TCP/IP and Subnetting

For: Anyone who wants to know and learn.

I have seen many tutorials on TCP and subnetting
and have found them all to be a little bit complicated,
so I have written this one in the hope that it will
make it easier to understand.

We will start with a few of the TCP tools from the suite:

(TCP/IP is a protocol suite)


Speciality is Terminal Emulation. It allows a user on a
remote machine, called the Telnet Client, to access the
resources of another machine, the Telnet server.
Emulated Terminals are of the text mode type and can execute
refined procedures like displaying menus.
You begin a Telnet session by running the Telnet Client
software and then logging on to the Telnet Server.


This (Surprisingly) is the protocol that allows us to
transfer files.
FTP is not just a protocol, it is also a program. Operating
as a protocol, FTP is used by applications. As a program, it
is employed by usersto perform file tasks by hand.
FTP allows for access to both directories and files.
FTP actually teams up with Telnet to transparently log you in
to the FTP server.


SMTP uses a spooled, or queued method of delivery. In
other words, once a message has been sent to a destination,
the message is spooled to a device - normally a disk.
Server software regularly checks this queue for messages.
When it detects them, it delivers them to their destination.
SMTP Is used to send mail: POP3 is used to recieve mail.


This collects and manipulates valuable network information.
It gathers data by polling the devices on the network from
a management station at fixed or random intervals.

Others in the suite that you should know about include:-


Okay - now for the Biggy TCP:


TCP takes large blocks of information from an application and
breaks them into segments. It numbers and sequences each
segment so that the destinations TCP protocol can put the
segments back into the order the application intended.
After these segments are sent, TCP (on the transmitting host)
waits for an acknowledgement of the receiving ends TCP virtual
circuit session, retransmitting those that are not acknowledged.

Before a transmitting host starts to send segments down the model,
the senders TCP protocol contacts the destinations TCP protocol
to estasblish a connection. What is created is known as a virtual
circuit. During this initial handshake, the two TCP Layers also
agree on the amount of inforamtion that is going to be sent before
the recipients TCP sends back an acknowledgement. With everything
agreed upon in advance, the path is paved for reliable communication
to take place.

TCP Segment format:

The figure below show the TCP segment format. It show the different
field within the TCP header.

bit 0 bit 16 bit 32
| Source port (16) | Destination port (16) |
| |
| Sequence number (32) |
| |
| Acknowledgement number (32) |
| | | | |
|Header| Reserved| Code Bits| Window (16) |
|Length| (6) | (6) | |
| (4) | | | |
| | |
| Checksum (16) | Urgent (16) |
| |
| Options (0 or 32 if any) |
| |
| Data (varies) |

The TCP header is 20 Bytes long. Here's an explanation of the
different fields.

Source Port - Is the port number of the host sending the data.

Destination Port - Is the port number of the application requested
on the destination host.

Sequence number - Puts the data back in the correct order or
missing or damaged data.

Acknowledgement number - Defines which TCP octet is expected next.

Header length (HLEN) - Defines the number of 32 bit words in the

Reserved - Always set to 0

Code bits - Control functions set up and terminate a session.

Window - Is the window size the sender is willing to accept, in octets.

Checksum - Is the CRC.

Urgent Pointer - Indicates the end of urgent data.

Option - Sets the maximum TCP segment size to either 0 or 32 bits, if

Data - The data sent.

It is important to note that TCP and UDP use port numbers for
Well known port numbers are below 1024.

Here are some well known port numbers:

FTP 21
DNS 53
POP3 110
NEWS 144


Below is the set up for an IP Packet:

Bit 0 Bit 16 Bit 32

| | | | |
|Version | Header | Priority | Total Length (16) |
| (4) | Length | & TOS (Cool | |
| | (4) | | |
| | | |
| Identification (16) | Flags | Fragment |
| | (3) | Offset (13) |
| | | |
| Time to Live | Protocol | Header Checksum (16) |
| (Cool | (Cool | |
| |
| Source IP Address (32) |
| |
| Destination IP Address (32) |
| |
| Options (0 or 32 if any) |
| |
| Data (Varies if any) |

The following fields make up the IP Header:-

Version: IP Version number

HLEN: Header length in 32 bit words.

Priority or ToS: Type of service tells how the datagram should
be handled. The first three bits are the priority

Total Length: Length of the packet including header and data.

Identification: Unique IP packet value.

Flags: Specifies if fragmentation should occur.

Frag Offset: Provides fragmentation and re-assembly if the
packet is too large too put in the frame.

