Overview of TCP/IP Protocols

1
Overview of TCP/IP Protocols

• Computer Network Programming

2
Announcement

• Homework 2 is assigned. You can find it on the
  course web page http//www.cs.bilkent.edu.tr/k
  orpe/cs424.html
• due date is March 6, Wednesday, beginning of
  class.
• If you want to copy the relevant parts of the
  TCP/IP Illustrated book, let me know and I can
  lend you my book. You may need this to obtain
  information about TCP/IP protocols. Textbook does
  not cover the protocols.

3
ICMP - Internet Control Message Protocol

• ICMP protocol is used to communicate errors and
  other conditions that require attention.
• It is used both by computers and routers.
• ICMP messages are usually acted on by either IP
  layer or higher layer protocol (TCP or UDP)
• Some ICMP messages cause errors to be returned to
  the user process.

4
ICMP Messages
IP Header
ICMP Message
20 bytes
1
1 byte
2
type
code
checksum
Content (depends on the type and code fields)
ICMP Message
5
ICMP

• The messages are grouped into two
• Error messages
• A host receiving an error message never replies
  back with an other error message
• Query messages
• A host receiving a query message may reply back
  with an error message.

6
Some ICMP Messages
ICMP Timestamp request and reply ICMP Port
unreachable error ICMP echo
request/reply ping command uses ICMP echo
request message to check whether a remote host
is alive or not.
Type(3)
Code(3)
checksum
Unused (0)
IP Header(with options) 8 bytes of original IP
datagram
7
Specific ICMP Messages
Type 0 Echo reply 3 destination unreachable 4
source quench 5 redirect 8 echo request 9
router advertisement 10 router
solicitation 11 time exceeded 12 parameter
problem 13 timestamp request 14 timestamp
reply 15 information request 16 information
reply 17 address mask request 18 address mask
reply
8
Destination unreachable
Type code 3 0 network unreachable 1 host
unreachable 2 protocol unreachable 3 port
unreachable 4 fragmentation needed but dont
fragment bit set 5 source route failed 6
destination network unknown 7 destination host
unknown 8 source host isolated 9 destination
network administratively prohibited 10
destination host administratively
prohibited 11 network unreachable for TOS 12
host unreachable for TOS 13 communication
administratively prohibited by filtering 14 host
precedence violation 15 precedence cutoff in
effect
9
Transport Layer

• Responsible from demultipling the incoming
  packets into different higher layer applications
• Reliable delivery
• Flow control
• Congestion Control

10
Applications and Transport layer Interaction
application1
application2
applicationN
Programming Interface
Socket API
TCP
UDP
Transport Layer
Socket API provides programming interface to the
applications The applications operate directly
over transport layer (TCP or UDP) and use their
services using the socket programming interface.
Hence we should know the details of the
transport layer well in order to program
correctly and efficiently.
11
UDP User Datagram Protocol

• Simple datagram oriented transport protocol
• Provides no reliability

IP Datagram
UDP datagram
IP Header
UDP Header
UDP Data
20 bytes
8 bytes
- Applications are using the UDP protocol by
socket interface that is provided by the
Operating system. - A UDP datagram that is sent
by the application is put into an exactly one IP
datagram.
12
UDP Header
16 bit source port number
16 bit destination port number
8 bytes
16 bit UDP length
16 bit UDP checksum
Data (if any)
Length field is the size of UDP header UDP data
13

• Port numbers identify the sending process
  (application) and receiving application
• Hence port numbers are used for demultiplexing at
  the destination to different applications
• Checksum is used to integrity check the UDP
  datagram if it is corrupted on the way or not
• it is end-to-end checksum. Intermediate nodes
  dont touch to it.

