Business Data Commun.docx

�
� �
�
�
� �
�
Business Data Communications
and Networking
Thirteenth Edition
Jerry Fi tzGerald
Jerry FitzGerald & Associates
Alan Dennis
Indiana University
Alexandra Durcikova
University of Oklahoma

�
� �
�
ACQUISITIONS EDITOR Darren Lalonde
EDITORIAL MANAGER Gladys Soto
CONTENT MANAGEMENT DIRECTOR Lisa Wojcik
CONTENT MANAGER Nichole Urban
SENIOR CONTENT SPECIALIST Nicole Repasky
PRODUCTION EDITOR Padmapriya Soundararajan
PHOTO RESEARCHER Billy Ray
COVER PHOTO CREDIT © Wright Studio/Shutterstock
This book was set in 10/12, Minion Pro by SPi Global and
printed and bound by Strategic Content Imaging.
Founded in 1807, John Wiley & Sons, Inc. has been a valued
source of knowledge and understanding for more than
200 years, helping people around the world meet their needs and
fulfill their aspirations. Our company is built on a foun-
dation of principles that include responsibility to the
communities we serve and where we live and work. In 2008, we
launched a Corporate Citizenship Initiative, a global effort to
address the environmental, social, economic, and ethical
challenges we face in our business. Among the issues we are
addressing are carbon impact, paper specifications and pro-
curement, ethical conduct within our business and among our
vendors, and community and charitable support. For more
information, please visit our website:
www.wiley.com/go/citizenship.
Copyright © 2017, 2015, 2012, 2009, 2007 John Wiley & Sons,
Inc. All rights reserved. No part of this publication may be
reproduced, stored in a retrieval system, or transmitted in any

form or by any means, electronic, mechanical, photocopying,
recording, scanning or otherwise, except as permitted under
Sections 107 or 108 of the 1976 United States Copyright Act,
without either the prior written permission of the Publisher, or
authorization through payment of the appropriate per-copy
fee to the Copyright Clearance Center, Inc., 222 Rosewood
Drive, Danvers, MA 01923 (Web site: www.copyright.com).
Requests to the Publisher for permission should be addressed to
the Permissions Department, John Wiley & Sons, Inc., 111
River Street, Hoboken, NJ 07030-5774, (201) 748-6011, fax
(201) 748-6008, or online at: www.wiley.com/go/permissions.
Evaluation copies are provided to qualified academics and
professionals for review purposes only, for use in their courses
during the next academic year. These copies are licensed and
may not be sold or transferred to a third party. Upon com-
pletion of the review period, please return the evaluation copy
to Wiley. Return instructions and a free of charge return
shipping label are available at: www.wiley.com/go/returnlabel.
If you have chosen to adopt this textbook for use in your
course, please accept this book as your complimentary desk
copy. Outside of the United States, please contact your local
sales representative.
ISBN: 978-1-119-36883-0 (PBK)
ISBN: 978-1-119-36885-4 (EVALC)
Library of Congress Cataloging in Publication Data:
LCCN: 2017042819
The inside back cover will contain printing identification and
country of origin if omitted from this page. In addition, if
the ISBN on the back cover differs from the ISBN on this page,
the one on the back cover is correct.

�
� �
�
To my son Alec,
Alan
To all curious minds who want to know how
today’s modern world works.
Alexandra
�
� �
�
�
� �
�
ABOUT THE AUTHORS
Alan Dennis is a Fellow of the Association for Information
Systems and a professor of
information systems in the Kelley School of Business at Indiana

University. He holds the John T.
Chambers Chair in Internet Systems, which was established to
honor John Chambers, president
and chief executive officer of Cisco Systems, the worldwide
leader of networking technologies for
the Internet.
Prior to joining Indiana University, Alan spent nine years as a
professor at the University of
Georgia, where he won the Richard B. Russell Award for
Excellence in Undergraduate Teaching.
He has a bachelor’s degree in computer science from Acadia
University in Nova Scotia, Canada,
and an MBA from Queen’s University in Ontario, Canada. His
PhD in management of information
systems is from the University of Arizona. Prior to entering the
Arizona doctoral program, he
spent three years on the faculty of the Queen’s School of
Business.
Alan has extensive experience in the development and
application of groupware and Internet
technologies and co-founded Courseload, an electronic textbook
company whose goal is to
improve learning and reduce the cost of textbooks. He has won
many awards for theoretical and
applied research and has published more than 150 business and
research articles, including those
in Management Science, MIS Quarterly, Information Systems
Research, Academy of Management
Journal, Organization Behavior and Human Decision Making,
Journal of Applied Psychology,
Communications of the ACM, and IEEE Transactions of
Systems, Man, and Cybernetics. His first
book was Getting Started with Microcomputers, published in
1986. Alan is also an author of two

systems analysis and design books published by Wiley. He is
the cochair of the Internet Tech-
nologies Track of the Hawaii International Conference on
System Sciences. He has served as a
consultant to BellSouth, Boeing, IBM, Hughes Missile Systems,
the U.S. Department of Defense,
and the Australian Army.
Alexandra Durcikova is an Assistant Professor at the Price
College of Business, University of
Oklahoma. Alexandra has a PhD in management information
systems from the University
of Pittsburgh. She has earned an MSc degree in solid state
physics from Comenius University,
Bratislava, worked as an experimental physics researcher in the
area of superconductivity and
as an instructor of executive MBA students prior to pursuing
her PhD. Alexandra’s research
interests include knowledge management and knowledge
management systems, the role of
organizational climate in the use of knowledge management
systems, knowledge management
system characteristics, governance mechanisms in the use of
knowledge management systems,
and human compliance with security policy and characteristics
of successful phishing attempts
within the area of network security. Her research appears in
Information Systems Research, MIS
Quarterly, Journal of Management Information Systems,
Information Systems Journal, Journal
of Organizational and End User Computing, International
Journal of Human-Computer Studies,
International Journal of Human-Computer Studies, and
Communications of the ACM.
Alexandra has been teaching business data communications to

both undergraduate and grad-
uate students for several years. In addition, she has been
teaching classes on information technol-
ogy strategy and most recently won the Dean’s Award for
Undergraduate Teaching Excellence
while teaching at the University of Arizona.
Dr. Jerry FitzGerald wrote the early editions of this book in the
1980s. At the time, he was the
principal in Jerry FitzGerald & Associates, a firm he started in
1977.
v
�
� �
�
PREFACE
The field of data communications has grown faster and become
more important than computer
processing itself. Though they go hand in hand, the ability to
communicate and connect with other
computers and mobile devices is what makes or breaks a
business today. There are three trends that
support this notion. First, the wireless LAN and Bring-Your-
Own-Device (BYOD) allow us to stay
connected not only with the workplace but also with family and
friends. Second, computers and
networks are becoming an essential part of not only computers
but also devices we use for other

purpose, such as home appliances. This Internet of things allows
you to set the thermostat in your
home from your mobile phone, can help you cook a dinner, or
eventually can allow you to drive
to work without ever touching the steering wheel. Lastly, we
see that a lot of life is moving online.
At first this started with games, but education, politics, and
activism followed swiftly. Therefore,
understanding how networks work; how they should be set up to
support scalability, mobility,
and security; and how to manage them is of utmost importance
to any business. This need will
call not only for engineers who deeply understand the technical
aspects of networks but also for
highly social individuals who embrace technology in creative
ways to allow business to achieve
a competitive edge through utilizing this technology. So the call
is for you who are reading this
book—you are at the right place at the right time!
PURPOSE OF THIS BOOK
Our goal is to combine the fundamental concepts of data
communications and networking with
practical applications. Although technologies and applications
change rapidly, the fundamental
concepts evolve much more slowly; they provide the foundation
from which new technologies
and applications can be understood, evaluated, and compared.
This book has two intended audiences. First and foremost, it is a
university textbook. Each
chapter introduces, describes, and then summarizes fundamental
concepts and applications. Man-
agement Focus boxes highlight key issues and describe how
networks are actually being used
today. Technical Focus boxes highlight key technical issues and

provide additional detail. Mini
case studies at the end of each chapter provide the opportunity
to apply these technical and man-
agement concepts. Hands-on exercises help to reinforce the
concepts introduced in the chapter.
Moreover, the text is accompanied by a detailed Instructor’s
Manual that provides additional back-
ground information, teaching tips, and sources of material for
student exercises, assignments, and
exams. Finally, our Web page contains supplements to our book.
Second, this book is intended for the professional who works in
data communications and
networking. The book has many detailed descriptions of the
technical aspects of communica-
tions from a business perspective. Moreover, managerial,
technical, and sales personnel can use
this book to gain a better understanding of fundamental
concepts and trade-offs not presented in
technical books or product summaries.
vi
�
� �
�
Preface vii
WHAT’S NEW IN THIS EDITION
The thirteenth edition maintains the three main themes of the
twelfth edition, namely, (1) how

networks work (Chapters 1–5); (2) network technologies
(Chapters 6–10); and (3) network secu-
rity and management (Chapters 11 and 12). In the new edition,
we removed older technologies
and replaced them with new ones. Accordingly, new hands-on
activities and questions have been
added at the end of each chapter that guide students in
understanding how to select technolo-
gies to build a network that would support an organization’s
business needs. In addition to this
overarching change, the thirteenth edition has three major
changes from the twelfth edition:
First, at the end of each chapter, we provide key implications
for cyber security that arise from
the topics discussed in the chapter. We draw implications that
focus on improving the management
of networks and information systems as well as implications for
cyber security of an individual
and an organization.
The second major change is that in Chapter 5 we have revised
the way we explain how TCP/IP
works to make it clearer and more streamlined.
Third, we have revised the security chapter (Chapter 11) to
consider some of the newer threats
and responses.
LAB EXERCISES
www.wiley.com/college/fitzgerald
This edition includes an online lab manual with many hands-on
exercises that can be used in a
networking lab. These exercises include configuring servers and
other additional practical topics.

ONLINE SUPPLEMENTS FOR INSTRUCTORS
www.wiley.com/college/fitzgerald
Instructor’s supplements comprise an Instructor’s Manual that
includes teaching tips, war
stories, and answers to end-of-chapter questions; a Test Bank
that includes true-false, multiple
choice, short answer, and essay test questions for each chapter;
and Lecture Slides in PowerPoint
for classroom presentations. All are available on the instructor’s
book companion site.
E-BOOK
Wiley E-Text: Powered by VitalSource offers students
continuing access to materials for their
course. Your students can access content on a mobile device,
online from any Internet-connected
computer, or by a computer via download. With dynamic
features built into this e-text, students
can search across content, highlight, and take notes that they
can share with teachers and
classmates. Readers will also have access to interactive images
and embedded podcasts. Visit
www.wiley.com/college/fitzgerald for more information.
http://www.wiley.com/college/fitzgerald
�
� �
�

viii Preface
ACKNOWLEDGMENTS
Our thanks to the many people who helped in preparing this
edition. Specifically, we want to thank
the staff at John Wiley & Sons for their support.
Alan Dennis
Bloomington, Indiana
www.kelley.indiana.edu/ardennis
Alexandra Durcikova
Norman, Oklahoma
http://www.ou.edu/price/mis/people/alexandra_durcikova.html
�
� �
�
CONTENTS
About the Authors v
Preface vi
PART ONE
INTRODUCTION 1
Chapter 1
Introduction to Data
Communications 1

1.1 Introduction 1
1.2 Data Communications Networks 4
1.2.1 Components of a Network 4
1.2.2 Types of Networks 5
1.3 Network Models 7
1.3.1 Open Systems Interconnection
Reference Model 7
1.3.2 Internet Model 9
1.3.3 Message Transmission Using
Layers 10
1.4 Network Standards 13
1.4.1 The Importance of Standards 13
1.4.2 The Standards-Making Process 13
1.4.3 Common Standards 15
1.5 Future Trends 16
1.5.1 Wireless LAN and BYOD 16
1.5.2 The Internet of Things 17
1.5.3 Massively Online 17
1.6 Implications for Cyber Security 18
PART TWO
FUNDAMENTAL CONCEPTS 25
Chapter 2
Application Layer 25
2.1 Introduction 25
2.2 Application Architectures 26
2.2.1 Host-Based Architectures 27

2.2.2 Client-Based Architectures 28
2.2.3 Client-Server Architectures 28
2.2.4 Cloud Computing Architectures 31
2.2.5 Peer-to-Peer Architectures 33
2.2.6 Choosing Architectures 34
2.3 World Wide Web 35
2.3.1 How the Web Works 35
2.3.2 Inside an HTTP Request 36
2.3.3 Inside an HTTP Response 37
2.4 Electronic Mail 39
2.4.1 How Email Works 39
2.4.2 Inside an SMTP Packet 42
2.4.3 Attachments in Multipurpose Internet
Mail Extension 43
2.5 Other Applications 43
2.5.1 Telnet 44
2.5.2 Instant Messaging 45
2.5.3 Videoconferencing 45
Chapter 3
Physical Layer 57
3.1 Introduction 57
3.2 Circuits 59
3.2.1 Circuit Configuration 59
3.2.2 Data Flow 60
3.2.3 Multiplexing 60
3.3 Communication Media 63

3.3.1 Twisted Pair Cable 63
3.3.2 Coaxial Cable 64
3.3.3 Fiber-Optic Cable 64
3.3.4 Radio 65
3.3.5 Microwave 66
3.3.6 Satellite 66
3.3.7 Media Selection 68
3.4 Digital Transmission of Digital Data 69
3.4.1 Coding 69
3.4.2 Transmission Modes 69
ix
�
� �
�
x Contents
3.4.3 Digital Transmission 71
3.4.4 How Ethernet Transmits Data 72
3.5 Analog Transmission of Digital Data 73
3.5.1 Modulation 73
3.5.2 Capacity of a Circuit 76
3.5.3 How Modems Transmit Data 76
3.6 Digital Transmission of Analog Data 77
3.6.1 Translating from Analog to Digital 77
3.6.2 How Telephones Transmit Voice

Data 77
3.6.3 How Instant Messenger Transmits
Voice Data 79
3.6.4 Voice over Internet Protocol
(VoIP) 80
Chapter 4
Data Link Layer 88
4.1 Introduction 88
4.2 Media Access Control 89
4.2.1 Contention 89
4.2.2 Controlled Access 89
4.2.3 Relative Performance 90
4.3 Error Control 91
4.3.1 Sources of Errors 91
4.3.2 Error Prevention 93
4.3.3 Error Detection 94
4.3.4 Error Correction via
Retransmission 95
4.3.5 Forward Error Correction 95
4.3.6 Error Control in Practice 97
4.4 Data Link Protocols 97
4.4.1 Asynchronous Transmission 97
4.4.2 Synchronous Transmission 98
4.5 Transmission Efficiency 101

Chapter 5
NETWORK AND TRANSPORT
LAYERS 110
5.1 Introduction 110
5.2 Transport and Network Layer Protocols 112
5.2.1 Transmission Control Protocol
(TCP) 112
5.2.2 Internet Protocol (IP) 113
5.3 Transport Layer Functions 114
5.3.1 Linking to the Application Layer 114
5.3.2 Segmenting 115
5.3.3 Session Management 116
5.4 Addressing 119
5.4.1 Assigning Addresses 120
5.4.2 Address Resolution 125
5.5 Routing 127
5.5.1 Types of Routing 128
5.5.2 Routing Protocols 130
5.5.3 Multicasting 132
5.5.4 The Anatomy of a Router 133
5.6 TCP/IP Example 134
5.6.1 Known Addresses 136
5.6.2 Unknown Addresses 137
5.6.3 TCP Connections 138
5.6.4 TCP/IP and Network Layers 139
PART THREE

NETWORK TECHNOLOGIES
159
Chapter 6
Network Design 159
6.1.1 Network Architecture
Components 159
6.1.2 The Traditional Network Design
Process 161
6.1.3 The Building-Block Network Design
Process 162
6.2 Needs Analysis 164
6.2.1 Network Architecture
Component 165
6.2.2 Application Systems 166
6.2.3 Network Users 166
6.2.4 Categorizing Network Needs 166
6.2.5 Deliverables 167
6.3 Technology Design 168
6.3.1 Designing Clients and Servers 168
6.3.2 Designing Circuits 168
6.3.3 Network Design Tools 170
6.4 Cost Assessment 171
6.4.1 Request for Proposal 171

�
� �
�
Contents xi
6.4.2 Selling the Proposal to
Management 173
Chapter 7
Wired and Wireless Local Area
Networks 177
7.2 LAN Components 178
7.2.1 Network Interface Cards 179
7.2.2 Network Circuits 179
7.2.3 Network Hubs, Switches, and Access
Points 180
7.2.4 Network Operating Systems 183
7.3 Wired Ethernet 184
7.3.1 Topology 184
7.3.2 Media Access Control 187
7.3.3 Types of Ethernet 188
7.4 Wireless Ethernet 189
7.4.1 Topology 189
7.4.2 Media Access Control 189

7.4.3 Wireless Ethernet Frame Layout 190
7.4.4 Types of Wireless Ethernet 191
7.4.5 Security 192
7.5 The Best Practice LAN Design 193
7.5.1 Designing User Access with Wired
Ethernet 194
7.5.2 Designing User Access with Wireless
Ethernet 195
7.5.3 Designing the Data Center 197
7.5.4 Designing the e-Commerce Edge 199
7.5.5 Designing the SOHO
Environment 200
7.6 Improving LAN Performance 202
7.6.1 Improving Server Performance 203
7.6.2 Improving Circuit Capacity 204
7.6.3 Reducing Network Demand 204
Chapter 8
Backbone Networks 214
8.2 Switched Backbones 215
8.3 Routed Backbones 218
8.4 Virtual LANs 221
8.4.1 Benefits of VLANs 221
8.4.2 How VLANs Work 223
8.5 The Best Practice Backbone Design 226

8.6 Improving Backbone Performance 227
8.6.1 Improving Device Performance 227
Chapter 9
Wide Area Networks 237
9.2 Dedicated-Circuit Networks 238
9.2.1 Basic Architecture 238
9.2.2 T-Carrier Services 241
9.2.3 SONET Services 243
9.3 Packet-Switched Networks 243
9.3.2 Frame Relay Services 245
9.3.3 IP Services 246
9.3.4 Ethernet Services 246
9.4 Virtual Private Networks 247
9.4.2 VPN Types 248
9.4.3 How VPNs Work 248
9.5 The Best Practice WAN Design 251
9.6 Improving WAN Performance 252
9.6.1 Improving Device Performance 252

Chapter 10
The Internet 265
10.2 How the Internet Works 266
10.2.2 Connecting to an ISP 268
10.2.3 The Internet Today 269
10.3 Internet Access Technologies 270
10.3.1 Digital Subscriber Line 270
10.3.2 Cable Modem 271
10.3.3 Fiber to the Home 273
10.3.4 WiMax 274
�
� �
�
xii Contents
10.4 The Future of the Internet 274
10.4.1 Internet Governance 274
10.4.2 Building the Future 276
PART FOUR
NETWORK MANAGEMENT 284

Chapter 11
Network Security 284
11.1.1 Why Networks Need Security 286
11.1.2 Types of Security Threats 286
11.1.3 Network Controls 287
11.2 Risk Assessment 288
11.2.1 Develop Risk Measurement
Criteria 289
11.2.2 Inventory IT Assets 290
11.2.3 Identify Threats 291
11.2.4 Document Existing Controls 293
11.2.5 Identify Improvements 296
11.3 Ensuring Business Continuity 296
11.3.1 Virus Protection 296
11.3.2 Denial-of-Service Protection 297
11.3.3 Theft Protection 300
11.3.4 Device Failure Protection 301
11.3.5 Disaster Protection 302
11.4 Intrusion Prevention 305
11.4.1 Security Policy 306
11.4.2 Perimeter Security and Firewalls 306
11.4.3 Server and Client Protection 312
11.4.4 Encryption 315
11.4.5 User Authentication 321
11.4.6 Preventing Social Engineering 324
11.4.7 Intrusion Prevention Systems 325
11.4.8 Intrusion Recovery 327

11.5 Best Practice Recommendations 328
11.6 Implications for Your Cyber Security 330
Chapter 12
Network Management 340
12.2 Designing for Network Performance 341
12.2.1 Managed Networks 341
12.2.2 Managing Network Traffic 345
12.2.3 Reducing Network Traffic 346
12.3 Configuration Management 349
12.3.1 Configuring the Network and Client
Computers 349
12.3.2 Documenting the Configuration
350
12.4 Performance and Fault Management 351
12.4.1 Network Monitoring 351
12.4.2 Failure Control Function 353
12.4.3 Performance and Failure
Statistics 355
12.4.4 Improving Performance 358
12.5 End User Support 358
12.5.1 Resolving Problems 358
12.5.2 Providing End User Training 360
12.6 Cost Management 360
12.6.1 Sources of Costs 360
12.6.2 Reducing Costs 363

Appendices (Online)
Glossary (Online)
Index 373
�
� �
�
PART ONE INTRODUCTION
C H A P T E R 1
INTRODUCTION TO DATA
COMMUNICATIONS
This chapter introduces the basic concepts of data
communications. It describes why it is impor-
tant to study data communications and introduces you to the
three fundamental questions that
this book answers. Next, it discusses the basic types and
components of a data communications
network. Also, it examines the importance of a network model
based on layers. Finally, it describes
the three key trends in the future of networking.
OBJECTIVES ◾ Be aware of the three fundamental questions
this book answers
◾ Be aware of the applications of data communications
networks

◾ Be familiar with the major components of and types of
networks
◾ Understand the role of network layers
◾ Be familiar with the role of network standards
◾ Be aware of cyber security issues
◾ Be aware of three key trends in communications and
networking
OUTLINE 1.1 Introduction
1.2 Data Communications Networks
1.2.1 Components of a Network
1.2.2 Types of Networks
1.3 Network Models
1.3.1 Open Systems Interconnection
Reference Model
1.3.2 Internet Model
1.3.3 Message Transmission Using Layers
1.4 Network Standards
1.4.1 The Importance of Standards
1.4.2 The Standards-Making Process
1.4.3 Common Standards
1.5 Future Trends
1.5.1 Wireless LAN and BYOD
1.5.2 The Internet of Things
1.5.3 Massively Online
1.6 Implications for Cyber Security
Summary
1.1 INTRODUCTION

What Internet connection should you use? Cable modem or DSL
(formally called Digital Sub-
scriber Line)? Cable modems are supposedly faster than DSL,
providing data speeds of 50 Mbps
to DSL’s 1.5–25 Mbps (million bits per second). One cable
company used a tortoise to represent
DSL in advertisements. So which is faster? We’ll give you a
hint. Which won the race in the fable,
the tortoise or the hare? By the time you finish this book, you’ll
understand which is faster and why,
as well as why choosing the right company as your Internet
service provider (ISP) is probably
more important than choosing the right technology.
Over the past decade or so, it has become clear that the world
has changed forever. We con-
tinue to forge our way through the Information Age—the second
Industrial Revolution, according
1
�
� �
�
2 Chapter 1 Introduction to Data Communications
to John Chambers, CEO (chief executive officer) of Cisco
Systems, Inc., one of the world’s leading
networking technology companies. The first Industrial
Revolution revolutionized the way people
worked by introducing machines and new organizational forms.

New companies and industries
emerged, and old ones died off.
The second Industrial Revolution is revolutionizing the way
people work through network-
ing and data communications. The value of a high-speed data
communications network is that
it brings people together in a way never before possible. In the
1800s, it took several weeks for
a message to reach North America by ship from England. By the
1900s, it could be transmitted
within an hour. Today, it can be transmitted in seconds.
Collapsing the information lag to Internet
speeds means that people can communicate and access
information anywhere in the world regard-
less of their physical location. In fact, today’s problem is that
we cannot handle the quantities of
information we receive.
Data communications and networking is a truly global area of
study, both because the
technology enables global communication and because new
technologies and applications often
emerge from a variety of countries and spread rapidly around
the world. The World Wide Web,
for example, was born in a Swiss research lab, was nurtured
through its first years primarily by
European universities, and exploded into mainstream popular
culture because of a development
at an American research lab.
One of the problems in studying a global phenomenon lies in
explaining the different polit-
ical and regulatory issues that have evolved and currently exist
in different parts of the world.
Rather than attempt to explain the different paths taken by

different countries, we have chosen
simplicity instead. Historically, the majority of readers of
previous editions of this book have come
from North America. Therefore, although we retain a global
focus on technology and its business
implications, we focus mostly on North America.
This book answers three fundamental questions.
First, how does the Internet work? When you access a website
using your computer, laptop,
iPad, or smartphone, what happens so that the page opens in
your Web browser? This is the focus
in Chapters 1–5. The short answer is that the software on your
computer (or any device) creates
a message composed in different software languages (HTTP,
TCP/IP, and Ethernet are common)
that requests the page you clicked. This message is then broken
up into a series of smaller parts
that we call packets. Each packet is transmitted to the nearest
router, which is a special-purpose
computer whose primary job is to find the best route for these
packets to their final destination.
The packets move from router to router over the Internet until
they reach the Web server, which
puts the packets back together into the same message that your
computer created. The Web server
reads your request and then sends the page back to you in the
same way—by composing a message
using HTTP, TCP/IP, and Ethernet and then sending it as a
series of smaller packets back through
the Internet that the software on your computer puts together
into the page you requested. You
might have heard a news story that the U.S. or Chinese
government can read your email or see
what websites you’re visiting. A more shocking truth is that the

person sitting next you at a coffee
shop might be doing exactly the same thing—reading all the
packets that come from or go to your
laptop. How is this possible, you ask? After finishing Chapter 5,
you will know exactly how this is
possible.
Second, how do I design a network? This is the focus of
Chapters 6–10. We often think about
networks in four layers. The first layer is the Local Area
Network, or the LAN (either wired or
wireless), which enables users like you and me to access the
network. The second is the backbone
network that connects the different LANs within a building. The
third is the core network that
connects different buildings on a company’s campus. The final
layer is connections we have to
the other campuses within the organization and to the Internet.
Each of these layers has slightly
different concerns, so the way we design networks for them and
the technologies we use are
�
� �
�
Introduction 3
slightly different. Although this describes the standard for
building corporate networks, you will
have a much better understanding of how your wireless router at
home works. Perhaps more

importantly, you’ll learn why buying the newest and fastest
wireless router for your house or apart-
ment is probably not a good way to spend your money.
Finally, how do I manage my network to make sure it is secure,
provides good performance,
and doesn’t cost too much? This is the focus of Chapters 11 and
12. Would it surprise you to learn
that most companies spend between $1,500 and $3,500 per
computer per year on network man-
agement and security? Yup, we spend way more on network
management and security each year
than we spend to buy the computer in the first place. And that’s
for well-run networks; poorly run
networks cost a lot more. Many people think network security is
a technical problem, and, to some
extent, it is. However, the things people do and don’t do cause
more security risks than not hav-
ing the latest technology. According to Symantec, one of the
leading companies that sell antivirus
software, about half of all security threats are not prevented by
their software. These threats are
called targeted attacks, such as phishing attacks (which are
emails that look real but instead take
you to fake websites) or ransomware (software apps that appear
to be useful but actually lock your
computer and demand a payment to unlock it). Therefore,
network management is as much a
people management issue as it is a technology management
issue.
By the time you finish this book, you’ll understand how
networks work, how to design net-
works, and how to manage networks. You won’t be an expert,
but you’ll be ready to enter an
organization or move on to more advanced courses.

MANAGEMENT
FOCUS
1-1 Career Opportunities
It’s a great time to be in information technology (IT)!
The technology-fueled new economy has dramatically
increased the demand for skilled IT professionals. Accord-
ing to the U.S. Bureau of Labor Statistics and Career Profiles
(http://www.careerprofiles.info), 2 out of 10 fastest grow-
ing occupations are computer network administrator and
computer systems analyst, which is expected to grow by
22% over the next 10 years with an annual median salary
of $72,500—not counting bonuses. There are two reasons
for this growth. First, companies have to continuously
upgrade their networks and thus need skilled employees to
support their expanding IT infrastructure. Second, people
are spending more time on their mobile devices, and
because employers are allowing them to use these personal
devices at work (i.e., BYOD, or bring your own device),
the network infrastructure has to support the data that flow
from these devices as well as to make sure that they don’t
pose a security risk.
With a few years of experience, there is the possibility
to work as an information systems manager, for which the
median annual pay is as high as $117,780. An information
systems manager plans, coordinates, and directs IT-related
activities in such a way that they can fully support the
goals of any business. Thus, this job requires a good
understanding not only of the business but also of the
technology so that appropriate and reliable technology can
be implemented at a reasonable cost to keep everything

operating smoothly and to guard against cybercriminals.
Because of the expanding job market for IT and
networking-related jobs, certifications become important.
Most large vendors of network technologies, such as the
Microsoft Corporation and Cisco Systems Inc., provide
certification processes (usually a series of courses and
formal exams) so that individuals can document their
knowledge. Certified network professionals often earn
$10,000 to $15,000 more than similarly skilled uncertified
professionals—provided that they continue to learn and
maintain their certification as new technologies emerge.
Adapted from: http://jobs.aol.com, “In Demand Careers
That Pay $100,00 a Year or More”; www.careerpath.com,
“Today’s 20 Fastest-Growing Occupations”; www.cnn.com,
“30 Jobs Needing Most Workers in Next Decade,”
http://www.careerprofiles.info/top-careers.html.
�
� �
�
1.2 DATA COMMUNICATIONS NETWORKS
Data communications is the movement of computer information
from one point to another
by means of electrical or optical transmission systems. Such
systems are often called data
communications networks. This is in contrast to the broader
term telecommunications, which

includes the transmission of voice and video (images and
graphics) as well as data and usually
implies longer distances. In general, data communications
networks collect data from personal
computers and other devices and transmit those data to a central
server that is a more powerful
personal computer, minicomputer, or mainframe, or they
perform the reverse process, or some
combination of the two. Data communications networks
facilitate more efficient use of computers
and improve the day-to-day control of a business by providing
faster information flow. They also
provide message transfer services to allow computer users to
talk to one another via email, chat,
and video streaming.
TECHNICAL
FOCUS
1-1 Internet Domain Names
Internet address names are strictly controlled; otherwise,
someone could add a computer to the Internet that had
the same address as another computer. Each address name
has two parts, the computer name and its domain. The
general format of an Internet address is therefore com-
puter.domain. Some computer names have several parts
separated by periods, so some addresses have the format
computer.computer.computer.domain. For example, the
main university Web server at Indiana University (IU) is
called www.indiana.edu, whereas the Web server for the
Kelley School of Business at IU is www.kelley.indiana.edu.
Since the Internet began in the United States, the
American address board was the first to assign domain

names to indicate types of organizations. Some common
U.S. domain names are as follows:
EDU for an educational institution, usually a
university
COM for a commercial business
GOV for a government department or agency
MIL for a military unit
ORG for a nonprofit organization
As networks in other countries were connected to the
Internet, they were assigned their own domain names.
Some international domain names are as follows:
CA for Canada
AU for Australia
UK for the United Kingdom
DE for Germany
New top-level domains that focus on specific types
of businesses continue to be introduced, such as the
following:
AERO for aerospace companies
MUSEUM for museums
NAME for individuals
PRO for professionals, such as
accountants and lawyers
BIZ for businesses
Many international domains structure their addresses
in much the same way as the United States does. For
example, Australia uses EDU to indicate academic institu-
tions, so an address such as xyz.edu.au would indicate an

Australian university.
For a full list of domain names, see
www.iana.org/domains/root/db.
1.2.1 Components of a Network
There are three basic hardware components for a data
communications network: a server
(e.g., personal computer, mainframe), a client (e.g., personal
computer, terminal), and a
circuit (e.g., cable, modem) over which messages flow. Both the
server and client also need
special-purpose network software that enables them to
communicate.
�
� �
�
Data Communications Networks 5
File
server
Web
server
Mail
server
Client
computers

Wireless
access
point
Printer
Client
computers
To other networks
(e.g., the Internet)
SwitchSwitch
Router
FIGURE 1-1 Example of a local area network (LAN)
The server stores data or software that can be accessed by the
clients. In client–server com-
puting, several servers may work together over the network with
a client computer to support the
business application.
The client is the input–output hardware device at the user’s end
of a communication circuit.
It typically provides users with access to the network and the
data and software on the server.
The circuit is the pathway through which the messages travel. It
is typically a copper wire,
although fiber-optic cable and wireless transmission are
becoming common. There are many
devices in the circuit that perform special functions such as
switches and routers.

Strictly speaking, a network does not need a server. Some
networks are designed to connect
a set of similar computers that share their data and software
with each other. Such networks are
called peer-to-peer networks because the computers function as
equals, rather than relying on a
central server to store the needed data and software.
Figure 1-1 shows a small network that has several personal
computers (clients) connected
through a switch and cables (circuit) and wirelessly through a
wireless access point(AP). In this
network, messages move through the switch to and from the
computers. The router is a special
device that connects two or more networks. The router enables
computers on this network to
communicate with computers on the same network or on other
networks (e.g., the Internet).
The network in Figure 1-1 has three servers. Although one
server can perform many
functions, networks are often designed so that a separate
computer is used to provide different
services. The file server stores data and software that can be
used by computers on the network.
The Web server stores documents and graphics that can be
accessed from any Web browser,
such as Internet Explorer. The Web server can respond to
requests from computers on this net-
work or any computer on the Internet. The mail server handles
and delivers email over the
network. Servers are usually personal computers (often more
powerful than the other personal
computers on the network) but may be mainframes too.

1.2.2 Types of Networks
There are many different ways to categorize networks. One of
the most common ways is to look
at the geographic scope of the network. Figure 1-2 illustrates
three types of networks: local area
�
� �
�
Records
building
Hangars
Fire
station
Flight
building
Runway
checkout
Backbone network (BN) at the McClellan Air
Force Base—one node of the Sacramento
metropolitan area network (MAN).
Gateway to Sacramento

metropolitan area network
Main
gate
Records
Local area network (LAN) at the Records Building—one node
of the McClellan Air Force Base backbone network (BN).
Web server
Router
Switch
Wide area network (WAN) showing Sacramento
connected to nine other cities throughout the United States.
Evanston, Ill.
Miami, Fla.
Houston, Tex.
Phoenix, Ariz.
Sacramento, Calif.
(Capitol)
Portland, Oreg.
Seattle, Wash.
Golden, Colo.
Ontario, N.Y.

Sudbury, Mass.
FIGURE 1-2 The hierarchical relationship of a LAN to a BN to
a WAN.
BAN = backbone network; LAN = local area network; WAN =
wide area network
networks (LANs), backbone networks (BNs), and wide area
networks (WANs). The distinctions
among these are becoming blurry because some network
technologies now used in LANs were
originally developed for WANs, and vice versa. Any rigid
classification of technologies is certain
to have exceptions.
A local area network (LAN) is a group of computers located in
the same general area.
A LAN covers a clearly defined small area, such as one floor or
work area, a single building,
or a group of buildings. The upper-left diagram in Figure 1-2
shows a small LAN located in
the records building at the former McClellan Air Force Base in
Sacramento. LANs support
high-speed data transmission compared with standard telephone
circuits, commonly operating
100 million bits per second (100 Mbps). LANs and wireless
LANs are discussed in detail in
Chapter 6.
Most LANs are connected to a backbone network (BN), a larger,
central network connecting
several LANs, other BNs, MANs, and WANs. BNs typically
span from hundreds of feet to several
miles and provide very high-speed data transmission, commonly
100–1,000 Mbps. The second

diagram in Figure 1-2 shows a BN that connects the LANs
located in several buildings at McClellan
Air Force Base. BNs are discussed in detail in Chapter 7.
�
� �
�
Network Models 7
Wide area networks (WANs) connect BNs and MANs (see
Figure 1-2). Most organizations
do not build their own WANs by laying cable, building
microwave towers, or sending up satellites
(unless they have unusually heavy data transmission needs or
highly specialized requirements,
such as those of the Department of Defense). Instead, most
organizations lease circuits from
IXCs (e.g., AT&T, Sprint) and use those to transmit their data.
WAN circuits provided by IXCs
come in all types and sizes but typically span hundreds or
thousands of miles and provide data
transmission rates from 64 Kbps to 10 Gbps. WANs are
discussed in detail in Chapter 8.
Two other common terms are intranets and extranets. An
intranet is a LAN that uses the
same technologies as the Internet (e.g., Web servers, Java,
HTML [Hypertext Markup Language])
but is open to only those inside the organization. For example,
although some pages on a Web
server may be open to the public and accessible by anyone on

the Internet, some pages may be on
an intranet and therefore hidden from those who connect to the
Web server from the Internet at
large. Sometimes, an intranet is provided by a completely
separate Web server hidden from the
Internet. The intranet for the Information Systems Department
at Indiana University, for example,
provides information on faculty expense budgets, class
scheduling for future semesters (e.g., room,
instructor), and discussion forums.
An extranet is similar to an intranet in that it, too, uses the same
technologies as the Internet
but instead is provided to invited users outside the organization
who access it over the Internet.
It can provide access to information services, inventories, and
other internal organizational
databases that are provided only to customers, suppliers, or
those who have paid for access.
Typically, users are given passwords to gain access, but more
sophisticated technologies such as
smart cards or special software may also be required. Many
universities provide extranets for
Web-based courses so that only those students enrolled in the
course can access course materials
and discussions.
1.3 NETWORK MODELS
There are many ways to describe and analyze data
communications networks. All networks pro-
vide the same basic functions to transfer a message from sender
to receiver, but each network can
use different network hardware and software to provide these
functions. All of these hardware and
software products have to work together to successfully transfer
a message.

One way to accomplish this is to break the entire set of
communications functions into a series
of layers, each of which can be defined separately. In this way,
vendors can develop software and
hardware to provide the functions of each layer separately. The
software or hardware can work in
any manner and can be easily updated and improved, as long as
the interface between that layer
and the ones around it remains unchanged. Each piece of
hardware and software can then work
together in the overall network.
There are many different ways in which the network layers can
be designed. The two most
important network models are the Open Systems
Interconnection Reference (OSI) model and the
Internet model. Of the two, the Internet model is the most
commonly used; few people use the
OSI model, although understand it is commonly required for
network certification exams.
1.3.1 Open Systems Interconnection Reference Model
The Open Systems Interconnection Reference model (usually
called the OSI model for short)
helped change the face of network computing. Before the OSI
model, most commercial networks
used by businesses were built using nonstandardized
technologies developed by one vendor
(remember that the Internet was in use at the time but was not
widespread and certainly was
not commercial). During the late 1970s, the International
Organization for Standardization
(ISO) created the Open System Interconnection Subcommittee,
whose task was to develop
a framework of standards for computer-to-computer

communications. In 1984, this effort
produced the OSI model.
�
� �
�
FIGURE 1-3
Network models.
OSI = Open Systems
Interconnection
Reference
OSI Model
7. Application Layer
6. Presentation Layer
5. Session Layer
4. Transport Layer
3. Network Layer
2. Data Link Layer
1. Physical Layer
Internet Model Groups of Layers

5. Application Layer
Application
Layer
Internetwork
Layer
Hardware
Layer
Examples
Internet Explorer
and Web pages
TCP/IP software
Ethernet port,
Ethernet cables,
and Ethernet
software drivers
4. Transport Layer
3. Network Layer
2. Data Link Layer
1. Physical Layer
The OSI model is the most talked about and most referred to
network model. If you choose a
career in networking, questions about the OSI model will be on

the network certification exams
offered by Microsoft, Cisco, and other vendors of network
hardware and software. However,
you will probably never use a network based on the OSI model.
Simply put, the OSI model
never caught on commercially in North America, although some
European networks use it, and
some network components developed for use in the United
States arguably use parts of it. Most
networks today use the Internet model, which is discussed in the
next section. However, because
there are many similarities between the OSI model and the
Internet model, and because most
people in networking are expected to know the OSI model, we
discuss it here. The OSI model has
seven layers (see Figure 1-3).
Layer 1: Physical Layer The physical layer is concerned
primarily with transmitting data bits
(zeros or ones) over a communication circuit. This layer defines
the rules by which ones and zeros
are transmitted, such as voltages of electricity, number of bits
sent per second, and the physical
format of the cables and connectors used.
Layer 2: Data Link Layer The data link layer manages the
physical transmission circuit in layer
1 and transforms it into a circuit that is free of transmission
errors as far as layers above are con-
cerned. Because layer 1 accepts and transmits only a raw stream
of bits without understanding
their meaning or structure, the data link layer must create and
recognize message boundaries;
that is, it must mark where a message starts and where it ends.
Another major task of layer 2 is
to solve the problems caused by damaged, lost, or duplicate

messages so the succeeding layers are
shielded from transmission errors. Thus, layer 2 performs error
detection and correction. It also
decides when a device can transmit so that two computers do
not try to transmit at the same time.
Layer 3: Network Layer The network layer performs routing. It
determines the next computer to
which the message should be sent, so it can follow the best
route through the network and finds
the full address for that computer if needed.
Layer 4: Transport Layer The transport layer deals with end-to-
end issues, such as procedures for
entering and departing from the network. It establishes,
maintains, and terminates logical connec-
tions for the transfer of data between the original sender and the
final destination of the message.
It is responsible for breaking a large data transmission into
smaller packets (if needed), ensuring
that all the packets have been received, eliminating duplicate
packets, and performing flow control
�
� �
�
Network Models 9
to ensure that no computer is overwhelmed by the number of
messages it receives. Although error
control is performed by the data link layer, the transport layer

can also perform error checking.
Layer 5: Session Layer The session layer is responsible for
managing and structuring all sessions.
Session initiation must arrange for all the desired and required
services between session partici-
pants, such as logging on to circuit equipment, transferring
files, and performing security checks.
Session termination provides an orderly way to end the session,
as well as a means to abort a
session prematurely. It may have some redundancy built in to
recover from a broken transport
(layer 4) connection in case of failure. The session layer also
handles session accounting so the
correct party receives the bill.
Layer 6: Presentation Layer The presentation layer formats the
data for presentation to the user.
Its job is to accommodate different interfaces on different
computers so the application program
need not worry about them. It is concerned with displaying,
formatting, and editing user inputs
and outputs. For example, layer 6 might perform data
compression, translation between different
data formats, and screen formatting. Any function (except those
in layers 1 through 5) that is
requested sufficiently often to warrant finding a general
solution is placed in the presentation
layer, although some of these functions can be performed by
separate hardware and software (e.g.,
encryption).
Layer 7: Application Layer The application layer is the end
user’s access to the network.
The primary purpose is to provide a set of utilities for
application programs. Each user pro-

gram determines the set of messages and any action it might
take on receipt of a message. Other
network-specific applications at this layer include network
monitoring and network management.
1.3.2 Internet Model
The network model that dominates current hardware and
software is a more simple five-layer
Internet model. Unlike the OSI model that was developed by
formal committees, the Internet
model evolved from the work of thousands of people who
developed pieces of the Internet. The
OSI model is a formal standard that is documented in one
standard, but the Internet model has
never been formally defined; it has to be interpreted from a
number of standards. The two models
have very much in common (see Figure 1-3); simply put, the
Internet model collapses the top
three OSI layers into one layer. Because it is clear that the
Internet has won the “war,” we use the
five-layer Internet model for the rest of this book.
Layer 1: The Physical Layer The physical layer in the Internet
model, as in the OSI model, is the
physical connection between the sender and receiver. Its role is
to transfer a series of electrical,
radio, or light signals through the circuit. The physical layer
includes all the hardware devices (e.g.,
computers, modems, and switches) and physical media (e.g.,
cables and satellites). The physical
layer specifies the type of connection and the electrical signals,
radio waves, or light pulses that
pass through it. Chapter 3 discusses the physical layer in detail.
Layer 2: The Data Link Layer The data link layer is responsible
for moving a message from one

computer to the next computer in the network path from the
sender to the receiver. The data link
layer in the Internet model performs the same three functions as
the data link layer in the OSI
model. First, it controls the physical layer by deciding when to
transmit messages over the media.
Second, it formats the messages by indicating where they start
and end. Third, it detects and may
correct any errors that have occurred during transmission.
Chapter 4 discusses the data link layer
in detail.
�
� �
�
Layer 3: The Network Layer The network layer in the Internet
model performs the same func-
tions as the network layer in the OSI model. First, it performs
routing, in that it selects the next
computer to which the message should be sent. Second, it can
find the address of that computer
if it doesn’t already know it. Chapter 5 discusses the network
layer in detail.
Layer 4: The Transport Layer The transport layer in the Internet
model is very similar to
the transport layer in the OSI model. It performs two functions.
First, it is responsible for
linking the application layer software to the network and

establishing end-to-end connections
between the sender and receiver when such connections are
needed. Second, it is responsible for
breaking long messages into several smaller messages to make
them easier to transmit and then
recombining the smaller messages back into the original larger
message at the receiving end. The
transport layer can also detect lost messages and request that
they be resent. Chapter 5 discusses
the transport layer in detail.
Layer 5: Application Layer The application layer is the
application software used by the net-
work user and includes much of what the OSI model contains in
the application, presentation,
and session layers. It is the user’s access to the network. By
using the application software, the user
defines what messages are sent over the network. Because it is
the layer that most people under-
stand best and because starting at the top sometimes helps
people understand better, Chapter 2
begins with the application layer. It discusses the architecture
of network applications and several
types of network application software and the types of messages
they generate.
Groups of Layers The layers in the Internet are often so closely
coupled that decisions in one layer
impose certain requirements on other layers. The data link layer
and the physical layer are closely
tied together because the data link layer controls the physical
layer in terms of when the physical
layer can transmit. Because these two layers are so closely tied
together, decisions about the data
link layer often drive the decisions about the physical layer. For
this reason, some people group the

physical and data link layers together and call them the
hardware layers. Likewise, the transport
and network layers are so closely coupled that sometimes these
layers are called the internetwork
layers. (see Figure 1-3). When you design a network, you often
think about the network design
in terms of three groups of layers: the hardware layers (physical
and data link), the internetwork
layers (network and transport), and the application layer.
1.3.3 Message Transmission Using Layers
Each computer in the network has software that operates at each
of the layers and performs the
functions required by those layers (the physical layer is
hardware, not software). Each layer in
the network uses a formal language, or protocol, that is simply a
set of rules that define what the
layer will do and that provides a clearly defined set of messages
that software at the layer needs
to understand. For example, the protocol used for Web
applications is HTTP (Hypertext Transfer
Protocol, which is described in more detail in Chapter 2). In
general, all messages sent in a network
pass through all layers. All layers except the physical layer
create a new Protocol Data Unit (PDU)
as the message passes through them. The PDU contains
information that is needed to transmit
the message through the network. Some experts use the word
packet to mean a PDU. Figure 1-4
shows how a message requesting a Web page would be sent on
the Internet.
Application Layer First, the user creates a message at the
application layer using a Web browser
by clicking on a link (e.g., get the home page at
www.somebody.com). The browser translates

the user’s message (the click on the Web link) into HTTP. The
rules of HTTP define a specific
PDU—called an HTTP packet—that all Web browsers must use
when they request a Web page.
�
� �
�
Network Models 11
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer Ethernet IP TCP RequestHTTP
IP TCP RequestHTTP
TCP RequestHTTP
Request Packet
Segment
Packet

Frame
Bit
HTTP
Physical
Layer
Sender PDU Receiver
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer Ethernet IP TCP RequestHTTP
IP TCP RequestHTTP
TCP RequestHTTP
RequestHTTP
Physical
Layer
FIGURE 1-4 Message transmission using layers. IP = Internet
Protocol;
HTTP = Hypertext Transfer Protocol; TCP = Transmission

Control Protocol
For now, you can think of the HTTP packet as an envelope into
which the user’s message (get the
Web page) is placed. In the same way that an envelope placed in
the mail needs certain informa-
tion written in certain places (e.g., return address, destination
address), so too does the HTTP
packet. The Web browser fills in the necessary information in
the HTTP packet, drops the user’s
request inside the packet, then passes the HTTP packet
(containing the Web page request) to the
transport layer.
Transport Layer The transport layer on the Internet uses a
protocol called TCP (Transmission
Control Protocol), and it, too, has its own rules and its own
PDUs. TCP is responsible for breaking
large files into smaller packets and for opening a connection to
the server for the transfer of a large
set of packets. The transport layer places the HTTP packet
inside a TCP PDU (which is called a
TCP segment), fills in the information needed by the TCP
segment, and passes the TCP segment
(which contains the HTTP packet, which, in turn, contains the
message) to the network layer.
Network Layer The network layer on the Internet uses a
protocol called IP (Internet Protocol),
which has its rules and PDUs. IP selects the next stop on the
message’s route through the net-
work. It places the TCP segment inside an IP PDU, which is
called an IP packet, and passes the
IP packet, which contains the TCP segment, which, in turn,
contains the HTTP packet, which, in
turn, contains the message, to the data link layer.

