Address Resolution Protocol (ARP) and its types

Address Resolution Protocol (ARP) is a communication protocol used to find the MAC
(Media Access Control) address of a device from its IP address. This protocol is used when a
device wants to communicate with another device on a Local Area Network or Ethernet.

Types of ARP

types of Address Resolution Protocol, which is given below:

o Proxy ARP
o Gratuitous ARP
o Reverse ARP (RARP)

Proxy ARP - Proxy ARP is a method through which a Layer 3 devices may respond to ARP
requests for a target that is in a different network from the sender. The Proxy ARP configured
router responds to the ARP and map the MAC address of the router with the target IP address
and fool the sender that it is reached at its destination.

At the backend, the proxy router sends its packets to the appropriate destination because the
packets contain the necessary information.

Example - If Host A wants to transmit data to Host B, which is on the different network, then
Host A sends an ARP request message to receive a MAC address for Host B. The router
responds to Host A with its own MAC address pretend itself as a destination. When the data
is transmitted to the destination by Host A, it will send to the gateway so that it sends to Host
B. This is known as proxy ARP.

Reverse ARP (RARP) - It is a networking protocol used by the client system in a local area
network (LAN) to request its IPv4 address from the ARP gateway router table. A table is
created by the network administrator in the gateway-router that is used to find out the MAC
address to the corresponding IP address.

When a new system is set up or any machine that has no memory to store the IP address, then
the user has to find the IP address of the device. The device sends a RARP broadcast packet,
including its own MAC address in the address field of both the sender and the receiver
hardware. A host installed inside of the local network called the RARP-server is prepared to
respond to such type of broadcast packet. The RARP server is then trying to locate a mapping
table entry in the IP to MAC address. If any entry matches the item in the table, then the
RARP server sends the response packet along with the IP address to the requesting computer.

Gratuitous ARP - Gratuitous ARP is an ARP request of the host that helps to identify the
duplicate IP address. It is a broadcast request for the IP address of the router. If an ARP
request is sent by a switch or router to get its IP address and no ARP responses are received,
so all other nodes cannot use the IP address allocated to that switch or router. Yet if a router
or switch sends an ARP request for its IP address and receives an ARP response, another
node uses the IP address allocated to the switch or router.

There are some primary use cases of gratuitous ARP that are given below:

o The gratuitous ARP is used to update the ARP table of other devices.
o It also checks whether the host is using the original IP address or a duplicate one.

ARP Packet Format

The ARP packet format is used for ARP requests and replies and consists of multiple fields
including hardware type, protocol type, hardware and protocol size, operation, sender and
target hardware, and IP addresses. These fields work together to help devices on a network
find and communicate with each other.

Hardware type: This is 16 bits field defining the type of the network on which ARP is
running. Ethernet is given type 1.
Protocol type: This is 16 bits field defining the protocol. The value of this field for the
IPv4 protocol is 0800H.
Hardware length: This is an 8 bits field defining the length of the physical address in
bytes. Ethernet is the value 6.
Protocol length: This is an 8 bits field defining the length of the logical address in bytes.
For the IPv4 protocol, the value is 4.
Operation (request or reply): This is a 16 bits field defining the type of packet. Packet
types are ARP request (1), and ARP reply (2).
Sender hardware address: This is a variable length field defining the physical address of
the sender. For example, for Ethernet, this field is 6 bytes long.
Sender protocol address: This is also a variable length field defining the logical address of
the sender For the IP protocol, this field is 4 bytes long.
Target hardware address: This is a variable length field defining the physical address of
the target. For Ethernet, this field is 6 bytes long. For the ARP request messages, this field
is all Os because the sender does not know the physical address of the target.
Target protocol address: This is also a variable length field defining the logical address of
the target. For the IPv4 protocol, this field is 4 bytes long.

Address Resolution Protocol

Working of ARP (Address Resolution Protocol)

Mostly, the computer programs use IP address (Logical address) to send or receive messages,
hence the actual communication takes place over physical address (MAC address). So our
aim is to find out the MAC address of the destination that allows us to communicate with
other devices. In this case, the ARP is actually required as it converts the IP address to a
physical address.

Working of ARP

o At the network layer, when the source wants to communicate with the destination.
Firstly, the source needs to find out the MAC address (Physical Address) of the
destination. For this, the source will check the ARP cache and ARP table for the
MAC address of the destination. If the MAC address of the destination is present in
the ARP cache or ARP table, then the source uses that MAC address for the
communication.
o If the MAC address of the destination is not in the ARP cache or ARP table, then the
Source generates an ARP Request message. The ARP Request message consists of
the MAC address and the IP address of the source. It also contains the IP address and
 MAC address of the destination. The MAC address of the destination left null because
the user has requested this.
o The ARP Request message will be broadcasted to the local network by the source
computer. All the devices in the LAN network receive the broadcast message. Now,
each device compares its own IP address with the IP address of the destination. If the
IP address of the device match with the IP address of the destination, then that device
will send an ARP to reply message. If the IP address of the device does not match the
IP address of the destination, then the device will automatically drop the packet.
o The destination sends an ARP reply packet when the destination address matches the
device. That ARP Reply packet consists of the MAC address of the device. The
destination device automatically updates the table and stores the source's MAC
address because this address will be required for the communication from the source.
o Now the source acts as a target for the destination device, and the destination device
sends the ARP Reply message.
o The ARP Reply message is unicast instead of broadcast. This is because the device
(destination) that is sending the ARP Reply message knows the MAC address of the
device (source) to which the ARP Reply message is sent.
o When the source device receives the ARP Reply message, then it will know the MAC
address of the destination because the ARP Reply packet contains the MAC address
of the destination along with the other addresses. The source will update the MAC
address of the destination in the ARP cache. Now the sender is able to communicate
directly to the destination.

Advantages of using ARP

o We can easily find out the MAC address of the device if we know the IP address of
that device.
o It is not necessary to configure the address of the end nodes for the MAC address. We
can find it when needed.

Disadvantages of using ARP

o ARP attacks such as ARP spoofing and ARP denial of service may occur.
What is IP?

Here, IP stands for internet protocol. It is a protocol defined in the TCP/IP model used for
sending the packets from source to destination. The main task of IP is to deliver the packets
from source to the destination based on the IP addresses available in the packet headers. IP
defines the packet structure that hides the data which is to be delivered as well as the
addressing method that labels the datagram with a source and destination information.

