TCP & UDP
Transport Layer Protocols
The Transport layer (OSI Layer-4) does not actually transport data, despite its name. Instead, this layer is responsible for the reliable transfer of data, by ensuring that data arrives at its destination error-free and in order. The Transport layer is referred to as the Host-to-Host layer in the Department of Defense (DoD) reference model.
there is way communication
• Connection-oriented – requires that a connection with specific agreed-upon parameters be established before data is sent.
• Connectionless – There is no require any connection transfer data
Connection-oriented protocols provide services:
• Connection establishment – connections are established, maintained, and ultimately terminated between devices.
• Segmentation and sequencing – data is segmented into smaller pieces for transport. Each segment is assigned a sequence number, so that the receiving device can reassemble the data on arrival.
• Acknowledgments – receipt of data is confirmed through the use of acknowledgments. If a segment is lost, data can be retransmitted to guarantee delivery.
• Flow control – data transfer rate is negotiated to prevent congestion.
Transport Layer Protocols
It has two protocol
• Transmission Control Protocol (TCP) – connection-oriented
• User Datagram Protocol (UDP) - connectionless
Both TCP and UDP provide a mechanism to differentiate applications (or services) running on the same host, through the use of port numbers. When a host receives a segment, the port number tells the transport layer which higher-layer application to hand the packet off to.
This allows multiple network services to operate simultaneously on the same logical address, such as a web and an email server. The range for port numbers is 0 – 65535, for both TCP and UDP. The combination of the IP address and port number (identifying both the host and service) is referred to as a socket, and is written out as follows:
192.168.65.105:123
Note the colon separating the IP address (192.168.65.105) from the port number (123). The first 1024 ports (0-1023) have been reserved for widely-used services, and are recognized as well-known ports. Below is a table of several common TCP/UDP ports:
Ports ranging from 1024 – 49151 are referred to as registered ports, and are allocated by the IANA upon request. Ports ranging from 49152 – 65535 cannot be registered, and are considered dynamic.
Transmission Control Protocol (TCP)
The Transmission Control Protocol (TCP) is a connection-oriented transport protocol, providing reliable delivery over an Internet Protocol (IP) network. Together, TCP and IP provide the core functionality for the TCP/IP or Internet protocol suite.
TCP was originally defined in RFC 675, and initially designed to perform both Network and Transport layer functions. When this proved to be an inflexible solution, those functions were separated - with IP providing Network layer services, and TCP providing Transport layer services. This separation was formalized in version 4 of TCP, defined in RFC 793.
Establishing a TCP Connection
three-way handshake
• Host A sends a SYN ( synchronize) message to HostB to initiate the connection.
• Host B responds with an ACK ( acknowledgement) to HostA’s SYN message, and sends its own SYN message. The two messages are combined to form a single SYN+ACK message.
• HostA completes the three-way handshake by sending an ACK to HostB’s SYN
• HostA sends a SYN (short for synchronize) message to HostB to initiate a connection.
• HostB responds with an ACK (short for acknowledgement) to HostA’s SYN message, and sends its own SYN message. The two messages are combined to form a single SYN+ACK message.
• HostA completes the three-way handshake by sending an ACK to HostB’s SYN.
TCP Segmentation and Sequencing
TCP is a stream-oriented transport protocol. This allows the application layer to send a continuous stream of unstructured data and rely on TCP to package the data as segments, regardless of the amount of data.
TCP will not only segment data into smaller pieces for transport, but will also assign a sequence number to each segment. Note though that this sequence number identifies the data (bytes) within the segment rather than the segment itself
When establishing a connection, a host will choose a 32-bit initial sequence number (ISN). The ISN is chosen from a randomizing timer, to prevent accidental overlap or predictability.
The receiving host responds to this sequence number with an acknowledgment number, set to the sequence number + 1. In the above example, HostB’s acknowledgment number would thus be 1001. HostB includes an initial sequence number with its SYN message as well – 4500 in the above example. HostA would respond to this sequence number with an acknowledgement number of 4501. The TCP header contains both a 32-bit Sequence Number and 32-bit Acknowledgement Number field.
