This article describes TCP/IP and tells how to set it up on a network.

Note : For a quick overview of what kind of information goes in each field of the TCP/IP control panel, open the TCP/IP control panel and select Show Balloons from the Help menu. Hover your pointer over a field to view a brief description.

TCP/IP Protocol
TCP/IP consists of two protocols used in computer networks, the Transmission Control Protocol and the Internet Protocol. Even though TCP and IP are two separate protocols, they work together to make network communication possible and, at the user-interface level, appear as one seamless protocol. A protocol in this context is an agreed way for devices on the network to talk with one another. In that sense, protocols are similar to languages in that both devices must use and understand the same protocol in order to communicate, and in that a single device can use multiple protocols in order to communicate with other devices on the network. In addition, there are a number of other protocols that comprise the TCP/IP suite, such as UDP (User Datagram Protoco)l, which is commonly used for streaming data. Other protocols, such as AFP (Apple File Protocol), SMB (Server Message Block), and FTP (File Transfer Protocol) are used in conjunction with TCP/IP for communication and file transfers. Information on these protocols is available on the Internet and in any good book on networking.

There are several important pieces of data any device needs to have to communicate via TCP/IP. On the Macintosh, these are conveniently contained within the TCP/IP control panel. At a bare minimum, an IP address and the subnet mask are necessary. It is almost always necessary to have a router address, and generally desirable to specify at least one or two name server addresses as well.

IP Address
In order for TCP/IP communication to happen between two devices, each must have its own unique IP address. The IP address is very much like a phone number in that each device on the network has one, and in order for one device to connect to another, it has to know the IP address. When device tries to connect to another, it dials the IP address of that device, and once connected gives its address to that device so it can call back.

This address can be manually entered (in which case it is static) or it can be dynamically assigned by a special server set up to assign addresses. Static addresses are so called because they do not change, at least not automatically. Dynamic addresses can and often do change, as a new address is assigned by the server. A server is a computer running special software that allows it to provide a service to the network, such as shared files, print queues, or in this case, address assignment. There are several protocols a server can use in assigning an address, which are discussed near the end of this article.

Subnet Mask
The subnet mask is a special number the device uses to find out if an IP address refers to another device on the same network, or on a different network. It is very important to understand how a subnet mask works in order to understand IP connectivity. Devices connected to hubs and switches (two types of hardware used to create networks) are on the same network. Multiple networks can be connected by bridges, gateways, and routers. For the purposes of this discussion, and general IP connectivity, gateways and routers may be treated as synonymous even though technically they are slightly different in that a gateway is a special kind of router that connects different kinds of networks together.

You may have noticed that if you view the AppleTalk control panel in Advanced mode by pressing Command(Apple)-U and choosing Advanced, you see a node number and a network number. Each network number corresponds to a given network, and acts very much like an area code in a phone number. Each device on the network has its own node number that acts like the final seven digits of the phone number. So a network number indicates where the device is located, while the node number indicates which device is trying to communicate. TCP/IP uses a similar scheme, except that the node number and the network number are both part of the IP address (just as an area code is usually considered part of a phone number). The only way the device can tell what part of an IP address is the network number and which is the node number is by applying a subnet mask.

How It Works
Device A wants to communicate with device B. Device A has an IP address of 192.168.66.12 and device B has an IP address of 192.168.66.33. Device A knows that the subnet mask is 255.255.255.0 and therefore begins by comparing the two IP addresses and the subnet mask to determine whether device B is on the same network.

The first step in this process is to separate the network number from the node number. Each number in the subnet mask corresponds to a number within the IP address. If the number space in the subnet mask contains a zero, that means that the corresponding space in the IP address is the node number. The rest of the address refers to a network number. IP networks, distinguished by a common network number, are referred to as subnets.

The device lines the addresses up internally, like this:

Device A 192.168.66.12
Subnet Mask 255.255.255.0
Device B 192.168.66.33

As you can see, only the last number in the subnet mask is a zero. This means that for device A, the node number is 12, whereas the node number for device B is assumed to be 33, based on this subnet mask. The network containing device A is network number 192.168.66, and any device on that network (if it is properly configured) will have an IP address of 192.168.66.X, where X is a unique node number, and the subnet mask 255.255.255.0. In other words, devices on the same network physically should have the same network number in their IP address, and the same subnet mask. Setting up even slightly different would invite trouble.

Now, device A knows it is on the same network as device B, and can try to connect to it on its own. Once they have established a connection and device B knows the IP address of device A, they can transfer data normally.

Now imagine that device A wants to connect to device C, which has an IP address of 192.168.64.128. When we line up the addresses for comparison, we get:

Device A 192.168.66.12
Subnet Mask 255.255.255.0
Device C 192.168.64.128

As you can see, while device A was determined to be on network number 192.168.66. Device C appears to be in network number 192.168.64 as far as device A can determine based on the subnet mask. It is important to understand that this may not be the case. Device A only knows its own subnet mask, and does not know or care about other masks. What is important here is that device C is apparently not on the same network as device A. Device A can only connect to devices on its own network, unless it has help. This is where the router comes in.