14
UDP Checksum
UDP pseudo header
Source IP address (32 bit)
Dest IP address (32 bit)
zero
protocol
UDP length
Source port
dest port
UDP header
UDP length
UDP checksum
data
data
Pad byte(0)
Pad byte is used if the size of data is odd
number.
UDP checksum is computed over the fields shown
above.
15
Size of an UDP datagram
Theoretically sizeof max UDP datagram is sizeof
max IP datagram - sizeof IP header - sizeof UDP
header 65535 - 20 - 8 65537. However, some
operating systems limit the size by the socket
API to around 8192 bytes.
16
TCP Transmission Control Protocol

• Connection oriented
• applications using TCP should establish a TCP
  connection before application data is transferred
  over the connection.
• Reliable delivery
• Byte steam oriented
• Provides Flow Control
• Provides Congestion Control

17
Byte stream oriented

• A stream of 8 bit bytes are exchanged across the
  TCP connection between two applications
• There are no record markers inserted by TCP into
  the byte stream
• If application writes 10 bytes followed 50 bytes,
  the receiver will not be able to tell what sizes
  the write operation was at the sender.
• The bytes stream received by the receiving
  application is the same (no reordering) with the
  stream that the sender sent.

18
Reliability

• Application data is broken into TCP segments.
  Each TCP segment is sent using an IP datagram.
• The receiver acknowledges the receipt of the
  segments if it receives it.
• If the sender does not receive an acknowledgment,
  it resends the segment.
• Segments can arrive out of order to the receiver.
  The receiver reorders them before giving to the
  application.

19
Flow Control

• Each end of TCP connection has finite amount of
  buffer space to store the received segmenta.
• The receiving TCP only allows the other end to
  send as much data as the receiver has buffer for.
  
• This prevents a fast host from taking all the
  buffers on a slower host.

20
Congestion Control

• If there is congestion on the intermediate nodes
  (routers), that the packets will be lost.
• The sender TCP detect this, and reacts to the
  losses by decreasing the sending rate (congestion
  window size).
• Thereby the load on the intermediate routers are
  reduced and traffic can continue to flow.
• When the congestion is over, TCP reacts to it by
  increasing the sending rate (congestion window
  size)

21
TCP Header
TCP segment
IP Header
TCP Header
TCP data
20 bytes
20 bytes
IP datagram
16 bit source port number
16 bit destination port number
32 bit sequence number
20 bytes
32 bit acknowledgment number
header length
Reserved 6 bits
16 bit window size
U R G
A C K
P S H
R S T
S Y N
F I N
16 bit TCP checksum
16 bit urgent pointer
Options (if any)
Data (if any)
22
Fields

• Port numbers are used to identify the sending and
  receiving application.
• The two values along with the source and
  destination IP addresses are uniquely identify a
  TCP connection
• Sequence number identifies the byte in the stream
  of data from the sending TCP to the receiving TCP
  that the first byte of data in this segment
  represents
• TCP numbers each byte with a sequence number.
• Wraps around to 0 after reach 232 - 1.
• SYN flag is turned on when a new connection is
  being established and the sequence number will
  contain the initial sequence number (ISN) chosen
  for this connection. SYN flag consumes 1
  sequence number. Hence the first byte of data
  will be assigned a sequence number which is equal
  to ISN 1.

23
Fields

• Acknowledgement (ack) number field contains the
  next sequence number that the sender of ack
  expects to receive. This is therefore the
  sequence number plus 1 of the last successfully
  received byte of data.
• ACK field is turned on when the ack number field
  contains a valid number. It is usually always
  turned on.
• Header length gives the length of the header in
  32-bit words (including the options).
• Window size is used for flow control. It
  indicates the number of bytes that the receiver
  is willing to accept.
• Checksum covers the TCP Header and TCP Data.
• Urgent pointer is used when the sender wants to
  send urgent data.

24
Flags

• URG urgent pointer is valid
• ACK acknowledgement number is valid
• PSH the receiver should pass this data to the
  application as soon as possible
• RST reset the connection
• SYN synchronize sequence numbers to initiate a
  connection.
• FIN the sender is finished sending data.