TTL: Time to Live is set into a packet when it is originally

Protocol: Port of the upper layer protocol (TCP port 6 and
UDP is port 17 (hex).

Header checksum: Cyclic redundancy check on header only.

Source IP Address: 32 bit IP address of sending station.

Destination IP address: 32 bit address of the station this
packet is destined for.

IP option: Used for network testing, debugging, security etc.

Data: Upper layer data.


Works at the Network layer and is used by IP for different
services. It is a management protocol and messaging service
provider for IP.Listed below are some common events and
messages that ICMP relates to:-

DESTINATION UNREACHABLE - If a router can't send an IP
datagram any further, it uses ICMP to send a message back
to the sender, advising it of the situation. For example,
if a router receives a packet destined for a network that
the router doesn't know about, it will send an ICMP
Destination unreachable message back to the sending station.

BUFFER FULL - If a routers buffer for receiving incoming data
is full, it will use ICMP to send out this message.

HOPS - Each IP datatgram is allotted a certain number of routers,
called hops, that it may go through. If it reaches it's limit of hops
before arriving at it's destination the last router to receive that
datagram deletes it. That router then uses ICMP to send an obituary
message, informing the sending machine of the demise of its datagram.

PING - Packet internet groper uses ICMP echo messages to check the
physical connectivity of machines on an internetwork.

TRACEROUTE - Using ICMP timeouts, traceroute is used to find a path
a packet takes as it traverses an internetwork.


Finds the hardware address of a host from a known IP address.
Here's how it works:-

When IP has a datagram to send, it must inform a network access
such as Ethernet or Token ring, of the destinations hardware address on
local network. If IP doesn't find the destination host's hardware
in the ARP cache, it uses ARP to find this information. ARP then
the local network by sending out a broadcast asking the machine with
specified IP address to reply with it's hardware address.


When an IP Machine happens to be a diskless machine, it has no way of
knowing it's IP address, but it does know it's MAC address. RARP
discovers the
identity of the IP address for diskless machines by sending out a
packet that
includes it's MAC address and a request for the IP address assigned to
that MAC

Now for the BIGGY.


An IP Address is a numeric identifier assigned to each machine on an IP
IP Addressing was designed to allow a host on one network to
communicate with a
host on a different network, regardless of the type of LAN's the hosts
participating in.


BIT - One digit, either a 1 or a 0.

BYTE - 7 or 8 bits, depending on whether parity is used.

OCTET - Always 8 bits.

NETWORK ADDRESS - The designation used in routing to send packets to a

BROADCAST ADDRESS - Used by Applications and hosts to send information
to nodes
on a network.

An IP address consists of 32 bits of information. These bits are
divided into
four sections, referred to as octets, each containing 1 byte.
You can depict an IP Address using 2 methods:


BINARY - 10101100.00010000.00011110.00111000

The 32 bit IP address is a structured or heirarchical address.
It can handle a large number of addresses, (4.3 billion).


The network address uniquely identifies each network. Every machine on
network shares that network address as part of it's IP address.
The node address is assigned to, and uniquely identifies, each machine
a network.
The designers of the internet decided to create classes of networks
on network size. For the small number of networks possesing a very
number of nodes, they created the CLASS A network. At the other extreme
is the class C network which is reserved for the numerous networks with
small number of nodes. Subdividing an IP address into a network and a
address is determined by the class designation of one's network. The
below shows this distinction:-

8 bits 8 bits 8 bits 8 bits
| | | | |
| | | | |
| | | | |




The designers of the IP address Scheme said that the first bit of the
first byte
in a CLASS A network address must always be off, or 0. This means a
address must be between 0 and 127.
Here is how those numbers are defined:

0xxxxxxx: If you turn the other 7 bits all off and then turn them all
on, you will
find your CLASS A range of addresses.

00000000 = 0
01111111 = 127

If you are getting confused, here is a binary to decimal conversion

128 64 32 16 8 4 2 1 - Binary value
0 0 1 0 0 1 1 0 - Byte in binary

Add the value of the bits that are turned on - 32 + 4 + 2 = 38.

You must always add the value of the bits turned on and this then gives
the decimal
value. So for example the address in decimal would read as
follows in

11000000.10101000.00000100.00110101 because when you add all the ON
numbers it equals
the decimal address.


In a CLASS B network, the RFC's state that the first bit of the first
byte must always
be turned on, but the second bit must always be turned off. If you turn
the other six
bits all off and then all on, you will find the range of a CLASS B
network as follows:-

10000000 = 128
10111111 = 191

So a CLASS B network address range is from 128 to 191.