An IP protocol provides the connectionless service, which is accompanied by two transport

protocols, i.e., TCP/IP and UDP/IP, so internet protocol is also known as TCP/IP or UDP/IP.

The first version of IP (Internet Protocol) was IPv4. After IPv4, IPv6 came into the market,
which has been increasingly used on the public internet since 2006.

Function

The main function of the internet protocol is to provide addressing to the hosts, encapsulating
the data into a packet structure, and routing the data from source to the destination across one
or more IP networks. In order to achieve these functionalities, internet protocol provides two
major things which are given below.

An internet protocol defines two things:

o Format of IP packet

o IP Addressing system

What is an IP packet?

Before an IP packet is sent over the network, two major components are added in an IP
packet, i.e., header and a payload.
An IP header contains lots of information about the IP packet which includes:

o Source IP address: The source is the one who is sending the data.

o Destination IP address: The destination is a host that receives the data from the
sender.
o Header length

o Packet length

o TTL (Time to Live): The number of hops occurs before the packet gets discarded.

o Transport protocol: The transport protocol used by the internet protocol, either it can
be TCP or UDP.

There is a total of 14 fields exist in the IP header, and one of them is optional.

Payload: Payload is the data that is to be transported.

How does the IP routing perform?

IP routing is a process of determining the path for data so that it can travel from the source to
the destination. As we know that the data is divided into multiple packets, and each packet
will pass through a web of the router until it reaches the final destination. The path that the
data packet follows is determined by the routing algorithm. The routing algorithm considers
various factors like the size of the packet and its header to determine the efficient route for
the data from the source to the destination. When the data packet reaches some router, then
the source address and destination address are used with a routing table to determine the next
hop's address. This process goes on until it reaches the destination. The data is divided into
multiple packets so all the packets will travel individually to reach the destination.

For example, when an email is sent from the email server, then the TCP layer in this email
server divides the data into multiple packets, provides numbering to these packets and
transmits them to the IP layer. This IP layer further transmits the packet to the destination
email server. On the side of the destination server, the IP layer transmits these data packets to
the TCP layer, and the TCP layer recombines these data packets into the message. The
message is sent to the email application.

What is IP Addressing?

An IP address is a unique identifier assigned to the computer which is connected to the

internet. Each IP address consists of a series of characters like 192.168.1.2. Users cannot
access the domain name of each website with the help of these characters, so DNS resolvers
are used that convert the human-readable domain names into a series of characters. Each IP
packet contains two addresses, i.e., the IP address of the device, which is sending the packet,
and the IP address of the device which is receiving the packet.

Types of IP addresses

IPv4 addresses are divided into two categories:

o Public address

o Private address

Public address

The public address is also known as an external address as they are grouped under the WAN
addresses. We can also define the public address as a way to communicate outside the
network. This address is used to access the internet. The public address available on our
computer provides the remote access to our computer. With the help of a public address, we
can set up the home server to access the internet. This address is generally assigned by the
ISP (Internet Service Provider).

Key points related to public address are:

o The scope of the public address is global, which means that we can communicate
outside the network.
o This address is assigned by the ISP (Internet Service Provider).

o It is not available at free of cost.

 o We can get the Public IP by typing on Google "What is my IP".

Private address

A private address is also known as an internal address, as it is grouped under the LAN
addresses. It is used to communicate within the network. These addresses are not routed on
the internet so that no traffic can come from the internet to this private address. The address
space for the private address is allocated using InterNIC to create our own network. The
private addresses are assigned to mainly those computers, printers, smartphones, which are
kept inside the home or the computers that are kept within the organization. For example, a
private address is assigned to the printer, which is kept inside our home, so that our family
member can take out the print from the printer.

If the computer is assigned with a private address, then the devices available within the local
network can view the computer through the private ip address. However, the devices
available outside the local network cannot view the computer through the private IP address,
but they can access the computer if they know the router's public address. To access the
computer directly, NAT (Network Address Translator) is to be used.

Key points related to private address are:

o Its scope is local, as we can communicate within the network only.

o It is generally used for creating a local area network.

o It is available at free of cost.

o We can get to know the private IP address by simply typing the "ipconfig" on the
command prompt.

IP Address Format and Table

IP address is a short form of "Internet Protocol Address." It is a unique number provided to

every device connected to the internet network, such as Android phone, laptop, Mac, etc. An
IP address is represented in an integer number separated by a dot (.), for example,
192.167.12.46.

Types of IP Address

An IP address is categorized into two different types based on the number of IP address it
contains. These are:
 o IPv4 (Internet Protocol version 4)

o IPv6 (Internet Protocol version 6)

What is IPv4?

IPv4 is version 4 of IP. It is a current version and the most commonly used IP address. It is a
32-bit address written in four numbers separated by a dot (.), i.e., periods. This address is
unique for each device. For example, 66.94.29.13

What is IPv6?

IPv4 produces 4 billion addresses, and the developers think that these addresses are enough,
but they were wrong. IPv6 is the next generation of IP addresses. The main difference
between IPv4 and IPv6 is the address size of IP addresses. The IPv4 is a 32-bit address,
whereas IPv6 is a 128-bit hexadecimal address. IPv6 provides a large address space, and it
contains a simple header as compared to IPv4.

To know more about the difference between IPv4 and IPv6, look at our article ipv4 vs. ipv6.

IP Address Format

Originally IP addresses were divided into five different categories called classes. These
divided IP classes are class A, class B, class C, class D, and class E. Out of these, classes A,
B, and C are most important. Each address class defines a different number of bits for
its network prefix (network address) and host number (host address). The starting
address bits decide from which class an address belongs.

Network Address: The network address specifies the unique number which is assigned to
your network. In the above figure, the network address takes two bytes of IP address.

Host Address: A host address is a specific address number assigned to each host machine.
With the help of the host address, each machine is identified in your network. The network
address will be the same for each host in a network, but they must vary in host address.

Address Format IPv4

The address format of IPv4 is represented into 4-octets (32-bit), which is divided into three
different classes, namely class A, class B, and class C.
The above diagram shows the address format of IPv4. An IPv4 is a 32-bit decimal address. It
contains four octets or fields separated by 'dot,' and each field is 8-bit in size. The number
that each field contains should be in the range of 0-255.