25
TCP connections

• A TCP connection is full-duplex data can flow in
  each direction independently.
• Therefore sequence number for each direction
  needs to be synchronized and maintained.
• Window size for each direction should be
  maintained and used for flow control
• Popular applications that use TCP are telnet,
  ftp, http, electronic mail (smtp).

26
TCP Connection Establishment and Termination
Three-way handshake
The server must be prepared to accept an incoming
connection. This is done by calling socket, bind
and listen and it is called passive open. The
client issues an active open by calling connect.
This causes a SYN segment to be sent to the
server The server must acknowledge the clients
SYN and must also send its SYN. The client must
acknowledge the servers SYN.
27
client
server
socket connect (blocks) (active open)
socket, bind, listen accept(blocks)
SYN i
ACK i1, SYN j
connect returns
ACK j1
accept returns read (blocks)
28
Connection Termination
One application calls close first and we say that
it performs active close. This ends TCP sends a
FIN segment which means that it finished sending
data. The other end that receives FIN performs
passive close. The received FIN is acknowledged
by TCP. The receipt of the FIN is also passed to
the application as an end-of-file. Sometime
later the application that received the
end-of-file will close its socket. This causes
its TCP to send a FIN. The TCP on the system
that receives this final FIN acknowledges the
FIN.
29
server
client
close active close
FIN M
Passive close read returns 0
ack M1
close
FIN N
ack N1
30
Example

• Establish a telnet connection to the discard port
  on machine aspendos.cs.bilkent.edu.tr
• telnet aspendos.cs.bilkent.edu.tr discard
• to find out the port number corresponding to the
  discard service look to the file /etc/services
• And quit from telnet without sending any data.
• This will cause establishment of a TCP connection
  to aspendos and termination of the TCP connection
  without sending any data

31
Tcp segments on the wire
No. Time Source
Destination Protocol
Info connection establishment starts here 1
0.000000 pckorpe
aspendos.cs.bilkent.edu.tr TCP 3271 gt
discard SYN Seq3835219300 Ack0 Win16384
Len0 2 0.001260 aspendos.cs.bilkent.edu
.tr pckorpe TCP discard gt
3271 SYN, ACK Seq250150548 Ack3835219301
Win8760 Len0 3 0.001299 pckorpe
aspendos.cs.bilkent.edu.tr TCP
3271 gt discard ACK Seq3835219301
Ack250150549 Win17520 Len0 connection
termination starts here 4 8.758093
pckorpe aspendos.cs.bilkent.edu.tr
TCP 3271 gt discard FIN, ACK
Seq3835219301 Ack250150549 Win17520 Len0
5 8.758580 aspendos.cs.bilkent.edu.tr
pckorpe TCP discard gt 3271
ACK Seq250150549 Ack3835219302 Win8760
Len0 6 8.767515 aspendos.cs.bilkent.edu
.tr pckorpe TCP discard gt
3271 FIN, ACK Seq250150549 Ack3835219302
Win8760 Len0 7 8.767604 pckorpe
aspendos.cs.bilkent.edu.tr TCP
3271 gt discard ACK Seq3835219302
Ack250150550 Win17520 Len0
The data length of all segments is zero.
These segments contain only TCP header (no
data).
32
TCP state transition diagram
CLOSED
starting point
applpassive open send nothing
applactive open send SYN
LISTEN
recvSYN, sendSYN,ACK
applclose or timeout
recvRST
simultaneous open
recvSYN sendSYN, ACK
SYN_SENT
SYN_RCVD
recvSYN,ACK sendACK
recvACK sendnothing
ESTABLISHED
CLOSE_WAIT
RecvFIN sendACK
applclose sendFIN
Data transfer state
applclose sendFIN
recvFIN sendACK
FIN_WAIT1
CLOSING
recvACK sendnothing
simultaneous close
LAST_ACK
recvACK sendnothing
recvACK sendnothing
recvFIN, ACK sendACK
passive close
recvFIN sendACK
FIN_WAIT2
TIME_WAIT
active close
33
TIME_WAIT state

