Transcript Document
Transport Layer
Protocols
TCP and UDP
Transport Control Protocols
The function of the Transport Layer is to
insure packets have no errors and that
all packets arrive and are correctly
reassembled. Two protocols are used:
User Datagram Protocol.
Provides unreliable, connectionless
delivery service using Internet Protocol.
Application programs utilizing UDP
accepts full responsibility for packet
reliability including message loss,
duplication, delay, out of sequence,
multiplexing and connectivity loss.
Transmission Control Protocol.
Applications
Packet
Packet
TCP
UDP
Packet
Packet
IP
Packet
Hardware
Provides a reliable, connection delivery
service using Internet Protocol.
It provides reliable packet delivery,
packet sequencing, error control,
multiplexing.
L.Krist NVCC
TCP and UDP pass IP
packets to the
applications
2
Connectionless vs Connection-oriented
Protocols
Connection-oriented – Two
computers connect before sending any
data, sender lets receiver know that
data is on the way; recipient
acknowledges receipt of data (ACK) or
denies receipt (NACK). The ACKing
and NACKing is called handshaking.
(Type supported by TCP). Reliable, but
carries overhead burden.
Connectionless – Computers
involved know nothing about each
other or the data being sent. Makes no
attempt to cause networks senders
and receivers to exchange information
about their availability or ability to
communicate with one another, “best
effort” delivery. (Type supported by IP,
UDP). Not reliable, but faster and may
be good enough. Also upper layer
apps may worry about errors and
reliability processing, so no need to do
it twice.
L.Krist NVCC
3
Transport Layer Ports
Port numbers are used to keep track
of different conversations that cross
the network at the same time.
Port numbers identify which upper
layer service is needed, and are
needed when a host communicates
with a server that uses multiple
services.
Both TCP and UDP use port numbers to pass to the upper layers.
Port numbers have the following ranges:
0-255 used for public applications, 0-1023 also called wellknown ports, regulated by IANA.
Numbers from 255-1023 are assigned to marketable applications
1024 through 49151 Registered Ports, not regulated.
49152 through 65535 are Dynamic and/or Private Ports .
L.Krist NVCC
4
Some Well-Known TCP Ports
Port
9
7
19
20
21
23
25
53
79
80
88
110
119
161
179
513
Application
Discard
Echo
Chargen
FTP-Data
FTP-CMD
Telnet
SMTP
DOMAIN
Finger
HTTP
Kerberos
POP3
NNTP
SMTP
BGP
Rlogin
Description
Discard all incoming data port
Echo
Exchange streams of data port
File transfer data port
File transfer command port
Telnet remote login port
Simple Mail Transfer Protocol port
Domain Name Service
Obtains information about active users
Hypertext Transfer Protocol port
Authentication Protocol
PC Mail retrieval service port
Network news access port
Network Management
Border Gateway Protocol
Remote Login In
L.Krist NVCC
5
Ports for Clients
Clients and servers both use ports to distinguish what process each
segment is associated with.
Source ports, which are set by the client, are determined
dynamically, usually a randomly assigned a number above 1023.
1. Client requests a web page from server
2. Server responds to client
L.Krist NVCC
Source Port
Destination Port
1032
80
80
1032
6
Protocols and Port Numbers
APPLICATION
LAYER
Telnet
Source Port
5512
TRANSPORT
LAYER
Destination Port
23
TCP Header
NETWORK
LAYER
6
IP Header
Source IP Address; 128.66.12.2
Destination IP Address; 128.66.13.1
DATA LINK
LAYER
ETHERNET
PREAMBLE
DESTINATION ADDR
00 00 1B 12 23 34
SOURCE ADDR
00 00 1B 09 08 07
L.Krist NVCC
FIELD
TYPE
IP
HEADER
TCP
HEADER
DATA
FCS
7
Protocols and Port Numbers
APPLICATION
LAYER
TFTP
Source Port
5512
TRANSPORT
LAYER
Destination Port
69
UDP
NETWORK
LAYER
IP Header
17
Source IP Address; 128.66.12.2
Destination IP Address; 128.66.13.1
DATA LINK
LAYER
ETHERNET
PREAMBLE
DESTINATION ADDR
00 00 1B 12 23 34
SOURCE ADDR
00 00 1B 09 08 07
L.Krist NVCC
FIELD
TYPE
IP
HEADER
TCP
HEADER
DATA
FCS
8
TCP Operation
TCP is a connection-oriented protocol.
TCP provides the following major services to the upper protocol
layers:
Connection-oriented data management to assure the end-to-end transfer of
data across the network(s).
Reliable data transfer to assure that all data is accurately received, in
sequence and with no duplicates.