Class A

Class A address uses only first higher order octet (byte) to identify the network prefix, and
remaining three octets (bytes) are used to define the individual host addresses. The class A
address ranges between 0.0.0.0 to 127.255.255.255. The first bit of the first octet is always set
to 0 (zero), and next 7 bits determine network address, and the remaining 24 bits determine
host address. So the first octet ranges from 0 to 127 (00000000 to 01111111).

Class B

Class B addresses use the initial two octets (two bytes) to identify the network prefix, and the
remaining two octets (two bytes) define host addresses. The class B addresses are range
between 128.0.0.0 to 191.255.255.255. The first two bits of the first higher octet is always set
to 10 (one and zero bit), and next 14 bits determines the network address and remaining 16
bits determines the host address. So the first octet ranges from 128 to 191 (10000000 to
10111111).

Class C

Class C addresses use the first three octets (three bytes) to identify the network prefix, and
the remaining last octet (one byte) defines the host address. The class C address ranges
between 192.0.0.0 to 223.255.255.255. The first three bit of the first octet is always set to
110, and next 21 bits specify network address and remaining 8 bits specify the host address.
Its first octet ranges from 192 to 223 (11000000 to 11011111).

Class D

Class D IP address is reserved for multicast addresses. Its first four bits of the first octet are
always set to 1110, and the remaining bits determine the host address in any IP address. The
first higher octet bits are always set to 1110, and the remaining bits specify the host address.
The class D address ranges between 224.0.0.0 to 239.255.255.255. In multicasting, data is not
assigned to any particular host machine, so it is not require to find the host address from the
IP address, and also, there is no subnet mask present in class D.

Class E
Class E IP address is reserved for experimental purposes and future use. It does not contain
any subnet mask in it. The first higher octet bits are always set to 1111, and next remaining
bits specify the host address. Class E address ranges between 240.0.0.0 to 255.255.255.255.

Class Address Range Application

IP Class A 1 to 126 Used for large number of hosts.

IP Class B 128 to 191 Used for medium size network.

IP Class C 192 to 223 Used for local area network.

IP Class D 224 to 239 Reserve for multi-tasking.

How are IP Addresses Generated?

IP addresses are generated automatically using an integrated algorithm by the Internet of

Assigned Numbers Authority (IANA). IANA then allocates IP address blocks to regional
internet registries (RIRs) who in turn geographically distribute these blocks to internet
service providers (ISPs). To generate individual IP addresses for their customers, ISPs
typically use a technique called Dynamic Host Configuration Protocol (DHCP). DHCP
allows devices to have an IP address assigned automatically when they connect to a
network.
Dynamic Host Configuration Protocol

Dynamic Host Configuration Protocol (DHCP) is a network management protocol used to

dynamically assign an IP address to nay device, or node, on a network so they can
communicate using IP (Internet Protocol). DHCP automates and centrally manages these
configurations. There is no need to manually assign IP addresses to new devices. Therefore,
there is no requirement for any user configuration to connect to a DHCP based network.

DHCP can be implemented on local networks as well as large enterprise networks. DHCP is
the default protocol used by the most routers and networking equipment. DHCP is also called
RFC (Request for comments) 2131.

DHCP does the following:

o DHCP manages the provision of all the nodes or devices added or dropped from the
network.
o DHCP maintains the unique IP address of the host using a DHCP server.
o It sends a request to the DHCP server whenever a client/node/device, which is
configured to work with DHCP, connects to a network. The server acknowledges by
providing an IP address to the client/node/device.

DHCP is also used to configure the proper subnet mask, default gateway and DNS server
information on the node or device.

There are many versions of DCHP are available for use in IPV4 (Internet Protocol Version 4)
and IPV6 (Internet Protocol Version 6).

How DHCP works

DHCP runs at the application layer of the TCP/IP protocol stack to dynamically assign IP
addresses to DHCP clients/nodes and to allocate TCP/IP configuration information to the
DHCP clients. Information includes subnet mask information, default gateway, IP addresses
and domain name system addresses.
DHCP is based on client-server protocol in which servers manage a pool of unique IP
addresses, as well as information about client configuration parameters, and assign addresses
out of those address pools.

The DHCP lease process works as follows:

o First of all, a client (network device) must be connected to the internet.

o DHCP clients request an IP address. Typically, client broadcasts a query for this
information.
o DHCP server responds to the client request by providing IP server address and other
configuration information. This configuration information also includes time period,
called a lease, for which the allocation is valid.
o When refreshing an assignment, a DHCP clients request the same parameters, but the
DHCP server may assign a new IP address. This is based on the policies set by the
administrator.

Working of DHCP

The working of DHCP is as follows:

DHCP works on the Application layer of the TCP/IP Protocol. The main task of DHCP is
to dynamically assigns IP Addresses to the Clients and allocate information on TCP/IP
configuration to Clients. For more, you can refer to the Article Working of DHCP.
The DHCP port number for the server is 67 and for the client is 68. It is a client-server
protocol that uses UDP services. An IP address is assigned from a pool of addresses. In
DHCP, the client and the server exchange mainly 4 DHCP messages in order to make a
connection, also called the DORA process, but there are 8 DHCP messages in the process.
 Working of DHCP

The 8 DHCP Messages:

1. DHCP discover message: This is the first message generated in the communication
process between the server and the client. This message is generated by the Client host in
order to discover if there is any DHCP server/servers are present in a network or not. This
message is broadcasted to all devices present in a network to find the DHCP server. This
message is 342 or 576 bytes long
 DHCP discover message

As shown in the figure, the source MAC address (client PC) is 08002B2EAF2A, the
destination MAC address(server) is FFFFFFFFFFFF, the source IP address is
0.0.0.0(because the PC has had no IP address till now) and the destination IP address is
255.255.255.255 (IP address used for broadcasting). As they discover message is
broadcast to find out the DHCP server or servers in the network therefore broadcast IP
address and MAC address is used.
2. DHCP offers a message: The server will respond to the host in this message specifying
the unleased IP address and other TCP configuration information. This message is
broadcasted by the server. The size of the message is 342 bytes. If there is more than one
DHCP server present in the network then the client host will accept the first DHCP
OFFER message it receives. Also, a server ID is specified in the packet in order to identify
the server.
 DHCP offer message

Now, for the offer message, the source IP address is 172.16.32.12 (server’s IP address in
the example), the destination IP address is 255.255.255.255 (broadcast IP address), the
source MAC address is 00AA00123456, the destination MAC address is FFFFFFFFFFFF.
Here, the offer message is broadcast by the DHCP server therefore destination IP address
is the broadcast IP address and destination MAC address is FFFFFFFFFFFF and the
source IP address is the server IP address and the MAC address is the server MAC
address.