• Duration of this state is 2MSL (maximum segment
  life). MSL is the maximum amount of data that an
  IP datagram can live in Internet (since we have a
  TTL field in the IP header).
• MSL value is recommended to be 2 Minutes but some
  implementations use 30 seconds.
• Hence TCP can wait in this state 1-4 minutes.
• Two reasons for having this state
• to implement TCPs full duplex connection
  termination reliably the sender of last ACK
  should wait in order to resend the ACK if the
  receiver did not receive it.
• To allow old duplicate segments to expire in the
  network. We dont allow a new connection with
  same port numbers and IP address in this state.

34
TCP Data Flow

• TCP Interactive data flow
• the user interacts with a server on the remote
  machine, hence the response time should be very
  low.
• telnet, rlogin etc.
• TCP Bulk Data Flow
• ftp, http, etc.
• Throughput is more important than response time.

35
TCP Interactive data flow

• I opened a telnet session to aspendos.cs and I
  just typed
• ls local.cshrc
• Every character that I typed is sent as a
  different TCP segment and the character is also
  echoed back with an other TCP segment.
• If there is no data to send in one direction, the
  ACKs are delayed around 200ms.

36
How telnet works
Screen
Telnet server
shell
Telnet client
network
(tcp connection)
Terminal driver
Terminal driver
keyboard
echo
(pseudo-terminal driver pair)
Computer you use
Remote computer
You type input to the keyboard (you type
commands). The input is transferred over the
network to the shell though telnet server. The
the terminal driver under the shell echos back
every character you type so that you can see
what you type on the screen. Every charcter is
also given to the shell. When you hit enter,
shell executes the command and gives the output
to the screen over the network.
37
TCP Interactive data Flow
77 44.357790 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
m 78 44.358610 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data m
79 44.523858 pckorpe
aspendos.cs.bilkent.edu.tr TCP 4982 gt telnet
ACK Seq1092462175 Ack316432462 Win16796
Len0 80 44.533723 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
o 81 44.534499 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data o
82 44.661754 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
r 83 44.662574 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data r
84 44.701764 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
e 85 44.702544 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data e
86 44.733765 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
ltspacegt 87 44.734574 aspendos.cs.bilkent.ed
u.tr pckorpe TELNET Telnet Data
ltspacegt 88 44.917750 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
l 89 44.918568 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data l
90 45.024578 pckorpe
aspendos.cs.bilkent.edu.tr TCP 4982 gt telnet
ACK Seq1092462180 Ack316432467 Win16791
Len0 91 45.045736 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
o 92 45.046502 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data o
93 45.109786 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
c 94 45.110592 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data c
95 45.173747 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
a 96 45.174554 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data a
97 45.229797 pckorpe
aspendos.cs.bilkent.edu.tr TELNET Telnet Data
l 98 45.230626 aspendos.cs.bilkent.edu.tr
pckorpe TELNET Telnet Data l
99 45.425157 pckorpe
aspendos.cs.bilkent.edu.tr TCP 4982 gt telnet
ACK Seq1092462184 Ack316432471 Win16787 Len0
38
TCP data flow
receiver
sender
segment 1, seqx, datasizen
ack xn
segment 2, seqxn, datasizem
ack xnm
time
39
Retransmissons
receiver
sender
Assume segment gets lost
start timer
segment 1, seqx, datasizen
ack xn
ack would normally come at this time
timer expires retransmit the same segment, star
timer
segment 1, seqx, datasizen
ack xn
stop timer
transmit the next segment, start timer
segment 2, seqxn, datasizem
time
40
Retransmissons
When a segment sent, we start a timer. If timer
expires after some certain amount of time, we
resend the segment. The timer value should be
bigger than the round-trip-time (RTT), so that
we dont resend the segment before the ack comes.
If duplicate segments are received at the
destination, the destination TCP gives only one
copy to the application. If we get an ack for
the segment before timer expires, we stop the
timer and send the next segment.
41
Bulk Data Transfer
If there is data available to send, TCP sends
usually more than one segment at a time without
getting acknowledments. This increases the
throughput of data transfer operation. TCP is
allowed to send as much segments as it is
allowed by the advertised receive window of the
receiver. But it is not a must for the sender to
send that much data.
42
Sliding Window
offered window (advertised by the receiver)
usable window
1 2 3 4 5 6 7 8 9 10 11
12 13 14 15 16 .
Cant send until window moves
Sent but not ACKed
Sent and acknowledged
Can send ASAP
The window close at the left edge (moves to
right) when we send data and receive the
corresponding acknowledgements. The window opens
at the right edge (moves right), allowing us to
send more data. This happens when the receiving
process reads the data from the TCP receive
buffers, hence freeing up space in the TCP
receive buffers.
43
Example FTP transfer
A file is transferred from mendelson.ceng.metu.edu
.tr to pckorpe
time sender
receiver
214 118.621016
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 215 118.814162
pckorpe mendelson.ceng.metu.edu.tr
TCP 1269 gt ftp-data ACK Seq891333048
Ack2363566136
Win17520 Len0 216 118.855262
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 217 118.861184
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 218 118.861239
pckorpe mendelson.ceng.metu.edu.tr
TCP 1269 gt ftp-data ACK Seq891333048
Ack2363569056
Win17520 Len0 219 118.890430
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 220 118.896816
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 221 118.896861
pckorpe mendelson.ceng.metu.edu.tr
TCP 1269 gt ftp-data ACK Seq891333048
Ack2363571976
Win17520 Len0 222 118.902655
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 223 118.902709
pckorpe mendelson.ceng.metu.edu.tr
TCP 1269 gt ftp-data ACK Seq891333048