Stream-oriented data transfer takes place between the sender application and
TCP and the receiving application and TCP.
To stream is to send individual characters not blocks or frames.
Prior to data transmission, hosts establish a virtual connection via
a synchronization process. The synch process is a 3-way
“handshake”, which ensures both sides are ready to transfer data
and determines the initial sequence numbers.
Sequence numbers give hosts a way to acknowledge what they
have received. TCP header contain SYN bits, or flags, to achieve
this.
L.Krist NVCC
9
TCP Synchronization or 3-Way Handshake
TCP is a connection oriented protocol. Communicating hosts go through a
synchronization process to establish a virtual connection. This synchronization
process insures that both sides are ready for data transmission and allows the
devices to determine the initial sequence numbers.
Sequence numbers are
reference numbers
between the two devices.
The sequence numbers
give each host a way to
ACK the SYN, so the
receiver knows which
connection request the
sender is responding to.
Send SYN
Seq = x
Receive SYN
Seq = y
ACK = x + 1
Send ACK
ACK = y + 1
L.Krist NVCC
Receive SYN
Seq = x
Send SYN
Seq = y
ACK = x + 1
Receive ACK
ACK = y + 1
10
Denial of Service Attacks
DoS attacks are designed to deny services to legitimate users.
DoS attacks are used by hackers to overwhelm and crash systems.
SYN flooding is a DoS attack that exploits the three way handshake.
1.
2.
3.
Hacker initiates a SYN but spoofs
the source IP address.
Target replies to the unreachable IP
address and waits for final ACK.
Hackers floods target with false
SYN requests tying up its
connection resources, preventing it
from responding to legitimate
connection requests.
Send SYN
Send SYN
Send SYN
Send SYN
Send SYN
Send SYN
Receive SYN
Send SYN/ACK
To defend against these attacks, decrease the connection timeout period
and increase the connection queue size. Software also exists that can
detect these types of attacks and initiate defensive measures.
L.Krist NVCC
11
TCP Windows and Flow Control
Data often is too large to be sent in a single segment. TCP splits the
data into multiple segments.
TCP provides flow control through “windowing” to set the pace of
how much data is sent at a time – IE how many bytes per window,
and how many windows between ACKs.
Window Size = 3
Window Size = 1
L.Krist NVCC
12
Windowing and Window Size
Window size determines the amount of
data that you can transmit before
receiving an acknowledgment. This is
how TCP assists in congestion control.
Fast enough
for you?
I didn’t get
all of that,
slow down.
Sliding window refers to the fact
that the window size is negotiated
dynamically during the TCP
session.
Expectational acknowledgment
means that the acknowledgment
number refers to the octet that is
next expected.
If the source receives no
acknowledgment, it knows to
retransmit at a slower rate.
L.Krist NVCC
13
Sequence and ACK Numbers
Each TCP segment is numbered before transmission so that the
receiver will be able to properly reassemble the bytes in their
original order.
They also identify missing data pieces so the sender can retransmit
them.
Only the missing segments need to be re-transmitted.
Positive Acknowledgement and Retransmission
TCP utilizes PAR to control data flow and confirm data delivery.
Source sends packet, starts timer, and waits for ACK.
If timer expires before source receives ACK, source retransmits the
packet and restarts the timer.
L.Krist NVCC
14
TCP Encapsulation
0
15 16
VERS HLEN
4 bits
31
Total Length
TOS
4 bits
8 bits
16 bits
Identification
Flags
16 bits
TTL
Fragment Offset
13 bits
3 bits
Protocol
8 bits
Checksum
16 bits
8 bits
IP Header
Source IP Address
32 bits
Destination IP Address
32 bits
IP Options(if any)
32 bits
Destination Port
Source Port
IP Datagram
16 bits
16 bits
Sequence Number
32 bits
Acknowledgement Number
32 bits
Offset Reserved U A P R S F
6 bits
TCP Header
Receive Window Size
4 bits
16 bits
Urgent Pointer
Checksum
16 bits
16 bits
Options (if any)
TCP Data (if any)
ETHERNET
PREAMBLE
8
DESTINATION
ADDRESS
6
SOURCE
ADDRESS
6
FIELD
TYPE
2
IP
HEADER
L.Krist NVCC
TCP
HEADER
DATA
0-65535
FCS
4
15
TCP Segment Format
Number of the calling port
Number of the called port
Used to ensure correct
sequencing of the
arriving data
Next expected
TCP octet
Number of 32-bit words in
the header
set to zero
Control setup and
termination of session
Number of octets sender is
willing to accept
Indicates the end of the urgent data
Upper layer protocol data
L.Krist NVCC
16
Details on TCP Fields
Sequence Number. TCP numbers each byte in the TCP data with a sequence number.
