The
`
`Juniper Ex. 1030-p. 1
`Juniper v Implicit
`
`

`

`AIX3.2.2
`
`aix
`
`.1.92
`
`Solaris 2.2
`
`solar is
`
`SunOS4.1.1
`
`gemini
`
`Internet
`
`.104.1
`
`Cisco
`gateway router
`
`.1.4
`
`netb
`
`Telebit
`NetBlazer
`
`BSD/3861.0
`
`BSD/3861.0
`
`SVR4
`
`slip
`
`SLIP
`
`.13.65
`
`.13.66
`
`bsdi
`
`sun
`
`.13.33
`
`Portion of the class B network 140.252 used for all the examples in the text.
`All the hosts are in the tuc. noao. edu domain.
`
`Juniper Ex. 1030-p. 2
`Juniper v Implicit
`
`

`

`IP Header
`0
`
`15 16
`~4-bit header! 8-bit type of service
`length
`(TOS)
`
`4-bit
`version
`
`16-bit total length (in bytes)
`
`31
`
`T
`20bytes 1
`
`7
`L
`
`~
`
`31 T
`8 bytes
`_l
`I
`
`31
`
`T
`20bytes 1
`
`I
`
`16-bit identification
`
`8-bit time to live I 8-bit protocol
`
`(TIL)
`
`3-bit
`flags
`
`I
`
`13-bit fragment offset
`
`16-bit header checksum
`
`32-bit source IP address
`
`32-bit destination IP address
`
`options (if any)
`
`data
`
`15 16
`
`16-bit source port number
`
`16-bit destination port number
`
`16-bit UDP length
`
`16-bit UDP checksum
`
`data (if any)
`
`15 16
`
`l
`
`UDP Header
`0
`
`TCP Header
`0
`
`16-bit source port number
`
`16-bit destination port number
`
`32-bit sequence number
`
`32-bit acknowledgment number
`
`4-bit header!
`length
`
`reserved J~J~IIUJ~I!
`
`(6 bits)
`
`16-bit window size
`
`16-bit TCP checksum
`
`16-bit urgent pointer
`
`L
`
`l
`
`options (if any)
`
`data (if any)
`
`Juniper Ex. 1030-p. 3
`Juniper v Implicit
`
`

`

`TCP/IP Illustrated, Volume 1
`
`Juniper Ex. 1030-p. 4
`Juniper v Implicit
`
`

`

`Addison-Wesley Professional Computing Series
`Brian W. Kernighan, Consulting Editor
`
`Matthew H. Austern, Generic Programming and the STL: Using and Extending the C++ Standard Template Library
`David R. Butenhof, Programming with POSIX® Threads
`Brent Callaghan, NFS Illustrated
`Tom Cargill, C++ Programming Style
`William R. Cheswick/Steven M. Bellovin/ Aviel D. Rubin, Firewalls and Internet Security, Second Edition: Repelling
`the Wily Hacker
`David A. Curry, UNIX® System Security: A Guide for Users and System Administrators
`Stephen C. Dewhurst, C++ Gotchas: Avoiding Common Problems in Coding and Design
`Dan Farmer /Wietse Venema, Forensic Discovery
`Erich Gamma/Richard Helm/Ralph Johnson/John Vlissides, Design Patterns: Elements of Reusable Object(cid:173)
`Oriented Software
`Erich Gamma/Richard Helm/Ralph Johnson/John Vlissides, Design Patterns CD: Elements of Reusable Object-
`Oriented Software
`Peter Haggar, Practical Java'" Programming Language Guide
`David R. Hanson, C Interfaces and Implementations: Techniques for Creating Reusable Software
`Mark Harrison/Michael McLennan, Effective Tel/Tk Programming: Writing Better Programs with Tel and Tk
`Michl Henning/Steve Vinoski, Advanced CORBA® Programming with C++
`Brian W. Kernighan/Rob Pike, The Practice of Programming
`S. Keshav, An Engineering Approach to Computer Networking: ATM Networks, the Internet, and the Telephone Network
`John Lakos, Large-Scale C++ Software Design
`Scott Meyers, Effective C++ CD: 85 Specific Ways to Improve Your Programs and Designs
`Scott Meyers, Effective C++, Third Edition: 55 Specific Ways to Improve Your Programs and Designs
`Scott Meyers, More Effective C++: 35 New Ways to Improve Your Programs and Designs
`Scott Meyers, Effective STL: 50 Specific Ways to Improve Your Use of the Standard Template Library
`Robert B. Murray, C++ Strategies and Tactics
`David R. Musser/Gillmer J. Derge/Atul Saini, STL Tutorial and Reference Guide, Second Edition:
`C++ Programming with the Standard Template Library
`John K. Ousterhout, Tel and the Tk Toolkit
`Craig Partridge, Gigabit Networking
`Radia Perlman, Interconnections, Second Edition: Bridges, Routers, Switches, and Internetworking Protocols
`Stephen A. Rago, UNI~ System V Network Programming
`Eric S. Raymond, The Art of UNIX Programming
`Marc J. Rochkind, Advanced UNIX Programming, Second Edition
`Curt Schimmel, UNI~ Systems for Modem Architectures: Symmetric Multiprocessing and Caching for Kernel Programmers
`W. Richard Stevens, TCP/IP Illustrated, Volume 1: The Protocols
`W. Richard Stevens, TCP/IP Illustrated, Volume 3: TCP for Transactions, HTTP, NNTP, and the UNI~
`Domain Protocols
`W. Richard Stevens/Bill Fenner/ Andrew M. Rudoff, UNIX Network Programming Volume 1, Third Edition: The
`Sockets Networking API
`W. Richard Stevens/Stephen A. Rago, Advanced Programming in the UNI~ Environment, Second Edition
`W. Richard Stevens/Gary R. Wright, TCP/IP Illustrated Volumes 1-3 Boxed Set
`John Viega/Gary McGraw, Building Secure Software: How to Avoid Security Problems the Right Way
`Gary R. Wright/W. Richard Stevens, TCP/IP Illustrated, Volume 2: The Implementation
`Ruixi Yuan/W. Timothy Strayer, Virtual Private Networks: Technologies and Solutions
`
`Visit www.awprofessional.com/series/professionalcomputing for more information about these titles.
`
`Juniper Ex. 1030-p. 5
`Juniper v Implicit
`
`