�
� �
�
Data Link Layer If you are connecting to the Internet using a
LAN, your data link layer may use
a protocol called Ethernet, which also has its own rules and
PDUs. The data link layer formats the
message with start and stop markers, adds error checks
information, places the IP packet inside
an Ethernet PDU, which is called an Ethernet frame, and
instructs the physical hardware to trans-
mit the Ethernet frame, which contains the IP packet, which
contains the TCP segment, which
contains the HTTP packet, which contains the message.
Physical Layer The physical layer in this case is network cable
connecting your computer to the
rest of the network. The computer will take the Ethernet frame
(complete with the IP packet,
the TCP segment, the HTTP packet, and the message) and send
it as a series of electrical pulses
through your cable to the server.
When the server gets the message, this process is performed in
reverse. The physical hard-
ware translates the electrical pulses into computer data and
passes the message to the data link
layer. The data link layer uses the start and stop markers in the

Ethernet frame to identify the
message. The data link layer checks for errors and, if it
discovers one, requests that the message be
resent. If a message is received without error, the data link
layer will strip off the Ethernet frame
and pass the IP packet (which contains the TCP segment, the
HTTP packet, and the message) to
the network layer. The network layer checks the IP address and,
if it is destined for this computer,
strips off the IP packet and passes the TCP segment, which
contains the HTTP packet and the
message, to the transport layer. The transport layer processes
the message, strips off the TCP seg-
ment, and passes the HTTP packet to the application layer for
processing. The application layer
(i.e., the Web server) reads the HTTP packet and the message it
contains (the request for the Web
page) and processes it by generating an HTTP packet containing
the Web page you requested.
Then the process starts again as the page is sent back to you.
The Pros and Cons of Using Layers There are three important
points in this example. First, there
are many different software packages and many different PDUs
that operate at different layers to
successfully transfer a message. Networking is in some ways
similar to the Russian matryoshka,
nested dolls that fit neatly inside each other. This is called
encapsulation, because the PDU at a
higher level is placed inside the PDU at a lower level so that the
lower-level PDU encapsulates
the higher-level one. The major advantage of using different
software and protocols is that it is
easy to develop new software, because all one has to do is write
software for one level at a time.
The developers of Web applications, for example, do not need

to write software to perform error
checking or routing, because those are performed by the data
link and network layers. Developers
can simply assume those functions are performed and just focus
on the application layer. Similarly,
it is simple to change the software at any level (or add new
application protocols), as long as the
interface between that layer and the ones around it remains
unchanged.
Second, it is important to note that for communication to be
successful, each layer in one com-
puter must be able to communicate with its matching layer in
the other computer. For example,
the physical layer connecting the client and server must use the
same type of electrical signals to
enable each to understand the other (or there must be a device
to translate between them). Ensur-
ing that the software used at the different layers is the same as
accomplished by using standards.
A standard defines a set of rules, called protocols, that explain
exactly how hardware and software
that conform to the standard are required to operate. Any
hardware and software that conform
to a standard can communicate with any other hardware and
software that conform to the same
standard. Without standards, it would be virtually impossible
for computers to communicate.
Third, the major disadvantage of using a layered network model
is that it is somewhat inef-
ficient. Because there are several layers, each with its own
software and PDUs, sending a message
involves many software programs (one for each protocol) and
many PDUs. The PDUs add to the

�
� �
�
Network Standards 13
total amount of data that must be sent (thus increasing the time
it takes to transmit), and the
different software packages increase the processing power
needed in computers. Because the pro-
tocols are used at different layers and are stacked on top of one
another (take another look at
Figure 1-4), the set of software used to understand the different
protocols is often called a protocol
stack.
1.4 NETWORK STANDARDS
1.4.1 The Importance of Standards
Standards are necessary in almost every business and public
service entity. For example, before
1904, fire hose couplings in the United States were not
standard, which meant a fire department
in one community could not help in another community. The
transmission of electric current was
not standardized until the end of the nineteenth century, so
customers had to choose between
Thomas Edison’s direct current (DC) and George
Westinghouse’s alternating current (AC).
The primary reason for standards is to ensure that hardware and
software produced by
different vendors can work together. Without networking

standards, it would be difficult—if
not impossible—to develop networks that easily share
information. Standards also mean that
customers are not locked into one vendor. They can buy
hardware and software from any vendor
whose equipment meets the standard. In this way, standards
help to promote more competition
and hold down prices.
The use of standards makes it much easier to develop software
and hardware that link
different networks because software and hardware can be
developed one layer at a time.
1.4.2 The Standards-Making Process
There are two types of standards: de jure and de facto. A de jure
standard is developed by an official
industry or a government body and is often called a formal
standard. For example, there are de
jure standards for applications such as Web browsers (e.g.,
HTTP, HTML), for network layer soft-
ware (e.g., IP), for data link layer software (e.g., Ethernet IEEE
802.3), and for physical hardware
(e.g., V.90 modems). De jure standards typically take several
years to develop, during which time
technology changes, making them less useful.
De facto standards are those that emerge in the marketplace and
are supported by several ven-
dors but have no official standing. For example, Microsoft
Windows is a product of one company
and has not been formally recognized by any standards
organization, yet it is a de facto standard.
In the communications industry, de facto standards often
become de jure standards once they have
been widely accepted.

The de jure standardization process has three stages:
specification, identification of choices,
and acceptance. The specification stage consists of developing a
nomenclature and identifying the
problems to be addressed. In the identification of choices stage,
those working on the standard iden-
tify the various solutions and choose the optimum solution from
among the alternatives. Accep-
tance, which is the most difficult stage, consists of defining the
solution and getting recognized
industry leaders to agree on a single, uniform solution. As with
many other organizational pro-
cesses that have the potential to influence the sales of hardware
and software, standards-making
processes are not immune to corporate politics and the influence
of national governments.
International Organization for Standardization One of the most
important standards-making
bodies is the International Organization for Standardization
(ISO), which makes technical rec-
ommendations about data communication interfaces (see
www.iso.org). ISO is based in Geneva,
�
� �
�
Switzerland. The membership is composed of the national

standards organizations of each ISO
member country.
International Telecommunications Union-Telecommunications
Group The International
Telecommunications Union-Telecommunications Group (ITU-T)
is the technical standards-
setting organization of the United Nations International
Telecommunications Union, which is
also based in Geneva (see www.itu.int). ITU is composed of
representatives from about 200
member countries. Membership was originally focused on just
the public telephone companies
in each country, but a major reorganization in 1993 changed
this, and ITU now seeks members
among public- and private-sector organizations who operate
computer or communications
networks (e.g., RBOCs) or build software and equipment for
them (e.g., AT&T).
American National Standards Institute The American National
Standards Institute (ANSI) is
the coordinating organization for the U.S. national system of
standards for both technology and
nontechnology (see www.ansi.org). ANSI has about 1,000
members from both public and private
organizations in the United States. ANSI is a standardization
organization, not a standards-making
body, in that it accepts standards developed by other
organizations and publishes them as Amer-
ican standards. Its role is to coordinate the development of
voluntary national standards and to
MANAGEMENT
FOCUS

1-2 How Network Protocols Become Standards
There are many standards organizations around the world,
but perhaps the best known is the Internet Engineering Task
Force (IETF). IETF sets the standards that govern how much
of the Internet operates.
The IETF, like all standards organizations, tries to seek
consensus among those involved before issuing a standard.
Usually, a standard begins as a protocol (i.e., a language
or set of rules for operating) developed by a vendor (e.g.,
HTML). When a protocol is proposed for standardization,
the IETF forms a working group of technical experts to study
it. The working group examines the protocol to identify
potential problems and possible extensions and improve-
ments, and then issues a report to the IETF.
If the report is favorable, the IETF issues a Request
for Comment (RFC) that describes the proposed standard
and solicits comments from the entire world. Most large
software companies likely to be affected by the proposed
standard prepare detailed responses. Many “regular” Inter-
net users also send their comments to the IETF.
The IETF reviews the comments and possibly issues a
new and improved RFC, which again is posted for more
comments. Once no additional changes have been identi-
fied, it becomes a proposed standard.
Usually, several vendors adopt the proposed standard
and develop products based on it. Once at least two ven-
dors have developed hardware or software based on it and
it has proven successful in operation, the proposed stan-
dard is changed to a draft standard. This is usually the final
specification, although some protocols have been elevated

to Internet standards, which usually signifies mature stan-
dards not likely to change.
The process does not focus solely on technical
issues; almost 90% of the IETF’s participants work for
manufacturers and vendors, so market forces and politics
often complicate matters. One former IETF chairperson
who worked for a hardware manufacturer has been
accused of trying to delay the standards process until his
company had a product ready, although he and other IETF
members deny this. Likewise, former IETF directors have
complained that members try to standardize every product
their firms produce, leading to a proliferation of standards,
only a few of which are truly useful.
Sources: “How Networking Protocols Become Standards,”
PC Week, March 17, 1997; “Growing Pains,” Network
World, April 14, 1997.
�
� �
�
Network Standards 15
MANAGEMENT
FOCUS
1-3 Keeping Up with Technology
The data communications and networking arena changes
rapidly. Significant new technologies are introduced and

new concepts are developed almost every year. It is there-
fore important for network managers to keep up with these
changes.
There are at least three useful ways to keep up with
change. First and foremost for users of this book is the
website for this book, which contains updates to the book,
additional sections, teaching materials, and links to useful
websites.
Second, there are literally hundreds of thousands
of websites with data communications and networking
information. Search engines can help you find them.
A good initial starting point is the telecom glossary at http://
www.atis.org. Three other useful sites are http://www.zdnet
.com, http://www.networkcomputing.com, and http://www
.zdnet.com.
Third, there are many useful magazines that discuss
computer technology in general and networking tech-
nology in particular, including Network Computing, Info
World, Info Week, and CIO Magazine.
interact with the ISO to develop national standards that comply
with the ISO’s international rec-
ommendations. ANSI is a voting participant in the ISO.
Institute of Electrical and Electronics Engineers The Institute of
Electrical and Electronics
Engineers (IEEE) is a professional society in the United States
whose Standards Association
(IEEE-SA) develops standards (see www.standards.ieee.org).
The IEEE-SA is probably most
known for its standards for LANs. Other countries have similar
groups; for example, the British

counterpart of IEEE is the Institution of Electrical Engineers
(IEE).
Internet Engineering Task Force The Internet Engineering Task
Force (IETF) sets the stan-
dards that govern how much of the Internet will operate (see
www.ietf.org). The IETF is unique in
that it doesn’t really have official memberships. Quite literally
anyone is welcome to join its mail-
ing lists, attend its meetings, and comment on developing
standards. The role of the IETF and
other Internet organizations is discussed in more detail in
Chapter 8; also, see the box entitled
“How Network Protocols Become Standards.”
1.4.3 Common Standards
There are many different standards used in networking today.
Each standard usually covers one
layer in a network. Some of the most commonly used standards
are shown in Figure 1-5. At this
point, these models are probably just a maze of strange names
and acronyms to you, but by the
end of the book, you will have a good understanding of each of
these. Figure 1-5 provides a brief
road map for some of the important communication technologies
we discuss in this book.
For now, there is one important message you should understand
from Figure 1-5: For a net-
work to operate, many different standards must be used
simultaneously. The sender of a message
must use one standard at the application layer, another one at
the transport layer, another one at
the network layer, another one at the data link layer, and
another one at the physical layer. Each
layer and each standard is different, but all must work together

to send and receive messages.
Either the sender and receiver of a message must use the same
standards or, more likely, there
are devices between the two that translate from one standard
into another. Because different net-
works often use software and hardware designed for different
standards, there is often a lot of
translation between different standards.
http://www.zdnet.com
�
� �
�
FIGURE 1-5
Some common data
communications stan-
dards. HTML = Hyper-
text Markup Language;
HTTP = Hypertext
Transfer Protocol;
IMAP = Internet Mes-
sage Access Protocol;
IP = Internet Protocol;
LAN = Local Area Net-
work; MPEG = Motion

Picture Experts Group;
POP = Post Office Pro-
tocol; TCP = Transmis-
sion Control Protocol
Layer Common Standards
5. Application layer
1. Physical layer
HTTP, HTML (Web)
MPEG, H.323 (audio/video)
SMTP, IMAP, POP (email)
RS-232C cable (LAN)
Category 5 cable (LAN)
V.92 (56 Kbps modem)
4. Transport layer TCP (Internet and LANs)
3. Network layer IP (Internet and LANs)
2. Data link layer Ethernet (LAN)
Frame relay (WAN)
T1 (MAN and WAN)
1.5 FUTURE TRENDS
The field of data communications has grown faster and become
more important than computer
processing itself. Both go hand in hand, but we have moved
from the computer era to the com-
munication era. Three major trends are driving the future of
communications and networking.
1.5.1 Wireless LAN and BYOD

The rapid development of mobile devices, such as smartphones
and tablets, has encouraged
employers to allow their employees to bring these devices to
work and use them to access data,
such as their work email. This movement, called bring your own
device, or Bring Your On
Device (BYOD), is a great way to get work quickly, saves
money, and makes employees happy.
But BYOD also brings its own problems. Employers need to add
or expand their Wireless Local
Area Networks (WLANs) to support all these new devices.
Another important problem is security. Employees bring these
devices to work so that they
can access not only their email but also other critical company
assets, such as information about
their clients, suppliers, or sales. Employers face myriad
decisions about how to manage access
to company applications for BYOD. Companies can adopt two
main approaches: (1) native apps
or (2) browser-based technologies. Native apps require an app
to be developed for each appli-
cation that an employee might be using for every potential
device that the employee might use
(e.g., iPhone, Android, Windows). The browser-based approach
(often referred to as responsive
design using HTML5) doesn’t create an app but rather requires
employees to access the applica-
tion through a Web browser. Both these approaches have their
pros and cons, and only the future
will show which one is the winner.
What if an employee loses his or her mobile phone or tablet so
that the application that
accesses critical company data now can be used by anybody
who finds the device? Will the

company’s data be compromised? Device and data loss practices
now have to be added to the
general security practices of the company. Employees need to
have apps to allow their employer
to wipe their phones clean in case of loss so that no company
data are compromised (e.g., SOTI’s
MobiControl). In some cases, companies require the employee
to allow monitoring of the device
at all times, to ensure that security risks are minimized.
However, some argue that this is not a
�
� �
�
Future Trends 17
good practice because the device belongs to the employee, and
monitoring it 24/7 invades the
employee’s privacy.
1.5.2 The Internet of Things
Telephones and computers used to be separate. Today voice and
data have converged into unified
communications, with phones plugged into computers or
directly into the LAN using Voice over
Internet Protocol (VOIP). Vonage and Skype have taken this
one step further and offer telephone
service over the Internet at dramatically lower prices than
traditional separate landline phones,
whether from traditional phones or via computer microphones
and speakers.

Computers and networks can also be built into everyday things,
such as kitchen appliances,
doors, and shoes. In the future, the Internet will move from
being a Web of computers to also being
an Internet of Things (IoT) as smart devices become common.
All this interaction will happen
seamlessly, without human intervention. And we will get used
to seeing our shoes tell us how far
we walked, our refrigerator telling us what food we need to buy,
our thermostats adjusting the
temperature depending on where we are in our house or
apartment, and our locks opening and
closing without physical keys and telling us who entered and
left at what times.
The IoT is well under way. For example, Microsoft has an
Envisioning Center that focuses
on creating the future of work and play (it is open to the
public). At the Envisioning Center, a
person can communicate with his or her colleagues through
digital walls that enable the person
to visualize projects through simulation and then rapidly move
to execution of ideas. In the home
of the future, anyone can, for example, be a chef and adapt
recipes based on dietary needs or
ingredients in the pantry (see Figure 1-6) through the use of
Kinect technology.
Google is another leading innovator in the IoT world. Google
has been developing a
self-driving car for several years. This self-driving car not only
passes a standard driving test but
also has fewer collisions than cars driven by humans. Other car
developers are also developing
autonomous vehicles.

1.5.3 Massively Online
You have probably heard of massively multiplayer online
games, such as World of Warcraft, where
you can play with thousands of players in real time. Well, today
not only games are massively
FIGURE 1-6
Microsoft’s
Envisioning
Center—Smart
Stovetop that helps
you cook without
getting in your way
Source: Smart Stovetop,
Microsoft’s Envisioning
Center, Used with
permission by Microsoft.
�
� �
�
online. Education is massively online. Khan Academy,
Lynda.com, or Code Academy have web-
sites that offer thousands of education modules for children and
adults in myriad fields to help

them learn. Your class very likely also has an online
component. You may even use this textbook
online and decide whether your comments are for you only, for
your instructor, or for the entire
class to read. In addition, you may have heard about massive
open online courses, or MOOC.
MOOC enable students who otherwise wouldn’t have access to
elite universities to get access to
top knowledge without having to pay the tuition. These classes
are offered by universities, such
as Stanford, UC Berkeley, MIT, UCLA, and Carnegie Mellon,
free of charge and for no credit
(although at some universities, you can pay and get credit
toward your degree).
Politics has also moved massively online. President Obama
reached out to the crowds
and ordinary voters not only through his Facebook page but also
through Reddit and Google
Hangouts. President Trump’s use of Twitter is unprecedented.
He can directly reach millions of
followers—a strategy that paid off in the 2016 elections.
Finally, massively online allows activists
to reach masses of people in a very short period of time to
initiate change. Examples of use of
YouTube videos or Facebook for activism include the Arab
Spring, Kony 2012, or the use of sarin
gas in Syria.
So what started as a game with thousands of people being online
at the same time is being rein-
vented for good use in education, politics, and activism. Only
the future will show what humanity
can do with what massively online has to offer.
What these three trends have in common is that there will be an

increasing demand for pro-
fessionals who understand development of data communications
and networking infrastructure
to support this growth. There will be more and more need to
build faster and more secure net-
works that will allow individuals and organizations to connect
to resources, probably stored on
cloud infrastructure (either private or public). This need will
call not only for engineers who deeply
understand the technical aspects of networks but also for highly
social individuals who embrace
technology in creative ways to allow business to achieve a
competitive edge through utilizing this
technology. So the call is for you who are reading this book—
you are in the right place at the
right time!
1.6 IMPLICATIONS FOR CYBER SECURITY
At the end of each chapter, we provide key implications for
cyber security that arise from the
topics discussed in the chapter. We draw implications that focus
on improving the management
of networks and information systems as well as implications for
cyber security of an individual
and an organization.
There are three key implications for management from this
chapter. First, networks and the
Internet change almost everything. Computer networks and the
Internet are designed to quickly
and easily move information from distant locations and to
enable individuals inside and outside
the firm to access information and products from around the
world. However, this ease of doing
work on the Internet makes it also easy for cyber criminals to
steal files from your computer or to

put files on your computer (such as viruses or malware).
Understanding how computer networks
and the Internet work and how computers communicate via
networks is the first step toward
defending your own computer and the computers on a
company’s network.
Second, today’s networking environment requires that a wide
variety of devices could con-
nect. Employees’ use of their own devices under BYOD policies
increases security risks, as does
the move to the IoT. Several security experts say that IoT
doesn’t stand for Internet of Things; it
stands for Internet of Targets. Individuals and companies have
to balance BYOD and IoT risks
and rewards to create a useful and secure computing
infrastructure.
Third, as the demand for network services and network capacity
increases, so too will the
need for secure storage and server space and secure transfer of
data. Finding efficient ways to
�
� �
�
Summary 19
FIGURE 1-7
One server farm with
more than 1,000

servers
Source: zentilia/
Getty Images
securely store all the information we generate will open new
market opportunities. Today, Google
has almost a million Web servers (see Figure 1-7). If we assume
that each server costs an average
of $1,000, the money large companies spend on storage is close
to $1 billion. Capital expenditure
of this scale is then increased by money spent on power and
staffing. One way companies can
reduce this amount of money is to store their data using cloud
computing. The good news is that
more and more cloud providers meet or exceed government
required security measures for data
storage and transfer.
SUMMARY
Introduction The information society, where information and
intelligence are the key drivers
of personal, business, and national success, has arrived. Data
communications is the principal
enabler of the rapid information exchange and will become
more important than the use of com-
puters themselves in the future. Successful users of data
communications, such as Wal-Mart, can
gain significant competitive advantage in the marketplace.
Network Definitions A LAN is a group of computers located in
the same general area. A BN
is a large central network that connects almost everything on a
single company site. A metropoli-
tan area network (MAN) encompasses a city or county area. A

wide area network (WAN) spans
city, state, or national boundaries.
Network Model Communication networks are often broken into
a series of layers, each of
which can be defined separately, to enable vendors to develop
software and hardware that can
work together in the overall network. In this book, we use a
five-layer model. The application
layer is the application software used by the network user. The
transport layer takes the message
generated by the application layer and, if necessary, breaks it
into several smaller messages. The
network layer addresses the message and determines its route
through the network. The data link
layer formats the message to indicate where it starts and ends,
decides when to transmit it over the
physical media, and detects and corrects any errors that occur in
transmission. The physical layer
is the physical connection between the sender and receiver,
including the hardware devices (e.g.,
computers, terminals, and modems) and physical media (e.g.,
cables and satellites). Each layer,
except the physical layer, adds a Protocol Data Unit (PDU) to
the message.
�
� �
�

Standards Standards ensure that hardware and software
produced by different vendors can
work together. A de jure standard is developed by an official
industry or a government body. De
facto standards are those that emerge in the marketplace and are
supported by several vendors but
have no official standing. Many different standards and
standards-making organizations exist.
Future Trends At the same time as the use of BYOD offers
efficiency at the workplace, it
opens up the doors for security problems that companies need to
consider. Our interactions with
colleagues and family will very likely change in the next 5–10
years because of the Internet of
Things (IoT), where devices will interact with each other
without human intervention. Finally,
massively online not only changed the way we play computer
games but also showed that
humanity can change its history.
KEY TERMS
American National
Standards Institute
(ANSI), 14
application layer, 10
Attacks, 22
backbone network (BN),
6
Bring Your On Device
(BYOD), 16
browser-based, 16

cable, 5
circuit, 5
client, 5
cyber security, 18
data link layer, 9
extranet, 7
file server, 5
hardware layer, 10
Institute of Electrical and
Electronics Engineers
(IEEE), 15
International
Telecommunications
Union-
Telecommunications
Group (ITU-T), 14
Internet Engineering
Task Force (IETF),
15
Internet model, 9
Internet of Things (IoT),
17
Internet service provider
(ISP), 1
internetwork layers, 10
intranet, 7
layers, 7
local area network

(LAN), 6
mail server, 5
native apps, 16
network layer, 10
Open Systems
Interconnection
Reference model (OSI
model), 7
peer-to-peer networks, 5
physical layer, 9
protocol, 10
Protocol Data Unit
(PDU), 10
protocol stack, 13
Request for Comment
(RFC), 14
router, 5
server, 5
standards, 13
switch, 5
transport layer, 10
Web server, 5
wide area networks
(WAN), 7
wireless access point, 5
QUESTIONS
1. How can data communications networks affect busi-

nesses?
2. Discuss three important applications of data commu-
nications networks in business and personal use.
3. How do LANs differ from WANs and BNs?
4. What is a circuit?
5. What is a client?
6. What is a server?
7. Why are network layers important?
8. Describe the seven layers in the OSI network model
and what they do.
9. Describe the five layers in the Internet network model
and what they do.
10. Explain how a message is transmitted from one com-
puter to another using layers.
11. Describe the three stages of standardization.
12. How are Internet standards developed?
13. Describe two important data communications
standards-making bodies. How do they differ?
14. What is the purpose of a data communications
standard?
15. Discuss three trends in communications and
networking.
16. Why has the Internet model replaced the OSI model?
17. In the 1980s, when we wrote the first edition of
this book, there were many, many more protocols in
common use at the data link, network, and transport

layers than there are today. Why do you think the num-
ber of commonly used protocols at these layers has
declined? Do you think this trend will continue? What
�
� �
�
Minicases 21
are the implications for those who design and operate
networks?
18. The number of standardized protocols in use at the
application layer has significantly increased since the
1980s. Why? Do you think this trend will continue?
What are the implications for those who design and
operate networks?
19. How many bits (not bytes) are there in a 10-page text
document? Hint: There are approximately 350 words
on a double-spaced page.
20. What are three cyber security issues?
21. What is the Internet of Things (IoT)? What are the ben-
efits and risks?
EXERCISES
A. Investigate the latest cyber security threats. What ser-
vices and/or data were affected by these threats? What

was done to recover from this situation?
B. Discuss the issue of communications monopolies and
open competition with an economics instructor and
relate his or her comments to your data communica-
tion class.
C. Find a college or university offering a specialized
degree in telecommunications or data communica-
tions and describe the program.
D. Investigate the IoT. What IoT devices are you most
interested in?
E. Investigate the networks in your school or organiza-
tion. Describe the important LANs and BNs in use (but
do not describe the specific clients, servers, or devices
on them).
F. Visit the Internet Engineering Task (IETF) website
(www.ietf.org). Describe one standard that is in the
RFC stage.
G. Discuss how the revolution/evolution of communica-
tions and networking is likely to affect how you will
work and live in the future.
H. Investigate the pros and cons of developing native apps
versus taking a browser-based approach.
MINICASES
I. Global Consultants John Adams is the chief infor-
mation officer (CIO) of Global Consultants (GC), a
very large consulting firm with offices in more than
100 countries around the world. GC is about to pur-

chase a set of several Internet-based financial software
packages that will be installed in all of their offices.
There are no standards at the application layer for finan-
cial software but several software companies that sell
financial software (call them group A) use one de facto
standard to enable their software to work with one
another’s software. However, another group of finan-
cial software companies (call them group B) use a dif-
ferent de facto standard. Although both groups have
software packages that GC could use, GC would really
prefer to buy one package from group A for one type
of financial analysis and one package from group B for
a different type of financial analysis. The problem, of
course, is that then the two packages cannot commu-
nicate and GC’s staff would end up having to type the
same data into both packages. The alternative is to buy
two packages from the same group—so that data could
be easily shared—but that would mean having to set-
tle for second best for one of the packages. Although
there have been some reports in the press about the
two groups of companies working together to develop
one common standard that will enable software to work
together, there is no firm agreement yet. What advice
would you give Adams?
II. Atlas Advertising Atlas Advertising is a regional
advertising agency with offices in Boston, New York,
Providence, Washington, D.C., and Philadelphia. 1.
Describe the types of networks you think they would
have (e.g., LANs, BNs, WANs) and where they are likely
to be located. 2. What types of standard protocols and
technologies do you think they are using at each layer
(e.g., see Figure 1-5)?
III. Consolidated Supplies Consolidated Supplies is a

medium-sized distributor of restaurant supplies that
operates in Canada and several northern U.S. states.
They have 12 large warehouses spread across both
countries to service their many customers. Products
arrive from the manufacturers and are stored in the
�
� �
�
warehouses until they are picked and put on a truck for
delivery to their customers. The networking equipment
in their warehouses is old and is starting to give them
problems; these problems are expected to increase as
the equipment gets older. The vice president of opera-
tions, Pat McDonald, would like to replace the existing
LANs and add some new wireless LAN technology into
all the warehouses, but he is concerned that now may
not be the right time to replace the equipment. He has
read several technology forecasts that suggest there will
be dramatic improvements in networking speeds over
the next few years, especially in wireless technologies.
He has asked you for advice about upgrading the equip-
ment. Should Consolidated Supplies replace all the net-
working equipment in all the warehouses now, should
it wait until newer networking technologies are avail-
able, or should it upgrade some of the warehouses this
year, some next year, and some the year after, so that
some warehouses will benefit from the expected future

improvements in networking technologies?
IV. Asia Importers Caisy Wong is the owner of a small
catalog company that imports a variety of clothes and
houseware from several Asian countries and sells them
to its customers over the Web and by telephone through
a traditional catalog. She has read about the conver-
gence of voice and data and is wondering about chang-
ing her current traditional, separate, and rather expen-
sive telephone and data services into one service offered
by a new company that will supply both telephone and
data over her Internet connection. What are the poten-
tial benefits and challenges that Asia Importers should
consider in making the decision about whether to move
to one integrated service?
CASE STUDY
NEXT-DAY AIR SERVICE
See the book companion site at
www.wiley.com/college/fitzgerald.
HANDS-ON ACTIVITY 1A
Internet as We Know It Today
We think about access to the Internet as a daily normal. We
check our email, news, chat with friends and family, and do
shopping on the Internet. The objective of this activity is for
you to experience this convergence.
1. Investigate the history of the Internet at http://www.
vox.com/a/internet-maps that shows you a history of
the Internet through maps.
2. See how many people are using the Internet in your

state/country at https://www.akamai.com/uk/en/so
lution/intelligent-platform/visualizing-akamai/real-
time-web-monitor.jsp.
3. See the cyber security attacks in progress on infor-
mation systems connected to the Internet by clicking
on the Attacks tab at https://www.akamai.com/uk/en/
solutions/intelligent-platform/visualizing-akamai/real-
time-web-monitor.jsp.
Deliverable
Write a one-page summary of the history and current state
of the Internet. What was the most surprising thing you
learned during your investigation?
HANDS-ON ACTIVITY 1B
Seeing the PDUs in Your Messages
We talked about how messages are transferred using layers
and the different PDUs used at each layer. The objective
of this activity is for you to see the different PDUs in the
messages that you send. To do this, we’ll use Wireshark,
which is one of the world’s foremost network protocol
analyzers and is the de facto standard that most profes-
sional and education institutions use today. It is used for
http://www.vox.com/a/internet-maps
http://www.vox.com/a/internet-maps
https://www.akamai.com/uk/en/solution/intelligent-
platform/visualizing-akamai/realtime-web-monitor.jsp
https://www.akamai.com/uk/en/solution/intelligent-
https://www.akamai.com/uk/en/solutions/intelligent-

https://www.akamai.com/uk/en/solutions/intelligent-
�
� �
�
Hands-On Activity 1B 23
This is the Filter toolbar
FIGURE 1-8 Wireshark capture
network troubleshooting, network analysis, software and
communications protocol development, and general educa-
tion about how networks work.
Wireshark enables you to see all messages sent by your
computer, as well as some or all of the messages sent by
other computers on your LAN, depending on how your LAN
is designed. Most modern LANs are designed to prevent
you from eavesdropping on other computer’s messages, but
some older ones still permit this. Normally, your computer
will ignore the messages that are not addressed for your
computer, but Wireshark enables you to eavesdrop and read
messages sent to and from other computers.
Wireshark is free. Before you start this activity, download
and install it from https://www.wireshark.org.
1. Start Wireshark.

2. Click on Capture and then Interfaces. Click the Start
button next to the active interface (the one that is
receiving and sending packets). Your network data
will be captured from this moment on.
3. Open your browser and go to a Web page that you
have not visited recently (a good one is www.iana.org).
4. Once the Web page has loaded, go back to Wireshark
and stop the packet capture by clicking on Capture
and then Stop (the hot key for this is Ctrl + E).
5. You will see results similar to those in Figure 1-8.
There are three windows below the tool bar:
a. The top window is the Packet List. Each line repre-
sents a single message or packet that was captured
by Wireshark. Different types of packets will have
different colors. For example, HTTP packets are
colored green. Depending on how busy your net-
work is, you may see a small number of packets in
this window or a very large number of packets.
b. The middle window is the Packet Detail. This will
show the details for any packet you click on in the
top window.
c. The bottom window shows the actual contents of
the packet in hexadecimal format, so it is usually
hard to read. This window is typically used by net-
work programmers to debug errors.
6. Let’s take a look at the packets that were used to
request the Web page and send it to your computer.
The application layer protocol used on the Web is
HTTP, so we’ll want to find the HTTP packets. In the

Filter toolbar, type http and hit enter.
7. This will highlight all the packets that contain HTTP
packets and will display the first one in Packet
Detail window. Look at the Packet Detail window
http://www.iana.org
�
� �
�
in Figure 1-8 to see the PDUs in the message we’ve
highlighted. You’ll see that it contains an Ethernet II
Frame, an IP packet, a TCP segment, and an HTTP
packet. You can see inside any or all of these PDUs by
clicking on the +box in front of them. In Figure 1-8,
you’ll see that we’ve clicked the +box in front of the
HTTP packet to show you what’s inside it.
Deliverables
1. List the PDU at layers 2, 3, and 4 that were used to
transmit your HTTP GET packet.
a. Locate your HTTP GET packet in the Packet List
and click on it.
b. Look in the Packet Detail window to get the PDU
information.

2. How many different HTTP GET packets were sent
by your browser? Not all the HTTP packets are GET
packets, so you’ll have to look through them to answer
this question.
3. List at least five other protocols that Wireshark dis-
played in the Packet List window. You will need to
clear the filter by clicking on the “Clear” icon that is
on the right of the Filter toolbar.
�
� �
�
PART TWO FUNDAMENTAL CONCEPTS
C H A P T E R 2
APPLICATION LAYER
The application layer (also called layer 5) is the software that
enables the user to perform use-
ful work. The software at the application layer is the reason for
having the network because it is
this software that provides the business value. This chapter
examines the five fundamental types
of application architectures used at the application layer (host-
based, client-based, client–server,
cloud-based, and peer-to-peer). It then looks at the Internet and
the primary software application
packages it enables: the Web, email, Telnet, and instant
messaging.

OBJECTIVES ◾ Understand host-based, client-based, client–
server, and cloud-based application architectures
◾ Understand how the Web works
◾ Understand how email works
◾ Be aware of how Telnet and instant messaging work
2.2 Application Architectures
2.2.1 Host-Based Architectures
2.2.2 Client-Based Architectures
2.2.3 Client–Server Architectures
2.2.4 Cloud Computing Architectures
2.2.5 Peer-to-Peer Architectures
2.2.6 Choosing Architectures
2.3 World Wide Web
2.3.1 How the Web Works
2.3.2 Inside an HTTP Request
2.3.3 Inside an HTTP Response
2.4 Electronic Mail
2.4.1 How Email Works
2.4.2 Inside an SMTP Packet
2.4.3 Attachments in Multipurpose Internet
Mail Extension
2.5 Other Applications
2.5.1 Telnet
2.5.2 Instant Messaging
2.5.3 Videoconferencing
Summary

2.1 INTRODUCTION
Network applications are the software packages that run in the
application layer. You should be
quite familiar with many types of network software, because it
is these application packages that
you use when you use the network. In many respects, the only
reason for having a network is to
enable these applications.
In this chapter, we first discuss five basic architectures for
network applications and how each
of those architectures affects the design of networks. Because
you probably have a good under-
standing of applications such as the Web and word processing,
we will use those as examples of
different application architectures. We then examine several
common applications used on the
Internet (e.g., Web, email) and use those to explain how
application software interacts with the
25
�
� �
�
26 Chapter 2 Application Layer
networks. By the end of this chapter, you should have a much
better understanding of the applica-
tion layer in the network model and what exactly we meant

when we used the term protocol data
unit in Chapter 1.
2.2 APPLICATION ARCHITECTURES
In Chapter 1, we discussed how the three basic components of a
network (client computer, server
computer, and circuit) worked together. In this section, we will
get a bit more specific about how
the client computer and the server computer can work together
to provide application software to
the users. An application architecture is the way in which the
functions of the application layer
software are spread among the clients and servers in the
network.
The work done by any application program can be divided into
four general functions. The
first is data storage. Most application programs require data to
be stored and retrieved, whether
it is a small file such as a memo produced by a word processor
or a large database such as
TECHNICAL
FOCUS
2-1 Cloud Computing Deployment Models
When an organization decides to use cloud-based archi-
tecture, it needs to decide on which deployment model will
it use. There are three deployment models from which to
choose:
• Private cloud As the name suggests, private clouds
are created for the exclusive use of a single private
organization. The cloud (hardware and software)

would be hosted by the organization in a private data
center. This deployment model provides the highest
levels of control, privacy, and security. This model is
often used by organizations needing to satisfy
regulations posed by regulators, such as in the
financial and health-care industries.
• Public cloud This deployment model is used by
multiple organizations that share the same cloud
resources. The level of control is lower than in private
clouds, and many companies are concerned with the
security of their data. However, this deployment
model doesn’t require any upfront capital investment,
and the selected service can be up and running in a
few days. Public clouds are a good choice when a lot
of people in the organization are using the same
application. Because of this, the most frequently used
software as a service (SaaS) is email. For example,
many universities have moved to this model for their
students.
• Community cloud This deployment model is used by
organizations that have a common purpose. Rather
than each organization creating its own private
cloud, organizations decide to collaborate and pool
their resources. Although this cloud is not private,
only a limited number of companies have access to
it. Community clouds are considered to be a subset
of public clouds. Therefore, community clouds
realize the benefits from cloud infrastructure (such as
speed of deployment) with the added level of privacy
and security that private clouds offer. This
deployment model is often used in the government,
health care, and finance industries, members of
which have similar application needs and require a

very high level of security.
Sometimes an organization will choose to use
only one of these deployment models for all its
cloud-based applications. This strategy is called a
pure strategy, such as a pure private cloud strategy or
a pure public cloud strategy. In other cases, the
organization is best supported by a mix of public,
private, and community clouds for different
applications. This strategy is called a hybrid cloud
strategy. A hybrid cloud strategy allows the
organization to take advantage of the benefits that
these different cloud deployment models offer. For
example, a hospital can use Gmail for its email
application (public cloud) but a private cloud for
patient data, which require high security. The
downside of a hybrid cloud strategy is that an
organization has to deal with different platforms and
cloud providers. However, the truth is that this
strategy offers the greatest flexibility, so most
organizations eventually end up with this strategy.
�
� �
�
Application Architectures 27
an organization’s accounting records. The second function is
data access logic, the processing
required to access data, which often means database queries in
SQL (structured query language).

The third function is the application logic (sometimes called
business logic), which also can be
simple or complex, depending on the application. The fourth
function is the presentation logic,
the presentation of information to the user and the acceptance of
the user’s commands. These four
functions—data storage, data access logic, application logic,
and presentation logic—are the basic
building blocks of any application.
There are many ways in which these four functions can be
allocated between the client
computers and the servers in a network. There are five
fundamental application architectures
in use today. In host-based architectures, the server (or host
computer) performs virtually all
of the work. In client-based architectures, the client computers
perform most of the work. In
client–server architectures, the work is shared between the
servers and clients. In cloud-based
architectures, the cloud provides services (software, platform,
and/or infrastructure) to the client.
In peer-to-peer architectures, computers are both clients and
servers and thus share the work.
Although the client–server architecture is the dominant
application architecture, cloud-based
architecture is becoming the runner-up because it offers rapid
scalability and deployability of
computer resources.
2.2.1 Host-Based Architectures
The very first data communications networks developed in the
1960s were host-based, with the
server (usually a large mainframe computer) performing all four
functions. The clients (usually
terminals) enabled users to send and receive messages to and

from the host computer. The clients
merely captured keystrokes, sent them to the server for
processing, and accepted instructions from
the server on what to display (see Figure 2-1).
This very simple architecture often works very well.
Application software is developed and
stored on the one server along with all data. If you’ve ever used
a terminal, you’ve used a host-based
application. There is one point of control, because all messages
flow through the one central server.
In theory, there are economies of scale, because all computer
resources are centralized (but more
on cost later).
There are two fundamental problems with host-based networks.
First, the server must pro-
cess all messages. As the demands for more and more network
applications grow, many servers
become overloaded and unable to quickly process all the users’
demands. Prioritizing users’ access
becomes difficult. Response time becomes slower, and network
managers are required to spend
increasingly more money to upgrade the server. Unfortunately,
upgrades to the mainframes that
are usually the servers in this architecture are “lumpy.” That is,
upgrades come in large incre-
ments and are expensive (e.g., $500,000); it is difficult to
upgrade “a little.”
FIGURE 2-1
Host-based
architecture
Client
(terminal)

Server
(mainframe computer)
Presentation logic
Application logic
Data access logic
Data storage
�
� �
�
2.2.2 Client-Based Architectures
In the late 1980s, there was an explosion in the use of personal
computers. Today, more than
90% of most organizations’ total computer processing power
now resides on personal comput-
ers, not in centralized mainframe computers. Part of this
expansion was fueled by a number of
low-cost, highly popular applications such as word processors,
spreadsheets, and presentation
graphics programs. It was also fueled in part by managers’
frustrations with application software
on host mainframe computers. Most mainframe software is not
as easy to use as personal computer
software, is far more expensive, and can take years to develop.
In the late 1980s, many large orga-
nizations had application development backlogs of 2–3 years;
that is, getting any new mainframe

application program written would take years. New York City,
for example, had a 6-year backlog.
In contrast, managers could buy personal computer packages or
develop personal computer-based
applications in a few months.
With client-based architectures, the clients are personal
computers on a LAN, and the server
is usually another personal computer on the same network. The
application software on the client
computers is responsible for the presentation logic, the
application logic, and the data access logic;
the server simply stores the data (Figure 2-2).
This simple architecture often works very well. If you’ve ever
used a word processor and stored
your document file on a server (or written a program in Visual
Basic or C that runs on your
computer but stores data on a server), you’ve used a client-
based architecture.
The fundamental problem in client-based networks is that all
data on the server must travel
to the client for processing. For example, suppose the user
wishes to display a list of all employees
with company life insurance. All the data in the database (or all
the indices) must travel from the
server where the database is stored over the network circuit to
the client, which then examines each
record to see if it matches the data requested by the user. This
can overload the network circuits
because far more data are transmitted from the server to the
client than the client actually needs.
2.2.3 Client–Server Architectures
Most applications written today use client–server architectures.

Client–server architectures
attempt to balance the processing between the client and the
server by having both do some of
the logic. In these networks, the client is responsible for the
presentation logic, whereas the server
is responsible for the data access logic and data storage. The
application logic may either reside
on the client, reside on the server, or be split between both.
Figure 2-3 shows the simplest case, with the presentation logic
and application logic on the
client and the data access logic and data storage on the server.
In this case, the client software
accepts user requests and performs the application logic that
produces database requests that are
transmitted to the server. The server software accepts the
database requests, performs the data
access logic, and transmits the results to the client. The client
software accepts the results and
presents them to the user. When you used a Web browser to get
pages from a Web server, you
used a client–server architecture. Likewise, if you’ve ever
written a program that uses SQL to talk
to a database on a server, you’ve used a client–server
architecture.
FIGURE 2-2
Client-based
architecture
Client
(personal computer)
Server
(personal computer)

Data storage
Presentation logic
Application logic
Data access logic
�
� �
�
FIGURE 2-3
Two-tier client–server
architecture
Client
(personal computer)
Server
(personal computer,
server farm, or mainframe
Data access logic
Data storage
Presentation logic
Application logic
For example, if the user requests a list of all employees with
company life insurance, the client
would accept the request, format it so that it could be

understood by the server, and transmit it
to the server. On receiving the request, the server searches the
database for all requested records
and then transmits only the matching records to the client,
which would then present them to the
user. The same would be true for database updates; the client
accepts the request and sends it to the
server. The server processes the update and responds (either
accepting the update or explaining
why not) to the client, which displays it to the user.
One of the strengths of client–server networks is that they
enable software and hardware
from different vendors to be used together. But this is also one
of their disadvantages, because
it can be difficult to get software from different vendors to work
together. One solution to this
problem is middleware, software that sits between the
application software on the client and the
application software on the server. Middleware does two things.
First, it provides a standard way
of communicating that can translate between software from
different vendors. Many middleware
tools began as translation utilities that enabled messages sent
from a specific client tool to be
translated into a form understood by a specific server tool.
The second function of middleware is to manage the message
transfer from clients to servers
(and vice versa) so that clients need not know the specific
server that contains the application’s
data. The application software on the client sends all messages
to the middleware, which forwards
them to the correct server. The application software on the
client is therefore protected from any
changes in the physical network. If the network layout changes

(e.g., a new server is added), only
the middleware must be updated.
There are literally dozens of standards for middleware, each of
which is supported by different
vendors and provides different functions. Two of the most
important standards are Distributed
Computing Environment (DCE) and Common Object Request
Broker Architecture (CORBA).
Both of these standards cover virtually all aspects of the client–
server architecture but are quite
different. Any client or server software that conforms to one of
these standards can communicate
with any other software that conforms to the same standard.
Another important standard is Open
Database Connectivity (ODBC), which provides a standard for
data access logic.
Two-Tier, Three-Tier, and n-Tier Architectures There are many
ways in which the application
logic can be partitioned between the client and the server. The
example in Figure 2-3 is one of the
most common. In this case, the server is responsible for the data
and the client, the application
and presentation. This is called a two-tier architecture, because
it uses only two sets of computers,
one set of clients and one set of servers.
A three-tier architecture uses three sets of computers, as shown
in Figure 2-4. In this case,
the software on the client computer is responsible for
presentation logic, an application server
is responsible for the application logic, and a separate database
server is responsible for the data
access logic and data storage.

n-tier architecture uses more than three sets of computers. In
this case, the client is responsi-
ble for presentation logic, a database server is responsible for
the data access logic and data storage,
and the application logic is spread across two or more different
sets of servers. Figure 2-5 shows
�
� �
�
FIGURE 2-4
Three-tier
client–server
architecture
Client
(personal computer)
Application server
(personal computer)
Database server
(personal computer,
server farm, or mainframe)
Application logic Data access logic
Data storage

Presentation logic
FIGURE 2-5
The n-tier
client–server
architecture
Client
(personal computer)
Application server
(personal computer
or server farm)
Web server
(personal computer
or server farm)
Application logic
Application logic
Database server
(personal computer,
server farm, or mainframe)
Data access logic
Data storage
Presentation logic
an example of an n-tier architecture of a groupware product
called TCB Works developed at the

University of Georgia. TCB Works has four major components.
The first is the Web browser on
the client computer that a user uses to access the system and
enter commands (presentation logic).
The second component is a Web server that responds to the
user’s requests, either by providing
Hypertext Markup Language (HTML) pages and graphics
(application logic) or by sending the
request to the third component, a set of 28 C programs that
perform various functions such as
adding comments or voting (application logic). The fourth
component is a database server that
stores all the data (data access logic and data storage). Each of
these four components is sepa-
rate, making it easy to spread the different components on
different servers and to partition the
application logic on two different servers.
The primary advantage of an n-tier client–server architecture
compared with a two-tier archi-
tecture (or a three-tier compared with a two-tier) is that it
separates the processing that occurs to
better balance the load on the different servers; it is more
scalable. In Figure 2-5, we have three
separate servers, which provides more power than if we had
used a two-tier architecture with only
one server. If we discover that the application server is too
heavily loaded, we can simply replace
it with a more powerful server, or even put in two application
servers. Conversely, if we discover
the database server is underused, we could put data from
another application on it.
There are two primary disadvantages to an n-tier architecture
compared with a two-tier archi-
tecture (or a three-tier with a two-tier). First, it puts a greater

load on the network. If you compare
Figures 2-3, 2-4, and 2-5, you will see that the n-tier model
requires more communication among
the servers; it generates more network traffic so you need a
higher capacity network. Second, it is
much more difficult to program and test software in n-tier
architectures than in two-tier architec-
tures because more devices have to communicate to complete a
user’s transaction.
�
� �
�
FIGURE 2-6
The typical two-tier
thin-client
architecture of
the Web
Client
(personal computer)
Web server
(personal computer
or mainframe)
Application logic
Data access logic

Data storage
Presentation logic
Thin Clients versus Thick Clients Another way of classifying
client–server architectures is by
examining how much of the application logic is placed on the
client computer. A thin-client
approach places little or no application logic on the client (e.g.,
Figure 2-5), whereas a thick-client
(also called fat-client) approach places all or almost all of the
application logic on the client
(e.g., Figure 2-3). There is no direct relationship between thin
and fat clients and two-, three-
and n-tier architectures. For example, Figure 2-6 shows a
typical Web architecture: a two-tier
architecture with a thin client. One of the biggest forces
favoring thin clients is the Web.
Thin clients are much easier to manage. If an application
changes, only the server with the
application logic needs to be updated. With a thick client, the
software on all of the clients would
need to be updated. Conceptually, this is a simple task; one
simply copies the new files to the
hundreds of affected client computers. In practice, it can be a
very difficult task.
Thin-client architectures are the future. More and more
application systems are being writ-
ten to use a Web browser as the client software, with
Javascriptor AJAX (containing some of the
application logic) downloaded as needed. This application
architecture is sometimes called the dis-
tributed computing model. The thin-client architecture also
enables cloud-based architecture,

which is discussed next.
2.2.4 Cloud Computing Architectures
The traditional client–server architecture can be complicated
and expensive to deploy. Every appli-
cation has to be hosted on a server so that it can fulfill requests
from potentially thousands of
clients. An organization has hundreds of applications, so
running a successful client–server archi-
tecture requires a variety of software and hardware and the
skilled personnel who can build and
maintain this architecture.
Cloud computing architectures are different because they
outsource part or all of the infras-
tructure to other firms that specialize in managing that
infrastructure. There are three common
cloud-based architecture models. Figure 2-7 summarizes these
three models and compares them
to the client–server architecture.
The first column of this figure shows the thin client–server
architecture, in which the organi-
zation manages the entire application software and hardware. In
addition to the software compo-
nents we’ve discussed previously (the application logic, data
access logic, and the data themselves),
the servers need an operating system (e.g., Windows, Linux).
Most companies also use virtualiza-
tion software to install many virtual or logical servers on the
same physical computer. This software
(VMware is one of the leaders) creates a separate partition on
the physical server for each of the
logical servers. Each partition has its own operations system
and its own server software and works
independently from the other partitions.

This software must run on some hardware, which includes a
server, a storage device, and
the network itself. The server may be a large computer or a
server farm. A server farm is a clus-
ter of computers linked together so that they act as one
computer. Requests arrive at the server
farm (e.g., Web requests) and are distributed among the
computers so that no one computer is
�
� �
�
FIGURE 2-7
Cloud architecture
models compared to
thin client–server
architecture
Source: Adapted from
www.cbc.radio-canada.ca/
en/reporting-to-canadians/
sync/sync-issue-1-2012/
cloud-services
Thin-Client
Client-Server
Infrastructure
as a Service

Platform
as a Service
Software
as a Service
Who manages
which parts
Internal Outsourced Internal Outsourced Internal Outsourced
Internal Outsourced
Application Logic X X X X
Data Storage X X X X
Data Access Logic X X X X
Operating System X X X X
Virtualization
Software X X X X
Server Hardware X X X X
Storage Hardware X X X X
Network Hardware X X X X
FIGURE 2-8
One row of a server
farm at Indiana
University
Source: Courtesy of the
author, Alan Dennis

overloaded. Each computer is separate so that if one fails, the
server farm simply bypasses it.
Server farms are more complex than single servers because
work must be quickly coordinated
and shared among the individual computers. Server farms are
very scalable because one can always
add another computer. Figure 2-8 shows one row of a server
farm at Indiana University. There are
seven more rows like this one in this room, and another room
contains about the same number.
Many companies use separate storage devices instead of the
hard disks in the servers them-
selves. These storage devices are special-purpose hard disks
designed to be very large and very
fast. The six devices on the left of Figure 2-8 comprise a special
storage device called a storage
area network (SAN).
Software as a Service (SaaS) SaaS is one of the three cloud
computing models. With SaaS,
an organization outsources the entire application to the cloud
provider (see the last column of
Figure 2-7) and uses it as any other application that is available
via a browser (thin client). SaaS is
based on multitenancy. This means that rather than having many
copies of the same application,
http://www.cbc.radio-canada.ca/en/reporting-to-
canadians/sync/sync-issue-1-2012/cloud-services
�
� �

�
there is only one application that everybody shares, yet
everybody can customize it for his or her
specific needs. Imagine a giant office building in which all
people share the infrastructure (water,
A/C, electricity) but can customize the offices they are renting.
The customers can customize
the app and don’t have to worry about upgrades, security, or
underlying infrastructure because
the cloud provider does it all. The most frequently used SaaS
application is email. At Indiana
University, all student email is outsourced to Google’s Gmail.
Customer relationship management
(CRM) from Salesforce.com is another very commonly used
SaaS.
Platform as a Service (PaaS) PaaS is another of the three cloud
computing models. What if there
is an application you need but no cloud provider offers one you
like? You can build your own appli-
cation and manage your own data on the cloud infrastructure
provided by your cloud supplier.
This model is called Platform as a Service (PaaS). The
developers in your organization decide
what programming language to use to develop the application of
choice. The needed hardware and
software infrastructure, called the platform, is rented from the
cloud provider (see Figure 2-7). In
this case, the organization manages the application and its own
data but uses the database soft-
ware (data access logic) and operating system provided by the
cloud provider. PaaS offers a much

faster development and deployment of custom applications at a
fraction of the cost required for
the traditional client–server architecture. PaaS providers include
Amazon Elastic Cloud Compute
(EC2), Microsoft Windows Azure, and Google App Engine.
Infrastructure as a Service (IaaS) As you can see in Figure 2-7,
with Infrastructure as a Service
(IaaS), the cloud provider manages the hardware, including
servers, storage, and networking
components. The organization is responsible for all the
software, including operating system (and
virtualization software), database software, and its applications
and data. IaaS is sometimes
referred to also as HaaS, or Hardware as a Service, because in
this cloud model, only the
hardware is provided; everything else is up to the organization.
This model allows a decrease in
capital expenditures for hardware and maintaining the proper
environment (e.g., cooling) and
redundancy, and backups for data and applications. Providers of
IaaS are Amazon Web Services,
Microsoft Windows Azure, and Akamai.
In conclusion, cloud computing is a technology that
fundamentally changed the way we think
about applications in that they are rented and paid for as a
service. The idea is the same as for
utilities—water, gas, cable, and phone. The provider of the
utility builds and is running the infras-
tructure; you plug in and sign up for a type of service.
Sometimes you pay as you go (water, gas),
or you sign up for a level of service (phone, cable).
2.2.5 Peer-to-Peer Architectures
Peer-to-peer (P2P) architectures are very old, but their modern

design became popular in the
early 2000s with the rise of P2P file-sharing applications (e.g.,
Napster). With a P2P architecture,
all computers act as both a client and a server. Therefore, all
computers perform all four func-
tions: presentation logic, application logic, data access logic,
and data storage (see Figure 2-9).
With a P2P file-sharing application, a user uses the
presentation, application, and data access logic
FIGURE 2-9
Peer-to-peer
architecture
Client
(personal computer)
Client
(personal computer)
Presentation logic
Application logic
Data access logic
Data storage
Presentation logic
Application logic
Data access logic
Data storage
http://Salesforce.com
�
� �

�
installed on his or her computer to access the data stored on
another computer in the network.
With a P2P application-sharing network (e.g., grid computing
such as seti.org), other users in the
network can use others’ computers to access application logic as
well.
The advantage of P2P networks is that the data can be installed
anywhere on the network.
They spread the storage throughout the network, even globally,
so they can be very resilient to
the failure of any one computer. The challenge is finding the
data. There must be some central
server that enables you to find the data you need, so P2P
architectures often are combined with
a client–server architecture. Security is a major concern in most
P2P networks, so P2P archi-
tectures are not commonly used in organizations, except for
specialized computing needs (e.g.,
grid computing).
2.2.6 Choosing Architectures
Each of the preceding architectures has certain costs and
benefits, so how do you choose the “right”
architecture? In many cases, the architecture is simply a given;
the organization has a certain archi-
tecture, and one simply has to use it. In other cases, the
organization is acquiring new equipment
and writing new software and has the opportunity to develop a
new architecture, at least in some
part of the organization.

