What do you think?
Rate this book
The Illustrated Network: How TCP/IP Works in a Modern Network
The Illustrated How TCP/IP Works in a Modern Network, Second Edition presents an illustrated explanation on how TCP/IP works, using consistent examples from a working network configuration that includes servers, routers and workstations. Diagnostic traces allow the reader to follow the discussion with unprecedented clarity and precision. True to its title, there are 330+ diagrams and screenshots, as well as topology diagrams and a unique repeating chapter opening diagram. Illustrations are also used as end-of-chapter questions. Based on examples of a complete and modern network, all the material comes from real objects connected and running on the network.
The book emphasizes the similarities across all networks, since all share similar components, from the smallest LAN to the global internet. Layered protocols are the rule, and all hosts attached to the Internet run certain core protocols to enable their applications to function properly.
This second edition includes updates throughout, along with four completely new chapters that introduce developments that have occurred since the publication of the first edition, including optical networking, cloud concepts and VXLAN.
Gives the reader insights into the most up-to-date network equipment, operating systems and router vendors Presents an illustrated explanation on how TCP/IP works with consistent examples from a working network configuration that includes servers, routers, and workstations Contains over 330 Illustrations, screen shots, topology diagrams, and a unique repeating chapter opening diagram to reinforce concepts
The book emphasizes the similarities across all networks, since all share similar components, from the smallest LAN to the global internet. Layered protocols are the rule, and all hosts attached to the Internet run certain core protocols to enable their applications to function properly.
This second edition includes updates throughout, along with four completely new chapters that introduce developments that have occurred since the publication of the first edition, including optical networking, cloud concepts and VXLAN.
Gives the reader insights into the most up-to-date network equipment, operating systems and router vendors Presents an illustrated explanation on how TCP/IP works with consistent examples from a working network configuration that includes servers, routers, and workstations Contains over 330 Illustrations, screen shots, topology diagrams, and a unique repeating chapter opening diagram to reinforce concepts
899 pages, Kindle Edition
First published October 20, 2006
35 people are currently reading
88 people want to read
About the author
Walter Goralski
37 books3 followersWalter J. Goralski is a senior staff engineer and technical writer for Juniper Networks (Sunnyvale, CA).
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
March 8, 2023
Detailed book on a variety of networking topics, with helpful illustrations. Covers history and present state (as of publication) of networking technologies. Chapters end with questions.
Notes
Address Resolution Protocol
ARP operation
Host sends ARP request. All LAN devices receive request. Only device with target IP address sends unicast reply to requestor. Target caches MAC address of requester, as do other devices that hear reply.
IPv4 and IPv6 Headers
TTL is supposed to be number of seconds that packet can take to reach destination. If packet arriving at a router has field set to 0, it's discarded and never routed. Because there's no standard way to track time across a group of routers, most TCP/IP networks interpret this field as a hop count between routers and decrement it by 1.
Internet Control Message Protocol
IP is connectionless, “best effort,” “unreliable.”
Routing
People use "gateway" and "router" interchangeably, but technically, gateway connects one or more LANs to Internet (and can route from LAN to LAN), but router can only connect to other routers.
User Datagram Protocol
Socket: combination of IPv4 or IPv6 address and port number (e.g., 10.10.12.166:17).
Routing and Peering
Jitter: delay variation; how much end-to-end network latency varies from time to time.
Autonomous system (AS): group of IP networks sharing a unified routing policy framework.
IGPs: RIP, OSPF, and IS-IS
Distance-vector routing protocols make routing decisions based on number of routers (hops) between sender and destination.
Link-state protocols consider more factors, requiring each router to keep database of network info.
OSPF can compute “shortest” path through group of routers based on link and router characteristics (e.g., highest throughput, lowest delay, lowest cost, link reliability).
Border Gateway Protocol
BGP is path-vector protocol, not link-state protocol or distance-vector protocol.
Multiprotocol BGP (MBGP or MPBGP): used to support IP-based VPN info and carry IPv6 routing information.
