Internet Protocol Fundamentals - TCP/IP, Ports, IPv4/IPv6
What You Will Achieve
- Explain each layer of the TCP/IP four-layer model and its role
- Split an IPv4 address into network and host parts and express it with a subnet mask / CIDR
- Identify private address ranges and broadcast addresses
- Apply IPv6 colon-hexadecimal notation and abbreviation rules correctly
- Look up well-known ports against
/etc/services - Choose between TCP (connection-oriented) and UDP (connectionless)
This is the core of LPIC-1 objective 109.1 "Fundamentals of internet protocols". Once you master address calculation and the division of roles among protocols, you have a solid base for network configuration and troubleshooting.
What Layers Does TCP/IP Use?
TCP/IP divides its work among four layers. Lower layers carry upper layers in a structure called encapsulation, and each layer talks only to its neighbors.
| Layer | Name | Role | Representative protocols |
|---|---|---|---|
| 4 | Application | Data representation and exchange between apps | HTTP, SSH, DNS, SMTP, FTP, DHCP |
| 3 | Transport | End-to-end communication control | TCP, UDP |
| 2 | Internet | Routing and addressing between hosts | IP, ICMP |
| 1 | Link (network interface) | Transmission within one physical network | Ethernet, ARP |
It is often compared with the seven-layer OSI reference model, but for LPIC-1 it is enough to understand roles using the TCP/IP four-layer model. The key is that a port number (transport layer) and an IP address (internet layer) together identify the communication peer.
RFC 1122 (Requirements for Internet Hosts) defines this model as the link, internet, transport, and application layers. It helps to remember that layer boundaries are split by port numbers (transport layer) and IP addresses (internet layer).
How Do You Read an IPv4 Address?
An IPv4 address splits 32 bits into four 8-bit groups and writes each group as a decimal number (dotted-decimal notation). Each octet ranges from 0 to 255.
The address is divided into a "network part" and a "host part", and the subnet mask marks that boundary.
ip addr show eth0
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth0
inet6 fe80::5054:ff:fe12:3456/64 scope link
The /24 in inet 192.168.1.10/24 is the subnet mask length (CIDR notation). /24 means the leading 24 bits are the network part and the remaining 8 bits are the host part. brd 192.168.1.255 is the broadcast address.
Subnet Mask and CIDR Mapping
A subnet mask is a 32-bit value with the network-part bits set to 1 and the host-part bits set to 0. CIDR notation (/n) gives the count of consecutive leading 1s.
| CIDR | Subnet mask | Host bits | Usable hosts |
|---|---|---|---|
/8 |
255.0.0.0 | 24 | 16,777,214 |
/16 |
255.255.0.0 | 16 | 65,534 |
/24 |
255.255.255.0 | 8 | 254 |
/30 |
255.255.255.252 | 2 | 2 |
Usable hosts is "2 to the power of host bits, minus 2". The two subtracted are the "network address" (all host bits 0) and the "broadcast address" (all host bits 1); neither can be assigned to an individual host.
Private Address Ranges
Separate from globally unique addresses on the internet, RFC 1918 reserves ranges that organizations can use freely on internal networks.
| Range | CIDR | Class equivalent |
|---|---|---|
10.0.0.0 to 10.255.255.255 |
10.0.0.0/8 |
Class A |
172.16.0.0 to 172.31.255.255 |
172.16.0.0/12 |
Class B |
192.168.0.0 to 192.168.255.255 |
192.168.0.0/16 |
Class C |
Note that 172.16.0.0/12 covers 172.16 through 172.31 and does not include 172.32. The exam often tests the boundaries of this range.
127.0.0.0/8 (especially 127.0.0.1) is the IPv4 loopback address pointing to the local host. It is a reserved range separate from private addresses.
IPv6 Notation and Abbreviation Rules
An IPv6 address is 128 bits. It is split into eight 16-bit blocks, each written in hexadecimal and separated by colons (colon-hexadecimal notation).
2001:0db8:0000:0000:0000:ff00:0042:8329
Because this is long, there are two abbreviation rules.
- Leading zeros in each block can be dropped (
0db8todb8,0000to0) - One run of consecutive all-zero blocks can be replaced with
::, once only
The address above shortens to:
2001:db8::ff00:42:8329
:: may be used only once within a single address. Using it twice, as in 2001:db8::1::1, makes the number of omitted blocks ambiguous and the address invalid. This is a frequent exam mistake pattern.
Key IPv6 Addresses
| Address / range | Meaning |
|---|---|
::1 |
Loopback address (equivalent to IPv4 127.0.0.1) |
:: |
Unspecified address (all bits 0) |
fe80::/10 |
Link-local address (valid only on the same link) |
ff00::/8 |
Multicast address |
A link-local address starting with fe80:: does not cross routers and is valid only within the same segment. In ip addr output this is shown as scope link.
How Do Ports Relate to /etc/services?
While an IP address identifies a host, a port number identifies which application on that host. It is a 16-bit number (0 to 65535) and is split into three ranges by use.
| Category | Range | Use |
|---|---|---|
| Well-known ports | 0 to 1023 | Major services (require root privileges) |
| Registered ports | 1024 to 49151 | Apps registered with IANA |
| Dynamic / private ports | 49152 to 65535 | Temporary client-side source ports |
The mapping between service names and port numbers is defined in /etc/services.
grep -E '^(ssh|http|https|domain|smtp|ftp) ' /etc/services
ftp 21/tcp ssh 22/tcp smtp 25/tcp domain 53/tcp domain 53/udp http 80/tcp https 443/tcp
Each line has the form "service-name port/protocol". Some services, like domain (DNS), have both TCP and UDP entries.
