Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | IP, ICMP, UDP, TCP, (and Pings and Tracerts)

You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Internet Discussion

IP, ICMP, UDP, TCP, (and Pings and Tracerts)
Reply
 
Thread Tools
Old 26-03-2004, 04:39   #1
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,612
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
IP, ICMP, UDP, TCP, (and Pings and Tracerts)

What are they all and how do they fit together ? - Well here is a simple (I hope ) guide - even so - this is still quite a long post - you may want to read it in sections.

All of this is also a simplified view - the reality is a bit more complicated so no moaning by the techies please. :pp

#

Ok, to get information over the a network from 'A' to 'B' you need some sort of transmission methods and protocols (and a connection of course).

For the purposes of this guide I will consider a simple ethernet based network with one router connecting two networks, Clients 'A' & 'B' are connected together in Network 1 and Servers 'C' & 'D' the same in Network 2. Networks 1 & 2 are each connected to a Port on Router 'E' ('E1' & 'E2') - and each Client & Server has a single Network Card (NIC).


MAC ;

The first thing is to get the NIC's and Ports on a Network to talk to each other - for this to happen, each one has an address assigned to it (known as a MAC address) - these are unique in the world (supposedly).

'A' can then talk to 'B' or 'E1' by addressing a packet of information to the destination MAC address and sending it on the local network, this packet will reach both 'B' & 'E1' but only the correct one will recognise itself as the recepient and process the packet. Each of the three ports can talk to each other in this manner by sending a packet on the network knowiing that it will reach all the other ports and be processed by the correct one. In the same way, 'C', 'D' and 'E2' can talk to each other on Network 2.

Now, the next question is how does 'A' or 'B' talk to 'C' or 'D'. One way would be for the router to pass everything it sees on network 1 (via 'E1') onto network 2 (via 'E2') and vice versa. This would work - but would soon become a problem as the two networks got bigger or more networks were added.


IP ;

So the next step up is IP (Internet Protocol). Each port is assigned a unique IP address in the form of x.x.x.x where x = 1 to 255 - each is also given a Subnet Mask which is used to tell the port what other IP addresses are local to it and which are on remote networks - For example 'A' would be 192.168.0.1 with a mask of 255.255.255.0 - this means that any other address starting 192.168.0.x is local - if the mask was 255.255.0.0 then anything in 192.168.x.x would be local.

In our network 'A' = 192.168.0.1, 'B' = 192.168.0.2, 'E1' = 192.168.0.3, 'C' = 192.168.1.1, 'D' = 192.168.1.2 & 'E2' = 192.168.1.3 - All with 255.255.255.0 as their mask.

If 'A' wants to send to 'B' - it knows that 'B' is local from its IP/Mask combination so it just needs to find the correct MAC address to send the data - to do this it sends a packet to all the ports on its local network basically saying "who is 192.168.0.2 ?". 'B' will respond to this saying "I am - here is my MAC address". 'A' then sends the IP packet to 'B'.

If 'A' wants to send to 'C' (192.168.1.1) - something different happens. 'A' knows that 'C' is on another network from its IP/Mask combination, so it needs to send the data to Network 2. To do this it relies on the Router 'E'. 'A' (and all the others) have a "Default Gateway" set - which is actually the IP address of the router port on the local Network 1 (i.e. 'E1' in this case). Any data that is not for another IP address on the local network is sent to the default gateway instead.

When the router receives the packet it looks up the destination IP address in its "routing table" to see if it has any information on where that IP address might be.
This table will tell it that any 192.168.1.x IP's are on network 2 and this is connected to it's port 'E2'. The router obtains the MAC address of 'C' via port 'E2' (as above) and sends the data on its way to 'C'.

This IP system now gives us the ability to connect many networks together via a router and not flood them all with each others packets of data. However this is still not perfect as there is little control over packets and no provision for the fact that data could arrive in a different order to what it was sent - or indeed just get lost.

So IP is used as the method of carrying many other protocols such as TCP, UDP, ICMP and many other less well known ones - some of these can handle things like lost or mis-ordered data packets.


ICMP;

ICMP is used by IP to send control and state messages - for instance if the router does not know where to send an IP packet because it has no information for it [in its routing table] then it can send an ICMP packet back to the source IP to say "No route found".

Ping uses ICMP - if 'A' pings 'B' then what happens is 'A' sends an ICMP "Echo Request" to 'B', when it receives this, 'B' sends an "Echo Reply" back to 'A'. (just like someone playing Ping Pong ).

