Upload
gaurav-prabhaker
View
228
Download
0
Embed Size (px)
Citation preview
7/30/2019 TCPIP 4-Transport Layer Protocols
1/21
Transport Layer
ProtocolsTCP and UDP
7/30/2019 TCPIP 4-Transport Layer Protocols
2/21
L.Krist NVCC 2
Transport Control Protocols
The function of the Transport Layer is toinsure packets have no errors and thatall packets arrive and are correctlyreassembled. Two protocols are used:
User Datagram Protocol. Provides unreliable, connectionless
delivery service using Internet Protocol. Application programs utilizing UDP
accepts full responsibility for packetreliability including message loss,duplication, delay, out of sequence,multiplexing and connectivity loss.
Transmission Control Protocol. Provides a reliable, connection delivery
service using Internet Protocol.
It provides reliable packet delivery,packet sequencing, error control,multiplexing.
Hardware
IP
Applications
TCP UDP
Packet
Packet Packet
PacketPacket
TCP and UDP pass IPpackets to theapplications
7/30/2019 TCPIP 4-Transport Layer Protocols
3/21
L.Krist NVCC 3
Connectionless vs Connection-oriented
Protocols Connection-oriented Twocomputers connect before sending any
data, sender lets receiver know thatdata is on the way; recipientacknowledges receipt of data (ACK) ordenies receipt (NACK). The ACKingand NACKing is called handshaking.(Type supported by TCP). Reliable,
but carries overhead burden. Connectionless Computers
involved know nothing about eachother or the data being sent. Makes noattempt to cause networks sendersand receivers to exchange informationabout their availability or ability tocommunicate with one another, best
effort delivery. (Type supported by IP,UDP). Not reliable, but faster and maybe good enough. Also upper layerapps may worry about errors andreliability processing, so no need to doit twice.
7/30/2019 TCPIP 4-Transport Layer Protocols
4/21
L.Krist NVCC 4
Transport Layer Ports
Both TCP and UDP use port numbers to pass to the upper layers.
Port numbers have the following ranges:
0-255 used for public applications, 0-1023 also called well-
known ports, regulated by IANA. Numbers from 255-1023 are assigned to marketable applications
1024 through 49151 Registered Ports, not regulated.
49152 through 65535 are Dynamic and/or Private Ports .
Port numbers are used to keep track
of different conversations that crossthe network at the same time.
Port numbers identify which upperlayer service is needed, and areneeded when a host communicateswith a server that uses multiple
services.
7/30/2019 TCPIP 4-Transport Layer Protocols
5/21
L.Krist NVCC 5
9 Discard Discard all incoming data port
7 Echo Echo
19 Chargen Exchange streams of data port
20 FTP-Data File transfer data port
21 FTP-CMD File transfer command port
23 Telnet Telnet remote login port25 SMTP Simple Mail Transfer Protocol port
53 DOMAIN Domain Name Service
79 Finger Obtains information about active users
80 HTTP Hypertext Transfer Protocol port
88 Kerberos Authentication Protocol
110 POP3 PC Mail retrieval service port119 NNTP Network news access port
161 SMTP Network Management
179 BGP Border Gateway Protocol
513 Rlogin Remote Login In
Port Application Description
Some Well-Known TCP Ports
7/30/2019 TCPIP 4-Transport Layer Protocols
6/21
L.Krist NVCC 6
Destination PortSource Port
Ports for Clients
80
80 1032
1. Client requests a web page from server 1032
2. Server responds to client
Clients and servers both use ports to distinguish what process eachsegment is associated with.
Source ports, which are set by the client, are determineddynamically, usually a randomly assigned a number above 1023.
7/30/2019 TCPIP 4-Transport Layer Protocols
7/21
L.Krist NVCC 7
FCSPREAMBLEDESTINATION ADDR
00 00 1B 12 23 34
SOURCE ADDR
00 00 1B 09 08 07FIELDTYPE
ETHERNET
6
Source IP Address; 128.66.12.2
Destination IP Address; 128.66.13.1
IP Header
TCP Header
IP
HEADERTCP
HEADER DATA
Source Port
5512 Destination Port
23
Telnet
DATA LINK
LAYER
NETWORKLAYER
TRANSPORT
LAYER
APPLICATION
LAYER
Protocols and Port Numbers
7/30/2019 TCPIP 4-Transport Layer Protocols
8/21
L.Krist NVCC 8
FCSPREAMBLEDESTINATION ADDR
00 00 1B 12 23 34
SOURCE ADDR
00 00 1B 09 08 07FIELD
TYPE
ETHERNET
17Source IP Address; 128.66.12.2
Destination IP Address; 128.66.13.1
IP Header
UDP
IPHEADER
TCPHEADER DATA
Source Port
5512 Destination Port
69
TFTP
DATA LINK
LAYER
NETWORK
LAYER
TRANSPORT
LAYER
APPLICATIONLAYER
Protocols and Port Numbers
7/30/2019 TCPIP 4-Transport Layer Protocols
9/21
L.Krist NVCC 9
TCP Operation TCP is a connection-oriented protocol.
