Transport layer protocols tcp and udp
This presentation is the property of its rightful owner.
Sponsored Links
1 / 21

Transport Layer Protocols TCP and UDP PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on
  • Presentation posted in: General

Transport Layer Protocols TCP and UDP. Applications. Packet. Packet. TCP. UDP. Packet. Packet. IP. Packet. Hardware. Transport Control Protocols.

Download Presentation

Transport Layer Protocols TCP and UDP

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Transport layer protocols tcp and udp

Transport Layer Protocols TCP and UDP


Transport control protocols

Applications

Packet

Packet

TCP

UDP

Packet

Packet

IP

Packet

Hardware

Transport Control Protocols

  • The function of the Transport Layer is to insure packets have no errors and that all packets arrive and are correctly reassembled. Two protocols are used:

  • User Datagram Protocol.

    • Provides unreliable, connectionless delivery service using Internet Protocol.

    • Application programs utilizing UDP accepts full responsibility for packet reliability including message loss, duplication, delay, out of sequence, multiplexing and connectivity loss.

  • Transmission Control Protocol.

    • Provides a reliable, connection delivery service using Internet Protocol.

    • It provides reliable packet delivery, packet sequencing, error control, multiplexing.

TCP and UDP pass IP packets to the applications

L.Krist NVCC


Connectionless vs connection oriented protocols

Connectionless vs Connection-oriented Protocols

  • Connection-oriented – Two computers connect before sending any data, sender lets receiver know that data is on the way; recipient acknowledges receipt of data (ACK) or denies receipt (NACK). The ACKing and NACKing is called handshaking. (Type supported by TCP). Reliable, but carries overhead burden.

  • Connectionless – Computers involved know nothing about each other or the data being sent. Makes no attempt to cause networks senders and receivers to exchange information about their availability or ability to communicate with one another, “best effort” delivery. (Type supported by IP, UDP). Not reliable, but faster and may be good enough. Also upper layer apps may worry about errors and reliability processing, so no need to do it twice.

L.Krist NVCC


Transport layer ports

Transport Layer Ports

  • Port numbers are used to keep track of different conversations that cross the network at the same time.

  • Port numbers identify which upper layer service is needed, and are needed when a host communicates with a server that uses multiple services.

  • Both TCP and UDP use port numbers to pass to the upper layers.

  • Port numbers have the following ranges:

    • 0-255 used for public applications, 0-1023 also called well-known ports, regulated by IANA.

    • Numbers from 255-1023 are assigned to marketable applications

    • 1024 through 49151 Registered Ports, not regulated.

    • 49152 through 65535 are Dynamic and/or Private Ports .

L.Krist NVCC


Some well known tcp ports

Some Well-Known TCP Ports

PortApplicationDescription

9DiscardDiscard all incoming data port

7EchoEcho

19ChargenExchange streams of data port

20FTP-DataFile transfer data port

21FTP-CMDFile transfer command port

23TelnetTelnet remote login port

25SMTPSimple Mail Transfer Protocol port

53DOMAINDomain Name Service

79FingerObtains information about active users

80HTTPHypertext Transfer Protocol port

88KerberosAuthentication Protocol

110POP3PC Mail retrieval service port

119NNTPNetwork news access port

161SMTPNetwork Management

179BGPBorder Gateway Protocol

513RloginRemote Login In

L.Krist NVCC


Ports for clients

Source Port

Destination Port

1. Client requests a web page from server

2. Server responds to client

Ports for Clients

  • Clients and servers both use ports to distinguish what process each segment is associated with.

  • Source ports, which are set by the client, are determined dynamically, usually a randomly assigned a number above 1023.

1032

80

80

1032

L.Krist NVCC


Protocols and port numbers

Protocols and Port Numbers

APPLICATION

LAYER

Telnet

Source Port 5512

Destination Port

23

TRANSPORT

LAYER

TCP Header

NETWORK

LAYER

6

IP Header

Source IP Address; 128.66.12.2

Destination IP Address; 128.66.13.1

ETHERNET

DATA LINK

LAYER

IP

HEADER

TCP

HEADER

SOURCE ADDR

00 00 1B 09 08 07

DESTINATION ADDR

00 00 1B 12 23 34

FIELD

TYPE

PREAMBLE

FCS

DATA

L.Krist NVCC


Protocols and port numbers1

Protocols and Port Numbers

APPLICATION

LAYER

TFTP

Source Port 5512

Destination Port

69

TRANSPORT

LAYER

UDP

NETWORK

LAYER

IP Header

17

Source IP Address; 128.66.12.2

Destination IP Address; 128.66.13.1

ETHERNET

DATA LINK

LAYER

IP

HEADER

TCP

HEADER

SOURCE ADDR

00 00 1B 09 08 07

DESTINATION ADDR

00 00 1B 12 23 34

FIELD

TYPE

PREAMBLE

FCS

DATA

L.Krist NVCC


Tcp operation

TCP Operation

  • TCP is a connection-oriented protocol.