Tracert also uses some [more complex] ICMP features to trace the route a packet takes through routers. It uses a feature of each IP packet called the TTL (time to live).
Every IP packet sent has a TTL set and each time it passes through a router, that TTL is decreased by one. If it reaches zero then the packet is dropped and an ICMP "Timeout exceeded" message sent back to the source.

So if you sent a packet with a TTL of 1, it will be dropped at the first router and a message sent back, if you send it with a TTL of 2 then the second router will do the same. So by sending a stream of packets, each with a TTL one higher, and collecting the timeout replies, you can trace your route.


UDP;

UDP is a simple protocol that uses IP. UDP uses the concept of ports to sub divide an IP address, thus allowing multiple systems to send data to a single IP without them intefering with each other. e.g. one application can listen for data on Port 53 while another listens on Port 139.
Both are on the same IP address but can receive data independantly - using the port number to differentiate (a bit like the houses in a street all having different numbers).

UDP is known as connectionless as it does not try and establish a link with the address it is sending data to - it just sends the packets in the hope that they will arrive at the far end (and the order they arrive can vary).


TCP;

TCP is another protocol that uses IP and the concept of ports. TCP is in fact the most common protocol used on the "internet" - most application protocols (such as HTTP, FTP, SMTP, POP3 etc) use it, and most also have a common TCP port number associated with them as well.

TCP is a connection protocol - this means it establishes a link between the two points of communication and does regular checking to make sure all data sent has arrived and it in the correct order. Basically when point A wants to set up a connection to point B, the following happens;

'A' sends a tcp syncronise (SYN) request to 'B' - 'B' receives this and either acepts or rejects it. If 'B' wants to reject the request it sends a reset (RST) back to 'A', and 'A' gives up.

If 'B' is going to accept the connection it sends an acknowledgement (ACK) and it's own SYN request back to 'A' (They are combined into one reply packet. 'A' then sends an ACK back to B and the connection is established.

'A' or 'B' can then send data to each other over this "connection".


The most common TCP/UDP port numbers in use are;

20 FTP (data)
21 FTP (Control)
22 SSH
23 TELNET
25 SMTP
37 TIME SYNC
43 WHOIS
53 DNS
67 DHCP
68 DHCP
69 TFTP
70 GOPHER
80 HTTP
110 POP3
111 SUN RPC
113 IDENTITY
119 NNTP
123 NTP
135 WINDOWS RPC
137 NETBIOS
138 NETBIOS
139 NETBIOS
143 IMAP4
389 LDAP
443 HTTPS (secure https)
445 WINDOWS SMB
563 NNTPS (secure nntp)
636 LDAPS (secure ldap)
989 FTPS (secure ftp Data)
990 FTPS (secure ftp Control)
992 TELNETS (secure telnet)
993 IMAP4S (secure imap4)
995 POP3S (secure pop3)



Thats all folks - if any of you are still awake
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Advertisement
Old 26-03-2004, 08:57   #2
KingPhoenix
Inactive
 
KingPhoenix's Avatar
 
Join Date: Jun 2003
Location: On top of this heat sink
Age: 44
Services: Sky+ & 8mb ADSL + BT Together option 3
Posts: 2,345
KingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze array
KingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze array
Send a message via MSN to KingPhoenix
Re: IP, ICMP, UDP, TCP, (and Pings and Tracerts)

No intention of hi-jacking here, just some more info


A full list of ports that i have managed to collate from various sources and forums