TCP provides the following major services to the upper protocol
layers:
Connection-oriented data management to assure the end-to-end transfer ofdata across the network(s).
Reliable data transfer to assure that all data is accurately received, in
sequence and with no duplicates. Stream-oriented data transfer takes place between the sender application and
TCP and the receiving application and TCP.
To stream is to send individual characters not blocks or frames.
Prior to data transmission, hosts establish a virtual connectionvia
a synchronization process. The synch process is a 3-way
handshake, which ensures both sides are ready to transfer data
and determines the initial sequence numbers.
Sequence numbers give hosts a way to acknowledge what they
have received. TCP header contain SYN bits, or flags, to achieve
this.
7/30/2019 TCPIP 4-Transport Layer Protocols
10/21
L.Krist NVCC 10
TCP Synchronization or 3-Way HandshakeTCP is a connection oriented protocol. Communicating hosts go through a
synchronization process to establish a virtual connection. This synchronizationprocess insures that both sides are ready for data transmission and allows the
devices to determine the initial sequence numbers.
Send ACKACK = y + 1
Receive SYNSeq = x
Send SYN
Seq = yACK = x + 1
Receive SYNSeq = y
ACK = x + 1
Send SYNSeq = x
Receive ACKACK = y + 1
Sequence numbers are
reference numbersbetween the two devices.
The sequence numbers
give each host a way to
ACK the SYN, so the
receiver knows whichconnection request the
sender is responding to.
7/30/2019 TCPIP 4-Transport Layer Protocols
11/21
L.Krist NVCC 11
Denial of Service Attacks
1. Hacker initiates a SYN but spoofs
the source IP address.
DoS attacks are designed to deny services to legitimate users.
DoS attacks are used by hackers to overwhelm and crash systems.SYN flooding is a DoS attack that exploits the three way handshake.
To defend against these attacks, decrease the connection timeout periodand increase the connection queue size. Software also exists that candetect these types of attacks and initiate defensive measures.
Send SYN
Receive SYN
Send SYN/ACK
Send SYNSend SYNSend SYNSend SYNSend SYN
2. Target replies to the unreachable IP
address and waits for final ACK.3. Hackers floods target with false
SYN requests tying up its
connection resources, preventing it
from responding to legitimate
connection requests.
7/30/2019 TCPIP 4-Transport Layer Protocols
12/21
L.Krist NVCC 12
TCP Windows and Flow Control Data often is too large to be sent in a single segment. TCP splits the
data into multiple segments. TCP provides flow control through windowing to set the pace of
how much data is sent at a time IE how many bytes per window,and how many windows between ACKs.
Window Size = 1 Window Size = 3
7/30/2019 TCPIP 4-Transport Layer Protocols
13/21
L.Krist NVCC 13
Sliding window refers to the factthat the window size is negotiated
dynamically during the TCPsession.
Window size determines the amount of
data that you can transmit beforereceiving an acknowledgment. This is
how TCP assists in congestion control.
Windowing and Window Size
If the source receives noacknowledgment, it knows toretransmit at a slower rate.
Expectational acknowledgmentmeans that the acknowledgment
number refers to the octet that is
next expected.
Fast enough
for you?I didnt get
all of that,
slow down.
7/30/2019 TCPIP 4-Transport Layer Protocols
14/21
L.Krist NVCC 14
Sequence and ACK Numbers Each TCP segment is numbered before transmission so that the
receiver will be able to properly reassemble the bytes in theiroriginal order.
They also identify missing data pieces so the sender can retransmitthem.
Only the missing segments need to be re-transmitted.
Positive Acknowledgement and RetransmissionTCP utilizes PAR to control data flow and confirm data delivery.
Source sends packet, starts timer, and waits for ACK. If timer expires before source receives ACK, source retransmits the
packet and restarts the timer.