Almost all new applications today are client–server
applications. Client–server architectures
provide the best scalability, the ability to increase (or decrease)
the capacity of the servers to meet
changing needs. For example, we can easily add or remove
application servers or database servers
depending on whether we need more or less capacity for
application software or database software
and storage.
Client–server architectures are also the most reliable. We can
use multiple servers to perform
the same tasks, so that if one server fails, the remaining servers
continue to operate and users don’t
notice problems.
Finally, client–server architectures are usually the cheapest
because many tools exist to
develop them. And lots of client–server software exists for
specific parts of applications so we can
MANAGEMENT
FOCUS
2-1 Cloud Computing with Salesforce.com
Salesforce.com, the world’s number one cloud platform, is
the poster child for cloud computing. Companies used to
buy and install software for CRM, the process of identifying
potential customers, marketing to them, converting them
into customers, and managing the relationship to retain
them. The software and needed servers were expensive
and took a long time to acquire and install. Typically, only
large firms could afford it.

Salesforce.com changed this by offering a cloud
computing solution. The CRM software offered by
salesforce.com resides on the salesforce.com servers.
There is no need to buy and install new hardware or
software. Companies just pay a monthly fee to access
the software over the Internet. Companies can be up and
running in weeks, not months, and it is easy to scale
from a small implementation to a very large one. Because
salesforce.com can spread its costs over so many users,
they can offer deals to small companies that normally
wouldn’t be able to afford to buy and install their own
software. Salesforce is a very competitive organization
that is keeping up with the mobile world too. In fall 2013,
it announced the “Salesforce $1 Million Hackathon,”
where hundreds of teams competed to build the next killer
mobile app on the Salesforce platform. Yup, the winning
team will walk away with $1 million! Although we don’t
know the winner of this largest single hackathon, the
reader can discover this easily by googling it.
�
� �
�
World Wide Web 35

more quickly buy parts of the application we need. For example,
no one writes Shopping Carts
anymore; it’s cheaper to buy a Shopping Carts software
application and put it on an application
server than it is to write your own.
Client–server architectures also enable cloud computing. As we
mentioned in Section 2.2.4,
companies may choose to run a SaaS because of low price and
high scalability compared to tra-
ditional client–server architecture hosted at home. One major
issue that companies face when
choosing SaaS is the security of the data. Each company has to
evaluate the risk of its data being
compromised and select its cloud provider carefully. However,
SaaS is gaining popularity and com-
panies are becoming more and more accustomed to this solution.
2.3 WORLD WIDE WEB
The Web was first conceived in 1989 by Sir Tim Berners-Lee at
the European Particle Physics
Laboratory (CERN) in Geneva. His original idea was to develop
a database of information on
physics research, but he found it difficult to fit the information
into a traditional database. Instead,
he decided to use a hypertext network of information. With
hypertext, any document can contain
a link to any other document.
CERN’s first Web browser was created in 1990, but it was 1991
before it was available on the
Internet for other organizations to use. By the end of 1992,
several browsers had been created for
UNIX computers by CERN and several other European and
American universities, and there were

about 30 Web servers in the entire world. In 1993, Marc
Andreessen, a student at the University
of Illinois, led a team of students that wrote Mosaic, the first
graphical Web browser, as part of
a project for the university’s National Center for
Supercomputing Applications (NCSA). By the
end of 1993, the Mosaic browser was available for UNIX,
Windows, and Macintosh computers,
and there were about 200 Web servers in the world. Today, no
one knows for sure how many Web
servers there are. There are more than 250 million separate
websites, but many of these are hosted
on the same servers by large hosting companies such as
godaddy.com or Google sites.
2.3.1 How the Web Works
The Web is a good example of a two-tier client–server
architecture (Figure 2-10). Each client com-
puter needs an application layer software package called a Web
browser. There are many different
browsers, such as Microsoft’s Internet Explorer. Each server on
the network that will act as a Web
server needs an application layer software package called a Web
server. There are many different
Web servers, such as those produced by Microsoft and Apache.
To get a page from the Web, the user must type the Internet
uniform resource locator (URL)
for the page he or she wants (e.g., www.yahoo.com) or click on
a link that provides the URL.
FIGURE 2-10
How the Web works
Internet

HTTP
Request
HTTP
Response
Server computer with
Web Server
software
Client
computer with
Web Browser software
http://godaddy.com
�
� �
�
The URL specifies the Internet address of the Web server and
the directory and name of the specific
page wanted. If no directory and page are specified, the Web
server will provide whatever page has
been defined as the site’s home page.
For the requests from the Web browser to be understood by the
Web server, they must use
the same standard protocol or language. If there were no
standard and each Web browser used a

different protocol to request pages, then it would be impossible
for a Microsoft Web browser to
communicate with an Apache Web server, for example.
The standard protocol for communication between a Web
browser and a Web server is Hyper-
text Transfer Protocol (HTTP). To get a page from a Web
server, the Web browser issues a
special packet called an HTTP request that contains the URL
and other information about the
Web page requested (see Figure 2-10). Once the server receives
the HTTP request, it processes
it and sends back an HTTP response, which will be the
requested page or an error message (see
Figure 2-10).
This request–response dialogue occurs for every file transferred
between the client and the
server. For example, suppose the client requests a Web page
that has two graphic images. Graphics
are stored in separate files from the Web page itself using a
different file format than the HTML
used for the Web page (e.g., in JPEG [Joint Photographic
Experts Group] format). In this case,
there would be three request–response pairs. First, the browser
would issue a request for the
Web page, and the server would send the response. Then, the
browser would begin displaying
the Web page and notice the two graphic files. The browser
would then send a request for the first
graphic and a request for the second graphic, and the server
would reply with two separate HTTP
responses, one for each request.
2.3.2 Inside an HTTP Request
The HTTP request and HTTP response are examples of the

packets we introduced in Chapter 1
that are produced by the application layer and sent down to the
transport, network, data link, and
physical layers for transmission through the network. The HTTP
response and HTTP request are
simple text files that take the information provided by the
application (e.g., the URL to get) and
format it in a structured way so that the receiver of the message
can clearly understand it.
An HTTP request from a Web browser to a Web server has three
parts. The first two parts are
required; the last is optional. The parts are as follows:
◾ The request line, which starts with a command (e.g., get),
provides the Web page, and
ends with the HTTP version number that the browser
understands; the version number
ensures that the Web server does not attempt to use a more
advanced or newer version of
the HTTP standard that the browser does not understand.
◾ The request header, which contains a variety of optional
information such as the Web
browser being used (e.g., Internet Explorer) and the date.
◾ The request body, which contains information sent to the
server, such as information
that the user has typed into a form.
Figure 2-11 shows an example of an HTTP request for a page on
our Web server, formatted
using version 1.1 of the HTTP standard. This request has only
the request line and the request
header, because no request body is needed for this request. This
request includes the date and

time of the request (expressed in Greenwich Mean Time [GMT],
the time zone that runs through
London) and name of the browser used (Mozilla is the code
name for the browser). The “Referrer”
field means that the user obtained the URL for this Web page by
clicking on a link on another
page, which in this case is a list of faculty at Indiana University
(i.e., www.indiana.edu/∼isdept/
faculty.htm). If the referrer field is blank, then it means the user
typed the URL himself or herself.
You can see inside HTTP headers yourself at
www.rexswain.com/httpview.html.
http://www.indiana.edu/~isdept/faculty.htm
http://www.indiana.edu/~isdept/faculty.htm
�
� �
�
World Wide Web 37
FIGURE 2-11
An example of a
request from a Web
browser to a Web
server using the HTTP
(Hypertext Transfer
Protocol) standard
Request line
Request header

MANAGEMENT
FOCUS
2-2 Top Players in Cloud Email
Among the wide variety of applications that organi-
zations are using, email is most frequently deployed
as SaaS. Four major industry players provide email as
SaaS: Google, Microsoft, USA.NET, and Intermedia.
Although cloud-based email seems to appeal more to
smaller companies, it provides a cost–effective solution for
organizations with up to 15,000 users (as a rule of thumb).
Google was the first company to enter this market and
offered Google Apps, Calendar, and 30 Gb of storage in
addition to email. Microsoft entered this market in 2008
and offered Microsoft Office 365. Microsoft offers not only
email but the whole MS Office Suite. And, of course, all the
office applications are accessible from multiple devices.
USA.NET is a SaaS company that offers Microsoft Exchange
and robust security features that meet the federal and
industry regulations, such as FINRA and HIPAA. It services
approximately 6,000 organizations worldwide that provide
financial, health care, energy, and critical infrastructure
services. In addition, USA.NET offers Security-as-a-Service
platform from the cloud. Finally, Intermedia, which was
founded in 1995, is the largest Microsoft-hosted Exchange
provider. This was the first company to offer Hosted
Microsoft Exchange, and today, it has 90,000 customers
and more than 700,000 users. Just like Microsoft,
Intermedia delivers the Office Suite in the cloud.
The prices for the services these companies offer differ
quite a bit. The cheapest of these four companies is Google,

starting at $4.17 per user per month. However, these are
basic prices that increase with the number of features and
services added.
The response body in this example shows a Web page
in Hypertext Markup Language (HTML). The response
body can be in any format, such as text, Microsoft Word,
Adobe PDF, or a host of other formats, but the most
commonly used format is HTML. HTML was developed by
CERN at the same time as the first Web browser and has
evolved rapidly ever since. HTML is covered by standards
produced by the IETF, but Microsoft keeps making new
additions to HTML with every release of its browser, so the
HTML standard keeps changing.
2.3.3 Inside an HTTP Response
The format of an HTTP response from the server to the browser
is very similar to that of the HTTP
request. It, too, has three parts, with the first required and the
last two optional:
◾ The response status, which contains the HTTP version
number the server has used, a
status code (e.g., 200 means “OK”; 404 means “not found”), and
a reason phrase (a text
description of the status code).
�
� �
�

◾ The response header, which contains a variety of optional
information, such as the Web
server being used (e.g., Apache), the date, and the exact URL of
the page in the response.
◾ The response body, which is the Web page itself.
Figure 2-12 shows an example of a response from our Web
server to the request in Figure 2-11.
This example has all three parts. The response status reports
“OK,” which means the requested
URL was found and is included in the response body. The
response header provides the date, the
type of Web server software used, the actual URL included in
the response body, and the type
of file. In most cases, the actual URL and the requested URL
are the same, but not always. For
example, if you request an URL but do not specify a file name
(e.g., www.indiana.edu), you will
receive whatever file is defined as the home page for that
server, so the actual URL will be different
from the requested URL.
FIGURE 2-12
An example of a
response from a Web
server to a Web
browser using the
HTTP standard
Response status
Response header
Response body

�
� �
�
Electronic Mail 39
2.4 ELECTRONIC MAIL
Electronic mail (or email) was one of the earliest applications
on the Internet and is still among the
most heavily used today. With email, users create and send
messages to one user, several users, or
all users on a distribution list. Most email software enables
users to send text messages and attach
files from word processors, spreadsheets, graphics programs,
and so on. Many email packages also
permit you to filter or organize messages by priority.
Several standards have been developed to ensure compatibility
between different email soft-
ware packages. Any software package that conforms to a certain
standard can send messages that
are formatted using its rules. Any other package that
understands that particular standard can then
relay the message to its correct destination; however, if an
email package receives a mail message
in a different format, it may be unable to process it correctly.
Many email packages send using one
standard but can understand messages sent in several different
standards. The most commonly
used standard is SMTP (Simple Mail Transfer Protocol). Other
common standards are X.400 and

CMC (Common Messaging Calls). In this book, we will discuss
only SMTP, but CMC and X.400
both work essentially the same way. SMTP, X.400, and CMC
are different from one another (in the
same way that English differs from French or Spanish), but
several software packages are available
that translate between them, so that companies that use one
standard (e.g., CMC) can translate
messages they receive that use a different standard (e.g., SMTP)
into their usual standard as they
first enter the company and then treat them as “normal” email
messages after that.
2.4.1 How Email Works
The Simple Mail Transfer Protocol (SMTP) is the most
commonly used email standard simply
because it is the email standard used on the Internet. Email
works similarly to how the Web works,
but it is a bit more complex. SMTP email is usually
implemented as a two-tier thick client–server
application, but not always. We first explain how the normal
two-tier thick client architecture
works and then quickly contrast that with two alternate
architectures.
Two-Tier Email Architecture With a two-tier thick client–server
architecture, each client com-
puter runs an application layer software package called a mail
user agent, which is usually more
commonly called an email client (Figure 2-12). There are many
common email client software
packages such as Eudora and Outlook. The user creates the
email message using one of these
email clients, which formats the message into an SMTP packet
that includes information such as
the sender’s address and the destination address.

The user agent then sends the SMTP packet to a mail server that
runs a special application
layer software package called a mail transfer agent, which is
more commonly called mail server
software (see Figure 2-13).
This email server reads the SMTP packet to find the destination
address and then sends the
packet on its way through the network—often over the
Internet—from mail server to mail server,
until it reaches the mail server specified in the destination
address (see Figure 2-13). The mail
transfer agent on the destination server then stores the message
in the receiver’s mailbox on that
server. The message sits in the mailbox assigned to the user
who is to receive the message until he
or she checks for new mail.
The SMTP standard covers message transmission between mail
servers (i.e., mail server to
mail server) and between the originating email client and its
mail server. A different standard is
used to communicate between the receiver’s email client and his
or her mail server. Two commonly
used standards for communication between email client and
mail server are Post Office Protocol
(POP) and Internet Message Access Protocol (IMAP). Although
there are several important
technical differences between POP and IMAP, the most
noticeable difference is that before a user
can read a mail message with a POP (version 3) email client, the
email message must be copied to

�
� �
�
FIGURE 2-13
How SMTP (Simple
Mail Transfer
Protocol) email works.
IMAP = Internet
Message Access
Protocol; LAN =
Local Area Network;
POP = Post Office
Protocol
LAN
email server
software
Client
computer with
email client software
(mail user group)
LAN
Internet
IMAP or

POP packet
IMAP or
POP packet
SMTP
packet
SMTP
packet
(mail
transfer agent)
email server
software
(mail
transfer agent)
SMTP
packet
Client
computer with
email client software
(mail user group)
the client computer’s hard disk and deleted from the mail
server. With IMAP, email messages can
remain stored on the mail server after they are read. IMAP
therefore offers considerable benefits
to users who read their email from many different computers
(e.g., home, office, computer labs)

because they no longer need to worry about having old email
messages scattered across several
client computers; all email is stored on the server until it is
deleted.
In our example in Figure 2-13, when the receiver next accesses
his or her email, the email
client on his or her computer contacts the mail server by
sending an IMAP or a POP packet that
asks for the contents of the user’s mailbox. In Figure 2-13, we
show this as an IMAP packet, but it
could just as easily be a POP packet. When the mail server
receives the IMAP or POP request, it
converts the original SMTP packet created by the message
sender into a POP or an IMAP packet
that is sent to the client computer, which the user reads with the
email client. Therefore, any email
client using POP or IMAP must also understand SMTP to create
messages. POP and IMAP pro-
vide a host of functions that enable the user to manage his or
her email, such as creating mail
folders, deleting mail, creating address books, and so on. If the
user sends a POP or an IMAP
request for one of these functions, the mail server will perform
the function and send back a POP
or an IMAP response packet that is much like an HTTP response
packet.
Three-Tier Thin Client–Server Architecture The three-tier thin
client–server email architecture
uses a Web server and Web browser to provide access to your
email. With this architecture, you
do not need an email client on your client computer. Instead,
you use your Web browser. This type
of email is sometimes called Web-based email and is provided
by a variety of companies such as

Hotmail and Yahoo!.
You use your browser to connect to a page on a Web server that
lets you write the email
message by filling in a form. When you click the send button,
your Web browser sends the form
information to the Web server inside an HTTP request (Figure
2-14). The Web server runs
a program (e.g., written in C or Perl) that takes the information
from the HTTP request and
�
� �
�
Electronic Mail 41
FIGURE 2-14
Inside the Web. HTTP
= Hypertext Transfer
Protocol; IMAP =
Internet Message
Access Protocol;
LAN = Local Area
Network; POP = Post
Office Protocol;
SMTP = Simple Mail
Transfer Protocol
LAN

web server
software
mail server
software
web server
software
Client
computer with
web browser
LAN
Internet
HTTP
request
SMTP
packet
SMTP packet
SMTP
packet
mail server

software
IMAP packet
HTTP
request
HTTP
response
IMAP packetClient
computer with
web browser
HTTP
response
builds an SMTP packet that contains the email message.
Although not important to our example,
it also sends an HTTP response back to the client. The Web
server then sends the SMTP packet
to the mail server, which processes the SMTP packet as though
it came from a client computer.
The SMTP packet flows through the network in the same
manner as before. When it arrives at
the destination mail server, it is placed in the receiver’s
mailbox.
When the receiver wants to check his or her mail, he or she uses
a Web browser to send an
HTTP request to a Web server (see Figure 2-14). A program on
the Web server (e.g., in C or
Perl) processes the request and sends the appropriate POP
request to the mail server. The mail
server responds with a POP packet, which is a program on the
Web server converts into an HTTP

response and sends to the client. The client then displays the
email message in the Web browser
Web-based email.
TECHNICAL
FOCUS
2-2 SMTP Transmission
SMTP (Simple Mail Transfer Protocol) is an older protocol,
and transmission using it is rather complicated. If we were
going to design it again, we would likely find a simpler
transmission method. Conceptually, we think of an SMTP
packet as one packet. However, SMTP mail transfer agents
transmit each element within the SMTP packet as a separate
packet and wait for the receiver to respond with an “OK”
before sending the next element.
For example, in Figure 2-15, the sending mail transfer
agent would send the from address and wait for an OK from
the receiver. Then it would send the to address and wait for
an OK. Then it would send the date, and so on, with the
last item being the entire message sent as one element.
�
� �
�
FIGURE 2-15

An example of an
email message using
the SMTP (Simple
Mail Transfer
Protocol) standard
Header
Body
A simple comparison of Figures 2-13 and 2-14 will quickly
show that the three-tier approach
using a Web browser is much more complicated than the normal
two-tier approach. So why do
it? Well, it is simpler to have just a Web browser on the client
computer rather than to require
the user to install a special email client on his or her computer
and then set up the special email
client to connect to the correct mail server using either POP or
IMAP. It is simpler for the user to
just type the URL of the Web server providing the mail services
into his or her browser and begin
using mail. This also means that users can check their email
from a public computer anywhere on
the Internet.
It is also important to note that the sender and receiver do not
have to use the same architec-
ture for their email. The sender could use a two-tier client–
server architecture, and the receiver,
a host-based or three-tier client–server architecture. Because all
communication is standardized
using SMTP between the different mail servers, how the users
interact with their mail servers is
unimportant. Each organization can use a different approach.

In fact, there is nothing to prevent one organization from using
all three architectures simul-
taneously. At Indiana University, email is usually accessed
through an email client (e.g., Microsoft
Outlook) but is also accessed over the Web because many users
travel internationally and find it
easier to borrow a Web browser with Internet access than to
borrow an email client and set it up
to use the Indiana University mail server.
2.4.2 Inside an SMTP Packet
SMTP defines how message transfer agents operate and how
they format messages sent to other
message transfer agents. An SMTP packet has two parts:
◾ The header, which lists source and destination email
addresses (possibly in text form
[e.g., “Pat Smith”]) as well as the address itself (e.g.,
[email protected]), date,
subject, and so on.
◾ The body, which is the word DATA, followed by the message
itself.
Figure 2-15 shows a simple email message formatted using
SMTP. The header of an SMTP
message has a series of fields that provide specific information,
such as the sender’s email address,
the receiver’s address, date, and so on. The information in
quotes on the from and to lines is ignored
by SMTP; only the information in the angle brackets is used in
email addresses. The message
ID field is used to provide a unique identification code so that
the message can be tracked. The
message body contains the actual text of the message itself.

�
� �
�
Other Applications 43
2.4.3 Attachments in Multipurpose Internet Mail Extension
As the name suggests, SMTP is a simple standard that permits
only the transfer of text messages. It
was developed in the early days of computing, when no one had
even thought about using email
to transfer nontext files such as graphics or word processing
documents. Several standards for
nontext files have been developed that can operate together with
SMTP, such as Multipurpose
Internet Mail Extension (MIME), uuencode, and binhex.
Each of the standards is different, but all work in the same
general way. The MIME software,
which exists as part of the email client, takes the nontext file,
such as a PowerPoint graphic file,
and translates each byte in the file into a special code that looks
like regular text. This encoded
section of “text” is then labeled with a series of special fields
understood by SMTP as identifying
a MIME-encoded attachment and specifying information about
the attachment (e.g., name of
file, type of file). When the receiver’s email client receives the
SMTP message with the MIME
attachment, it recognizes the MIME “text” and uses its MIME
software (i.e., part of the email
client) to translate the file from MIME “text” back into its

original format.
2.5 OTHER APPLICATIONS
There are literally thousands of applications that run on the
Internet and on other networks. Most
application software that we develop today, whether for sale or
for private internal use, runs on a
network. We could spend years talking about different network
applications and still cover only a
small number.
A Day in the Life: Network Manager
It was a typical day for a network manager. It began with the
setup and troubleshooting for
a videoconference. Videoconferencing is fairly routine activity
but this one was a little dif-
ferent; we were trying to videoconference with a different
company who used different stan-
dards than we did. We attempted to use our usual Web-based
videoconferencing but could
not connect. We fell back to videoconferencing over telephone
lines, which required bringing
in our videoconferencing services group. It took 2 hours, but we
finally had the technology
working.
The next activity was building a Windows database server. This
involved installing soft-
ware, adding a server into our ADS (Active Directory Services)
domain, and setting up the
user accounts. Once the server was on the network, it was
critical to install all the security
patches for both the operating system and database server. We
receive so many security attacks
that it is our policy to install all security patches on the same
day that new software or servers

are placed on the network or the patches are released.
After lunch, the next 2 hours was spent in a boring policy
meeting. These meetings
are a necessary evil to ensure that the network is well-managed.
It is critical that users
understand what the network can and can’t be used for, and our
ability to respond to users’
demands. Managing users’ expectations about support and use
rules helps ensure high user
satisfaction.
The rest of the day was spent refining the tool we use to track
network utilization. We have
a simple intrusion detection system to detect hackers, but we
wanted to provide more detailed
information on network errors and network utilization to better
assist us in network planning.
Source: With thanks to Jared Beard
�
� �
�
Fortunately, most network application software works in much
the same way as the Web or
email. In this section, we will briefly discuss only three
commonly used applications: Telnet, instant
messaging, and video conferencing.

2.5.1 Telnet
Telnet enables users to log in to servers (or other clients). It
requires an application layer program
on the client computer and an application layer program on the
server or host computer. Once
Telnet makes the connection from the client to the server, you
must use the account name and
password of an authorized user to log in.
Although Telnet was developed in the very early days of the
Internet (actually, the very first
application that tested the connectivity on ARPANET was
Telnet), it is still widely used today.
Because it was developed so long ago, Telnet assumes a host-
based architecture. Any key strokes
that you type using Telnet are sent to the server for processing,
and then the server instructs the
client what to display on the screen.
One of the most frequently used Telnet software packages is
PuTTY. PuTTY is open source
and can be downloaded for free (and in case you’re wondering,
the name does not stand for any-
thing, although TTY is a commonly used abbreviation for
“terminal” in UNIX-based systems).
The very first Telnet applications posed a great security threat
because every key stroke was
sent over the network as plain text. PuTTY uses secure shell
(SSH) encryption when communi-
cating with the server so that no one can read what is typed. An
additional advantage of PuTTY is
that it can run on multiple platforms, such as Windows, Mac, or
Linux. Today, PuTTY is routinely
used by network administrators to log in to servers and routers

to make configuration changes.
MANAGEMENT
FOCUS
2-3 Tagging People
Joseph Krull has a chip on his shoulder—well, in his shoul-
der to be specific. Krull is one of a small but growing num-
ber of people who have a Radio Frequency Identification
(RFID) chip implanted in their bodies.
RFID technology has been used to identify pets, so that
lost pets can be easily reunited with their owners. Now, the
technology is being used for humans.
Krull has a blown left pupil from a skiing accident. If he
were injured in an accident and unable to communicate,
an emergency room doctor might misinterpret his blown
pupil as a sign of a major head injury and begin drilling
holes to relieve pressure. Now doctors can use the RFID
chip to identify Krull and quickly locate his complete med-
ical records on the Internet.
Critics say such RFID chips pose huge privacy risks
because they enable any firms using RFID to track users
such as Krull. Retailers, for example, can track when he
enters and leaves their stores.
Krull doesn’t care. He believes the advantages of hav-
ing his complete medical records available to any doctor
greatly outweigh the privacy concerns.
Tagging people is no longer the novelty it once was;
in fact, today it is a U.S. Food and Drug Administration

approved procedure. More than 10% of all RFID research
projects worldwide involve tagging people. There are even
do-it-yourself RFID tagging kits available—not that we
would recommend them (www.youtube.com/watch?v=
vsk6dJr4wps).
Besides the application to health records, RFID is
also being used for security applications, even something
as simple as door locks. Imagine having an RFID-based
door lock that opens automatically when you walk up to it
because it recognizes the RFID tag in your body.
Adapted from NetworkWorld, ZDNet, and GizMag.com.
http://GizMag.com
�
� �
�
Other Applications 45
2.5.2 Instant Messaging
One of the fastest growing Internet applications has been instant
messaging (IM). With IM, you
can exchange real-time typed messages or chat with your
friends. Some IM software also enables
you to verbally talk with your friends in the same way as you
might use the telephone or to use
cameras to exchange real-time video in the same way you might
use a videoconferencing system.
Several types of IM currently exist, including Google Talk and
AOL Instant Messenger.

IM works in much the same way as the Web. The client
computer needs an IM client software
package, which communicates with an IM server software
package that runs on a server. When
the user connects to the Internet, the IM client software package
sends an IM request packet to
the IM server informing it that the user is now online. The IM
client software package continues
to communicate with the IM server to monitor what other users
have connected to the IM server.
When one of your friends connects to the IM server, the IM
server sends an IM packet to your
client computer so that you now know that your friend is
connected to the Internet. The server also
sends a packet to your friend’s client computer so that he or she
knows that you are on the Internet.
With the click of a button, you can both begin chatting. When
you type text, your IM client
creates an IM packet that is sent to the IM server (Figure 2-16).
The server then retransmits the
packet to your friend. Several people may be part of the same
chat session, in which case the server
sends a copy of the packet to all of the client computers. IM
also provides a way for different servers
to communicate with one another, and for the client computers
to communicate directly with each
other. Additionally, IM will do voice and video.
2.5.3 Videoconferencing
Videoconferencing provides real-time transmission of video and
audio signals to enable peo-
ple in two or more locations to have a meeting. In some cases,
videoconferences are held in

FIGURE 2-16
How Instant
Messaging (IM) works.
LAN = Local Area
Network
LAN
LAN
IM server
software
Client
computer with
email client
software
LAN
Internet
IM
packet
IM
packet
IM
packet
IM
packet
Client

computer with
IM client software
�
� �
�
FIGURE 2-17
A Cisco telepresence
system
Source: Courtesy Cisco
Systems, Inc. Unauthorized
use not permitted
special-purpose meeting rooms with one or more cameras and
several video display monitors
to capture and display the video signals (Figure 2-17). Special
audio microphones and speakers
are used to capture and play audio signals. The audio and video
signals are combined into one
signal that is transmitted through a MAN or WAN to people at
the other location. Most of this
type of videoconferencing involves two teams in two separate
meeting rooms, but some systems
can support conferences of up to eight separate meeting rooms.
Some advanced systems pro-
vide telepresence, which is of such high quality that you feel
you are face-to-face with the other
participants.

The fastest growing form of videoconferencing is desktop
videoconferencing. Small
cameras installed on top of each computer permit meetings to
take place from individual offices
(Figure 2-18). Special application software (e.g., Yahoo! IM,
Skype, Net Meeting) is installed
on the client computer and transmits the images across a
network to application software on a
FIGURE 2-18
Desktop
videoconferencing
use not permitted
�
� �
�
Implications for Cyber Security 47
videoconferencing server. The server then sends the signals to
the other client computers that
want to participate in the videoconference. In some cases, the
clients can communicate with
one another without using the server. The cost of desktop
videoconferencing ranges from less
than $20 per computer for inexpensive systems to more than
$1,000 for high-quality systems.
Some systems have integrated conferencing software with
desktop videoconferencing, enabling

participants to communicate verbally and, by using applications
such as white boards, to attend
the same meeting while they are sitting at the computers in their
offices.
The transmission of video requires a lot of network capacity.
Most videoconferencing uses
data compression to reduce the amount of data transmitted.
Surprisingly, the most common com-
plaint is not the quality of the video image but the quality of the
voice transmissions. Special care
needs to be taken in the design and placement of microphones
and speakers to ensure quality
sound and minimal feedback.
Most videoconferencing systems were originally developed by
vendors using different
formats, so many products were incompatible. The best solution
was to ensure that all hardware
and software used within an organization was supplied by the
same vendor and to hope that any
other organizations with whom you wanted to communicate
used the same equipment. Today,
three standards are in common use: H.320, H.323, and MPEG-2
(also called ISO 13818-2).
Each of these standards was developed by different
organizations and is supported by different
products. They are not compatible, although some application
software packages understand
more than one standard. H.320 is designed for room-to-room
videoconferencing over high-speed
telephone lines. H.323 is a family of standards designed for
desktop videoconferencing and just
simple audio conferencing over the Internet. MPEG-2 is
designed for faster connections, such as
a LAN or specially designed, privately operated WAN.

Webcasting is a special type of one-directional
videoconferencing in which content is sent
from the server to the user. The developer creates content that is
downloaded as needed by the
users and played by a plug-in to a Web browser. At present,
there are no standards for Webcast
technologies, but the products by RealNetworks.com are the de
facto standards.
The first implication for security from this chapter is that the
primary purpose of a network is to
provide a worry-free and secure environment in which
applications can run. However, a secure
network is not enough. All applications that are allowed on the
network must be secure too. Appli-
cation security must be implemented at the time when the
application is coded and if any security
holes are discovered, updates (also called patches) must be
issued by the vendor of the application.
Users then must install the update as soon as the patch is
available; otherwise, they are not only
compromising their application and computer but also the whole
network to which this computer
is connected.
One of the most commonly used business application is an SQL
database server, a common
part of a three- or four-tier client–server architecture. You
might have heard of SQL injection—
one of the top three security risks on the Internet that is enabled
by unsecured websites that allow
you to enter text information into a form, such as registering for
an event. SQL injections area
vulnerability where the website allows an attacker to enter SQL

commands through the textbox
rather than just plain text. Because the attacker can enter a
command, he or she can then hijack
the whole database and take all the data that is stored in it. Here
is a good video that explains it in
more detail:
https://www.youtube.com/watch?v=FwIUkAwKzG8. Therefore,
when designing any
applications, one must pay lot of attention to potential security
holes and exploits.
Finally, another very frequently used hacking technique is email
spoofing. Email spoofing is
the creation of email messages that have forged the sender
address. It turns out that it is very easy to
https://www.youtube.com/watch?v=FwIUkAwKzG8
http://RealNetworks.com
�
� �
�
spoof an email address, check it out for yourself:
https://www.youtube.com/watch?v=RHW-WK
-unmo. So, before you reply to any email that sounds
suspicious, check the IP address where the
email came from. We will learn about IP addresses in Chapters
5 and 7.
MANAGEMENT

FOCUS
2-4 Cloud-Hosted Virtual Desktops
While cloud computing started on the server side, it is
quickly moving to the client side—the desktop. Imagine
that you work for a multinational organization and fly
several times a year to different parts of the world to do
your job. Your organization doesn’t want you to travel with
a laptop because they fear that you can lose the laptop
with the data on it but they want you to be able to log in
to any desktop in any office around the world and have
your desktop appear on the screen. Well, with the cloud
technology, this is possible, and many companies are
taking advantage of this new service. Could you guess its
name? Yes, Desktop-as-a-Service (DaaS). Several compa-
nies offer DaaS without the infrastructure cost and with
reduced complexity of deploying desktops. This service
works as a monthly subscription service and includes data
center hardware and facilities and also security. Dell DaaS
on Demand and Amazon WorkSpaces are among the
service providers of DaaS.
SUMMARY
Application Architectures There are four fundamental
application architectures. In host-
based networks, the server performs virtually all of the work. In
client-based networks, the client
computer does most of the work; the server is used only for data
storage. In client–server networks,
the work is shared between the servers and clients. The client
performs all presentation logic, the
server handles all data storage and data access logic, and one or

both perform the application logic.
With P2P networks, client computers also play the role of a
server. Client–server networks can be
cheaper to install and often better balance the network loads but
are more complex to develop and
manage. Cloud computing is a form of client–server
architecture.
World Wide Web One of the fastest growing Internet
applications is the Web, which was first
developed in 1990. The Web enables the display of rich
graphical images, pictures, full-motion
video, and sound. The Web is the most common way for
businesses to establish a presence on the
Internet. The Web has two application software packages: a
Web browser on the client and a Web
server on the server. Web browsers and servers communicate
with one another using a standard
called HTTP. Most Web pages are written in HTML, but many
also use other formats. The Web
contains information on just about every topic under the sun,
but finding it and making sure the
information is reliable are major problems.
Electronic Mail With email, users create and send messages
using an application layer software
package on client computers called user agents. The user agent
sends the mail to a server running
an application layer software package called a mail transfer
agent, which then forward the mes-
sage through a series of mail transfer agents to the mail transfer
agent on the receiver’s server.
Email is faster and cheaper than regular mail and can substitute
for telephone conversations in
some cases. Several standards have been developed to ensure
compatibility between different user

agents and mail transfer agents such as SMTP, POP, and IMAP.
https://www.youtube.com/watch?v=RHW-WK-unmo
https://www.youtube.com/watch?v=RHW-WK-unmo
�
� �
�
Questions 49
KEY TERMS
application architecture,
26
application logic, 27
application security, 47
body, 42
client-based architectures,
27
client–server
architectures, 27
cloud-based architecture,
31
cloud computing, 35
cloud providers, 26
data access logic, 27
data storage, 26
desktop

videoconferencing, 46
distributed computing
model, 31
distribution list, 39
email, 39
H.320, 47
H.323, 47
Hardware as a Service
(HaaS), 33
header, 42
host-based architectures,
27
HTTP request, 36
HTTP response, 36
hybrid cloud strategy, 26
Hypertext Markup
Language (HTML), 37
Hypertext Transfer
Protocol (HTTP), 36
Infrastructure as a Service
(IaaS), 33
instant messaging (IM),
45
Internet, 25
Internet Message Access
Protocol (IMAP), 39

mail transfer agent, 39
mail user agent, 39
middleware, 29
MPEG-2, 47
Multipurpose Internet
Mail Extension
(MIME), 43
multitenancy, 32
n-tier architecture, 29
peer-to-peer
architectures, 27
Platform as a Service
(PaaS), 33
Post Office Protocol
(POP), 39
presentation logic, 27
protocol, 36
pure strategy, 26
request body, 36
request header, 36
request line, 36
response body, 38
response header, 38
response status, 37
scalability, 34
server farm, 31
Simple Mail Transfer
Protocol (SMTP), 39

SMTP header, 51
software as a service
(SaaS), 26
SQL injection, 47
storage area network, 32
Telnet, 44
thick client, 31
thin client, 31
three-tier architecture, 29
two-tier architecture, 29
uniform resource locator
(URL), 35
Videoconferencing, 45
Web browser, 35
Webcasting, 47
Web server, 35
QUESTIONS
1. What are the different types of application architec-
tures?
2. Describe the four basic functions of an application soft-
ware package.
3. What are the advantages and disadvantages of
host-based networks versus client–server networks?
4. What is middleware, and what does it do?
5. Suppose your organization was contemplating switch-
ing from a host-based architecture to client–server.
What problems would you foresee?

6. Which is less expensive: host-based networks or
client–server networks? Explain.
7. Compare and contrast two-tier, three-tier, and n-tier
client–server architectures. What are the technical dif-
ferences, and what advantages and disadvantages does
each offer?
8. How does a thin client differ from a thick client?
9. What are the benefits of cloud computing?
10. Compare and contrast the three cloud computing
models.
11. What is a network computer?
12. For what is HTTP used? What are its major parts?
13. For what is HTML used?
14. Describe how a Web browser and Web server work
together to send a Web page to a user.
15. Can a mail sender use a two-tier architecture to send
mail to a receiver using a three-tier architecture?
Explain.
16. Describe how mail user agents and mail transfer agents
work together to transfer mail messages.
17. What roles do SMTP, POP, and IMAP play in sending
and receiving email on the Internet?
18. What are the major parts of an email message?
19. What is a virtual server?
20. What is Telnet, and why is it useful?
21. What is cloud computing?
22. Explain how IM works.

23. Compare and contrast the application architecture for
videoconferencing and the architecture for email.
24. Which of the common application architectures for
email (two-tier client–server, Web-based) is “best”?
Explain.
25. Some experts argue that thin-client client–server
architectures are really host-based architectures in dis-
guise and suffer from the same old problems. Do you
agree? Explain.
�
� �
�
EXERCISES
A. Investigate the use of the major architectures by a local
organization (e.g., your university). Which architec-
ture(s) does it use most often and what does it see itself
doing in the future? Why?
B. What are the costs of thin-client versus thick-client
architectures? Search the Web for at least two different
studies and be sure to report your sources. What are
the likely reasons for the differences between the two?
C. Investigate which companies are the most reliable

cloud computing providers for small business.
D. What application architecture does your university use
for email? Explain.
E. Investigate the options for having your private cloud as
an individual. Hint: Try the Apple website.
MINICASES
I. Deals-R-Us Brokers (Part 1) Fred Jones, a distant
relative of yours and president of Deals-R-Us Brokers
(DRUB), has come to you for advice. DRUB is a small
brokerage house that enables its clients to buy and sell
stocks over the Internet, as well as place traditional
orders by phone or fax. DRUB has just decided to offer
a set of stock analysis tools that will help its clients
more easily pick winning stocks, or so Fred tells you.
Fred’s information systems department has presented
him with two alternatives for developing the new tools.
The first alternative will have a special tool developed in
C++ that clients will download onto their computers to
run. The tool will communicate with the DRUB server
to select data to analyze. The second alternative will have
the C++ program running on the server, the client will
use his or her browser to interact with the server.
a. Classify the two alternatives in terms of what type of
application architecture they use.
b. Outline the pros and cons of the two alternatives
and make a recommendation to Fred about which is
better.
II. Deals-R-Us Brokers (Part 2) Fred Jones, a distant
relative of yours and president of Deals-R-Us Brokers

(DRUB), has come to you for advice. DRUB is a small
brokerage house that enables its clients to buy and sell
stocks over the Internet, as well as place traditional
orders by phone or fax. DRUB has just decided to install
a new email package. The IT department offered Fred
two solutions. First, it could host the email in-house
using Microsoft Exchange Server. The second solu-
tion would be to use one of the cloud-based providers
and completely outsource the company email. The IT
department also explained to Fred that both solutions
would allow users to access email on their desktops and
laptops and also on their smart devices.
a. Briefly explain to Fred, in layperson’s terms, the dif-
ferences between the two.
b. Outline the pros and cons of the two alternatives
and make a recommendation to Fred about which is
better.
III. Accurate Accounting Diego Lopez is the managing
partner of Accurate Accounting, a small accounting
firm that operates a dozen offices in California. Accu-
rate Accounting provides audit and consulting ser-
vices to a growing number of small- and medium-sized
firms, many of which are high technology firms. Accu-
rate Accounting staff typically spend many days on-site
with clients during their consulting and audit projects,
but has increasingly been using email and IM to
work with clients. Now, many firms are pushing Accu-
rate Accounting to adopt videoconferencing. Diego
is concerned about what videoconferencing software
and hardware to install. While Accurate Accounting’s
email system enables it to exchange email with any
client, using IM has proved difficult because Accurate

Accounting has had to use one IM software package
with some companies and different IM software with
others. Diego is concerned that videoconferencing may
prove to be as difficult to manage as IM. “Why can’t IM
work as simply as email?” he asks. “Will my new video-
conferencing software and hardware work as simply as
email, or will it be IM all over again?” Prepare a response
to his questions.
�
� �
�
Hands-On Activity 2A 51
IV. Ling Galleries Howard Ling is a famous artist with two
galleries in Hawaii. Many of his paintings and prints are
sold to tourists who visit Hawaii from Hong Kong and
Japan. He paints 6 to 10 new paintings a year, which sell
for $50,000 each. The real money comes from the sales
of prints; a popular painting will sell 1,000 prints at a
retail price of $1,500 each. Some prints sell very quickly,
while others do not. As an artist, Howard paints what he
wants to paint. As a businessman, Howard also wants
to create art that sells well. Howard visits each gallery
once a month to talk with clients, but enjoys talking
with the gallery staff on a weekly basis to learn what
visitors say about his work and to get ideas for future
work. Howard has decided to open two new galleries,
one in Hong Kong and one in Tokyo. How can the Inter-
net help Howard with the two new galleries?

CASE STUDY
See the book companion site at
www.wiley.com/college/fitzgerald.
Tracing Your Email
Most email today is spam, unwanted commercial email, or
phishing, fake email designed to separate you from your
money. Criminals routinely send fake emails that try to
get you to tell them your log-in information for your bank
or your PayPal account, so they can steal the information,
log-in as you, and steal your money.
It is very easy to fake a return address on an email, so sim-
ply looking to make sure that an email has a valid sender is
not sufficient to ensure that the email was actually sent by
the person or company that claims to have sent it. However,
every SMTP email packet contains information in its header
about who actually sent the email. You can read this infor-
mation yourself, or you can use a tool designed to simplify
the process for you. The objective of this Activity is for you to
trace an email you have received to see if the sending address
on the email is actually the organization that sent it.
There are many tools you can use to trace your email. We
like a tool called eMail Tracker Pro, which has a free version
that lasts 15 days.
1. Go to www.emailtrackerpro.com and download and
install eMail Tracker Pro.

2. Log-in to your email and find an email message you
want to trace. I recently received an email supposedly
from Wachovia Bank; the sender’s email address was
[email protected]
3. After you open the email, find the option that enables
you to view the Internet header or source of the mes-
sage (in Microsoft Outlook, click the Options tab
and look at the bottom of the box that pops up).
Figure 2-19 shows the email I received and how to find
the SMTP header (which Outlook calls the Internet
header). Copy the entire SMTP header to the clip-
board.
4. Start eMail Tracker Pro. Select Trace an email, and
paste the SMTP header into the box provided. Click
Trace to start the trace.
5. It may take up to 30 seconds to trace the email, so be
patient. Figure 2-20 shows the results from the email I
received. The email supposedly from Wachovia Bank
was actually from a company named Musser and
Kouri Law whose primary contact is Musser Ratliff,
CPA, which uses SBC in Plano, Texas, as its Internet
service provider. We suspect that someone broke into
this company’s network and used their email server
without permission, or fraudulently used this com-
pany’s name and contact information on its domain
registration.
Deliverables
Trace one email. Print the original email message and the
trace results.

�
� �
�
Internet headers
FIGURE 2-19 Viewing the SMTP packet header
�
� �
�
FIGURE 2-20 Viewing the source of the SMTP packet
Source: http://www.visualware.com/contact.html
Seeing SMTP and POP PDUs
We’ve discussed about how messages are transferred using
layers and the different protocol data units (PDUs) used at
each layer. The objective of this Activity is for you to see
the different PDUs in the messages that you send. To do
this, we’ll use Wireshark, which is one of the world’s fore-
most network protocol analyzers, and is the de facto standard
that most professional and education institutions use today.

It is used for network troubleshooting, network analysis,
software and communications protocol development, and
general education about how networks work. Wireshark
enables you to see all messages sent by your computer and
may also let you see the messages sent by other users on your
LAN (depending on how your LAN is configured).
For this activity, you can capture your own SMTP and
POP packets using Wireshark, or use two files that we’ve
created by capturing SMTP and POP packets. We’ll assume
you’re going to use our files. If you’d like to capture your own
�
� �
�
packets, read Hands-On Activity 1B in Chapter 1 and use
your two-tier email client to create and send an email mes-
sage instead of your Web browser. If you’d like to use our
files, go to the website for this book and download the two
files: SMTP Capture.pkt and POP3 Capture.pkt.
Part 1: SMTP
1. Start Wireshark and either capture your SMTP pack-
ets or open the file called SMTP Capture.pkt.
FIGURE 2-21 SMTP packets in Wireshark

2. We used the email software on our client computer to
send an email message to our email server. Figure 2-21
shows the packets we captured that were sent to
and from the client computer (called 192.168.1.100)
and the server (128.196.40.4) to send this message
from the client to the server. The first few packets
are called the handshake, as the client connects to
the server and the server acknowledges it is ready to
receive a new email message.
�
� �
�
3. Packet 8 is the start of the email message that identifies
the sender. The next packet from the client (packet 10)
provides the recipient address and then the email
message starts with the DATA command (packet 12)
and is spread over several packets (14, 15, and 17)
because it is too large to fit in one Ethernet frame.
(Remember that the sender’s transport layer breaks
up large messages into several smaller TCP segments
for transmission and the receiver’s transport layer
reassembles the segments back into the one SMTP
message.)
FIGURE 2-22 POP packets in Wireshark
4. Packet 14 contains the first part of the message that
the user wrote. It’s not that easy to read, but by look-

ing in the bottom window, you can see what the
sender wrote.
Deliverables
1. List the information in the SMTP header (to, from,
date, subject, message ID#).
�
� �
�
2. Look through the packets to read the user’s mes-
sage. List the user’s actual name (not his or her email
address), his or her birth date, and his or her SSN.
3. Some experts believe that sending an email message
is like sending a postcard. Why? How secure is SMTP
email? How could security be improved?
Part 2: POP
1. Start Wireshark and either capture your SMTP pack-
ets or open the file called POP3 Capture.pkt. (Note:
Depending on the version of Wireshark you are using,
the file extension may be pkt or pcap.)
2. We used the email software on our client com-
puter to read an email message that was our email
server. Figure 2-22 shows the packets we captured

that were sent to and from the client computer (called
128.196.239.91) and the server (128.192.40.4) to send
an email message from the server to the client. The
first few packets are called the handshake, as the client
logs in to the server and the server accepts the log-in.
3. Packet 12 is the POP STAT command (status) that
asks the server to show the number of email messages
in the user’s mailbox. The server responds in packet 13
and tells the client there is one message.
4. Packet 16 is the POP LIST command that asks the
server to send the client a summary of email messages,
which it does in packet 17.
5. Packet 18 is the POP RETR command (retrieve) that
asks the server to send message 1 to the client. Pack-
ets 20, 22, and 23 contain the email message. It’s not
that easy to read, but by looking in the bottom window
for packet 20, you can see what the sender wrote. You
can also expand the POP packet in the middle packet
detail window (by clicking on the + box in front of it),
which is easier to read.
Deliverables
1. Packets 5 through 11 are the log-in process. Can you
read the user id and passwords? Why or why not?
2. Look through the packets to read the user’s mes-
sage. List the user’s actual name (not his or her email
address), his or her birth date, and his or her SSN.