`

`TCP/IP Illustrated, Volume 1
`
`The Protocols
`
`W. Richard Stevens
`
`J:..
`TV
`ADDISON-WESLEY
`Boston • San Francisco 0 New York 0 Toronto • Montreal
`London ~ Munich • Paris • Madrid
`Capetown • Sydney • Tokyo • Singapore G Mexico City
`
`Juniper Ex. 1030-p. 6
`Juniper v Implicit
`
`

`

`Many of the designations used by manufacturers and sellers to distinguish their products are claimed as
`trademarks. Where those designations appear in this book, and we were aware of a trademark claim, the
`designations have been printed in initial capital letters or in all capitals.
`
`The author and publisher have taken care in the preparation of this book, but make no expressed or
`implied warranty of any kind and assume no responsibility for errors or omissions. No liability is
`assumed for incidental or consequential damages in connection with or arising out of the use of the
`information or programs contained herein.
`
`The publisher offers discounts on this book when ordered in quantity for special sales. For more informa(cid:173)
`tion, please contact:
`
`Pearson Education Corporate Sales Division
`201 W. 103rd Street
`Indianapolis, IN 46290
`(800) 428-5331
`corpsales@ pearsoned.com
`
`VisitAW on the Web: www.awl.com/cseng/
`
`Library of Congress Cataloging-in-Publication Data
`Stevens, W. Richard
`TCP/IP Illustrated: the protocols/W. Richard Stevens.
`p. cm.-(Addison-Wesley professional computing series)
`Includes bibliographical references and index.
`ISBN 0-201-63346-9 (v.l)
`1.TCP/IP (Computer network protocol) I. Title. II. Series.
`TK5105.55S74 1994
`004.6'2-dc20
`
`Copyright© 1994 by Addison Wesley
`
`UNIX is a technology trademark of X/Open Company, Ltd.
`
`All rights reserved. No part of this publication may be reproduced, stored in a retrieval system,
`or transmitted, in any form, or by any means, electronic, mechanical, photocopying, recording,
`or other-wise, without the prior consent of the publisher. Printed in the United States of
`America. Published
`simultaneously in Canada.
`
`Text printed on recycled and acid-free paper.
`
`ISBN 0201633469
`272829303132 HT
`
`07 06 05
`
`27th Printing
`
`September 2005
`
`Juniper Ex. 1030-p. 7
`Juniper v Implicit
`
`

`

`To Brian Kernighan and John Wait,
`for their encouragement, faith, and support
`over the past 5 years.
`
`Juniper Ex. 1030-p. 8
`Juniper v Implicit
`
`