Key Protocols and Port Numbers
| Protocol | Port | Transport | Role |
|---|---|---|---|
| FTP | 21 (control) / 20 (data) | TCP | File transfer |
| SSH | 22 | TCP | Encrypted remote login |
| SMTP | 25 | TCP | Sending mail |
| DNS | 53 | UDP / TCP | Name resolution |
| DHCP | 67 (server) / 68 (client) | UDP | Automatic IP address assignment |
| HTTP | 80 | TCP | Web communication |
| HTTPS | 443 | TCP | Encrypted web communication |
DNS normally uses UDP 53 and switches to TCP 53 when the response is large (such as a zone transfer). The point that "DNS uses both UDP and TCP" is frequently tested.
How Do TCP and UDP Differ?
The transport-layer protocols TCP and UDP are chosen based on a trade-off between reliability and speed.
| Aspect | TCP | UDP |
|---|---|---|
| Connection | Connection-oriented | Connectionless |
| Reliability | Retransmission and ordering guaranteed | No guarantee |
| Overhead | Larger | Smaller |
| Use | HTTP, SSH, SMTP, FTP | DNS, DHCP, streaming |
TCP establishes a connection at the start with a "three-way handshake".
- Client to server:
SYN(connection request) - Server to client:
SYN/ACK(request accepted plus reply) - Client to server:
ACK(confirmation)
Data transfer begins only after these three steps, so packet delivery and ordering are guaranteed. UDP, by contrast, performs no handshake and sends data immediately. Without acknowledgments it has low latency but does not detect packet loss.
You can check current listening ports with ss.
ss -tlnp
State Recv-Q Send-Q Local Address:Port Peer Address:Port LISTEN 0 128 0.0.0.0:22 0.0.0.0:* LISTEN 0 128 0.0.0.0:80 0.0.0.0:*
-t is TCP, -l is listening (LISTEN) state, -n is numeric output, and -p shows processes. To view UDP, change -t to -u.
ICMP (Internet Control Message Protocol) is an internet-layer protocol and has no port numbers like TCP/UDP. It carries error and control messages used by ping for reachability checks and traceroute for path discovery.
Common Mistakes and Fixes
Mistake 1: Counting usable hosts as "2 to the power of host bits"
Forgetting to subtract the two addresses, the network address (all 0s) and the broadcast address (all 1s). For /24 the answer is 254, not 256. Always apply "2 to the power of host bits, minus 2".
Mistake 2: Confusing the roles of TCP and UDP
The principle is "reliability needed = TCP, speed/lightweight needed = UDP". It is easy to confuse the fact that ordinary DNS queries and DHCP use UDP with HTTP/SSH (TCP).
Mistake 3: Using :: twice in IPv6
:: may appear only once per address. Even with multiple zero blocks, the abbreviation is limited to one place. Write the rest as 0.
Mistake 4: Getting private address boundaries wrong
In particular, 172.16.0.0/12 covers 172.16 through 172.31. Do not mistake 172.32.x.x as private.
Mistake 5: Forgetting loopback
IPv4 is 127.0.0.1 and IPv6 is ::1. Remember that both are reserved addresses pointing to the local host.
Troubleshooting
Symptom: ip addr shows no IPv4 address
Cause: The interface is down, or it has not obtained an address from DHCP
Check:
ip addr show
Fix: If the interface state is DOWN, bring it up with ip link set eth0 up. In a DHCP environment, renew the client lease.
Symptom: Cannot look up a port number from a service name
Cause: There is no entry for that service name in /etc/services, or it is misspelled
Check:
grep -i ssh /etc/services
Fix: Search with the correct service name. A custom service can be added to /etc/services for name resolution, but communication also works by specifying the port number directly.
Symptom: Loopback works but external hosts are unreachable
Cause: Loopback (127.0.0.1 / ::1) is self-contained on the local host and is unrelated to external connectivity
Check:
ip addr show lo ping -c1 192.168.1.1
Fix: For external connectivity, check the address of a physical interface such as eth0 and the default gateway, not loopback.
Completion Checklist
- [ ] Can name each TCP/IP layer and its representative protocols
- [ ] Calculated host bits and usable hosts from a CIDR such as
/24 - [ ] Confirmed the boundaries of the three private address ranges
- [ ] Applied the IPv6
::abbreviation only once - [ ] Checked the ports of major services in
/etc/services - [ ] Checked TCP / UDP listening ports with
ss
Summary
| Item | Key point |
|---|---|
| Layer model | Application / Transport / Internet / Link, four layers |
| IPv4 | 32-bit dotted-decimal, CIDR expresses the network part |
| Host count | 2 to the power of host bits, minus 2 |
| Private | 10/8, 172.16/12, 192.168/16 |
| IPv6 | 128-bit colon-hexadecimal, :: only once |
| Ports | Well-known 0-1023, check in /etc/services |
| TCP / UDP | Connection-oriented (reliable) vs connectionless (lightweight) |
Internet protocol fundamentals underpin network configuration, DNS, and troubleshooting alike. Once you have solidified address calculation and the division of roles among protocols, move on to actual configuration and troubleshooting.