Chapter 6: Introduction to TCP/IP

A+ Core 1 — 220-1101 | Objectives 2.1, 2.5, 2.6

Chapter 6:
Introduction to TCP/IP

Protocols, ports, IPv4 addressing, subnetting, DHCP, DNS, NAT, APIPA, and IPv6. The protocol stack every A+ technician diagnoses daily.

22 Slides Objectives 2.1, 2.5, 2.6 Ports • IPv4 • CIDR • DNS • IPv6 Exam 220-1101

Slide 2 of 22

The TCP/IP Model

Four-layer DoD model versus the seven-layer OSI model.

TCP/IP Layer	OSI Equivalent	Key Protocols
Process / Application	Application, Presentation, Session (7, 6, 5)	HTTP, FTP, DNS, SMTP, SSH
Host-to-Host (Transport)	Transport (4)	TCP, UDP
Internet	Network (3)	IP, ICMP, ARP
Network Access	Data Link, Physical (2, 1)	Ethernet, Wi-Fi, MAC

Key Mapping

TCP/IP Process/Application layer covers OSI's top THREE layers (5, 6, 7). When the exam asks which TCP/IP layer handles encryption or session management, the answer is Process/Application.

Why TCP/IP, Not OSI?

The OSI model is a reference framework. TCP/IP is what networks actually run. The DoD (Department of Defense) developed TCP/IP for ARPANET. All modern internet communication is TCP/IP.

Slide 3 of 22

TCP vs. UDP

Connection-oriented reliability vs. connectionless speed.

TCP — Transmission Control Protocol

Connection-oriented. Three-way handshake: SYN, SYN-ACK, ACK. Guaranteed delivery with acknowledgments. Sequencing ensures in-order arrival. Flow control manages transmission rate. Error detection and retransmission built in. Use: web, email, file transfers.

UDP — User Datagram Protocol

Connectionless. No handshake. Best-effort delivery — no guarantees. No sequencing. No retransmission. Less overhead = much faster. Application handles error correction if needed. Use: VoIP, DNS queries, streaming, gaming, DHCP, TFTP.

Feature	TCP	UDP
Connection	Connection-oriented (handshake)	Connectionless
Reliability	Guaranteed delivery + ACK	Best effort, no ACK
Ordering	Sequenced, in-order	No ordering
Speed	Slower (more overhead)	Faster (minimal overhead)
Examples	HTTP, HTTPS, FTP, SSH, SMTP	DNS, DHCP, TFTP, VoIP, streaming

Slide 4 of 22

TCP Three-Way Handshake

How TCP establishes a connection before any data transfers.

Step 1: SYN

Client sends a SYN (synchronize) segment to the server. Contains the client's initial sequence number (ISN). This initiates the connection request. The server must be listening on the target port for this to succeed.

Step 2: SYN-ACK

Server responds with SYN-ACK. Acknowledges the client's SYN (ACK = client ISN + 1) and sends its own SYN with its initial sequence number. Confirms server is reachable and port is open.

Step 3: ACK

Client sends ACK acknowledging the server's SYN. Connection is now established. Data transfer begins. This three-step process happens for every TCP connection, adding latency vs. UDP but ensuring reliability.

Four-Way Teardown

Closing a TCP connection takes four steps: FIN from initiator → ACK from receiver → FIN from receiver → ACK from initiator. Both sides must independently close their half of the connection. This is called a graceful close (vs. RST for an abrupt reset).

Slide 5 of 22

Port Number Ranges

Well-known, registered, and dynamic port categories.

Range	Name	Description
0 – 1,023	Well-Known Ports	Reserved for common system services (HTTP, FTP, SSH, DNS)
1,024 – 49,151	Registered Ports	Registered by software vendors for specific applications
49,152 – 65,535	Dynamic / Private / Ephemeral	Temporary source ports assigned by the OS for outbound connections

Source Port

The ephemeral port chosen by the client OS for the outbound connection. Typically a high-numbered dynamic port. The server replies to this port. After the session ends, the port is released back to the pool.

Destination Port

The well-known port of the target service. HTTP = 80. HTTPS = 443. SSH = 22. The destination port tells the receiving system which application should handle the packet.

Socket

A unique connection identified by four values: source IP, source port, destination IP, destination port. Multiple sessions to the same server on the same port are kept separate by unique source ports.

Slide 6 of 22

Critical Ports: FTP through SMTP

Ports 20 through 25 — expect 4–6 port questions on the exam.