Code:
0
1 tcpmux
3
4
5 rje
7 echo
9 discard
11 systat
13 daytime
15 netstat
17 qotd
18 send/rwp
19 chargen
20 ftp-data
21 ftp
22 ssh, pcAnywhere , SFTP
23 Telnet
25 SMTP
27 ETRN
29 msg-icp
31 msg-auth
33 dsp
37 time
38 RAP
39 rlp
40
41
42 nameserv, WINS
43 whois, nickname
49 TACACS, Login Host Protocol
50 RMCP, re-mail-ck
53 DNS
57 MTP
59 NFILE
63 whois++
66 sql*net
67 bootps
68 bootpd/dhcp
69 Trivial File Transfer Protocol (tftp)
70 Gopher
79 finger
80 www-http
81 siteadmin on RAQ4
87
88 Kerberos, WWW
95 supdup
96 DIXIE
98 linuxconf
101 HOSTNAME
102 ISO, X.400, ITOT
105 cso
106 poppassd
109 POP2
110 POP3
111 Sun RPC Portmapper
113 identd/auth
115 sftp
116
117 uucp
118
119 NNTP
120 CFDP
123 NTP
124 SecureID
129 PWDGEN
133 statsrv
135 loc-srv/epmap
137 netbios-ns
138 netbios-dgm (UDP)
139 NetBIOS
143 IMAP
144 NewS
150
152 BFTP
153 SGMP
156
161 SNMP
175 vmnet
177 XDMCP
178 NextStep Window Server
179 BGP
180 SLmail admin
199 smux
210 Z39.50
213
218 MPP
220 IMAP3
256
257
258
259 ESRO
264 FW1_topo
311 Apple WebAdmin
350 MATIP type A
351 MATIP type B
360
363 RSVP tunnel
366 ODMR (On-Demand Mail Relay)
371
387 AURP (AppleTalk Update-Based Routing Protocol)
389 LDAP
407 Timbuktu
427
434 Mobile IP
443 ssl
444 snpp, Simple Network Paging Protocol, RAQ550
445 SMB
458 QuickTime TV/Conferencing
465 smtps
468 Photuris
475
500 ISAKMP, pluto
511
512 biff, rexec
513 who, rlogin
514 syslog, rsh
515 lp, lpr, line printer
517 talk
520 RIP (Routing Information Protocol)
521 RIPng
522 ULS
531 IRC
543 KLogin, AppleShare over IP
545 QuickTime
548 AFP
554 Real Time Streaming Protocol
555 phAse Zero
563 NNTP over SSL
575 VEMMI
581 Bundle Discovery Protocol
593 MS-RPC
608 SIFT/UFT
626 Apple ASIA
631 IPP (Internet Printing Protocol)
635 mountd
636 sldap
642 EMSD
648 RRP (NSI Registry Registrar Protocol)
655 tinc
660 Apple MacOS Server Admin
666 Doom
674 ACAP
687 AppleShare IP Registry
700 buddyphone
705 AgentX for SNMP
901 swat, realsecure
993 s-imap
995 s-pop
999 Urchin
1024
1025
1050
1062 Veracity
1080 SOCKS
1085 WebObjects
1100
1105
1114
1227 DNS2Go
1234
1243 SubSeven
1338 Millennium Worm
1352 Lotus Notes
1381 Apple Network License Manager
1417 Timbuktu
1418 Timbuktu
1419 Timbuktu
1420
1433 Microsoft SQL Server
1434 Microsoft SQL Monitor
1477
1478
1490
1494 Citrix ICA Protocol
1498
1500
1503 T.120
1521 Oracle SQL
1522
1524
1525 prospero
1526 prospero
1527 tlisrv
1529
1547
1604 Citrix ICA, MS Terminal Server
1645 RADIUS Authentication
1646 RADIUS Accounting
1680 Carbon Copy
1701 L2TP/LSF
1717 Convoy
1720 H.323/Q.931
1723 PPTP control port
1731
1755 Windows Media .asf
1758 TFTP multicast
1761
1762
1808
1812 RADIUS server
1813 RADIUS accounting
1818 ETFTP
1968
1973 DLSw DCAP/DRAP
1975
1978
1979
1985 HSRP
1999 Cisco AUTH
2000
2001 glimpse
2005
2010
2023
2048
2049 NFS
2064 distributed.net
2065 DLSw
2066 DLSw
2080
2082 CPANEL - USER Control Panel - unsecure
2083 CPANEL - USER Control Panel - Secure
2086 CPANEL - WEBHOST / WHM - unsecure
2087 CPANEL - WEBHOST / WHM - Secure
2095 (cpanel webmail) - unsecure
2096 (cpanel webmail) - secure
2106 MZAP
2140 DeepThroat
2222 DirectAdmin
2300 MSflightsim2002
2301 Compaq Insight Management Web Agents
2327 Netscape Conference
2336 Apple UG Control
2345
2400 MSflightsim2002
2427 MGCP gateway
2504 WLBS
2535 MADCAP
2543 sip
2565
2592 netrek
2727 MGCP call agent
2766
2628 DICT
2998 ISS Real Secure Console Service Port
3000 Firstclass
3001
3031 Apple AgentVU
3052
3128 squid
3130 ICP
3150 DeepThroat
3264 ccmail
3283 Apple NetAssitant
3288 COPS
3305 ODETTE
3306 mySQL
3352
3389 RDP Protocol (Terminal Server)
3520
3521 netrek
3782 Roger Wilco
3879
4000 icq, command-n-conquer
4045
4144
4242
4321 rwhois
4333 mSQL
4444
47017
4827 HTCP
5000
5001
5002
5004 RTP
5005 RTP
5010 Yahoo! Messenger
5050
5060 SIP
5135
5150
5190 AIM
5222
5353
5400
5500 securid
5501 securidprop
5300
5423 Apple VirtualUser
5432 PostGres
5555
5556
5631 PCAnywhere data
5632 PCAnywhere
5678
5800 VNC
5801 VNC
5900 VNC
5901 VNC
5843
6000 X Windows
6112 BattleNet
6050
6073 directplay8
6499
6500
6502 Netscape Conference
6547
6548
6549
6666
6667 IRC
6670 VocalTec Internet Phone, DeepThroat
6699 napster
6776 Sub7
6968
6969
6970 RTP
6971
7000
7007 MSBD, Windows Media encoder
7070 RealServer/QuickTime
7161
7323
7777
7778 Unreal
7640
7648 CU-SeeMe
7649 CU-SeeMe
7654
7786 MiniVend
8000
8002
8010 WinGate 2.1
8080 HTTP
8100
8181 HTTP
8383 IMail WWW
8443 Plesk
8765
8875 napster
8888 napster
8890
9000
9090
9200
9704
9669
9876
9989
10000 Webmin
10008 cheese worm
10752
12345
11371 PGP 5 Keyserver
12346
13000
13223 PowWow
13224 PowWow
14000
14237 Palm
14238 Palm
14690
16969
18888 LiquidAudio
19638 ensim
21157 Activision
22555
22703
22793
23213 PowWow
23214 PowWow
23456 EvilFTP
26000 Quake
27000
27001 QuakeWorld
27010 Half-Life
27015 Half-Life
27374
27444
27665
27910
27960 QuakeIII
28000
28001
28002
28003
28004
28005
28006
28007
28008
30029 AOL Admin
30100
30101
30102
30103
30303
30464
31335
31337 Back Orifice
32000
32771
32777 rpc.walld
34555
40193 Novell
41524 arcserve discovery
45000 Cisco NetRanger postofficed
47624 directplaysrvr
50505
52901
54321
61000
65301
Multicast hidden
ICMP Type hidden
9998
32773 rpc.ttdbserverd
32776 rpc.spray
32779 rpc.cmsd
38036 timestep
KingPhoenix is offline   Reply With Quote
Old 26-03-2004, 10:07   #3
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,612
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: IP, ICMP, UDP, TCP, (and Pings and Tracerts)

