Written by
Przemysław Bernacki

Przemysław Bernacki

Security testing in context of TCP/IP model

Part 1

What is TCP/IP model?

In 1989, RFC1122 was published. It specified an architectural model for communication between Internet hosts. TCP/IP model has 4 layers, from top to bottom:

  • Application Layer
  • Transport Layer
  • Internet Layer
  • Network Access Layer

The application layer is responsible for application specific functions like data formatting, encryption, connection management – any interaction with the user.

The three bottom layers are responsible for network specific functions like routing, addressing, and flow control. It doesn’t matter what the data is, the important thing is to be able to move the data around.

How information is transported?

Information moves down form the top layer (application) and then through the physical medium. During this process the information is divided into packages and manipulated until it becomes a collection of bits. When information reaches the lowest layer it is transmitted to a receiving device and then the process is reversed.

During this process the information is packaged and manipulated along the way until it becomes a collection of different bits or fragments. When the information reaches the receiving station, the process is reversed as the data moves back up the model.

Image 1. Protocol Data Unit down the TCP/IP model layers

Protocol Data Unit the TCP IP model layers



Tab. 1 TCP/IP layers, selected protocols and attacks

TCP/IP model Protocols Attack
Application FTP, HTTP, Telnet, DNS, SNMP Application attacks, exploit code, malicious software e.g. Trojans, Buffer overflowProtocol attack, NetBIOS enumeration, clear text extractionSYN attacks, password attack, Session hijacking
Transport TCP, UDP DOS attacks, service enumeration, flag manipulation, port scanning, IP spoofing
Network (Internet) IP, ICMP, IGMP, ARP Routing attacks, ARP poisoning, IP attacks, MAC flooding, ICMP assault such as Smurf
Data Link (Network Access) Ethernet, Token Ring, Other Link-Layer Protocols MAC spoofing, WEP cracking, passive and active sniffingLock picking, physical access attack, hardware hacking, wiretapping and interception


In future articles I will describe particular protocols and attacks in more detail.

What is protocol?

A Long time ago in a galaxy far, far away… before IT started to interact with one another, there was interaction between human entities. The diplomacy involved in these interactions brings to mind the world of IT systems in more than one way.

Different entities such as nations/systems, are completely different in many basic aspects. For example, culture/operating systems are different, yet need to interact in a controlled manner. The entities have to communicate with each other using suitable means such as messengers/networks. The diplomacy protocol is called ‘etiquette’, which is defined as “a code of behavior that delineates expectations for social behavior according to contemporary conventional norms within a society, social class, or group”. The main use of protocol is to enable reliable communication between different entities.

Protocols in communications

Of course this article is mainly concerned with the world of IT development. So let’s get back to the IT world. Wikipedia provides a good starting point. It describes communication protocols as “a set of rules and regulations that determine how data is transmitted”. There are obvious similarities here to the non IT world.

There are different systems that need to communicate in a reliable way. Also it would be nice if the protocols were efficient in order to not slow things down. Based on this, we may say that efficient protocols allow us to build efficient systems.

So how do you build protocols?

When we talk about efficient protocols, we should consider data format on the networks. The low level network programming is typically done in the C programming language. Typical raw data consist of ‘C structs’ – represented as packed binary data.

How to “view” network protocols?

You cannot “view” network protocols. What you can do is connect into a networking component, that captures the data flowing through the component (capture means duplicate) and write the captured part to a file. Than you can investigate this file. The best way to do this is to use a tool such as Wireshark.

What is the basic storage unit in a captured file?

It is a data frame which is the basic independent unit of information transported in the network.

 Where can we find information about network protocols?

The authoritative source of information on network protocols is ‘Requests for Comments’ – also called RFCs. These documents describe the standards used on the internet.

How network protocols are interacting with each other?

Basically network protocols are wrapped, one protocol into the other. The outer protocol layers encapsulate the inner ones. Different areas of concern are addressed by specialized protocols and one protocol encapsulates the data of the next. A good way to imagine it is like the many different layers of an onion.
In the next article I will describe TCP/IP protocols and selected attacks.

Share this post on


Leave a Reply

Your email address will not be published. Required fields are marked *

Read next

Can Rapid Development tools speed up delivery of CRUD-like interface on .NET platform?

Quite often it happens that as part of a project we need to develop some maintenance screens for the administrator. Typical scenarios are: user management, assignment of roles and permissions or modification of system dictionaries. They are usually not high-priority features of an app, however, from the long-term perspective UI is required. Trying to be the most competitive […]

Read more