Ack2363573436 Win17520 Len0 224
118.927645 mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 225
118.933468 mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 226
118.933507 pckorpe
mendelson.ceng.metu.edu.tr TCP 1269 gt
ftp-data ACK Seq891333048


Ack2363576356 Win17520 Len0 227 118.939907
mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 228 118.939975
pckorpe mendelson.ceng.metu.edu.tr
TCP 1269 gt ftp-data ACK Seq891333048


Ack2363577816 Win17520 Len0 229
118.945714 mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 230
118.951776 mendelson.ceng.metu.edu.tr pckorpe
FTP-DATA FTP Data 1460 bytes 231
118.951827 pckorpe
mendelson.ceng.metu.edu.tr TCP 1269 gt
ftp-data ACK Seq891333048


Ack2363580736 Win17520 Len0
44
Example
file transfer
Mendelson
pckorpe
Segment 1, size 1460, seq 64676
ack 66136 (64676 1460)
Segment 2, size 1460, seq 66136
Segment 3, size 1460, seq 67596
ack 69056
Segment 4, size 1460, seq 69056
Segment 5, size 1460, seq 70516
...
Time
45
Acks

• Usually acks are sent every two segment
• Acks are cumulative we acknowledge all the data
  that is received so far.
• If we receive 2 segments, for example, we
  acknowledge them in one ACK packet.

