What do you think?
Rate this book
The Illustrated Network: How TCP/IP Works in a Modern Network
In 1994, W. Richard Stevens and Addison-Wesley published a networking TCP/IP Illustrated. The model for that book was a brilliant, unfettered approach to networking concepts that has proven itself over time to be popular with readers of beginning to intermediate networking knowledge. The Illustrated Network takes this time-honored approach and modernizes it by creating not only a much larger and more complicated network, but also by incorporating all the networking advancements that have taken place since the mid-1990s, which are many.
This book takes the popular Stevens approach and modernizes it, employing 2008 equipment, operating systems, and router vendors. It presents an ?illustrated? explanation of how TCP/IP works with consistent examples from a real, working network configuration that includes servers, routers, and workstations. Diagnostic traces allow the reader to follow the discussion with unprecedented clarity and precision. True to the title of the book, there are 330+ diagrams and screen shots, as well as topology diagrams and a unique repeating chapter opening diagram. Illustrations are also used as end-of-chapter questions. A complete and modern network was assembled to write this book, with all the material coming from real objects connected and running on the network, not assumptions. Presents a real world networking scenario the way the reader sees them in a device-agnostic world. Doesn't preach one platform or the other.
Here are ten key differences between the
Stevens Goralski's
Older operating systems (AIX,svr4,etc.) Newer OSs (XP, Linux, FreeBSD, etc.)
Two routers (Cisco, Telebit (obsolete)) Two routers (M-series, J-series)
Slow Ethernet and SLIP link Fast Ethernet, Gigabit Ethernet, and SONET/SDH links (modern)
Tcpdump for traces Newer, better utility to capture traces (Ethereal, now has
a new name!)
No IPSec IPSec
No multicast Multicast
No router security discussed Firewall routers detailed
No Web Full Web browser HTML consideration
No IPv6 IPv6 overview
Few configuration details More configuration details (ie, SSH, SSL, MPLS, ATM/FR consideration, wireless LANS, OSPF and BGP routing protocols
This book takes the popular Stevens approach and modernizes it, employing 2008 equipment, operating systems, and router vendors. It presents an ?illustrated? explanation of how TCP/IP works with consistent examples from a real, working network configuration that includes servers, routers, and workstations. Diagnostic traces allow the reader to follow the discussion with unprecedented clarity and precision. True to the title of the book, there are 330+ diagrams and screen shots, as well as topology diagrams and a unique repeating chapter opening diagram. Illustrations are also used as end-of-chapter questions. A complete and modern network was assembled to write this book, with all the material coming from real objects connected and running on the network, not assumptions. Presents a real world networking scenario the way the reader sees them in a device-agnostic world. Doesn't preach one platform or the other.
Here are ten key differences between the
Stevens Goralski's
Older operating systems (AIX,svr4,etc.) Newer OSs (XP, Linux, FreeBSD, etc.)
Two routers (Cisco, Telebit (obsolete)) Two routers (M-series, J-series)
Slow Ethernet and SLIP link Fast Ethernet, Gigabit Ethernet, and SONET/SDH links (modern)
Tcpdump for traces Newer, better utility to capture traces (Ethereal, now has
a new name!)
No IPSec IPSec
No multicast Multicast
No router security discussed Firewall routers detailed
No Web Full Web browser HTML consideration
No IPv6 IPv6 overview
Few configuration details More configuration details (ie, SSH, SSL, MPLS, ATM/FR consideration, wireless LANS, OSPF and BGP routing protocols
832 pages, Hardcover
First published October 20, 2006
35 people are currently reading
88 people want to read
About the author
Walter Goralski
37 books3 followersWalter J. Goralski is a senior staff engineer and technical writer for Juniper Networks (Sunnyvale, CA).
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 2 of 2 reviews
March 8, 2023
Detailed book on a variety of networking topics, with helpful illustrations. Covers history and present state (as of publication) of networking technologies. Chapters end with questions.
Notes
Address Resolution Protocol
ARP operation
Host sends ARP request. All LAN devices receive request. Only device with target IP address sends unicast reply to requestor. Target caches MAC address of requester, as do other devices that hear reply.
IPv4 and IPv6 Headers
TTL is supposed to be number of seconds that packet can take to reach destination. If packet arriving at a router has field set to 0, it's discarded and never routed. Because there's no standard way to track time across a group of routers, most TCP/IP networks interpret this field as a hop count between routers and decrement it by 1.
Internet Control Message Protocol
IP is connectionless, “best effort,” “unreliable.”
Routing
People use "gateway" and "router" interchangeably, but technically, gateway connects one or more LANs to Internet (and can route from LAN to LAN), but router can only connect to other routers.
User Datagram Protocol
Socket: combination of IPv4 or IPv6 address and port number (e.g., 10.10.12.166:17).