TCP Window
Once the TCP connection is established, the sequence numbers are used to identify the data within the segment. Using the above example again, HostA’s first byte of data will be assigned a sequence number 1001. Note that this is HostB’s acknowledgment number, which essentially identifies which byte the receiving host is expecting next. HostB’s first byte of data will be assigned a sequence number of 4501. Note that each individual byte of data is not assigned a sequence number and acknowledged independently, as this would introduce massive overhead. Instead, data is sequenced and acknowledged in groups, dictated by the TCP window size. The window size can never exceed the maximum segment size (MSS), which is 536 bytes by default. The TCP window size is dictating by the receiving host, and informs the sender how many bytes it is permitted to send, before waiting for an acknowledgement. This window size can be dynamically changed to provide a measure of flow control, preventing buffer congestion on the receiving host. A window size of 0 would instruct the sender to send no further data, usually indicating significant congestion on the receiving host.
TCP\IP Header
User Datagram Protocol (UDP)
Transport Layer Protocols
The Transport layer (OSI Layer-4) does not actually transport data, despite its name. Instead, this layer is responsible for the reliable transfer of data, by ensuring that data arrives at its destination error-free and in order. The Transport layer is referred to as the Host-to-Host layer in the Department of Defense (DoD) reference model.
there is way communication
• Connection-oriented – requires that a connection with specific agreed-upon parameters be established before data is sent.
• Connectionless – There is no require any connection transfer data
Connection-oriented protocols provide services:
• Connection establishment – connections are established, maintained, and ultimately terminated between devices.
• Segmentation and sequencing – data is segmented into smaller pieces for transport. Each segment is assigned a sequence number, so that the receiving device can reassemble the data on arrival.
• Acknowledgments – receipt of data is confirmed through the use of acknowledgments. If a segment is lost, data can be retransmitted to guarantee delivery.
• Flow control – data transfer rate is negotiated to prevent congestion.
Transport Layer Protocols
It has two protocol
• Transmission Control Protocol (TCP) – connection-oriented
• User Datagram Protocol (UDP) - connectionless
Both TCP and UDP provide a mechanism to differentiate applications (or services) running on the same host, through the use of port numbers. When a host receives a segment, the port number tells the transport layer which higher-layer application to hand the packet off to.
This allows multiple network services to operate simultaneously on the same logical address, such as a web and an email server. The range for port numbers is 0 – 65535, for both TCP and UDP. The combination of the IP address and port number (identifying both the host and service) is referred to as a socket, and is written out as follows:
192.168.65.105:123
Note the colon separating the IP address (192.168.65.105) from the port number (123). The first 1024 ports (0-1023) have been reserved for widely-used services, and are recognized as well-known ports. Below is a table of several common TCP/UDP ports:
Ports ranging from 1024 – 49151 are referred to as registered ports, and are allocated by the IANA upon request. Ports ranging from 49152 – 65535 cannot be registered, and are considered dynamic.
Transmission Control Protocol (TCP)
The Transmission Control Protocol (TCP) is a connection-oriented transport protocol, providing reliable delivery over an Internet Protocol (IP) network. Together, TCP and IP provide the core functionality for the TCP/IP or Internet protocol suite.
TCP was originally defined in RFC 675, and initially designed to perform both Network and Transport layer functions. When this proved to be an inflexible solution, those functions were separated - with IP providing Network layer services, and TCP providing Transport layer services. This separation was formalized in version 4 of TCP, defined in RFC 793.
Establishing a TCP Connection
three-way handshake
• Host A sends a SYN ( synchronize) message to HostB to initiate the connection.
• Host B responds with an ACK ( acknowledgement) to HostA’s SYN message, and sends its own SYN message. The two messages are combined to form a single SYN+ACK message.
• HostA completes the three-way handshake by sending an ACK to HostB’s SYN
• HostA sends a SYN (short for synchronize) message to HostB to initiate a connection.
• HostB responds with an ACK (short for acknowledgement) to HostA’s SYN message, and sends its own SYN message. The two messages are combined to form a single SYN+ACK message.
• HostA completes the three-way handshake by sending an ACK to HostB’s SYN.
TCP Segmentation and Sequencing
TCP is a stream-oriented transport protocol. This allows the application layer to send a continuous stream of unstructured data and rely on TCP to package the data as segments, regardless of the amount of data.
TCP will not only segment data into smaller pieces for transport, but will also assign a sequence number to each segment. Note though that this sequence number identifies the data (bytes) within the segment rather than the segment itself
When establishing a connection, a host will choose a 32-bit initial sequence number (ISN). The ISN is chosen from a randomizing timer, to prevent accidental overlap or predictability.
