TCP/IP Features and Functionality

Modern TCP/IP implementations include numerous features beyond basic packet routing and delivery. Understanding these features is essential for designing networks that meet security, performance, and reliability requirements. This lesson examines the core capabilities that distinguish enterprise-grade TCP/IP deployments from simple connectivity solutions.

Contemporary TCP/IP implementations provide seven critical features that address enterprise networking requirements:

IPsec (Internet Protocol Security)

IPsec provides network-layer encryption and authentication, securing all traffic between hosts without requiring application modifications.

Key Capabilities:

• Encryption: AES (Advanced Encryption Standard) protects data confidentiality using 128-bit, 192-bit, or 256-bit keys
• Authentication: SHA-256 or SHA-384 ensures data integrity and sender verification
• Tunnel Mode: Encrypts entire IP packets for site-to-site VPN connections
• Transport Mode: Encrypts only the payload for end-to-end host communication
• Key Exchange: IKEv2 (Internet Key Exchange version 2) automates secure key negotiation

Common Use Cases:

• Site-to-site VPN between office locations
• Remote access VPN for mobile workers
• Secure server-to-server communication in untrusted networks
• Compliance requirements for data protection (HIPAA, PCI-DSS)

TCP/IP Filtering

Packet Filtering: Windows includes basic stateless filtering to restrict traffic by protocol, port, and IP address:

• Filter inbound TCP/UDP/IP traffic at the network adapter level
• Supplement or replace dedicated firewall in simple scenarios
• Configured via network adapter properties or PowerShell
• Note: Windows Defender Firewall provides more sophisticated stateful inspection

Modern Security Enhancements (Windows 10/11, Server 2019/2022)

• TLS 1.3: Latest Transport Layer Security version for encrypted web traffic
• SMB 3.1.1 Encryption: Encrypts file sharing traffic
• DNSSEC: DNS Security Extensions prevent DNS spoofing
• IPv6 Security: Native IPsec integration in IPv6

QoS mechanisms prioritize time-sensitive traffic to ensure consistent performance for critical applications.

QoS Technologies:

• Differentiated Services (DiffServ): Marks packets with DSCP (Differentiated Services Code Point) values for router prioritization
• Traffic Shaping: Limits bandwidth consumption by specific applications or protocols
• Bandwidth Reservation: Guarantees minimum bandwidth for critical services
• Priority Queuing: Processes high-priority packets before low-priority traffic

Priority Classifications:

Priority Level	Applications	DSCP Value
Highest	VoIP, video conferencing	EF (46)
High	Interactive applications, streaming media	AF41 (34)
Medium	Business-critical data, database queries	AF31 (26)
Low	Bulk file transfers, backups	AF11 (10)
Best Effort	General web browsing, email	0 (default)

QoS Implementation:

• Configure QoS policies via Group Policy for domain-joined computers
• Mark traffic at source (client/server) or at network devices (switches/routers)
• Requires end-to-end support - QoS-unaware devices may drop markings
• Essential for unified communications (VoIP, video conferencing, collaboration tools)

APIPA enables basic network connectivity when DHCP services are unavailable, eliminating manual configuration for simple networks.

How APIPA Works:

1. Client configured for DHCP cannot locate DHCP server
2. Client self-assigns address from 169.254.0.0/16 range (169.254.0.1 - 169.254.255.254)
3. Client performs ARP check to ensure address uniqueness
4. Client continues searching for DHCP server every 5 minutes
5. When DHCP server becomes available, client obtains proper IP configuration

APIPA Characteristics:

• Address Range: 169.254.0.0/16 (65,534 addresses), reserved by IANA
• Subnet Mask: 255.255.0.0 (all APIPA clients on same logical subnet)
• No Gateway: APIPA provides no default gateway or DNS configuration
• Link-Local Only: Traffic cannot be routed beyond the local network segment

Appropriate Use Cases:

• Small home networks without DHCP server or router
• Temporary direct connections between two computers
• Fallback connectivity during DHCP server outages
• Ad-hoc network creation for file sharing

When APIPA Indicates Problems: In enterprise networks, APIPA addresses typically signal configuration issues (DHCP server offline, network connectivity problems, incorrect VLAN assignment). Workstations with 169.254.x.x addresses cannot access network resources and require troubleshooting.

ICMP Router Discovery (RFC 1256) allows hosts to automatically discover routers on their network segment without manual gateway configuration.

Discovery Process:

• Router Advertisement: Routers periodically broadcast their presence and IP addresses
• Router Solicitation: Hosts can request immediate router information
• Automatic Configuration: Host selects advertised router as default gateway
• Failover: If primary router becomes unavailable, host switches to alternate router

Modern Implementation:

• Disabled by default on Windows clients (DHCP provides gateway information)
• Can be enabled via DHCP option or registry configuration
• More commonly used in IPv6 (Neighbor Discovery Protocol replaces ICMP Router Discovery)
• Useful in environments with redundant routers without HSRP/VRRP

Modern Windows networks can disable NetBIOS over TCP/IP (NetBT) when using pure DNS-based name resolution.