The Domain Name System
Broadcast goes to everyone. Multicast goes to all interested listeners. Anycast goes to only one of a set of hosts (“send this to any one of these”); it's more suited to connectionless protocols than stateful ones.
Cloud, SDN, and NFV
Network functions virtualization (NFV): virtualization of network functions, such as firewalls, routers, switches, load balancers.
Data center TCP (DCTCP): can detect extent of congestion (regular TCP only detects presence of congestion).
Cross-site Request Forgery (CSRF) (aka “one-click attack,” “session riding”): sends malicious commands to user from website user trusts. XSS deceives server; CSRF deceives client.
Firewalls
Stateful firewalls can recognize anomalies in 5 categories: IP packet, IP addressing, IP fragmentation, TCP, UDP.
Stateful firewalls detect events which are only detectable by following packet flow (e.g., SYN followed by SYN-ACK packets without an ACK from initiator, SYN followed by RST packets, SYN without SYN-ACK, Non-SYN first packet in a flow, ICMP unreachable errors for SYN or UDP packets).
Bastion host: server that needs to be accessible from Internet and is untrusted by internal network.
Notes
Address Resolution Protocol
ARP operation
Host sends ARP request. All LAN devices receive request. Only device with target IP address sends unicast reply to requestor. Target caches MAC address of requester, as do other devices that hear reply.
IPv4 and IPv6 Headers
TTL is supposed to be number of seconds that packet can take to reach destination. If packet arriving at a router has field set to 0, it's discarded and never routed. Because there's no standard way to track time across a group of routers, most TCP/IP networks interpret this field as a hop count between routers and decrement it by 1.
Internet Control Message Protocol
IP is connectionless, “best effort,” “unreliable.”
Routing
People use "gateway" and "router" interchangeably, but technically, gateway connects one or more LANs to Internet (and can route from LAN to LAN), but router can only connect to other routers.
User Datagram Protocol
Socket: combination of IPv4 or IPv6 address and port number (e.g., 10.10.12.166:17).
Routing and Peering
Jitter: delay variation; how much end-to-end network latency varies from time to time.
Autonomous system (AS): group of IP networks sharing a unified routing policy framework.
IGPs: RIP, OSPF, and IS-IS
Distance-vector routing protocols make routing decisions based on number of routers (hops) between sender and destination.
Link-state protocols consider more factors, requiring each router to keep database of network info.
OSPF can compute “shortest” path through group of routers based on link and router characteristics (e.g., highest throughput, lowest delay, lowest cost, link reliability).
Border Gateway Protocol
BGP is path-vector protocol, not link-state protocol or distance-vector protocol.
Multiprotocol BGP (MBGP or MPBGP): used to support IP-based VPN info and carry IPv6 routing information.
The Domain Name System
Broadcast goes to everyone. Multicast goes to all interested listeners. Anycast goes to only one of a set of hosts (“send this to any one of these”); it's more suited to connectionless protocols than stateful ones.
Cloud, SDN, and NFV
Network functions virtualization (NFV): virtualization of network functions, such as firewalls, routers, switches, load balancers.
Data center TCP (DCTCP): can detect extent of congestion (regular TCP only detects presence of congestion).
Cross-site Request Forgery (CSRF) (aka “one-click attack,” “session riding”): sends malicious commands to user from website user trusts. XSS deceives server; CSRF deceives client.
Firewalls
Stateful firewalls can recognize anomalies in 5 categories: IP packet, IP addressing, IP fragmentation, TCP, UDP.
Stateful firewalls detect events which are only detectable by following packet flow (e.g., SYN followed by SYN-ACK packets without an ACK from initiator, SYN followed by RST packets, SYN without SYN-ACK, Non-SYN first packet in a flow, ICMP unreachable errors for SYN or UDP packets).
Bastion host: server that needs to be accessible from Internet and is untrusted by internal network.
January 18, 2024
It's quite a good introduction to TCP/IP stack from a bird's eye view. It is quite brief but explains most of the modern IP stack needed for non-networking professionals
Displaying 1 - 2 of 2 reviews