TCP/IP Refresher Prabhaker Mateti (ack: Many many sources …)

TCP/IP RefresherTCP/IP Refresher

Prabhaker MatetiPrabhaker Mateti

(ack: Many many sources …)(ack: Many many sources …)

Mateti, TCP/IP RefresherMateti, TCP/IP Refresher 22

TCP/IP ?TCP/IP ?

TCP = Transmission Control ProtocolTCP = Transmission Control Protocol IP = Internet ProtocolIP = Internet Protocol Almost always includes other protocols:Almost always includes other protocols:

– UDP, User (Unreliable) DatagramUDP, User (Unreliable) Datagram– ICMP, Internet Control MessageICMP, Internet Control Message– ARP, Address ResolutionARP, Address Resolution


What’s a Protocol?What’s a Protocol?

An agreed upon convention for An agreed upon convention for communication.communication.

Protocols must be formally Protocols must be formally defined and unambiguousdefined and unambiguous


TCP

UDP

ICMP other

IP layer IP layer IP layer IP layer

Physical Physical Physical Physical Physical Physical

LayersLayers

The relative heights indicate the level of functionality.


Unix is a Layered Unix is a Layered SystemSystem

Applications

Libraries

System Calls

Kernel


LayersLayers

The routines/methods of Layer N The routines/methods of Layer N will will notnot call Layer N+1. call Layer N+1.

The routines/methods of Layer N The routines/methods of Layer N typically do call the same layer typically do call the same layer methods. methods.

The routines/methods of Layer N The routines/methods of Layer N typically do call Layer N-1 typically do call Layer N-1 methods.methods.


DoD model: Four DoD model: Four LayersLayers1.1. Network Access Layer: Delivery over Network Access Layer: Delivery over

physical media in use.physical media in use.2.2. Internet Layer: Delivery across different Internet Layer: Delivery across different

physical networks that connect source physical networks that connect source and destination machines. and destination machines.

3.3. Host-to-Host Layer: Connection Host-to-Host Layer: Connection rendezvous, flow control, rendezvous, flow control, retransmission of lost data, etc. TCP retransmission of lost data, etc. TCP and UDP protocols are in this layer.and UDP protocols are in this layer.

4.4. Process Layer: User-level functions, Process Layer: User-level functions, such as SMTP, FTP and rlogin.such as SMTP, FTP and rlogin.


OSI Reference ModelOSI Reference Model

Seven LayersSeven Layers7. Application7. Application

6. Presentation6. Presentation

5. Session5. Session

4. Transport4. Transport

3. Network3. Network

2. Data Link2. Data Link

1. Physical1. Physical


TCP/IP & OSITCP/IP & OSI

In OSI reference model In OSI reference model terminology -the TCP/IP protocol terminology -the TCP/IP protocol suite covers the network and suite covers the network and transport layers. transport layers.

TCP/IP can be used on many data-TCP/IP can be used on many data-link layers (can support many link layers (can support many network hardware network hardware implementations). implementations).


TCPTCP UDPUDP

IPIP

802.3802.3

Process Layer

Transport Layer

Network Layer

Data-Link Layer

ProcessProcess ProcessProcess

ICMP, ARP &

RARP


Physical LayerPhysical Layer

Responsibility:Responsibility:– transmission of raw bits over a transmission of raw bits over a

communication channel.communication channel. Issues:Issues:

– mechanical and electrical interfacesmechanical and electrical interfaces– time per bittime per bit– distancesdistances


Data Link Layer - Data Link Layer - Data Link ControlData Link Control Responsibility:Responsibility:

– provide an error-free communication provide an error-free communication linklink

Issues:Issues:– framing (dividing data into chunks)framing (dividing data into chunks)

header & trailer bitsheader & trailer bits

– addressingaddressing10110110101 01100010011 10110000001


The Data Link Layer - The Data Link Layer - The MAC sub layerThe MAC sub layer Medium Access Control (MAC) - Medium Access Control (MAC) -

needed by multi-access networks.needed by multi-access networks.

MAC provides DLC with “virtual MAC provides DLC with “virtual wires” on multi-access networks.wires” on multi-access networks.