46
Application Protocols

• DNS domain name system
• SNMP simple network management protocol
• SMTP simple mail transfer protocol
• HTTP hypertext transfer protocol

47
DNS
You access a web page www.cnn.com from your
browser. You dont know the IP address of CNN web
server. People dont like to use IP address in
their application, instead they use hostname or
domain names which are more meaningful, easy to
remember and user friendly then the IP addresses.
Your browser needs to establish a TCP
connection to www.cnn.com to fetch the requested
page But TCP does not know anything about names
like www.cnn.com. It only uses IP addresses.
Hence your browser should supply to TCP the
corresponding IP address for www.cnn.com. Your
browser contact a domain name server to find out
the IP address corresponding to domain name (or
hostname) www.cnn.com That is why we need a
protocol to talk to domain name servers in
order to get the IP addresses corresponding to
hostnames.
48
DNS name space
Unnamed root
..
...
arpa
com
edu
gov
tr
ae
umd
zone (provide multiple name servers for the zone)
ibm
in-addr
139
zone
cs
www
www.ibm.com
179
oreo
10
oreo.cs.umd.edu
6
6.10.179.139.in-addr.arpa (used for IP address to
Name mapping)
49
Characteristics of DNS

• Hierarchical naming scheme
• Delegation of authority for names
• Distributed databases of name to address mappings
• Each name authority must provide at least two
  name servers for their domain. One is primary,
  other is secondary

Authoritive server
Root server
Resolver on a computer is responsible for
contacting the name server for clients.
zoneumd.edu
Primary server
Secondary server
Receives mappings
zone cs.bilkent.edu.tr
Disk file for name to IP addr mappings
resolver
/etc/resolv.conf file keeps the names of the name
servers
client
50
DNS Message Format
0 16
31
identification
flags
mumber of questions
number of answer RRs
number of authority RRs
number of additional RRs
questions
answers (variable number of resouce records)
authority (variable number of resource records)
additional information (variable number of
resource records)
51
flags
QR
opcode
AA
TC
RD
RA
zero
rcode
1 4 1
1 1 1 3
4
QR 0 - query, 1 - response opcode 0 -
standard query, 1 - inverse query, 2 - server
status request AA if set means authoritive
answer TC if set message is truncated RD if set
means recursion desired (otherwise iterative
query is desired) RA if set means that recursion
is available rcode return code. 0 - no error, 3
- name error.
52
Question Portion
0 16
31
Query name
Query type
Query class
3 w w w 7 b i l k e n t 3 e d u 0
Query name format
count
Name Numeric Value
Description A 1 IP addressNS 2
Name ServerCNAME
5 Canonical
NamePTR 12
Pointer RecordHINFO 13
Host Info MX 15
Mail Exchange Record
53
Resource Record
0
16 31
(bit number)
Domain name (same format with query name)
type
class
Time-to-live
Resource data length
Resource data
Resource data depends on the type it can be IP
address or domain name etc. Time-to-live
specifies about how long the info will be cached
in the client Type field is similar to the
corresponding field in the Question Class is
usually 1 for Internet data
54
Example
I am running the command nslookup on my machine
to find out the IP address of IBM Researchs web
server. nslookup www.research.ibm.com
My PC
Name Server
DNS Query DNS Response
resolver
dormns.dorm.bilkent.edu.tr
DNS Messages on the wire
1 0.015834 IBRAHIM
dormns.dorm.bilkent.edu.tr DNS Standard
query A www.research.ibm.com 2 0.621692
dormns.dorm.bilkent.edu.tr IBRAHIM
DNS Standard query response CNAME


