Networking Tutorial

IP Addressing and Ports

Internet Protocol (IP) use 32-bit addresses with 16-bit port numbers to uniquely a host process on computers, the address is usually shown as four sets of numbers, ie 192.168.0.1, while the port is a simple number from 1 to 65,536.  Domain names such as www.magsys.co.uk are a higher level over IP addresses, but are not supported by ComCap, at present.  Computers may have specific IP addresses allocated to them or temporary addresses from a DHCP server that may change each time the computer is booted.  ComCap needs fixed IP addresses so don't use DHCP.

IP ports numbered below 1,204 are pre-allocated to specific internet protocols (sometimes different for TCP and UDP), 514 for syslog, 21 for telnet, etc, while higher port numbers are used automatically by the computer for specific connections or may be specified by users for unique connections.

UDP

User Datagram Protocol (UDP) is a connectionless network protocol using IP that sends packets of data without any handshaking or acknowledgement, but very efficiently, with the hope that a server is listening for it.  Each packet or datagram is generally self contained and variable length, usually the length of data being sent (often without any line ending).  Because UDP is connectionless, applications may stop and start without any hindrance, albeit potentially with lost data.  UDP should be loss free on local area networks, but is more problematic across wide area networks where the error correction of TCP is needed to cope with lost packets.

UDP is used for two common protocols, Syslog generally using port 514, and SNMP using port 162.  UDP has one other benefit, two or more appliances or clients may send UDP data to the same server.

When ComCap is set-up for UDP Server, it will accept any UDP data on the specified port but can optionally filter packets from different remote IP addresses to different capture channels, keeping data from different sources separate. 

While UDP is connectionless, ComCap Echo to Remote will optionally ping the remote host before sending UDP packets to establish it exists, although this does not mean a UDP server is listening on the remote computer, just that the computer is running. 

TCP Overview

Transmission Control Protocol (TCP) is a connection oriented protocol using IP that has initial handshaking when making a connection that opens a two way reliable stream between two computers, with error correction and packet acknowledgements.  If one computer disconnects or there is a network failure somewhere, the other computer will also disconnect (although this may be after a timeout).  TCP packets are variable size with lines of data often split into two or more packets, or combined into a single packet, so it's essential each line is clearly terminated, usually with CR and LF.  A TCP connection needs to be negotiated between two computers, the one that starts is called the client while the one waiting for connections is the server.

TCP Client

TCP Client originates a connection to a remote server and waits for a response, usually for about 40 seconds before failing.  If the connection fails, the client therefore needs to keep retrying to establish the connection, with ComCap allowing a configurable wait between attempts and limiting the number of retries.

ComCap can optionally ping the remote TCP Server first to establish the computer is accessible, waiting 10 seconds for a response (much shorter than the timeout for a TCP connection, but even if the ping works, there may be no server available so the connection may still fail.  TCP Client is a one-one connection between two specific computers.

TCP Server

TCP Server listens for incoming connections from remote TCP Clients on a specified IP port.  When a TCP Client connects, the two-way connection is established on a new IP port, allowing further clients to connect to the original IP port.

ComCap allows two or more TCP Servers to be set-up on the same port, allowing multiple clients to connect and send data.  ComCap will optionally filter connections from different remote IP addresses to different capture channels, keeping data from different clients separate.  Note this is different to UDP Server, because a ComCap channel must be set-up for each different client because only one connection is allowed per channel.

Ethernet and Packets

Ethernet is the physical hardware layer used by IP for cabled networks, also called IEEE 802.3, supported by ethernet network adaptors each with a unique 48-bit MAC address. Each ethernet packet comprises a header with the source and destination MAC addresses and protocol (usually IP, but also ARP, ICMP, IPX, IPV6).  For IP protocol, the packet header adds the source and destination IP addresses, time to live, checksum and protocol (UDP, TCP, etc).  For UDP and TCP protocols, the packet header also adds the source and destination ports, data length and checksum. TCP protocol also adds flags to open and close connections and sequence numbers used for error detection and correction. The header overhead (and minimum size) for a UDP packet is 42 characters, for TCP it's 54 characters. The Ethernet hardware level adds a frame preamble and frame check sequence, but these are removed before software sees the packet. 

Serial to Network Converters or Device Servers

To overcome the restricted length of RS232 serial port cables (about 30 metres), in recent years serial device servers have evolved which convert serial port data to network protocols, usually TCP/IP. Usually small modem sized units, but sometimes just large plugs, these converters usually have a small internal web server used to configure the IP address and port and serial port parameters, and support TCP Client and TCP Server protocols. Some support two or more serial ports. 

Such converters are offered by MRI, Lantronix, Lavalink, RE Smith and Tysso eCov.

Note ComCap can itself be used as serial to network converter, by capturing from one or more serial ports and echoing data using network protocols.  There are also open source free software network converters, such as 'COM Port to TCP Redirector' from http://com0com.sourceforge.net/.