  • TCP provides the following major services to the upper protocol layers:

    • Connection-oriented data management to assure the end-to-end transfer of data across the network(s).

    • Reliable data transfer to assure that all data is accurately received, in sequence and with no duplicates.

    • Stream-oriented data transfer takes place between the sender application and TCP and the receiving application and TCP.

      • To stream is to send individual characters not blocks or frames.

  • Prior to data transmission, hosts establish a virtual connection via a synchronization process. The synch process is a 3-way “handshake”, which ensures both sides are ready to transfer data and determines the initial sequence numbers.

  • Sequence numbers give hosts a way to acknowledge what they have received. TCP header contain SYN bits, or flags, to achieve this.

L.Krist NVCC


Tcp synchronization or 3 way handshake

Receive SYN

Seq = x

Receive SYN

Seq = y

ACK = x + 1

Receive ACK

ACK = y + 1

TCP Synchronization or 3-Way Handshake

TCP is a connection oriented protocol. Communicating hosts go through a synchronization process to establish a virtual connection. This synchronization process insures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers.

Sequence numbers are reference numbers between the two devices.

The sequence numbers give each host a way to ACK the SYN, so the receiver knows which connection request the sender is responding to.

Send SYN

Seq = x

Send SYN

Seq = y

ACK = x + 1

Send ACK

ACK = y + 1

L.Krist NVCC


Denial of service attacks

Receive SYN

Send SYN

Send SYN

Send SYN

Send SYN

Send SYN

Denial of Service Attacks

DoS attacks are designed to deny services to legitimate users.

DoS attacks are used by hackers to overwhelm and crash systems.

SYN flooding is a DoS attack that exploits the three way handshake.

  • Hacker initiates a SYN but spoofs the source IP address.

  • Target replies to the unreachable IP address and waits for final ACK.

Send SYN

  • Hackers floods target with false SYN requests tying up its connection resources, preventing it from responding to legitimate connection requests.

Send SYN/ACK

To defend against these attacks, decrease the connection timeout period and increase the connection queue size. Software also exists that can detect these types of attacks and initiate defensive measures.

L.Krist NVCC


Tcp windows and flow control

TCP Windows and Flow Control

  • Data often is too large to be sent in a single segment. TCP splits the data into multiple segments.

  • TCP provides flow control through “windowing” to set the pace of how much data is sent at a time – IE how many bytes per window, and how many windows between ACKs.

Window Size = 3

Window Size = 1

L.Krist NVCC


Windowing and window size

Windowing and Window Size

Window size determines the amount of data that you can transmit before receiving an acknowledgment. This is how TCP assists in congestion control.

Fast enough for you?

I didn’t get all of that, slow down.

Sliding window refers to the fact that the window size is negotiated dynamically during the TCP session.

Expectational acknowledgment means that the acknowledgment number refers to the octet that is next expected.

If the source receives no acknowledgment, it knows to retransmit at a slower rate.

L.Krist NVCC


Sequence and ack numbers

Sequence and ACK Numbers

  • Each TCP segment is numbered before transmission so that the receiver will be able to properly reassemble the bytes in their original order.

  • They also identify missing data pieces so the sender can retransmit them.

  • Only the missing segments need to be re-transmitted.

Positive Acknowledgement and Retransmission

TCP utilizes PAR to control data flow and confirm data delivery.

  • Source sends packet, starts timer, and waits for ACK.

  • If timer expires before source receives ACK, source retransmits the packet and restarts the timer.

L.Krist NVCC


Tcp encapsulation

TCP Encapsulation

0 15 16 31

HLEN

Total Length

TOS

VERS

4 bits

4 bits

8 bits

16 bits

Fragment Offset

Identification

Flags

13 bits

16 bits

3 bits

TTL

Protocol

Checksum

8 bits

16 bits

8 bits

IP Header

Source IP Address

32 bits

Destination IP Address

32 bits

IP Options(if any)

32 bits

Destination Port

Source Port

IP Datagram

16 bits

16 bits

Sequence Number

32 bits

Acknowledgement Number

32 bits

TCP Header

Offset

Reserved

Receive Window Size

A

P

F

R

U

S

6 bits

4 bits

16 bits

Urgent Pointer

Checksum

16 bits

16 bits

Options (if any)

TCP Data (if any)

ETHERNET

DESTINATION

ADDRESS

SOURCE

ADDRESS

FIELD

TYPE

IP

HEADER

TCP

HEADER

DATA

PREAMBLE

FCS

0-65535

L.Krist NVCC

2

4

8

6

6


Tcp segment format

TCP Segment Format

Number of the calling port

Number of the called port

Used to ensure correct sequencing of the arriving data

Next expected TCP octet

Number of 32-bit words in the header

set to zero

Control setup and termination of session

Number of octets sender is willing to accept

Indicates the end of the urgent data

Upper layer protocol data

L.Krist NVCC


Details on tcp fields

Details on TCP Fields

  • Sequence Number. TCP numbers each byte in the TCP data with a sequence number.