Also, the server has provided the offered IP address 192.16.32.51 and a lease time of 72
hours(after this time the entry of the host will be erased from the server automatically).
Also, the client identifier is the PC MAC address (08002B2EAF2A) for all the messages.
3. DHCP request message: When a client receives an offer message, it responds by
broadcasting a DHCP request message. The client will produce a gratuitous ARP in order
to find if there is any other host present in the network with the same IP address. If there is
no reply from another host, then there is no host with the same TCP configuration in the
network and the message is broadcasted to the server showing the acceptance of the IP
address. A Client ID is also added to this message.
 DHCP request message

Now, the request message is broadcast by the client PC therefore source IP address is
0.0.0.0(as the client has no IP right now) and destination IP address is 255.255.255.255
(the broadcast IP address) and the source MAC address is 08002B2EAF2A (PC MAC
address) and destination MAC address is FFFFFFFFFFFF.

Note – This message is broadcast after the ARP request broadcast by the PC to find out
whether any other host is not using that offered IP. If there is no reply, then the client host
broadcast the DHCP request message for the server showing the acceptance of the IP
address and Other TCP/IP Configuration.
4. DHCP acknowledgment message: In response to the request message received, the
server will make an entry with a specified client ID and bind the IP address offered with
lease time. Now, the client will have the IP address provided by the server.
 DHCP acknowledgment message

Now the server will make an entry of the client host with the offered IP address and lease
time. This IP address will not be provided by the server to any other host. The destination
MAC address is FFFFFFFFFFFF and the destination IP address is 255.255.255.255 and
the source IP address is 172.16.32.12 and the source MAC address is 00AA00123456
(server MAC address).
5. DHCP negative acknowledgment message: Whenever a DHCP server receives a
request for an IP address that is invalid according to the scopes that are configured, it
sends a DHCP Nak message to the client. Eg-when the server has no IP address unused or
the pool is empty, then this message is sent by the server to the client.
6. DHCP decline: If the DHCP client determines the offered configuration parameters are
different or invalid, it sends a DHCP decline message to the server. When there is a reply
to the gratuitous ARP by any host to the client, the client sends a DHCP decline message
to the server showing the offered IP address is already in use.
7. DHCP release: A DHCP client sends a DHCP release packet to the server to release the
IP address and cancel any remaining lease time.
8. DHCP inform: If a client address has obtained an IP address manually then the client
uses DHCP information to obtain other local configuration parameters, such as domain
name. In reply to the DHCP inform message, the DHCP server generates a DHCP ack
message with a local configuration suitable for the client without allocating a new IP
address. This DHCP ack message is unicast to the client.
Note – All the messages can be unicast also by the DHCP relay agent if the server is
present in a different network.
Components of DHCP

When working with DHCP, it is important to understand all of the components. Following
are the list of components:

o DHCP Server: DHCP server is a networked device running the DCHP service that
holds IP addresses and related configuration information. This is typically a server or
a router but could be anything that acts as a host, such as an SD-WAN appliance.
o DHCP client: DHCP client is the endpoint that receives configuration information
from a DHCP server. This can be any device like computer, laptop, IoT endpoint or
anything else that requires connectivity to the network. Most of the devices are
configured to receive DHCP information by default.
o IP address pool: IP address pool is the range of addresses that are available to DHCP
clients. IP addresses are typically handed out sequentially from lowest to the highest.
o Subnet: Subnet is the partitioned segments of the IP networks. Subnet is used to keep
networks manageable.
o Lease: Lease is the length of time for which a DHCP client holds the IP address
information. When a lease expires, the client has to renew it.
o DHCP relay: A host or router that listens for client messages being broadcast on that
network and then forwards them to a configured server. The server then sends
responses back to the relay agent that passes them along to the client. DHCP relay can
be used to centralize DHCP servers instead of having a server on each subnet.

Benefits of DHCP

There are following benefits of DHCP:

Centralized administration of IP configuration: DHCP IP configuration information can

be stored in a single location and enables that administrator to centrally manage all IP address
configuration information.

Dynamic host configuration: DHCP automates the host configuration process and
eliminates the need to manually configure individual host. When TCP/IP (Transmission
control protocol/Internet protocol) is first deployed or when IP infrastructure changes are
required.
Seamless IP host configuration: The use of DHCP ensures that DHCP clients get accurate
and timely IP configuration parameter such as IP address, subnet mask, default gateway, IP
address of DND server and so on without user intervention.

Flexibility and scalability: Using DHCP gives the administrator increased flexibility,
allowing the administrator to move easily change IP configuration when the infrastructure
changes.

TRANSMISSION CONTROL PROTOCOL (TCP) AND USER DATAGRAM

PROTOCOL (UDP)

The basic operation of the TCP

Basic Data Transfer:

The TCP is able to transfer a continuous stream of octets in eachdirection between its users
by packaging some number of octets intosegments for transmission through the internet
system. In general, the TCPs decide when to block and forward data at their
ownconvenience. Sometimes users need to be sure that all the data they have submitted to
the TCP has been transmitted. For this purpose a pushfunction is defined. To assure that
data submitted to a TCP is actually transmitted the sending user indicates that it should be
pushed through to the receiving user. A push causes the TCPs to promptly forward and
deliver data up to that point to the receiver. The exact push point might not be visible to the
receiving user andthe push function does not supply a record boundary marker.

Reliability:

The TCP must recover from data that is damaged, lost, duplicated, or delivered out of order
by the internet communication system. This is achieved by assigning a sequence number to
each octet transmitted, and requiring a positive acknowledgment (ACK) from thereceiving
TCP. If the ACK is not received within a timeout interval, the data is retransmitted. At the
receiver, the sequence numbers are used to correctly order segments that may be
receivedout of order and to eliminate duplicates. Damage is handled by adding a checksum
to each segment transmitted, checking it at the receiver, and discarding damaged segments.
As long as the TCPs continue to function properly and the internet system does not become
completely partitioned, no transmissionerrors will affect the correct delivery of data. TCP
recovers from internet communication system errors.

Flow Control:

TCP provides a means for the receiver to govern the amount of data sent by the sender.
This is achieved by returning a "window" with every ACK indicating a range of acceptable
sequence numbers beyond the last segment successfully received. The window indicates
aallowed number of octets that the sender may transmit before receiving further permission.