`

`Praise for TCP!IP Illustrated, Volume 1: The Protocols
`
`"This is sure to be the bible for TCP/IP developers and users. Within minutes of picking up the text,
`I encountered several scenarios which had tripped-up both my colleagues and myself in the past.
`Stevens reveals many of the mysteries once held tightly by the ever-elusive networking gurus.
`Having been involved in the implementation of TCP /IP for some years now, I consider this by far
`the finest text to date."
`
`-Robert A. Ciampa, Network Engineer, Synemetics, division of 3COM
`
`"While all of Stevens' books are readable and technically excellent, this new opus is awesome.
`Although many books describe the TCP/IP protocols, Stevens provides a level of depth and real(cid:173)
`world detail lacking from the competition. He puts the reader inside TCP/IP using a visual approach
`and shows the protocols in action."
`
`-Steven Baker, Networking Columnist, Unix Review
`
`"TCP!IP Illustrated, Volume I is an excellent reference for developers, network administrators, or
`anyone who needs to understand TCP/IP technology. TCP!IP Illustrated is comprehensive in its
`coverage of TCP/IP topics, providing enough details to satisfy the experts while giving enough
`background and commentary for the novice."
`
`-Bob Williams, V.P. Marketing, NetManage, Inc.
`
`" ... the difference is that Stevens wants to show as well as tell about the protocols. His principal
`teaching tools are straight-forward explanations, exercises at the ends of chapters, byte-by-byte
`diagrams of headers and the like, and listings of actual traffic as examples."
`
`-Walter Zintz, UnixWorld
`
`"Much better than theory only ... W. Richard Stevens takes a multihost-based configuration and uses
`it as a travelogue ofTCP/IP examples with illustrations. TCP/IP Illustrated, Volume 1 is based on
`practical examples that reinforce the theory - distinguishing this book from others on the subject,
`and making it both readable and informative."
`
`-Peter M. Haverlock, Consultant, IBM TCP/IP Development
`
`"The diagrams he uses are excellent and his writing style is clear and readable. In sum, Stevens has
`made a complex topic easy to understand. This book merits everyone's attention. Please read it and
`keep it on your bookshelf."
`- Elizabeth Zinkann, SysAdmin
`
`"W. Richard Stevens has produced a fine text and reference work. It is well organized and very
`clearly written with, as the title suggests, many excellent illustrations exposing the intimate details
`of the logic and operation of IP, TCP, and the supporting cast of protocols and applications."
`
`-Scott Bradner, Consultant, Harvard University OIT/NSD
`
`Juniper Ex. 1030-p. 9
`Juniper v Implicit
`
`

`

`Contents
`
`Preface
`
`Chapter 1.
`
`Introduction
`
`XV
`
`1
`
`6
`
`Introduction
`1
`Layering
`TCP/IP Layering
`7
`Internet Addresses
`The Domain Name System
`9
`Encapsulation
`11
`Demultiplexing
`Client-Server Model
`12
`Port Numbers
`Standardization Process
`14
`RFCs
`Standard, Simple Services
`16
`The Internet
`16
`Implementations
`Application Programming Interfaces
`18
`Test Network
`Summary
`
`1.1
`1.2
`1.3
`1.4
`1.5
`1.6
`1.7
`1.8
`1.9
`1.10
`1.11
`1.12
`1.13
`1.14
`1.15
`1.16
`1.17
`
`9
`
`12
`
`14
`
`15
`
`19
`
`17
`
`vii
`
`Juniper Ex. 1030-p. 10
`Juniper v Implicit
`
`

`

`viii
`
`TCP /IP illustrated
`
`Chapter 2.
`
`Link Layer
`
`Contents
`
`21
`
`2.1
`2.2
`2.3
`2.4
`2.5
`2.6
`2.7
`2.8
`2.9
`2.10
`2.11
`
`21
`Introduction
`Ethernet and IEEE 802 Encapsulation
`23
`Trailer Encapsulation
`24
`SLIP: Serial Line IP
`Compressed SLIP
`25
`PPP: Point-to-Point Protocol
`28
`Loopback Interface
`MTU
`29
`30
`Path MTU
`Serial Line Throughput Calculations
`Summary
`31
`
`26
`
`21
`
`30
`
`Chapter 3.
`
`IP: Internet Protocol
`
`33
`
`3.1
`3.2
`3.3
`3.4
`3.5
`3.6
`3.7
`3.8
`3.9
`3.10
`3.11
`
`42
`
`Introduction
`33
`34
`IP Header
`37
`IP Routing
`Subnet Addressing
`Subnet Mask
`43
`Special Case IP Addresses
`A Subnet Example
`46
`ifconfig Command
`47
`49
`netstat Command
`IP Futures
`49
`Summary
`50
`
`45
`
`Chapter 4.
`
`ARP: Address Resolution Protocol
`
`53
`
`4.1
`4.2
`4.3
`4.4
`4.5
`4.6
`4.7
`4.8
`4.9
`
`53
`Introduction
`54
`An Example
`ARP Cache
`56
`ARP Packet Format
`57
`ARP Examples
`60
`Proxy ARP
`Gratuitous ARP
`arp Command
`Summary
`63
`
`62
`63
`
`56
`
`Chapter 5.
`
`RARP: Reverse Address Resolution Protocol
`
`65
`
`5.1
`5.2
`5.3
`5.4
`5.5
`
`Introduction
`65
`RARP Packet Format
`RARP Examples
`66
`RARP Server Design
`Summary
`68
`
`65
`
`67
`
`Juniper Ex. 1030-p. 11
`Juniper v Implicit
`
`

