Semester 2 Module 10 Intermediate TCPIP

1
Semester 2 Module 10 Intermediate TCP/IP

• Yuda college of business
• James Chen
• ydjames_at_ydu.edu.tw

2
Outline

• TCP Operation
• Overview of Transport Layer Ports

3
TCP operation

• IP addresses allow for the routing of packets
  between networks.
• However, IP makes no guarantees about delivery.
• The transport layer is responsible for the
  reliable transport of and regulation of data flow
  from source to destination.
• This is accomplished using sliding windows and
  sequencing numbers along with a synchronization
  process that ensures each host is ready and
  willing to communicate.

4
(No Transcript)
5
Synchronization or 3-way handshake

• This is a three-step process that establishes the
  virtual connection between the two devices. 
• First, one host initiates a connection by sending
  a synchronization (SYN) packet indicating its
  initial sequence number of x with a certain bit
  in the header set to indicate a connection
  request. This bit is set in the acknowledgment
  number field of the TCP header (also referred to
  as the code field). 
• Second, the other host receives the packet,
  records the sequence number of x, replies with an
  acknowledgment of x 1, and includes its own
  initial sequence number of y. The acknowledgment
  number of x 1 means the host has received all
  octets up to and including x, and is expecting x
  1 next.
• Finally, the initiating host responds with a
  simple acknowledgment (ACK) of y 1 (host Bs
  sequence number 1), indicating it received the
  previous ACK which finalizes the connection
  process.

6
(No Transcript)
7
Denial of service attacks

• Denial of service (DoS) attacks are designed to
  deny services to legitimate hosts attempting to
  establish connections.
• DoS attacks are a common method that hackers
  utilize to halt system response.
• One type of DoS is known as SYN flooding.
• SYN flooding exploits the normal three-way
  handshake and causes targeted devices to ACK to
  source addresses that will not complete the
  handshake.

8
(No Transcript)
9
Windowing and window size

• Window size determines the amount of data that
  can be transmitted at one time before receiving
  an acknowledgment from the destination.
• After a host transmits the window-sized number of
  bytes, the host must receive an acknowledgment
  that the data has been received before it can
  send any more data.
• For example, with a window size of 1, each
  individual segment must be acknowledged before
  sending the next segment.

10
(No Transcript)
11

• TCP utilizes a sliding window when determining
  transmission size.
• A sliding window allows for devices to negotiate
  a window size to allow for more than one byte to
  be sent during a single transmission.
• This sliding window also allows the destination
  device to indicate to the source a need to
  decrease or increase the amount of data being
  sent because it is incapable at that time of
  dealing with that much data.

12
(No Transcript)
13
Sequencing numbers

• TCP applies sequence numbers to the data segments
  it is transmitting so that the receiver will be
  able to properly reassemble the bytes in their
  original order.
• Sequencing numbers indicate to the destination
  device the correct order in which to put the
  bytes when they are received.
• These sequencing numbers also act as reference
  numbers so that the receiver will know if it has
  received all of the data.
• They also identify the missing data pieces to the
  sender so it can retransmit the missing data.
• This offers increased efficiency since the sender
  only needs to re-transmit the missing segments
  instead of the entire set of data.

14
(No Transcript)
15
Positive ACK

• Acknowledgement is a common step in the
  synchronization process which includes sliding
  windows and data sequencing.
• TCP utilizes positive acknowledgment and
  retransmission to control data flow and confirm
  data delivery.
• Positive acknowledgment and retransmission (PAR)
  is a common technique many protocols use to
  provide reliability.
• With PAR, the source sends a packet, starts a
  timer, and waits for an acknowledgment before
  sending the next packet.
• If the timer expires before the source receives
  an acknowledgment, the source retransmits the
  packet and starts the timer over again.

16

• Windowing is a flow control mechanism requiring
  that the source device receive an acknowledgment
  from the destination after transmitting a certain
  amount of data.
• With a window size of three, the source device
  can send three octets to the destination.
• It must then wait for an acknowledgment.
• If the destination receives the three octets, it
  sends an acknowledgment to the source device,
  which can now transmit three more octets.

17

• If, for some reason, the destination does not
  receive the three octets, possibly due to
  overflowing buffers, it does not send an
  acknowledgment.
• Because the source does not receive an
  acknowledgment, it knows that the octets should
  be retransmitted and that the transmission rate
  should be slowed.

18
UDP operation

• TCP must be used when applications need to
  guarantee that a packet arrives intact(???), in
  sequence, and unduplicated.
• UDP does not use windowing or acknowledgments so
  application layer protocols must provide error
  detection.

19
Outline

• TCP Operation
• Overview of Transport Layer Ports

20
Multiple conversations between hosts

• If a server is running both SMTP and WWW, it uses
  the destination port field to determine what
  service the source is requesting.
• A port number must be associated with the
  conversation between hosts to ensure that the
  packet reaches the appropriate service on the
  server.
• Without a way to distinguish between different
  conversations, the client would be unable to send
  both an email and browse a web page, using one
  server at the same time.

21
(No Transcript)
22

• Port numbers have the following assigned ranges
• Numbers below 255 are reserved for public
  applications
• Numbers from 255-1023 are assigned to companies
  for marketable applications
• Numbers above 1023 are unregulated

23

• End systems use port numbers to select proper
  applications.
• Source port numbers are dynamically assigned by
  the originating host, and are usually a number
  larger than 1023.
• Port numbers in the range of 0-1023 are
  controlled by the Internet Assigned Numbers
  Authority.

24
Ports for services

• Some ports, defined in RFC 1700 are known as the
  well-known ports, and reserved in both TCP and
  UDP.
• These well-known ports define applications that
  run above the transport layer protocols.

25
(No Transcript)
26
Ports for clients

• In general, a client determines the source port
  by randomly assigning a number above 1023.
• For instance, a client attempting to communicate
  with a web server uses TCP and assigns the
  destination port as 80 and the source port as
  1045.
• When the packet arrives at the server, it passes
  up to the transport layer and eventually to the
  HTTP service which operates at port 80.
• The HTTP server responds to the clients request
  with a segment which uses port 80 as the source
  and 1045 as the destination.
• In this way, clients and servers use ports to
  distinguish what process the segment is
  associated with.

27
Port numbering and well-known port numbers

• Port numbers are represented by 2 bytes in the
  header of a TCP or UDP segment.
• This 16-bit value can result in port numbers
  ranging from 0 to 65535.
• These port numbers are divided into three
  different categories well-known ports,
  registered ports, and dynamic or private ports.

28
Example of multiple sessions between hosts

• Port numbers are used to track multiple sessions
  that can occur between hosts.
• The source and destination port numbers combine
  with the network address to form a socket.
• A pair of sockets, one on each host, forms a
  unique connection.
• For instance, a host might have a telnet
  connection, port 23, while at the same time be
  surfing the net, port 80.
• The IP and the MAC addresses would be the same
  because the packets are coming from the same
  host.

29
Comparison of MAC addresses, IP addresses, and
port numbers

• These three methods of addressing are often
  confusing, but this can be avoided if the
  addresses are explained in reference to the OSI
  model.
• Port numbers are located at the transport layer
  and are serviced by the network layer.
• The network layer assigns the logical address (IP
  address) and is then serviced by the data link
  layer which assigns the physical address (MAC
  address).