Ethernet: A Data-Link Ethernet: A Data-Link LayerLayer IEEE 802.3IEEE 802.3 Variety of physical layers.Variety of physical layers. Multi-access (shared medium).Multi-access (shared medium). Interface has a unique 6-byte hardware Interface has a unique 6-byte hardware

address. (E.g. 00-D0-09-E8-08-61)address. (E.g. 00-D0-09-E8-08-61) The broadcast address is all 1’s.The broadcast address is all 1’s. Addresses are assigned to vendors by a Addresses are assigned to vendors by a

central authority.central authority.


An Ethernet FrameAn Ethernet Frame

Preamble is a sequence of alternating Preamble is a sequence of alternating 1’s and 0’s used for synchronization.1’s and 0’s used for synchronization.

CRC is Cyclic Redundancy CheckCRC is Cyclic Redundancy Check

8 bytes 6 6 2 0-1500 4

PreambleDestination

AddressSourceAddress

Len CRCDATA


Ethernet AddressingEthernet Addressing

Each NIC looks at every Each NIC looks at every frameframe and inspects the destination and inspects the destination address. If the address does not address. If the address does not match the hardware address of match the hardware address of the interface or the broadcast the interface or the broadcast address, the frame is discarded.address, the frame is discarded.

Some NICs can be programmed to Some NICs can be programmed to recognize multicast addresses.recognize multicast addresses.


The Network LayerThe Network Layer

Responsibilities:Responsibilities:– path selection between systems (routing).path selection between systems (routing).– subnet flow control.subnet flow control.– fragmentation & reassemblyfragmentation & reassembly– translation between different network translation between different network

types.types. Issues:Issues:

– packet headerspacket headers– virtual circuitsvirtual circuits


The Transport LayerThe Transport Layer

Responsibilities:Responsibilities:– provides virtual end-to-end links provides virtual end-to-end links

between peer processes.between peer processes.– end-to-end flow controlend-to-end flow control

Issues:Issues:– headersheaders– error detection error detection – reliable communicationreliable communication


The Session LayerThe Session Layer

Responsibilities:Responsibilities:– establishes, manages, and establishes, manages, and

terminates sessions between terminates sessions between applications.applications.

– service location lookupservice location lookup

Many protocol suites do not Many protocol suites do not include a session layer.include a session layer.


The Presentation LayerThe Presentation Layer

Responsibilities:Responsibilities:– data encryptiondata encryption– data compressiondata compression– data conversiondata conversion

Many protocol suites do not Many protocol suites do not include a Presentation Layer.include a Presentation Layer.


The Application LayerThe Application Layer

Responsibilities:Responsibilities:– anything not provided by any of the anything not provided by any of the

other layersother layers Issues:Issues:

– application level protocolsapplication level protocols– appropriate selection of “type of appropriate selection of “type of

service”service”


Layering & Headers Layering & Headers

Each layer needs to add control Each layer needs to add control information. information.

Typically prefixed to the data Typically prefixed to the data before passing on to the lower before passing on to the lower layer.layer.


HeadersHeaders

Process

Transport

Network

Data Link

Process

Transport

Network

Data Link

DATA

DATA

DATA

DATA

H

H

H

H

HH


Example HeadersExample Headers

Physical: no headerPhysical: no header Data Link: Data Link:

– address of the receiving endpointsaddress of the receiving endpoints– address of the sending endpointaddress of the sending endpoint– length of the datalength of the data– checksumchecksum


Network layer header - Network layer header - examplesexamples protocol suite protocol suite

versionversion type of service type of service length of the length of the

datadata packet identifierpacket identifier fragment numberfragment number time to livetime to live

protocolprotocol header checksumheader checksum source network source network

addressaddress destination network destination network

addressaddress


Connecting NetworksConnecting Networks

Repeater: Repeater: physical layerphysical layer

Bridge: Bridge: data link layerdata link layer

Router: Router: network layernetwork layer

Gateway: Gateway: network layer and network layer and

above.above.