�
� �
�
C H A P T E R 3
PHYSICAL LAYER
The physical layer (also called layer 1) is the physical
connection between the computers and/or
devices in the network. This chapter examines how the physical
layer operates. It describes the
most commonly used media for network circuits and explains
the basic technical concepts of
how data are actually transmitted through the media. Three
different types of transmission are
described: digital transmission of digital computer data, analog
transmission of digital computer
data, and digital transmission of analog voice data. You do not
need an engineering-level under-
standing of the topics to be an effective user and manager of
data communication applications.
It is important, however, that you understand the basic
concepts, so this chapter is somewhat
technical.
OBJECTIVES ◾ Be familiar with the different types of network
circuits and media
◾ Understand digital transmission of digital data
◾ Understand analog transmission of digital data
◾ Understand digital transmission of analog data
◾ Be familiar with analog and digital modems
◾ Be familiar with multiplexing

3.2 Circuits
3.2.1 Circuit Configuration
3.2.2 Data Flow
3.2.3 Multiplexing
3.3 Communication Media
3.3.1 Twisted Pair Cable
3.3.2 Coaxial Cable
3.3.3 Fiber-Optic Cable
3.3.4 Radio
3.3.5 Microwave
3.3.6 Satellite
3.3.7 Media Selection
3.4 Digital Transmission of Digital Data
3.4.1 Coding
3.4.2 Transmission Modes
3.4.3 Digital Transmission
3.4.4 How Ethernet Transmits Data
3.5 Analog Transmission of Digital Data
3.5.1 Modulation
3.5.2 Capacity of a Circuit
3.5.3 How Modems Transmit Data
3.6 Digital Transmission of Analog Data
3.6.1 Translating from Analog to Digital
3.6.2 How Telephones Transmit Voice Data
3.6.3 How Instant Messenger Transmits Voice
Data
3.6.4 Voice over Internet Protocol (VoIP)

Summary
3.1 INTRODUCTION
This chapter examines how the physical layer operates. The
physical layer is the network hardware
including servers, clients, and circuits, but in this chapter we
focus on the circuits and on how
clients and servers transmit data through them. The circuits are
usually a combination of both
physical media (e.g., cables, wireless transmissions) and
special-purpose devices that enable the
transmissions to travel through the media. Special-purpose
devices such as switches and routers
are discussed in Chapters 6 and 8.
57
�
� �
�
58 Chapter 3 Physical Layer
The word circuit has two very different meanings in networking,
and sometimes it is hard to
understand which meaning is intended. Sometimes, we use the
word circuit to refer to the physical
circuit—the actual wire—used to connect two devices. In this
case, we are referring to the physical
media that carry the message we transmit, such as the twisted
pair wire used to connect a computer

to the LAN in an office. In other cases, we are referring to a
logical circuit used to connect two
devices, which refers to the transmission characteristics of the
connection, such as when we say a
company has a T1 connection into the Internet. In this case, T1
refers not to the physical media
(i.e., what type of wire is used) but rather to how fast data can
be sent through the connection.
Often, each physical circuit is also a logical circuit, but
sometimes it is possible to have one physical
circuit—one wire—carry several separate logical circuits, or to
have one logical circuit travel over
several physical circuits.
There are two fundamentally different types of data that can
flow through the circuit: digital
and analog. Computers produce digital data that are binary,
either on or off, 0 or 1. In contrast,
telephones produce analog data whose electrical signals are
shaped like the sound waves they
transfer; they can take on any value in a wide range of
possibilities, not just 0 or 1.
Data can be transmitted through a circuit in the same form they
are produced. Most comput-
ers, for example, transmit their digital data through digital
circuits to printers and other attached
devices. Likewise, analog voice data can be transmitted through
telephone networks in analog
form. In general, networks designed primarily to transmit
digital computer data tend to use digi-
tal transmission, and networks designed primarily to transmit
analog voice data tend to use analog
transmission (at least for some parts of the transmission).
Data can be converted from one form into the other for

transmission over network circuits.
For example, digital computer data can be transmitted over an
analog telephone circuit by using
a modem. A modem at the sender’s computer translates the
computer’s digital data into analog
data that can be transmitted through the voice communication
circuits, and a second modem at
the receiver’s end translates the analog transmission back into
digital data for use by the receiver’s
computer.
Likewise, it is possible to translate analog voice data into
digital form for transmission over
digital computer circuits using a device called a codec. Once
again, there are two codecs, one at the
sender’s end and one at the receiver’s end. Why bother to
translate voice into digital? The answer
is that digital transmission is “better” than analog transmission.
Specifically, digital transmission
offers five key benefits over analog transmission:
◾ Digital transmission produces fewer errors than analog
transmission. Because the
transmitted data are binary (only two distinct values), it is
easier to detect and correct
errors.
◾ Digital transmission permits higher maximum transmission
rates. Fiber-optic cable, for
example, is designed for digital transmission.
◾ Digital transmission is more efficient. It is possible to send
more data through a given
circuit using digital rather than analog transmission.
◾ Digital transmission is more secure because it is easier to

encrypt.
◾ Finally, and most importantly, integrating voice, video, and
data on the same circuit is far
simpler with digital transmission.
For these reasons, most long-distance telephone circuits built by
the telephone companies
and other common carriers over the past decades use digital
transmission. In the future, most
transmissions (voice, data, and video) will be sent digitally.
Regardless of whether digital or analog transmission is used,
transmission requires the sender
and receiver to agree on two key parameters. First, they have to
agree on the symbols that will
be used: What pattern of electricity, light, or radio wave will be
used to represent a 0 and a 1.
Once these symbols are set, the sender and receiver have to
agree on the symbol rate: How many
�
� �
�
Circuits 59
symbols will be sent over the circuit per second? Analog and
digital transmissions are different,
but both require a commonly agreed on set of symbols and a
symbol rate.

In this chapter, we first describe the basic types of circuits and
examine the different media
used to build circuits. Then we explain how data are actually
sent through these media using digital
and analog transmissions.
3.2 CIRCUITS
3.2.1 Circuit Configuration
Circuit configuration is the basic physical layout of the circuit.
There are two fundamental circuit
configurations: point-to-point and multipoint. In practice, most
complex computer networks have
many circuits, some of which are point-to-point and some of
which are multipoint.
Figure 3-1 illustrates a point-to-point circuit, which is so named
because it goes from one
point to another (e.g., one computer to another computer).
These circuits sometimes are called
dedicated circuits because they are dedicated to the use of these
two computers. This type of config-
uration is used when the computers generate enough data to fill
the capacity of the communication
circuit. When an organization builds a network using point-to-
point circuits, each computer has
its own circuit running from itself to the other computers. This
can get very expensive, particu-
larly if there is some distance between the computers. Despite
the cost, point-to-point circuits are
used regularly in modern wired networks to connect clients to
switches, switches to switches and
routers, and routers to routers. We will discuss in detail these
circuits in Chapter 7.
Figure 3-2 shows a multipoint circuit (also called a shared
circuit). In this configuration,

many computers are connected on the same circuit. This means
that each must share the circuit
with the others. The disadvantage is that only one computer can
use the circuit at a time. When one
computer is sending or receiving data, all others must wait. The
advantage of multipoint circuits
is that they reduce the amount of cable required and typically
use the available communication
FIGURE 3-1
Point-to-point circuit
Server
Client
computer
Circuit
FIGURE 3-2
Multipoint circuit
Client
computer
Client
computer
Client
computer
Client
computer
Server

�
� �
�
circuit more efficiently. Imagine the number of circuits that
would be required if the network in
Figure 3-2 was designed with separate point-to-point circuits.
For this reason, multipoint configu-
rations are cheaper than point-to-point circuits. Thus,
multipoint circuits typically are used when
each computer does not need to continuously use the entire
capacity of the circuit or when build-
ing point-to-point circuits is too expensive. Wireless circuits
are almost always multipoint circuits
because multiple computers use the same radio frequencies and
must take turns transmitting.
3.2.2 Data Flow
Circuits can be designed to permit data to flow in one direction
or in both directions. Actually,
there are three ways to transmit: simplex, half-duplex, and full-
duplex (Figure 3-3).
Simplex transmission is one-way transmission, such as that with
radios and TVs.
Half-duplex transmission is two-way transmission, but you can
transmit in only one direc-
tion at a time. A half-duplex communication link is similar to a
walkie-talkie link; only one com-

puter can transmit at a time. Computers use control signals to
negotiate that will send and that will
receive data. The amount of time half-duplex communication
takes to switch between sending and
receiving is called turnaround time (also called retrain time or
reclocking time). The turnaround
time for a specific circuit can be obtained from its technical
specifications (often between 20 and
50 milliseconds). Europeans sometimes use the term simplex
circuit to mean a half-duplex circuit.
With full-duplex transmission, you can transmit in both
directions simultaneously, with no
turnaround time.
How do you choose which data flow method to use? Obviously,
one factor is the application.
If data always need to flow only in one direction (e.g., from a
remote sensor to a host computer),
then simplex is probably the best choice. In most cases,
however, data must flow in both directions.
The initial temptation is to presume that a full-duplex channel is
best; however, each circuit
has only so much capacity to carry data. Creating a full-duplex
circuit means that the circuit offers
full capacity both ways simultaneously. In some cases, it makes
more sense to build a set of simplex
circuits in the same way a set of one-way streets can increase
the speed of traffic. In other cases, a
half-duplex circuit may work best. For example, terminals
connected to mainframes often transmit
data to the host, wait for a reply, transmit more data, and so on,
in a turn-taking process; usually,
traffic does not need to flow in both directions simultaneously.
Such a traffic pattern is ideally

suited to half-duplex circuits.
3.2.3 Multiplexing
Multiplexing means to break one high-speed physical
communication circuit into several
lower-speed logical circuits so that many different devices can
simultaneously use it but still
FIGURE 3-3
Simplex, half-duplex,
and full-duplex
transmissions
Client
computer
Server
Simplex
Half-duplex
Full-duplex
�
� �
�
Circuits 61
FIGURE 3-4
Multiplexed circuit

Server
Circuit
Four client
computers
Four-level
multiplexer
Four-level
multiplexer
“think” that they have their own separate circuits (the
multiplexer is “transparent”). It is
multiplexing without multiplexing, the Internet would have
collapsed in the 1990s.
Multiplexing often is done in multiples of 4 (e.g., 8, 16). Figure
3-4 shows a four-level mul-
tiplexed circuit. Note that two multiplexers are needed for each
circuit: one to combine the four
original circuits into the one multiplexed circuit and one to
separate them back into the four sep-
arate circuits.
The primary benefit of multiplexing is to save money by
reducing the amount of cable or the
number of network circuits that must be installed. For example,
if we did not use multiplexers in
Figure 3-4, we would need to run four separate circuits from the
clients to the server. If the clients
were located close to the server, this would be inexpensive.
However, if they were located several
miles away, the extra costs could be substantial.

There are four types of multiplexing: frequency division
multiplexing (FDM), time division
multiplexing (TDM), statistical time division multiplexing
(STDM), and wavelength division
multiplexing (WDM).
FDM can be described as dividing the circuit “horizontally” so
that many signals can travel
a single communication circuit simultaneously. The circuit is
divided into a series of separate
channels, each transmitting on a different frequency, much like
a series of different radio or TV
stations. All signals exist in the media at the same time, but
because they are on different frequen-
cies, they do not interfere with each other.
TDM shares a communication circuit among two or more
computers by having them take
turns, dividing the circuit vertically, so to speak.
STDM is the exception to the rule that the capacity of the
multiplexed circuit must equal
the sum of the circuits it combines. STDM allows more
terminals or computers to be connected
to a circuit than does FDM or TDM. If you have four computers
connected to a multiplexer
and each can transmit at 64 Kbps, then you should have a circuit
capable of transmitting
256 Kbps (4 × 64 Kbps). However, not all computers will be
transmitting continuously at their
maximum transmission speed. Users typically pause to read
their screens or spend time typing
at lower speeds. Therefore, you do not need to provide a speed
of 256 Kbps on this multiplexed
circuit. If you assume that only two computers will ever

transmit at the same time, 128 Kbps will
be enough. STDM is called statistical because selection of
transmission speed for the multiplexed
circuit is based on a statistical analysis of the usage
requirements of the circuits to be multiplexed.
WDM is a version of FDM used in fiber-optic cables. When
fiber-optic cables were first devel-
oped, the devices attached to them were designed to use only
one color of light generated by a laser
or LED.
Light has different frequencies (i.e., colors), so rather than
building devices to transmit using
only one color, why not send multiple signals, each in a
different frequency, through the same
fiber-optic cable? By simply attaching different devices that
could transmit in the full spectrum
of light rather than just one frequency, the capacity of the
existing fiber-optic cables could be
dramatically increased, with no change to the physical cables
themselves.
�
� �
�
MANAGEMENT
FOCUS

3-1 Structured Cabling EIA/TIA 568-B
In 1995, the Telecommunications Industry Association
(TIA) and Electronic Industries Alliance (EIA) came up
with the first standard to create structured cabling, called
TIA/EIA 568-A. This standard defined the minimum
requirements for internal telecommunications wiring
within buildings and between buildings on one campus.
This standard was updated and changed many times, and
today the accepted standard is TIA/EIA 568-B, which came
out in 2002. This standard has six subsystems:
1. Building entrance: the point where external
cabling and wireless connects to the internal
building wiring and equipment room
2. Equipment room (ER): the room where network
servers and telephone equipment would be stored
3. Telecommunications closet: the room that contains
the cable termination points and the distribution
frames
4. Backbone cabling: the cabling that interconnects
telecommunication closets, equipment rooms,
and building entrances within a building; also,
this refers to cabling between buildings
5. Horizontal cabling: the cabling that runs from
the telecommunications closet to each LAN
6. Work area: the cabling where the computers, print-
ers, patch cables, jacks, and so on, are located
This standard describes what the master cabling doc-

ument should look like (which would describe each of the
six areas discussed previously) and applies for both twisted
pair and fiber-optic cabling.
MANAGEMENT
FOCUS
3-2 Undersea Fiber-Optic Cables
Perhaps you were wondering what happens when you
send an email from the United States to Europe. How is
your email transmitted from one continent to another? It
most likely travels through one of the submarine cables
that connect America and Europe. A neat interactive
submarine cable map can be found at http://www.
submarinecablemap.com/.
This map shows you each cable’s name, ready-for-
service (RFS) date, length, owners, website (if any), and
landing points. Each cable on this map has a capacity of at
least 5 Gbps.
Actually, the first submarine telecommunication cable
was laid in the 1850s and carried telegraphy traffic. Today,
we use fiber-optic cable that carries phone, Internet, and
private data as digital data.
So now you may ask yourself, how do these cables
get laid on the seabed? Submarine cables are laid using
special cable-layer ships—these are factories that produce
the cable on board and then have equipment to lay and
bury the cable. The cable-layer ships get as close as pos-
sible to the shore where the cable will be connected. A
messenger line is sent out from the ship using a work boat

that takes it to the shore.
Once the cable is secured on shore, the installation
process under the sea can begin. A 30 ton sea plow with the
cable in it (think about a needle and thread) is then tossed
overboard and lands on the seabed. The plow then buries
the cable under the sea bed at a required burial depth (up
to 3 meters). The simultaneous lay-and-bury of the cable
continues until an agreed position, after which the cable is
surface laid until reaching its destination. Here is a video
that illustrates this: https://www.youtube.com/watch?v=
Gsoo_BOwrrM
http://www.submarinecablemap.com/
http://www.submarinecablemap.com/
https://www.youtube.com/watch?v=Gsoo_BOwrrM
https://www.youtube.com/watch?v=Gsoo_BOwrrM
�
� �
�
Communication Media 63
One technology that you may have come across that uses
multiplexing is DSL. DSL stands for
digital subscriber line, and it allows for simultaneous
transmission of voice (phone calls), data
going to the Internet (called upstream data), and data coming to
your house from the Internet
(called downstream data). With DSL, a DSL modem is installed
at the customer’s home or office,
and another DSL modem is installed at the telephone company

switch closet. The modem is first
an FDM device that splits the physical circuit into three logical
circuits (phone, upstream data,
and downstream data). TDM is then used within the two data
channels to provide a set of one
or more individual channels that can be used to carry different
data. A combination of amplitude
and phase modulation is used in the data circuits to provide the
desired data rate. You will learn
more about DSL in Chapter 10.
3.3 COMMUNICATION MEDIA
The medium (or media, if there is more than one) is the physical
matter or substance that carries
the voice or data transmission. Many different types of
transmission media are currently in use,
such as copper (wire), glass or plastic (fiber-optic cable), or air
(radio, microwave, or satellite).
There are two basic types of media. Guided media are those in
which the message flows through
a physical medium such as a twisted pair wire, coaxial cable, or
fiber-optic cable; the medium
“guides” the signal. Wireless media are those in which the
message is broadcast through the air,
such as microwave or satellite.
In many cases, the circuits used in WANs are provided by the
various common carriers who
sell usage of them to the public. We call the circuits sold by the
common carriers communication
services. Chapter 9 describes specific services available in
North America. The following sections
describe the medium and the basic characteristics of each circuit
type, in the event you were estab-
lishing your own physical network, whereas Chapter 9 describes
how the circuits are packaged and

marketed for purchase or lease from a common carrier. If your
organization has leased a circuit
from a common carrier, you are probably less interested in the
media used and more interested in
whether the speed, cost, and reliability of the circuit meet your
needs.
3.3.1 Twisted Pair Cable
One of the most commonly used types of guided media is
twisted pair cable, insulated pairs
of wires that can be packed quite close together (Figure 3-5).
The wires usually are twisted to
minimize the electromagnetic interference between one pair and
any other pair in the bundle.
Your house or apartment probably has a set of two twisted pair
wires (i.e., four wires) from it to
FIGURE 3-5
Category 5e twisted
pair wire
Source: Courtesy of Belkin
International, Inc
�
� �
�
the telephone company network. One pair is used to connect
your telephone; the other pair is a
spare that can be used for a second telephone line. The twisted

pair cable used in LANs are usually
packaged as four sets of pairs, as shown in Figure 3-5, whereas
bundles of several thousand wire
pairs are placed under city streets and in large buildings. The
specific types of twisted pair cable
used in LANs, such as Cat 5e and Cat 6, are discussed in
Chapter 7.
3.3.2 Coaxial Cable
Coaxial cable is a type of guided medium that is quickly
disappearing (Figure 3-6). Coaxial cable
has a copper core (the inner conductor) with an outer cylindrical
shell for insulation. The outer
shield, just under the shell, is the second conductor. Because
they have additional shielding pro-
vided by their multiple layers of material, coaxial cables are
less prone to interference and errors
than basic low-cost twisted pair wires. Coaxial cables cost
about three times as much as twisted
pair wires but offer few additional benefits other than better
shielding. One can also buy specially
shielded twisted pair wire that provides the same level of
quality as coaxial cable but at half its cost.
For this reason, few companies are installing coaxial cable
today, although some still continue to
use existing coaxial cable that was installed years ago.
3.3.3 Fiber-Optic Cable
Although twisted pair is the most common type of guided
medium, fiber-optic cable also is
becoming widely used. Instead of carrying telecommunication
signals in the traditional electrical
form, this technology uses high-speed streams of light pulses
from lasers or LEDs (light-emitting
diodes) that carry information inside hair-thin strands of glass
called optical fibers. Figure 3-7

shows a fiber-optic cable and depicts the optical core, the
cladding (metal coating), and how light
rays travel in optical fibers.
The earliest fiber-optic systems were multimode, meaning that
the light could reflect inside
the cable at many different angles. Multimode cables are
plagued by excessive signal weakening
(attenuation) and dispersion (spreading of the signal so that
different parts of the signal arrive at
different times at the destination). For these reasons, early
multimode fiber was usually limited
to about 500 meters. Graded-index multimode fiber attempts to
reduce this problem by changing
the refractive properties of the glass fiber so that as the light
approaches the outer edge of the fiber,
it speeds up, which compensates for the slightly longer distance
it must travel compared with light
in the center of the fiber. Therefore, the light in the center is
more likely to arrive at the same time
as the light that has traveled at the edges of the fiber. This
increases the effective distance to just
under 1,000 meters.
FIGURE 3-6
Coaxial cables. Thinnet
and Thicknet Ethernet
cables (right)—1. center
core, 2. dielectric insu-
lator, 3. metallic shield,
4. plastic jacket and
cross-sectional view (left)
Source: Courtesy of Tim
Kloske
Insulator

Second conductor
4
2
1
3
Outer cylindrical shell
Inner conductor
�
� �
�
Core
Buffer
Aramid yarn
Jacket
Cladding
Step index (multimode)

Graded index (multimode)
Single mode
Source
Light
rays
FIGURE 3-7 Fiber-optic cable
Source: © Hugh Threlfall/Alamy
Single-mode fiber-optic cables transmit a single direct beam of
light through a cable that
ensures the light reflects in only one pattern, in part because the
core diameter has been reduced
from 50 microns to about 5–10 microns. This smaller-diameter
core allows the fiber to send a
more concentrated light beam, resulting in faster data
transmission speeds and longer distances,
often up to 100 kilometers. However, because the light source
must be perfectly aligned with the
cable, single-mode products usually use lasers (rather than the
LEDs used in multimode systems)
and therefore are more expensive.
Fiber-optic technology is a revolutionary departure from the
traditional copper wires of
twisted pair cable or coaxial cable. One of the main advantages
of fiber optics is that it can carry
huge amounts of information at extremely fast data rates. This
capacity makes it ideal for the
simultaneous transmission of voice, data, and image signals. In
most cases, fiber-optic cable
works better under harsh environmental conditions than do its
metallic counterparts. It is not
as fragile or brittle, it is not as heavy or bulky, and it is more

resistant to corrosion. Also, in case
of fire, an optical fiber can withstand higher temperatures than
can copper wire. Even when the
outside jacket surrounding the optical fiber has melted, a fiber-
optic system still can be used.
3.3.4 Radio
One of the most commonly used forms of wireless media is
radio; when people used the term
wireless, they usually mean radio transmission. When you
connect your laptop into the net-
work wirelessly, you are using radio transmission. Radio data
transmission uses the same basic
principles as standard radio transmission. Each device or
computer on the network has a radio
receiver/transmitter that uses a specific frequency range that
does not interfere with commercial
radio stations. The transmitters are very low power, designed to
transmit a signal only a short
distance, and are often built into portable computers or
handheld devices such as phones and per-
sonal digital assistants. Wireless technologies for LAN
environments, such as IEEE 802.1x, are
discussed in more detail in Chapter 7.
�
� �
�
MANAGEMENT

FOCUS
3-3 Boingo Hot Spots Around the World
Perhaps you have come across Boingo while trying to find a
wireless connection in an airport between flights. Boingo is
a wireless Internet service provider (WISP) that is different
than many free wifi connections that you can get at air-
ports or coffee shops because it offers a secure connection
(specifically, a VPN or WPA service that can be configured
on your device, but more about this in Chapter 11). This
secure connection is now offered in 7,000 U.S. locations
and 13,000 international locations and as in-flight wifi on
some international carriers.
Their monthly rates start at $9.95 for mobile devices
and $39 for global access for 4 devices and 2,000 minutes.
Boingo also offers 1-, 2-, and 3-hour plans in case you don’t
travel frequently and don’t need a monthly subscription.
To find Boingo hot spots, you need to download an app on
your phone or laptop, and the app will alert you if there is
an available wifi connection in your area. The app will even
chart a graph that will show you signal strength in real time.
Adapted from: Boingo.com, cnet.com
3.3.5 Microwave
Microwave transmission is an extremely high-frequency radio
communication beam that is
transmitted over a direct line-of-sight path between any two
points. As its name implies, a
microwave signal is an extremely short wavelength, thus the
word micro-wave. Microwave radio
transmissions perform the same functions as cables. For
example, point A communicates with

point B via a through-the-air microwave transmission path,
instead of a copper wire cable.
Because microwave signals approach the frequency of visible
light waves, they exhibit many of
the same characteristics as light waves, such as reflection,
focusing, or refraction. As with visible
light waves, microwave signals can be focused into narrow,
powerful beams that can be projected
over long distances. Just as a parabolic reflector focuses a
searchlight into a beam, a parabolic
reflector also focuses a high-frequency microwave into a narrow
beam. Towers are used to elevate
the radio antennas to account for the earth’s curvature and
maintain a clear line-of-sight path
between the two parabolic reflectors (see Figure 3-8).
This transmission medium is typically used for long-distance
data or voice transmission. It
does not require the laying of any cable, because long-distance
antennas with microwave repeater
stations can be placed approximately 25–50 miles apart. A
typical long-distance antenna might
be 10 feet wide, although over shorter distances in the inner
cities, the dish antennas can be less
than 2 feet in diameter. The airwaves in larger cities are
becoming congested because so many
microwave dish antennas have been installed that they interfere
with one another.
3.3.6 Satellite
Satellite transmission is similar to microwave transmission,
except instead of transmission
involving another nearby microwave dish antenna, it involves a
satellite many miles up in
space. Figure 3-9 depicts a geosynchronous satellite.
Geosynchronous means that the satellite

remains stationary over one point on the earth. One
disadvantage of satellite transmission is
the propagation delay that occurs because the signal has to
travel out into space and back to
earth, a distance of many miles that even at the speed of light
can be noticeable. Low earth orbit
(LEO) satellites are placed in lower orbits to minimize
propogation delay. Satellite transmission
is sometimes also affected by raindrop attenuation when
satellite transmissions are absorbed by
heavy rain. It is not a major problem, but engineers need to
work around it.
http://Boingo.com
http://cnet.com
�
� �
�
FIGURE 3-8
A microwave tower.
The round antennas
are microwave
antennas and the
straight antennas are
cell phone antennas
Source: © Matej Pribelsky /
iStockphoto
FIGURE 3-9

Satellites in operation
Satellite revolving at
the same speed as
the earth's rotation
�
� �
�
MANAGEMENT
FOCUS
3-4 Satellite Communications Improve Performance
Boyle Transportation hauls hazardous materials nation-
wide for both commercial customers and the government,
particularly the U.S. Department of Defense. The Depart-
ment of Defense recently mandated that hazardous
materials contractors use mobile communications systems
with up-to-the-minute monitoring when hauling the
department’s hazardous cargoes.
After looking at the alternatives, Boyle realized that it
would have to build its own system. Boyle needed a rela-
tional database at its operations center that contained infor-
mation about customers, pickups, deliveries, truck loca-
tion, and truck operating status. Data are distributed from
this database via satellite to an antenna on each truck. Now,

at any time, Boyle can notify the designated truck to make
a new pickup via the bidirectional satellite link and record
the truck’s acknowledgment.
Each truck contains a mobile data terminal connected
to the satellite network. Each driver uses a keyboard to
enter information, which transmits the location of the
truck. These satellite data are received by the main offices
via a leased line from the satellite earth station.
This system increased productivity by an astounding
80% over 2 years; administration costs increased by
only 20%.
Interested finding out more about how satellite com-
munication works? Watch this video: https://www.youtube
.com/watch?v=hXa3bTcIGPU
3.3.7 Media Selection
Which media are best? It is hard to say, particularly when
manufacturers continue to improve
various media products. Several factors are important in
selecting media.
◾ The type of network is one major consideration. Some media
are used only for WANs
(microwaves and satellite), whereas others typically are not
(twisted pair, coaxial cable,
and radio), although we should note that some old WAN
networks still use twisted pair
cable. Fiber-optic cable is unique in that it can be used for
virtually any type of network.
◾ Cost is always a factor in any business decision. Costs are
always changing as new

technologies are developed and as competition among vendors
drives prices down.
Among the guided media, twisted pair wire is generally the
cheapest, coaxial cable is
somewhat more expensive, and fiber-optic cable is the most
expensive. The cost of the
wireless media is generally driven more by distance than any
other factor. For very short
distances (several hundred meters), radio is the cheapest; for
moderate distances (several
hundred miles), microwave is the cheapest; and for long
distances, satellite is the cheapest.
◾ Transmission distance is a related factor. Twisted pair wire
coaxial cable and radio can
transmit data only a short distance before the signal must be
regenerated. Twisted pair
wire and radio typically can transmit up to 100–300 meters and
coaxial cable typically
between 200 and 500 meters. Fiber optics can transmit up to 75
miles, and new types of
fiber-optic cable can reach more than 600 miles.
◾ Security is primarily determined by whether the media are
guided or wireless. Wireless
media (radio, microwave, and satellite) are the least secure
because their signals are easily
intercepted. Guided media (twisted pair, coaxial, and fiber
optics) are more secure, with
fiber optics being the most secure.
◾ Error rates are also important. Wireless media are most
susceptible to interference and
thus have the highest error rates. Among the guided media, fiber
optics provides the
lowest error rates, coaxial cable the next best, and twisted pair

cable the worst, although
twisted pair cable is generally better than the wireless media.
https://www.youtube.com/watch?v=hXa3bTcIGPU
https://www.youtube.com/watch?v=hXa3bTcIGPU
�
� �
�
Digital Transmission of Digital Data 69
◾ Transmission speeds vary greatly among the different media.
It is difficult to quote specific
speeds for different media because transmission speeds are
constantly improving and
because they vary within the same type of media, depending on
the specific type of cable
and the vendor. In general, twisted pair cable and coaxial cable
can provide data rates of
between 1 Mbps (1 million bits per second) and 1 Gbps (1
billion bits per second),
whereas fiber-optic cable ranges between 1 Gbps and 40 Gbps.
Radio, microwave, and
satellite generally provide 10–100 Mbps.
3.4 DIGITAL TRANSMISSION OF DIGITAL DATA
All computer systems produce binary data. For these data to be
understood by both the sender and
receiver, both must agree on a standard system for representing
the letters, numbers, and symbols
that compose messages. The coding scheme is the language that
computers use to represent data.

3.4.1 Coding
A character is a symbol that has a common, constant meaning.
A character might be the letter A
or B, or it might be a number such as 1 or 2. Characters also
may be special symbols such as ? or
&. Characters in data communications, as in computer systems,
are represented by groups of bits
that are binary zeros (0) and ones (1). The groups of bits
representing the set of characters that are
the “alphabet” of any given system are called a coding scheme,
or simply a code.
A byte is a group of consecutive bits that is treated as a unit or
character. One byte normally is
composed of 8 bits and usually represents one character;
however, in data communications, some
codes use 5, 6, 7, 8, or 9 bits to represent a character. For
example, representation of the character
A by a group of 8 bits (say, 01 000 001) is an example of
coding.
There are three predominant coding schemes in use today.
United States of America Stan-
dard Code for Information Interchange (USASCII, or, more
commonly, ASCII) is the most popular
code for data communications and is the standard code on most
microcomputers. There are two
types of ASCII; one is a 7-bit code that has 128 valid character
combinations, and the other is an
8-bit code that has 256 combinations. The number of
combinations can be determined by taking
the number 2 and raising it to the power equal to the number of
bits in the code because each bit
has two possible values, a 0 or a 1. In this case 27 = 128
characters or 28 = 256 characters.

A second commonly used coding scheme is ISO 8859, which is
standardized by the Inter-
national Standards Organization. ISO 8859 is an 8-bit code that
includes the ASCII codes plus
non-English letters used by many European languages (e.g.,
letters with accents). If you look
closely at Figure 2.21, you will see that HTML often uses ISO
8859.
Unicode is the other commonly used coding scheme. There are
many different versions of
Unicode. UTF-8 is an 8-bit version, which is very similar to
ASCII. UTF-16, which uses 16 bits
per character (i.e., 2 bytes, called a “word”), is used by
Windows. By using more bits, UTF-16 can
represent many more characters beyond the usual English or
Latin characters, such as Cyrillic or
Chinese.
We can choose any pattern of bits we like to represent any
character we like, as long as all
computers understand what each bit pattern represents. Figure
3-10 shows the 8-bit binary bit
patterns used to represent a few of the characters we use in
ASCII.
3.4.2 Transmission Modes
Parallel Parallel transmission is the way the internal transfer of
binary data takes place inside a
computer. If the internal structure of the computer is 8 bit, then
all 8 bits of the data element are
�

� �
�
FIGURE 3-10
Binary numbers used
to represent different
characters using ASCII
Character ASCII
A 01000001
B 01000010
C 01000011
D 01000100
E 01000101
a 01100001
b 01100010
c 01100011
d 01100100
e 01100101
1 00110001

2 00110010
3 00110011
4 00110100
! 00100001
$ 00100100
transferred between main memory and the central processing
unit simultaneously on 8 separate
connections. The same is true of computers that use a 32-bit
structure; all 32 bits are transferred
simultaneously on 32 connections.
TECHNICAL
FOCUS
3-1 Basic Electricity
There are two general categories of electrical current:
direct current and alternating current. Current is the
movement or flow of electrons, normally from positive (+)
to negative (−). The plus (+) or minus (−) measurements
are known as polarity. Direct current (DC) travels in only
one direction, whereas alternating current (AC) travels first
in one direction and then in the other direction.
A copper wire transmitting electricity acts like a
hose transferring water. We use three common terms
when discussing electricity. Voltage is defined as electrical
pressure—the amount of electrical force pushing electrons
through a circuit. In principle, it is the same as pounds per

square inch in a water pipe. Amperes (amps) are units of
electrical flow, or volume. This measure is analogous to
gallons per minute for water. The watt is the fundamental
unit of electrical power. It is a rate unit, not a quantity. You
obtain the wattage by multiplying the volts by the amperes.
Want to learn more? Here is an introductory video
about electricity: https://www.youtube.com/watch?v=EJe
AuQ7pkpc.
Figure 3-11 shows how all 8 bits of one character could travel
down a parallel communica-
tion circuit. The circuit is physically made up of eight separate
wires, wrapped in one outer coating.
Each physical wire is used to send 1 bit of the 8-bit character.
However, as far as the user is con-
cerned (and the network for that matter), there is only one
circuit; each of the wires inside the
cable bundle simply connects to a different part of the plug that
connects the computer to the
bundle of wire.
Serial Serial transmission means that a stream of data is sent
over a communication circuit
sequentially in a bit-by-bit fashion, as shown in Figure 3-12. In
this case, there is only one physical
wire inside the bundle, and all data must be transmitted over
that one physical wire. The transmit-
ting device sends one bit, then a second bit, and so on, until all
the bits are transmitted. It takes n
https://www.youtube.com/watch?v=EJeAuQ7pkpc
https://www.youtube.com/watch?v=EJeAuQ7pkpc
�

� �
�
Digital Transmission of Digital Data 71
FIGURE 3-11
Parallel transmission
of an 8-bit code
0
1
0
1
0
1
1
0
Circuit
(eight copper wires)
ReceiverSender
One character
consisting
of 8 parallel
bits
FIGURE 3-12
Serial transmission of
an 8-bit code
Circuit
(one copper wire)

ReceiverSender 0110 1 10 0
One character consisting
of 8 serial bits
iterations or cycles to transmit n bits. Thus, serial transmission
is considerably slower than parallel
transmission—eight times slower in the case of 8-bit ASCII
(because there are 8 bits). Compare
Figure 3-12 with Figure 3-11.
3.4.3 Digital Transmission
Digital transmission is the transmission of binary electrical or
light pulses in that it only has two
possible states, a 1 or a 0. The most commonly encountered
voltage levels range from a low of
+3/−3 to a high of +24/−24 volts. Digital signals are usually
sent over wire of no more than a few
thousand feet in length.
All digital transmission techniques require a set of symbols (to
define how to send a 1 and
a 0) and the symbol rate (how many symbols will be sent per
second).
Figure 3-13 shows five types of digital transmission techniques.
With unipolar signaling, the
voltage is always positive or negative (like a DC current).
Figure 3-13 illustrates a unipolar tech-
nique in which a signal of 0 volts (no current) is used to
transmit a zero and a signal of +5 volts is
used to transmit a 1.
An obvious question at this point is this: If 0 volts means a
zero, how do you send no data?

This is discussed in detail in Chapter 4. For the moment, we
will just say that there are ways to
indicate when a message starts and stops, and when there are no
messages to send, the sender and
receiver agree to ignore any electrical signal on the line.
To successfully send and receive a message, both the sender and
receiver have to agree on
how often the sender can transmit data—that is, on the symbol
rate. For example, if the symbol
rate on a circuit is 64 kilo Hertz (kHz) (64,000 symbols per
second), then the sender changes the
voltage on the circuit once every 1∕64,000 of a second and the
receiver must examine the circuit
every 1∕64,000 of a second to read the incoming data.
In bipolar signaling, the ones and zeros vary from a plus voltage
to a minus voltage (like
an AC current). The first bipolar technique illustrated in Figure
3-13 is called nonreturn to zero
(NRZ) because the voltage alternates from+5 volts (a symbol
indicating a 1) to−5 volts (a symbol
indicating a 0) without ever returning to 0 volts. The second
bipolar technique in this figure is
called return to zero (RZ) because it always returns to 0 volts
after each bit before going to+5 volts
(the symbol for a 1) or −5 volts (the symbol for a 0). The third
bipolar technique is called alternate
�
� �
�

FIGURE 3-13
Unipolar, bipolar, and
Manchester signals
(digital)
0V
+5V
–5V
Unipolar
0 0 1 1 0 1 0 0 0 1 0
0V
+5V
–5V
Bipolar:
nonreturn to
zero (NRZ)
voltage
Bipolar:
alternate mark
inversion (AMI)
0 0 1 1 0 1 0 0 0 1 0
0V

+5V
–5V
Bipolar:
return to
zero (RZ)
voltage
0 0 1 1 0 1 0 0 0 1 0
0V
+5V
–5V
0 0 1 1 0 1 0 0 0 1 0
0V
+2V
–2V
Manchester
encoding
0 0 1 1 0 1 0 0 0 1 0
mark inversion (AMI) because a 0 is always sent using 0 volts,
but 1s alternate between +5 volts
and −5 volts. AMI is used on T1 and T3 circuits. In Europe,
bipolar signaling sometimes is called
double current signaling because you are moving between a

positive and negative voltage potential.
In general, bipolar signaling experiences fewer errors than
unipolar signaling because the
symbols are more distinct. Noise or interference on the
transmission circuit is less likely to cause
the bipolar’s +5 volts to be misread as a −5 volts than it is to
cause the unipolar’s 0 volts to be
misread as a +5 volts. This is because changing the polarity of a
current (from positive to negative,
or vice versa) is more difficult than changing its magnitude.
3.4.4 How Ethernet Transmits Data
The most common technology used in LANs is Ethernet; if you
are working in a computer lab on
campus, you are most likely using Ethernet. Ethernet uses
digital transmission over either serial
or parallel circuits, depending on which version of Ethernet you
use. One version of Ethernet that
uses serial transmission requires 1/10,000,000 of a second to
send one symbol; that is, it trans-
mits 10 million symbols (each of 1 bit) per second. This gives a
data rate of 10 Mbps, and if we
assume that there are 8 bits in each character, this means that
about 1.25 million characters can
be transmitted per second in the circuit.
Ethernet uses Manchester encoding, which is a special type of
bipolar signaling in which
the signal is changed from high to low or from low to high in
the middle of the signal. A change
�

� �
�
Analog Transmission of Digital Data 73
from high to low is used to represent a 0, whereas the opposite
(a change from low to high) is
used to represent a 1 (see Figure 3-13). Manchester encoding is
less susceptible to having errors
go undetected, because if there is no transition in midsignal, the
receiver knows that an error must
have occurred.
3.5 ANALOG TRANSMISSION OF DIGITAL DATA
Telephone networks were originally built for human speech
rather than for data. They were
designed to transmit the electrical representation of sound
waves, rather than the binary data
used by computers. There are many occasions when data need to
be transmitted over a voice
communications network. Many people working at home still
use a modem over their telephone
line to connect to the Internet.
The telephone system (commonly called POTS for plain old
telephone service) enables voice
communication between any two telephones within its network.
The telephone converts the sound
waves produced by the human voice at the sending end into
electrical signals for the telephone
network. These electrical signals travel through the network
until they reach the other telephone
and are converted back into sound waves.
Analog transmission occurs when the signal sent over the

transmission media continuously
varies from one state to another in a wave-like pattern much
like the human voice. Modems
translate the digital binary data produced by computers into the
analog signals required by voice
transmission circuits. One modem is used by the transmitter to
produce the analog signals and a
second by the receiver to translate the analog signals back into
digital signals.
The sound waves transmitted through the voice circuit have
three important characteristics
(see Figure 3-14). The first is the height of the wave, called
amplitude. Amplitude is measured in
decibels (dB). Our ears detect amplitude as the loudness or
volume of sound. Every sound waves
has two parts, half above the zero amplitude point (i.e.,
positive) and half below (i.e., negative),
and both halves are always the same height.
The second characteristic is the length of the wave, usually
expressed as the number of waves
per second, or frequency. Frequency is expressed in hertz (Hz).
Our ears detect frequency as the
pitch of the sound. Frequency is the inverse of the length of the
sound wave, so that a high fre-
quency means that there are many short waves in a 1-second
interval, whereas a low frequency
means that there are fewer (but longer) waves in 1 second.
The third characteristic is the phase, which refers to the
direction in which the wave begins.
Phase is measured in the number of degrees (∘ ). The wave in
Figure 3-14 starts up and to the
right, which is defined as a 0∘ phase wave. Waves can also
start down and to the right (a 180∘

phase wave), and in virtually any other part of the sound wave.
3.5.1 Modulation
When we transmit data through the telephone lines, we use the
shape of the sound waves we
transmit (in terms of amplitude, frequency, and phase) to
represent different data values. We do
this by transmitting a simple sound wave through the circuit
(called the carrier wave) and then
changing its shape in different ways to represent a 1 or a 0.
Modulation is the technical term used
to refer to these “shape changes.” There are three fundamental
modulation techniques: amplitude
modulation (AM), frequency modulation, and phase modulation.
Once again, the sender and
receiver have to agree on what symbols will be used (what
amplitude, frequency, and phase will
represent a 1 and a 0) and on the symbol rate (how many
symbols will be sent per second).
Basic Modulation With AM (also called amplitude shift keying
[ASK]), the amplitude or
height of the wave is changed. One amplitude is the symbol
defined to be 0, and another amplitude
is the symbol defined to be a 1. In the AM shown in Figure 3-
15, the highest amplitude symbol
�
� �
�

FIGURE 3-14
Sound wave Amplitude
Phase
0
Wavelength
FIGURE 3-15
Amplitude
modulation
0 0 1 1 0 1 0 0 0 1 0
Time 1 2 3 4 5 6 7 8 9 10 11
(tallest wave) represents a binary 1 and the lowest amplitude
symbol represents a binary 0. In this
case, when the sending device wants to transmit a 1, it would
send a high-amplitude wave (i.e., a
loud signal). AM is more susceptible to noise (more errors)
during transmission than is frequency
modulation (FM) or phase modulation.
FM (also called frequency shift keying [FSK]) is a modulation
technique whereby each 0
or 1 is represented by a number of waves per second (i.e., a
different frequency). In this case,
the amplitude does not vary. One frequency (i.e., a certain
number of waves per second) is the
symbol defined to be a 1, and a different frequency (a different
number of waves per second) is
the symbol defined to be a 0. In Figure 3-16, the higher
frequency wave symbol (more waves per
time period) equals a binary 1, and the lower frequency wave

symbol equals a binary 0.
Phase modulation (PM) (also called phase shift keying [PSK]) is
the most difficult to under-
stand. Phase refers to the direction in which the wave begins.
Until now, the waves we have shown
start by moving up and to the right (this is called a 0∘ phase
wave). Waves can also start down and
to the right. This is called a phase of 180∘ . With phase
modulation, one phase symbol is defined to
be a 0 and the other phase symbol is defined to be a 1. Figure 3-
17 shows the case where a phase
of 0∘ symbol is defined to be a binary 0 and a phase of 180∘
symbol is defined to be a binary 1.
Sending Multiple Bits Simultaneously Each of the three basic
modulation techniques (AM,
FM, and PM) can be refined to send more than 1 bit at one time.
For example, basic AM sends
1 bit per wave (or symbol) by defining two different amplitudes,
one for a 1 and one for a 0. It is
FIGURE 3-16
Frequency
modulation
0 0 1 1 0 1 0 0 0 1 0
1,200
hertz
2,400
hertz
Time 1 2 3 4 5 6 7 8 9 10 11

�
� �
�
Analog Transmission of Digital Data 75
FIGURE 3-17
Phase modulation
Time 1 2 3 4 5 6 7 8 9 10 11
0 0 1 1 0 1 0 0 0 1 0
FIGURE 3-18
Two-bit amplitude
modulation
Time 1
11
10
01
00
2 3 4 5 6 7 8 9 10 11
00 11 01 00 01 00 10 10 11 01 01
This data took 10 symbols
with 1-bit amplitude modulation
possible to send 2 bits on one wave or symbol by defining four

different amplitudes. Figure 3-18
shows the case where the highest-amplitude wave is defined to
be a symbol representing 2 bits,
both 1s. The next highest amplitude is the symbol defined to
mean first a 1 and then a 0, and so on.
This technique could be further refined to send 3 bits at the
same time by defining eight dif-
ferent symbols, each with different amplitude levels or 4 bits by
defining 16 symbols, each with
different amplitude levels, and so on. At some point, however,
it becomes very difficult to differ-
entiate between the different amplitudes. The differences are so
small that even a small amount of
noise could destroy the signal.
This same approach can be used for FM and PM. Two bits could
be sent on the same symbol
by defining four different frequencies, one for 11, one for 10,
and so on, or by defining four phases
(0∘ , 90∘ , 180∘ , and 270∘ ). Three bits could be sent by
defining symbols with eight frequencies or
eight phases (0∘ , 45∘ , 90∘ , 135∘ , 180∘ , 225∘ , 270∘ , and
315∘ ). These techniques are also subject to
the same limitations as AM; as the number of different
frequencies or phases becomes larger, it
becomes difficult to differentiate among them.
It is also possible to combine modulation techniques—that is, to
use AM, FM, and PM tech-
niques on the same circuit. For example, we could combine AM
with four defined amplitudes
(capable of sending 2 bits) with FM with four defined
frequencies (capable of sending 2 bits) to
enable us to send 4 bits on the same symbol.

One popular technique is quadrature amplitude modulation
(QAM). QAM involves split-
ting the symbol into eight different phases (3 bits) and two
different amplitudes (1 bit), for a total
of 16 different possible values. Thus, one symbol in QAM can
represent 4 bits, while 256-QAM
sends 8 bits per symbol. 64-QAM and 256-QAM are commonly
used in digital TV services and
cable modem Internet services.
Bit Rate versus Baud Rate versus Symbol Rate The terms bit
rate (i.e., the number bits per
second transmitted) and baud rate are used incorrectly much of
the time. They often are used
interchangeably, but they are not the same. In reality, the
network designer or network user is inter-
ested in bits per second because it is the bits that are assembled
into characters, characters into
words and, thus, business information.
�
� �
�
A bit is a unit of information. A baud is a unit of signaling
speed used to indicate the number
of times per second the signal on the communication circuit
changes. Because of the confusion
over the term baud rate among the general public, ITU-T now
recommends the term baud rate

be replaced by the term symbol rate. The bit rate and the symbol
rate (or baud rate) are the same
only when 1 bit is sent on each symbol. For example, if we use
AM with two amplitudes, we send
1 bit on one symbol. Here, the bit rate equals the symbol rate.
However, if we use QAM, we can
send 4 bits on every symbol; the bit rate would be four times the
symbol rate. If we used 64-QAM,
the bit rate would be six times the symbol rate. Virtually all of
today’s modems send multiple bits
per symbol.
3.5.2 Capacity of a Circuit
The data capacity of a circuit is the fastest rate at which you
can send your data over the circuit in
terms of the number of bits per second. The data rate (or bit
rate) is calculated by multiplying the
number of bits sent on each symbol by the maximum symbol
rate. As we discussed in the previous
section, the number of bits per symbol depends on the
modulation technique (e.g., QAM sends
4 bits per symbol).
The maximum symbol rate in any circuit depends on the
bandwidth available and the
signal-to-noise ratio (the strength of the signal compared with
the amount of noise in the circuit).
The bandwidth is the difference between the highest and the
lowest frequencies in a band or set
of frequencies. The range of human hearing is between 20 Hz
and 14,000 Hz, so its bandwidth
is 13,880 Hz. The maximum symbol rate for analog
transmission is usually the same as the
bandwidth as measured in hertz. If the circuit is very noisy, the
maximum symbol rate may fall as
low as 50% of the bandwidth. If the circuit has very little noise,

it is possible to transmit at rates
up to the bandwidth.
Digital transmission symbol rates can reach as high as two
times the bandwidth for techniques
that have only one voltage change per symbol (e.g., NRZ). For
digital techniques that have two
voltage changes per symbol (e.g., RZ, Manchester), the
maximum symbol rate is the same as the
bandwidth.
Standard telephone lines provide a bandwidth of 4,000 Hz.
Under perfect circumstances, the
maximum symbol rate is therefore about 4,000 symbols per
second. If we were to use basic AM
(1 bit per symbol), the maximum data rate would be 4,000 bits
per second (bps). If we were to
use QAM (4 bits per symbol), the maximum data rate would be
4 bits per symbol × 4,000 symbols
per second = 16,000 bps. A circuit with a 10 MHz bandwidth
using 64-QAM could provide up to
60 Mbps.
3.5.3 How Modems Transmit Data
The modem (an acronym for modulator/demodulator) takes the
digital data from a computer in
the form of electrical pulses and converts them into the analog
signal that is needed for trans-
mission over an analog voice-grade circuit. There are many
different types of modems available
today from dial-up modems to cable modems. For data to be
transmitted between two computers
using modems, both need to use the same type of modem.
Fortunately, several standards exist for
modems, and any modem that conforms to a standard can
communicate with any other modem

that conforms to the same standard.
A modem’s data transmission rate is the primary factor that
determines the throughput rate
of data, but it is not the only factor. Data compression can
increase throughput of data over a
communication link by literally compressing the data. V.44, the
ISO standard for data compres-
sion, uses Lempel–Ziv encoding. As a message is being
transmitted, Lempel–Ziv encoding builds
a dictionary of two-, three-, and four-character combinations
that occur in the message. Anytime
the same character pattern reoccurs in the message, the index to
the dictionary entry is transmit-
ted rather than sending the actual data. The reduction provided
by V.44 compression depends on
�
� �
�
Digital Transmission of Analog Data 77
the actual data sent but usually averages about 6:1 (i.e., almost
six times as much data can be sent
per second using V.44 as without it).
3.6 DIGITAL TRANSMISSION OF ANALOG DATA
In the same way that digital computer data can be sent over
analog telephone networks using ana-
log transmission, analog voice data can be sent over digital
networks using digital transmission.

This process is somewhat similar to the analog transmission of
digital data. A pair of special devices
called codecs (code/decode) is used in the same way that a pair
of modems is used to translate the
data to send across the circuit. One codec is attached to the
source of the signal (e.g., a telephone
or the local loop at the end office) and translates the incoming
analog voice signal into a digital
signal for transmission across the digital circuit. A second
codec at the receiver’s end translates
the digital data back into analog data.
3.6.1 Translating from Analog to Digital
Analog voice data must first be translated into a series of binary
digits before they can be trans-
mitted over a digital circuit. This is done by sampling the
amplitude of the sound wave at regular
intervals and translating it into a binary number. Figure 3-19
shows an example where eight differ-
ent amplitude levels are used (i.e., each amplitude level is
represented by 3 bits). The top diagram
shows the original signal, and the bottom diagram shows the
digitized signal.
A quick glance will show that the digitized signal is only a
rough approximation of the orig-
inal signal. The original signal had a smooth flow, but the
digitized signal has jagged “steps.” The
difference between the two signals is called quantizing error.
Voice transmissions using digitized
signals that have a great deal of quantizing error sound metallic
or machinelike to the ear.
There are two ways to reduce quantizing error and improve the
quality of the digitized sig-
nal, but neither is without cost. The first method is to increase

the number of amplitude levels.
This minimizes the difference between the levels (the “height”
of the “steps”) and results in a
smoother signal. In Figure 3-19, we could define 16 amplitude
levels instead of eight levels. This
would require 4 bits (rather than the current 3 bits) to represent
the amplitude, thus increasing
the amount of data needed to transmit the digitized signal.
No amount of levels or bits will ever result in perfect-quality
sound reproduction, but in
general, 7 bits (27 = 128 levels) reproduces human speech
adequately. Music, on the other hand,
typically uses 16 bits (216 = 65,536 levels).
The second method is to sample more frequently. This will
reduce the “length” of each “step,”
also resulting in a smoother signal. To obtain a reasonable-
quality voice signal, one must sample
at least twice the highest possible frequency in the analog
signal. You will recall that the high-
est frequency transmitted in telephone circuits is 4,000 Hz.
Thus, the methods used to digitize
telephone voice transmissions must sample the input voice
signal at a minimum of 8,000 times
per second. Sampling more frequently than this (called
oversampling) will improve signal quality.
RealNetworks.com, which produces Real Audio and other Web-
based tools, sets its products to
sample at 48,000 times per second to provide higher quality.
The iPod and most CDs sample at
44,100 times per second and use 16 bits per sample to produce
almost error-free music. Some
other MP3 players sample less frequently and use fewer bits per
sample to produce smaller trans-
missions, but the sound quality may suffer.