Multiplexing:
To allow for many processes within a single Host to use TCP communication facility
simultaneously, the TCP provides a set of addresses or ports within each host. Concatenated
with the network and host addresses from the internet communication layer, this form a
socket. A pair of sockets uniquely identifies each connection. That is, a socket may be
simultaneously used in multipleconnections.

The binding of ports to processes is handled independently by each Host. However, it

proves useful to attach frequently used processes (e.g., a "logger" or timesharing service) to
fixed sockets which aremade known to the public. These services can then be accessed
through the known addresses. Establishing and learning the portaddresses of other processes
may involve more dynamic mechanisms.

Connections:

The reliability and flow control mechanisms described above require that TCPs initialize
and maintain certain status information for each data stream. The combination of this
information, includingsockets, sequence numbers, and window sizes, is called a connection.
Each connection is uniquely specified by a pair of sockets identifying its two sides. When
two processes wish to communicate, their TCP's must first establish a connection (initialize
the status information on each side). When their communication is complete, the connection
isterminated or closed to free the resources for other uses. Since connections must be
established between unreliable hosts and over the unreliable internet communication system,
a handshake mechanism with clock-based sequence numbers is used to avoiderroneous
initialization of connections.

Normal Connection Establishment: The "Three Way Handshake"

To establish a connection, each device must send a SYN and receive an ACK for it from the
other device. Thus, conceptually, four control messages need to be passed between the
devices. However, it's inefficient to send a SYN and an ACK in separate messages when one
could communicate both simultaneously. Thus, in the normal sequence of events in
connection establishment, one of the SYNs and one of the ACKs is sent together by setting
both of the relevant bits (a message sometimes called a SYN+ACK). This makes a total of
three messages, and for this reason the connection procedure is called a three-way handshake.

Precedence and Security:

The users of TCP may indicate the security and precedence of their communication.
Provision is made for default values to be used when these features are not needed.

Advantages of TCP

TCP is reliable as it guarantees delivery of data to the destination router.

TCP provides extensive error checking mechanisms. It is because it provides flow control and
acknowledgment of data.

Sequencing of data is a feature of Transmission Control Protocol (TCP). This means that
packets arrive in-order at the receiver.

Retransmission of lost packets TCP as we know is a connection based protocol, meaning that
a connection needs to be setup before the transfer of data can start. To be able to do that TCP
has been designed with the 3-way handshake system. In this system a user who wants to send
data initializes the connection and is acknowledged by the receiving end. Once
acknowledged, the sender acknowledges the Acknowledgement, thus completing the 3-way
handshake. In this way, TCP can establish a connection.is possible in TCP, but not in UDP.

TCP is a reliable protocol, meaning that the data that is sent is reached by the receiving party,
which is not an entity in UDP. Data packets that are lost are resent again, if the connection
fails then the data is re-requested, thus making sure that data is received at the other end.
TCP enables data to be received in an ordered way, meaning if 5 data packets are sent, then
data packet 1 should be received before data packet 2. This doesn't happen in UDP which is a
connection less and works on the principle of shoot the data. The working principle of UDP
is to send the data without taking care whether it reaches its destination or not. The TCP
protocol is considered to be a complete protocol and therefore is used many times over in
systems than the unreliable UDP.

Disadvantages of TCP

 TCP is comparatively slower than UDP.

 TCP is heavy-weight.
TCP may have lots of features you don't need. it may waste bandwidth, time, or effort on
ensuring things that are irrelevant to the task at hand.

TCP Connection Termination

TCP (Transmission Control Protocol) is a transmission protocol that ensures data

transmission in an ordered and secure manner. It sends and receives the data packets in the
same order. TCP is a four-layer protocol compared to OSI (Open System Interconnection
Model), which is a seven-layer transmission process. It is recommended to transmit data
from high-level protocols due to its integrity and security between the server and client.

TCP needs a 4-way handshake for its termination. To establish a connection, TCP needs a 3-
way handshake. So, here we will discuss the detailed process of TCP to build a 3-way
handshake for connection and a 4-way handshake for its termination.

What is TCP?

TCP is a connection-oriented protocol, which means that it first establishes the connection
between the sender and receiver in the form of a handshake. After both the connections are
verified, it begins transmitting packets. It makes the transmission process error-free and
ensures the delivery of data. It is an important part of the communication protocols used to
interconnect network devices on the internet. The whole internet system relies on this
network.

TCP is one of the most common protocols that ensure end-to-end delivery. It guarantees the
security and integrity of the data being transmitted. It always establishes a secure connection
between the sender and receiver. The transmitter is the server, and the receiver is known as
the client. We can also say that the data transmission occurs between the server and client.
Hence, TCP is used in most of the high-level protocols, such as FTP (File Transfer
Protocol), HTTP (Hyper Text Transfer Protocol), and SMTP (Simple Mai Transfer
Protocol).

TCP Connection (A 3-way handshake)

Handshake refers to the process to establish connection between the client and server.
Handshake is simply defined as the process to establish a communication link. To transmit a
packet, TCP needs a three way handshake before it starts sending data. The reliable
communication in TCP is termed as PAR (Positive Acknowledgement Re-transmission).
When a sender sends the data to the receiver, it requires a positive acknowledgement from the
receiver confirming the arrival of data. If the acknowledgement has not reached the sender, it
needs to resend that data. The positive acknowledgement from the receiver establishes a
successful connection.

Here, the server is the server and client is the receiver. The above diagram shows 3 steps for
successful connection. A 3-way handshake is commonly known as SYN-SYN-ACK and
requires both the client and server response to exchange the data. SYN means synchronize
Sequence Number and ACK means acknowledgment. Each step is a type of handshake
between the sender and the receiver.

The diagram of a successful TCP connection showing the three handshakes is shown below:
The three handshakes are discussed in the below steps:

Step 1: SYN

SYN is a segment sent by the client to the server. It acts as a connection request between the
client and server. It informs the server that the client wants to establish a connection.
Synchronizing sequence numbers also helps synchronize sequence numbers sent between any
two devices, where the same SYN segment asks for the sequence number with the connection
request.

Step 2: SYN-ACK

It is an SYN-ACK segment or an SYN + ACK segment sent by the server. The ACK segment
informs the client that the server has received the connection request and it is ready to build
the connection. The SYN segment informs the sequence number with which the server is
ready to start with the segments.

