Throughout the history of computing, there have been numerous networking protocols, the
structured rules computers use to communicate with each other, but none have been as
successful and become as ubiquitous as the Transmission Control Protocol/Internet Protocol
(TCP/IP) suite of protocols. TCP/IP is the protocol suite used on the Internet, and the vast
majority of enterprise and government networks have now implemented TCP/IP on their
networks. Due to this ubiquity, almost all attacks against computer systems today are
designed to be launched over a TCPI/IP network, and thus the majority of intrusion detection
and prevention systems are designed to operate with and monitor TCP/IP-based networks.
Therefore, to better understand the nature of these technologies, one needs to have a working
knowledge of TCP/IP. Though a complete description of TCP/IP is beyond the scope of this
chapter, there are numerous excellent references and tutorials for those interested in learning
more.