7/30/2019 TCPIP 4-Transport Layer Protocols
15/21
L.Krist NVCC 15
VERS
FCSPREAMBLE DESTINATION
ADDRESS
SOURCE
ADDRESS
FIELD
TYPE
ETHERNET
0-65535
2668 4
HLEN TOS Total Length4 bits 4 bits 8 bits 16 bits
Identification16 bits Flags3 bits Fragment Offset13 bitsTTL8 bits
Protocol8 bits
Checksum16 bits
Source IP Address32 bits
Destination IP Address
32 bits
IP Options(if any)32 bits
TCP Data (if any)
0 15 16 31
Source Port Destination Port
Sequence Number
Acknowledgement Number
OffsetUA P R S F
Reserved Receive Window Size
Checksum Urgent Pointer
16 bits 16 bits
32 bits
32 bits
4 bits 6 bits 16 bits
16 bits 16 bits
IP Header
TCP Header
IP Datagram
Options (if any)
DATAIP
HEADER
TCP
HEADER
TCP Encapsulation
7/30/2019 TCPIP 4-Transport Layer Protocols
16/21
L.Krist NVCC 16
Number of the calling port Number of the called port
Used to ensure correct
sequencing of the
arriving data
Next expectedTCP octet
Number of 32-bit words inthe header
set to zero
Control setup and
termination of session
Number of octets sender iswilling to acceptIndicates the end of the urgent data
Upper layer protocol data
TCP Segment Format
7/30/2019 TCPIP 4-Transport Layer Protocols
17/21
L.Krist NVCC 17
Details on TCP Fields Sequence Number. TCP numbers each byte in the TCP data with a sequence number.
The sequence number identifies the first byte in the data segment being transmitted from the sending TCP tothe receiving TCP.
Acknowledgement Number. The acknowledgement number contains the next sequence numberthe receiving station (sending the acknowledgement) expects to receive. The Acknowledgement flagis set. Offset. It is perhaps more descriptive to call this field the TCP Header Length. This field is required because the
length of the options field is variable.
It indicates where the TCP header ends and the data begins. The header is 20 bytes without the options field.
Reserved. This field is reserved for future use and is set to zero.
TCP software uses the 6 Code Bits to determine the purpose and contents of the segment. Urg This flag indicates that this segment contains an Urgent pointer field. The Urgent Pointer field is explainedbelow. 1 = Urgent, 0 = Not Urgent.
Ack This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0 = No Ack. Psh The segment requests a Push. TCP software usually gathers enough data to fill the transmit buffer prior to
transmitting the data. 1 = Push, 0 = No Push. If an application requires data to be transmitted even though abuffer may not be full then a PUSH flag bit is set. At the receive side the PUSH makes the data available to theapplication without delay.
Reset This field will Reset the connection. 1 = Reset, 0 = No Reset. Syn This flag field is used to Synchronize sequence numbers to initiate a connection. 1 = Syn, 0 = No Syn
Fin The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 = No Fin. Urgent Pointer. This field presents a way for the sender to transmit emergency data to the receiver.
The URG flag must be set. The Urgent Pointer is a 16 bit positive offset that is added to the sequence number field in the TCP header to
obtain the sequence number of the last byte of the urgent data.
The application determines where the urgent data starts in the data stream.
The field is normally used by the application to indicate the pressing of an interrupt key during Telnet/Rlogin or afile transfer abort during FTP.
7/30/2019 TCPIP 4-Transport Layer Protocols
18/21
L.Krist NVCC 18
UDP/TCP Operation Comparison
There are two protocols at Layer 4 TCP and UDP. Both TCP andUDP use IP as their underlyingprotocol.
TCP must be used whenapplications need to guarantee thedelivery of a packet. When
applications do not need aguarantee, UDP is used.
UDP is often used for applicationsand services such as real-timeaudio and video. Theseapplications require lessoverhead. They also do not need
to be re-sequenced since packetsthat arrive late or out of order haveno value.
TCP UDPConnection-oriented
delivery
Connectionless
delivery, faster
Uses windows and
ACKs
No windows or ACKs
Full header Smaller header, less
overhead
Sequencing No sequencing
Provides reliability Relies on app layer
protocols for reliability
FTP, HTTP, SMTP, and
DNS
DNS, TFTP, SNMP,
and DHCP
0 15 16 - 31 31 - 47 48 63 64
Source Port Destination Port Length Checksum Data
UDP segment format
7/30/2019 TCPIP 4-Transport Layer Protocols
19/21
L.Krist NVCC 19
User Datagram Protocol
UDP is a connectionless, unreliable Transport level service protocol. It isprimarily used for protocols that require a broadcast capability, i.e RIP.
It provides no packet sequencing, may lose packets, and does not check forduplicates.
It is used by applications that do not need a reliable transport service. Application data is encapsulated in a UDP header which in turn is encapsulated
in an IP header.
UDP distinguishes different applications by port number which allowsmultiple applications running on a given computer to send /receivedatagrams independently of one another.
FCS
IP HEADERPREAMBLE
DESTINATION
ADDRESS
SOURCE
ADDRESS
FIELD
TYPE
ETHERNET
8-15002668 4
UDP Source Port
0 15 16 31
UDP Message Length
Data
UDP Destination Port
UDP Checksum
. . .
UDP DATAGRAM
7/30/2019 TCPIP 4-Transport Layer Protocols
20/21
7/30/2019 TCPIP 4-Transport Layer Protocols
21/21
L.Krist NVCC 21
Packet Analysis
Ethereal and dns-moviefone.pkt trace