Port	Protocol	TCP/UDP	Description
20	FTP Data	TCP	File Transfer Protocol — active mode data channel
21	FTP Control	TCP	File Transfer Protocol — command and control channel
22	SSH	TCP	Secure Shell — encrypted remote access and tunneling
23	Telnet	TCP	Remote access — unencrypted; replaced by SSH; never use
25	SMTP	TCP	Simple Mail Transfer Protocol — sending outbound email

Security Warning

Telnet (port 23) sends all data in cleartext including usernames and passwords. Any attacker on the same network segment can capture credentials with a packet sniffer. Always use SSH (port 22) instead. If you see Telnet enabled, disable it immediately.

FTP Tip

FTP uses two ports: port 21 for commands (login, LIST, STOR) and port 20 for actual data transfer in active mode. Passive mode uses ephemeral ports for data instead of 20. Know both port numbers.

Slide 7 of 22

Critical Ports: DNS through LDAP

Ports 53 through 389 — network services and email retrieval.

Port	Protocol	TCP/UDP	Description
53	DNS	TCP/UDP	Domain Name System — name resolution; UDP for queries, TCP for zone transfers
67	DHCP Server	UDP	DHCP server receives client discover/request broadcasts
68	DHCP Client	UDP	DHCP client receives server offers and acknowledgments
69	TFTP	UDP	Trivial FTP — simple file transfers; used for PXE boot, firmware updates
80	HTTP	TCP	Hypertext Transfer Protocol — unencrypted web traffic
110	POP3	TCP	Post Office Protocol v3 — downloads email, deletes from server
143	IMAP	TCP	Internet Mail Access Protocol — syncs email, leaves on server
389	LDAP	TCP	Lightweight Directory Access Protocol — Active Directory queries

Slide 8 of 22

Critical Ports: HTTPS through RDP

Ports 443 through 3389 — the high-value targets on every exam.

Port	Protocol	TCP/UDP	Description
137–139	NetBIOS / NetBT	TCP	Windows legacy file and printer sharing
161	SNMP	UDP	Simple Network Management Protocol — device monitoring (queries)
162	SNMP Trap	UDP	SNMP trap messages sent to management station
443	HTTPS	TCP	Secure web traffic encrypted via TLS — the modern web standard
445	SMB / CIFS	TCP	Windows file sharing — modern replacement for NetBIOS
3389	RDP	TCP	Remote Desktop Protocol — Windows remote desktop sessions

Memory Tricks

22 SSH, 23 Telnet (one number apart; 22 is the safe one). 80 plain HTTP, 443 HTTPS (add 363 to 80 for the secured version). 25 sends mail (SMTP), 110 POP3 downloads it, 143 IMAP syncs it. 3389 RDP = "Remote 3389."

Slide 9 of 22

IPv4 Address Structure

32-bit dotted-decimal notation, octets, and binary conversion.

Address Format

32-bit address divided into four 8-bit octets. Written in dotted decimal notation: 192.168.1.100. Each octet ranges 0–255 in decimal. Example: 11000000.10101000.00000001.01100100 = 192.168.1.100.

Network vs Host Portion

Subnet mask determines the split. Network portion identifies which network the address belongs to. Host portion identifies the specific device. Subnet mask 255.255.255.0 means first three octets are network, last octet is host.

Binary Bit Values

Each bit position has a value: 128, 64, 32, 16, 8, 4, 2, 1. Memorize these eight values. To convert: determine which values sum to the decimal. 192 = 128+64 = 11000000. 168 = 128+32+8 = 10101000.

Bit Position	8	7	6	5	4	3	2	1
Decimal Value	128	64	32	16	8	4	2	1

Example Conversion

208 in binary: 128 + 64 + 16 = 208 → 11010000. All 8 bits on = 255 = 11111111 (subnet mask notation). All off = 0 = 00000000.

Slide 10 of 22

IPv4 Address Classes

Class A through E — first octet determines the class.

Class	First Octet	Default Subnet	Host Count	Purpose
A	1 – 127	255.0.0.0 (/8)	16.7 million	Very large networks
B	128 – 191	255.255.0.0 (/16)	65,534	Medium networks
C	192 – 223	255.255.255.0 (/24)	254	Small networks
D	224 – 239	N/A	N/A	Multicast groups
E	240 – 255	N/A	N/A	Experimental / reserved

Loopback Special Case

127.x.x.x is in the Class A range but is reserved for loopback. 127.0.0.1 = localhost. The system uses this to test its own TCP/IP stack without sending traffic to the network. Not assignable to any host.

