2.1. The TCP/IP Suite of Protocols

TCP/IP (Transmission Control Protocol/Internet Protocol) is a suite of network protocols. TCP and IP are only two of the protocols within the suite but arguably the most important. The TCP/IP protocols were designed to allow different applications on dissimilar operating systems to communicate across a network. I'll talk about some (certainly not all) of the TCP/IP protocols in the context of intrusion detection.

2.1.1. TCP

TCP (Transmission Control Protocol) is a connection-oriented transport layer protocol designed to provide a reliable connection for data exchange between two systems. TCP ensures that all packets are properly sequenced and acknowledged, and that a conversation is established before data is sent. This ensures that both machines are ready to have a conversation and that the information moving from one system to another makes it without anything being lost. Services using TCP as their communication mechanism listen on specific port numbers for clients to make requests. Some applications that make use of TCP as their method of communication are: