But each test is structured differently; in-fact, there are certain things that are not on the single test method and are on the dual test method – which for a person such as myself could be an advantage by being introduced to those few items of study.  I have read both good and bad things about the books, but who is ever really a good critic.  Especially when you buy a book, as many of us do, and we mistakenly believe the knowledge will somehow magically be imparted upon us.  So, I will give it a try.  I have not made it past the first chapter yet, but I do like it’s layout so far.  Of course, it does help to skim through the book initially.  I felt it was a nominal investment in my future.

Network VisualizerUp until now, I have used a lab simulator program to play with the many interconnections between the Cisco Routers and Switches.




However, I thought it would be better to have a physical connection to the hardware by obtaining a Cisco CCNA Certification LabI felt it would be better, for me, to have hands on.  Sometimes I just don’t “get it” because I have no connection to what is actually going on.  That is probably one of my biggest problems.  Unlike the books, this will be a rather hefty investment, with a wide range of costs and options; ranging from $199-$1400+.