3.6.2 How Telephones Transmit Voice Data
When you make a telephone call, the telephone converts your
analog voice data into a simple ana-
log signal and sends it down the circuit from your home to the
telephone company’s network. This
process is almost unchanged from the one used by Bell when he
invented the telephone in 1876.
With the invention of digital transmission, the common carriers
(i.e., the telephone companies)
http://RealNetworks.com
�
� �
�
FIGURE 3-19
Pulse amplitude
modulation (PAM)
8
7
6
5
4
3
2
1
0

The signal (original wave) is quantized
into 128 pulse amplitudes (PAM). In this
example we have used only eight pulse amplitudes
for simplicity. These eight amplitudes can be
depicted by using only a 3-bit code instead
of the 8-bit code normally used to encode
each pulse amplitude.
Ei
gh
t
pu
ls
e
am
pl
it
ud
es
After quantizing, samples are taken at
specific points to produce amplitude
modulated pulses. These pulses are then
coded. Because we used eight pulse
levels, we only need three binary
positions to code each pulse.1 If we
had used 128 pulse amplitudes, then a
7-bit code plus one parity bit would
be required.
8

7
6
5
4
3
2
1
0
111 101010 000 100 001
1001 = PAM level 1
010 = PAM level 2
011 = PAM level 3
100 = PAM level 4
101 = PAM level 5
110 = PAM level 6
111 = PAM level 7
000 = PAM level 8
For digitizing a voice signal, 8,000 samples
per second are taken. These 8,000 samples
are then transmitted as a serial stream of
0s and 1s. In our case 8,000 samples times
3 bits per sample would require a 24,000
bps transmission rate. In reality, 8 bits per
sample times 8,000 samples requires a
64,000 bps transmission rate.
Pulse amplitudes (PAM)
Original wave
Ei
gh

t
pu
ls
e
am
pl
it
ud
es
began converting their voice networks to use digital
transmission. Today, all of the common car-
rier networks use digital transmission, except in the local loop
(sometimes called the last mile),
the wires that run from your home or business to the telephone
switch that connects your local
loop into the telephone network. This switch contains a codec
that converts the analog signal from
your phone into a digital signal. This digital signal is then sent
through the telephone network until
it hits the switch for the local loop for the person you are
calling. This switch uses its codec to con-
vert the digital signal used inside the phone network back into
the analog signal needed by that
person’s local loop and telephone (see Figure 3-20).
There are many different combinations of sampling frequencies
and numbers of bits per sam-
ple that could be used. For example, one could sample 4,000
times per second using 128 amplitude
levels (i.e., 7 bits) or sample at 16,000 times per second using
256 levels (i.e., 8 bits).

The North American telephone network uses pulse code
modulation (PCM). With PCM, the
input voice signal is sampled 8,000 times per second. Each time
the input voice signal is sampled,
�
� �
�
Digital Transmission of Analog Data 79
Digital Signal
101 001 111 000 100 010 101 000 011 010 111 000
Telephone
Network
Original Analog
Sound Wave
Sender
Receiver
111
110
101

100
011
010
001
000
101001111000100010101000011010111000
Le
ve
lsReproduced Analog
Sound Wave
111
110
101
100
011
010
001
000
101001111000100010101000011010111000

Le
ve
ls
CODEC
CODEC
FIGURE 3-20 Pulse amplitude modulation (PAM)
8 bits are generated. Therefore, the transmission speed on the
digital circuit must be 64,000 bps
(8 bits per sample × 8,000 samples per second) to transmit a
voice signal when it is in digital form.
Thus, the North American telephone network is built using
millions of 64 Kbps digital circuits that
connect via codecs to the millions of miles of analog local loop
circuits into the users’ residences
and businesses.
3.6.3 How Instant Messenger Transmits Voice Data
A 64 Kbps digital circuit works very well for transmitting voice
data because it provides very good
quality. The problem is that it requires a lot of capacity.
Adaptive differential pulse code modulation (ADPCM) is the
alternative used by IM and
many other applications that provide voice services over lower-
speed digital circuits. ADPCM
works in much the same way as PCM. It samples incoming
voice signals 8,000 times per second
and calculates the same 8-bit amplitude value as PCM.
However, instead of transmitting the 8-bit
value, it transmits the difference between the 8-bit value in the
last time interval and the current

8-bit value (i.e., how the amplitude has changed from one time
period to another). Because analog
voice signals change slowly, these changes can be adequately
represented by using only 4 bits. This
means that ADPCM can be used on digital circuits that provide
only 32 Kbps (4 bits per sample ×
8, 000 samples per second = 32, 000 bps).
Several versions of ADPCM have been developed and
standardized by the ITU-T. There are
versions designed for 8 Kbps circuits (which send 1 bit 8,000
times per second) and 16 Kbps cir-
cuits (which send 2 bits 8,000 times per second), as well as the
original 32 Kbps version. However,
�
� �
�
FIGURE 3-21
VoIP phone
use not permitted
there is a trade-off here. Although the 32 Kbps version usually
provides as good a sound quality
as that of a traditional voice telephone circuit, the 8 Kbps and
16 Kbps versions provide poorer
sound quality.

3.6.4 Voice over Internet Protocol (VoIP)
Voice over Internet Protocol (VoIP) (pronounced as “voyp”) is
commonly used to transmit
phone conversations over digital networks. VoIP is a relatively
new standard that uses digital
telephones with built-in codecs to convert analog voice data
into digital data (see Figure 3-21).
Because the codec is built into the telephone, the telephone
transmits digital data and therefore can
be connected directly into a local area network, in much the
same manner as a typical computer.
Because VoIP phones operate on the same networks as
computers, we can reduce the amount of
wiring needed; with VoIP, we need to operate and maintain only
one network throughout our
offices, rather than two separate networks—one for voice and
one for data. However, this also
means that data networks with VoIP phones must be designed to
operate in emergencies (to enable
911 calls) even when the power fails; they must have
uninterruptable power supplies (UPS) for all
network circuits.
One commonly used VoIP standard is G.722 wideband audio,
which is a version of ADPCM
that operates at 64 Kbps. It samples 8,000 times per second and
produces 8 bits per sample.
Because VoIP phones are digital, they can also contain
additional capabilities. For example,
high-end VoIP phones often contain computer chips to enable
them to download and install small
software applications so that they can function in many ways
like computers.

While the physical layer (layer 1) may not seem very exciting at
first sight, it offers lot of pos-
sibilities to a hacker to invade a computer or a network.
Therefore, the physical layer must be
protected just like the application layer. We refer to this type of
security as physical security. If
physical security, access to an organization’s hardware, is
jeopardized, no firewall, encryption, or
any other security measures would be able to protect the
organization.
Where does the problem with physical security originates?
Laptops, USB drives, tablets, you
name it, have the ability to easily copy data to and from and
therefore allow stealing of sensitive
data to be very easy. USB drives in particular are very
problematic. Many organizations disable
USB drives on computers because of the potential of stealing
data. Or many times, employees
�
� �
�
Summary 81
have good intentions to work on data at home, but it is very
easy to lose or misplace a USB drive.
Therefore, if you need to use a USB drive and want to have
sensitive data on it, always encrypt
the data. Also, never pick up a USB drive and plug it into your

computer because it is one of the
known ways how hackers get into a computer. Hackers, and
unfortunately also some commercial
vendors who manufacture USBs, put malware on USB drives
with the purpose of stealing your
data or your organization’s data.
In addition to devices that come and go from an organization,
routers and servers are poten-
tial source of problems when it comes to physical security.
These devices must be protected just
like the mobile devices. In the movie Ocean’s Eleven, Daniel
Ocean (played by George Clooney)
hires professionals from all over the country to steal $150
million from a safe in one of the casi-
nos. Among these professionals is Livingston Dell, who is an
expert in communication systems.
Livingston places a USB drive on one of the routers in the
casino’s server room and not only
highjacks the 911 call but also is able to look over the shoulders
of the security personnel.
Physical security, just like security at all layers, should be a
priority for organizations. Once
an organization allows and attacked to access its hardware,
there no security measure that will
protect it.
SUMMARY
Circuits Networks can be configured so that there is a separate
circuit from each client to the
host (called a point-to-point configuration) or so that several
clients share the same circuit (a
multipoint configuration). Data can flow through the circuit in
one direction only (simplex), in

both directions simultaneously (full-duplex), or by taking turns
so that data sometimes flow in
one direction and then in the other (half-duplex). A multiplexer
is a device that combines sev-
eral simultaneous low-speed circuits on one higher-speed circuit
so that each low-speed circuit
believes it has a separate circuit. In general, the transmission
capacity of the high-speed circuit
must equal or exceed the sum of the low-speed circuits.
Communication Media Media are either guided, in that they
travel through a physical cable
(e.g., twisted pair wires, coaxial cable, or fiber-optic cable), or
wireless, in that they are broadcast
through the air (e.g., radio, microwave, or satellite). Among the
guided media, fiber-optic cable
can transmit data the fastest with the fewest errors and offers
greater security but costs the most;
twisted pair wire is the cheapest and most commonly used. The
choice of wireless media depends
more on distance than on any other factor; radio is cheapest for
short distances, microwave is
cheapest for moderate distances, and satellite is cheapest for
long distances.
Digital Transmission of Digital Data Digital transmission (also
called baseband transmis-
sion) is done by sending a series of electrical (or light) pulses
through the media. Digital trans-
mission is preferred to analog transmission because it produces
fewer errors; is more efficient;
permits higher maximum transmission rates; is more secure; and
simplifies the integration of
voice, video, and data on the same circuit. With unipolar digital
transmission, the voltage changes
between 0 volts to represent a binary 0 and some positive value

(e.g., +15 volts) to represent a
binary 1. With bipolar digital transmission, the voltage changes
polarity (i.e., positive or negative)
to represent a 1 or a 0. Bipolar is less susceptible to errors.
Ethernet uses Manchester encoding,
which is a version of unipolar transmission.
Analog Transmission of Digital Data Modems are used to
translate the digital data produced
by computers into the analog signals for transmission in today’s
voice communication circuits.
Both the sender and receiver need to have a modem. Data are
transmitted by changing (or modu-
lating) a carrier sound wave’s amplitude (height), frequency
(length), or phase (shape) to indicate
a binary 1 or 0. For example, in AM, one amplitude is defined
to be a 1 and another amplitude is
defined to be a 0. It is possible to send more than 1 bit on every
symbol (or wave). For example,
�
� �
�
with AM, you could send 2 bits on each wave by defining four
amplitude levels. The capacity or
maximum data rate that a circuit can transmit is determined by
multiplying the symbol rate (sym-
bols per second) by the number of bits per symbol. Generally
(but not always), the symbol rate

is the same as the bandwidth, so bandwidth is often used as a
measure of capacity. V.44 is a data
compression standard that can be combined with any of the
foregoing types of modems to reduce
the amount of data in the transmitted signal by a factor of up to
six. Thus, a V.92 modem using
V.44 could provide an effective data rate of 56,00 × 6 = 336,
000 bps.
Digital Transmission of Analog Data Because digital
transmission is better, analog voice
data are sometimes converted to digital transmission. PCM is
the most commonly used technique.
PCM samples the amplitude of the incoming voice signal 8,000
times per second and uses 8 bits
to represent the signal. PCM produces a reasonable
approximation of the human voice, but more
sophisticated techniques are needed to adequately reproduce
more complex sounds such as music.
KEY TERMS
adaptive differential pulse
code modulation
(ADPCM), 79
American Standard Code
for Information
Interchange (ASCII),
69
amplitude modulation
(AM), 73
amplitude shift keying
(ASK), 73

amplitude, 73
analog transmission, 73
bandwidth, 76
baud rate, 75
bipolar, 71
bit rate, 75
bits per second (bps), 76
carrier wave, 73
circuit configuration, 59
circuit, 58
coaxial cable, 64
codec, 58
coding scheme, 69
data compression, 76
data rate, 76
digital subscriber line, 63
digital transmission, 71
fiber-optic cable, 64
frequency division
multiplexing (FDM),
61
Frequency modulation
(FM), 74
frequency shift keying
(FSK), 74
frequency, 61
full-duplex transmission,
60
guided media, 63

half-duplex transmission,
60
ISO 8859, 69
kilo Hertz (kHz), 71
lempel–Ziv encoding, 76
local loop, 78
logical circuit, 58
malware, 81
Manchester encoding, 72
microwave transmission,
66
modem, 58
multipoint circuit, 59
multiplexing, 60
parallel transmission, 69
phase, 73
phase modulation (PM),
74
phase shift keying (PSK),
74
physical circuit, 58
plain old telephone
service (POTS), 73
point-to-point circuit, 59
polarity, 70
pulse code modulation
(PCM), 78
quadrature amplitude

modulation (QAM),
75
quantizing error, 77
radio transmission, 65
retrain time, 60
satellite transmission, 66
serial transmission, 70
simplex transmission, 60
statistical time division
multiplexing (STDM),
61
switch, 78
symbol rate, 58
time division
multiplexing (TDM),
61
turnaround time, 60
twisted pair cable, 63
unicode, 69
unipolar, 71
USB drive, 81
V.44, 76
Voice over Internet
Protocol (VoIP), 80
wavelength division
multiplexing (WDM),
61

Wireless media, 63
QUESTIONS
1. How does a multipoint circuit differ from a point-to-
point circuit?
2. Describe the three types of data flows.
3. Describe three types of guided media.
4. Describe four types of wireless media.
5. How do analog data differ from digital data?
6. Clearly explain the differences among analog data, ana-
log transmission, digital data, and digital transmission.
7. Explain why most telephone company circuits are now
digital.
8. What is coding?
9. Briefly describe three important coding schemes.
10. How are data transmitted in parallel?
11. What feature distinguishes serial mode from parallel
mode?
�
� �
�
Exercises 83

12. How does bipolar signaling differ from unipolar signal-
ing? Why is Manchester encoding more popular than
either?
13. What are three important characteristics of a sound
wave?
14. What is bandwidth? What is the bandwidth in a tradi-
tional North American telephone circuit?
15. Describe how data could be transmitted using ampli-
tude modulation.
16. Describe how data could be transmitted using fre-
quency modulation.
17. Describe how data could be transmitted using phase
modulation.
18. Describe how data could be transmitted using a com-
bination of modulation techniques.
19. Is the bit rate the same as the symbol rate? Explain.
20. What is a modem?
21. What is quadrature amplitude modulation (QAM).
22. What is 64-QAM?
23. What factors affect transmission speed?
24. What is oversampling?
25. Why is data compression so useful?
26. What data compression standard uses Lempel–Ziv
encoding? Describe how it works.
27. Explain how pulse code modulation (PCM) works.
28. What is quantizing error?
29. What is the term used to describe the placing of two or

more signals on a single circuit?
30. What is the purpose of multiplexing?
31. How does DSL (digital subscriber line) work?
32. Of the different types of multiplexing, what distin-
guishes
a. frequency division multiplexing (FDM)?
b. time division multiplexing (TDM)?
c. statistical time division multiplexing (STDM)?
d. wavelength division multiplexing (WDM)?
33. What is the function of inverse multiplexing (IMUX)?
34. If you were buying a multiplexer, would you choose
TDM or FDM? Why?
35. Some experts argue that modems may soon become
obsolete. Do you agree? Why or why not?
36. What is the maximum capacity of an analog circuit
with a bandwidth of 4,000 Hz using QAM?
37. What is the maximum data rate of an analog circuit
with a 10 MHz bandwidth using 64-QAM and V.44?
38. What is the capacity of a digital circuit with a symbol
rate of 10 MHz using Manchester encoding?
39. What is the symbol rate of a digital circuit providing
100 Mbps if it uses bipolar NRz signaling?
40. What is VoIP?
EXERCISES
A. Investigate the costs of dumb terminals, network com-

puters, minimally equipped personal computers, and
top-of-the-line personal computers. Many equipment
manufacturers and resellers are on the Web, so it’s a
good place to start looking.
B. Investigate the different types of cabling used in your
organization and where they are used (e.g., LAN, back-
bone network).
C. Three terminals (T1, T2, T3) are to be connected to
three computers (C1, C2, C3) so that T1 is connected
to C1, T2 to C2 and T3 to C3. All are in different cities.
T1 and C1 are 1,500 miles apart, as are T2 and C2, and
T3 and C3. The points T1, T2, and T3 are 25 miles apart,
and the points C1, C2, and C3 also are 25 miles apart.
If telephone lines cost $1 per mile, what is the line cost
for three?
D. Investigate different types of satellite communication
services that are provided today.
E. Draw how the bit pattern 01101100 would be sent
using
a. Single-bit AM
b. Single-bit FM
c. Single-bit PM
d. Two-bit AM (i.e., four amplitude levels)
e. Two-bit FM (i.e., four frequencies)
f. Two-bit PM (i.e., four different phases)
g. Single-bit AM combined with single-bit FM
h. Single-bit AM combined with single-bit PM
i. Two-bit AM combined with two-bit PM
F. If you had to download a 20-page paper of 400 k (bytes)
from your professor, approximately how long would it

take to transfer it over the following circuits? Assume
that control characters add an extra 10% to the mes-
sage.
a. Dial-up modem at 33.6 Kbps
b. Cable modem at 384 Kbps
c. Cable modem at 1.5 Mbps
d. If the modem includes V.44 data compression with
a 6:1 data compression ratio, what is the data rate in
bits per second you would actually see in choice c?
�
� �
�
MINICASES
I. Eureka! (Part 1) Eureka! is a telephone- and Internet-
based concierge service that specializes in obtaining
things that are hard to find (e.g., Super Bowl tickets,
first-edition books from the 1500s, Fabergé eggs). It
currently employs 60 staff members who collectively
provide 24-hour coverage (over three shifts). They
answer the phones and respond to requests entered on
the Eureka! website. Much of their work is spent on
the phone and on computers searching on the Inter-
net. The company has just leased a new office building
and is about to wire it. What media would you suggest
the company install in its office and why?

II. Eureka! (Part 2) Eureka! is a telephone- and Internet-
things that are hard to find (e.g., Super Bowl tick-
ets, first-edition books from the 1500s, Fabergé eggs).
It currently employs 60 staff members who work
24 hours per day (over three shifts). Staff answer the
phone and respond to requests entered on the Eureka!
website. Much of their work is spent on the phone and
on computers searching on the Internet. What type of
connections should Eureka! consider from its offices to
the outside world, in terms of phone and Internet? Out-
line the pros and cons of each alternative below and
make a recommendation. The company has three alter-
natives:
1. Should the company use standard voice lines but
use DSL for its data ($40 per month per line for both
services)?
2. Should the company separate its voice and data
needs, using standard analog services for voice but
finding some advanced digital transmission ser-
vices for data ($40 per month for each voice line and
$300 per month for a circuit with 1.5 Mbps of data)?
3. Should the company search for all digital services
for both voice and data ($60 per month for an
all-digital circuit that provides two phone lines that
can be used for two voice calls, one voice call
and one data call at 64 Kbps, or one data call at
128 Kbps)?
III. Eureka! (Part 3) Eureka! is a telephone- and Internet-
things that are hard to find (e.g., Super Bowl tick-
ets, first-edition books from the 1500s, Fabergé eggs).

It currently employees 60 staff members who work
24 hours per day (over three shifts). Staff members
answer phone calls and respond to requests entered
on the Eureka! website. Currently, each staff member
has a desktop PC with two monitors and a twisted pair
connection (Cat5e) that offers speeds up to 100 Mbps.
Some employees made a suggestion to the CEO of
Eureka! to upgrade their connection to a fiber-optic
cable that can provide speeds up to 1 Gbps. What do
you think about this idea? How easy (difficult) is it to
change wiring from twisted pair to fiber optic? Can we
use the same network cards in the PCs, or do we need
to change them? How much would this change cost?
IV. (Speedy Package) Speedy Package is a same-day pack-
age delivery service that operates in Chicago. Each
package has a shipping label that is attached to the
package and is also electronically scanned and entered
into Speedy’s data network when the package is picked
up and when it is delivered. The electronic labels are
transmitted via a device that operates on a cell phone
network. (1) Assuming that each label is 1,000 bytes
long, how long does it take to transmit one label over
the cell network, assuming that the cell phone network
operates at 144 Kbps (144,000 bits per second) and that
there are 8 bits in a byte? and (2) if speedy were to
upgrade to the new, faster digital phone network that
transmits data at 200 Kbps (200,000 bits per second),
how long would it take to transmit a label?
V. (Boingo) Reread Management Focus 3.2. What other
alternatives can travelers consider? How is Boingo dif-
ferent from other companies offering hot spots, such
as T-Mobile or AT&T?
CASE STUDY

See the website at www.wiley.com/college/fitzgerald.
�
� �
�
Looking Inside Your Cable
One of the most commonly used types of local network
cable is Category 5 unshielded twisted pair cable, commonly
called “Cat 5.” Cat 5 (and an enhanced version called Cat 5e)
are used in Ethernet LANs. If you have installed a LAN in
your house or apartment, you probably used Cat 5 or Cat 5e.
Figure 3-22 shows a picture of a typical Cat 5 cable. Each
end of the cable has a connector called an RJ-45 connector
that enables the cable to be plugged into a computer or net-
work device. If you look closely at the connector, you will
see there are eight separate “pins.” You might think that this
would mean the Cat 5 can transmit data in parallel, but it
doesn’t do this. Cat 5 is used for serial transmission.
If you have an old Cat 5 cable (or are willing to spend a
few dollars to buy cheap cable), it is simple to take the con-
nector off. Simply take a pair of scissors and cut through

the cable a few inches from the connector. Figure 3-23
shows the same Cat 5 cable with the connector cutoff.
FIGURE 3-22 Cat 5 cable
Source: Courtesy of Alan Dennis
FIGURE 3-23 Inside a Cat 5 cable.
Source: Courtesy of Belkin International, Inc.
You can see why twisted pair is called twisted pair: a single
Cat 5 cable contains four separate sets of twisted pair wires
for a total of eight wires.
Unfortunately, this picture is in black and white so it is
hard to see the different colors of the eight wires inside the
cable. Figure 3-24 lists the different colors of the wires and
what they are used for under the EIA/TIA 568B standard
(the less common 568A standard uses the pins in differ-
ent ways). One pair of wires (connected to pins 1 and 2) is
used to transmit data from your computer into the network.
When your computer transmits, it sends the same data on
both wires; pin 1 (transmit+) transmits the data normally
and pin 2 (transmit−) transmits the same data with reversed
polarity. This way, if an error occurs, the hardware will likely
detect a different signal on the two cables. For example, if
there is a sudden burst of electricity with a positive polarity
(or a negative polarity), it will change only one of the trans-
missions from negative to positive (or vice versa) and leave
the other transmission unchanged. Electrical pulses gener-
ate a magnetic field that has very bad side effects on the other
wires. To minimize this, the two transmit wires are twisted
together so that the other wires in the cable receive both a
positive and a negative polarity magnetic field from the wires
twisted around each other, which cancel each other out.
Figure 3-24 also shows a separate pair of wires for receiv-

ing transmissions from the network (pin 3 [receive+] and
pin 6 [receive−]). These wires work exactly the same way
as transmit+ and transmit− but are used by the network to
send data to your computer. You’ll notice that they are also
twisted together in one pair of wires, even though they are
not side by side on the connector.
Figure 3-24 shows the pin functions from the viewpoint
of your computer. If you think about it, you’ll quickly real-
ize that the pin functions at the network end of the cable
are reversed; that is, pin 1 is receive+ because it is the wire
that the network uses to receive the transmit+ signal from
your computer. Likewise, pin 6 at the network end is the
transmit− wire because it is the wire on which your com-
puter receives the reversed data signal.
The separate set of wires for transmitting and receiving
means that Cat 5 is designed for full-duplex transmission.
It can send and receive at the same time because one set
of wires is used for sending data and one set is used for
receiving data. However, Cat 5 is not often used this way.
Most hardware that uses Cat 5 is designed to operate in a
half-duplex mode, even though the cable itself is capable of
full-duplex.
�
� �
�
Pin number

1
2
3
4
5
6
7
8
White with orange stripe
Orange with white stripe or solid orange
White with green stripe
Blue with white stripe or solid blue
White with blue stripe
Green with white stripe or solid green
White with brown stripe or solid brown
Brown with white stripe or solid brown
Transmit+
Transmit–

Receive+
Not used
Not used
Receive–
Not used
Not used
Color (EIA/TIA 568B standard) Name
FIGURE 3-24 Pin connection for Cat 5 at the computer end
You’ll also notice that the other four wires in the cable are
not used. Yes, that’s right; they are simply wasted.
Deliverable
Find a Cat 5 or Cat 5e cable and record what color wires are
used for each pin.
Making MP3 Files
MP3 files are good examples of analog-to-digital conversion.
It is simple to take an analog signal—such as your voice—
and convert it into a digital file for transmission or play-
back. In this activity, we will show you how to record your
voice and see how different levels of digital quality affect the
sound.
First, you need to download a sound editor and MP3

converter. One very good sound editor is Audacity—and
it’s free. Go to audacity.sourceforge.net and download and
install the audacity software. You will also need the plug-in
called LAME (an MP3 encoder), which is also free and avail-
able at lame.sourceforge.net.
Use Audacity to record music or your voice (you can use
a cheap microphone). Audacity records in very high qual-
ity, but will produce MP3 files in whatever quality level you
choose.
Once you have the file recorded, you can edit the Prefer-
ences to change the File Format to use in saving the MP3
file. Audacity/LAME offers a wide range of qualities. Try
recording at least three different quality levels. For example,
for high quality, you could use 320 Kbps, which means the
recording uses 320 Kbps of data per second. In other words,
the number of samples per second times the number of bits
per sample equals 320 Kbps. For regular quality, you could
use 128 Kbps. For low quality, you could use 16 Kbps.
Create each of these files and listen to them to hear the
differences in quality produced by the quantizing error. The
differences should be most noticeable for music. A recording
at 24 Kbps is often adequate for voice, but music will require
a better quality encoding.
Deliverable
1. Produce three MP3 files of the same music or voice
recording at three different quality levels.
2. List the size of each file.
3. Listen to each file and describe the quality differences

you hear (if any).
HANDS-ON ACTIVITY 3C
Making a Cat 5e Patch Cable
A patch cable is a cable that runs a short distance (usually
less than 10 feet) that connects a device into a wall jack, a
patch panel jack, or a device. If you have a desktop computer,
you’re using a patch cable to connect it into your Ethernet
LAN. Patch cables are relatively inexpensive (usually $10 or
�
� �
�
Hands-On Activity 3C 87
Cat 5e
RJ45 Connectors
CABLE TESTER
Cutter
CRIMPER
Crimper
Stripper

FIGURE 3-25 Tools and materials for making a patch cable
Source: Courtesy of Alexandra Durcikova
less), but compared to the cost of their materials, they are
expensive (the materials usually cost less than $1). Because
it is relatively easy to make a patch cable, many companies
make their own in order to save money.
To make your own patch cable, you will need a crimper,
some Cat 5e cable, two RJ45 connectors, and a cable tester
(optional) (see Figure 3-25).
1. Using the cutter on the crimping tool, cut a desired
length of Cat 5e cable.
2. Insert the end of the cable into the stripper and gen-
tly press on the cable while rotating it to remove the
outer insulation of the cable. Be careful not to cut the
twisted pairs inside. After removing the outer insula-
tion, visually inspect the twisted pairs for damage. Do
this on both ends of your cable. If any of the cables are
damaged, you need to cut them and start over.
3. Untwist the twisted pairs and straighten them. Once
they are straightened, put them into this order:
orange-white, orange, green-white, blue, blue-white,
green, brown-white, brown.
4. Hold the cable in your right hand; the orange-
white wire should be closest to you. Hold the RJ45
connector in your left hand with the little “handle” on
the bottom.
5. Insert the wires inside the connector all the way to the
end—you should be able to see the colors of the wires

when you look at the front of the connector. Make sure
that the wires don’t change order. The white insulation
should be about 1/3 of the way inside the connector. (If
you used the stripper on the tool properly, the length
of the wires will be exactly as needed to fit to the RJ45
connector.)
6. Now you are ready to crimp the connector. Insert the
RJ45 connector to the crimper and press really hard.
This will push the gold contacts on the connector onto
the twisted pairs.
7. Crimp the other end of the cable by repeating steps 4
through 7.
8. The final step is to test your cable. Turn on the cable
tester and insert both ends of the patch cable into the
tester. If you see the flashing light going down the indi-
cators 1 through 8, not skipping any number or chang-
ing the order, you made a fully functional patch cable.
If you don’t have a cable tester, you can use the cable
to connect your computer into an Ethernet LAN. If
you’re able to use the LAN, the cable is working.
Deliverable
A working patch cable.
�
� �
�

C H A P T E R 4
DATA LINK LAYER
The data link layer (also called layer 2) is responsible for
moving a message from one computer
or network device to the next computer or network device in the
overall path from sender or
receiver. It controls the way messages are sent on the physical
media. Both the sender and receiver
have to agree on the rules, or protocols, that govern how they
will communicate with each other.
A data link protocol determines who can transmit at what time,
where a message begins and ends,
and how a receiver recognizes and corrects a transmission error.
In this chapter, we discuss these
processes as well as several important sources of errors.
OBJECTIVES ◾ Understand the role of the data link layer
◾ Become familiar with two basic approaches to controlling
access to the media
◾ Become familiar with common sources of error and their
prevention
◾ Understand three common error detection and correction
methods
◾ Become familiar with several commonly used data link
protocols
4.2 Media Access Control
4.2.1 Contention
4.2.2 Controlled Access
4.2.3 Relative Performance
4.3 Error Control

4.3.1 Sources of Errors
4.3.2 Error Prevention
4.3.3 Error Detection
4.3.4 Error Correction via Retransmission
4.3.5 Forward Error Correction
4.3.6 Error Control in Practice
4.4 Data Link Protocols
4.4.1 Asynchronous Transmission
4.4.2 Synchronous Transmission
4.5 Transmission Efficiency
Summary
4.1 INTRODUCTION
In Chapter 1, we introduced the concept of layers in data
communications. The data link layer sits
between the physical layer (hardware such as the circuits,
computers, and multiplexers described
in Chapter 3) and the network layer (which performs addressing
and routing, as described in
Chapter 5).
The data link layer is responsible for sending and receiving
messages to and from other com-
puters. Its job is to reliably move a message from one computer
over one circuit to the next
computer where the message needs to go.
The data link layer performs two main functions and therefore
is often divided into two sub-
layers. The first sublayer (called the logical link control [LLC]
sublayer) is the data link layer’s
connection to the network layer above it. At the sending

computer, the LLC sublayer software is
responsible for communicating with the network layer software
(e.g., Internet Protocol (IP)) and
for taking the network layer Protocol Data Unit (PDU)—usually
an IP packet—and surround-
ing it with a data link layer PDU—often an Ethernet frame. At
the receiving computer, the LLC
88
�
� �
�
Media Access Control 89
sublayer software removes the data link layer PDU and passes
the message it contains (usually an
IP packet) to the network layer software.
The second sublayer (called the media access control [MAC]
sublayer) controls the physical
hardware. The MAC sublayer software at the sending computer
controls how and when the phys-
ical layer converts bits into the physical symbols that are sent
down the circuit. At the receiving
computer, the MAC sublayer software takes the data link layer
PDU from the LLC sublayer, con-
verts it into a stream of bits, and controls when the physical
layer actually transmits the bits over
the circuit. At the receiving computer, the MAC sublayer
receives a stream of bits from the physical

layer and translates it into a coherent PDU, ensures that no
errors have occurred in transmission,
and passes the data link layer PDU to the LLC sublayer.
Both the sender and receiver have to agree on the rules or
protocols that govern how their data
link layers will communicate with each other. A data link
protocol performs three functions:
◾ Controls when computers transmit (media access control)
◾ Detects and corrects transmission errors (error control)
◾ Identifies the start and end of a message by using a PDU
(message delineation)
4.2 MEDIA ACCESS CONTROL
Media access control refers to the need to control when
computers transmit. With point-to-point
full-duplex configurations, media access control is unnecessary
because there are only two com-
puters on the circuit, and full-duplex permits either computer to
transmit at any time.
Media access control becomes important when several
computers share the same communi-
cation circuit, such as a point-to-point configuration with a
half-duplex configuration that requires
computers to take turns or a multipoint configuration in which
several computers share the same
circuit. Here, it is critical to ensure that no two computers
attempt to transmit data at the same
time—but if they do, there must be a way to recover from the
problem. There are two fundamental
approaches to media access control: contention and controlled
access.
4.2.1 Contention

With contention, computers wait until the circuit is free (i.e., no
other computers are trans-
mitting) and then transmit whenever they have data to send.
Contention is commonly used in
Ethernet—Local Area Networks (LANs).
As an analogy, suppose that you are talking with some friends.
People listen, and if no one is
talking, they can talk. If you want to say something, you wait
until the speaker is done and then
you try to talk. Usually, people yield to the first person who
jumps in at the precise moment the
previous speaker stops. Sometimes, two people attempt to talk
at the same time, so there must be
some technique to continue the conversation after such a verbal
collision occurs.
4.2.2 Controlled Access
With controlled access, one device controls the circuit and
determines which clients can transmit
at what time. There are two commonly used controlled access
techniques: access requests and
polling.
With the access request technique, client computers that want to
transmit send a request to
transmit to the device that is controlling the circuit (e.g., the
wireless access point). The control-
ling device grants permission for one computer at a time to
transmit. When one computer has
�
� �

�
90 Chapter 4 Data Link Layer
permission to transmit, all other computers wait until that
computer has finished, and then, if
they have something to transmit, they use a contention
technique to send an access request.
The access request technique is like a classroom situation in
which the instructor calls on the
students who raise their hands. The instructor acts like the
controlling access point. When they
want to talk, students raise their hands and the instructor
recognizes them so they can contribute.
When they have finished, the instructor again takes charge and
allows someone else to talk. And of
course, just like in a classroom, the wireless access point can
choose to transmit whenever it likes.
Polling is the process of sending a signal to a client computer
that gives it permission to
transmit. With polling, the clients store all messages that need
to be transmitted. Periodically, the
controlling device (e.g., a wireless access point) polls the client
to see if it has data to send. If the
client has data to send, it does so. If the client has no data to
send, it responds negatively, and
the controller asks another client if it has data to send.
There are several types of polling. With roll-call polling, the
controller works consecutively
through a list of clients, first polling client 1, then client 2, and
so on, until all are polled. Roll-call
polling can be modified to select clients in priority so that some

get polled more often than others.
For example, one could increase the priority of client 1 by using
a polling sequence such as 1, 2, 3,
1, 4, 5, 1, 6, 7, 1, 8, 9.
Typically, roll-call polling involves some waiting because the
controller has to poll a client
and then wait for a response. The response might be an
incoming message that was waiting to
be sent, a negative response indicating nothing is to be sent, or
the full “time-out period” may
expire because the client is temporarily out of service (e.g., it is
malfunctioning or the user has
turned it off). Usually, a timer “times out” the client after
waiting several seconds without getting
a response. If some sort of fail-safe time-out is not used, the
circuit poll might lock up indefinitely
on an out-of-service client.
With hub polling (often called token passing), one device starts
the poll and passes it to the
next computer on the multipoint circuit, which sends its
message and passes the poll to the next.
That computer then passes the poll to the next, and so on, until
it reaches the first computer, which
restarts the process again.
4.2.3 Relative Performance
Which media access control approach is best: controlled access
or contention? There is no simple
answer. The key consideration is throughput—which approach
will permit the most amount of
user data to be transmitted through the network.
In general, contention approaches work better than controlled
approaches for small networks

that have low usage. In this case, each computer can transmit
when necessary, without waiting for
permission. Because usage is low, there is little chance of a
collision. In contrast, computers in a
controlled access environment must wait for permission, so
even if no other computer needs to
transmit, they must wait for the poll.
The reverse is true for large networks with high usage:
Controlled access works better. In
high-volume networks, many computers want to transmit, and
the probability of a collision using
contention is high. Collisions are very costly in terms of
throughput because they waste circuit
capacity during the collision and require both computers to
retransmit later. Controlled access
prevents collisions and makes more efficient use of the circuit,
and although response time does
increase, it does so more gradually (Figure 4-1).
The key for selecting the best access control technique is to find
the crossover point between
controlled and contention. Although there is no one correct
answer, because it depends on how
many messages the computers in the network transmit, most
experts believe that the crossover
point is often around 20 computers (lower for busy computers,
higher for less-busy computers).
For this reason, when we build shared multipoint circuits like
those often used in LANs or wireless
LANs, we try to put no more than 20 computers on any one
shared circuit.
�

� �
�
Error Control 91
FIGURE 4-1
Relative response
times
Traffic
R
es
po
ns
e
ti
m
e
Contention
Low
Short
Long
High
Controlled
access

4.3 ERROR CONTROL
Before learning the control mechanisms that can be
implemented to protect a network from errors,
you should realize that there are human errors and network
errors. Human errors, such as a mistake
in typing a number, usually are controlled through the
application program. Network errors, such
as those that occur during transmission, are controlled by the
network hardware and software.
There are two categories of network errors: corrupted data (data
that have been changed) and
lost data. Networks should be designed to (1) prevent, (2)
detect, and (3) correct both corrupted
data and lost data. We begin by examining the sources of errors
and how to prevent them and then
turn to error detection and correction.
Network errors are a fact of life in data communications
networks. Depending on the type
of circuit, they may occur every few hours, minutes, or seconds
because of noise on the lines.
No network can eliminate all errors, but most errors can be
prevented, detected, and corrected
by proper design. Inter-Exchange Carriers (IXCs) that provide
data transmission circuits provide
statistical measures specifying typical error rates and the
pattern of errors that can be expected
on the circuits they lease. For example, the error rate might be
stated as 1 in 500,000, meaning
there is 1 bit in error for every 500,000 bits transmitted.
Normally, errors appear in bursts. In a burst error, more than 1
data bit is changed by the
error-causing condition. In other words, errors are not

uniformly distributed in time. Although
an error rate might be stated as 1 in 500,000, errors are more
likely to occur as 100 bits every
50,000,000 bits. The fact that errors tend to be clustered in
bursts rather than evenly dispersed is
both good and bad. If the errors were not clustered, an error rate
of 1 bit in 500,000 would make it
rare for 2 erroneous bits to occur in the same character.
Consequently, simple character-checking
schemes would be effective at detecting errors. When errors are
more or less evenly distributed,
it is not difficult to grasp the meaning even when the error rate
is high, as it is in this sentence
(1 character in 20). But burst errors are the rule rather than the
exception, often obliterating 100
or more bits at a time. This makes it more difficult to recover
the meaning, so more reliance must be
placed on error detection and correction methods. The positive
side is that there are long periods
of error-free transmission, meaning that very few messages
encounter errors.
4.3.1 Sources of Errors
Line noise and distortion can cause data communication errors.
The focus in this section is on elec-
trical media such as twisted pair wire and coaxial cable, because
they are more likely to suffer from
noise than are optical media such as fiber-optic cable. In this
case, noise is undesirable electrical
signals (for fiber-optic cable, it is undesirable light). Noise is
introduced by equipment or natural
disturbances, and it degrades the performance of a
communication circuit. Noise manifests itself

�
� �
�
FIGURE 4-2
Sources of errors and
ways to minimize
them
as extra bits, missing bits, or bits that have been “flipped” (i.e.,
changed from 1 to 0 or vice versa).
Figure 4-2 summarizes the major sources of error and ways to
prevent them. The first six sources
listed there are the most important; the last three are more
common in analog rather than digital
circuits.
White noise or Gaussian noise (the familiar background hiss or
static on radios and tele-
phones) is caused by the thermal agitation of electrons and
therefore is inescapable. Even if the
equipment were perfect and the wires were perfectly insulated
from any and all external interfer-
ence, there still would be some white noise. White noise usually
is not a problem unless it becomes
so strong that it obliterates the transmission. In this case, the
strength of the electrical signal is
increased so it overpowers the white noise; in technical terms,
we increase the signal-to-noise ratio.
Impulse noise (sometimes called spikes) is the primary source
of errors in data communi-

cations. It is heard as a click or a crackling noise and can last as
long as 1∕100 of a second. Such a
click does not really affect voice communications, but it can
obliterate a group of data, causing a
burst error. At 1.5 Mbps, 15,000 bits would be changed by a
spike of 1∕100 of a second. Some of the
sources of impulse noise are voltage changes in adjacent lines,
lightning flashes during thunder-
storms, fluorescent lights, and poor connections in circuits.
Cross-talk occurs when one circuit picks up signals in another.
A person experiences
cross-talk during telephone calls when she or he hears other
conversations in the background.
It occurs between pairs of wires that are carrying separate
signals, in multiplexed links carrying
many discrete signals, or in microwave links in which one
antenna picks up a minute reflection
from another antenna. Cross-talk between lines increases with
increased communication
distance, increased proximity of the two wires, increased signal
strength, and higher-frequency
signals. Wet or damp weather can also increase cross-talk. Like
white noise, cross-talk has such a
low signal strength that it normally is not bothersome.
Echoes are the result of poor connections that cause the signal
to reflect back to the trans-
mitting equipment. If the strength of the echo is strong enough
to be detected, it causes errors.
Echoes, like cross-talk and white noise, have such a low signal
strength that they normally are not
bothersome. Echoes can also occur in fiber-optic cables when
connections between cables are not
properly aligned.

Attenuation is the loss of power a signal suffers as it travels
from the transmitting computer
to the receiving computer. Some power is absorbed by the
medium or is lost before it reaches the
receiver. As the medium absorbs power, the signal becomes
weaker, and the receiving equipment
has less and less chance of correctly interpreting the data. This
power loss is a function of the
transmission method and circuit medium. High frequencies lose
power more rapidly than do low
frequencies during transmission, so the received signal can thus
be distorted by unequal loss of
its component frequencies. Attenuation increases as frequency
increases or as the diameter of the
wire decreases.
Intermodulation noise is a special type of cross-talk. The
signals from two circuits combine
to form a new signal that falls into a frequency band reserved
for another signal. This type of
noise is similar to harmonics in music. On a multiplexed line,
many different signals are amplified
�
� �
�
Error Control 93
together, and slight variations in the adjustment of the
equipment can cause intermodulation
noise. A maladjusted modem may transmit a strong frequency

tone when not transmitting data,
thus producing this type of noise.
In general, errors are more likely to occur in wireless,
microwave, or satellite transmission
than in transmission through cables. Therefore, error detection
is more important when using
radiated media than guided media. Impulse noise is the most
frequent cause of errors in today’s
networks. Unfortunately, as the next section describes, it could
be very difficult to determine what
caused this type of error.
4.3.2 Error Prevention
Obviously, error prevention is very important. There are many
techniques to prevent errors (or
at least reduce them), depending on the situation. Shielding
(protecting wires by covering them
with an insulating coating) is one of the best ways to prevent
impulse noise, cross-talk, and inter-
modulation noise. Many different types of wires and cables are
available with different amounts of
shielding. In general, the greater the shielding, the more
expensive the cable and the more difficult
it is to install.
Moving cables away from sources of noise (especially power
sources) can also reduce impulse
noise, cross-talk, and intermodulation noise. For impulse noise,
this means avoiding lights and
heavy machinery. Locating communication cables away from
power cables is always a good idea.
For cross-talk, this means physically separating the cables from
other communication cables.
Cross-talk and intermodulation noise are often caused by

improper multiplexing. Chang-
ing multiplexing techniques (e.g., from FDM [Frequency
Division Multiplexing] to TDM [Time
Division Multiplexing]) or changing the frequencies or size of
the guardbands in FDM can help.
Many types of noise (e.g., echoes, white noise) can be caused
by poorly maintained equipment
or poor connections and splices among cables. This is
particularly true for echo in fiber-optic
cables, which is almost always caused by poor connections. The
solution here is obvious: Tune the
transmission equipment and redo the connections.
To avoid attenuation, telephone circuits have repeaters or
amplifiers spaced throughout their
length. The distance between them depends on the amount of
power lost per unit length of the
MANAGEMENT
FOCUS
4-1 Finding the Source of Impulse Noise
Several years ago, the University of Georgia radio station
received FCC (Federal Communications Commission)
approval to broadcast using a stronger signal. Immediately
after the station started broadcasting with the new signal,
the campus backbone network (BN) became unusable
because of impulse noise. It took 2 days to link the
impulse noise to the radio station, and when the radio
station returned to its usual broadcast signal, the problem
disappeared.
However, this was only the first step in the problem.

The radio station wanted to broadcast at full strength, and
there was no good reason for why the stronger broadcast
should affect the BN in this way. After 2 weeks of effort,
the problem was discovered. A short section of the BN ran
above ground between two buildings. It turned out that the
specific brand of outdoor cable we used was particularly
tasty to squirrels. They had eaten the outer insulating
coating off of the cable, making it act like an antennae to
receive the radio signals. The cable was replaced with a
steel-coated armored cable so the squirrels could not eat
the insulation. Things worked fine when the radio station
returned to its stronger signal.
�
� �
�
transmission line. An amplifier takes the incoming signal,
increases its strength, and retransmits
it on the next section of the circuit. They are typically used on
analog circuits such as the tele-
phone company’s voice circuits. The distance between the
amplifiers depends on the amount of
attenuation, although 1- to 10-mile intervals are common. On
analog circuits, it is important to
recognize that the noise and distortion are also amplified, along
with the signal. This means some
noise from a previous circuit is regenerated and amplified each
time the signal is amplified.

Repeaters are commonly used on digital circuits. A repeater
receives the incoming signal,
translates it into a digital message, and retransmits the message.
Because the message is recreated
at each repeater, noise and distortion from the previous circuit
are not amplified. This provides a
much cleaner signal and results in a lower error rate for digital
circuits.
4.3.3 Error Detection
It is possible to develop data transmission methodologies that
give very high error-detection
performance. The only way to do error detection is to send extra
data with each message. These
error-detection data are added to each message by the data link
layer of the sender on the basis of
some mathematical calculations performed on the message (in
some cases, error-detection meth-
ods are built into the hardware itself). The receiver performs the
same mathematical calculations
on the message it receives and matches its results against the
error-detection data that were trans-
mitted with the message. If the two match, the message is
assumed to be correct. If they don’t
match, an error has occurred.
In general, the larger the amount of error-detection data sent,
the greater the ability to detect
an error. However, as the amount of error-detection data is
increased, the throughput of useful data
is reduced, because more of the available capacity is used to
transmit these error-detection data
and less is used to transmit the actual message itself. Therefore,
the efficiency of data throughput
varies inversely as the desired amount of error detection is

increased.
Three well-known error-detection methods are parity checking,
checksum, and cyclic redun-
dancy checking.
Parity Checking One of the oldest and simplest error-detection
methods is parity. With this tech-
nique, one additional bit is added to each byte in the message.
The value of this additional parity
bit is based on the number of 1s in each byte transmitted. This
parity bit is set to make the total
number of 1s in the byte (including the parity bit) either an even
number or an odd number.
Figure 4-3 gives an example.
A little thought will convince you that any single error (a
switch of a 1 to a 0, or vice versa)
will be detected by parity, but it cannot determine which bit was
in error. You will know an error
occurred, but not what the error was. But if two bits are
switched, the parity check will not detect
any error. It is easy to see that parity can detect errors only
when an odd number of bits have
FIGURE 4-3
Using parity for error
detection
Assume that we are using even parity with 8-bit ASCII.
The letter V in 8-bit ASCII is encoded as 01101010.
Because there are four 1s (an even number), parity is set to 0.
This would be transmitted as 011010100.
Assume that we are using even parity with 8-bit ASCII.
The letter W in 8-bit ASCII is encoded as 00011010.

Because there are three 1s (an odd number), parity is set to 1.
This would be transmitted as 000110101.
�
� �
�
Error Control 95
been switched; any even number of errors cancel one another
out. Therefore, the probability of
detecting an error, given that one has occurred, is only about
50%. Many networks today do not
use parity because of its low error-detection rate. When parity is
used, protocols are described as
having odd parity or even parity.
Checksum With the checksum technique, a checksum (typically
1 byte) is added to the end of the
message. The checksum is calculated by adding the decimal
value of each character in the message,
dividing the sum by 255, and using the remainder as the
checksum. The receiver calculates its own
checksum in the same way and compares it with the transmitted
checksum. If the two values are
equal, the message is presumed to contain no errors. Use of
checksum detects close to 95% of the
errors for multiple-bit burst errors.
Cyclic Redundancy Check One of the most popular error-
checking schemes is cyclic redun-
dancy check (CRC). It adds 8, 16, 24, or 32 bits to the message.

With CRC, a message is treated
as one long binary number, which is divided by a preset
number, and the remainder is used as
the CRC code. The preset number is chosen so that the
remainder will be either 8 bits, 16 bits,
24 bits, or 32 bits. The receiving hardware divides the received
message by the same preset num-
ber, which generates a remainder. The receiving hardware
checks if the received CRC matches
the locally generated remainder. If it does not, the message is
assumed to be in error. In practice,
the CRC algorithm is implemented using binary logic on a bit-
by-bit basis to simplify memory
requirements.
CRC performs quite well. The most commonly used CRC codes
are CRC-16 (a 16-bit version),
CRC-CCITT (another 16-bit version), and CRC-32 (a 32-bit
version). The probability of detecting
an error is 100% for all errors of the same length as the CRC or
less. For example, CRC-16 is
guaranteed to detect errors if 16 or fewer bits are affected. If
the burst error is longer than the
CRC, then CRC is not perfect but is close to it. CRC-16 will
detect about 99.998% of all burst
errors longer than 16 bits, whereas CRC-32 will detect about
99.99999998% of all burst errors
longer than 32 bits.
4.3.4 Error Correction via Retransmission
Once error has been detected, it must be corrected. The
simplest, most effective, least expensive,
and most commonly used method for error correction is
retransmission. Interestingly, transport
layer (layer 3) is responsible for retransmission, and we will
discuss the details of it in Chapter 5.