Acknowledgement Number. The acknowledgement number contains the next sequence number
the receiving station (sending the acknowledgement) expects to receive. The Acknowledgement flag
is set.
Offset. It is perhaps more descriptive to call this field the TCP Header Length. This field is required because the
length of the options field is variable.
It indicates where the TCP header ends and the data begins. The header is 20 bytes without the options field.
Reserved. This field is reserved for future use and is set to zero.
TCP software uses the 6 Code Bits to determine the purpose and contents of the segment.
The sequence number identifies the first byte in the data segment being transmitted from the sending TCP to
the receiving TCP.
Urg This flag indicates that this segment contains an Urgent pointer field. The Urgent Pointer field is explained
below. 1 = Urgent, 0 = Not Urgent.
Ack This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0 = No Ack.
Psh The segment requests a Push. TCP software usually gathers enough data to fill the transmit buffer prior to
transmitting the data. 1 = Push, 0 = No Push. If an application requires data to be transmitted even though a
buffer may not be full then a PUSH flag bit is set. At the receive side the PUSH makes the data available to the
application without delay.
Reset This field will Reset the connection. 1 = Reset, 0 = No Reset.
Syn This flag field is used to Synchronize sequence numbers to initiate a connection. 1 = Syn, 0 = No Syn
Fin The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 = No Fin.
Urgent Pointer. This field presents a way for the sender to transmit emergency data to the receiver.
The URG flag must be set.
The Urgent Pointer is a 16 bit positive offset that is added to the sequence number field in the TCP header to
obtain the sequence number of the last byte of the urgent data.
The application determines where the urgent data starts in the data stream.
The field is normally used by the application to indicate the pressing of an interrupt key during Telnet/Rlogin or a
file transfer abort during FTP.
L.Krist NVCC
17
UDP/TCP Operation Comparison
There are two protocols at Layer 4
– TCP and UDP. Both TCP and
UDP use IP as their underlying
protocol.
TCP must be used when
applications need to guarantee the
delivery of a packet. When
applications do not need a
guarantee, UDP is used.
UDP is often used for applications
and services such as real-time
audio and video. These
applications require less
overhead. They also do not need
to be re-sequenced since packets
that arrive late or out of order have
no value.
0 – 15
Source Port
16 - 31
Destination Port
TCP
UDP
Connection-oriented
delivery
Connectionless
delivery, faster
Uses windows and
ACKs
No windows or ACKs
Full header
Smaller header, less
overhead
Sequencing
No sequencing
Provides reliability
Relies on app layer
protocols for reliability
FTP, HTTP, SMTP, and
DNS
DNS, TFTP, SNMP,
and DHCP
UDP segment format
31 - 47
Length
L.Krist NVCC
48 – 63
Checksum
64
Data…
18
User Datagram Protocol
0
15 16
UDP Source Port
31
UDP Destination Port
UDP Message Length
UDP Checksum
Data
. . .
ETHERNET
FCS
PREAMBLE
8
6
SOURCE
ADDRESS
6
FIELD
TYPE
IP HEADER
2
UDP DATAGRAM
8-1500
4
UDP is a connectionless, unreliable Transport level service protocol. It is
primarily used for protocols that require a broadcast capability, i.e RIP.
It provides no packet sequencing, may lose packets, and does not check for
duplicates.
DESTINATION
ADDRESS
It is used by applications that do not need a reliable transport service.
Application data is encapsulated in a UDP header which in turn is encapsulated
in an IP header.
UDP distinguishes different applications by port number which allows
multiple applications running on a given computer to send /receive
datagrams independently of one another.
L.Krist NVCC
19
UDP Port Numbers
Echo
Discard
Daytime
7
9
13
Echo user datagram back to user
Discard user datagrams
Report time in a user friendly fashion
Quote
Chargen
Nameserver
Sql-Net
BOOTPS
BOOTPC
TFTP
POP3
SunRPC
NTP
SNMP
SNMP-trap
IRC
IPX
SysLog
RIP
NFS
17
19
53
66
67
68
69
110
111
123
161
162
194
213
514
520
2049
Return "Quote of the day"
Character generator
Domain Name Server
Oracle Sequel Network
Server port to download configuration information
Client port to receive configuration information
Trivial File Transport Protocol
Post Office Protocol - V3
Sun Remote Procedure Call
Network Time Protocol
Used to receive network management queries
Used to receive network problem reports.
Internet Relay Chat
IPX - IP Tunneling
System Log
Routing Information Protocol
Network File Service
L.Krist NVCC
20
Packet Analysis
Ethereal and dns-moviefone.pkt trace
L.Krist NVCC
21