Exam Tip

Just look at the first octet: 1–127 = A, 128–191 = B, 192–223 = C. Class D and E are never assigned to hosts. Memorize these ranges cold — they come up constantly.

Slide 11 of 22

Private IP Address Ranges

RFC 1918 — non-routable ranges for internal networks.

Class	Private Range	Subnet Mask	Available Hosts
A	10.0.0.0 – 10.255.255.255	255.0.0.0 (/8)	16.7 million
B	172.16.0.0 – 172.31.255.255	255.255.0.0 (/16)	1 million
C	192.168.0.0 – 192.168.255.255	255.255.255.0 (/24)	65,536 subnets × 254

Not Internet Routable

Routers on the public internet discard packets with private source or destination addresses. Private addresses exist only within the local network. NAT (Network Address Translation) is required to access the internet from a private address.

Quick ID Test

See 10.x.x.x? Private. See 172.16–31.x.x? Private. See 192.168.x.x? Private. Any other address is public (unless APIPA 169.254.x.x or loopback 127.x.x.x). This identification is tested directly on the exam.

APIPA (169.254.x.x)

Automatic Private IP Addressing. Windows assigns 169.254.0.1–169.254.255.254 when DHCP fails. Devices using APIPA can communicate with other APIPA devices on the same segment only — no gateway, no internet.

Slide 12 of 22

CIDR Notation

Classless Inter-Domain Routing — slash notation replaces subnet masks.

CIDR	Subnet Mask	Hosts	Class Equiv.
/8	255.0.0.0	16,777,214	Class A
/16	255.255.0.0	65,534	Class B
/24	255.255.255.0	254	Class C
/25	255.255.255.128	126	—
/26	255.255.255.192	62	—
/27	255.255.255.224	30	—
/28	255.255.255.240	14	—
/30	255.255.255.252	2	Point-to-point

Host Formula

Usable hosts = 2^{(32 − prefix)} − 2. Subtract 2 for network address (all host bits 0) and broadcast address (all host bits 1). Example: /24 = 2⁸ − 2 = 256 − 2 = 254 hosts. For A+, know /8, /16, /24 cold. /25–/30 are more Network+ territory.

Slide 13 of 22

DHCP — Dynamic Host Configuration

The DORA process and what DHCP assigns to each client.

D — Discover

Client broadcasts "Who can give me an IP?" to 255.255.255.255 using UDP. Source IP is 0.0.0.0 because the client has no address yet. All devices on the segment receive this broadcast.

O — Offer

DHCP server responds with an available IP address offer. Contains the proposed IP, subnet mask, default gateway, DNS server, and lease duration. May include other options like NTP server or TFTP server.

R — Request

Client broadcasts a request for the offered IP. Still uses 255.255.255.255 so other DHCP servers know their offer was declined. Selects one offer if multiple servers responded.

A — Acknowledge

DHCP server sends ACK confirming the lease. Client now configures its interface. Lease duration determines when the client must renew. Renewal begins at 50% of lease time.

What DHCP Provides

IP address • Subnet mask • Default gateway • DNS server address • Lease duration. All four are required for full network connectivity.

Slide 14 of 22

DNS Records

Domain Name System translates hostnames to IP addresses and vice versa.

Record Type	Purpose	Example
A	Maps hostname to IPv4 address	www.example.com → 93.184.216.34
AAAA	Maps hostname to IPv6 address ("quad A")	www.example.com → 2606:2800::/32
MX	Mail exchanger — email server for domain	Mail goes to mail.example.com
CNAME	Canonical name — alias pointing to another hostname	ftp.example.com → www.example.com
TXT	Text record — SPF records, domain verification	v=spf1 include:...
NS	Name server records for the zone	ns1.example.com
SOA	Start of Authority — primary DNS info for zone	Serial number, refresh, retry times
PTR	Reverse DNS — IP address to hostname	93.184.216.34 → www.example.com

Slide 15 of 22

NAT & APIPA

Network Address Translation and Automatic Private IP Addressing.

NAT (Network Address Translation)

Converts private IP addresses to a public IP for internet access. Performed by the router or firewall at the network edge. Allows multiple devices to share a single public IP address. Hides internal network structure from the internet. PAT (Port Address Translation) is the variant that maps multiple private IPs to one public IP using port numbers.