4.3.5 Forward Error Correction
Forward error correction uses codes containing sufficient
redundancy to prevent errors by
detecting and correcting them at the receiving end without
retransmission of the original
message. The redundancy, or extra bits required, varies with
different schemes. It ranges from
a small percentage of extra bits to 100% redundancy, with the
number of error-detecting bits
roughly equaling the number of data bits. One of the
characteristics of many error-correcting
codes is that there must be a minimum number of error-free bits
between bursts of errors.
Forward error correction is commonly used in satellite
transmission. A round trip from
the earth station to the satellite and back includes a significant
delay. Error rates can fluctuate
depending on the condition of equipment, sunspots, or the
weather. Indeed, some weather con-
ditions make it impossible to transmit without some errors,
making forward error correction
essential. Compared with satellite equipment costs, the
additional cost of forward error correc-
tion is insignificant.
�
� �
�

TECHNICAL
FOCUS
4-1 How Forward Error Correction Works
To see how error-correcting codes work, consider the
example of a forward error-checking code in Figure 4-4,
called a Hamming code, after its inventor, R. W. Hamming.
This code is a very simple approach, capable of correct-
ing 1-bit errors. More sophisticated techniques (e.g.,
Reed–Solomon) are commonly used today, but this will
give you a sense of how they work.
The Hamming code associates even parity bits with
unique combinations of data bits. With a 4-data-bit code
as an example, a character might be represented by the
data-bit configuration 1010. Three parity bits, P1, P2, and
P4, are added, resulting in a 7-bit code, shown in the upper
half of Figure 4-6. Notice that the data bits (D3, D5, D6, D7)
are 1010 and the parity bits (P1, P2, P4) are 101.
As depicted in the upper half of Figure 4-6, parity bit
P1 applies to data bits D3, D5, and D7. Parity bit P2 applies
to data bits D3, D6, and D7. Parity bit P4 applies to data
bits D5, D6, and D7. For the example, in which D3, D5, D6,
D7 = 1010, P1 must equal 1 because there is only a single 1
among D3, D5, and D7 and parity must be even. Similarly,
P2 must be 0 because D3 and D6 are 1s. P4 is 1 because D6
is the only 1 among D5, D6, and D7.
Now, assume that during the transmission, data bit D7
is changed from a 0 to a 1 by line noise. Because this data
bit is being checked by P1, P2, and P4, all three parity bits

now show odd parity instead of the correct even parity. D7
is the only data bit that is monitored by all three parity bits;
therefore, when D7 is in error, all three parity bits show an
incorrect parity. In this way, the receiving equipment can
determine which bit was in error and reverse its state, thus
correcting the error without retransmission.
The lower half of the figure is a table that determines
the location of the bit in error. A 1 in the table means that
the corresponding parity bit indicates a parity error. Con-
versely, a 0 means that the parity check is correct. These
0s and 1s form a binary number that indicates the numeric
location of the erroneous bit. In the previous example, P1,
P2, and P4 checks all failed, yielding 111, or a decimal 7,
the subscript of the erroneous bit.
FIGURE 4-4
Hamming code for
forward error
correction
√ = Corresponding parity
check is correct
X = Corresponding parity
check fails
Determines in which
bit the error occured
P4 P2 P1
√ √ √
√ √ X
√ X √
√ X X

X √ √
X √ X
X X √
X X X
no error
P1
P2
D3
P4
D5
D6
D7
P1 P2 D3 P4 D5 D6
1 0 1 1 0 1 0
Checking relations between parity bits (P) and data bits (D)
Interpreting parity bit patterns
�
� �
�
Data Link Protocols 97
4.3.6 Error Control in Practice
In the Open Systems Interconnection (OSI) model (see Chapter
1), error control is defined to
be a layer-2 function—it is the responsibility of the data link

layer. However, in practice, we have
moved away from this. Most network cables—especially LAN
cables—are very reliable, and errors
are far less common than they were in the 1980s.
Therefore, most data link layer software used in LANs (i.e.,
Ethernet) is configured to detect
errors, but not correct them. Any time a packet with an error is
discovered, it is simply discarded.
Wireless LANs and some Wide Area Networks (WANs), where
errors are more likely, still perform
both error detection and error correction.
The implication from this is that error correction must be
performed at higher layers (see
Chapter 5, Section 5.3.3, for more information). This is
commonly done by the transport layer
using continuous automatic repeat reQuest (ARQ), as we shall
see in the next chapter. Transport
layer must be able to detect lost packets (i.e., those that have
been discarded) and request the
sender to retransmit them.
4.4 DATA LINK PROTOCOLS
In this section, we outline several commonly used data link
layer protocols, which are summarized
in Figure 4-5. Here we focus on message delineation, which
indicates where a message starts and
stops, and the various parts or fields within the message. For
example, you must clearly indicate
which part of a message or packet of data is the error-control
portion; otherwise, the receiver can-
not use it properly to determine if an error has occurred. The
data link layer performs this function
by adding a PDU to the packet it receives from the network
layer. This PDU is called a frame.

4.4.1 Asynchronous Transmission
Asynchronous transmission is often referred to as start–stop
transmission because the transmit-
ting computer can transmit a character whenever it is
convenient, and the receiving computer will
accept that character. It is typically used on point-to-point full-
duplex circuits (i.e., circuits that
have only two computers on them), so media access control is
not a concern. If you use VT100
protocol, or connect to a UNIX or Linux computer using Telnet,
chances are you are using asyn-
chronous transmission.
FIGURE 4-5 Protocol summary
�
� �
�
FIGURE 4-6
Asynchronous
transmission. ASCII =
United States of
America Standard
Code for Information
Interchange
0V

+3V
0 1 1 1 0 1 0 1 10
Idle Idle
Stop
bit
Parity
bit
7 bit ASCII data
Start
bit
With asynchronous transmission, each character is transmitted
independently of all other
characters. To separate the characters and synchronize
transmission, a start bit and a stop bit are
put on the front and back of each individual character. For
example, if we are using 7-bit ASCII
with even parity, the total transmission is 10 bits for each
character (1 start bit, 7 bits for the letter,
1 parity bit, 1 stop bit).
The start bit and stop bit are the opposite of each other.
Typically, the start bit is a 0 and
the stop bit is a 1. There is no fixed distance between characters
because the terminal transmits
the character as soon as it is typed, which varies with the speed
of the typist. The recognition
of the start and stop of each message (called synchronization)
takes place for each individual
character because the start bit is a signal that tells the receiver
to start sampling the incoming bits
of a character so the data bits can be interpreted into their

proper character structure. A stop bit
informs the receiver that the character has been received and
resets it for recognition of the next
start bit.
When the sender is waiting for the user to type the next
character, no data are sent; the com-
munication circuit is idle. This idle time really is artificial—
some signal always must be sent down
the circuit. For example, suppose that we are using a unipolar
digital signaling technique where
+5 volts indicates a 1 and 0 volts indicates a 0 (see Chapter 3).
Even if we send 0 volts, we are still
sending a signal, a 0 in this case. Asynchronous transmission
defines the idle signal (the signal that
is sent down the circuit when no data are being transmitted) as
the same as the stop bit. When
the sender finishes transmitting a letter and is waiting for more
data to send, it sends a continuous
series of stop bits. Figure 4-6 shows an example of
asynchronous transmission.
Some older protocols have two stop bits instead of the
traditional single stop bit. The use of
both a start bit and a stop bit is changing; some protocols have
eliminated the stop bit altogether.
4.4.2 Synchronous Transmission
With synchronous transmission, all the letters or data in one
group of data are transmitted at one
time as a block of data. This block of data is called a frame. For
example, a terminal or personal
computer will save all the keystrokes typed by the user and
transmit them only when the user
presses a special “transmit” key. In this case, the start and end
of the entire frame must be marked,

not the start and end of each letter. Synchronous transmission is
often used on both point-to-point
and multipoint circuits. For multipoint circuits, each packet
must include a destination address
and a source address, and media access control is important.
The start and end of each frame (synchronization) sometimes
are established by adding syn-
chronization characters (SYN) to the start of the frame.
Depending on the protocol, there may be
anywhere from one to eight SYN characters. After the SYN
characters, the transmitting computer
sends a long stream of data that may contain thousands of bits.
Knowing what code is being used,
the receiving computer counts off the appropriate number of
bits for the first character, assumes
that this is the first character, and passes it to the computer. It
then counts off the bits for the second
character, and so on.
In summary, asynchronous data transmission means each
character is transmitted as a totally
independent entity with its own start and stop bits to inform the
receiving computer that the
�
� �
�
Data Link Protocols 99
FIGURE 4-7

SDLC (synchronous
data link control)
frame layout
8 bits32 bitsVariable
length
8 bits8 bits
Flag FlagAddress Control Message
8 bits
Frame check
sequence
character is beginning and ending. Synchronous transmission
means that whole blocks of data
are transmitted as frames after the sender and the receiver have
been synchronized.
There are many protocols for synchronous transmission. We
discuss four commonly used
synchronous data link protocols.
Synchronous Data Link Control Synchronous data link control
(SDLC) is a mainframe proto-
col developed by IBM in 1972 that is still in use today. It uses a
controlled-access media access
protocol. If you use a 3270 protocol, you’re using SDLC.
Figure 4-7 shows a typical SDLC frame. Each SDLC frame
begins and ends with a special
bit pattern (01111110), known as the flag. The address field
identifies the destination. The length
of the address field is usually 8 bits but can be set at 16 bits; all

computers on the same network
must use the same length. The control field identifies the kind
of frame that is being transmitted,
either information or supervisory. An information frame is used
for the transfer and reception
of messages, frame numbering of contiguous frames, and the
like. A supervisory frame is used to
transmit acknowledgments (ACKs and NAKs). The message
field is of variable length and is the
user’s message. The frame check sequence field is a 32-bit CRC
code (some older versions use a
16-bit CRC).
High-Level Data Link Control High-level data link control
(HDLC) is a formal standard
developed by the ISO often used in WANs. HDLC is essentially
the same as SDLC, except that
the address and control fields can be longer. HDLC also has
several additional benefits that are
beyond the scope of this book, such as a larger sliding window
for continuous ARQ. It uses a
controlled-access media access protocol. One variant, Link
Access Protocol-Balanced (LAP-B),
uses the same structure as HDLC but is a scaled-down version
of HDLC (i.e., provides fewer of
those benefits mentioned that are “beyond the scope of this
book”). A version of HDLC called
Cisco HDLC (cHDLC) includes a network protocol field.
cHDLC and HDLC have gradually
replaced SDLC.
Ethernet Ethernet is a very popular LAN protocol, conceived by
Bob Metcalfe in 1973 and devel-
oped jointly by Digital, Intel, and Xerox in the 1970s. Since
then, Ethernet has been further refined
and developed into a formal standard called IEEE 802.3ac.

There are several versions of Ethernet
in use today. Ethernet uses a contention media access protocol.
There are several standard versions of Ethernet. Figure 4-8a
shows an Ethernet 803.3ac
frame. The frame starts with a 7-byte preamble, which is a
repeating pattern of ones and zeros
(10101010). This is followed by a start of frame delimiter,
which marks the start of the frame.
The destination address specifies the receiver, whereas the
source address specifies the sender. The
length indicates the length in 8-bit bytes of the message portion
of the frame. The VLAN tag
field is an optional 4-byte address field used by virtual LANs
(VLANs), which are discussed in
Preamble
7
bytes
Start of
Frame
1
byte
Destination
Address
6
bytes
Source
Address

6
bytes
VLAN
Tag
4
bytes
Length
2
bytes
Control
1–2
bytes
Data
46–1,500
bytes
Frame Check
Sequence
4
bytes
DSAP
1
byte
SSAP

1
byte
FIGURE 4-8a Ethernet 802.3ac frame layout
�
� �
�
Chapter 7. The Ethernet frame uses this field only when VLANs
are in use; otherwise, the field
is omitted, and the length field immediately follows the source
address field. When the VLAN
tag field is in use, the first 2 bytes are set to the number 24,832
(hexadecimal 81-00), which is
obviously an impossible packet length. When Ethernet sees this
length, it knows that the VLAN
tag field is in use. When the length is some other value, it
assumes that VLAN tags are not in use
and that the length field immediately follows the source address
field. The DSAP and SSAP are
used to pass control information between the sender and
receiver. These are often used to indicate
the type of network layer protocol the packet contains (e.g.,
TCP/IP or IPX/SPX, as described in
Chapter 5). The control field is used to hold the frame sequence
numbers and ACKs and NAKs
used for error control, as well as to enable the data link layers
of communicating computers to

exchange other control information. The last 2 bits in the first
byte are used to indicate the type
of control information being passed and whether the control
field is 1 or 2 bytes (e.g., if the last 2
bits of the control field are 11, then the control field is 1 byte in
length). In most cases, the control
field is 1-byte long. The maximum length of the message is
about 1,500 bytes. The frame ends
with a CRC-32 frame check sequence used for error detection.
Ethernet II is another commonly used version of Ethernet. Like
SDLC, it uses a preamble
to mark the start of the frame. It has the same source and
destination address format as
Ethernet 802.3ac. The type field is used to specify an ACK
frame or the type of network layer
packet the frame contains (e.g., IP). The data and frame check
sequence fields are the same as
Ethernet 802.3ac. Ethernet II has an unusual way of marking the
end of a frame. It uses bipolar
signaling to send 1s (positive voltage) and 0s (negative voltage)
(see Chapter 3). When the frame
ends, the sending computer transmits no signal for 96 bits (i.e.,
neither a 0 or a 1). After these
96 bits have been on no signal, the sending computer then
transmits the next frame, which starts
with a preamble, and so on. It is possible that in the time that
the computer is sending no signal,
some other computer could jump in and begin transmitting. In
fact, this 96-bit pause is designed
to prevent any one computer from monopolizing the circuit.
Figure 4-8b show an Ethernet II
frame.
Newer versions of these two types of Ethernet permit jumbo
frames with up to 9,000 bytes

of user data in the message field. Some vendors are
experimenting with super jumbo frames that
can hold up to 64,000 bytes. Jumbo frames are common for
some types of Ethernet such as gigabit
Ethernet (see Chapter 6).
Point-to-Point Protocol Point-to-Point Protocol (PPP) was
developed in the early 1990s and
is often used in WANs. It is designed to transfer data over a
point-to-point circuit but provides an
address so that it can be used on multipoint circuits. Figure 4-9
shows the basic layout of a PPP
frame, which is very similar to an SDLC or HDLC frame. The
frame starts with a flag and has
a 1-byte address (which is not used on point-to-point circuits).
The control field is typically not
used. The protocol field indicates what type of data packet the
frame contains (e.g., an IP packet).
The data field is variable in length and may be up to 1,500
bytes. The frame check sequence is
usually a CRC-16 but can be a CRC-32. The frame ends with a
flag.
FIGURE 4-8b
Ethernet II frame
layout
Preamble
7
bytes
Start of
Frame
1

byte
Destination
Address
6
bytes
Source
Address
6
bytes
2
bytes
Type
46–1,500
bytes
Frame Check
Sequence
4
bytes
Data
FIGURE 4-9
PPP frame layout
1
byte

Address
1
byte
1
byte
Control
2
bytes
1
byte
Variable
Length
2 or 4
bytes
Protocol Frame Check
Sequence
Data FlagFlag
�
� �
�
Transmission Efficiency 101

A Day in the Life: Network Support Technician
When a help call arrives at the help desk, the help desk staff
(first-level support) spends up to
10 minutes attempting to solve the problem. If they can’t, then
the problem is passed to the
second-level support, the network support technician.
A typical day in the life of a network support technician starts
by working on computers
from the day before. Troubleshooting usually begins with a
series of diagnostic tests to eliminate
hardware problems. The next step, for a laptop, is to remove the
hard disk and replace it with
a hard disk containing a correct standard image. If the computer
passes those tests, then the
problem is usually software. Then the fun begins.
Once a computer has been fixed, it is important to document all
the hardware and/or
software changes to help track problem computers or problem
software. Sometimes, a problem
is new but relatively straightforward to correct once it has been
diagnosed. In this case, the
technician will change the standard support process followed by
the technicians working at the
help desk to catch the problem before it is escalated to the
network support technicians. In other
cases, a new entry is made into the organization’s technical
support knowledge base so that if
another technician (or user) encounters the problem, it is easier
for him or her to diagnose
and correct the problem. About 10% of the network technician’s
time is spent documenting
solutions to problems.

Network support technicians also are the ones who manage new
inventory and set up and
configure new computers as they arrive from the manufacturer.
In addition, they are responsi-
ble for deploying new software and standard desktop images
across the network. Many compa-
nies also set aside standard times for routine training; in our
case, every Friday, several hours
are devoted to regular training.
Source: With thanks to Doug Strough
4.5 TRANSMISSION EFFICIENCY
One objective of a data communication network is to move the
highest possible volume of accu-
rate information through the network. The higher the volume,
the greater the resulting network’s
efficiency and the lower the cost. Network efficiency is affected
by characteristics of the circuits
such as error rates and maximum transmission speed, as well as
by the speed of transmitting and
receiving equipment, the error-detection and control
methodology, and the protocol used by the
data link layer.
Each protocol we discussed uses some bits or bytes to delineate
the start and end of each
message and to control error. These bits and bytes are necessary
for the transmission to occur, but
they are not part of the message. They add no value to the user,
but they count against the total
number of bits that can be transmitted.
Each communication protocol has both information bits and
overhead bits. Information bits
are those used to convey the user’s meaning. Overhead bits are

used for purposes such as error
checking and marking the start and end of characters and
packets. A parity bit used for error
checking is an overhead bit because it is not used to send the
user’s data; if you did not care about
errors, the overhead error checking bit could be omitted and the
users could still understand the
message.
Transmission efficiency is defined as the total number of
information bits (i.e., bits in the
message sent by the user) divided by the total bits in
transmission (i.e., information bits plus over-
head bits). For example, let’s calculate the transmission
efficiency of asynchronous transmission.
Assume that we are using 7-bit ASCII. We have 1 bit for parity,
plus 1 start bit and 1 stop bit.
�
� �
�
Therefore, there are 7 bits of information in each letter, but the
total bits per letter is 10 (7 + 3).
The efficiency of the asynchronous transmission system is 7 bits
of information divided by 10 total
bits or 70%.
In other words, with asynchronous transmission, only 70% of
the data rate is available for the

user; 30% is used by the transmission protocol. If we have a
communication circuit using a dial-up
modem receiving 56 Kbps, the user sees an effective data rate
(or throughput) of 39.2 Kbps. This
is very inefficient.
We can improve efficiency by reducing the number of overhead
bits in each message or by
increasing the number of information bits. For example, if we
remove the stop bits from asyn-
chronous transmission, efficiency increases to 7
9
or 77.8%. The throughput of a dial-up modem at
56 Kbps would increase 43.6 Kbps, which is not great but is at
least a little better.
The same basic formula can be used to calculate the efficiency
of synchronous transmis-
sion. For example, suppose that we are using SDLC. The
number of information bits is calculated
by determining how many information characters are in the
message. If the message portion of
the frame contains 100 information characters and we are using
an 8-bit code, then there are
100 × 8 = 800 bits of information. The total number of bits is
the 800 information bits plus the
overhead bits that are inserted for delineation and error control.
Figure 4-9 shows that SDLC has a
beginning flag (8 bits), an address (8 bits), a control field (8
bits), a frame check sequence (assume
that we use a CRC-32 with 32 bits), and an ending flag (8 bits).
This is a total of 64 overhead bits;
thus, efficiency is 800∕(800 + 64) = 92.6%. If the circuit
provides a data rate of 56 Kbps, then the

effective data rate available to the user is about 51.9 Kbps.
This example shows that synchronous networks usually are
more efficient than asynchronous
networks and that some protocols are more efficient than others.
The longer the message (1,000
characters as opposed to 100), the more efficient the protocol.
For example, suppose that the
message in the SDLC example contained 1,000 bytes. The
efficiency here would be 99.2% or
8,000∕(8000 + 64), giving an effective data rate of about 55.6
Kbps.
The general rule is that the larger the message field, the more
efficient the protocol. So why not
have 10,000-byte or even 100,000-byte packets to really
increase the efficiency? The answer is that
anytime a frame is received containing an error, the entire frame
must be retransmitted. Thus, if
an entire file is sent as one large packet (e.g., 100 K) and 1 bit
is received in error, all 100,000 bytes
must be sent again. Clearly, this is a waste of capacity.
Furthermore, the probability that a frame
contains an error increases with the size of the frame; larger
frames are more likely to contain
errors than are smaller ones, simply because of the laws of
probability.
Thus, in designing a protocol, there is a trade-off between large
and small frames. Small frames
are less efficient but are less likely to contain errors and cost
less (in terms of circuit capacity) to
retransmit if there is an error (Figure 4-10).
FIGURE 4-10
Frame size effects

on throughput
Frame size
Th
ro
ug
hp
ut
Optimum
frame size
Small frames
have
low efficiency
Large frames
increase probability
of errors and need
for retransmission
�
� �
�
Implications for Cyber Security 103
Throughput is the total number of information bits received per

second, after taking into
account the overhead bits and the need to retransmit frames
containing errors. Generally speak-
ing, small frames provide better throughput for circuits with
more errors, whereas larger frames
provide better throughput in less-error-prone networks.
Fortunately, in most real networks, the
curve shown in Figure 4-10 is very flat on top, meaning that
there is a range of frame sizes that
provide almost optimum performance. Frame sizes vary greatly
among different networks, but
the ideal frame size tends to be between 2,000 and 10,000 bytes.
So why are the standard sizes of Ethernet frames about 1,500
bytes? Because Ethernet was
standardized many years ago, when errors were more common.
Jumbo and super jumbo frame
sizes emerged from higher speed, highly error-free fiber-optic
networks.
MANAGEMENT
FOCUS
4-2 Sleuthing for the Right Frame Size
Optimizing performance in a network, particularly a
client–server network, can be difficult because few net-
work managers realize the importance of the frame size.
Selecting the right—or the wrong—frame size can have
greater effects on performance than anything you might do
to the server.
Standard Commercial, a multinational tobacco and
agricultural company, noticed a decrease in network
performance when they upgraded to a new server. They

tested the effects of using frame sizes between 500 bytes
and 32,000 bytes. In their tests, a frame size of 512 bytes
required a total of 455,000 bytes transmitted over their
network to transfer the test messages. In contrast, the
32,000-byte frames were far more efficient, cutting the
total data by 44% to 257,000 bytes.
However, the problem with 32,000-byte frames was
a noticeable response time delay because messages were
saved until the 32,000-byte frames were full before trans-
mitting.
The ideal frame size depends on the specific applica-
tion and the pattern of messages it generates. For Standard
Commercial, the ideal frame size appeared to be between
4,000 and 8,000 bytes. Unfortunately, not all network soft-
ware packages enable network managers to fine-tune frame
sizes in this way.
Adapted from: “Sleuthing for the Right Packet Size,”
InfoWorld, January 16, 1995.
One of the main responsibilities of the data link layer is to
determine who can transmit at what
time and ensure that the message is delivered to the correct
computer. The data link layer uses
the MAC address (a.k.a. physical address) to recognize the
source and destination addresses (see
Figures 4-8a and 4-8b) of two computers that communicate with
each other. If you want to allow
only certain computers to connect to your network, you can use
MAC address filtering. MAC
address filtering will create a list of MAC addresses that are
allowed to connect to a Wi-Fi network
or to a switch in corporate networks. This feature allows for

some degree of security.
However, MAC address filtering can offer a false sense of
security because of MAC address
spoofing. The MAC address is assigned to a computer network
interface card in a factory
and is therefore hardcoded on the network interface card (NIC)
and cannot be changed.
MAC address spoofing is a software-enabled technique that can
change the hardcoded MAC
address to any MAC address and thus overcome MAC address
filtering. There are many
tutorials on how to spoof a MAC address; here is one that does
a good job explaining it:
https://www.youtube.com/watch?v=ePtCvwmNhb4. Keep in
mind that while MAC address
spoofing is not illegal, what you do with it may be.
�
� �
�
SUMMARY
Media Access Control Media access control refers to controlling
when computers transmit.
There are three basic approaches. With roll-call polling, the
server polls client computers to see
if they have data to send; computers can transmit only when
they have been polled. With hub

polling or token passing, the computers themselves manage
when they can transmit by passing a
token to one other; no computer can transmit unless it has the
token. With contention, computers
listen and transmit only when no others are transmitting. In
general, contention approaches work
better for small networks that have low levels of usage, whereas
polling approaches work better
for networks with high usage.
Sources and Prevention of Error Errors occur in all networks.
Errors tend to occur in
groups (or bursts) rather than 1 bit at a time. The primary
sources of errors are impulse noises
(e.g., lightning), cross-talk, echo, and attenuation. Errors can be
prevented (or at least reduced) by
shielding the cables; moving cables away from sources of noise
and power sources; using repeaters
(and, to a lesser extent, amplifiers); and improving the quality
of the equipment, media, and their
connections.
Error Detection and Correction All error-detection schemes
attach additional error-
detection data, based on a mathematical calculation, to the
user’s message. The receiver performs
the same calculation on incoming messages, and if the results of
this calculation do not match
the error-detection data on the incoming message, an error has
occurred. Parity, checksum,
and CRC are the most common error-detection schemes. The
most common error-correction
technique is simply to ask the sender to retransmit the message
until it is received without error.
A different approach, forward error correction, includes
sufficient information to allow the

receiver to correct the error in most cases without asking for a
retransmission.
Message Delineation Message delineation means to indicate the
start and end of a message.
Asynchronous transmission uses start and stop bits on each
letter to mark where they begin and
end. Synchronous techniques (e.g., SDLC, HDLC, Ethernet,
PPP) group blocks of data together
into frames that use special characters or bit patterns to mark
the start and end of entire messages.
Transmission Efficiency and Throughput Every protocol adds
additional bits to the
user’s message before sending it (e.g., for error detection).
These bits are called overhead bits
because they add no value to the user; they simply ensure
correct data transfer. The efficiency
of a transmission protocol is the number of information bits sent
by the user divided by the total
number of bits transferred (information bits plus overhead bits).
Synchronous transmission pro-
vides greater efficiency than does asynchronous transmission.
In general, protocols with larger
frame sizes provide greater efficiency than do those with small
frame sizes. The drawback to large
frame sizes is that they are more likely to be affected by errors
and thus require more retrans-
mission. Small frame sizes are therefore better suited to error-
prone circuits, and large frames to
error-free circuits.
KEY TERMS
access request, 89
acknowledgment (ACK),

99
amplifiers, 93
asynchronous
transmission, 97
attenuation, 92
Automatic Repeat
reQuest (ARQ), 97
burst error, 91
checksum, 95
contention, 89
continuous ARQ, 99
controlled access, 89
cross-talk, 92
�
� �
�
Questions 105
cyclic redundancy check
(CRC), 95
echo, 92
efficiency, 94
error detection, 94

error prevention, 93
error rates, 91
Ethernet (IEEE 802.3), 99
even parity, 95
forward error correction,
95
frame, 98
Gaussian noise, 92
Hamming code, 96
high-level data link
control (HDLC), 99
hub polling, 90
impulse noise, 92
information bits, 101
intermodulation noise,
92
line noise, 91
Link Access
Protocol-Balanced
(LAP-B), 99
logical link control [LLC]
sublayer, 88
media access control, 89
media access control
[MAC] sublayer, 89
MAC address, 103
MAC address filtering,

103
MAC address spoofing,
103
negative acknowledgment
(NAK), 99
odd parity, 95
overhead bits, 101
parity bit, 94
parity check, 94
Point-to-Point Protocol
(PPP), 100
polling, 90
repeater, 93
roll-call polling, 90
sliding window, 99
start bit, 98
stop bit, 98
synchronization, 98
synchronous
transmission, 98
throughput, 103
token passing, 90
transmission efficiency,
101
white noise, 92
QUESTIONS
1. What does the data link layer do?

2. What is media access control, and why is it important?
3. Under what conditions is media access control unim-
portant?
4. Compare and contrast roll-call polling, hub polling (or
token passing), and contention.
5. Which is better, controlled access or contention?
Explain.
6. Define two fundamental types of errors.
7. Errors normally appear in _____, which is when
more than 1 data bit is changed by the error-causing
condition.
8. Is there any difference in the error rates of lower-speed
lines and higher-speed lines?
9. Briefly define noise.
10. Describe four types of noise. Which is likely to pose the
greatest problem to network managers?
11. How do amplifiers differ from repeaters?
12. What are the three ways of reducing errors and the
types of noise they affect?
13. Describe three approaches to detecting errors, includ-
ing how they work, the probability of detecting an
error, and any other benefits or limitations.
14. Briefly describe how even parity and odd parity work.
15. Briefly describe how checksum works.
16. How does CRC work?
17. How does forward error-correction work? How is it

different from other error-correction methods?
18. Under what circumstances is forward error correction
desirable?
19. Briefly describe how continuous ARQ works.
20. Which is the simplest (least sophisticated) protocol
described in this chapter?
21. Describe the frame layouts for SDLC, Ethernet,
and PPP.
22. What is transmission efficiency?
23. How do information bits differ from overhead bits?
24. Are stop bits necessary in asynchronous transmission?
Explain by using a diagram.
25. During the 1990s, there was intense competition
between two technologies (10-Mbps Ethernet and
16-Mbps token ring) for the LAN market. Ethernet
was promoted by a consortium of vendors, whereas
token ring was primarily an IBM product, even
though it was standardized. Ethernet won, and no one
talks about token ring anymore. Token ring used a
hub-polling-based approach. Outline a number of rea-
sons why Ethernet might have won. Hint: The reasons
were both technical and business.
26. Under what conditions does a data link layer protocol
need an address?
27. Are large frame sizes better than small frame sizes?
Explain.

28. What media access control technique does your class
use?
29. Show how the word “HI” would be sent using asyn-
chronous transmission using even parity (make
assumptions about the bit patterns needed). Show how
it would be sent using Ethernet.
�
� �
�
EXERCISES
A. Draw how a series of four separate messages would be
successfully sent from one computer to another if the
first message were transferred without error, the sec-
ond were initially transmitted with an error, the third
were initially lost, and the ACK for the fourth were ini-
tially lost.
B. How efficient would a 6-bit code be in asynchronous
transmission if it had 1 parity bit, 1 start bit, and 2 stop
bits? (Some old equipment uses 2 stop bits.)
C. What is the transmission rate of information bits
(TRIB) if you use ASCII (8 bits plus 1 parity bit), a
1,000-character frame, 56 Kbps modem transmission
speed, 20 control characters per frame, an error rate
of 1%, and a 30-millisecond turnaround time? What

is the TRIB if you add a half-second delay to the
turnaround time because of satellite delay?
D. Search the Web to find a software vendor that sells a
package that supports each of the following protocols:
SDLC, HDLC, Ethernet, and PPP (i.e., one package
that supports SDLC, another [or the same] for HDLC,
and so on).
E. Investigate the network at your organization (or a ser-
vice offered by an IXC) to find out the average error
rates.
F. What is the efficiency if a 100-byte file is transmitted
using Ethernet? A 10,000-byte file?
G. What is the propagation delay on a circuit using a LEO
satellite orbiting 500 miles above the earth if the speed
of the signal is 186,000 miles per second? If the satellite
is 22,000 miles above the earth?
H. Suppose that you are going to connect the computers
in your house or apartment. What media would you
use? Why? Would this change if you were building a
new house?
MINICASES
I. Smith, Smith, Smith, and Smith Smith, Smith,
Smith, and Smith is a regional accounting firm that
is putting up a new headquarters building. The build-
ing will have a backbone network that connects eight
LANs (two on each floor). The company is very con-
cerned with network errors. What advice would you
give regarding the design of the building and network

cable planning that would help reduce network errors?
II. Worldwide Charity Worldwide Charity is a chari-
table organization whose mission is to improve edu-
cation levels in developing countries. In each country
where it is involved, the organization has a small head-
quarters and usually 5–10 offices in outlying towns.
Staff members communicate with one another via
email on older computers donated to the organization.
Because Internet service is not reliable in many of the
towns in these countries, the staff members usually
phone headquarters and use a very simple Linux email
system that uses a server-based network architecture.
They also upload and download files. What range of
frame sizes is likely to be used?
III. Industrial Products Industrial Products is a small
light-manufacturing firm that produces a variety of
control systems for heavy industry. It has a network
that connects its office building and warehouse that
has functioned well for the last year, but over the past
week, users have begun to complain that the network is
slow. Clarence Hung, the network manager, did a quick
check of the number of orders over the past week and
saw no real change, suggesting that there has been no
major increase in network traffic. What would you sug-
gest that Clarence do next?
IV. Alpha Corp. Alpha Corp. is trying to decide the size
of the connection it needs to the Internet. The company
estimates that it will send and receive a total of about
1,000 emails per hour and that each email message is
about 1,500 bytes in size. The company also estimates
that it will send and receive a total of about 3,000 Web
pages per hour and that each page is about 40,000 bytes

in size. 1. Without considering transmission efficiency,
how large an Internet connection would you recom-
mend in terms of bits per second (assuming that each
byte is 8 bits in length)? 2. Assuming they use a syn-
chronous data link layer protocol with an efficiency of
about 90%, how large an Internet connection would
you recommend? 3. Suppose that Alpha wants to be
sure that its Internet connection will provide sufficient
capacity the next 2 years. How large an Internet con-
nection would you recommend?
�
� �
�
CASE STUDY
Capturing Packets on Your Network
In this chapter, we discussed several data link layer protocols,
such as SDLC and Ethernet. The objective of this Activity is
for you to see the data link layer frames in action on your
network.
Wireshark is one of the many tools that permit users to

examine the frames in their network. It is called a packet
sniffer because it enables you to see inside the frames and
packets that your computer sends, as well as the frames and
packets sent by other users on your LAN. In other words,
you can eavesdrop on the other users on your LAN to see
what websites they visit and even the email they send. We
don’t recommend using it for this reason, but it is impor-
tant that you understand that someone else could be using
FIGURE 4-11 Capturing packets with Wireshark
Ethereal to sniff your packets to see and record what you are
doing on the Internet.
1. Use your browser to connect to www.wireshark.org
and download and install the Wireshark software.
2. When you start Wireshark, you will see a screen like
that in Figure 4-11, minus the two smaller windows
on top.
a. Click Capture
b. Click Interfaces
c. Click the Capture button beside your Wireshark
connection (wireless LAN or traditional LAN).
�
� �
�

FIGURE 4-12 Analyzing packets with Wireshark
3. Wireshark will capture all packets moving through
your LAN. To make sure you have something to see,
open your Web browser and visit one or two websites.
After you have captured packets for 30–60 seconds,
return to Wireshark and click Stop.
4. Figure 4-12 shows the packets captured on my home
network. The top window in Wireshark displays the
complete list of packets in chronological order. Each
packet is numbered; I’ve scrolled the window, so the
first packet shown is packet 11. Wireshark lists the
time, the source IP address, the destination IP address,
the protocol, and some additional information about
each packet. The IP addresses will be explained in
more detail in the next chapter.
For the moment, look at packet number 16, the second
HTTP packet from the top. I’ve clicked on this packet, so
the middle window shows the inside of the packet. The first
line in this second window says the frame (or packet if you
prefer) is 1091 bytes long. It contains an Ethernet II packet,
an Internet Protocol (IP) packet, a Transmission Control
Protocol (TCP) packet, and a Hypertext Transfer Protocol
(HTTP) packet. Remember in Chapter 1 that Figure 1-4
described how each packet was placed inside another
packet as the message moved through the layers and was
transmitted.
Click on the plus sign (+) in front of the HTTP packet
to expand it. Wireshark shows the contents of the HTTP
packet. By reading the data inside the HTTP packet, you can

see that this packet was an HTTP request to my.yahoo.com
that contained a cookie. If you look closely, you’ll see that
the sending computer was a Tablet PC—that’s some of the
optional information my Web browser (Internet Explorer)
included in the HTTP header.
The bottom window in Figure 4-12 shows the exact bytes
that were captured. The section highlighted in gray shows
the HTTP packet. The numbers on the left show the data in
hexadecimal format, whereas the data on the right show the
text version. The data before the highlighted section are the
TCP packet.
From Chapter 2, you know that the client sends an HTTP
request packet to request a Web page, and the Web server
http://my.yahoo.com
�
� �
�
sends back an HTTP response packet. Packet number 25 in
the top window in Figure 4-12 is the HTTP response sent
back to my computer by the Yahoo! server. You can see that
the destination IP address in my HTTP request is the source
IP address of this HTTP packet.
5. Figure 4-12 also shows what happens when you click
the plus sign (+) in front of the Ethernet II packet
to expand it. You can see that this Ethernet packet

has a destination address and source address (e.g.,
00:02:2d:85:cb:e0).
Deliverables
1. List the layer 2, 3, 4, and 5 PDUs that are used in your
network to send a request to get a Web page.
2. List the source and destination Ethernet addresses on
the message.
3. What value is in the Ethernet type field in this mes-
sage? Why?
�
� �
�
C H A P T E R 5
NETWORK AND TRANSPORT LAYERS
The network layer and transport layer are responsible for
moving messages from end to end in
a network. They are so closely tied together that they are
usually discussed together. The transport
layer (layer 4) performs three functions: linking the application
layer to the network, segmenting
(breaking long messages into smaller packets for transmission),
and session management (estab-
lishing an end-to-end connection between the sender and
receiver). The network layer (layer 3)

performs two functions: routing (determining the next computer
to which the message should be
sent to reach the final destination) and addressing (finding the
address of that next computer).
There are several standard transport and network layer protocols
that specify how packets are
to be organized, in the same way that there are standards for
data link layer packets. However,
only one set of protocols is in widespread use today: the
Internet Protocol Suite, commonly called
Transmission Control Protocol/Internet Protocol (TCP/IP). This
chapter takes a detailed look at
how TCP/IP and the other protocols in the Internet Protocol
Suite work.
OBJECTIVES ◾ Be aware of the TCP/IP protocols
◾ Be familiar with linking to the application layer, segmenting,
and session management
◾ Be familiar with addressing
◾ Be familiar with routing
◾ Understand how TCP/IP works
5.2 Transport and Network Layer Protocols
5.2.1 Transmission Control Protocol (TCP)
5.2.2 Internet Protocol (IP)
5.3 Transport Layer Functions
5.3.1 Linking to the Application Layer
5.3.2 Segmenting
5.3.3 Session Management
5.4 Addressing
5.4.1 Assigning Addresses
5.4.2 Address Resolution

5.5 Routing
5.5.1 Types of Routing
5.5.2 Routing Protocols
5.5.3 Multicasting
5.5.4 The Anatomy of a Router
5.6 TCP/IP Example
5.6.1 Known Addresses
5.6.2 Unknown Addresses
5.6.3 TCP Connections
5.6.4 TCP/IP and Network Layers
Summary
5.1 INTRODUCTION
The transport and network layers are so closely tied together
that they are almost always dis-
cussed together. For this reason, we discuss them in the same
chapter. Transmission Control
Protocol/Internet Protocol (TCP/IP) is the most commonly used
set of transport and network
layer protocols, so this chapter focuses on TCP/IP.
The transport layer links the application software in the
application layer with the network
and is responsible for the end-to-end delivery of the message.
The transport layer accepts
110
�

� �
�
Introduction 111
Ethernet IP TCP MessageSMTP
IP TCP MessageSMTP
IP TCP MessageSMTP
TCP MessageSMTP
TCP MessageSMTP
MessageSMTPApplication
Layer
Transport
Layer
Network
Layer
Data Link
Layer
IP TCP MessageSMTP

IP TCP MessageSMTP
TCP MessageSMTP
TCP MessageSMTP
MessageSMTP
Physical
Layer
Application
Layer
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
Sender Receiver
FIGURE 5-1 Message transmission using layers. SMTP =
Simple Mail Transfer Protocol;
HTTP = Hypertext Transfer Protocol; IP = Internet Protocol;
TCP = Transmission Control
Protocol
outgoing messages from the application layer (e.g., Web, email,

and so on, as described in
Chapter 2) and segments them for transmission. Figure 5-1
shows the application layer software
producing an Simple Mail Transfer Protocol (SMTP) packet that
is split into two smaller TCP
segments by the transport layer. The Protocol Data Unit (PDU)
at the transport layer is called a
segment. The network layer takes the messages from the
transport layer and routes them through
the network by selecting the best path from computer to
computer through the network (and
adds an IP packet). The data link layer adds an Ethernet frame
and instructs the physical layer
hardware when to transmit. As we saw in Chapter 1, each layer
in the network has its own set of
protocols that are used to hold the data generated by higher
layers, much like a set of matryoshka
(nested Russian dolls).
The network and transport layers also accept incoming messages
from the data link layer
and organize them into coherent messages that are passed to the
application layer. For example,
as in Figure 5-1, a large email message might require several
data link layer frames to transmit.
The transport layer at the sender would break the message into
several smaller segments and give
them to the network layer to route, which in turn gives them to
the data link layer to transmit.
The network layer at the receiver would receive the individual
packets from the data link layer,
process them, and pass them to the transport layer, which would
reassemble them into the one
email message before giving it to the application layer.

�
� �
�
112 Chapter 5 Network and Transport Layers
In this chapter, we provide a brief look at the transport and
network layer protocols, before
turning our attention to how TCP/IP works. We first examine
the transport layer functions.
Addressing and routing are performed by the transport layer and
network layers working
together, so we will discuss them together rather than separate
them according to which part is
performed by the transport layer and which by the network
layer.
5.2 TRANSPORT AND NETWORK LAYER PROTOCOLS
There are different transport/network layer protocols, but one
family of protocols, the Internet
Protocol Suite, dominates. Each transport and network layer
protocol performs essentially the
same functions, but each is incompatible with the others unless
there is a special device to translate
between them. In this chapter, we focus on TCP/IP. A good
overview of protocols, at all layers, is
available at www.protocols.com.
The Transmission Control Protocol/Internet Protocol (TCP/IP)
was developed for the U.S.
Department of Defense’s Advanced Research Project Agency
network (ARPANET) by Vinton
Cerf and Bob Kahn in 1974. TCP/IP is the transport/network

layer protocol used on the Inter-
net. It is the world’s most popular protocol set, used by almost
all backbone networks (BNs) and
WANs. TCP/IP allows reasonably efficient and error-free
transmission. Because it performs error
checking, it can send large files across sometimes unreliable
networks with great assurance that
the data will arrive uncorrupted. TCP/IP is compatible with a
variety of data link protocols, which
is one reason for its popularity.
As the name implies, TCP/IP has two parts. TCP is the transport
layer protocol that links
the application layer to the network layer. It performs
segmenting: breaking the data into smaller
PDUs called segments, numbering them, ensuring that each
segment is reliably delivered, and
putting them in the proper order at the destination. IP is the
network layer protocol and performs
addressing and routing. IP software is used at each of the
intervening computers through which
the message passes; it is IP that routes the message to the final
destination. The TCP software needs
to be active only at the sender and the receiver, because TCP is
involved only when data comes
from or goes to the application layer.
5.2.1 Transmission Control Protocol (TCP)
A typical TCP segment has a 192-bit header (24 bytes) of
control information (Figure 5-2). Among
other fields, it contains the source and destination port
identifier. The destination port tells the
TCP software at the destination to which application layer
program the application layer packet
should be sent, whereas the source port tells the receiver which
application layer program the

packet is from. The TCP segment also provides a sequence
number so that the TCP software at
the destination can assemble the segments into the correct order
and make sure that no segments
have been lost.
The options field is optional and rarely used. Therefore, this
results in a 20-byte-long TCP
header. The header length field is used to tell the receiver how
long the TCP packet is—that is,
whether the options field is included.
Source
port
16
bits
Destination
port
16
bits
Sequence
number
32
bits
ACK
number
32
bits

Header
length
4
bits
Flow
control
16
bits
Urgent
pointer
16
bits
Unused
3
bits
Flags
9
bits
CRC–16
16
bits
Options
32

bits
User data
Varies
FIGURE 5-2 Transmission Control Protocol (TCP) segment.
ACK = Acknowledgment;
CRC = Cyclical Redundancy Check
�
� �
�
Transport and Network Layer Protocols 113
The Internet Protocol Suite has a second type of transport layer
protocol called User Data-
gram Protocol (UDP). UDP PDUs are called datagrams.
Typically, UDP is used when the sender
needs to send a single small packet to the receiver (e.g., for a
domain name service (DNS) request,
which we discuss later in this chapter). When there is only one
small packet to be sent, the trans-
port layer doesn’t need to worry about segmenting the outgoing
messages or reassembling them
upon receipt, so transmission can be faster. A UDP datagram
has only four fields (8 bytes of over-
head) plus the application layer packet: source port, destination
port, length, and a CRC-16. Unlike
TCP, UDP does not check for lost messages, so occasionally a
UDP datagram is lost and the mes-

sage must be resent. Interestingly, it is not the transport layer
that decides whether TCP or UDP
is going to be used. This decision is left to the engineer who is
writing the application.
5.2.2 Internet Protocol (IP)
The Internet Protocol (IP) is the network layer protocol.
Network layer PDUs are called packets.
Two forms of IP are currently in use. The older form is IP
version 4 (IPv4), which also has a
192-bit header (24 bytes) (Figure 5-3). This header contains
source and destination addresses,
packet length, and packet number. Similar to the TCP header,
the options field is rarely used, and
therefore, the header is usually 20 bytes long.
IP version 4 is being replaced by IPv6, which has a 320-bit
header (40 bytes) (Figure 5-4). The
primary reason for the increase in the packet size is an increase
in the address size from 32 bits to
128 bits. IPv6’s simpler packet structure makes it easier to
perform routing and supports a variety
of new approaches to addressing and routing.
Development of the IPv6 came about because IP addresses were
being depleted on the Inter-
net. IPv4 has a 4-byte address field, which means that there is a
theoretical maximum of about
4.2 billion addresses. However, about 500 million of these
addresses are reserved and cannot be
used, and the way addresses were assigned in the early days of
the Internet means that a small
number of companies received several million addresses, even
when they didn’t need all of them.
With the increased growth in Internet users, and the explosion
in mobile Internet devices, current

estimates project that we will run out of IPv4 addresses
sometime in 2011.
Internet Protocol version 6 uses a 16-byte-long address, which
provides a theoretical maxi-
mum of 3.4 × 1038 addresses—more than enough for the
foreseeable future. IPv4 uses decimals
to express addresses (e.g., 128.192.55.72), but IPv6 uses
hexadecimal (base 16) like Ethernet to
express addresses, which makes it slightly more confusing to
use. Addresses are eight sets of 2-byte
numbers (e.g., 2001:0890:0600:00d1:0000:0000:abcd:f010), but
because this can be long to write,
there is a IPv6 “compressed notation” that eliminates the
leading zeros within each block and
Version
number
4
bits
Header
length
4
bits
Type of
service
8
bits
Total
length

16
bits
16
bits
Hop
limit
Packet
offset
8
bits
CRC
16
Source
address
16
bits
Flags
3
bits
Identifiers
13
bits
Protocol

8
bits
32
bits
Destination
address
32
bits
Options
32
bits
User data
Varies
FIGURE 5-3 Internet Protocol (IP) packet (version 4). CRC =
Cyclical Redundancy Check
Version
number
4
bits
Priority
4
bits

Flow
name
24
bits
Total
length
Next
header
16
bits
8
bits
Hop
limit
Source
address
8
bits
128
bits
Destination
address
128
bits

User data
Varies
FIGURE 5-4 Internet Protocol (IP) packet (version 6)
�
� �
�
blocks that are all zeros. So, the preceding IPv6 address could
also be written as 2001:890:600:d1:
:abcd:f010.
Adoption of IPv6 has been slow. Most organizations have not
felt the need to change because
IPv6 provides few benefits other than the larger address space
and requires their staff to learn a
whole new protocol. In most cases, the shortage of addresses on
the Internet doesn’t affect orga-
nizations that already have Internet addresses, so there is little
incentive to convert to IPv6. Most
organizations that implement IPv6 also run IPv4, and IPv6 is
not backward-compatible with IPv4,
which means that all network devices must be changed to
understand both IPv4 and IPv6. The
cost of this conversion, along with the few benefits it provides
to organizations that do convert,
has led a number of commentators to refer to this as the IPv6
“mess.” To encourage the move to

IPv6, the U.S. government required all of its agencies to convert
to IPv6 on their WANs and BNs
by June 2008, but the change was not completed on time.
The size of the message field depends on the data link layer
protocol used. TCP/IP is
commonly combined with Ethernet. Ethernet has a maximum
packet size of 1,492 bytes, so the
maximum size of a TCP message field if IPv4 is used is 1,492 −
24 (the size of the TCP header) −
24 (the size of the IPv4 header) = 1,444.
5.3 TRANSPORT LAYER FUNCTIONS
The transport layer links the application software in the
application layer with the network and is
responsible for segmenting large messages into smaller ones for
transmission and for managing
the session (the end-to-end delivery of the message). One of the
first issues facing the applica-
tion layer is to find the numeric network address of the
destination computer. Different protocols
use different methods to find this address. Depending on the
protocol—and which expert you
ask—finding the destination address can be classified as a
transport layer function, a network layer
function, a data link layer function, or an application layer
function with help from the operating
system. In all honesty, understanding how the process works is
more important than memorizing
how it is classified. The next section discusses addressing at the
network layer and transport layer.
In this section, we focus on three unique functions performed by
the transport layer: linking the
application layer to the network layer, segmenting, and session
management.