Step 3: ACK

ACK (Acknowledgment) is the last step before establishing a successful TCP connection
between the client and server. The ACK segment is sent by the client as the response of the
received ACK and SN from the server. It results in the establishment of a reliable data
connection.

After these three steps, the client and server are ready for the data communication process.
TCP connection and termination are full-duplex, which means that the data can travel in both
the directions simultaneously.
TCP Termination (A 4-way handshake)

Any device establishes a connection before proceeding with the termination. TCP requires 3-
way handshake to establish a connection between the client and server before sending the
data. Similarly, to terminate or stop the data transmission, it requires a 4-way handshake. The
segments required for TCP termination are similar to the segments to build a TCP connection
(ACK and SYN) except the FIN segment. The FIN segment specifies a termination request
sent by one device to the other.

The client is the data transmitter and the server is a receiver in a data transmission process
between the sender and receiver. Consider the below TCP termination diagram that shows the
exchange of segments between the client and server.

The diagram of a successful TCP termination showing the four handshakes is shown below:
Let's discuss the TCP termination process with the help of six steps that includes the sent
requests and the waiting states. The steps are as follows:

Step 1: FIN

FIN refers to the termination request sent by the client to the server. The first FIN
termination request is sent by the client to the server. It depicts the start of the termination
process between the client and server.

Step 2: FIN_ACK_WAIT

The client waits for the ACK of the FIN termination request from the server. It is a waiting
state for the client.

Step 3: ACK

The server sends the ACK (Acknowledgement) segment when it receives the FIN termination
request. It depicts that the server is ready to close and terminate the connection.

Step 4: FIN _WAIT_2

The client waits for the FIN segment from the server. It is a type of approved signal sent by
the server that shows that the server is ready to terminate the connection.

Step 5: FIN

The FIN segment is now sent by the server to the client. It is a confirmation signal that the
server sends to the client. It depicts the successful approval for the termination.

Step 6: ACK

The client now sends the ACK (Acknowledgement) segment to the server that it has received
the FIN signal, which is a signal from the server to terminate the connection. As soon as the
server receives the ACK segment, it terminates the connection.

TCP Header Format

o Source port: It defines the port of the application, which is sending the data. So, this
field contains the source port address, which is 16 bits.
o Destination port: It defines the port of the application on the receiving side. So, this
field contains the destination port address, which is 16 bits.
o Sequence number: This field contains the sequence number of data bytes in a
particular session.
o Acknowledgment number: When the ACK flag is set, then this contains the next
sequence number of the data byte and works as an acknowledgment for the previous
data received. For example, if the receiver receives the segment number 'x', then it
responds 'x+1' as an acknowledgment number.
o HLEN: It specifies the length of the header indicated by the 4-byte words in the
header. The size of the header lies between 20 and 60 bytes. Therefore, the value of
this field would lie between 5 and 15.
o Reserved: It is a 4-bit field reserved for future use, and by default, all are set to zero.

o Flags
There are six control bits or flags:
 1. URG: It represents an urgent pointer. If it is set, then the data is processed
urgently.

2. ACK: If the ACK is set to 0, then it means that the data packet does not
contain an acknowledgment.

3. PSH: If this field is set, then it requests the receiving device to push the data
to the receiving application without buffering it.

4. RST: If it is set, then it requests to restart a connection.

5. SYN: It is used to establish a connection between the hosts.

6. FIN: It is used to release a connection, and no further data exchange will

happen.

o Window size
It is a 16-bit field. It contains the size of data that the receiver can accept. This field is
used for the flow control between the sender and receiver and also determines the
amount of buffer allocated by the receiver for a segment. The value of this field is
determined by the receiver.
o Checksum
It is a 16-bit field. This field is optional in UDP, but in the case of TCP/IP, this field is
mandatory.
o Urgent pointer
It is a pointer that points to the urgent data byte if the URG flag is set to 1. It defines a
value that will be added to the sequence number to get the sequence number of the
last urgent byte.
o Options
It provides additional options. The optional field is represented in 32-bits. If this field
contains the data less than 32-bit, then padding is required to obtain the remaining
bits.

UDP Protocol
The UDP is an alternative communication protocol to the TCP protocol (transmission control
protocol). Like TCP, UDP provides a set of rules that governs how the data should be
exchanged over the internet. The UDP works by encapsulating the data into the packet and
providing its own header information to the packet. Then, this UDP packet is encapsulated to
the IP packet and sent off to its destination. Both the TCP and UDP protocols send the data
over the internet protocol network, so it is also known as TCP/IP and UDP/IP. There are
many differences between these two protocols. UDP enables the process to process
communication, whereas the TCP provides host to host communication. Since UDP sends the
messages in the form of datagrams, it is considered the best-effort mode of
communication. TCP sends the individual packets, so it is a reliable transport medium.
Another difference is that the TCP is a connection-oriented protocol whereas, the UDP is a
connectionless protocol as it does not require any virtual circuit to transfer the data.

UDP also provides a different port number to distinguish different user requests and also
provides the checksum capability to verify whether the complete data has arrived or not;
the IP layer does not provide these two services.

Features of UDP protocol

The following are the features of the UDP protocol:

o Transport layer protocol

UDP is the simplest transport layer communication protocol. It contains a minimum amount
of communication mechanisms. It is considered an unreliable protocol, and it is based on
best-effort delivery services. UDP provides no acknowledgment mechanism, which means
that the receiver does not send the acknowledgment for the received packet, and the sender
also does not wait for the acknowledgment for the packet that it has sent.

o Connectionless

The UDP is a connectionless protocol as it does not create a virtual path to transfer the data.
It does not use the virtual path, so packets are sent in different paths between the sender and
the receiver, which leads to the loss of packets or received out of order.

Ordered delivery of data is not guaranteed.

In the case of UDP, the datagrams sent in some order will be received in the same order is not
guaranteed as the datagrams are not numbered.

o Ports

The UDP protocol uses different port numbers so that the data can be sent to the correct
destination. The port numbers are defined between 0 and 1023.

o Faster transmission
UDP enables faster transmission as it is a connectionless protocol, i.e., no virtual path is
required to transfer the data. But there is a chance that the individual packet is lost, which
affects the transmission quality. On the other hand, if the packet is lost in TCP connection,
that packet will be resent, so it guarantees the delivery of the data packets.

o Acknowledgment mechanism

The UDP does have any acknowledgment mechanism, i.e., there is no handshaking between
the UDP sender and UDP receiver. If the message is sent in TCP, then the receiver
acknowledges that I am ready, then the sender sends the data. In the case of TCP, the
handshaking occurs between the sender and the receiver, whereas in UDP, there is no
handshaking between the sender and the receiver.

o Segments are handled independently.

