Make your own free website on

Department of Defense Model of TCP/IP

The Department of Defense created TCP/IP to ensure and preserve date integrity. The DoD model is a condensed version of the OSI model and only has four layers.

Corresponding Layers
DoD Model OSI Model
Process Application Layer Application
Host-to-Host Layer Transport
Internet Layer Network
Network Access Layer Data Link

Process Application Layer    

Defines protocols for node-to-node application communication and also controls user interface specifications. Consists of a set of services that provide ubiquitous access to all types of networks. Applications utilize the services to communicate with other devices and remote applications

Protocols and Applications
Port Protocol Description
23 Telnet Terminal Emulation (Telephone network)
21 FTP Allows file transfers between computers (File Transfer Protocol)
69 TFTP Have to know what you want and where it is on the server, no directory browsing, no user authentication (Trivial File Transfer Protocol)
2049 NFS Allows remote file systems to be mounted as local (Network File System)
25 SMTP Used to send mail between mail servers (Simple Mail Transfer Protocol)
515 LPD Used for print sharing of network printers with TCP/IP (Line Printer Daemon)
161 SNMP Collect and manipulates network information (Simple Network Management Protocol)
53 DNS Resolves FQDN to IP addresses (Domain Name Service)
67 BootP Used by diskless workstations to receive boot file and other information via TFTP
  DHCP Assigns IP addresses to hosts from a pool. Can send IP address, Subnet mask,
Domain Name, Default Gateway, DNS IP, WINS info. (Dynamic Host Configuration Protocol)

Host-to-Host Layer    

This layer shields the upper layers from the process of sending data. Also provides an end-to-end connection between two devices during communication by performing sequencing, acknowledgments, checksums, and flow control. Applications using services at this layer can use two different protocols: TCP and UDP.

Protocols at the Host-to-Host Layer are:

TCP (Transmission Control Protocol)

TCP provides a connection-oriented, reliable services to the applications that use its services.
Main Functions of TCP

Segments application layer data stream--
TCP accepts data from applications and segments it into a desirable size for transmission between itself and the remote devices. The segment size is determined while TCP is negotiating the connection between the two devices. Either device can dictate the segment size.
Provides acknowledgment times--
TCP maintains timers to identify when packets have taken too long to get to their destination. When an acknowledgment is not received for a packet and the timer expires, TCP will resend the packet to the destination.
Enables sequence number checking--
TCP/IP uses sequence numbers to ensure that all packets sent by an application on one device are read in the correct order by an application on another device. The packets might not be received at the transport layer in the correct order, but TCP sequences them in their original order before passing them to the application layer.
Provides buffer management--
Any time two devices are communicating, the possibility exists that one device can send data faster than the other can accept it. If this happens, the receiving device puts the extra packets into a buffer to be read at the first chance it gets. When this data overflow persists, however, the buffer is eventually filled and packets begin to drop. TCP performs some preventive maintenance called flow control to avoid the problem.
Initiates connections with 3-way handshake--
TCP uses the concept of the three-way handshake to initiate a connection between two devices. A TCP connection begins with a device sending a request to synchronize sequence numbers (a SYN packet) and initiate a connection. The other device receives the message and responds with a SYN message and the sequence number increased by one. The first device responds by sending an acknowledgment message (an ACK) to the second device, indicating that the device received the sequence number it expected.
Performs error and duplication checking--
TCP uses a checksum to identify packets that have changed during transport. If a device receives a packet with a bad checksum, it drops the packet and does not send an acknowledgment for the packet. So the sending device will resend the packet. Any time TCP receives a duplicate packet it will drop the duplicate.
Performs acknowledgment windowing--
Any time a TCP device sends data to another device, it must wait for the acknowledgment that this data was received, To increase the bandwidth utilization, TCP can change the window size. Whatever the window size is negotiated to be, acknowledgments will only be sent after that many packets have been received at the receiving device. TCP sets the window size dynamically during a connection, allowing either device involved in the communication to slow down the sending data rate based on the other devices capacity. This process is known as sliding window because of TCP's ability to change the window size dynamically.
TCP Overview

Before data is sent, the transmitting host contacts the receiving host to set up a connection known as a virtual circuit. This makes TCP connection-oriented. During the handshake the two hosts agree upon the amount of information to be sent before an acknowledgment is needed (Windowing). TCP takes the large blocks of data from the upper layers and breaks them up into segments that it numbers and sequences. TCP will the pass the segments to the network layer, which will route them through the Internetwork. The receiving TCP can put the segments back into order. After packets are sent, TCP waits for an acknowledgment from the receiving end of the virtual circuit. If no acknowledgment is received then the sending host will retransmit the segment.

TCP Header Information
Source Port Number
16 bits
(Number of calling port)
Destination Port Number
16 bits
(Number of called port)
Sequence Number
32 bits
(Number to ensure proper sequence of data.)
Acknowledgment Number
(Identifies next segment expected)
Header Length
4 bits
(Number of 32 bit words in header)
6 bits
(Always 0)
Code bits
6 bits
(Identifies type of segment, setup/termination of session)
Window size
16 bits
(Number of octets the device is willing to accept)
TCP Checksum
16 bits
(Used to ensure data integrity)
Urgent Pointer
16 bits
(Indicates end of urgent data)
0 or 32 bits
(Identifies maximum segment size)


UDP (User Datagram Protocol)

UDP transports information that doesn't require reliable delivery; therefore it can have less overhead than TCP as no sequencing or acknowledgments are used. NFS and SNMP use UDP for their sessions, the applications have their own methods to ensure reliability. UDP receives blocks of information from the upper layers, which it breaks into segments. It gives each segment a number, sends it, and then forgets about it. No acknowledgments, no virtual circuits, connectionless protocol.