`

`TCP /IP illustrated
`
`Contents
`
`ix
`
`Chapter 6.
`
`ICMP: Internet Control Message Protocol
`
`69
`
`6.1
`6.2
`6.3 .
`6.4
`6.5
`6.6
`6.7
`
`69
`Introduction
`70
`ICMP Message Types
`ICMP Address Mask Request and Reply
`ICMP Timestamp Request and Reply
`ICMP Port Unreachable Error
`77
`4.4BSD Processing of ICMP Messages
`Summary
`83
`
`72
`
`74
`
`81
`
`Chapter 7.
`
`Ping Program
`
`7.1
`7.2
`7.3
`7.4
`7.5
`
`85
`Introduction
`85
`Ping Program
`IP Record Route Option
`IP Timestamp Option
`Summary
`96
`
`91
`
`95
`
`Chapter 8.
`
`Traceroute Program
`
`8.1
`8.2
`8.3
`8.4
`8.5
`8.6
`
`97
`Introduction
`Traceroute Program Operation
`LAN Output
`99
`WAN Output
`1 02
`IP Source Routing Option
`Summary
`109
`
`97
`
`104
`
`Chapter 9.
`
`IP Routing
`
`85
`
`97
`
`111
`
`9.1
`9.2
`9.3
`9.4
`9.5
`9.6
`9.7
`
`111
`Introduction
`112
`Routing Principles
`ICMP Host and Network Unreachable Errors
`To Forward or Not to Forward
`119
`ICMP Redirect Errors
`119
`ICMP Router Discovery Messages
`Summary
`125
`
`123
`
`117
`
`Chapter 10.
`
`Dynamic Routing Protocols
`
`127
`
`10.1
`10.2
`10.3
`10.4
`10.5
`10.6
`10.7
`10.8
`10.9
`
`127
`Introduction
`Dynamic Routing
`127
`128
`Unix Routing Daemons
`RIP: Routing Information Protocol
`RIP Version 2
`136
`137
`OSPF: Open Shortest Path First
`138
`BGP: Border Gateway Protocol
`CIDR: Classless lnterdomain Routing
`Summary
`141
`
`129
`
`140
`
`Juniper Ex. 1030-p. 12
`Juniper v Implicit
`
`

`

`x
`
`TCP /IP Illustrated
`
`Chapter 11.
`
`UDP: User Datagram Protocol
`
`Contents
`
`143
`
`11.1
`11.2
`11.3
`11.4
`11.5
`11.6
`11.7
`11.8
`11.9
`11.10
`11 .11
`11.12
`11.13
`
`143
`Introduction
`144
`UDP Header
`144
`UDP Checksum
`A Simple Example
`147
`148
`IP Fragmentation
`ICMP Unreachable Error (Fragmentation Required)
`Determining the Path MTU Using Traceroute
`153
`Path MTU Discovery with UDP
`155
`Interaction Between UDP and ARP
`Maximum UDP Datagram Size
`159
`ICMP Source Quench Error
`i 60
`UDP Server Design
`162
`Summary
`167
`
`157
`
`151
`
`Chapter 12.
`
`Broadcasting and Multicasting
`
`169
`
`12.1
`12.2
`12.3
`12.4
`12.5
`
`169
`Introduction
`Broadcasting
`171
`Broadcasting Examples
`Multicasting
`175
`178
`Summary
`
`172
`
`Chapter 13.
`
`IGMP: Internet Group Management Protocol
`
`179
`
`13.1
`13.2
`13.3
`13.4
`13.5
`
`179
`
`Introduction
`IGMP Message
`IGMP Protocol
`An Example
`Summary
`
`180
`180
`183
`186
`
`Chapter 14.
`
`DNS: The Domain Name System
`
`187
`
`14.1
`14.2
`14.3
`14.4
`14.5
`14.6
`14.7
`14.8
`14.9
`14.10
`
`187
`Introduction
`188
`DNS Basics
`DNS Message Format
`A Simple Example
`Pointer Queries
`Resource Records
`203
`Caching
`UDP or TCP
`Another Example
`Summary
`208
`
`206
`206
`
`191
`194
`198
`201
`
`Juniper Ex. 1030-p. 13
`Juniper v Implicit
`
`