Each UDP segment is handled individually of others as each segment takes different path to
reach the destination. The UDP segments can be lost or delivered out of order to reach the
destination as there is no connection setup between the sender and the receiver.

o Stateless

It is a stateless protocol that means that the sender does not get the acknowledgement for the
packet which has been sent.

Why do we require the UDP protocol?

As we know that the UDP is an unreliable protocol, but we still require a UDP protocol in
some cases. The UDP is deployed where the packets require a large amount of bandwidth
along with the actual data. For example, in video streaming, acknowledging thousands of
packets is troublesome and wastes a lot of bandwidth. In the case of video streaming, the loss
of some packets couldn't create a problem, and it can also be ignored.

UDP Header Format

In UDP, the header size is 8 bytes, and the packet size is upto 65,535 bytes. But this packet
size is not possible as the data needs to be encapsulated in the IP datagram, and an IP packet,
the header size can be 20 bytes; therefore, the maximum of UDP would be 65,535 minus 20.
The size of the data that the UDP packet can carry would be 65,535 minus 28 as 8 bytes for
the header of the UDP packet and 20 bytes for IP header.

The UDP header contains four fields:

o Source port number: It is 16-bit information that identifies which port is going t
send the packet.
o Destination port number: It identifies which port is going to accept the information.
It is 16-bit information which is used to identify application-level service on the
destination machine.
o Length: It is 16-bit field that specifies the entire length of the UDP packet that
includes the header also. The minimum value would be 8-byte as the size of the
header is 8 bytes.
o Checksum: It is a 16-bits field, and it is an optional field. This checksum field checks
whether the information is accurate or not as there is the possibility that the
information can be corrupted while transmission. It is an optional field, which means
that it depends upon the application, whether it wants to write the checksum or not. If
it does not want to write the checksum, then all the 16 bits are zero; otherwise, it
writes the checksum. In UDP, the checksum field is applied to the entire packet, i.e.,
header as well as data part whereas, in IP, the checksum field is applied to only the
header field.
 UDP is commonly used with two types of applications:

 Applications that are tolerant of the lost data – VoIP (Voice over IP) uses UDP
because if a voice packet is lost, by the time the packet would be retransmitted, too much
delay would have occurred, and the voice would be unintelligible.
 Applications that have some application mechanism to recover lost data – Network
File System (NFS) performs recovery with application layer code, so UDP is used as a
transport-layer protocol.

Following are the benefits or advantages of UDP:

➨It uses small packet size with small header (8 bytes). This fewer bytes in the overhead
makes UDP protocol need less time in processing the packet and need less memory.
➨It does not require connection to be established and maintained.
➨Also absence of acknowledgement field in UDP makes it faster as it need not have to wait
on ACK or need not have to hold data in memory until they are ACKed.
➨It uses checksum with all the packets for error detection.

No retransmission delays – UDP is suitable for time-sensitive applications that can’t afford
retransmission delays for dropped packets. Examples include Voice over IP (VoIP), online
games, and media streaming.

Speed – UDP’s speed makes it useful for query-response protocols such as DNS, in which
data packets are small and transactional.

Suitable for broadcasts – UDP’s lack of end-to-end communication makes it suitable for
broadcasts, in which transmitted data packets are addressed as receivable by all devices on
the internet. UDP broadcasts can be received by large numbers of clients without server-side
overhead.

Following are the drawbacks or disadvantages of UDP:

➨It is connectionless and unreliable transport protocol. There is no windowing and no
function to ensure data is received in the same order as it was transmitted.
➨There is no congestion control. Hence large number of users transmitting lots of data via
UDP can cause congestion and no one can do anything about it.
➨There is no flow control and no acknowledgement for received data.

 No guaranteed ordering of packets.

 No verification of the readiness of the computer receiving the message.

 No protection against duplicate packets.

 No guarantee the destination will receive all transmitted bytes. UDP, however, does provide a
checksum to verify individual packet integrity.

Differences between the TCP and UDP

o Type of protocol
Both the protocols, i.e., TCP and UDP, are the transport layer protocol. TCP is a
connection-oriented protocol, whereas UDP is a connectionless protocol. It means that
TCP requires connection prior to the communication, but the UDP does not require
any connection.
o Reliability
TCP is a reliable protocol as it provides assurance for the delivery of the data. It
follows the acknowledgment mechanism. In this mechanism, the sender receives the
acknowledgment from the receiver and checks whether the acknowledgment is
positive or negative. If the ACK is positive means, the data has been received
successfully. If ACK is negative, then TCP will resend the data. It also follows the
flow and error control mechanism.
UDP is an unreliable protocol as it does not ensure the delivery of the data.
o Flow Control
TCP follows the flow control mechanism that ensures a large number of packets are
not sent to the receiver at the same time, while UDP does not follow the flow control
mechanism.
 o Ordering
TCP uses ordering and sequencing techniques to ensure that the data packets are
received in the same order in which they are sent. On the other hand, UDP does not
follow any ordering and sequencing technique; i.e., data can be sent in any sequence.
o Speed
Since TCP establishes a connection between a sender and receiver, performs error
checking, and also guarantees the delivery of data packets while UDP neither creates
a connection nor it guarantees the delivery of data packets, so UDP is faster than TCP.
o Flow of data
In TCP, data can flow in both directions means that it provides the full-duplex service.
On the other hand, UDP is mainly suitable for the unidirectional flow of data.

POP & POP3: Post Office Protocol (version 3)

To send and receive a mail two agents, message transfer agent and a message access
agent are required. The message transfer agent transfers the message from client computer to
the recipient’s mail server. Now, it’s the work of message access agent to pull the message
from the mailbox present on the mail server at recipient’s side to the recipient’s computer.
We have one message transfer agent i.e. SMTP (Simple Mail Transfer Agent), and we have
two message access agents POP (Post Office Protocol) and IMAP (Internet Mail Access
Protocol).

Comparison Chart

Basis for SMTP POP3

Comparison
Basic It is message transfer agent. It is message access agent.
Full form Simple Mail Transfer Protocol.
Implied Post Office Protocol version 3.
Between sender and sender mail
server and between sender mail
server and receiver mail server.