Routing and Peering
Jitter: delay variation; how much end-to-end network latency varies from time to time.
Autonomous system (AS): group of IP networks sharing a unified routing policy framework.
IGPs: RIP, OSPF, and IS-IS
Distance-vector routing protocols make routing decisions based on number of routers (hops) between sender and destination.
Link-state protocols consider more factors, requiring each router to keep database of network info.
OSPF can compute “shortest” path through group of routers based on link and router characteristics (e.g., highest throughput, lowest delay, lowest cost, link reliability).
Border Gateway Protocol
BGP is path-vector protocol, not link-state protocol or distance-vector protocol.
Multiprotocol BGP (MBGP or MPBGP): used to support IP-based VPN info and carry IPv6 routing information.
The Domain Name System
Broadcast goes to everyone. Multicast goes to all interested listeners. Anycast goes to only one of a set of hosts (“send this to any one of these”); it's more suited to connectionless protocols than stateful ones.
Cloud, SDN, and NFV
Network functions virtualization (NFV): virtualization of network functions, such as firewalls, routers, switches, load balancers.
Data center TCP (DCTCP): can detect extent of congestion (regular TCP only detects presence of congestion).
Cross-site Request Forgery (CSRF) (aka “one-click attack,” “session riding”): sends malicious commands to user from website user trusts. XSS deceives server; CSRF deceives client.
Firewalls
Stateful firewalls can recognize anomalies in 5 categories: IP packet, IP addressing, IP fragmentation, TCP, UDP.
Stateful firewalls detect events which are only detectable by following packet flow (e.g., SYN followed by SYN-ACK packets without an ACK from initiator, SYN followed by RST packets, SYN without SYN-ACK, Non-SYN first packet in a flow, ICMP unreachable errors for SYN or UDP packets).
Bastion host: server that needs to be accessible from Internet and is untrusted by internal network.
Notes
Address Resolution Protocol
ARP operation
Host sends ARP request. All LAN devices receive request. Only device with target IP address sends unicast reply to requestor. Target caches MAC address of requester, as do other devices that hear reply.
IPv4 and IPv6 Headers
TTL is supposed to be number of seconds that packet can take to reach destination. If packet arriving at a router has field set to 0, it's discarded and never routed. Because there's no standard way to track time across a group of routers, most TCP/IP networks interpret this field as a hop count between routers and decrement it by 1.
Internet Control Message Protocol
IP is connectionless, “best effort,” “unreliable.”
Routing
People use "gateway" and "router" interchangeably, but technically, gateway connects one or more LANs to Internet (and can route from LAN to LAN), but router can only connect to other routers.
User Datagram Protocol
Socket: combination of IPv4 or IPv6 address and port number (e.g., 10.10.12.166:17).
Routing and Peering
Jitter: delay variation; how much end-to-end network latency varies from time to time.
Autonomous system (AS): group of IP networks sharing a unified routing policy framework.
IGPs: RIP, OSPF, and IS-IS
Distance-vector routing protocols make routing decisions based on number of routers (hops) between sender and destination.
Link-state protocols consider more factors, requiring each router to keep database of network info.
OSPF can compute “shortest” path through group of routers based on link and router characteristics (e.g., highest throughput, lowest delay, lowest cost, link reliability).
Border Gateway Protocol
BGP is path-vector protocol, not link-state protocol or distance-vector protocol.
Multiprotocol BGP (MBGP or MPBGP): used to support IP-based VPN info and carry IPv6 routing information.
The Domain Name System
Broadcast goes to everyone. Multicast goes to all interested listeners. Anycast goes to only one of a set of hosts (“send this to any one of these”); it's more suited to connectionless protocols than stateful ones.
Cloud, SDN, and NFV
Network functions virtualization (NFV): virtualization of network functions, such as firewalls, routers, switches, load balancers.
Data center TCP (DCTCP): can detect extent of congestion (regular TCP only detects presence of congestion).
Cross-site Request Forgery (CSRF) (aka “one-click attack,” “session riding”): sends malicious commands to user from website user trusts. XSS deceives server; CSRF deceives client.
Firewalls
Stateful firewalls can recognize anomalies in 5 categories: IP packet, IP addressing, IP fragmentation, TCP, UDP.
Stateful firewalls detect events which are only detectable by following packet flow (e.g., SYN followed by SYN-ACK packets without an ACK from initiator, SYN followed by RST packets, SYN without SYN-ACK, Non-SYN first packet in a flow, ICMP unreachable errors for SYN or UDP packets).
Bastion host: server that needs to be accessible from Internet and is untrusted by internal network.
January 18, 2024
It's quite a good introduction to TCP/IP stack from a bird's eye view. It is quite brief but explains most of the modern IP stack needed for non-networking professionals
Displaying 1 - 2 of 2 reviews