researchweb.watson.ibm.com A 198.81.209.3
It takes around 500ms to get the answer
55
Content of the answer
Domain Name System (response) Transaction ID
0x0002 Flags 0x8580 (Standard query
response, No error) Questions 1 Answer RRs
2 Authority RRs 4 Additional RRs 4
Queries www.research.ibm.com type A,
class inet Name www.research.ibm.com
Type Host address Class
inet Answers www.research.ibm.com
type CNAME, class inet, cname researchweb.watson.i
bm.com Name www.research.ibm.com
Type Canonical name for an alias
Class inet Time to live 10
minutes Data length 21
Primary name researchweb.watson.ibm.com
researchweb.watson.ibm.com type A, class inet,
addr 198.81.209.3 Name
researchweb.watson.ibm.com Type Host
address Class inet Time
to live 10 minutes Data length 4
Addr 198.81.209.3 (answer we want)
.. ( I truncated the output)
56
Pointer Queries
Problem Given IP address find the domain
name. When an organization joins internet and
obtains authorithy for a portion of the DNS name
space such as bilkent.edu, it also
obtains authorith for a portion of in-addr.arpa
address space, for example 179.139.in-addr.arpa
Hence, when we want the domain name of an IP
address in the 179.139.in-addr.arpa space, the
name servers in Bilkent are contacted. The name
servers in Bilkent know the mapping from IP
address in their domain to their corresponding
domain names.
57
Example
Execute command nslookup 128.8.192.2 on mypc.
Query 128.8.192.2
dormns.dorm.bilkent.edu.tr
nslookup
Local name server
Root server
mypc
Learn about authoritive server
Response ringding.cs.umd.edu
Authoritive server in Maryland, USA
bozo.cs.umd.edu auhoritive server for
192.8.128.in-addr.arpa domain
58
Caching
The local name server caches the answers it found
by querying the authoritive servers
Execute command nslookup ftp.cs.berkeley.edu 2
times on mypc
1st query
mypc
Local name server
Cache
2nd query
1st query
2nd query is satisfied from cache at the local
server.
Authoritive server
vangough.cs.berkeley.edu
59
Caching
DNS query/response on the wire
No. Time Source
Destination Protocol
Info 1st query 1 0.009440 IBRAHIM
dormns.dorm.bilkent.edu.tr DNS Standard
query A ftp.cs.berkeley.edu 2 0.653475
dormns.dorm.bilkent.edu.tr IBRAHIM
DNS Standard query response CNAME
cs3.CS.Berkeley.EDU A 169.229.60.64
2nd query 3 4.202641 IBRAHIM
dormns.dorm.bilkent.edu.tr DNS
Standard query A ftp.cs.berkeley.edu 4
4.204053 dormns.dorm.bilkent.edu.tr IBRAHIM
DNS Standard query response
CNAME cs3.cs.berkeley.edu A 169.229.60.64
1st Query The response comes about in 650
ms. 2nd Query The response comes about in 2 ms
(it is satisfied from local
name server cache). The time-to-live field in
the DNS response packet says that the entry will
stay in the cache for about 24 hours.
60
Caching
Some client systems may store the domain-name to
IP-address mapping locally hence they dont need
to go to the local DNS server all the time.
Windows does it for example. If you connect a
web server using web browser and then then
issue a ping command to that web server, the DNS
server is contacted only once -- when
you connected to the web server using the
browser. Windows store the mapping afterwards,
hence ping command uses this cached mapping to
resolve the webserver-name to its IP address (it
does not send a query to the name
server) nslookup command always sends query to
the name server (may be it is not using the
standard resolver).
61
Sockets
62
Port Numbers
Applications are assinged port numbers so that
TCP can demultiplex the packets into different
applications When a client wants to communicate
with a server, the client must identify the
server. We have well-known port numbers to
identify well-known services FTP 21 TFTP
69 /etc/services file gives the assigned port
numbers to well-known s ervices You can also
obtain information from ftp//ftp.isi.edu/in-not
es/iana/assignments/port numbers
63
Port numbers
Port number range (0-65535) is divided into three
ranges well-know ports 0 - 1023 These ports are
assigned by IANA Internet Assigned Numbers
Authority registered ports 1024 - 49151 IANA
does not control them but lists them for users
convenience. For example 6000 for
X-servers dynamic or private ports 49152 -
65535 IANA does not say a anything about these
ports.
64
Sockets
The endpoints in TCP and UDP that is used to send