RepeaterRepeater

Copies bits from one network to anotherCopies bits from one network to another Does not look at any bitsDoes not look at any bits Allows the extension of a network Allows the extension of a network

beyond physical length limitationsbeyond physical length limitations

REPEATER


BridgeBridge

Copies frames from one network to Copies frames from one network to anotheranother

Can operate selectively - does not copy Can operate selectively - does not copy all frames (looks at data-link headers).all frames (looks at data-link headers).

Extends the network beyond physical Extends the network beyond physical length limitations.length limitations.

BRIDGE


RouterRouter

Copies packets from one network Copies packets from one network to another.to another.

Makes decisions about what route Makes decisions about what route a packet should take (looks at a packet should take (looks at network headers).network headers).

ROUTERROUTER


GatewayGateway

Operates as a routerOperates as a router Data conversions above the network Data conversions above the network

layer.layer. Conversions:Conversions:

– encapsulation - use an intermediate encapsulation - use an intermediate network network

– translation - connect different application translation - connect different application protocolsprotocols

– encryption - could be done by a gatewayencryption - could be done by a gateway


Encapsulation ExampleEncapsulation Example

Gateway Gateway

Provides service connectivity Provides service connectivity even though intermediate even though intermediate network does not support network does not support protocols.protocols.


TranslationTranslation

Translate from green protocol to Translate from green protocol to brown protocolbrown protocol

Gateway


Encryption gatewayEncryption gateway

SecureNetwork

Secure NetworkEncryption/Decryption

Gateways

GWGW ? ??

Insecure Network


Hardware v. SoftwareHardware v. Software

Repeaters are typically hardware Repeaters are typically hardware devices.devices.

Bridges can be implemented in hardware Bridges can be implemented in hardware or software.or software.

Routers and gateways are typically Routers and gateways are typically implemented in software so that they can implemented in software so that they can be extended to handle new protocols.be extended to handle new protocols.

Many workstations can operate as Many workstations can operate as routers or gateways. routers or gateways.


Modes of ServiceModes of Service

connection-oriented vs. connection-oriented vs. connectionlessconnectionless

sequencingsequencing error-controlerror-control flow-controlflow-control byte stream vs. message basedbyte stream vs. message based full-duplex vs. half-duplex.full-duplex vs. half-duplex.


Connection-Oriented Connection-Oriented ServiceService establishment of a logical establishment of a logical

connection between two connection between two processes.processes.

transfer datatransfer data terminate connection.terminate connection.


Connectionless ServiceConnectionless Service

Sends independent messages.Sends independent messages.


SequencingSequencing

Sequencing provides support for Sequencing provides support for an order to communications.an order to communications.

A service that includes A service that includes sequencing requires that sequencing requires that messages (or bytes) are received messages (or bytes) are received in the same order they are sent.in the same order they are sent.


Error ControlError Control

Some services require error Some services require error detection.detection.

Checksums provide a simple error Checksums provide a simple error detection mechanism.detection mechanism.

Error control sometimes involves Error control sometimes involves notification and retransmission.notification and retransmission.


Flow ControlFlow Control

Flow control prevents the sending Flow control prevents the sending process from overwhelming the process from overwhelming the receiving process.receiving process.

Flow control can be handled in a Flow control can be handled in a variety of ways.variety of ways.


Byte Stream vs. Byte Stream vs. MessageMessage Byte stream implies an ordered Byte stream implies an ordered

sequence of bytes with no sequence of bytes with no message boundaries.message boundaries.

Message oriented services Message oriented services provide communication service to provide communication service to chunks of data called chunks of data called datagramsdatagrams. .


Full- v. Half-DuplexFull- v. Half-Duplex

Full-Duplex services support the Full-Duplex services support the transfer of data in both directions.transfer of data in both directions.

Half-Duplex services support the Half-Duplex services support the transfer of data in one direction.transfer of data in one direction.


End-to-End v. Hop-to-End-to-End v. Hop-to-HopHop

Service modes, flow control and Service modes, flow control and error control can be error control can be

Either between endpoints of the Either between endpoints of the communication.communication.

Or between consecutive nodes on Or between consecutive nodes on the path between the endpoints.the path between the endpoints.


End-to-EndEnd-to-End

Process A

Process B


Hop-by-HopHop-by-Hop

Process A

Process B


BufferingBuffering

Buffering can provide more efficient Buffering can provide more efficient communications. communications.