`

`TCP /IP illustrated
`
`Contents
`
`xi
`
`Chapter 15.
`15.1
`15.2
`15.3
`15.4
`15.5
`
`Chapter 16.
`16.1
`16.2
`16.3
`16.4
`16.5
`16.6
`16.7
`
`Chapter 17.
`17.1
`17.2
`17.3
`17.4
`
`Chapter 18.
`18.1
`18.2
`18.3
`18.4
`18.5
`18.6
`18.7
`18.8
`18.9
`18.10
`18.11
`18.12
`
`Chapter 19.
`19.1
`19.2
`19.3
`19.4
`19.5
`19.6
`
`TFTP: Trivial File Transfer Protocol
`Introduction
`209
`Protocol
`209
`An Example
`Security
`213
`Summary
`213
`
`211
`
`BOOTP: Bootstrap Protocol
`Introduction
`215
`BOOTP Packet Format
`An Example
`218
`BOOTP Server Design
`BOOTP Through a Router
`Vendor-Specific Information
`Summary
`222
`
`215
`
`219
`220
`221
`
`TCP: Transmission Control Protocol
`Introduction
`223
`TCP Services
`223
`TCP Header
`225
`Summary
`227
`
`TCP Connection Establishment and Termination
`Introduction
`229
`Connection Establishment and Termination
`Timeout of Connection Establishment
`235
`Maximum Segment Size
`236
`TCP Half-Close
`238
`TCP State Transition Diagram
`Reset Segments
`246
`Simultaneous Open
`250
`Simultaneous Close
`252
`TCP Options
`253
`TCP Server Design
`Summary
`260
`
`229
`
`240
`
`254
`
`TCP Interactive Data Flow
`Introduction
`263
`263
`Interactive Input
`Delayed Acknowledgments
`Nagle Algorithm
`267
`Window Size Advertisements
`Summary
`274
`
`265
`
`27 4
`
`209
`
`215
`
`223
`
`229
`
`263
`
`Juniper Ex. 1030-p. 14
`Juniper v Implicit
`
`

`

`xii
`
`TCP /IP Illustrated
`
`Chapter 20.
`
`TCP Bulk Data Flow
`
`20.1
`20.2
`20.3
`20.4
`20.5
`20.6
`20.7
`20.8
`20.9
`
`275
`Introduction
`275
`Normal Data Flow
`Sliding Windows
`280
`282
`Window Size
`284
`PUSH Flag
`285
`Slow Start
`Bulk Data Throughput
`Urgent Mode
`292
`Summary
`296
`
`286
`
`Contents
`
`275
`
`Chapter 21.
`
`TCP Timeout and Retransmission
`
`297
`
`21.1
`21.2
`21.3
`21.4
`21.5
`21.6
`21.7
`21.8
`21.9
`21.10
`21.11
`21.12
`
`Introduction
`297
`Simple Timeout and Retransmission Example
`Round-Trip Time Measurement
`299
`An RTT Example
`301
`Congestion Example
`306
`310
`Congestion Avoidance Algorithm
`Fast Retransmit and Fast Recovery Algorithms
`Congestion Example (Continued)
`313
`Per-Route Metrics
`316
`ICMP Errors
`317
`Repacketization
`320
`Summary
`321
`
`298
`
`312
`
`Chapter 22.
`
`TCP Persist Timer
`
`22.1
`22.2
`22.3
`22.4
`
`323
`Introduction
`323
`An Example
`Silly Window Syndrome
`Summary
`330
`
`325
`
`Chapter 23.
`
`TCP Keepalive Timer
`
`23.1
`23.2
`23.3
`23.4
`
`331
`Introduction
`332
`Description
`Keepalive Examples
`Summary
`337
`
`333
`
`Chapter 24.
`
`TCP Futures and Performance
`
`24.1
`24.2
`24.3
`24.4
`
`339
`Introduction
`Path MTU Discovery
`Long Fat Pipes
`344
`Window Scale Option
`
`340
`
`347
`
`323
`
`331
`
`339
`
`Juniper Ex. 1030-p. 15
`Juniper v Implicit
`
`

`

`TCP /IP illustrated
`
`Contents
`
`xiii
`
`24.5
`24.6
`24.7
`24.8
`24.9
`
`349
`Timestamp Option
`PAWS: Protection Against Wrapped Sequence Numbers 351
`T/TCP: A TCP Extension for Transactions
`351
`TCP Performance
`354
`Summary
`356
`
`Chapter 25.
`
`SNMP: Simple Network Management Protocol
`
`359
`'
`
`365
`
`25.1
`25.2
`25.3
`25.4
`25.5
`25.6
`25.7
`25.8
`25.9
`25.10
`25.11
`25.12
`25.13
`
`359
`Introduction
`,
`360
`Protocol
`Structure of Management Information
`Object Identifiers
`364
`Introduction to the Management Information ' Base
`Instance Identification
`367
`Simple Examples
`370
`Management Information Base (Continued)
`Additional Examples
`382
`Traps
`385
`ASN.1 and BER
`SNMP Version 2
`Summary
`388
`
`363
`
`372
`
`386
`387
`
`Chapter 26.
`
`Telnet and Rlogin: Remote Login
`
`389
`
`26.1
`26.2
`26.3
`26.4
`26.5
`26.6
`
`Introduction
`Rlogin Protocol
`Rlogin Examples
`Telnet Protocol
`Telnet Examples
`Summary
`417
`
`389
`391
`396
`401
`406
`
`Chapter 27.
`
`FTP: File Transfer Protocol
`
`419
`
`27.1
`27.2
`27.3
`27.4
`
`Introduction
`FTP Protocol
`FTP Examples
`Summary
`439
`
`419
`419
`426
`
`Chapter 28.
`
`SMTP: Simple Mail Transfer Protocol
`
`441
`
`28.1
`28.2
`28.3
`28.4
`28.5
`
`Introduction
`SMTP Protocol
`SMTP Examples
`SMTP Futures
`Summary
`459
`
`',
`
`441
`
`442
`448
`452
`
`Juniper Ex. 1030-p. 16
`Juniper v Implicit
`
`