5.3.1 Linking to the Application Layer
Most computers have many application layer software packages
running at the same time. Users
often have Web browsers, email programs, and word processors
in use at the same time on their
client computers. Similarly, many servers act as Web servers,
mail servers, FTP servers, and so on.
When the transport layer receives an incoming message, the
transport layer must decide to which
application program it should be delivered. It makes no sense to
send a Web page request to email
server software.
With TCP, each application layer software package has a unique
port address. Any message
sent to a computer must tell TCP (the transport layer software)
the application layer port address
that is to receive the message. Therefore, when an application
layer program generates an outgoing
message, it tells the TCP software its own port address (i.e., the
source port address) and the port
address at the destination computer (i.e., the destination port
address). These two port addresses
are placed in the first two fields in the TCP segment (see Figure
5-2).
Port addresses can be any 16-bit (2-byte) number. So, how does
a client computer sending
a Web request to a Web server know what port address to use
for the Web server? Simple. On
the Internet, all port addresses for popular services such as the
Web, email, and FTP have been
standardized. Anyone using a Web server should set up the Web
server with a port address of
80, which is called the well-known port. Web browsers,
therefore, automatically generate a port

�
� �
�
Transport Layer Functions 115
FTP
Server
Application
Layer
Transport
Layer
SMTP
Server
TCP
Web
Server
21 25 80
Internet
Explorer
Application
Layer
Transport

Layer
Outlook
TCP
Real
Player
1027 1028 1029
FTP
Server
Application
Layer
Transport
Layer
Telnet
Server
TCP
Music
Server
21 23 554
xyz.com Server
(201.66.43.12)
Client Computer
(198.128.43.103)

123.com Server
(156.45.72.10)
To: 201.66.43.12 port 80
From: 198.128.43.103 port 1027
To: 198.128.43.103 port 1028
From: 201.66.43.12 port 25
To: 156.45.72.10 port 554
From: 198.128.43.103 port 1029
FIGURE 5-5 Linking to application layer services
address of 80 for any Web page you click on. FTP servers use
port 21, Telnet 23, SMTP 25, and so
on. Network managers are free to use whatever port addresses
they want, but if they use a non-
standard port number, then the application layer software on the
client must specify the correct
port number.
Figure 5-5 shows a user running three applications on the client
(Internet Explorer, Outlook,
and RealPlayer), each of which has been assigned a different
port number, called a temporary port
number (1027, 1028, and 1029, respectively). Each of these can
simultaneously send and receive
data to and from different servers and different applications on
the same server. In this case, we
see a message sent by Internet Explorer on the client (port
1027) to the Web server software on
the xyz.com server (port 80). We also see a message sent by the
mail server software on port 25 to
the email client on port 1028. At the same time, the RealPlayer
software on the client is sending a

request to the music server software (port 554) at 123.com.
5.3.2 Segmenting
Some messages or blocks of application data are small enough
that they can be transmitted in one
frame at the data link layer. However, in other cases, the
application data in one “message” are
too large and must be broken into several frames (e.g., Web
pages, graphic images). As far as the
application layer is concerned, the message should be
transmitted and received as one large block
of data. However, the data link layer can transmit only
messages of certain lengths. It is therefore
up to the sender’s transport layer to break the data into several
smaller segments that can be sent
by the data link layer across the circuit. At the other end, the
receiver’s transport layer must receive
all these separate segments and recombine them into one large
message.
http://xyz.com
http://123.com
http://xyz.com
http://123.com
�
� �
�
Segmenting means to take one outgoing message from the
application layer and break it

into a set of smaller segments for transmission through the
network. It also means to take the
incoming set of smaller segments from the network layer and
reassemble them into one message
for the application layer. Depending on what the application
layer software chooses, the incoming
packets can be either delivered one at a time or held until all
packets have arrived and the message
is complete. Web browsers, for example, usually request
delivery of packets as they arrive, which
is why your screen gradually builds a piece at a time. Most
email software, conversely, usually
requests that messages be delivered only after all packets have
arrived and TCP has organized
them into one intact message, which is why you usually don’t
see email messages building screen
by screen.
The TCP is also responsible for ensuring that the receiver has
actually received all segments
that have been sent. TCP therefore uses continuous automatic
repeat reQuest (ARQ) (see also
Chapter 4).
One of the challenges at the transport layer is deciding how big
to make the segments.
Remember, we discussed packet sizes in Chapter 4. When
transport layer software is set up, it is
told what size segments it should use to make best use of its
own data link layer protocols (or
it chooses the default size of 536). However, it has no idea what
size is best for the destination.
Therefore, the transport layer at the sender negotiates with the
transport layer at the receiver to
settle on the best segment sizes to use. This negotiation is done
by establishing a TCP connection

between the sender and receiver.
5.3.3 Session Management
A session can be thought of as a conversation between two
computers. When the sending com-
puter wants to send a message to the receiver, it usually starts
by establishing a session with that
computer. The sender transmits the segments in sequence until
the conversation is done, and then
the sender ends the session. This approach to session
management is called connection-oriented
messaging.
Sometimes, the sender only wants to send one short information
message or a request. In this
case, the sender may choose not to start a session but just send
the one quick message and move
on. This approach is called connectionless messaging.
Connection-Oriented Messaging Connection-oriented messaging
sets up a TCP connection
(also called a session) between the sender and receiver. To
establish a connection, the trans-
port layer on both the sender and the receiver must send a SYN
(synchronize) and receive a
ACK (acknowledgement) segment. This process starts with the
sender (usually a client) sending
a SYN to the receiver (usually a server). The server responds
with an ACK for the sender’s/client’s
SYN and then sends its own SYN. SYN is usually a randomly
generated number that identifies
a packet. The last step is when the client sends an ACK for the
server’s SYN. This is called the
three-way handshake. This process also contains the segment
size negotiation and is responsible
for error correction via retransmission (described in Chapter 4).

Once the connection is established, the segments flow between
the sender and receiver. In
case of an error, the receiver simply asks the sender to
retransmit the message until it is received
without an error. TCP calls this Automatic Repeat reQuest
(ARQ). There are two types of ARQ:
stop-and-wait and continuous.
Stop-and-Wait ARQ With stop-and-wait ARQ, the sender stops
and waits for a response from
the receiver after each data packet. After receiving a packet, the
receiver sends either an acknowl-
edgment (ACK), if the packet was received without error, or a
negative acknowledgment (NAK),
if the message contained an error. If it is an NAK, the sender
resends the previous message. If it
�
� �
�
Transport Layer Functions 117
FIGURE 5-6
Stop-and-wait ARQ
(Automatic Repeat
reQuest). ACK =
Acknowledgment;
NAK = Negative
Acknowledgment

Packet A
Sender Receiver
ACK
Packet B
NAK
Packet B
ACK
No errors
detected
Errors
detected
No errors
detected
is an ACK, the sender continues with the next message. Stop-
and-wait ARQ is by definition a
half-duplex transmission technique (Figure 5-6).
Continuous ARQ With continuous ARQ, the sender does not
wait for an acknowledgment after
sending a message; it immediately sends the next one. Although
the messages are being trans-
mitted, the sender examines the stream of returning
acknowledgments. If it receives an NAK, the
sender retransmits the needed messages. The packets that are
retransmitted may be only those con-
taining an error (called Selective-Repeat ARQ or Link Access

Protocol for Modems [LAP-M])
or may be the first packet with an error and all those that
followed it (called Go-Back-N ARQ).
LAP-M is better because it is more efficient.
Continuous ARQ is by definition a full-duplex transmission
technique, because both the
sender and the receiver are transmitting simultaneously. (The
sender is sending messages, and
the receiver is sending ACKs and NAKs.) Figure 5-7 illustrates
the flow of messages on a com-
munication circuit using continuous ARQ. Continuous ARQ is
sometimes called sliding window
because of the visual imagery the early network designers used
to think about continuous ARQ.
Visualize the sender having a set of messages to send in
memory stacked in order from first to last.
Now imagine a window that moves through the stack from first
to last. As a message is sent, the
window expands to cover it, meaning that the sender is waiting
for an ACK for the message. As
an ACK is received for a message, the window moves forward,
dropping the message out of the
bottom of the window, indicating that it has been sent and
received successfully.
Continuous ARQ is also important in providing flow control,
which means ensuring that
the computer sending the message is not transmitting too
quickly for the receiver. For example,
if a client computer was sending information too quickly for a
server computer to store a file
being uploaded, the server might run out of memory to store the
file. By using ACKs and NAKs,
the receiver can control the rate at which it receives
information. With stop-and-wait ARQ, the

receiver does not send an ACK until it is ready to receive more
packets. In continuous ARQ,
the sender and receiver usually agree on the size of the sliding
window. Once the sender has
transmitted the maximum number of packets permitted in the
sliding window, it cannot send
any more packets until the receiver sends an ACK.
When the transmission is complete, the session is terminated
using a four-way handshake.
Because TCP/IP connection is a full-duplex connection, each
side of the session has to terminate
the connection independently. The sender (i.e., the client) will
start by sending with a FIN to
�
� �
�
FIGURE 5-7
Continuous ARQ
(Automatic Repeat
reQuest). ACK =
Acknowledgment;
NAK = Negative
Acknowledgment
Packet A
Sender Receiver

Packet B
ACK A
Packet C
ACK B
Packet D
No errors
detected
No errors
detected
NAK C
Packet C
ACK D
ACK C
No errors
detected
No errors
detected
Errors
detected
inform the receiver (i.e., the server) that is finished sending
data. The server acknowledges the

FIN sending an ACK. Then the server sends a FIN to the client.
The connection is successfully
terminated when the server receives the ACK for its FIN.
Connectionless Messaging Connectionless messaging means
each packet is treated separately
and makes its own way through the network. Unlike connection-
oriented routing, no connection
is established. The sender simply sends the packets as separate,
unrelated entities, and it is possible
that different packets will take different routes through the
network, depending on the type of
routing used and the amount of traffic. Because packets
following different routes may travel at
different speeds, they may arrive out of sequence at their
destination. The sender’s network layer,
therefore, puts a sequence number on each packet, in addition to
information about the message
stream to which the packet belongs. The network layer must
reassemble them in the correct order
before passing the message to the application layer.
The Internet Protocol Suite can operate either as connection-
oriented or connectionless.
When connection-oriented messaging is desired, TCP is used.
When connectionless messaging
is desired, the TCP segment is replaced with a UDP packet. The
UDP header is much smaller
than the TCP header (only 8 bytes).
Connectionless is most commonly used when the application
data or message can fit into
one single message. One might expect, for example, that
because Hypertext Transfer Protocol
(HTTP) requests are often very short, they might use UDP
connectionless rather than TCP

connection-oriented messaging. However, HTTP always uses
TCP. All of the application layer
software we have discussed so far uses TCP (HTTP, SMTP,
FTP, Telnet). UDP is most commonly
�
� �
�
Addressing 119
used for control messages such as addressing (DHCP [Dynamic
Host Configuration Protocol],
discussed later in this chapter), routing control messages (RIP
[Routing Information Pro-
tocol], discussed later in this chapter), and network management
(SNMP [Simple Network
Management Protocol], discussed in Chapter 12).
Quality of Service Quality of Service (QoS) routing is a special
type of connection-oriented
messaging in which different connections are assigned different
priorities. For example, video-
conferencing requires fast delivery of packets to ensure that the
images and voices appear
smooth and continuous; they are very time dependent because
delays in routing seriously
affect the quality of the service provided. Email packets,
conversely, have no such require-
ments. Although everyone would like to receive email as fast as
possible, a 10-second delay in
transmitting an email message does not have the same

consequences as a 10-second delay in a
videoconferencing packet.
With QoS routing, different classes of service are defined, each
with different priorities. For
example, a packet of videoconferencing images would likely get
higher priority than would an
SMTP packet with an email message and thus be routed first.
When the transport layer software
attempts to establish a connection (i.e., a session), it specifies
the class of service that connection
requires. Each path through the network is designed to support a
different number and mix of
service classes. When a connection is established, the network
ensures that no connections are
established that exceed the maximum number of that class on a
given circuit.
QoS routing is common in certain types of networks (e.g., ATM,
as discussed in Chapter 8).
The Internet provides several QoS protocols that can work in a
TCP/IP environment. Resource
Reservation Protocol (RSVP) and Real-Time Streaming Protocol
(RTSP) both permit applica-
tion layer software to request connections that have certain
minimum data transfer capabilities.
As one might expect, RTSP is geared toward audio/video
streaming applications, whereas RSVP
is more for general purpose.
Both QoS protocols, RSVP and RTSP, are used to create a
connection (or session) and request
a certain minimum guaranteed data rate. Once the connection
has been established, they use
Real-Time Transport Protocol (RTP) to send packets across the
connection. RTP contains infor-

mation about the sending application, a packet sequence
number, and a time stamp so that the data
in the RTP packet can be synchronized with other RTP packets
by the application layer software,
if needed.
With a name like Real-Time Transport Protocol, one would
expect RTP to replace TCP and
UDP at the transport layer. It does not. Instead, RTP is
combined with UDP. (If you read the
previous paragraph carefully, you noticed that RTP does not
provide source and destination port
addresses.) This means that each real-time packet is first
created using RTP and then surrounded
by a UDP datagram, before being handed to the IP software at
the network layer.
5.4 ADDRESSING
Before you can send a message, you must know the destination
address. It is extremely important
to understand that each computer has several addresses, each
used by a different layer. One
address is used by the data link layer, another by the network
layer, and still another by the
application layer.
When users work with application software, they typically use
the application layer address.
For example, in Chapter 2, we discussed application software
that used Internet addresses (e.g.,
www.indiana.edu). This is an application layer address (or a
server name). When a user types
an Internet address into a Web browser, the request is passed to
the network layer as part of an
application layer packet formatted using the HTTP protocol
(Figure 5-6) (see Chapter 2).

�
� �
�
FIGURE 5-8
Types of addresses
Address Example Software Example Address
Application layer Web browser www.kelley.indiana.edu
Network layer Internet Protocol 129.79.127.4
Data link layer Ethernet 00-0C-00-F5-03-5A
The network layer software, in turn, uses a network layer
address. The network layer protocol
used on the Internet is IP, so this Web address
(www.indiana.edu) is translated into an IP address
that is 4 bytes long when using IPv4 (e.g., 129.79.127.4)
(Figure 5-8). This process is similar to
using a phone book to go from someone’s name to his or her
phone number.
The network layer then determines the best route through the
network to the final destina-
tion. On the basis of this routing, the network layer identifies
the data link layer address of the
next computer to which the message should be sent. If the data

link layer is running Ethernet,
then the network layer IP address would be translated into an
Ethernet address. Chapter 3 shows
that Ethernet addresses are 6 bytes in length, so a possible
address might be 00-0F-00-81-14-00
(Ethernet addresses are usually expressed in hexadecimal)
(Figure 5-8). Data link layer addresses
are needed only on multipoint circuits that have more than one
computer on them. For example,
many WANs are built with point-to-point circuits that use
Point-to-Point Protocol (PPP) as the
data link layer protocol. These networks do not have data link
layer addresses.
5.4.1 Assigning Addresses
In general, the data link layer address is permanently encoded in
each network card, which is
why the data link layer address is also commonly called the
physical address or the media access
control (MAC) address. This address is part of the hardware
(e.g., Ethernet card) and should
never be changed. Hardware manufacturers have an agreement
that assigns each manufacturer
a unique set of permitted addresses, so even if you buy
hardware from different companies, it will
never have the same address. Whenever you install a network
card into a computer, it immedi-
ately has its own data link layer address that uniquely identifies
it from every other computer in
the world.
Network layer addresses are generally assigned by software.
Every network layer software
package usually has a configuration file that specifies the
network layer address for that com-
puter. Network managers can assign any network layer

addresses they want. It is important to
ensure that every computer on the same network has a unique
network layer address so that every
network has a standards group that defines what network layer
addresses can be used by each
organization.
Application layer addresses (such as Internet domain names or
Windows device names)
are also assigned by a software configuration file. Virtually all
servers have an application
layer address, but most client computers do not. This is because
it is important for users to easily
access servers and the information they contain, but there is
usually little need for someone
to access someone else’s client computer. As with network layer
addresses, network managers
can assign any application layer address they want, but a
network standards group must approve
Internet domain names to ensure that no two computers on the
Internet have the same name.
Network layer addresses and Internet domain names go hand in
hand, so the same standards
group usually assigns both (e.g., www.indiana.edu at the
application layer means 129.79.78.4
at the network layer). It is possible to have several Internet
names for the same computer. For
example, one of the Web servers in the Kelley School of
Business at Indiana University is called
both www.kelley.indiana.edu and www.kelley.iu.edu.
�
� �

�
Addressing 121
MANAGEMENT
FOCUS
5-1 Final Countdown for IPv4
The address space for IPv4 was depleted on Septem-
ber 24, 2015.There are no more IPv4 addresses left to
be assigned. The American Registry for Internet Numbers
(ARIN), which is in charge of the IPv4 address space,
is ready to help organizations that need IPv4 addresses.
ARIN created a service that allows organizations to transfer
IPv4 addresses they don’t need to another organization.
If a transfer is not available, organizations will be put on
a waiting list. The reality, however, we have reached the
inevitable end of IPv4, also called the “IPcalypse” by the
supporters of IPv6, who can’t wait for the world to convert
to IPv6.
Adapted from: www.arin.net
Internet Addresses No one is permitted to operate a computer on
the Internet unless he or she
uses approved addresses. ICANN (Internet Corporation for
Assigned Names and Numbers) is
responsible for managing the assignment of network layer
addresses (i.e., IP addresses) and appli-
cation layer addresses (e.g., www.indiana.edu). ICANN sets the
rules by which new domain names
(e.g., .com, .org, .ca, .uk) are created and IP address numbers
are assigned to users. ICANN also

directly manages a set of Internet domains (e.g., .com, .org,
.net) and authorizes private companies
to become domain name registrars for those domains. Once
authorized, a registrar can approve
requests for application layer addresses and assign IP numbers
for those requests. This means that
individuals and organizations wishing to register an Internet
name can use any authorized reg-
istrar for the domain they choose, and different registrars are
permitted to charge different fees
for their registration services. Many registrars are authorized to
issue names and addresses in the
ICANN managed domains, as well as domains in other countries
(e.g., .ca, .uk, .au).
Several application layer addresses and network layer addresses
can be assigned at the same
time. IP addresses are often assigned in groups, so that one
organization receives a set of numeri-
cally similar addresses for use on its computers. For example,
Indiana University has been assigned
the set of application layer addresses that end in indiana.edu
and iu.edu and the set of IP addresses
in the 129.79.x.x range (i.e., all IP addresses that start with the
numbers 129.79).
The IP protocol defines the address space that can be used on
the Internet. The address space is
the total number of addresses available. In general, if a protocol
uses N bits to define an address, the
available space is 2N (because each bit can be either 1 or 0).
Specifically, IPv4 uses 32 bits (4 bytes)
to define an address, and therefore, the number of available
addresses is 232 = 4,294, 967,296 or
approximately 4.3 billion.

These 4.3 billion addresses in the IPv4 address space are
divided into Internet address
classes. Although this terminology is considered to be old, you
can still run into people who
use it. Figure 5-7 shows the address ranges for each class of
addresses. There are three classes
of addresses that can be assigned to organizations: Class A,
Class B, and Class C. Addresses are
assigned into a particular class by the value of the first byte (the
original standard used the term
“octet” to mean a “byte,” so you may see documents using the
term “octet”). For example, Class A
addresses can have any number between 1 and 126 in the first
byte.
The first byte can be any number from 0 to 255 (for an
explanation, refer to Hands-On Activ-
ity 5C). Figure 5-9 shows that there are some numbers in the
first byte range that are not assigned
to any address range. An address starting with 0 is not allowed.
The 127 address range is reserved
for a computer to communicate with itself and is called the
loopback. Loopback is used mostly
by developers and system administrators when testing software.
Addresses starting from 224 are
reserved addresses that should not be used on IP networks.
Addresses from 224 to 239 belong
http://indiana.edu
http://iu.edu
�
� �

�
Class First
byte
Byte allocation Start
Address
End Address Number of
Networks
Number of
Hosts
A 1–126 Network.Host.Host.Host 1.0.0.0 126.255.255.255 128
(27) 16,777,216 (224)
B 128–191 Network.Network.Host.Host 128.0.0.0
191.255.255.255 16,384 (214) 65,536 (216)
C 192–223 Network.Network.Network.Host 192.0.0.0
223.255.255.255 2,097,152 (221) 256 (28)
FIGURE 5-9 IPv4 public address space
to Class D and are reserved for multicasting, which is sending
messages to a group of computers
rather than to one computer (which is normal) or every
computer on a network (called broad-
cast). Addresses from 240 to 254 belong to Class E and are
reserved for experimental use. Some
companies use the Class E addresses for multicasting internal
content in addition to the Class D
addresses. Addresses starting with 255 are reserved for

broadcast messages (which are explained
in more detail in the final section of this chapter).
Within each class, there is a set of addresses that are labeled as
private IPv4 address space
(see Figure 5-10). This address space can be used internally by
organizations, but routers on
the Internet do not route packets that use private addresses (they
simply discard them). For
this reason, private addresses are often used to increase
security. An organization will assign
private addresses to its computers so that hackers can’t send
messages to them. However, these
computers need to be able to send messages to other computers
on the Internet. The organization
has special devices (called NAT firewalls) that translate the
private addresses on messages that
these computers send into valid public addresses for use on the
Internet. We talk more about
NAT firewalls and the use of private addresses in Chapter 11.
The computer you’re using right
now probably has a private IP address (see Hands-On Activity
5A).
Figure 5-8 also shows how the newer terminology classless
addressing is used. Classless
addressing uses a slash to indicate the address range (it’s also
called slash notation). For example,
128.192.1.0 is a Class B address, so the first 2 bytes (16 bits)
are to be used for the network address
and the next 2 bytes (third and fourth bytes) are allocated for
host addresses. Using the slash
notation, one would identify this network as 128.192.1.0/16.
However, a network administrator
may decide that rather than allocating 16 bits for the network, it
would be more beneficial to

allocate 24 bits, and the remaining 8 bits would be used for
clients. Therefore, the network would
be identified as 128.192.1.0/24. We discuss more about bit
allocation for a network and hosts
when we discuss subnetting.
One of the problems with the current address system is that the
Internet is quickly run-
ning out of addresses. Although the 4-byte address of IPv4
provides more than 4 billion possible
addresses, the fact that they are assigned in sets significantly
limits the number of usable addresses.
For example, the address range owned by Indiana University
includes about 65,000 addresses, but
the university will probably not use all of them.
FIGURE 5-10
IPv4 private address
space
Class IP Address Range Classful Description Slash Notation
Number of
Hosts
A 10.0.0.0–10.255.255.255 One Class A address 10.0.0.0/8
16,777,216
B 172.16.0.0.–172.31.255.255 16 Class B addresses
172.16.0.0/16 1,048,576
C 192.168.0.0–192.168.255.255 256 Class C addresses
192.168.0.0/24 65,536
�

� �
�
Addressing 123
The IP address shortage was one of the reasons behind the
development of IPv6, discussed
previously. Once IPv6 is in wide use, the current Internet
address system will be replaced by a
totally new system based on 16-byte addresses. Most experts
expect that all the current 4-byte
addresses will simply be assigned an arbitrary 12-byte prefix
(e.g., all zeros) so that the holders of
the current addresses can continue to use them.
Subnets Each organization must assign the IP addresses it has
received to specific computers on
its networks. To make the IP address assignment more
functional, we use an addressing hierarchy.
The first part of the address defines the network, and the second
part of the address defines a
particular computer or host on the network. However, it is not
efficient to assign every computer
to the same network. Rather, subnetworks or subnets are
designed on the network that subdivide
the network into logical pieces. For example, suppose that a
university has just received a set of
addresses starting with 128.192.x.x. It is customary to assign all
the computers in the same LAN
numbers that start with the same first three digits, so the
business school LAN might be assigned
128.192.56.x, which means that all the computers in that LAN
would have IP numbers starting
with those numbers (e.g., 128.192.56.4, 128.192.56.5, and so

on) (Figure 5-11). The subnet ID
for this LAN then is 128.192.56. Two addresses on this subnet
cannot be assigned as IP address
to any computer. The first address is 128.192.56.0, and this is
the network address. The second
address is 128.192.56.255, which is the broadcast address. The
computer science LAN might be
assigned 128.192.55.x, and similarly, all the other LANs at the
university and the BN that connects
them would have a different set of numbers. Similar to the
business school LAN, the computer
science LAN would have a subnet ID 128.192.55. Thus,
128.192.55.0 and 128.192.55.255 cannot
be assigned to any computer on this network because they are
reserved for the network address
and broadcast address.
FIGURE 5-11
Address subnets
128.192.56.50
Business school subnet
(128.192.56.X)
Backbone subnet
(128.192.254.X)
128.192.56.51
128.192.56.52
128.192.56.1
128.192.254.3

Router
128.192.56.0 Network Address
128.192.56.255 Broadcast Address
128.192.55.20
Computer science subnet
(128.192.55.X)
128.192.55.21
128.192.55.22
128.192.55.6
128.192.254.4
Router
128.192.55.0 Network Address
128.192.55.255 Broadcast Address
�
� �
�
Routers connect two or more subnets so they have a separate
address on each subnet.
Without routers, the two subnets would not be able to

communicate. The routers in Figure 5-11,
for example, have two addresses each because they connect two
subnets and must have one
address in each subnet.
Although it is customary to use the first 3 bytes of the IP
address to indicate different subnets,
it is not required. Any portion of the IP address can be
designated as a subnet by using a subnet
mask. Every computer in a TCP/IP network is given a subnet
mask to enable it to determine which
computers are on the same subnet (i.e., LAN) that it is on and
which computers are outside of its
subnet. Knowing whether a computer is on your subnet is very
important for message routing, as
we shall see later in this chapter.
For example, a network could be configured so that the first 2
bytes indicated a subnet (e.g.,
128.184.x.x), so all computers would be given a subnet mask
giving the first 2 bytes as the subnet
indicator. This would mean that a computer with an IP address
of 128.184.22.33 would be on the
same subnet as 128.184.78.90.
IP addresses are binary numbers, so partial bytes can also be
used as subnets. For example, we
could create a subnet that has IP addresses between
128.184.55.1 and 128.184.55.127 and another
subnet with addresses between 128.184.55.128 and
128.184.55.254.
Dynamic Addressing To this point, we have said that every
computer knows its network layer
address from a configuration file that is installed when the
computer is first attached to the net-

work. However, this leads to a major network management
problem. Any time a computer is
moved or its network is assigned a new address, the software on
each individual computer must
be updated. This is not difficult, but it is very time-consuming
because someone must go from
office to office, editing files on each individual computer.
The easiest way around this is dynamic addressing. With this
approach, a server is designated
to supply a network layer address to a computer each time the
computer connects to the network.
This is commonly done for client computers but usually not for
servers.
TECHNICAL
FOCUS
5-1 Subnet Masks
Subnet masks tell computers what part of an Internet Pro-
tocol (IP) address is to be used to determine whether a
destination is on the same subnet or on a different sub-
net. A subnet mask is a 4-byte binary number that has the
same format as an IP address and is not routable on the net-
work. A 1 in the subnet mask indicates that that position is
used to indicate the subnet. A zero indicates that it is not.
Therefore, a mask can only contain a continuous stream
of ones.
A subnet mask of 255.255.255.0 means that the first 3
bytes indicate the subnet; all computers with the same first
3 bytes in their IP addresses are on the same subnet. This is
because 255 expressed in binary is 11111111.

In contrast, a subnet mask of 255.255.0.0 indicates
that the first 2 bytes refer to the same subnet.
Things get more complicated when we use partial-
byte subnet masks. For example, suppose that the subnet
mask was 255.255.255.128. In binary numbers, this is
expressed as
11111111.11111111.11111111.10000000
This means that the first 3 bytes plus the first bit in the
fourth byte indicate the subnet address.
Similarly, a subnet mask of 255.255.254.0 would indi-
cate the first 2 bytes plus the first 7 bits of third byte indicate
the subnet address, because in binary numbers, this is
11111111.11111111.11111110.00000000
The bits that are ones are called network bits because
they indicate which part of an address is the network or
subnet part, whereas the bits that are zeros are called host
bits because they indicate which part is unique to a specific
computer or host.
�
� �
�
Addressing 125

The most common standard for dynamic addressing is Dynamic
Host Configuration Pro-
tocol (DHCP). DHCP does not provide a network layer address
in a configuration file. Instead,
there is a special software package installed on the client that
instructs it to contact a DHCP server
to obtain an address. In this case, when the computer is turned
on and connects to the network,
it first issues a broadcast DHCP message that is directed to any
DHCP server that can “hear” the
message. This message asks the server to assign the requesting
computer a unique network layer
address. The server runs a corresponding DHCP software
package that responds to these requests
and sends a message back to the client, giving it its network
layer address (and its subnet mask).
The DHCP server can be configured to assign the same network
layer address to the com-
puter (on the basis of its data link layer address) each time it
requests an address, or it can lease
the address to the computer by picking the “next available”
network layer address from a list of
authorized addresses. Addresses can be leased for as long as the
computer is connected to the
network or for a specified time limit (e.g., 2 hours). When the
lease expires, the client computer
must contact the DHCP server to get a new address. Address
leasing is commonly used by Internet
Service Providers (ISPs) for dial-up users. ISPs have many more
authorized users than they have
authorized network layer addresses because not all users can log
in at the same time. When a user
logs in, his or her computer is assigned a temporary TCP/IP
address that is reassigned to the next
user when the first user hangs up.

Dynamic addressing greatly simplifies network management in
non-dial-up networks as well.
With dynamic addressing, address changes need to be made only
to the DHCP server, not to
each individual computer. The next time each computer
connects to the network or whenever the
address lease expires, the computer automatically gets the new
address.
5.4.2 Address Resolution
To send a message, the sender must be able to translate the
application layer address (or server
name) of the destination into a network layer address and in
turn translate that into a data link
layer address. This process is called address resolution. There
are many different approaches
to address resolution that range from completely decentralized
(each computer is responsible
for knowing all addresses) to completely centralized (there is
one computer that knows all
addresses). TCP/IP uses two different approaches, one for
resolving application layer addresses
into IP addresses and a different one for resolving IP addresses
into data link layer addresses.
Server Name Resolution Server name resolution is the
translation of application layer addresses
into network layer addresses (e.g., translating an Internet
address such as www.yahoo.com into an
IP address such as 204.71.200.74). This is done using the
Domain Name Service (DNS). Through-
out the Internet a series of computers called name servers
provide DNS services. These name
servers have address databases that store thousands of Internet
addresses and their corresponding

IP addresses. These name servers are, in effect, the “directory
assistance” computers for the Inter-
net. Anytime a computer does not know the IP number for a
computer, it sends a message to the
name server requesting the IP number.
Whenever you register an Internet application layer address,
you must inform the registrar
of the IP address of the name server that will provide DNS
information for all addresses in
that name range. For example, because Indiana University owns
the indiana.edu name, it can
create any name it wants that ends in that suffix (e.g.,
www.indiana.edu, www.kelley.indiana.edu,
abc.indiana.edu). When it registers its name, it must also
provide the IP address of the DNS
server that it will use to provide the IP addresses for all the
computers within this domain name
range (i.e., everything ending in indiana.edu). Every
organization that has many servers also has
its own DNS server, but smaller organizations that have only
one or two servers often use a DNS
server provided by their ISP. DNS servers are maintained by
network managers, who update their
http://www.yahoo.com
�
� �
�

address information as the network changes. DNS servers can
also exchange information about
new and changed addresses among themselves, a process called
replication.
When a computer needs to translate an application layer address
into an IP address, it sends
a special DNS request packet to its DNS server. This packet
asks the DNS server to send to the
requesting computer the IP address that matches the Internet
application layer address provided.
If the DNS server has a matching name in its database, it sends
back a special DNS response packet
with the correct IP address. If that DNS server does not have
that Internet address in its database,
it will issue the same request to another DNS server elsewhere
on the Internet.
For example, if someone at the University of Toronto were to
ask for a Web page on the server
(www.kelley.indiana.edu) at Indiana University, the software on
the Toronto client computer
would issue a DNS request to the University of Toronto DNS
server, called the resolving name
server (Figure 5-12). This DNS server probably would not know
the IP address of our server,
so it would send a DNS request to one of the DNS root servers
that it knows. The root server
would respond to the resolving name server with a DNS
response that said “I don’t know the IP
address you need, but ask this DNS server,” and it would
include the IP address of the top-level
domain (TLD) server for the requested website (in this case, the

.edu TLD server, because the
destination website is in the .edu domain). The resolving name
server would then send a DNS
request to the .edu TLD server. The .edu TLD domain server
would respond with a DNS response
that tells the resolving name server to ask the authoritative
name server for indiana.edu and
provides its IP address. The resolving name server would send a
DNS request to the authoritative
name server for indiana.edu. The authoritative name server
would then respond to the resolving
name server with the needed IP address, and the resolving name
server would send a DNS
response to the client computer with the IP address.
FIGURE 5-12
How the DNS system
works?
DNS Response
DN
S R
eq
ue
st
DN
S R
es
po
ns

e
DNS Response
DNS Request
St
ep
3
Step 6
Step 7
Step 4
Step 5
Ste
p
2
DNS Request
Step 1
Step 8
DNS Response
DNS Request
Client

computer Resolving
name server
Root server
Top Level Domain
(TLD) server
Authoritative
name server
�
� �
�
Routing 127
This is why it sometimes takes longer to access certain sites.
Most DNS servers know only
the names and IP addresses for the computers in their part of the
network. Some store frequently
used addresses (e.g., www.yahoo.com). If you try to access a
computer that is far away, it may take
a while before your computer receives a response from the
resolving name server.
Once your application layer software receives an IP address, it
is stored on your computer in
a DNS cache. This way, if you ever need to access the same

computer again, your computer does
not need to contact its resolving name server. The DNS cache is
routinely deleted whenever you
turn off your computer.
Data Link Layer Address Resolution To actually send a message
on a multipoint circuit, the
network layer software must know the data link layer address of
the receiving computer. The final
destination may be far away (e.g., sending from Toronto to
Indiana). In this case, the network
layer would route the message by selecting a path through the
network that would ultimately lead
to the destination. (Routing is discussed in the next section.)
The first step on this route would be
to send the message to its router.
To send a message to another computer in its subnet, a computer
must know the correct data
link layer address. In this case, the TCP/IP software sends a
broadcast message to all computers in
its subnet. A broadcast message, as the name suggests, is
received and processed by all computers
in the same LAN (which is usually designed to match the IP
subnet). The message is a specially
formatted request using Address Resolution Protocol (ARP) that
says, “Whoever is IP address
xxx.xxx.xxx.xxx, please send me your data link layer address.”
The software in the computer with
that IP address then sends an ARP response with its data link
layer address. The sender transmits
its message using that data link layer address. The sending
computer also stores the data link layer
address in its address table for future use.
5.5 ROUTING

Routing is the process of determining the route or path through
the network that a message will
travel from the sending computer to the receiving computer. In
some networks (e.g., the Internet),
there are many possible routes from one computer to another. In
other networks (e.g., internal
company networks), there may only be one logical route from
one computer to another. In either
case, some device has to route messages through the network.
Routing is done by special devices called routers. Routers are
usually found at the edge of
subnets because they are the devices that connect subnets
together and enable messages to flow
from one subnet to another as the messages move through the
network from sender to receiver.
Figure 5-13 shows a small network with two routers, R1 and R2.
This network has five subnets,
plus a connection to the Internet. Each subnet has its own range
of addresses (e.g., 10.10.51.x), and
each router has its IP address (e.g., 10.10.1.1). The first router
(R1) has four connections, one to the
Internet, one to router R2, and one to each of two subnets. Each
connection, called an interface,
is numbered from 0 to 3. The second router (R2) also has four
interfaces, one that connects to R1
and three that connect to other subnets.
Every router has a routing table that specifies how messages
will travel through the network.
In its simplest form, the routing table is a two-column table.
The first column lists every network
or computer that the router knows about, and the second column
lists the interface that connects
to it. Figure 5-14 shows the routing tables that might be used by
routers in Figure 5-13. The first

entry in R1’s routing table says that any message with an IP
address in the range from 10.10.51.0
to 10.10.51.255 should be sent out on interface 1.
A router uses its routing table to decide where to send the
messages it receives. Suppose that
a computer in the 10.10.43.x subnet sends an HTTP request for
a Web page that is located on the
company’s Web server, which is in the 10.10.20.x subnet (let’s
say the Web server has an IP address
�
� �
�
FIGURE 5-13
A small corporate
network
Internet
10.10.1.2
10.10.1.1
0
0
1

1
2
2
3
3
R2
R1
10.10.51.X 10.10.52.X
10.10.53.X
10.10.20.X
10.10.43.X
FIGURE 5-14
Sample routing tables
Router R1’s Routing Table
Network Address Interface
10.10.51.0–10.10.51.255 1
10.10.52.0–10.10.52.255 2
10.10.53.0–10.10.53.255 3

10.10.20.0–10.10.20.255 3
10.10.43.0–10.10.43.255 3
10.10.1.2 3
All other addresses 0
Router R2’s Routing Table
Network Address Interface
10.10.1.1 0
10.10.53.0–10.10.53.255 1
10.10.20.0–10.10.20.255 2
10.10.43.0–10.10.43.255 3
All other addresses 0
of 10.10.20.10). The computer would send the message to its
router, R2. R2 would look at the
IP address on the IP packet and search its routing table for a
matching address. It would search
through the table, from top to bottom, until it reached the third
entry, which is a range of addresses
that contains the Web server’s address (10.10.20.10). The
matching interface is number 2, so R2
would transmit the message on this interface.
The process would be similar if the same computer were to
request a page somewhere
on the Internet (e.g., www.yahoo.com). The computer would
send the message to its router,

R2. R2 would look at the IP address on the IP packet
(www.yahoo.com has an IP address of
69.147.125.65) and search its routing table for a matching entry.
It would look at the first four
entries and not find a match. It would reach the final entry that
says to send a message with any
other address on interface 0, so R2 would transmit this message
on interface 0 to router R1.
The same process would be performed by R1. It would search
through its routing table for an
address that matched 69.147.125.65 and not find it. When it
reaches the final entry, R1 knows to
send this message on interface 0 into the Internet.
5.5.1 Types of Routing
There are three fundamental approaches to routing: centralized
routing, static routing, and
dynamic routing. As you will see in the TCP/IP Example section
later in this chapter, the Internet
uses all three approaches.
http://www.yahoo.com
�
� �
�
Routing 129
Centralized Routing With centralized routing, all routing
decisions are made by one
central computer or router. Centralized routing is commonly

used in host-based networks (see
Chapter 2), and in this case, routing decisions are rather simple.
All computers are connected
to the central computer, so any message that needs to be routed
is simply sent to the central
computer, which in turn retransmits the message on the
appropriate circuit to the destination.
Static Routing Static routing is decentralized, which means that
all computers or routers in the
network make their own routing decisions following a formal
routing protocol. In WANs, the
routing table for each computer is developed by its individual
network manager (although network
managers often share information). In LANs or BNs, the routing
tables used by all computers on
the network are usually developed by one individual or a
committee. Most decentralized routing
protocols are self-adjusting, meaning that they can
automatically adapt to changes in the network
configuration (e.g., adding and deleting computers and circuits).
With static routing, routing decisions are made in a fixed
manner by individual computers
or routers. The routing table is developed by the network
manager, and it changes only when
computers are added to or removed from the network. For
example, if the computer recognizes
that a circuit is broken or unusable (e.g., after the data link
layer retry limit has been exceeded
without receiving an acknowledgment), the computer will
update the routing table to indicate
the failed circuit. If an alternate route is available, it will be
used for all subsequent messages.
Otherwise, messages will be stored until the circuit is repaired.
Static routing is commonly used

in networks that have few routing options that seldom change.
Dynamic Routing With dynamic routing (or adaptive routing),
routing decisions are made in
a decentralized manner by individual computers. This approach
is used when there are mul-
tiple routes through a network, and it is important to select the
best route. Dynamic routing
attempts to improve network performance by routing messages
over the fastest possible route,
away from busy circuits and busy computers. An initial routing
table is developed by the network
manager but is continuously updated by the computers
themselves to reflect changing network
conditions.
With distance vector dynamic routing, routers count the number
of hops along a route. A
hop is one circuit, so that router R1 in Figure 5-13 would know
it could reach a computer in the
10.10.52.X subnet in one hop, and a computer in the 10.10.43.X
subnet in two hops, by going
through R2. With this approach, computers periodically (usually
every 1–2 minutes) exchange
information on the hop count and sometimes on the relative
speed of the circuits in route and
how busy they are with their neighbors.
With link state dynamic routing, computers or routers track the
number of hops in the
route, the speed of the circuits in each route, and how busy each
route is. In other words, rather
than knowing just a route’s distance, link state routing tries to
determine how fast each possible
route is. Each computer or router periodically (usually every 30
seconds or when a major change

occurs) exchanges this information with other computers or
routers in the network (not just their
neighbors) so that each computer or router has the most
accurate information possible. Link state
protocols are preferred to distance vector protocols in large
networks because they spread more
reliable routing information throughout the entire network when
major changes occur in the net-
work. They are said to converge more quickly.
There are two drawbacks to dynamic routing. First, it requires
more processing by each
computer or router in the network than does centralized routing
or static routing. Computing
resources are devoted to adjusting routing tables rather than to
sending messages, which can
slow down the network. Second, the transmission of routing
information “wastes” network
capacity. Some dynamic routing protocols transmit status
information very frequently, which can
significantly reduce performance.
�
� �
�
5.5.2 Routing Protocols
A routing protocol is a protocol that is used to exchange
information among computers to enable
them to build and maintain their routing tables. You can think

of a routing protocol as the lan-
guage that is used to build the routing tables in Figure 5-14.
When new paths are added or paths
are broken and cannot be used, messages are sent among
computers using the routing protocol.
It can be useful to know all possible routes to a given
destination. However, as a network gets
quite large, knowing all possible routes becomes impractical;
there are simply too many possible
routes. Even at some modest number of computers, dynamic
routing protocols become imprac-
tical because of the amount of network traffic they generate. For
this reason, networks are often
subdivided into autonomous systems of networks.
An autonomous system is simply a network operated by one
organization, such as IBM or
Indiana University, or an organization that runs one part of the
Internet. Remember that we said
that the Internet was simply a network of networks. Each part of
the Internet is run by a separate
organization such as AT&T, MCI, and so on. Each part of the
Internet or each large organizational
network connected to the Internet can be a separate autonomous
system.
The computers within each autonomous system know about the
other computers in that
system and usually exchange routing information because the
number of computers is kept man-
ageable. If an autonomous system grows too large, it can be
split into smaller parts. The routing
protocols used inside an autonomous system are called interior
routing protocols.

Protocols used between autonomous systems are called exterior
routing protocols. Although
interior routing protocols are usually designed to provide
detailed routing information about all
TECHNICAL
FOCUS
5-2 Routing on the Internet
The Internet is a network of autonomous system networks.
Each autonomous system operates its own interior routing
protocol while using Border Gateway Protocol (BGP)
as the exterior routing protocol to exchange information
with the other autonomous systems on the Internet.
Although there are a number of interior routing protocols,
Open Shortest Path First (OSPF) is the preferred protocol,
and most organizations that run the autonomous systems
forming large parts of the Internet use OSPF.
Figure 5-15 shows how a small part of the Internet
might operate. In this example, there are six autonomous
systems (e.g., Sprint, AT&T), three of which we have shown
in more detail. Each autonomous system has a border
router that connects it to the adjacent autonomous systems
and exchanges route information via BGP. In this example,
autonomous system A is connected to autonomous system
B, which in turn is connected to autonomous system C.
A is also connected to C via a route through systems
D and E. If someone in A wants to send a message to
someone in C, the message should be routed through B
because it is the fastest route. The autonomous systems
must share route information via BGP so that the border
routers in each system know what routes are preferred. In
this case, B would inform A that there is a route through it

to C (and a route to E), and D would inform A that it has a
route to E, but D would not inform A that there is a route
through it to C. The border router in A would then have to
decide which route to use to reach E.
Each autonomous system can use a different interior
routing protocol. In this example, B is a rather simple
network with only a few devices and routes, and it uses
RIP, a simpler protocol in which all routers broadcast
route information to their neighbors every minute or so.
A and C are more complex networks and use OSPF.
Most organizations that use OSPF create a special router
called a designated router to manage the routing infor-
mation. Every 15 minutes or so, each router sends its
routing information to the designated router, which then
broadcasts the revised routing table information to all
other routers. If no designated router is used, then every
router would have to broadcast its routing information
to all other routers, which would result in a very large
number of messages. In the case of autonomous system C,
which has seven routers, this would require 42 separate
messages (seven routers each sending to six others). By
using a designated router, we now have only 12 separate
messages (the six other routers sending to the designated
router, and the designated router sending the complete set
of revised information back to the other six).
�
� �
�

Routing 131
or most computers inside the autonomous systems, exterior
protocols are designed to be more
careful in the information they provide. Usually, exterior
protocols provide information about
only the preferred or the best routes rather than all possible
routes.
There are many different protocols that are used to exchange
routing information. Five are
commonly used on the Internet: Border Gateway Protocol
(BGP), Internet Control Message Pro-
tocol (ICMP), Routing Information Protocol (RIP), Intermediate
System to Intermediate Sys-
tem (IS-IS) Open Shortest Path First (OSPF), and Enhanced
Interior Gateway Routing Protocol
(EIGRP).
Border Gateway Protocol (BGP) is a dynamic distance vector
exterior routing protocol used
on the Internet to exchange routing information between
autonomous systems—that is, large
sections of the Internet. Although BGP is the preferred routing
protocol between Internet sections,
it is seldom used inside companies because it is large, complex,
and often hard to administer.
Internet Control Message Protocol (ICMP) is the simplest
interior routing protocol on the
Internet. ICMP is simply an error-reporting protocol that
enables computers to report routing
errors to message senders. ICMP also has a very limited ability
to update routing tables.
FIGURE 5-15

Routing on the
Internet with Border
Gateway Protocol
(BGP), Open Shortest
Path First (OSPF), and
Routing Information
Protocol (RIP) Border Router
Router 4
Router 3
OSPF
Designated Router
Autonomous System A
(using OSPF)
Router 5
Router 2
Router 1
Router 4
Router 3
Border
Router
Autonomous System C
(using OSPF)
Router 5
Router 6

Router 2
Router 1
BGP
BGP
Router 4
Border
Router
Autonomous System B
(using RIP)
Router 2
Router 1
Router 3
Autonomous System F
Autonomous System E
Autonomous System D
BGP
BGP
BGP
BGP

�
� �
�
Routing Information Protocol (RIP) is a dynamic distance
vector interior routing protocol
that is commonly used in smaller networks, such as those
operated by one organization. The net-
work manager uses RIP to develop the routing table. When new
computers are added, RIP simply
counts the number of computers in the possible routes to the
destination and selects the route with
the least number. Computers using RIP send broadcast messages
every minute or so (the timing
is set by the network manager) announcing their routing status
to all other computers. RIP is used
by both TCP/IP and IPX/SPX.
Intermediate System to Intermediate System (IS-IS) is a link
state interior routing protocol
that is commonly used in large networks. IS-IS is an ISO
protocol that has been added to many
TCP/IP networks.
Open Shortest Path First (OSPF) is a dynamic hybrid interior
routing protocol that is com-
monly used on the Internet. It uses the number of computers in a
route as well as network traffic
and error rates to select the best route. OSPF is more efficient

than RIP because it normally doesn’t
use broadcast messages. Instead, it selectively sends status
update messages directly to selected
computers or routers. OSPF is the preferred interior routing
protocol used by TCP/IP.
Enhanced Interior Gateway Routing Protocol (EIGRP) is a
dynamic hybrid interior rout-
ing protocol developed by Cisco and is commonly used inside
organizations. Hybrid means that it
has some features that act like distance vector protocols and
some other features that act like link
state protocols. As you might expect, EIGRP is an improved
version of Interior Gateway Routing
Protocol (IGRP). EIGRP records information about a route’s
transmission capacity, delay, relia-
bility, and load. EIGRP is unique in that computers or routers
store their own routing tables as
well as the routing tables for all of their neighbors so they have
a more accurate understanding of
the network.
5.5.3 Multicasting
The most common type of message in a network is the
transmission between two computers. One
computer sends a message to another computer (e.g., a client
requesting a Web page). This is called
a unicast message. Earlier in the chapter, we introduced the
concept of a broadcast message that
is sent to all computers on a specific LAN or subnet. A third
type of message called a multicast
message is used to send the same message to a group of
computers.
MANAGEMENT

FOCUS
5-2 Captain D’s Gets Cooking with Multicast
Captain D’s has more than 500 company owned and
franchised fast-food restaurants across North America.
Each restaurant has a small low-speed satellite link that
can send and receive data.
Captain D’s used to send its monthly software updates
to each of its restaurants one at a time, which meant
transferring each file 500 times, once to each restaurant.
You don’t have to be a network wizard to realize that this
is slow and redundant.
Captain D’s now uses multicasting to send monthly
software updates to all its restaurants at once. What once
took hours is now accomplished in minutes.
Multicasting also enables Captain D’s to send large
human resource file updates each week to all restaurants
and to transmit computer-based training videos to all
restaurants each quarter. The training videos range in size
from 500 to 1,000 megabytes, so without multicasting, it
would be impossible to use the satellite network to transmit
the videos.
Adapted from: “Captain D’s Gets Cooking with Multicast
from XcelleNet,” www.xcellenet.com.
�
� �

�
Routing 133
Consider a videoconferencing situation in which four people
want to participate in the same
conference. Each computer could send the same voice and video
data from its camera to the com-
puters of each of the other three participants using unicasts. In
this case, each computer would
send three identical messages, each addressed to the three
different computers. This would work
but would require a lot of network capacity. Alternately, each
computer could send one broadcast
message. This would reduce network traffic (because each
computer would send only one mes-
sage), but every computer on the network would process it,
distracting them from other tasks.
Broadcast messages usually are transmitted only within the
same LAN or subnet, so this would
not work if one of the computers were outside the subnet.
The solution is multicast messaging. Computers wishing to
participate in a multicast send a
message to the sending computer or some other computer
performing routing along the way using
a special type of packet called Internet Group Management
Protocol (IGMP). Each multicast
group is assigned a special IP address to identify the group. Any
computer performing rout-
ing knows to route all multicast messages with this IP address
onto the subnet that contains the
requesting computer. The routing computer sets the data link
layer address on multicast messages
to a matching multicast data link layer address. Each requesting
computer must inform its data

link layer software to process incoming messages with this
multicast data link layer address. When
the multicast session ends (e.g., the videoconference is over),
the client computer sends another
IGMP message to the organizing computer or the computer
performing routing to remove it from
the multicast group.
5.5.4 The Anatomy of a Router
There is a huge array of software and hardware that makes the
Internet work, but the one device
that is indispensable is the router. The router has three main
functions: (1) it determines a path for a
packet to travel over, (2) it transmits the packet across the path,
and (3) it supports communication
between a wide variety of devices and protocols. Now we will
look inside a router to see how these
three functions are supported by hardware and software.
Routers are essentially special-purpose computers that consist
of a CPU (central processing
unit), memory (both volatile and nonvolatile), and ports or
interfaces that connect to them to the
network and/or other devices so that a network administrator
can communicate with them. What
differentiates routers from computers that we use in our
everyday lives is that they are diskless and
they don’t come with a monitor, keyboard, and mouse. They
don’t have these because they were
designed to move data rather than display it.
There are three ways that a network manager can connect to a
router and configure and main-
tain it: (1) console port, (2) network interface port, and (3)
auxiliary port (see Figure 5-16). When
the router is turned on for the very first time, it does not have

an IP address assigned, so it cannot
communicate on the network. Because of this, the console port,
also called the management port,
is used to configure it. A network manager would use a blue
rollover cable (not the Ethernet cable)
to connect the router’s console port to a computer that has
terminal emulation software on it. The
network manager would use this software to communicate with
the router and perform the basic
setup (e.g., IP address assignment, routing protocol selection).
Once the basic setup is done, the
network manager can log in to the router from any computer
using the network interface using
TCP/IP and Telnet with Secure Shell (SSH). Although routers
come with an auxiliary port that
allows an administrator to log via a direct, nonnetwork
connection (e.g., using modems), this
connection is rarely used today.
A router, just like a computer, must have an operating system so
that it can be configured. The
operating system that is used in about 90% of routers is the
Cisco Internetwork Operating Sys-
tems (IOS), although other operating systems exist as well. IOS
uses a command line interface
rather than a graphical user interface. The network manager
uses IOS commands to create a
�
� �
�

FIGURE 5-16
Anatomy of a router
Modem
Modem
Auxiliary
Port
Console
Port
Console cable
(Physical
Connection)
Computer
(with Terminal
Emulation SW)
Computer
(Web Based
Management)
Computer
(Direct, Nonnetwork
Connection)
Network
Interface