Buffering is most useful for byte stream services.Buffering is most useful for byte stream services.

Process A Process BSendBuffer

Recv.Buffer


AddressesAddresses

Physical Layer: no address necessaryPhysical Layer: no address necessary Data Link Layer: address must be able Data Link Layer: address must be able

to select any host on the network.to select any host on the network. Network Layer: address must be able Network Layer: address must be able

to provide information to enable to provide information to enable routing.routing.

Transport Layer: address must identify Transport Layer: address must identify the destination process.the destination process.


BroadcastsBroadcasts

Broadcast = sending a message Broadcast = sending a message from one host to all other hosts from one host to all other hosts on the network.on the network.

A special address called the A special address called the “broadcast address” is created.“broadcast address” is created.

Some popular network services Some popular network services are based on broadcasting are based on broadcasting ((YP/NIS, rup, rusersYP/NIS, rup, rusers))


The IP in TCP/IPThe IP in TCP/IP

IP is the network layerIP is the network layer packet delivery service (host-to-packet delivery service (host-to-

host).host). translation between different translation between different

data-link protocols.data-link protocols.


IP DatagramsIP Datagrams

IP provides connectionless, IP provides connectionless, unreliable delivery of IP unreliable delivery of IP datagrams.datagrams.

Connectionless: each datagram is Connectionless: each datagram is independent of all others.independent of all others.

Unreliable: there is no guarantee Unreliable: there is no guarantee that datagrams are delivered that datagrams are delivered correctly or at all.correctly or at all.


IP AddressesIP Addresses

The address must include The address must include information about what information about what networknetwork the receiving host is on. This the receiving host is on. This makes routing feasible.makes routing feasible.

IP addresses are not the same IP addresses are not the same as the underlying data-link as the underlying data-link (MAC) addresses.(MAC) addresses.



Includes a network ID and a host Includes a network ID and a host ID.ID.

A Network ID is assigned to an A Network ID is assigned to an organization by a global authority organization by a global authority ((http://www.iana.org/http://www.iana.org/ ) )

Host IDs are assigned locally by a Host IDs are assigned locally by a system administrator.system administrator.



A single NIC is assigned one IP A single NIC is assigned one IP address. address.

A host may have multiple NICs, A host may have multiple NICs, and therefore multiple and therefore multiple hosthost addresses.addresses.

Hosts that share a network all Hosts that share a network all have the same IP have the same IP networknetwork address (the network ID).address (the network ID).


Subnet AddressesSubnet Addresses

An organization can subdivide it’s host An organization can subdivide it’s host address space into groups called subnets.address space into groups called subnets.

The subnet ID is generally used to group The subnet ID is generally used to group hosts based on the physical network hosts based on the physical network topology.topology.

It is possible to have a single wire network It is possible to have a single wire network with multiple subnets.with multiple subnets.

NetIDNetID SubnetIDSubnetID HostIDHostID


IP4 AddressesIP4 Addresses

ClassClass

00 NetIDNetID

1010

110110 NetIDNetID

1110 Multicast Address

HostIDHostID

NetIDNetID HostIDHostID

HostIDHostID

AA

BB

CC

DD8 bits 8 bits 8 bits8 bits



An IP An IP broadcastbroadcast address has a address has a host- ID of all 1’s.host- ID of all 1’s.

An IP address that has a host ID An IP address that has a host ID of all 0’s is called a of all 0’s is called a networknetwork address and refers to an entire address and refers to an entire network.network.


IP Addresses v. MAC IP Addresses v. MAC AddressesAddresses IP Addresses are not recognized by IP Addresses are not recognized by

NIC.NIC. The process of finding the MAC The process of finding the MAC

address of a host given the IP address address of a host given the IP address is called is called Address Resolution.Address Resolution.

The process of finding out the IP The process of finding out the IP address of a host given a hardware address of a host given a hardware address is called address is called Reverse Address Reverse Address Resolution.Resolution.