Work It transfers the mail from sender’s Between receiver and receiver mail
computer to the mail box present server.
on receiver's mail server.
 It allows to retrieve and organize mails
from mailbox on receiver mail server
to receiver's computer.

SMTP: Simple Mail Transfer Protocol

Simple Mail Transfer Protocol (SMTP) is the standard protocol for sending emails across the
Internet.
o SMTP is a set of communication guidelines that allow software to transmit an
electronic mail over the internet.
o It is a program used for sending messages to other computer users based on e-mail
addresses.
o It provides a mail exchange between users on the same or different computers, and it
also supports:
o It can send a single message to one or more recipients.
o Sending message can include text, voice, video or graphics.
o The main purpose of SMTP is used to set up communication rules between servers.
The servers have a way of identifying themselves and announcing what kind of
communication they are trying to perform. They also have a way of handling the
errors such as incorrect email address. For example, if the recipient address is
wrong, then receiving server reply with an error message of some kind.

By default, the SMTP protocol works on three ports:

 Port 25 - this is the default SMTP non-encrypted port
 Port 2525 - this port is opened on all SiteGround servers in case port 25 is filtered (by your
ISP for example) and you want to send non-encrypted emails with SMTP
 Port 465 - this is the port used if you want to send messages using SMTP securely with
SSL encryption
Port 587 secure reliable with TLS encryption

SMTP (Simple Mail Transfer Protocol) is a Message Transfer Agent (MTA). There are
two MTAs client MTA and server MTA. A client MTA at clients system sends mail which is
received by the server MTA at client’s mail server. Further, the client mail server
has client MTA which sends the mail from client’s mail server to the server MTA at
recipient’s mail server.

SMTP protocol is used in the scenario where both the sender and receiver of mail must be
connected to their mail server by WAN or LAN. SMTP protocol is used two
times, first between sender and its mail server and second between client’s mail server
and receivers mail server. SMTP is not used between receiver’s mail server and receiver;
the POP protocol accomplishes this task.

SMTP accomplishes the mail delivery task from client to server MTA. Now a pull protocol
is required to pull the mail from the MTA server to the receiver. For this, we
have POP3 protocol i.e. Post Office Protocol version 3. It is message access agent.

To access mail from the mail box present at the mail server the client MAA at recipient
computer establishes the connection with the mail server using TCP port 110. For
establishing connection client MAA at recipient’s computer sends username and
password to the mailbox. Then the user is authenticated to retrieve mail messages one by
one.
IMAP Protocol

IMAP stands for Internet Message Access Protocol. It is an application layer protocol
which is used to receive the emails from the mail server. It is the most commonly used
protocols like POP3 for retrieving the emails.

POP3 is becoming the most popular protocol for accessing the TCP/IP mailboxes. It
implements the offline mail access model, which means that the mails are retrieved from the
mail server on the local machine, and then deleted from the mail server. Nowadays, millions
of users use the POP3 protocol to access the incoming mails. Due to the offline mail access
model, it cannot be used as much. The online model we would prefer in the ideal world. In
the online model, we need to be connected to the internet always. The biggest problem with
the offline access using POP3 is that the mails are permanently removed from the server, so
multiple computers cannot access the mails. The solution to this problem is to store the mails
at the remote server rather than on the local server.

The POP3 also faces another issue, i.e., data security and safety. The solution to this problem
is to use the disconnected access model, which provides the benefits of both online and
offline access. In the disconnected access model, the user can retrieve the mail for local use
as in the POP3 protocol, and the user does not need to be connected to the internet
continuously. However, the changes made to the mailboxes are synchronized between the
client and the server. The mail remains on the server so different applications in the future
can access it. When developers recognized these benefits, they made some attempts to
implement the disconnected access model. This is implemented by using the POP3
commands that provide the option to leave the mails on the server. This works, but only to a
limited extent, for example, keeping track of which messages are new or old become an issue
when both are retrieved and left on the server. So, the POP3 lacks some features which are
required for the proper disconnected access model.

IMAP Features

IMAP was designed for a specific purpose that provides a more flexible way of how the user
accesses the mailbox. It can operate in any of the three modes, i.e., online, offline, and
disconnected mode. Out of these, offline and disconnected modes are of interest to most users
of the protocol.

The following are the features of an IMAP protocol:

o Access and retrieve mail from remote server: The user can access the mail from the
remote server while retaining the mails in the remote server.
o Set message flags: The message flag is set so that the user can keep track of which
message he has already seen.
o Manage multiple mailboxes: The user can manage multiple mailboxes and transfer
messages from one mailbox to another. The user can organize them into various
categories for those who are working on various projects.
o Determine information prior to downloading: It decides whether to retrieve or not
before downloading the mail from the mail server.
o Downloads a portion of a message: It allows you to download the portion of a
message, such as one body part from the mime-multi part. This can be useful when
there are large multimedia files in a short-text element of a message.
o Organize mails on the server: In case of POP3, the user is not allowed to manage the
mails on the server. On the other hand, the users can organize the mails on the server
according to their requirements like they can create, delete or rename the mailbox on
the server.
o Search: Users can search for the contents of the emails.

o Check email-header: Users can also check the email-header prior to downloading.

o Create hierarchy: Users can also create the folders to organize the mails in a
hierarchy.
 Simple Network Management Protocol (SNMP)

If an organization has 1000 devices then to check all devices, one by one every
day, are working properly or not is a hectic task. To ease these up, a Simple
Network Management Protocol (SNMP) is used.

SNMP is used to monitor the network, detect network faults, and sometimes even
to configure remote devices.

Components of SNMP Monitoring

SNMP provides a flexible framework, with several components working together to enable
network engineers to monitor the health and performance of devices:

1. SNMP Manager

The server, or other external process, that will poll network devices for information and
collect the responses. SNMP Managers may also be referred to as Network Management
Stations (NMSs).

2. SNMP Agent

The software client that is pre-installed on most network devices. The SNMP Agent will store
information about device status and relay this to the SNMP Manager when polled.

3. Managed Device

A network device on which the SNMP Agent is installed, enabled, and configured. Routers,
switches, firewalls, and wireless access points are examples of devices that you can manage
via SNMP.
4. Management Information Base –
MIB consists of information on resources that are to be managed. This information is
organized hierarchically. It consists of objects instances which are essentially variables. A
MIB, or collection of all the objects under management by the manager, is unique to each
agent. System, interface, address translation, IP, udp, and egp , icmp, tcp are the eight
categories that make up MIB.