`

`xiv
`
`TCP /IP illustrated
`
`Chapter 29.
`29.1
`29.2
`29.3
`29.4
`29.5
`29.6
`29.7
`29.8
`
`Chapter 30.
`30.1
`30.2
`30.3
`30.4
`30.5
`30.6
`
`NFS: Network File System
`Introduction
`461
`461
`Sun Remote Procedure Call
`XDR: External Data Representation
`Port Mapper
`465
`NFS Protocol
`467
`NFS Examples
`474
`NFS Version 3
`479
`Summary
`480
`
`465
`
`Other TCP/IP Applications
`Introduction
`481
`481
`Finger Protocol
`483
`Whois Protocol
`Archie, WAIS, Gopher, Veronica, and WWW
`X Window System
`486
`Summary
`490
`
`484
`
`Appendix A.
`A.1
`A.2
`A.3
`A.4
`A.5
`A.6
`
`The tcpdump Program
`BSD Packet Filter
`491
`493
`SunOS Network Interface Tap
`SVR4 Data Link Provider Interface
`tcpdump Output
`495
`Security Considerations
`Socket Debug Option
`
`496
`496
`
`494
`
`Appendix B. Computer Clocks
`
`Appendix C. The sock Program
`
`Appendix D. Solutions to Selected Exercises
`
`Appendix E.
`E.1
`E.2
`E.3
`E.4
`E.5
`E.6
`
`Configurable Options
`BSD/386 Version 1.0
`SunOS 4.1.3
`527
`System V Release 4
`Solaris 2.2
`529
`AIX 3.2.2
`536
`4.4BSD
`537
`
`526
`
`529
`
`Appendix F. Source Code Availability
`
`Bibliography
`
`Index
`
`Contents
`
`461
`
`481
`
`491
`
`499
`
`503
`
`507
`
`525
`
`539
`
`543
`
`555
`
`Juniper Ex. 1030-p. 17
`Juniper v Implicit
`
`

`

`Preface
`
`Introduction
`
`This book describes the TCP /IP protocol suite, but from a different perspective than
`other texts on TCP /IP. Instead of just describing the protocols and what they do, we'll
`use a popular diagnostic tool to watch the protocols in action. Seeing how the protocols
`operate in varying circumstances provides a greater understanding of how they work
`and why certain design decisions were made. It also provides a look into the imple(cid:173)
`mentation of the protocols, without having to wade through thousands of lines of
`source code.
`When networking protocols were being developed in the 1960s through the 1980s,
`expensive, dedicated hardware was required to see the packets going "across the wire."
`Extreme familiarity with the protocols was also required to comprehend the packets dis(cid:173)
`played by the hardware. Functionality of the hardware analyzers was limited to that
`built in by the hardware designers.
`Today this has changed dramatically with the ability of the ubiquitous workstation
`to monitor a local area network [Mogul1990]. Just attach a workstation to your net(cid:173)
`work, run some publicly available software (described in Appendix A), and watch what
`goes by on the wire. While many people consider this a tool to be used for diagnosing
`network problems, it is also a powerful tool for understanding how the network proto(cid:173)
`cols operate, which is the goal of this book.
`This book is intended for anyone wishing to understand how the TCP /IP protocols
`operate: programmers writing network appliGations, system administrators responsible
`for maintaining computer systems and networks utilizing TCP /IP, and users who deal
`with TCP /IP applications on a daily basis.
`
`XV
`
`Juniper Ex. 1030-p. 18
`Juniper v Implicit
`
`

`

`xvi
`
`TCP /IP illustrated
`
`Preface
`
`Organization of the Book
`
`The following figure shows the various protocols and applications that are covered.
`The italic number by each box indicates the chapter in which that protocol or applica(cid:173)
`tion is described.
`
`media
`
`(Numerous fine points are missing from this figure that will be discussed in the appro(cid:173)
`priate chapter. For example, both the DNS and RPC use TCP, which we don't show.)
`We take a bottom-up approach to the TCP /IP protocol suite. After providing a
`basic introduction to TCP /IP in Chapter 1, we will start at the link layer in Chapter 2
`and work our way up the protocol stack. This provides the required background for
`later chapters for readers who aren't familiar with TCP /IP or networking in general.
`This book also uses a functional approach instead of following a strict bottom-to(cid:173)
`top order. For example, Chapter 3 describes the IP layer and the IP header. But there
`are numerous fields in the IP header that are best described in the context of an applica(cid:173)
`tion that uses or is affected by a particular field. Fragmentation, for example, is best
`understood in terms of UDP (Chapter 11), the protocol often affected by it. The time-to(cid:173)
`live field is fully described when we look at the Traceroute program in Chapter 8,
`because this field is the basis for the operation of the program. Similarly, many features
`of ICMP are described in the later chapters, in terms of how a particular ICMP message
`is used by a protocol or an application.
`We also don't want to save all the good stuff until the end, so we describe TCP /IP
`applications as soon as we have the foundation to understand them. Ping and Trace(cid:173)
`route are described after IP and ICMP have been discussed. The applications built on
`UDP (multicasting, the DNS, TFTP, and BOOTP) are described after UDP has been
`
`Juniper Ex. 1030-p. 19
`Juniper v Implicit
`
`