LOL, I have a much longer list than this - I just didn't want to make one post that covered 6 pages
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 26-03-2004, 11:15   #4
KingPhoenix
Inactive
 
KingPhoenix's Avatar
 
Join Date: Jun 2003
Location: On top of this heat sink
Age: 44
Services: Sky+ & 8mb ADSL + BT Together option 3
Posts: 2,345
KingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze array
KingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze arrayKingPhoenix has a bronze array
Send a message via MSN to KingPhoenix
Re: IP, ICMP, UDP, TCP, (and Pings and Tracerts)

Quote:
Originally Posted by pem
LOL, I have a much longer list than this - I just didn't want to make one post that covered 6 pages

Could you email it to me ???? i could do with as much port info as poss (helps determining attacks and requests etc. in the logs )

adam[at]i-websolutions.co.uk

Thanks

KP
KingPhoenix is offline   Reply With Quote
Old 26-03-2004, 16:00   #5
Paul
Dr Pepper Addict
Cable Forum Team
 
Paul's Avatar
 
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,612
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Paul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered starsPaul is seeing silvered stars
Re: IP, ICMP, UDP, TCP, (and Pings and Tracerts)

KP - a full list is always available from here;

http://www.iana.org/assignments/port-numbers
__________________

Baby, I was born this way.
Paul is offline   Reply With Quote
Old 07-11-2006, 02:00   #6
Gareth
cf.mega poster
 
Gareth's Avatar
 
Join Date: Dec 2003
Age: 49
Posts: 7,099
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Gareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny starsGareth has a pair of shiny stars
Re: IP, ICMP, UDP, TCP, (and Pings and Tracerts)

Blimey, mate, that's one helluva bump

Well, it gives the background of how commands from the TCP/IP protocol actually work. Most people know they can ping a device to see if it's on the network, without really understanding why ping is so useful at doing what it does. I didn't really learn the ins-and-outs of TCP/IP until years after I'd been using some of the commands, but it does help to have that underlying knowledge as well.

If this sort of thing interests anyone, then I can recommend reading the TCP/IP Guide by Charles M. Kozierok - www.tcpipguide.com
Gareth is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +1. The time now is 13:23.


Server: osmium.zmnt.uk
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.