    • The sequence number identifies the first byte in the data segment being transmitted from the sending TCP to the receiving TCP.

  • Acknowledgement Number. The acknowledgement number contains the next sequence number the receiving station (sending the acknowledgement) expects to receive. The Acknowledgement flag is set.

    • Offset. It is perhaps more descriptive to call this field the TCP Header Length. This field is required because the length of the options field is variable.

    • It indicates where the TCP header ends and the data begins. The header is 20 bytes without the options field.

  • Reserved. This field is reserved for future use and is set to zero.

  • TCP software uses the 6 Code Bits to determine the purpose and contents of the segment.

    • Urg This flag indicates that this segment contains an Urgent pointer field. The Urgent Pointer field is explained below. 1 = Urgent, 0 = Not Urgent.

    • Ack This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0 = No Ack.

    • Psh The segment requests a Push. TCP software usually gathers enough data to fill the transmit buffer prior to transmitting the data. 1 = Push, 0 = No Push. If an application requires data to be transmitted even though a buffer may not be full then a PUSH flag bit is set. At the receive side the PUSH makes the data available to the application without delay.

    • Reset This field will Reset the connection. 1 = Reset, 0 = No Reset.

    • Syn This flag field is used to Synchronize sequence numbers to initiate a connection. 1 = Syn, 0 = No Syn

    • Fin The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 = No Fin.

  • Urgent Pointer. This field presents a way for the sender to transmit emergency data to the receiver. The URG flag must be set.

    • The Urgent Pointer is a 16 bit positive offset that is added to the sequence number field in the TCP header to obtain the sequence number of the last byte of the urgent data.

    • The application determines where the urgent data starts in the data stream.

    • The field is normally used by the application to indicate the pressing of an interrupt key during Telnet/Rlogin or a file transfer abort during FTP.

L.Krist NVCC


Udp tcp operation comparison

UDP/TCP Operation Comparison

  • There are two protocols at Layer 4 – TCP and UDP. Both TCP and UDP use IP as their underlying protocol.

  • TCP must be used when applications need to guarantee the delivery of a packet. When applications do not need a guarantee, UDP is used.

  • UDP is often used for applications and services such as real-time audio and video. These applications require less overhead. They also do not need to be re-sequenced since packets that arrive late or out of order have no value.

UDP segment format

L.Krist NVCC


User datagram protocol

User Datagram Protocol

0 15 16 31

UDP Source Port

UDP Destination Port

  • UDP is a connectionless, unreliable Transport level service protocol. It is primarily used for protocols that require a broadcast capability, i.e RIP.

  • It provides no packet sequencing, may lose packets, and does not check for duplicates.

    • It is used by applications that do not need a reliable transport service.

    • Application data is encapsulated in a UDP header which in turn is encapsulated in an IP header.

  • UDP distinguishes different applications by port number which allows multiple applications running on a given computer to send /receive datagrams independently of one another.

UDP Message Length

UDP Checksum

Data

. . .

ETHERNET

FCS

FIELD

TYPE

DESTINATION

ADDRESS

IP HEADER

SOURCE

ADDRESS

UDP DATAGRAM

PREAMBLE

8-1500

2

4

8

6

6

L.Krist NVCC


Udp port numbers

UDP Port Numbers

Echo7Echo user datagram back to user

Discard9Discard user datagrams

Daytime13Report time in a user friendly fashion

Quote17Return "Quote of the day"

Chargen19Character generator

Nameserver53Domain Name Server

Sql-Net66Oracle Sequel Network

BOOTPS67Server port to download configuration information

BOOTPC68Client port to receive configuration information

TFTP69Trivial File Transport Protocol

POP3110Post Office Protocol - V3

SunRPC111Sun Remote Procedure Call

NTP123Network Time Protocol

SNMP161Used to receive network management queries

SNMP-trap162Used to receive network problem reports.

IRC194Internet Relay Chat

IPX213IPX - IP Tunneling

SysLog514System Log

RIP520Routing Information Protocol

NFS2049Network File Service

L.Krist NVCC


Packet analysis

Packet Analysis

Ethereal and dns-moviefone.pkt trace

L.Krist NVCC


  • Login