`

`TCP /IP illustrated
`
`Preface
`
`xvii
`
`examined. The TCP applications, however, along with network management, must be
`saved until the end, after we've thoroughly described TCP. This text focuses on how
`these applications use the TCP /IP protocols. We do not provide all the details on run(cid:173)
`ning these applications.
`
`Readers
`
`This book is self-contained and assumes no specific knowledge of networking or
`TCP /IP. Numerous references are provided for readers interested in additional details
`on specific topics.
`This book can be used in many ways. It can be used as a self-study reference and
`covered from start to finish by someone interested in all the details on the TCP /IP
`protocol suite. Readers with some TCP /IP background might want to skip ahead and
`start with Chapter 7, and then focus on the specific chapters in which they're interested.
`Exercises are provided at the end of the chapters, and most solutions are in Appen(cid:173)
`dix D. This is to maximize the usefulness of the text as a self-study reference.
`When used as part of a one- or two-semester course in computer networking, the
`focus should be on IP (Chapters 3 and 9), UDP (Chapter 11), and TCP (Chapters 17-24),
`along with some of the application chapters.
`Many forward and backward references are provided throughout the text, along
`with a thorough index, to allow individual chapters to be studied by themselves. A list
`of all the acronyms used throughout the text, along with the compound term for the
`acronym, appears on the inside back covers.
`If you have access to a network you are encouraged to obtain the software used in
`this book (Appendix F) and experiment on your own. Hands-on experimentation with
`the protocols will provide the greatest knowledge (and make it more fun).
`
`Systems Used for Testing
`
`Every example in the book was run on an actual network and the resulting output
`saved in a file for inclusion in the text. Figure 1.11 (p. 18) shows a diagram of the differ(cid:173)
`ent hosts, routers, and networks that are used. (This figure is also duplicated on the
`inside front cover for easy reference while reading the book.) This collection of net(cid:173)
`works is simple enough that the topology doesn't confuse the examples, and with four
`systems acting as routers, we can see the error messages generated by routers.
`Most of the systems have a name that indicates the type of software being used:
`bsdi, svr4, sun, solaris, aix, slip, and so on. In this way we can identify the type
`of software that we're dealing with by looking at the system name in the printed output.
`A wide range of different operating systems and TCP /IP implementations are used:
`
`• BSD/386 Version 1.0 from Berkeley Software Design, Inc., on the hosts named
`bsdi and slip. This system is derived from the BSD Networking Software,
`Release 2.0. (We show the lineage of the various BSD releases in Figure 1.10 on
`p.17.)
`
`Juniper Ex. 1030-p. 20
`Juniper v Implicit
`
`

`

`xviii
`
`TCP /IP illustrated
`
`Preface
`
`• Unix System V /386 Release 4.0 Version 2.0 from U.H. Corporation, on the host
`named svr4. This is vanilla SVR4 and contains the standard implementation of
`TCP /IP from Lachman Associates used with most versions of SVR4.
`
`• SunOS 4.1.3 from Sun Microsystems, on the host named sun. The SunOS 4.l.x
`systems are probably the most widely used TCP liP implementations. The
`TCP /IP code is derived from 4.2BSD and 4.3BSD.
`
`• Solaris 2.2 from Sun Microsystems, on the host named solar is. The Solaris 2.x
`systems have a different implementation of TCP /IP from the earlier SunOS 4.l.x
`systems, and from SVR4. (This operating system is really SunOS 5.2, but is com(cid:173)
`monly called Solaris 2.2.)
`
`• AIX 3.2.2 from IBM on the host named aix. The TCP /IP implementation is
`based on the 4.3BSD Reno release.
`
`• 4.4BSD from the Computer Systems Research Group at the University of Califor(cid:173)
`nia at Berkeley, on the host van gogh. cs. berkeley. edu. This system has the
`latest release of TCP /IP from Berkeley. (This system isn't shown in the figure on
`the inside front cover, but is reachable across the Internet.)
`
`Although these are all Unix systems, TCP /IP is operating system independent, and is
`available on almost every popular non-Unix system. Most of this text also applies to
`these non-Unix implementations, although some programs (such as Traceroute) may
`not be provided on all systems.
`
`Typographical Conventions
`
`When we display interactive input and output we'll show our typed input in a bold
`font, and the computer output like this. Comments are added in italics.
`
`bsdi % telnet svr4 discard
`Trying 140.252.13.34 ...
`Connected to svr4.
`
`connect to the discard server
`this line and next output by Telnet client
`
`Also, we always include the name of the system as part of the shell prompt (bsdi in
`this example) to show on which host the command was run.
`
`Throughout the text we'll use indented, parenthetical notes such as this' to describe historical
`points or implementation details.
`
`We sometimes refer to the complete description of a command in the Unix manual
`as in ifconfig(8). This notation, the name of the command followed by a number in
`parentheses, is the normal way of referring to Unix commands. The number in paren(cid:173)
`theses is the section number in the Unix manual of the "manual page" for the com(cid:173)
`mand, where additional information can be located. Unfortunately not all Unix systems
`organize their manuals the same, with regard to the section numbers used for various
`groupings of commands. We'll use the BSD-style section numbers (which is the same
`for BSD-derived systems such as SunOS 4.1.3), but your manuals may be organized
`differently.
`
`Juniper Ex. 1030-p. 21
`Juniper v Implicit
`
`