NetBIOS Background:

• Legacy protocol from 1980s for Windows networking
• Provides name resolution, session services, and datagram services
• Uses broadcasts that increase network traffic and don't cross routers
• Security concern: vulnerable to spoofing and man-in-the-middle attacks

When to Disable NetBIOS:

• Modern Active Directory environments using DNS exclusively
• Networks with no legacy Windows applications requiring NetBIOS
• Security-conscious environments minimizing attack surface
• Networks where broadcast traffic must be minimized

Requirements for Disabling NetBIOS:

1. All systems must use Client for Microsoft Networks
2. File and Print Sharing for Microsoft Networks must be installed
3. DNS must be properly configured and functional
4. No legacy applications dependent on NetBIOS name resolution

Configuration: Disable NetBIOS per network adapter via adapter properties (Advanced TCP/IP Settings → WINS tab) or via DHCP option 1 (disable NetBT).

Modern Alternative: LLMNR (Link-Local Multicast Name Resolution) provides similar local name resolution without NetBIOS overhead, though it also has security implications and is often disabled in hardened environments.

TCP window scaling (RFC 1323) improves throughput over high-bandwidth or high-latency connections by allowing larger receive windows.

Window Scaling Fundamentals:

• Original TCP Window: 16-bit field limits window size to 65,535 bytes
• Window Scaling: Multiplier extends effective window up to 1 GB (2^30 bytes)
• Bandwidth-Delay Product: Optimal window size = bandwidth × round-trip time
• Negotiation: Both endpoints must support and negotiate scaling during connection establishment

Performance Impact:

Scenario	Without Window Scaling	With Window Scaling
1 Gbps link, 10ms latency	~50 Mbps (window exhausted)	~1 Gbps (full utilization)
100 Mbps link, 100ms latency	~5 Mbps	~100 Mbps

Windows Implementation:

• Window Auto-Tuning enabled by default since Windows Vista/Server 2008
• Automatically adjusts receive window based on network conditions
• View current settings: netsh interface tcp show global
• Critical for WAN connections and high-speed local networks

Memory Considerations: Large windows consume kernel memory. On high-traffic servers (web servers, file servers), numerous connections with large windows can exhaust available buffer space. Windows automatically manages this trade-off through dynamic tuning.

TCP Selective Acknowledgment (RFC 2018) improves performance when multiple packets are lost in a single transmission window.

Problem SACK Solves:

• Traditional TCP: Acknowledges only the last contiguous byte received
• Multiple Loss: If packets 5, 7, and 9 are lost but 6, 8, and 10 arrive, sender cannot determine which packets to retransmit
• Inefficiency: Sender retransmits all packets from first loss, including already-received packets

SACK Improvement:

• Receiver reports non-contiguous blocks of received data
• Sender retransmits only the missing segments
• Reduces unnecessary retransmissions by 40-50% in lossy networks
• Particularly beneficial for wireless networks and congested links

Configuration:

• Enabled by default in Windows Vista/Server 2008 and later
• Both endpoints must support SACK (negotiated during handshake)
• No performance penalty when enabled but unused
• Check status: netsh interface tcp show global

ICMP is an essential companion protocol to IP, providing error reporting and diagnostic capabilities.

ICMP Purpose:

• Error Reporting: Notifies senders when packets cannot be delivered
• Network Diagnostics: Enables testing and troubleshooting tools
• Path Discovery: Helps determine routing paths and bottlenecks
• Status Information: Provides feedback about network conditions

Common ICMP Message Types:

• Echo Request/Reply (Type 8/0): Used by ping for connectivity testing
• Destination Unreachable (Type 3): Reports delivery failures (network unreachable, port unreachable, protocol unreachable)
• Time Exceeded (Type 11): Indicates TTL expiration, used by traceroute
• Redirect (Type 5): Informs hosts of better routes
• Source Quench (Type 4): Congestion notification (deprecated)

Diagnostic Tools Using ICMP:

• ping: Tests basic connectivity and measures round-trip time
  • Example: ping 8.8.8.8 tests connectivity to Google DNS
  • Options: packet size, count, timeout
• tracert (Windows) / traceroute (Unix): Maps network path to destination
  • Shows each router hop with latency measurements
  • Identifies where connectivity fails or latency increases
  • Example: tracert www.example.com
• pathping (Windows): Combines ping and traceroute with statistics
  
  

  IP Configuration Strategies - Exercise

  Click the Exercise link below to apply what you know about IP configuration strategies in a Problem Solver exercise.
  IP Configuration Strategies - Exercise