Router
A router connects networks together, and knows the location of devices on each network it connects, and therefore the location of other routers. The router could be a dedicated piece of hardware or a computer running routing software. The device acting as a router may act only as a router, or it may perform other network services, such as a file or print server, or assigning IP addresses. However for our purposes, it is important to focus on the routing function for a moment. If a device on one network requests a connection to a device on another network, the router must first determine whether the requested device is on a network to which it is physically connected. If it is not, the router asks the other routers how to find the device. This goes on until a predetermined number of routers in each direction have been asked, or the shortest avenue to the device is found. Usually the router stores the data in a routing table for future reference and quicker retrieval.

Device A knows which router to ask because the IP address of the router is stored in its TCP/IP setup. Obviously the router has to be on the same network as device A, so that they can connect. The router actually has an IP address for each network it connects to, so that devices on that network are able to connect to it for routing requests. The IP address for a router (router address) is commonly set to something unusual, such as node number 1, so that it is more easily remembered. That is the case in our example; device A has a router address set at 192.168.66.1, so it connects to the computer at that address, then sends routing requests to it. Once the router finds device C, it automatically sends the connection requests from device A to device C, so that they can negotiate a connection and transfer data as in our previous example. The important difference is that all data from A to C and vice versa must travel through the router that, in this case, has an address of 192.168.66.1 on device A's side, and 192.168.64.1 on device C's side.

All of this neglects a very important aspect of most computing and networking processes: the user. Computers do very well with numbers and electronic pulses, and in fact that is how they got their name. But users tend to think of devices and services by a name, not a number. That is where the name server address comes in. DNS (Domain Name System) is a very important aspect of IP connectivity, because it allows users to enter names and have the computer translate them into numbers for its own use. This is done by setting up DNS servers, which are usually computers running software that allows them to provide this service. A more thorough explanation of DNS is provided elsewhere, but briefly:

If we assume that device A is a Macintosh, and the user of that Macintosh types in www.foo.com as the address in a Web browser, the Macintosh knows that it requires help with the address. It checks the name server address in its TCP/IP control panel, which in this case is 192.168.66.254, and connects to that device. It then asks the server what address it has for www.foo.com. Once the DNS server finds the requested name, it gives the address to device A, the Macintosh. In this case www.foo.com is 192.168.64.54, so the Macintosh has to ask the router how to connect.

There are two relevant points that are important here. One, it is best that the DNS server be as near the devices using it as possible, hopefully in the same network. Unlike a router, the DNS server is not required to be in the same subnet as the device needing name resolution; however this is certainly advisable because the DNS server is used heavily if there is a lot of common network traffic like e-mail and Web browsing. Two, difficulties connecting to a device through IP may not always be an IP connectivity issue. If you can use the device's address explicitly to connect to it, the issue is either with connectivity to the DNS server or, more likely, with the setup of that server. This is another case where a little troubleshooting goes a long way.

Not only are the numbers on IP networks usually obscured from the user's eyes because we use names, but even if the IP address is known, it is important to understand that even the numbers themselves are being translated for the user interface. Computers and users do not use the same system to represent numbers, and while this is usually transparent to the user, in the case of IP administration it becomes an important distinction.

Users use what is called the Base-10, or decimal system for representing numbers. This means is that each place in a number represents a multiple of ten, so that we have a 1s place, a 10s place, a 100s place, and so forth. So the number two hundred fifty-five is represented as 255. Additionally, the largest digit in the Base-10 system is nine, so we have numbers zero through nine in those places.

Computers use the binary system of numbers, or Base-2, which means that each place in the number represents a multiple of 2, so we have a 1s place, a 2s place, a 4s place, an 8s place, and so forth. The largest digit in binary is a one, so we only have zero and one to represent numbers. This suits the computer just fine, since it only knows electronic pulses anyway, and recognizes "off" as zero and "on" as one on its internal circuits. Each of these 1s or 0s is a bit, eight of which make a byte, as you may remember from researching memory. Computers like whole bytes when representing data, so
they see the number two as 00000010 and two hundred fifty-five as 11111111.

What this means for IP networks is that subnet masks do not always contain zeroes that are obvious. For instance, consider our previous network (192.168.66.*) has been extended to include more computers, since there can normally only be 256 devices with IP addresses in that range (0-255) and one address is taken up by a router (.1). The zero node has special meaning in IP addressing and is usually to be avoided as well.

If we add even one more binary bit to the possible size of a node number, you double the possible number of IP addresses. (11111111 is two hundred fifty-five in binary, but 111111111, which only has one additional place, represents five hundred eleven, so we go from 256 possible addresses (again only if you count zero) to 512. Similarly, another bit makes the largest possible node number 1111111111, or one thousand twenty-three, meaning there are one thousand twenty-four possible addresses. The tricky part is in designating the extra bits. This is done via the subnet mask.

If you recall we previously used a subnet mask of 255.255.255.0 to designate our network. This translates in binary to 11111111.11111111.11111111.00000000. Each bit in the subnet mask in which there is a zero corresponds with a bit in the IP address that represents the node number. Therefore, in order to get 1024 possible node numbers, we have to designate more bits for it by setting the subnet mask to 11111111.11111111.11111100.00000000 , which corresponds in decimal numbers to 255.255.252.0.