The receiving host responds to this sequence number with an acknowledgment number, set to the sequence number + 1. In the above example, HostB’s acknowledgment number would thus be 1001. HostB includes an initial sequence number with its SYN message as well – 4500 in the above example. HostA would respond to this sequence number with an acknowledgement number of 4501. The TCP header contains both a 32-bit Sequence Number and 32-bit Acknowledgement Number field.
TCP Window
Once the TCP connection is established, the sequence numbers are used to identify the data within the segment. Using the above example again, HostA’s first byte of data will be assigned a sequence number 1001. Note that this is HostB’s acknowledgment number, which essentially identifies which byte the receiving host is expecting next. HostB’s first byte of data will be assigned a sequence number of 4501. Note that each individual byte of data is not assigned a sequence number and acknowledged independently, as this would introduce massive overhead. Instead, data is sequenced and acknowledged in groups, dictated by the TCP window size. The window size can never exceed the maximum segment size (MSS), which is 536 bytes by default. The TCP window size is dictating by the receiving host, and informs the sender how many bytes it is permitted to send, before waiting for an acknowledgement. This window size can be dynamically changed to provide a measure of flow control, preventing buffer congestion on the receiving host. A window size of 0 would instruct the sender to send no further data, usually indicating significant congestion on the receiving host.
TCP\IP Header
- Source port: this is a 16 bit field that specifies the port number of the sender.
- Destination port: this is a 16 bit field that specifies the port number of the receiver.
- Sequence number: the sequence number is a 32 bit field that indicates how much data is sent during the TCP session. When you establish a new TCP connection (3 way handshake) then the initial sequence number is a random 32 bit value. The receiver will use this sequence number and sends back an acknowledgment. Protocol analyzers like wireshark will often use a relative sequence number of 0 since it’s easier to read than some high random number.
- Acknowledgment number: this 32 bit field is used by the receiver to request the next TCP segment. This value will be the sequence number incremented by 1.
- DO: this is the 4 bit data offset field, also known as the header length. It indicates the length of the TCP header so that we know where the actual data begins.
- RSV: these are 3 bits for the reserved field. They are unused and are always set to 0.
- Flags: there are 9 bits for flags, we also call them control bits. We use them to establish connections, send data and terminate connections:
- URG: urgent pointer. When this bit is set, the data should be treated as priority over other data.
- ACK: used for the acknowledgment.
- PSH: this is the push function. This tells an application that the data should be transmitted immediately and that we don’t want to wait to fill the entire TCP segment.
- RST: this resets the connection, when you receive this you have to terminate the connection right away. This is only used when there are unrecoverable errors and it’s not a normal way to finish the TCP connection.
- SYN: we use this for the initial three way handshake and it’s used to set the initial sequence number.
- FIN: this finish bit is used to end the TCP connection. TCP is full duplex so both parties will have to use the FIN bit to end the connection. This is the normal method how we end an connection.
- Window: the 16 bit window field specifies how many bytes the receiver is willing to receive. It is used so the receiver can tell the sender that it would like to receive more data than what it is currently receiving. It does so by specifying the number of bytes beyond the sequence number in the acknowledgment field.
- Checksum: 16 bits are used for a checksum to check if the TCP header is OK or not.
- Urgent pointer: these 16 bits are used when the URG bit has been set, the urgent pointer is used to indicate where the urgent data ends.
- Options: this field is optional and can be anywhere between 0 and 320 bits.
User Datagram Protocol (UDP)
- Source Port (UDP packets from a client use this as a service access point to indicate the session on the local client that originated the packet. UDP packets from a server carry the server SAP in this field)
- Destination Port (UDP packets from a client use this as a service access point to indicate the service required from the remote server. UDP packets from a server carry the client SAP in this field)
- UDP length (The number of bytes comprising the combined UDP header information and payload data)
- UDP Checksum (A cheksum to verify that the end to end data has not been corrupted by router or bridge in the network or by the processing in an end system. The algorithm to compute the checksum is the Standard Internet Checksum algorithm. This allows the receiver to verify that it was the intended destination of the packet, because it covers the IP addresses, port numbers and protocol number, and it verifies that the packet is not truncated or padded, because it covers the size field. Therefore, this protects an application against receiving corrupted payload data in place of, or in addition to, the data that was sent. In the cases where this check is not required, the value of 0x0000 is placed in this field, in which case the data is not checked by the receiver.
It provides no three-way handshake, no flowcontrol, no sequencing, and no acknowledgment of data receipt. UDP
essentially forwards the segment and takes no further interest
No comments:
Post a Comment