APIPA (169.254.x.x)

When a DHCP server is unreachable, Windows automatically assigns an address in the 169.254.0.0/16 range. Device can communicate with other APIPA devices on the same subnet only. No default gateway assigned. Seeing a 169.254.x.x address means the client failed to reach a DHCP server — diagnose the DHCP server, not the NIC.

APIPA Diagnostic

A user reports they cannot access any network resources. You run ipconfig and see IP: 169.254.47.22, Gateway: (blank). The DHCP server is the problem. Check: Is the DHCP server running? Is the DHCP scope exhausted? Is there a network path between the client and server? Release/renew after resolving.

NAT Types

Static NAT: one private IP to one public IP (one-to-one). Dynamic NAT: pool of public IPs shared by private hosts. PAT/NAT overload: many private IPs to one public IP using port numbers to track sessions. PAT is what home routers do.

Slide 16 of 22

IPv6 Address Structure

128-bit hexadecimal addresses and compression rules.

Format

128-bit address. Written as eight groups of four hex digits separated by colons. Full form: 2001:0db8:3c4d:0012:0000:0000:1234:56ab. Uses hex digits 0–9 and A–F. 340 undecillion unique addresses — effectively unlimited.

Structure Breakdown

First 48 bits = Global routing prefix (network). Next 16 bits = Subnet ID. Last 64 bits = Interface ID (host). The interface ID is often derived from the MAC address using EUI-64 format, adding fffe in the middle.

Compression Rules

Rule 1: Remove leading zeros within each group (0012 → 12). Rule 2: Replace one continuous sequence of all-zero groups with :: (double colon) — only once per address. 2001:db8::1234:56ab = 2001:0db8:0000:0000:0000:0000:1234:56ab.

IPv6 vs IPv4 — No More NAT

IPv6 was designed to provide enough addresses that every device gets a globally routable public address. NAT becomes unnecessary. However, IPv6 transition is still ongoing — dual-stack (both IPv4 and IPv6 active simultaneously) is common today.

Slide 17 of 22

IPv6 Address Types

Global unicast, link-local, unique local, multicast, and loopback.

Type	Prefix	Description	IPv4 Equivalent
Global Unicast	2000::/3	Public routable addresses	Public IPv4 address
Link-Local	FE80::/10	Auto-configured, local segment only	APIPA (169.254.x.x)
Unique Local	FC00::/7	Private, not routed on internet	RFC 1918 (10.x, 172.16.x, 192.168.x)
Multicast	FF00::/8	One-to-many communication	224.0.0.0/4 (Class D)
Loopback	::1	Localhost (only one address)	127.0.0.1
Unspecified	::	Source when no address assigned	0.0.0.0

Exam Tip

FE80:: addresses are link-local and self-assigned on every IPv6-capable interface. You will see FE80 addresses in ipconfig output on any Windows machine with IPv6 enabled, even without an IPv6 router. They are normal and expected.

Slide 18 of 22

IPv6 Transition Mechanisms

How IPv4 and IPv6 coexist during the long transition period.

Dual Stack

Device runs both IPv4 and IPv6 simultaneously. Uses whichever protocol the destination supports, preferring IPv6. Most common transition method today. All modern OSes support dual stack. No tunneling required.

Tunneling (6-to-4, Teredo)

Encapsulates IPv6 packets inside IPv4 packets for transport over IPv4-only infrastructure. 6-to-4 tunneling uses 2002::/16 prefix. Teredo (6in4) enables IPv6 over UDP for hosts behind NAT. Used when dual stack is not available end-to-end.

NAT64 / DNS64

Allows IPv6-only clients to communicate with IPv4-only servers. NAT64 translates IPv6 packets to IPv4 at the gateway. DNS64 synthesizes AAAA records for IPv4-only hostnames. Used in mobile carrier networks transitioning to IPv6.

A technician runs ipconfig and sees both a 192.168.x.x IPv4 address and a 2001:db8::/64 IPv6 address on the same NIC. This is expected dual-stack operation. The device will use IPv6 to reach IPv6-capable destinations and fall back to IPv4 for legacy sites.

Slide 19 of 22

Network Configuration Concepts

Static vs. DHCP, default gateway, alternate configuration.

Static IP Configuration

Manually assigned IP, subnet mask, default gateway, and DNS. Required for servers, printers, and network equipment that must always be reached at a known address. Higher administrative burden. Useful when no DHCP server exists.

DHCP Configuration

Automatically receives all settings from DHCP server. Preferred for workstations and mobile devices. DHCP reservations (IP-to-MAC binding) can provide consistent IPs for specific devices while keeping them under DHCP management.