IPv6 addressesIPv6 addresses

Address is 128 bits long (16 bytes)Address is 128 bits long (16 bytes) Addresses are written in hexadecimalAddresses are written in hexadecimal Addresses can be abbreviatedAddresses can be abbreviated

3FFE:0B00:0000:0000:0000:0000:0000:0003FFE:0B00:0000:0000:0000:0000:0000:00011

3FFE:0B00::00013FFE:0B00::00013FFE:B00::13FFE:B00::1

There is no broadcast addresses, only multicast.There is no broadcast addresses, only multicast. Loopback address is ::1Loopback address is ::1 Addresses are scopedAddresses are scoped

– Link-local, site-local, globalLink-local, site-local, global


IP6 AddressIP6 Address

16 bits

3FFE: 0B00: 1234: 0000: 0000: 0000: 0000: 0001

128 bits


IP4-Compatible IP6 Address

0000 . . . 0000 IP4 Address0000

80 bits 32 bits16 bits

80 bits of 0s followed by 16 bits of 0s, followed by a 32 bit IP4 Address:


ARPARP

ARP is a broadcast protocol. Each host ARP is a broadcast protocol. Each host checks the request against its own host checks the request against its own host addresses - the matched one responds.addresses - the matched one responds.

Hosts remember the hardware Hosts remember the hardware addresses of others.addresses of others.

ARP protocol specifies that the receiving ARP protocol specifies that the receiving host should also remember the IP and host should also remember the IP and hardware addresses of the sending host.hardware addresses of the sending host.


Services provided by Services provided by IPIP Connectionless Delivery (each Connectionless Delivery (each

datagram is treated individually).datagram is treated individually). Unreliable (delivery is not Unreliable (delivery is not

guaranteed).guaranteed). Fragmentation / Reassembly Fragmentation / Reassembly

(based on hardware MTU).(based on hardware MTU). Routing.Routing. Error detection.Error detection.


IP DatagramIP Datagram

VERS HLFragment Offset

Fragment LengthServiceDatagram ID FLAG

TTL Protocol Header ChecksumSource IP Address

Destination IP AddressOptions (if any)

(TCP) Data

1 byte1 byte 1 byte 1 byte


IP Datagram IP Datagram FragmentationFragmentation Fragmentation can happen when Fragmentation can happen when

datagrams are forwarded through a datagrams are forwarded through a network for which they are too big. network for which they are too big.

IP specifies that datagram reassembly IP specifies that datagram reassembly is done only at the destination (not on is done only at the destination (not on a hop-by-hop basis).a hop-by-hop basis).

If any of the fragments are lost the If any of the fragments are lost the entire datagram is discarded (and an entire datagram is discarded (and an ICMP message is sent to the sender).ICMP message is sent to the sender).


ICMP (ICMP (Internet Control Message Protocol)

ping www.yahoo.comping www.yahoo.com ICMP uses IP to deliver messages.ICMP uses IP to deliver messages. ICMP messages are usually ICMP messages are usually

generated and processed by the generated and processed by the IP layer, not the user process.IP layer, not the user process.


ICMPICMP

If packets arrive too fast the If packets arrive too fast the receiver discards excessive packets receiver discards excessive packets and sends an ICMP message to the and sends an ICMP message to the sender (SOURCE QUENCH).sender (SOURCE QUENCH).

If an error is found (header If an error is found (header checksum problem, say) the packet checksum problem, say) the packet is discarded and an ICMP message is discarded and an ICMP message is sent to the sender.is sent to the sender.


ICMP Message TypesICMP Message Types

Echo RequestEcho Request Echo ResponseEcho Response Destination UnreachableDestination Unreachable RedirectRedirect Time ExceededTime Exceeded Redirect (route change)Redirect (route change) more ...more ...


UDP (User Datagram UDP (User Datagram Protocol)Protocol) UDP is a transport protocolUDP is a transport protocol Uses IP to deliver datagrams Uses IP to deliver datagrams Connectionless, Unreliable, Connectionless, Unreliable,

MinimalMinimal UDP uses UDP uses portsports to provide to provide

communication services to communication services to individual processes.individual processes.


PortsPorts

Port Port : an abstract destination : an abstract destination point. point.

Ports are identified by a positive Ports are identified by a positive 16-bit integer.16-bit integer.