For CLASS C networks, the RFC's define the first two bits of the first
octet always turned
on, but the third bit can never be on. If we follow the same procedure
as above then the
CLASS C address range will be as follows:-

11000000 = 192
11011111 = 223


The addresses between 224 and 255 are reserved for CLASS D and E

Some other address ranges are also reserved. Below is the list:

Network address of all 0's - Interpreted to mean "This network or

Network address of all 1's - Interpreted to mean "all networks".

Network - Reserved for loopback tests.

Node address of all 0's - Interpreted to mean "This node".

Node address of all 1's - Interpreted to mean "all node's".

There are more that we will discuss later.


In a CLASS A network address, the first byte is assigned to the network
address and
the three remaining bytes are used for the node addresses. The CLASS A
format is:


For example, in the IP address - 49 is the network address
and 22.102.70 is the
node address. Every machine on this particular network would have the
distinct network
address of 49.

There are a possible 16,777,214 node addresses available for each CLASS
A address, but only
126 possible CLASS A addresses.


In a CLASS B Network address, the first 2 bytes are assigned to the
network address, and the
remaining 2 bytes are used for the node addresses. The format is:


For example, in the IP address the network address is
172.16 and the node
address is 30.56

There are a possible 65,534 node addresses possible for each CLASS B
address, and 16,384
unique CLASS B network addresses.


The first three bytes of a CLASS C network address are dedicated to the
network portion
of the address and only one byte remaining for the node address. The
format is:-


Using the Example IP address the network address is
192.168.100 and
the node address is 102.

There are 2,097,152 possible class C networks with a possible 254 node
for each network.


To create subnetworks, you take bits from the host portion of the IP
address and
reserve them to define the subnet address. This means fewer bits for
hosts, so,
the more subnets, the fewer bits available for defining hosts.

Starting with class C addresses, you will learn how to subnet, however,
the easiest
way to complete this is to perform the following:-

1: Determine the number of required network ID's.

A: One for each subnet.
B: One for each Wide area connection.

2: Determine the number of required host ID's per subnet.

A: One for each TCP/IP host
B: One for each router interface.

For the subnet address scheme to work, every machine on the network
must know which part
of the host address will be used as the subnet address. This is
accomplished by assigning
a subnet mask to each machine. This is a 32 bit value that allows the
recipient of IP
packets to distinguish the network ID portion of the IP address from
the Host ID portion of
the IP address.

Here are the default subnet masks:

Class A - Net.Node.Node.Node -
Class B - Net.Net.Node.Node -
Class C - Net.Net.Net.Node -

In class C addressing, only 8 bits are available for defining the
hosts. Remember that
subnet bits start at the left and go to the right, without skipping
bits. This means
that subnet masks can be as follows:-

10000000 - 128
11000000 - 192
11100000 - 224
11110000 - 240
11111000 - 248
11111100 - 252
11111110 - 254

THe RFC's state that you cannot have only one bit for subnetting, since
that would mean
that the bit would always be either off or on, which would be illegal.
So the first subnet
mask you can legally use is 192 and the last one is 252, since you need
at least two bits
for defining hosts.


We will take the first subnet mask available with a class C address,
which borrows 2 bits
from subnetting. For the example I will use

In binary 192 = 11000000. Two bits for subnetting and six bits for
defining the hosts in each subnet.
What are the subnets? Since the subnet bits can't be both off or on at
the same time, the only two
valid subnets are:-

01000000 = 64 (all host bits off)
10000000 = 128 (all host bits off)

The valid hosts would be the numbers between the subnets, minus all the
host bits off and all the
host bits on. To find the hosts, first find your subnet by turning all
the host bits off, then turn
all the host bits on to find your broadcast address for the subnet. The
valid hosts must be between
those two numbers. THe table below will show the 64 subnet, valid host
range and broadcast address:-


01 000000=64 The network (Do first)
01 000001=65 The first valid host
01 111110=126 The last valid host
01 111111=127 The broadcast address (do this second)

The following shows the 128 subnet:-


10 000000=128 The subnet address
10 000001=129 The first valid host
10 111110=190 The last valid host
10 111111=191 The broadcast address

The following is the easiest method I know for subnetting:-

When you have a subnet mask and need to determine the amount of
subnets, valid hosts and broadcast addresses
that the mask provides, you need to answer the following 5 questions:-

1: How many subnets does the subnet mask produce?
2: How many valid hosts per subnet?
3: What are the valid subnets?
4: What are the valid hosts in each subnet?
5: What is the broadcast address of each subnet?