UDP Header Format
Source Port Number
16 bits
(Number of calling port)
Destination Port Number
16 bits
(Number of called port)
UDP Length
16 bits
(Length of UDP in bytes)
UDP Checksum
16 bits
(Used to ensure data integrity)


Differences between TCP and UDP

Differences Between TCP and UDP
Sequenced Unsequenced
Reliable -sequence numbers, acknowledgments, and 3-way handshake Unreliable -best effort only
Connection Oriented Connectionless
Virtual Circuits Low Overhead
Checksum for Error Checking Checksum for Error Checking
Uses buffer management to avoid overflow, uses sliding window to maximize bandwidth efficiency No flow control
Assigns datagram size dynamically for efficiency Every datagram segment is the same size

TCP and UDP Port Numbers

TCP and UDP use port numbers to communicate with the upper layers. Port numbers keep track of different sessions across the network. The source port will be above 1024 (unprivileged). 1023 and below (privileged) are known as well known ports and are assigned to common protocols. TCP and upper layer don't use hardware (MAC) and logical (IP) addresses to see the host's address; instead they use port numbers.

Internet Layer    

The Internet Layer exists for routing and providing a single network interface to the upper layers. IP provides the single network interface for the upper layers.

Protocols at the Internet Layer are:

IP (Internet Protocol)

The Internet Protocol (IP) is a network-layer (Layer 3) protocol that contains addressing information and some control information that enables packets to be routed.  IP has two primary responsibilities: providing connectionless, best-effort delivery of datagrams through an internetwork; and providing fragmentation and reassembly of datagrams to support data links with different maximum-transmission unit (MTU) sizes.

All machines on a TCP/IP network have a unique logical address, an IP address.  The Internet Layer (IP) has a complete picture of the entire network and is responsible for path determination and packet switching.  IP is the transport for TCP, UDP, and ICMP and provides an unreliable service.  It lets the upper layer protocols that use it worry about reliability.  IP will perform as a connectionless service because it handles each datagram as an independent entity.  IP performs packet switching and path determination by maintaining tables that indicate where to send a packet based on its IP address.  IP gets the destination address from the packet.  IP receives segments from the Host-to-Host layer and fragments them into packets.  IP will then reassemble the packets into segments on the receiving end to send to the Host-to-Host layer.  Each packet has the source and destination IP address.  Each router will make path determinations based on the destination IP address.

ICMP (Internet Control Message Protocol)

The Internet Control Message Protocol (ICMP) is a network-layer Internet protocol that provides message packets to report errors and other information regarding IP packet processing back to the source.  ICMP utilizes IP to carry the ICMP data within it through a network.

ICMP Messages

ICMPs generate several kinds of useful messages, including Destination Unreachable, Echo Request and Reply, Redirect, Time Exceeded, and Router Advertisement and Router Solicitation. If an ICMP message cannot be delivered, no second one is generated. This is to avoid an endless flood of ICMP messages.

When an ICMP destination-unreachable message is sent by a router, it means that the router is unable to send the package to its final destination.  The router then discards the original packet.  Destination-unreachable messages include four basic types: network unreachable, host unreachable, protocol unreachable, and port unreachable.

  • Network-unreachable messages usually mean that a failure has occurred in the routing or addressing of a packet.
  • Host-unreachable messages usually indicates delivery failure, such as a wrong subnet mask.
  • Protocol-unreachable messages generally mean that the destination does not support the upper-layer protocol specified in the packet.
  • Port-unreachable messages imply that the TCP socket or port is not available.

An ICMP echo-request message, which is generated by the ping command, is sent by any host to test node reachability across an internetwork.  The ICMP echo-reply message indicates that the node can be successfully reached.  PING - Packet Internet Gropher, uses echo message to test physical connectivity.

An ICMP Redirect message is sent by the router to the source host to stimulate more efficient routing. The router still forwards the original packet to the destination. ICMP redirects allow host routing tables to remain small because it is necessary to know the address of only one router, even if that router does not provide the best path. Even after receiving an ICMP Redirect message, some devices might continue using the less-efficient route.

An ICMP Time-exceeded message is sent by the router if an IP packet's Time-to-Live field (expressed in hops or seconds) reaches zero.  The Time-to-Live field prevents packets from continuously circulating the internetwork if the internetwork contains a routing loop.  Routers discard packets that have reached their maximum hop count and tell the source machine that the packet is expired.  Traceroute - uses ICMP timeouts to find the path a packet takes through the internetwork.

ARP (Address Resolution Protocol)

Used to find the MAC address from the known IP address. ARP sends a broadcast asking for the machine with the specified IP address to respond with its MAC address.  If two devices want to communicate, the first device can send a broadcast ARP message requesting the physical address for a specified IP address.  The receiving device responds with its IP address and the first device maintains the entry in its ARP cache.  If a device doesn't exist on the same subnet, the sending device addresses the the default gateway's physical address and sends the packet to the default gateway.

RARP Reverse Address Resolution Protocol)

This protocol is used to find an IP address when the MAC address is known.  A machine sends a broadcast with its MAC address and requests its IP address.  An example of a device that uses RARP is a diskless workstation.  Since it can't store its logical network address, it sends its MAC address to a RARP server to requests its IP address.  A RARP server responds to the RARP request with the device's IP address.

Network Access Layer    

The Network Access Layer monitors the data exchange between the host and the network. Oversees MAC addressing and defines protocols for the physical transmission of data.

DOD Model and TCP/IP