Operating systems provide some Operating systems provide some mechanism that processes use to mechanism that processes use to specify a port. specify a port.


PortsPorts

Host AHost A Host BHost B

Process

Process

Process

Process

Process

Process


UDP Datagram FormatUDP Datagram Format

Source Port Destination Port

Length Checksum

Data


SocketsSockets


SocketsSockets

An An active socketactive socket is connected to a is connected to a remote active socket. Closing the remote active socket. Closing the connection destroys the active connection destroys the active sockets at each endpoint. sockets at each endpoint.

A A passive socketpassive socket is not is not connected, but rather awaits an connected, but rather awaits an incoming connection, which will incoming connection, which will spawn a new active socket.spawn a new active socket.


Sockets v. PortsSockets v. Ports

A socket is not a port. A socket is A socket is not a port. A socket is associatedassociated with a port. This is a with a port. This is a many-to-one relationship. many-to-one relationship.

Each port can have a single Each port can have a single passive socket, awaiting incoming passive socket, awaiting incoming connections, and multiple active connections, and multiple active sockets, each corresponding to an sockets, each corresponding to an open connection on the port. open connection on the port.


TCPTCP

Transmission Control Protocol :Transmission Control Protocol : Connection-orientedConnection-oriented ReliableReliable Full-duplexFull-duplex Byte-StreamByte-Stream


ConnectionConnection

Four Numbers: Source IP Address, Four Numbers: Source IP Address, Source Port, Destination IP Source Port, Destination IP Address, Destination PortAddress, Destination Port

““connection is established”: connection is established”: Operating Systems of both source Operating Systems of both source and destination hosts are and destination hosts are maintaining “state information” maintaining “state information” re the connection.re the connection.


Connection-OrientedConnection-Oriented

Connection oriented Connection oriented means that a means that a virtual connection is established virtual connection is established before any payload data is before any payload data is transferred. transferred.

If the connection cannot be If the connection cannot be established the user program is established the user program is notified. notified.

If the connection is ever interrupted If the connection is ever interrupted the user program is notified.the user program is notified.


Connection Connection establishmentestablishment Connection establishment phase Connection establishment phase

is required is required Ensures that the receiving Ensures that the receiving

process is available and to process is available and to synchronize sequence numbers, synchronize sequence numbers, etc. etc.


TCP State DiagramTCP State Diagram


ReliableReliable

Every transmission of data is Every transmission of data is acknowledged by the receiver. acknowledged by the receiver.

If the sender does not receive If the sender does not receive ACK within a specified amount of ACK within a specified amount of time, the sender retransmits the time, the sender retransmits the data. data.

ACK can be piggybacked on data.ACK can be piggybacked on data.


Byte StreamByte Stream

StreamStream means that the means that the connection is treated as a stream connection is treated as a stream of bytes. of bytes.

The user application does not The user application does not need to package data in need to package data in individual datagrams (as with individual datagrams (as with UDP).UDP).


BufferingBuffering

TCP is responsible for buffering TCP is responsible for buffering data and determining when it is data and determining when it is time to send a datagram. time to send a datagram.

It is possible for an application to It is possible for an application to tell TCP to send the data it has tell TCP to send the data it has buffered without waiting for a buffered without waiting for a buffer to fill up.buffer to fill up.


Full DuplexFull Duplex

TCP provides transport in both TCP provides transport in both directions.directions.

To the application program these To the application program these appear as two unrelated data appear as two unrelated data streams, although TCP can streams, although TCP can piggyback control and data piggyback control and data communication by providing control communication by providing control information (such as an ACK) along information (such as an ACK) along with user data.with user data.


TCP PortsTCP Ports

Interprocess communication via Interprocess communication via TCP is achieved with the use of TCP is achieved with the use of ports (just like UDP). ports (just like UDP).

UDP ports have no relation to TCP UDP ports have no relation to TCP ports (different name spaces).ports (different name spaces).


TCP/UDP PortsTCP/UDP Ports

Reserved Ports less than 1024: Only Reserved Ports less than 1024: Only root can bind to these ports.root can bind to these ports.