TCP/IP
Telnet/
SSH
Serial
line
Serial
line
LAN
configuration file (also called a config file) that defines how the
router will operate. The config
file can contain the type of routing protocol to be used, the
interfaces that are active/enabled and
those that are down, and what type of encryption is used. The
config file is central to a router’s
operation, and the IOS refers to it hundreds of times per second
to tell the router how to do its job.
The other important file is the Access Control List (ACL),
which plays an important role
in network security. The ACL defines what types of packets
should be routed and what types of
packets should be discarded. The ACL is discussed in more
detail in Chapter 10 on security.
5.6 TCP/IP EXAMPLE
This chapter has discussed the functions of the transport and
network layers: linking to the appli-
cation layer, segmenting, session management, addressing, and
routing. In this section, we tie all
of these concepts together to take a closer look at how these

functions actually work using TCP/IP.
When a computer is installed on a TCP/IP network (or dials into
a TCP/IP network),
it must be given four pieces of network layer addressing and
routing information before it
can operate. This information can be provided by a
configuration file or via a DHCP server.
The information is
1. Its IP address
2. A subnet mask, so it can determine what addresses are part of
its subnet
�
� �
�
TCP/IP Example 135
Data CenterBuilding B
Router Router
Web Server 1
Web Server 2
DNS Server
Mail Server

Router
Building A
Internet
128.192.254.99
00-0C-00-33-3A-BA
128.192.254.98
00-0C-00-33-3A-BB
128.192.254.95
00-0C-00-33-3A-AF
128.192.254.96
00-0C-00-33-3A-DA
128.192.50.1
00-0C-00-33-3A-DC128.192.95.1
00-0C-00-33-3A-B4
128.192.98.1
00-0C-00-33-3A-0B
Client
128.192.95.130
00-0C-00-33-3A-1B
Client
128.192.98.130
00-0C-00-33-3A-A3

Client
128.192.98.134
00-0C-00-33-3A-F2
Client
128.192.95.22
00-0C-00-33-3A-AC
www1.anyorg.com
128.192.50.2
00-0C-00-33-3A-1C
www2.anyorg.com
128.192.50.3
00-0C-00-33-3A-1D
128.192.50.4
00-0C-00-33-3A-B1
128.192.50.5
00-0C-00-33-3A-DD
FIGURE 5-17 Example Transmission Control Protocol/Internet
Protocol (TCP/IP)
network
3. The IP address of a DNS server, so it can translate
application layer addresses into IP
addresses
4. The IP address of an IP gateway (commonly called a router)
leading outside of its

subnet, so it can route messages addressed to computers outside
of its subnet (this
presumes the computer is using static routing and there is only
one connection from it to
the outside world through which all messages must flow; if it
used dynamic routing,
some routing software would be needed instead)
These four pieces of information are the minimum required. A
server would also need to
know its application layer address.
In this section, we use the simple network shown in Figure 5-17
to illustrate how TCP/IP
works. This figure shows an organization that has three LANs
connected by a BN. The BN
also has a connection to the Internet. Each building is
configured as a separate subnet. For
example, Building A has the 128.192.98.x subnet, whereas
Building B has the 128.192.95.x subnet.
The data center has the 128.192.50.x subnet. The BN is its own
subnet: 128.192.254.x. Each
building is connected to the BN via a router that has two IP
addresses and two data link layer
addresses, one for the connection into the building and one for
the connection onto the BN. The
organization has couple Web servers, one DNS server, and one
Mail server located in the data
center. All networks use Ethernet as the data link layer and only
focus on Web requests at the
application layer.
In the next sections, we describe how messages are sent through
the network. For the sake of
simplicity, we initially ignore the need to establish and close
TCP connections. Once you under-

stand the basic concepts, we will then add these in to complete
the example.
http://www1.anyorg.com
�
� �
�
TECHNICAL
FOCUS
5-3 Finding Your Computer’s TCP/IP Settings
If your computer can access the Internet, it must use TCP/IP.
In Windows, you can find out your TCP/IP settings by look-
ing at their properties. Click on the Start button and then
select Control Panel and then select Network Connections.
Double click on your Local Area Connection and then click
the Support tab.
This will show you your computer’s IP address, subnet
mask, and gateway, and whether the IP address is assigned
by a DHCP server. Figure 5-18 shows this information for
one of our computers.
If you would like more information, you can click on
the Details button. This second window shows the same
information, plus the computer’s Ethernet address (called

the physical address), as well as information about the
DHCP lease and the DNS servers available.
Try this on your computer. If you have your own home
network with your own router, there is a chance that your
computer has an IP address very similar to ours or someone
else’s in your class—or the same address, in fact. How
can two computers have the same IP address? Well, they
can’t. This is a security technique called network address
translation in which one set of “private” IP addresses is
used inside a network and a different set of “public” IP
addresses is used by the router when it sends the messages
onto the Internet. Network address translation is described
in detail in Chapter 11.
5.6.1 Known Addresses
Suppose that a client computer in Building A (e.g.,
128.192.98.130) wanted to get a Web page from
a Web server A located in the data center (www2.anyorg.com).
We will assume that this computer
knows the network layer and data link layer addresses of the
Web server 1 (www1.anyorg.com) in
the data center (e.g., it has previously requested pages from this
server, so the addresses are stored
in appropriate tables in the memory of the computer). Because
the computer knows the IP address
of the server, it uses its IP address, not its application layer
address.
Close
General
Local Area Connection Status

Support
Details...
Internal Protocol (TCP/IP)
Address Type:
IP Address:
Subnet Mask:
Default Gateway:
Assigned by DHCP
192.168.1.100
255.255.255.0
192.168.1.1
Close
Network Connection Details:
Nework Connection Detailst
Property
Physical Address
IP Address
Subnet Mask
Default Gateway
DHCP Server
Lease Obtained

Lease Expires
DNS Servers
WINS Server
00-B0-D0-F7-B8-F4
192.168.1.100
255.255.55.0
192.168.1.1
192.168.1.1
10/29/2003 7:05:19 AM
11/4/2003 7:05:19 AM
24.12.70.15
24.12.70.17
63.240.76.4
Value
FIGURE 5-18 TCP/IP configuration information
�
� �
�
TCP/IP Example 137
FIGURE 5-19
Packet nesting. HTTP
= Hypertext Transfer
Protocol; IP = Internet

Protocol; TCP =
Transmission Control
Protocol
Ethernet IP TCP RequestHTTP
In this case, the application layer software would pass an HTTP
packet to the transport layer
software (TCP) with the Internet address of the destination
www1.anyorg.com: 128.192.50.2. The
transport layer software (TCP) would make sure that the request
fits in one segment and hands
it to the network layer. The network layer software (IP) would
then check the subnet mask and
would recognize that the Web server is located outside of its
subnet. Any messages going outside
the subnet must be sent to the router (128.192.98.1), whose job
it is to process the message and
send the message on its way into the outside network. The
network layer software would check
its address table and find the Ethernet address for the router. It
would therefore set the data link
layer address to the router’s Ethernet address on this subnet
(00-0C-00-33-3A-0B) and pass the IP
packet to the data link layer for transmission. The data link
layer would surround the frame with
an Ethernet frame and transmit it over the physical layer to the
Web server (Figure 5-19).
The router would receive the message and its data link layer
would perform error checking
before passing the packet to the network layer software (IP).
The network layer software would
read the IP address to determine the final destination. The
router would recognize that this address
(128.192.50.2) needed to be sent to the 128.192.50.x subnet. It

knows that the router for this subnet
is 128.192.254.98. It would pass the packet back to its data link
layer, giving the Ethernet address
of the router (00-0C-00-33-3A-DA).
This router in the data center would receive the message (do
error checking, etc.) and read
the IP address to determine the final destination. The router
would recognize that this address
(128.192.50.2) was inside its 128.192.50.x subnet and would
search its data link layer address table
for this computer. It would then pass the packet to the data link
layer along with the Ethernet
address (00-0C-00-33-3A-1C) for transmission.
The www1.anyorg.com Web server would receive the message
and process it. This would
result in a series of TCP/IP packets addressed to the requesting
client (128.192.98.130). These
would make their way through the network in reverse order. The
Web server would recognize that
this IP address is outside its subnet and would send the message
to the 128.192.50.1 router using its
Ethernet address (00-0C-00-33-3A-DC). This router would then
send the message to the router
for the 128.192.98.x subnet (128.192.254.98) using its Ethernet
address (00-0C-00-33-3A-BB).
This router would in turn send the message back to the client
(128.192.98.130) using its Ethernet
address (00-0C-00-33-3A-A3).
This process would work in the same way for Web servers
located outside the organization
on the Internet. In this case, the message would go from the
client to the 128.192.98.1 router,
which would send it to the Internet router (128.192.254.99),

which would send it to its Internet
connection. The message would be routed through the Internet,
from router to router, until it
reached its destination. Then the process would work in reverse
to return the requested page.
5.6.2 Unknown Addresses
Suppose that the client computer in Building A
(128.192.98.130) wants to retrieve a Web page
from the www1.anyorg.com Web server but does not know the
IP address of the Web server. For
simplicity, we will start by assuming that the client knows the
data link layer address of its subnet
router, but after you read through this example, you will realize
that obtaining a data link layer
address is straightforward.
�
� �
�
The Web browser realizes that it does not know the IP address
after searching its IP address
table and not finding a matching entry. Therefore, it issues a
DNS request to the name server
(128.192.50.4). The DNS request is passed to the transport layer
(TCP), which attaches a UDP

datagram and hands the message to the network layer.
Using its subnet mask, the network layer (IP) will recognize
that the DNS server is outside of
its subnet. It will attach an IP packet and set the data link layer
address to its router’s address.
The router will process the message and recognize that to reach
the 128.192.50.4 IP address, it
must send the packet to the data center router, 128.192.254.96
and does this by using this router’s
MAC address (00-0-00-33-3A-DA). When the data center router
receives this packet, it will realize
that it has a direct connection to the network the DNS server is
on and will transmit the packet
using the DNS server’s Ethernet address (00-0C-00-CC-3A-B1).
The name server will process the DNS request and send the
matching IP address back to the
client via the 128.198.98.x subnet router. The IP address for the
desired computer makes its way
back to the application layer software, which stores it in its IP
table.
The application layer then issues the HTTP request using the IP
address for the Web server
(128.192.50.2) and passes it to the transport layer, which in turn
passes it to the network layer.
The network layer uses its subnet mask and recognizes that this
computer is not on its subnet.
Therefore, it will route the packet to its default gateway,
128.192.98.1, which will then send the
HTTP request to the data center’s router, 128.192.254.96, which
will deliver the HTTP request to
Web server 1.

This process works the same for a Web server outside the
subnet, whether in the same orga-
nization or anywhere on the Internet. If the Web server is far
away (e.g., Australia), the process
will likely involve searching more than one name server, but it
is still the same process.
What would happen if client in building A (128.192.98.130) did
not know its router’s Ethernet
address, which it needs to send the message to the router? It
would broadcast an ARP request to all
computers on its subnet, requesting that the computer whose IP
address is 128.192.98.1 respond
with its Ethernet address.
This request is processed by all computers on the subnet, but
only the router responds with
an ARP packet giving its Ethernet address. The network layer
software on the client stores this
address in its data link layer address table (called ARP cache).
Then the client computer could
send the message.
This same ARP request/response process can occur at any point
as a message moves through
the network. For example, suppose that the router in the data
center (128.192.254.96) did not know
the Ethernet address of the DNS server (128.192.50.4). The
DNS request would flow through the
network in exactly the same way as described earlier (because
no computer knows whether the
router knows or doesn’t know the Ethernet address) until the
DNS request arrived at the data
center router. This router would try to address the message to
the DNS server and would realize
that it did not have the server’s Ethernet address, so it would

issue an ARP request. The DNS server
would respond with an ARP response containing its Ethernet
address, and the router would put
that address on the message and send it to the server.
5.6.3 TCP Connections
Whenever a computer transmits data to another computer, it
must choose whether to use
a connection-oriented service via TCP or a connectionless
service via UDP. Most appli-
cation layer software such as Web browsers (HTTP), email
(SMTP), FTP, and Telnet use
connection-oriented services. This means that before the first
packet is sent, the transport layer
first sends a SYN segment to establish a session (also known as
the three-way handshake). Once
the session is established, then the data packets begin to flow.
Once the data are finished, the
session is closed with a FIN segment (also known as the four-
way handshake).
�
� �
�
TCP/IP Example 139
In the preceding examples, this means that the first packet sent
is really a SYN segment,
followed by a response from the receiver accepting the
connection, and then the packets as
described earlier. There is nothing magical about the SYN and

FIN segments; they are addressed
and routed in the same manner as any other packets. But they do
add to the complexity and
length of the example.
A special word is needed about HTTP packets. When HTTP was
first developed, Web
browsers opened a separate TCP session for each HTTP request.
That is, when they requested a
page, they would open a session, send the single packet
requesting the Web page, and close the
session at their end. The Web server would open a session, send
as many packets as needed to
transmit the requested page, and then close the session. If the
page included graphic images,
the Web browser would open and close a separate session for
each request. This requirement to
open and close sessions for each request was time-consuming
and not really necessary. With the
newest version of HTTP, Web browsers open one session when
they first issue an HTTP request
and leave that session open for all subsequent HTTP requests to
the same server.
5.6.4 TCP/IP and Network Layers
In closing this chapter, we want to return to the layers in the
network model and take another look
at how messages flow through the layers. Figure 5-20 shows
how a Web request message from a
HTTP Request
Application
Layer
HTTPTCP Request

HTTPTCP
IP
128.192.50.2
Request
HTTPTCP
IP
128.192.50.2
Ethernet
00-0C-00-33-3A-1C
Request
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
HTTP Request
Application
Layer
Sender (Client in Building A)
Gateway (Router in Building A)

HTTPTCP Request
HTTPTCP
IP
128.192.50.2
Request
HTTPTCP
IP
128.192.50.2
Ethernet
00-0C-00-33-3A-0B
Request
Transport
Layer
Network
Layer
Data Link
Layer
Physical
Layer
Network
Layer
Data Link
Layer

Physical
Layer
HTTPTCP
IP
128.192.50.2
HTTPTCP
IP
128.192.50.2
Ethernet
00-0C-00-33-3A-0B
Request HTTPTCP
IP
128.192.50.2
Ethernet
00-0C-00-33-3A-DA
Request
Gateway (Router in Data Center)
HTTPTCP
IP
128.192.50.2
HTTPTCP
IP
128.192.50.2

Request
Network
Layer
Data Link
Layer
Physical
Layer
HTTPTCP
IP
128.192.50.2
Request
Receiver (Web Server in Data Center)
Request HTTPTCP
IP
128.192.50.2
Request
Request HTTPTCP
IP
128.192.50.2
Request
Ethernet
00-0C-00-33-3A-DA
Ethernet
00-0C-00-33-3A-DC

FIGURE 5-20 How messages move through the network layers.
Note: The addresses in this example are destination addresses
�
� �
�
client computer in Building A would flow through the network
layers in the different computers
and devices on its way to the Web server (www1.anyorg.com,
128.192.50.2) in the Data Center.
The message starts at the application layer of the sending
computer (the client in Building A,
128.192.98.130), shown in the upper left corner of the figure,
which generates an HTTP packet.
This packet is passed to the transport layer, which surrounds the
HTTP packet with a TCP seg-
ment. This is then passed to the network layer, which surrounds
it with an IP frame that includes
the IP address of the final destination (128.192.50.2). This in
turn is passed to the data link layer,
which surrounds it within an Ethernet frame that also includes
the Ethernet address of the next
computer to which the message will be sent (00-0C-00-33-3A-
0B). Finally, this is passed to the
physical layer, which converts it into electrical impulses for
transmission through the cable to its
next stop—the router that serves as the gateway in Building A.

When the message arrives at the router in Building A, its
physical layer translates it from
electrical impulses into digital data and passes the Ethernet
frame to the data link layer. The data
link layer checks to make sure that the Ethernet frame is
addressed to the router, performs error
detection, strips off the Ethernet frame, and passes its contents
(the IP packet) to the network
layer. The routing software running at the network layer looks
at the destination IP address,
determines the next computer to which the packet should be
sent, and passes the outgoing packet
down to the data link layer for transmission. The data link layer
surrounds the IP packet with
a completely new Ethernet frame that contains the destination
address of the next computer to
which the packet will be sent (00-0C-00-33-3A-DA). In Figure
5-20, this new frame is shown in
a different color. This is then passed to the physical layer,
which transmits it through the network
cable to its next stop—the router that serves as the gateway in
the Data Center.
When the message arrives at the router in the Data Center, it
goes through the same process.
The physical layer passes the incoming packet to the data link
layer, which checks the destina-
tion Ethernet address, performs error detection, strips off the
Ethernet frame, and passes the IP
packet to the network layer software. The software determines
the next destination and passes
the IP packet back to the data link layer, which adds a
completely new Ethernet frame with the
destination address of its next stop (00-0C-00-33-3A-DC)—its
final destination.

The physical layer at the server receives the incoming packet
and passes it to the data link
layer, which checks the Ethernet address, performs error
detection, removes the Ethernet frame,
and passes the IP packet to the network layer. The network
layer examines the final destination
IP address on the incoming packet and recognizes that the
server is the final destination. It
strips off the IP packet and passes the TCP segment to the
transport layer, which in turn strips
off the TCP segment and passes the HTTP packet to the
application layer (the Web server
software).
There are two important things to remember from this example.
First, at all gateways (i.e.,
routers) along the way, the packet moves through the physical
layer and data link layer up to the
network layer, but no higher. The routing software operates at
the network layer, where it selects
the next computer to which the packet should be sent, and
passes the packet back down through
the data link and physical layers. These three layers are
involved at all computers and devices
along the way, but the transport and application layers are only
involved at the sending computer
(to create the application layer packet and the TCP segment)
and at the receiving computer (to
understand the TCP segment and process the application layer
packet). Inside the TCP/IP network
itself, messages only reach layer 3—no higher.
Second, at each stop along the way, the Ethernet frame is
removed and a new one is created.
The Ethernet frame lives only long enough to move the message

from one computer to the next
and then is destroyed. In contrast, the IP packet and the packets
above it (TCP and application
layer) never change while the message is in transit. They are
created and removed only by the
original message sender and the final destination.
�
� �
�
Summary 141
The original design of the Internet and TCP/IP was done with
only two user groups in mind
(researchers at universities and military personnel) so security
was not a major design focus. Time
has changed since then, and today, more than 3.5 billion users
are on the Internet (you can check
out the live stats of Internet users here:
http://www.internetlivestats.com/internet-users/). This
“design flaw” has some unintended consequences when it comes
to cyber security.
One of the most exploited security flaws is the vulnerability
created by the TCP three-way
handshake that initiates a connection between a client and a
server (see Section 5.6.3). A hacker
can use an army of computers (zombies) to start requesting TCP
sessions from a server but never

follow through with an actual Web page request. The server will
keep a part of its memory reserved
for these false connections and, as a consequence, may not be
able to respond to legitimate requests
and, eventually, may crash because it does not have enough
memory. The largest attack of this kind
was recorded in 2016 when it brought down much of the
Internet’s domain name system (DNS)
infrastructure.
There is another issue that you should keep in mind. The most
basic way somebody can iden-
tify you on the Internet is by your IP address. From your IP
address, one can roughly determine
your geographical location (city or area). In addition, most
websites are able to track your operat-
ing system, browser version, time zone, and may other
information in addition to your IP address.
You may ask why would they do this? Well, there is big money
in it. They can track you for adver-
tising purposes or they would sell your information to third
entities.
SUMMARY
Transport and Network Layer Protocols TCP/IP are the standard
transport and network
protocols used today. They perform addressing (finding
destination addresses), routing (finding
the “best” route through the network), and segmenting (breaking
large messages into smaller
packets for transmission and reassembling them at the
destination).
Transport Layer The transport layer (TCP) uses the source and
destination port addresses

to link the application layer software to the network. TCP is
also responsible for segmenting—
breaking large messages into smaller segments for transmission
and reassembling them at the
receiver’s end. When connection-oriented routing is needed,
TCP establishes a connection or ses-
sion from the sender to the receiver. When connectionless
routing is needed, TCP is replaced with
UDP. Quality of service provides the ability to prioritize
packets so that real-time voice packets
are transmitted more quickly than simple email messages.
Addressing Computers can have three different addresses:
application layer address, network
layer address, and data link layer address. Data link layer
addresses are usually part of the hard-
ware, whereas network layer and application layer addresses are
set by software. Network layer and
application layer addresses for the Internet are assigned by
Internet registrars. Addresses within
one organization are usually assigned so that computers in the
same LAN or subnet have simi-
lar addresses, usually with the same first 3 bytes. Subnet masks
are used to indicate whether the
first 2 or 3 bytes (or partial bytes) indicate the same subnet.
Some networks assign network layer
addresses in a configuration file on the client computer,
whereas others use dynamic addressing,
in which a DHCP server assigns addresses when a computer
first joins the network.
Address Resolution Address resolution is the process of
translating an application layer
address into a network layer address or translating a network
layer address into a data link layer
address. On the Internet, network layer resolution is done by

sending a special message to a DNS
server (also called a name server) that asks for the IP address
(e.g., 128.192.98.5) for a given
�
� �
�
Internet address (e.g., www.kelley.indiana.edu). If a DNS server
does not have an entry for the
requested Internet address, it will forward the request to another
DNS server that it thinks is
likely to have the address. That server will either respond or
forward the request to another DNS
server, and so on, until the address is found or it becomes clear
that the address is unknown.
Resolving data link layer addresses is done by sending an ARP
request in a broadcast message
to all computers on the same subnet that asks the computer with
the requested IP address to
respond with its data link layer address.
Routing Routing is the process of selecting the route or path
through the network that a message
will travel from the sending computer to the receiving
computer. With centralized routing, one
computer performs all the routing decisions. With static routing,
the routing table is developed
by the network manager and remains unchanged until the
network manager updates it. With

dynamic routing, the goal is to improve network performance by
routing messages over the fastest
possible route; an initial routing table is developed by the
network manager but is continuously
updated to reflect changing network conditions, such as
message traffic. BGP, RIP, ICMP, EIGRP,
and OSPF are examples of dynamic routing protocols.
TCP/IP Example In TCP/IP, it is important to remember that the
TCP segments and IP pack-
ets are created by the sending computer and never change until
the message reaches its final
destination. The IP packet contains the original source and
ultimate destination address for the
packet. The sending computer also creates a data link layer
frame (e.g., Ethernet) for each message.
This frame contains the data link layer address of the current
computer sending the packet and
the data link layer address of the next computer in the route
through the network. The data link
layer frame is removed and replaced with a new frame at each
computer at which the message
stops as it works its way through the network. Thus, the source
and destination data link layer
addresses change at each step along the route, whereas the IP
source and destination addresses
never change.
KEY TERMS
Access Control List
(ACL), 134
acknowledgment (ACK),
116

address resolution, 125
Address Resolution
Protocol (ARP), 127
application layer address,
119
authoritative name server
126
ARP cache, 138
Automatic Repeat
reQuest (ARQ), 116
autonomous systems, 130
auxiliary port, 133
Border Gateway Protocol
(BGP), 131
border router, 130
broadcast message, 122
centralized routing, 129
Cisco Internetwork
Operating Systems
(IOS), 133
classless addressing, 122
Connectionless
messaging, 118
connection-oriented
messaging, 116
console port, 133

continuous ARQ, 117
data link layer address,
120
designated router, 130
destination port address,
114
distance vector dynamic
routing, 129
Domain Name Service
(DNS), 125
dynamic addressing, 124
Dynamic Host
Configuration
Protocol
(DHCP) 125
dynamic routing, 129
Enhanced Interior
Gateway Routing
Protocol (EIGRP), 132
exterior routing protocol,
130
flow control, 117
gateway, 135
Go-Back-N ARQ, 117
hop, 129
interface, 127

Interior Gateway Routing
Protocol (IGRP), 132
interior routing protocol,
130
Intermediate System to
Intermediate System
(IS-IS), 132
Internet address classes,
121
Internet Control
Message Protocol
(ICMP) 131
Internet Corporation for
Assigned Names and
Numbers (ICANN),
121
Internet Group
Management Protocol
(IGMP), 133
�
� �
�
Questions 143

Link Access Protocol for
Modems [LAP-M],
117
link state dynamic
routing, 129
loopback, 121
multicasting, 122
multicast
message, 132
name server, 125
negative acknowledgment
(NAK), 116
network interface port,
133
network layer address,
120
Open Shortest Path First
(OSPF), 132
port address, 114
private IPv4 address
space, 122
Quality of Service (QoS),
119
Real-Time Streaming

Protocol (RTSP), 119
Real-Time Transport
Protocol (RTP), 119
reserved addresses, 121
resolving name server,
126
Resource Reservation
Protocol (RSVP), 119
root server, 126
router, 127
routing, 127
Routing Information
Protocol (RIP), 132
segment, 111
segmenting, 116
Selective-Repeat ARQ,
117
session, 116
sliding window, 117
source port address, 114
static routing, 129
stop-and-wait ARQ, 116
subnet, 123
subnet mask, 124
top-level domain (TLD),
126
Transmission Control

Protocol/Internet
Protocol (TCP/IP), 112
unicast message, 132
User Datagram Protocol
(UDP), 113
QUESTIONS
1. What does the transport layer do?
2. What does the network layer do?
3. What are the parts of TCP/IP and what do they do?
Who is the primary user of TCP/IP?
4. Compare and contrast the three types of addresses used
in a network.
5. How is TCP different from UDP?
6. How does TCP establish a session?
7. What is a subnet and why do networks need them?
8. What is a subnet mask?
9. How does dynamic addressing work?
10. What benefits and problems does dynamic addressing
provide?
11. What is address resolution?
12. How does TCP/IP perform address resolution from
URLs into network layer addresses?
13. How does TCP/IP perform address resolution from IP
addresses into data link layer addresses?
14. What is routing?
15. How does decentralized routing differ from centralized

routing?
16. What are the differences between connectionless and
connection-oriented messaging?
17. What is a session?
18. What is QoS routing and why is it useful?
19. Compare and contrast unicast, broadcast, and multi-
cast messages.
20. Explain how multicasting works.
21. Explain how the client computer in Figure 5-16
(128.192.98.xx) would obtain the data link layer
address of its subnet router.
22. Why does HTTP use TCP and DNS use UDP?
23. How does static routing differ from dynamic routing?
When would you use static routing? When would you
use dynamic routing?
24. What type of routing does a TCP/IP client use? What
type of routing does a TCP/IP gateway use? Explain.
25. What is the transmission efficiency of a 10-byte
Web request sent using HTTP, TCP/IP, and Ether-
net? Assume that the HTTP packet has 100 bytes in
addition to the 10-byte URL. Hint: Remember from
Chapter 4 that efficiency = user data/total transmission
size.
26. What is the transmission efficiency of a 1,000-byte
file sent in response to a Web request HTTP, TCP/IP,
and Ethernet? Assume that the HTTP packet has 100
bytes in addition to the 1,000-byte file. Hint: Remem-

ber from Chapter 4 that efficiency = user data/total
transmission size.
27. What is the transmission efficiency of a 5,000-byte file
sent in response to a Web request HTTP, TCP/IP, and
Ethernet? Assume that the HTTP packet has 100 bytes
in addition to the 5,000-byte file. Assume that the max-
imum packet size is 1,200 bytes. Hint: Remember from
Chapter 4 that efficiency = user data/total transmission
size.
28. Describe the anatomy of a router. How does a router
differ from a computer?
�
� �
�
EXERCISES
A. Would you recommend dynamic addressing for your
organization? Why?
B. Look at your network layer software (either on a LAN
or dial-in) and see what options are set—but don’t
change them! You can do this by using the RUN com-
mand to run winipcfg. How do these match the fun-
damental addressing and routing concepts discussed
in this chapter?

C. Suppose that a client computer (128.192.98.130) in
Building B in Figure 5-17 requests a large Web page
from the Web server 2 in the Data Center (www2
.anyorg.com). Assume that the client computer has just
been turned on and does not know any addresses other
than those in its configuration tables. Assume that all
gateways and Web servers know all network layer and
data link layer addresses.
a. Explain what messages would be sent and how they
would flow through the network to deliver the Web
page request to the server.
b. Explain what messages would be sent and how they
would flow through the network as the Web server
sent the requested page to the client.
c. Describe, but do not explain in detail, what would
happen if the Web page contained several graphic
images (e.g., GIF [Graphics Interchange Format] or
JPEG [Joint Photographic Experts Group] files).
D. Network
Solution
s provides a service to find who
owns domain names and IP addresses. Go to www
.networksolutions.com/whois. Find the owner of
a. books.com
b. TV.com

c. 74.128.18.22
d. 129.79.78.188
E. What is the subnet portion of the IP address and what
is the subnet mask for the following:
a. 12.1.0.0/16
b. 12.1.0.0/24
c. 12.1.0.0/20
d. 12.1.0.0/28
F. You might be wondering how the first bytes for each
address range were picked. Why do you think Class A’s
first byte is 1–126, Class B’s byte is 128–191, and Class
C’s byte is 192–223?
MINICASES
I. Central University Suppose that you are the network
manager for Central University, a medium-sized uni-
versity with 13,000 students. The university has 10 sep-
arate colleges (e.g., business, arts, journalism), 3 of
which are relatively large (300 faculty and staff mem-
bers, 2,000 students, and 3 buildings) and 7 of which
are relatively small (200 faculty and staff, 1,000 stu-
dents, and 1 building). In addition, there are another

2,000 staff members who work in various administra-
tion departments (e.g., library, maintenance, finance)
spread over another 10 buildings. There are 4 residence
halls that house a total of 2,000 students. Suppose that
the university has the 128.100.xxx.xxx address range
on the Internet. How would you assign the IP addresses
to the various subnets? How would you control the
process by which IP addresses are assigned to individ-
ual computers? You will have to make some assump-
tions to answer both questions, so be sure to state your
assumptions.
II. Connectus Connectus is a medium-sized Internet Ser-
vice Provider (ISP) that provides Internet access and
data communication services to several dozen compa-
nies across the United States and Canada. Connectus
provides fixed data connections for clients’ offices in
about 50 cities and an internal network that connects
them. For reliability purposes, all centers are connected
with at least two other centers so that if one connection
goes down, the center can still communicate with the
network. Predicting access volume is difficult because
it depends on how many sales representatives are in
which city. Connectus currently uses RIP as its routing

protocol but is considering moving to OSPF. Should it
stay with RIP or move to OSPF? Why?
III. Old Army Old Army is a large retail store chain oper-
ating about 1,000 stores across the United States and
Canada. Each store is connected into the Old Army
data network, which is used primarily for batch data
transmissions. At the end of each day, each store trans-
mits sales, inventory, and payroll information to the
corporate head office in Atlanta. The network also sup-
ports email traffic, but its use is restricted to depart-
ment managers and above. Because most traffic is sent
http://www.networksolutions.com/whois
http://www.networksolutions.com/whois
http://books.com
http://TV.com
�
� �

�
to and from the Atlanta headquarters, the network
is organized in a hub and spoke design. The Atlanta
office is connected to 20 regional data centers, and each
regional center is in turn connected to the 30–70 stores
in its region. Network volumes have been growing, but
at a fairly predictable rate, as the number of stores and
overall sales volume increase. Old Army currently uses
RIP as its routing protocol but is considering moving to
OSPF. Should it stay with RIP or move to OSPF? Why?
IV. General Stores General Stores is a large retail store
chain operating about 1,300 stores across the United
States and Canada. Each store is connected into the
corporate data network. At the end of each day, each
store transmits sales and payroll information to the
corporate head office in Seattle. Inventory data are
transmitted in real time as products are sold to one
of a dozen regional distribution centers across North
America. The network is also used for credit card
validations as customers check out and pay for their

purchases. The network supports email traffic, but its
use is restricted to department managers and above.
The network is designed much like the Internet: One
connection from each store goes into a regional net-
work that typically has a series of network connections
to other parts of the network. Network volumes have
been growing, but at a fairly predictable rate, as the
number of stores and overall sales volume increase.
General Stores is considering implementing a digital
telephone service that will allow it to transmit internal
telephone calls to other General Stores offices or stores
through the data network. Telephone services outside
of General Stores will continue to be done normally.
General Stores currently uses RIP as its routing proto-
col but is considering moving to OSPF. Should it stay
with RIP or move to OSPF? Why?
CASE STUDY
Using TCP/IP

In this chapter, we’ve discussed the basic components of
TCP/IP such as IP addresses, subnet masks, DNS requests,
and ARP requests. In this activity, we’ll show you how to
explore these items on your computer. Although this activ-
ity is designed for Windows computers, most of these com-
mands will also work on Apple computers.
This activity will use the command prompt, so start by
clicking START, then RUN, and then type CMD and press
enter. You should see the command window, which in Win-
dows is a small window with a black background. Like all
other windows, you can change its shape by grabbing the
corner and stretching it.
IPCONFIG: Reading Your Computer’s Settings
In a focus box earlier in the chapter, we showed you how
to find your computer’s TRCP/IP settings using Windows.
You can also do it by using the IPCONFIG command.
In the command window, type IPCONFIG/ALL and press
enter.
You should see a screen like that shown in Figure 5-19.
The middle of the screen will show the TCP/IP
information about your computer. You can see the IP

address (192.168.1.102 in Figure 5-19); the subnet mask
(255.255.255.0); the default gateway, which is the IP address
of the router leading out of your subnet (192.168.1.1); the
DHCP server (192.168.1.1); and the available DNS servers
(e.g., 63.240.76.4). Your computer will have similar, but dif-
ferent, information. As discussed in Technical Focus 5.3,
your computer might be using “private” IP addresses the
same as my computer shown in Figure 5-21, so your
addresses may be identical to mine. We’ll explain how net-
work address translation (NAT) is done in Chapter 11.
Deliverables
1. Use the ipconfig/all command on your computer.
What is the IP address, subnet mask, IP address of
default gateway, and MAC of your computer?
2. Why does every computer on the Internet need to
have these four numbers?
�
� �

�
C:Documents and SettingsAdministrator>ipconfig/all
Windows IP Configuration
Host Name . . . . . . . . . . . . . : ALAN
Primary Dns Suffix . . . . . . . . .:
Node Type . . . . . . . . . . . . . : Unknown
IP Routing Enabled . . . . . . . . .: No
WINS Proxy Enabled . . . . . . . . .: No
DNS Suffix Search List . . . . . . .: insightbb.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . . .: insightbb.com
Description . . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address . . . . . . . . . .: 00-0D-56-D8-8D-96
Dhcp Enabled . . . . . . . . . . . .: Yes
Autoconfiguration Enabled . . . . . : Yes
IP Address . . . . . . . . . . . . .: 192.168.1.102
Subnet Mask . . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . . : 63.240.76.4
204.127.198.4
63.240.76.135
Lease Obtained . . . . . . . . . . .: Wednesday, February 20, 2008
8:09:37 AM
Lease Expires . . . . . . . . . . .: Tuesday, February 26, 2008
8:09:37 AM
C:Documents and SettingsAdministrator>
FIGURE 5-21 IPCONFIG command
PING: Finding Other Computers
The PING sends a small packet to any computer on the Inter-
net to show you how long it takes the packet to travel from
your computer to the target computer and back again. You
can ping a computer using its IP address or Web URL. Not
all computers respond to ping commands, so not every com-
puter you ping will answer.

Start by pinging your default gateway: just type PING fol-
lowed by the IP address of your gateway. Figure 5-22 shows
that the PING command sends four packets to the target
computer and then displays the maximum, minimum, and
average transit times. In Figure 5-22, you can see that ping-
ing my gateway is fast: less than 1 millisecond for the packet
to travel from my computer to my router and back again.
Next, ping a well-known website in the United States to
see the average times taken. Remember that not all websites
will respond to the ping command. In Figure 5-22, you can
see that it took an average of 52 milliseconds for a packet to
go from my computer to Google and back again. Also note
that www.google.com has an IP address of 216.239.37.99.
Now, ping a website outside the United States. In
Figure 5-20, you can see that it took an average of 239
milliseconds for a packet to go from my computer to
the City University of Hong Kong and back again. If you
think about it, the Internet is amazingly fast.
Deliverables
1. Ping your own default gateway. How many packets

were returned? How long did it take for your default
gateway to respond?
2. Ping google.com. How many packets were returned?
How long did it take for you default gateway to
respond?
3. Ping National Australian University www.anu.edu.au.
How many packets were returned? How long did it
take for your default gateway to respond?
ARP: Displaying Physical Addresses
Remember that to send a message to other computers on
the Internet, you must know the physical address (aka data
link layer address) of the next computer to send the mes-
sage to. Most computers on the Internet will be outside your
subnet, so almost all messages your computer sends will be
http://google.com
�
� �

�
C:Documents and SettingsAdministrator>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes = 32 time < 1ms TTL = 64
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:Documents and SettingsAdministrator>ping
www.google.com
Pinging www.1.google.com [216.239.37.99] with 32 bytes of
data:

Reply from 216.239.37.99: bytes = 32 time = 53ms TTL = 235
C:Documents and SettingsAdministrator>ping
www.cityu.edu.hk
Pinging amber.cityu.edu.hk [144.214.5.218] with 32 bytes of
data:

FIGURE 5-22 PING command
sent to your gateway (i.e., the router leaving your subnet).
Remember that computers use ARP requests to find phys-
ical addresses and store them in their ARP tables. To find
out what data link layer addresses your computer knows,
you can use the ARP command.
At the command prompt, type ARP-A and press
enter. This will display the contents of your ARP table.
In Figure 5-23, you can see that the ARP table in my com-
puter has only one entry, which means that all the messages
from my computer since I turned it on have only gone to
this one computer—my router. You can also see the physical
address of my router: 00-04-5a-0b-d1-40.
If you have another computer on your subnet, ping it and
then take a look at your ARP table again. In Figure 5-23,
you can see the ping of another computer on my subnet
(192.168.1.152) and then see the ARP table with this new

entry. When I pinged 192.168.1.152, my computer had to
find its physical address, so it issued an ARP request, and
192.168.1.152 responded with an ARP response, which my
computer added into the ARP table before sending the ping.
Deliverables
1. Type ARP-A at the command prompt. What are the
entries in your ARP table?
2. Suppose that there are no entries in your ARP table.
Is this a problem? Why or why not?
�
� �
�
C:Documents and SettingsAdministrator>arp.-a.

Interface: 192.168.1.102 --- 0x10003
Internet Address Physical Address Type
192.168.1.1 00-04-5a-0b-d1-40 dynamic
C:Documents and SettingsAdministrator>ping 192.168.1.152
Pinging 192.168.1.152 with 32 bytes of data:
C:Documents and SettingsAdministrator>arp -a
Interface: 192.168.1.102 --- 0x10003
Internet Address Physical Address Type
192.168.1.1 00-04-5a-0b-dl-40 dynamic
192.168.1.152 00-08-e1-00-21-f6 dynamic

FIGURE 5-23 ARP command
C:Documents and SettingsAdministrator>nslookup
www.cnn.com
Server: ns1.insightbb.com
Address: 63.240.76.135
Non-authoritative answer:
Name: cnn.com
Addresses: 64.236.16.116, 64.236.24.12, 64.236.24.20,
64.236.24.28
64.236.29.120, 64.236.16.20, 64.236.16.52, 64.236.16.84
Aliases: www.cnn.com
FIGURE 5-24 NSLOOKUP command
NSLOOKUP: Finding IP Addresses
Remember that to send a message to other computers on
the Internet, you must know their IP addresses. Computers
use DNS servers to find IP addresses. You can issue a DNS
request by using the NSLOOKUP command.
Type NSLOOKUP and the URL of a computer on the

Internet and press enter. In Figure 5-24, you’ll see that
www.cnn.com has several IP addresses and is also known as
cnn.com
Deliverable
Find the IP address of google.com and of another website of
your choice.
DNS Cache
The IPCONFIG/DISPLAYDNS command can be used to
show the contents of the DNS cache. You can experiment
with this by displaying the cache, visiting a new website
with your browser, and then displaying the cache again.
Figure 5-25 shows part of the cache on my computer after
visiting a number of sites. The DNS cache contains infor-
mation about all the websites I’ve visited, either directly or
indirectly (by having a Web page on one server pull a graph-
ics file off of a different server).
For example, the second entry in this figure is ns1
.cisco.com, which has an IP address of 128.107.241.185
(a 4-byte long address). The record type is one, which means
http://cnn.com

http://ns1.cisco.com
http://ns1.cisco.com
�
� �
�
FIGURE 5-25
DNS cache
this is a “host”—that is, a computer on the Internet using
IPv4. Because the DNS information might change, all
entries have a maximum time to live set by the DNS that
provides the information (usually 24 hours); the time to live
value is the time in seconds that this entry will remain in the
cache until it is removed.
The very last entry in this figure is for ns1.v6.telekom.at.
The record type of 28 means that this is a host that uses
IPv6, which you can see from the 16-byte long address in

the record (2001:890:600:d1: :100).
�
� �
�
C:Documents and SettingsAdministrator>tracert
www.google.com
Tracing route to www.1.google.com [216.239.37.104]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.1
2 7 ms 10 ms 8 ms 12-220-5-129.client.insightBB.com
[12.220.5.129]
[12.220.1.78]
[12.220.0.26]
5 19 ms 18 ms 18 ms tbr1-p011 901.cgcil.ip.att.net

[12.123.4.226]
6 18 ms 16 ms 16 ms ggr2-p310.cgcil.ip.att.net [12.123.6.65]
7 19 ms 18 ms 18 ms so-9-1.car4.Chicagol.Level3.net
[4.68.127.165]
8 19 ms 18 ms 19 ms ae-2-52.bbr2.Chicago1.Level3.net
[4.68.101.33]
9 50 ms 39 ms 39 ms ae-2-0.bbr1.Washington1.Level3.net
[4.68.128.201]
10 40 ms 40 ms 39 ms ae-12-53.car2.Washington1.Level3.net
[4.68.121.83]
11 53 ms 78 ms 56 ms unknown.Level3.net [166.90.148.174]
12 54 ms 52 ms 51 ms 72.14.232.106
13 55 ms 54 ms 53 ms 216.239.48.96
14 55 ms 55 ms 54 ms 216.239.48.110
15 52 ms 51 ms 52 ms 216.239.37.104
Trace complete.
FIGURE 5-26 TRACERT command
Deliverables
1. Display your DNS cache using the command ipconfig
/displaydns.

2. How many entries are there in your cache?
3. Open your browser and visit www.ietf.com. Once the
page loads, display your DNS cache again. Copy the
DNS entry for this website.
TRACERT: Finding Routes through the Internet
The TRACERT command will show you the IP addresses
of computers in the route from your computer to another
computer on the Internet. Many networks have disabled
TRACERT for security reasons, so it doesn’t always work.
Type TRACERT and the URL of a computer on the Internet
and press enter. In Figure 5-26, you’ll see the route from my
computer, through the Insight network, through the AT&T
network, through the Level 3 network, and then through
the Google network until it reaches the server. TRACERT
usually sends three packets, so beside each hop is the total
time to reach that hop for each of the three packets. You’ll
see that it took just over 50 milliseconds for a packet to go
from my computer to Google. You’ll also see that the times
aren’t always “right,” in that the first packet took 50 mil-
liseconds to reach the bbrl Washington Level 3 router (step
9) but only 40 milliseconds to reach the next hop to the
car2 Washington Level 3 router (step 10). The time to each

hop is measured separately, each with a different packet, so
sometimes a packet is delayed longer on one hop or another.
Deliverables
1. Type tracert google.com in your comand window.
2. How many computers/hops did it take the packet to
reach Google?
3. What was the shortest hop (in terms of time)? Why do
you think this is the shortest hop?
Exploring DNS Request and DNS Response
In this chapter, we talked about address resolution. This
activity will help you see how your computer sends a DNS
request for a website you never visited, before it can cre-
ate a HTTP request packet to display the website on your
browser. We will use Wireshark for this activity. Use of Wire-
shark was explained in Chapter 2.
1. Use ipconfig/all command to find the IP address of
your computer and your DNS server.

2. So that we can explore the DNS request and response
properly, the first step is to empty your DNS cache.
Use ipconfig/flushdns command in the command
prompt window to empty the DNS of your computer.
�
� �
�
Hands-On Activity 5C 151
FIGURE 5-27
DNS capture
3. Open Wireshark and enter “ip.addr==your IP
address” into the filter to only capture packets that
either originate or are destined for your computer.
4. Start packet capture in Wireshark.

5. With your browser, visit www.ietf.org.
6. Stop packet capture after the Web page is loaded.
Deliverables
1. Locate the DNS query and response message for
www.ietf.org. In Figure 5-27, they are packets 27 and
28. Are these packets sent over UDP or TCP?
2. What is the destination port for the DNS query mes-
sage? What is the source port of the DNE response
message?
3. To what IP address is the DNS query message sent?
Compare this IP address to your local DNS server IP
address. Are these two IP addresses the same?
4. The www.ietf.org contains several images. Before
retrieving each image, does your host issue a new DNS
query? Why or why not?
5. Now locate the HTTP Get message. What is the source
and destination IP address? Compare the source to

your IP address. Are these the same?
6. Approximately how many HTTP GET request mes-
sages did your browser send? Why was there a need
to send additional HTTP GET messages?
HANDS-ON ACTIVITY 5C
Converting Decimal Values into Binary, and Vice Versa.
Part A
Being able to convert decimal values to binary (and vice
versa) is very important in networking because this is the
basis for how subnetting is done. You may have done some
of these exercises in high school and probably didn’t know
why it was important to be able to convert decimal values
into binary, and vice versa. This hands-on activity will help
you recall how this is done or will teach how to do it in case
you never seen this before.
�

� �
�
As you know, an IPv4 address consists of 32 bits that
have been separated into 4 bytes (sometimes called octets),
for example, 129.79.126.1. This is called the dotted decimal
address. Each byte has 8 bits, and each of these bits can
assume a value of 0 or 1. The following table shows how we
convert each binary position to a decimal value:
Binary position 27 26 25 24 23 22 21 20
Decimal value 128 64 32 16 8 4 2 1
To practice the conversion from binary to decimal, let’s
do a couple problems together:
1. You have the following binary number: 10101010.
Convert it into decimal.
10101010 = (1 ∗ 128) + (0 ∗ 64) + (1 ∗ 32)
+ (0 ∗ 16) + (1 ∗ 8) + (0 ∗ 4)

+ (1 ∗ 2) + (0 ∗ 1) = 128
+ 31 + 8 + 2 = 170
2. You have the following binary number: 01110111.
Convert it into decimal.
01110111 = (0 × 128) + (1 ∗ 64) + (1 ∗ 32)
+ (1 ∗ 16) + (0 ∗ 8) + (1 ∗ 4)
+ (1 ∗ 2) + (1 ∗ 1)
= 64 + 32 + 16 + 4 + 2 + 1 = 119
It is important to notice what the range of possible deci-
mal values for each byte is. The lower bound is given when
each bit is 0 and the upper bound is when each bit is 1. So
00000000 will give us 0 and 11111111 will give us 255. This
is the reason why IPv4 addresses cannot go above the value
of 255.
Deliverable
Calculate the decimal values of the following binary num-
bers: 11011011, 01111111, 10000000, 11000000, 11001101.
Part B
Now let’s practice the conversion of decimal value to binary.

This is a bit trickier. Start by finding the highest binary
position that is equal to or smaller than the decimal num-
ber we are converting. All the other placeholders to the
left of this number will be 0. Then subtract the placeholder
value from the number. Then find the highest binary posi-
tion that is equal to or smaller than the remainder. Keep
repeating these steps until the remainder is 0. Now, let’s
practice.
3. Convert 60 into a binary number.
a. The placeholder that is equal to or lower than 60 is
32. Therefore, the first two bits for 60 are 0 and the
third one is 1 − 001_ _ _ _ _ . The next step is to
subtract 32 from 60, which equals 60 − 32 = 28.
b. The placeholder that is equal to or lower than
32 is 16, which is the fourth bit from the left.
Therefore, our binary number will look like this:
0011_ _ _ _. The next step is to subtract 16 from
28, which equals 28 − 16 = 12.
c. The placeholder that is equal to or lower than 12 is
8, and this is the fifth bit from the left. Therefore,

our binary number will look like this: 00111_ _ _.
The next step is to subtract 8 from 12, which equals
12 − 8 = 4.
d. The placeholder that is equal to or lower than 4 is
4, and this is the sixth bit from the left. Therefore,
our binary number will look like this: 001111_ _.
The next step is to subtract 4 from 4, which equals
4 − 4 = 0.
e. Given that our remainder is 0, the additional bits
are 0, and we find that our answer: 60 in binary is
00111100.
4. Convert 182 into a binary number.
182 = 10110110
(Because 182 − 128 = 54,54 − 32 = 22,22 − 16 = 6,
and 6 − 4 = 2)
Deliverable
Calculate the binary value for each of the following binary
numbers: 126, 128, 191, 192, 223.
HANDS-ON ACTIVITY 5D

Introduction to Subnetting
If you are not familiar with binary numbers, you may want
to do Hands-On Activity 5C before you do this activity.
A subnet mask is a 32-bit binary number that tells us
to which subnet a device belongs. A 1 indicates that
that bit is part of the subnet network address, and a
0 indicates that that bit is part of the unique host
address for the individual computer. The subnet mask
is a continuous stream of ones followed by all zeros,
so the subnet mask can assume only certain values.
�
� �
�
Hands-On Activity 5D 153

For example, a subnet mask could never have a value of
11111111.11111111.00000000.10000000.
The following table shows the subnet mask values in
both binary and decimal notation for classes A, B, and C.
For example, a subnet mask of 255.255.255.0 for a computer
with an address of 192.168.1.101 tells us that the computer is
in subnet 192.168.1.0 and has a unique address of 101 within
that subnet.
Class First Byte
Range
Byte Allocation Subnet Mask in
Binary Notation
Subnet Mask in
Decimal Notation
A 1–126 Network.Host.Host.Host
11111111.00000000.00000000.00000000 255.0.0.0
B 128–191 Network.Network.Host.Host
11111111.11111111.00000000.00000000 255.255.0.0
C 192–223 Network.Network.Network.Host

11111111.11111111.11111111.00000000 2555.255.255.0
Deliverable
Fill in the following table and find the admissible values for
a subnet mask.
Binary Representation of a Byte Decimal Value
10000000
11000000
11100000
11110000
11111000
11111100
11111110
11111111
Suppose that you were assigned the network
209.98.208.0, which is a Class C address. The usual subnet
mask for a Class C address is 255.255.255.0, which provides
one subnet with 253 host computers (there are 255 possible
addresses, but the .255 address is reserved and cannot be
assigned to a computer because this is the broadcast address
for this subnet, and the .0 address is reserved for the subnet

itself). Suppose that you need to create 10 subnets within this
address space. This means that part of the address usually
used for host addresses must be used as part of the subnet
address. How many bits do you need to use from the host
space to create 10 subnets?

Business Data Commun.docx

More Related Content

Similar to Business Data Commun.docx (20)

More from tarifarmarie (20)

Recently uploaded (20)

Business Data Commun.docx