It is very important that you understand the powers of 2 at this point.
Here is how you determine the answers
to the five questions:-

1: How many subnets? 2x - 2 = amount of subnets. x is the amount of
masked bits, or the 1's.
For example - 11000000 is 2 to the power of 2 (2 bits switched on). So
there are 2 subnets in this example.

2: How many hosts per subnet? 2x - 2 = amount of hosts per subnet. x is
the amount of unmasked bits or 0's.
For example - 11000000 is 2 to the power of 6 (6 bits switched off).
So there are 62 hosts per subnet in
this example.

3: What are the valid subnets? 256 - Subnet mask = base number. For
example, 256 - 192 = 64.

4: What are the valid hosts? Valid hosts are the numbers between the
subnets minus all 0's and all 1's.

5: What is the broadcast address for each subnet? Broadcast address is
all host bits turned on, which should
be the number immediately preceeding the next subnet.

You need to practice and practice the above until you feel confident of
performing class C subnetting in
your head.
The next class C subnet mask would be

Okay, so now we have to work through the five questions.

1: How many subnets? 224 is 11100000, so the equation would be 2 to the
power of 3 - 2 = 6.

2: How many hosts? 2 to the power of 5 (0's) - 2 = 30.

3: What are the valid subnets? 256 - 224 = 32. 32+32=64. 64+32=96.
96+32=128. 128+32=160. 160+32=192.
192+32=224, which is invalid because it is our subnet mask. Our
valid subnets are:-

32, 64, 96, 128, 160 and 192.

4: What are the valid hosts? The numbers between the subnets - 2.

5: What is the broadcast address for each subnet? (Try and work this
one out for yourselves).

I have listed the information for a 224 subnet mask below:-

Subnet1 Subnet2 Subnet3 Subnet4 Subnet5 subnet6

32 64 96 128 160 192 The
subnet address
33 65 97 129 161 193 The
first valid host
62 94 126 158 190 222 The
last valid host
63 95 127 159 191 223 The
broadcast address

Okay, the next subnet mask for Class C is 240:-

Again, complete the necessary steps:-

1: 240 is 11110000 in binary = 2 to the power of 4 -2 = 14.

2: There are four host bits, or 2 to the power of 4 - 2 = 14.

3: 256 - 240 = 16 (remember to use this. If you have forgotten refer to
above information).

16 + 16 = 32. 32 + 16 = 48. 48 + 16 = 64 etc all the way up to
224 (Because 224 + 16 = 240 and
we cannot have that as it is out subnet mask).

So, the valid subnets under a 240 subnet mask are:-

16,32,48,64,80,96,112,128,144,160,176,192,208,224 = 14 Subnets.

See below for the relevant information on hosts (First and last and

This is information for the 240 subnet mask:

Subnet: 16 32 48 64 80 96 112 128 144 160 176
192 208 224

First host: 17 33 49 65 81 97 113 129 145 161 177
193 209 225

Last Host: 30 46 62 78 94 110 126 142 158 174 190
206 222 238

Broadcast: 31 47 63 79 95 111 127 143 159 175 191
207 223 239

The rest of the Class C addresses should be real easy to work out now
following the above procedure.

Give it a try on the 248 mask and the 252 mask and see what the results


Below is a list of all the Class B possible subnet masks:-

Notice there are more available. This is because there are 16 bits
available for host addressing,
meaning we can borrow up to 14 bits for subnetting.

Okay, the format is basically the same as for a Class C address. I will
list examples below and explain
them to you:-

Subnet mask =

Remember the format from the Class C addressing.

1: Count the borrowed on bits (in this case 2). 2to the power of 2 - 2
= 2 Subnets.

2: Count the host bots (off or 0 - in this case 14). 2 to the power
of 14 - 2 = 16,382.

3: 256 - 192 = 64. 64 + 64 = 128.

The following list shows the two subnets available, the valid host
range and the broadcast address of each:-

SUBNET: 64.0 128.0

FIRST HOST: 64.1 128.1

LAST HOST: 127.254 191.254

BROADCAST: 127.255 191.255

Then you keep borrowing the bits one at a time to work out how many
subnets and how many hosts.
From the list of possible subnets masks written above, work out all the
possible subnets and hosts
until memorized and then you will be a god.

CLASS A subnetting is completed in the same way but with 24 host bits
to play with.

Practice all of these as well.

I will not show you class A as you should be able to work it out with
the information supplied above.
I do not want to teach you everything, but merely point you in the
right direction to learn.

Article written by AUTHOR_NAME