Setting	Purpose	Typical Value
Default Gateway	IP address of the router — used for all traffic outside the local subnet	192.168.1.1
DNS Server	Resolves hostnames to IP addresses	8.8.8.8 (Google) or ISP DNS
Alternate Config	Windows fallback settings if DHCP fails (better than APIPA)	Static IP for fallback subnet

Slide 20 of 22

TCP/IP Diagnostic Tools

Command-line tools for verifying and troubleshooting IP configuration.

ipconfig / ifconfig

Windows: ipconfig. Linux/macOS: ifconfig or ip addr. Displays IP address, subnet mask, default gateway. ipconfig /all shows MAC address, DHCP status, DNS servers. ipconfig /release + /renew forces DHCP renewal. Most-used first step in TCP/IP troubleshooting.

ping / tracert

ping tests ICMP reachability to an IP or hostname. Uses ICMP Echo Request/Reply. tracert (Windows) / traceroute (Linux) shows each router hop to a destination. TTL exceeded responses reveal where packets are dropped or delayed.

nslookup / netstat

nslookup queries DNS for hostname resolution. Tests if a hostname resolves correctly. netstat displays active TCP connections, listening ports, and protocol statistics. Use netstat -an to see all connections and listening sockets numerically.

Troubleshooting Order

Physical → Link (ping gateway) → IP (ping 8.8.8.8) → DNS (ping google.com). If pinging by IP works but hostname fails, the problem is DNS, not network connectivity. This layered approach isolates the failure domain quickly.

Slide 21 of 22

TCP/IP Troubleshooting Scenarios

Applying protocol knowledge to real-world problems.

APIPA Address (169.254.x.x)

Client received no DHCP offer. Check: DHCP server running? DHCP scope exhausted? Network path between client and server (correct VLAN)? DHCP relay agent configured for remote subnets? Fix the DHCP server, then run ipconfig /release /renew on the client.

Can Ping IP, Not Hostname

Network connectivity works; DNS is the problem. Check: is the DNS server IP correct (ipconfig /all)? Can you ping the DNS server's IP? Run nslookup to test the specific hostname. Flush the DNS cache with ipconfig /flushdns if a stale record is cached.

Can Ping Gateway, Not Internet

Local network is fine; the problem is above the router. Check: does the router have a valid WAN IP? Is the ISP link up? Run tracert to 8.8.8.8 to identify where packets stop. The first hop is the gateway; if the second hop times out, the ISP link is the issue.

A user gets "website cannot be reached" but ipconfig shows a valid 192.168.1.x address with correct gateway and DNS. Ping 8.8.8.8 succeeds. Ping google.com fails with "could not find host." DNS is broken. Check DNS server address or run ipconfig /flushdns and retry.

Slide 22 of 22 — Chapter 6 Complete

Chapter 6 Summary

Eight key takeaways from Introduction to TCP/IP.

1

TCP is connection-oriented (SYN, SYN-ACK, ACK handshake), guaranteed delivery. UDP is connectionless, best-effort, faster. Know which protocols use each.

2

Port memorization is mandatory: 20/21 FTP, 22 SSH, 23 Telnet, 25 SMTP, 53 DNS, 67/68 DHCP, 80 HTTP, 110 POP3, 143 IMAP, 443 HTTPS, 445 SMB, 3389 RDP.

3

IPv4 classes: A = 1–127, B = 128–191, C = 192–223. 127.x.x.x is loopback. Classes D and E are not assigned to hosts.

4

Private ranges: 10.x.x.x (A), 172.16–31.x.x (B), 192.168.x.x (C). Not routable on the public internet. NAT required to reach the internet.

5

DHCP DORA: Discover, Offer, Request, Acknowledge. DHCP provides IP, subnet mask, default gateway, DNS server. APIPA (169.254.x.x) means DHCP failed.

6

CIDR /24 = 255.255.255.0 = 254 hosts. /8 = Class A. /16 = Class B. Usable hosts = 2^{(32−prefix)} − 2.

7

IPv6 is 128-bit hex. Link-local = FE80::/10 (like APIPA). Loopback = ::1 (like 127.0.0.1). Global unicast = 2000::/3. Dual-stack is the current transition method.

8

Troubleshooting order: ping gateway (Layer 3 local) → ping 8.8.8.8 (internet IP) → ping google.com (DNS). Failure point identifies the layer to fix.