and receive data is called sockets We need to
use a different socket for every different
connection. A socket refers to the IP address
and Port number which are used to identify an
endpoint. A TCP connection will have 2
endpoints one at the local machine, one at the
remote machine. The 4-tuple that defines these
two endpoints is called socketpair local IP
address, local TCP port, foreign IP address,
foreign TCP port Socketpair concept can also be
used for UDP and UDP ports.
65
TCP Port Numbers and Concurrent Servers
206.62.226.35 206.62.226.66
Multihomed machine
server
.21, .
Listening socket
TCP server with a passive open on port 21
206.62.226.35 206.62.226.66
198.69.10.2
Connection request to 206.62.226.35, port 21
client
server
.21, .
198.69.10.2.1500, 206.62.226.35.21
Listening socket
Connection request from client to server
66
concurrent servers
206.62.226.35 206.62.226.66
198.69.10.2
client
server
.21, .
198.69.10.2.1500, 206.62.226.35.21
listening socket
connection
server (child)
206.62.226.35.21, 198.69.10.2.1500
connected socket
concurrent server has child handle request
67
198.69.10.2
client
server
.21, .
198.69.10.2.1500, 206.62.226.35.21
listening socket
connection
server (child)
client
206.62.226.35.21, 198.69.10.2.1500
198.69.10.2.1501, 206.62.226.35.21
connected socket
connection
server (child)
206.62.226.35.21, 198.69.10.2.1501
connected socket
Second client connection with the same server
TCP must look at all four elements in the socket
pair to determine which endpoint receives an
arriving segment
68
Buffer sizes and limitations
Maximum size of an IPv4 datagram is 65535
including the header Many networks have an MTU
(maximum transmission unit) which can be
dictated by the hardware for example Ethernet
MTU is 1500 byte and PPP MTU is be
configurable The smallest MTU between two hosts
is called path MTU. When an IP datagram is to
be sent out an interface, if the size of
the datagram exceeds the link MTU, fragmentation
is performed on the IP datagram. The fragments
are assembled only at the destination. IP
defines a minimum reassembly buffer size the
minimum datagram size that we are guaranteed any
implementation must support it is 576 bytes.
TCP has an MSS (maximum segment size) option
that announces to the peer TCP the maximum amount
of TCP data the peer can send per segment (it is
announced as a TCP option in the SYN segment) .
It is usually set to link MTU minus the fixed
sizes of IP and TCP headers. (for
ethernet1500-401460)
69
TCP Output
Buffers and steps involved when application
writes to TCP socket. Application can write
(send) data of any size to the TCP layer.
However, the write (send) operation will block if
the size of the data is greater than the size of
the socket send buffer.Then application will wait
on write operation until data is sent by TCP and
more space is available in the socket send
buffer.
Application
application buffer (any size)
user process
kernel
So, it is not an error condition to write data
to the TCP layer that is more than the socket
send buffer (TCP send buffer) size. The write
opera- tion will just block.
TCP
socket send buffer (SO_SNDBUF)
MSS-sized TCP segments (MSS lt MTU - 40)
IP
MTU-sized IP packets
output queue
datalink
70
UDP Output
Application
application buffer (any size)
user process
kernel
UDP
socket send buffer (SO_SNDBUF)
UDP datagram
There is actually no send buffer. UDP does
not keep datagrams for retransmissions
IP
MTU-sized IP packets
output queue
datalink
71
Common Internet Applications
Application IP ICMP UDP TCP ping
x traceroute x OSPF (routing
protocol) x RIP (routing protocol)
x BGP (routing protocol)
x BOOTP
x DHCP x NTP
x TFTP x SNMP

x SMTP
x telnet x FTP
x HTTP x NNTP
x DNS x
x NFS x x Sun RPC
x x
72
Tools/Commands for Troubleshooting
arp display, modify the ARP cache netstat give
information about the current TCP connections on
the computer, display the routing table ifconfig
display and configure the network interfaces of
the computer ping test a remote host is up
or not, measure the round-trip-time to a
remote host traceroute list the routers on the
path to a destination tcpdump capture all the
packets on the connected link nslookup give the
domain name - IP address mapping truss trace
system calls gprof measure how much time is
spent in each function