`

`TCP /IP illustrated
`
`Acknowledgments
`
`Preface
`
`xix
`
`Although the author's name is the only one to appear on the cover, the combined effort
`of many people is required to produce a quality text book. First and foremost is the
`author's family, who put up with the long and weird hours that go into writing a book.
`Thank you once again, Sally, Bill, Ellen, and David.
`The consulting editor, Brian Kernighan, is undoubtedly the best in the business. He
`was the first one to read various drafts of the manuscript and mark it up with his infi(cid:173)
`nite supply of red pens. His attention to detail, his continual prodding for readable
`prose, and his thorough reviews of the manuscript are an immense resource to a writer.
`Technical reviewers provide a different point of view and keep the author honest by
`catching technical mistakes. Their comments, suggestions, and (most importantly) criti(cid:173)
`cisms add greatly to the final product. My thanks to Steve Bellovin, Jon Crowcroft, Pete
`Haverlock, and Doug Schmidt for comments on the entire manuscript. Equally valu(cid:173)
`able comments were provided on portions of the manuscript by Dave Borman, Tony
`DeSimone, Bob Gilligan, Jeff Gitlin, John Gulbenkian, Tom Herbert, Mukesh Kacker,
`Barry Margolin, Paul Mockapetris, Burr Nelson, Steve Rago, James Risner, Chr~s
`Walquist, Phil Winterbottom, and Gary Wright. A special thanks to Dave Borman for
`his thorqugh review of all the TCP chapters, and to Bob Gilligan who should be listed as
`a coauthor for Appendix E.
`An author cannot work in isolation, so I would like to thank the following persons
`for lots of small favors, especially by answering my numerous e-mail questions: Joe
`Godsil, Jim Hogue, Mike Karels, Paul Lucchina, Craig Partridge, Thomas Skibo, and
`Jerry Toporek.
`This book is the result of my being asked lots ~f questions on TCP /IP for which I
`could find no quick, immediate answer. It was then that !,realized that the easiest way
`to obtain the answers was to run small tests, forcing certain conditions to occur, and just
`watch what happens. I thank Pete Haverlock for asking the probing quesfions and Van
`Jacobson for providing so much of the publicly available software that is used in this
`book to answer the questions.
`A bools on networking needs a real network to work with along with access to the
`Internet. My thanks to the National Optical Astronomy Observatories (NOAO), espe(cid:173)
`cially Sidney Wolff, Richard Wolff, and Steve Grandi, for providing access to their net(cid:173)
`works and hosts. A special thanks to Steve Grandi for answering lots of questions and
`providing accounts on various hosts. My thanks also to Keith Bostic and Kirk McKu(cid:173)
`sick at the U.C. Berkeley CSRG for access to the latest"4.4BSD system.
`Finally, it is the publisher that pulls everything together and does whatever is
`required to deliver the final product to the readers. This all revolves around the editor,
`and John Wait is simply the best there is. Working with John and the rest of the profes(cid:173)
`sionals at Addison-Wesley is a pleasure. Their professionalism and attention to detail
`show in the end result.
`·
`Camera-ready copy of the book was produced by the author, a Troff die-hard, using
`the Groff package written by James Clark. I welcome electronic mail from any readers
`with comments, suggestions, or bug fixes.
`Tucson, Arizona
`October 1993
`
`W. Richard Stevens
`rstevens@noao.edu
`http://www.noao.edu/-rstevens
`
`Juniper Ex. 1030-p. 22
`Juniper v Implicit
`
`

`

`7
`
`Introduction
`
`1.1
`
`Introduction
`
`The TCP /IP protocol suite allows computers of all sizes, from