Transcript unit 4x

Unit 4: Transport protocols
Describe the functions of TCP and UDP
• Transmission control protocol (TCP) is a network
communication protocol designed to send data packets
over the Internet.
• TCP is a transport layer protocol in the OSI layer and is
used to create a connection between remote computers
by transporting and ensuring the delivery of messages
over supporting networks and the Internet.
• For example, when a Web server sends anHTML file to a client,
it uses the HTTP protocol to do so. The HTTP program layer
asks the TCP layer to set up the connection and send the file.
• The TCP stack divides the file into packets, numbers them and
then forwards them individually to the IP layer for delivery.
Although each packet in the transmission will have the same
source and destination IP addresses, packets may be sent
along multiple routes.
• The TCP program layer in the client computer waits until all of
the packets have arrived, then acknowledges those it receives
and asks for the retransmission on any it does not (based on
missing packet numbers), then assembles them into a file and
delivers the file to the receiving application.
Functions of TCP
• TCP is a connection-oriented protocol, which means a connection
is established and maintained until the application programs at
each end have finished exchanging messages.
• It determines how to break application data into packets
that networks can deliver, sends packets to and accepts packets
from the network layer, manages flow control, and—because it is
meant to provide error-free data transmission—handles
retransmission of dropped or garbled packets as well as
acknowledgement of all packets that arrive.
• In the Open Systems Interconnection (OSI) communication model,
TCP covers parts of Layer 4, the Transport Layer, and parts of Layer
5, the Session Layer.
• Transmission Control Protocol is one of the most used
protocols in digital network communications and is part of the
Internet protocol suite, commonly known as the TCP/IP suite.
• TCP works in collaboration with Internet Protocol, which
defines the logical location of the remote node, whereas TCP
transports and ensures that the data is delivered to the
correct destination.
User Datagram Protocol (UDP) is part of the Internet Protocol
suite used by programs running on different computers on a
network. UDP is used to send short messages called datagrams
but overall, it is an unreliable, connectionless protocol. UDP is
officially defined in RFC 768 and was formulated by David P. Reed.
Functions of UDP:
• User datagram protocol is an open systems interconnection
(OSI) transport layer protocol for client- server network
applications. UDP uses a simple transmission model but does
not employ handshaking dialogs for reliability, ordering and
data integrity.
• The protocol assumes that error-checking and correction is
not required, thus avoiding processing at the network
interface level.
• UDP is widely used in video conferencing and real-time
computer games. The protocol permits individual packets to
be dropped and UDP packets to be received in a different
order than that in which they were sent, allowing for better
performance.
• UDP network traffic is organized in the form of datagrams, which
comprise one message units. The first eight bytes of a datagram
contain header information, while the remaining bytes contain
message data. A UDP datagram header contains four fields of two
bytes each:




Source port number
Destination port number
Datagram size
Checksum
A checksum is a count of the number of bits in a transmission unit that is included
with the unit so that the receiver can check to see whether the same number of
bits arrived. If the counts match, it's assumed that the complete transmission was
received.
Identify well-known ports
In TCP/IP and UDP networks, a port is an endpoint to a logical connection
and the way a client program specifies a specific server program on a
computer in a network.
The port number identifies what type of port it is. For example, port 80 is
used for HTTP traffic. Some ports have numbers that are pre-assigned to
them by the IANA(Internet Assigned Numbers Authority ), and these
are called the "well-known ports" which are specified in RFC 1700.
List of Well-Known Ports
Port numbers range from 0 to 65536, but only port numbers 0 to
1024 are reserved for privileged services and designated as wellknown ports. This list of well-known port numbers specifies the
port used by the server process as its contact port.
Port Number
Description
1
TCP Port Service Multiplexer (TCPMUX)
5
Remote Job Entry (RJE)
7
ECHO
18
Message Send Protocol (MSP)
20
FTP -- Data
21
FTP -- Control
22
SSH Remote Login Protocol
23
Telnet
25
Simple Mail Transfer Protocol (SMTP)
29
MSG ICP
37
Time
42
Host Name Server (Nameserv)
43
WhoIs
49
Login Host Protocol (Login)
53
Domain Name System (DNS)
69
70
79
80
103
108
109
110
115
118
119
137
139
Trivial File Transfer Protocol (TFTP)
Gopher Services
Finger
HTTP
X.400 Standard
SNA Gateway Access Server
POP2
POP3
Simple File Transfer Protocol (SFTP)
SQL Services
Newsgroup (NNTP)
NetBIOS Name Service
NetBIOS Datagram Service
143
150
156
161
179
190
194
197
389
396
443
Interim Mail Access Protocol (IMAP)
NetBIOS Session Service
SQL Server
SNMP
Border Gateway Protocol (BGP)
Gateway Access Control Protocol
(GACP)
Internet Relay Chat (IRC)
Directory Location Service (DLS)
Lightweight Directory Access
Protocol (LDAP)
Novell Netware over IP
HTTPS
444
445
458
546
547
563
569
1080
Simple Network Paging Protocol
(SNPP)
Microsoft-DS
Apple QuickTime
DHCP Client
DHCP Server
SNEWS
MSN
Socks
Use netstat and other port scanners to identify open
connections and services.
netstat
If you’re troubleshooting a service that you know is running
normally the next step is to make sure it’s listening to the right
network port.
The netstat command shows the services listening to ports on a
Linux server along with the details of any connections currently made
to them. The connection details we look at during basic network
daemon troubleshooting are the addresses the daemon is listening
on (including the port number), the daemon’s PID (process identifier),
and the program name.
Of course, you need to run netstat on the server running the service.
Remember that netstat is not affected by your firewall configuration.
• In computing, netstat (network statistics) is a command-line
tool that displays network connections for the Transmission
Control Protocol (both incoming and outgoing), routing tables,
and a number of network interface (network interface
controller or software-defined network interface) and network
protocol statistics.
Checking ports
To list tcp ports that are being listened on, along with the
name of each listener’s daemon and its PID, run:
sudo netstat -plnt
The following example shows netstat’s output for three
common programs that are listening on three different
sockets.
For example, if you only want to see TCP connections, use netstat --tcp.
This shows a list of TCP connections to and from your machine. The
following example shows connections to our machine on ports 993
(imaps), 143 (imap), 110 (pop3), 25 (smtp), and 22 (ssh).It also shows a
connection from our machine to a remote machine on port 389 (ldap).
If you want to see what (TCP) ports your machine is listening on, use
netstat --tcp --listening.
Another useful flag to add to this is --programs which indicates which
process is listening on the specified port.
The following example shows a machine listening on ports 80 (www), 443
(https), 22 (ssh), and 25 (smtp);
The next example uses netstat --route to display the routing table. For
most people, this will show one IP and and the gateway address but if
you have more than one interface or have multiple IPs assigned to an
interface, this command can help troubleshoot network routing
problems.
Description Port scanner tool can be used to identify available
services running on a server, it uses raw IP packets to find out what
ports are open on a server or what Operating System is running or to
check if a server has firewall enabled etc.
The service can also detect uptime of a host if the host is running one
of the known Operating Systems which the scanner can analyze to
guess uptime.