Local Port of a process that requested Local Port of a process that requested the connection. Usually a random the connection. Usually a random number, 0-65535.number, 0-65535.

Remote Port: What application Remote Port: What application accepted the connection. Usually a accepted the connection. Usually a known number. /etc/services. E.g.,known number. /etc/services. E.g.,

– 80 for HTTP80 for HTTP– 143 for IMAP143 for IMAP– 443 for HTTP/SSL443 for HTTP/SSL


TCP SegmentsTCP Segments

The chunk of data that TCP asks The chunk of data that TCP asks IP to deliver is called a IP to deliver is called a TCP TCP segmentsegment..

Each segment contains:Each segment contains:– data bytes from the byte streamdata bytes from the byte stream– control information that identifies control information that identifies

the data bytes the data bytes


TCP Segment Format TCP Segment Format

Destination Port

Options (if any)

Data

1 byte 1 byteSource Port

Sequence NumberRequest Number

1 byte 1 byte

offset Res Control WindowChecksum Urgent Pointer


Sequence NumberSequence Number

The “positional” number of the The “positional” number of the first data byte in this segment, first data byte in this segment, except when SYN control flag is except when SYN control flag is 1. 1.

If SYN is 1 the sequence number If SYN is 1 the sequence number is the initial sequence number is the initial sequence number (ISN). (ISN).

32 bit unsigned integer32 bit unsigned integer


Sequence NumberSequence Number

Initial Sequence Number (ISN) is Initial Sequence Number (ISN) is randomly generated.randomly generated.

What if ISN is not random?What if ISN is not random?– You can hijack and kill arbitrary You can hijack and kill arbitrary

connections!connections!


Acknowledgment Acknowledgment NumberNumber

If the ACK control bit is set, this If the ACK control bit is set, this field contains the value of the field contains the value of the next sequence number the next sequence number the sender of the segment is sender of the segment is expecting to receive. Once a expecting to receive. Once a connection is established this is connection is established this is always included. always included.


Control BitsControl Bits

URG: Urgent Pointer field significant URG: Urgent Pointer field significant PSH: Push Function PSH: Push Function ACK: Acknowledgment field ACK: Acknowledgment field

significantsignificant RST: Reset the connection RST: Reset the connection SYN: Synchronize sequence numbersSYN: Synchronize sequence numbers FIN: No more data from sender FIN: No more data from sender


TCP v. UDPTCP v. UDP

Q: Which protocol is better ? Q: Which protocol is better ? A: It depends on the application.A: It depends on the application.

TCP provides a connection-TCP provides a connection-oriented, reliable byte stream oriented, reliable byte stream service (lots of overhead).service (lots of overhead).

UDP offers minimal datagram UDP offers minimal datagram delivery service (as little delivery service (as little overhead as possible).overhead as possible).


TCP three-way TCP three-way handshake handshake Establishes a connection.Establishes a connection.

1.1. A: A: “I would like to talk to you B.”“I would like to talk to you B.”

A sends a SYN packet to B A sends a SYN packet to B

2.2. B: B: “Ok, let's talk.”“Ok, let's talk.”

B sends a SYN-ACK packet to A B sends a SYN-ACK packet to A

3.3. A: A: “Thanks for agreeing.”“Thanks for agreeing.”

A sends ACK to B A sends ACK to B


TCP three-way TCP three-way handshakehandshakeFlags src dst seq ack Flags src dst seq ack

SYN 1037 80 SYN 1037 80 102723769102723769 0 0

SYN-ACK 80 1037 SYN-ACK 80 1037 15278572061527857206 102723770102723770

ACK 1037 80 ACK 1037 80 102723770102723770 15278572071527857207


Four-Way Handshake Four-Way Handshake

The Four-Way Handshake The Four-Way Handshake terminates a previously terminates a previously established connection: established connection:

1.1. A to B: FINA to B: FIN

2.2. B to A: ACKB to A: ACK

3.3. B to A: FINB to A: FIN

4.4. A to B: ACKA to B: ACK


Connection ResettingConnection Resetting

Host X sends an RST packet Host X sends an RST packet resetting the connection if:resetting the connection if:– Y requested a connection to a non-Y requested a connection to a non-

existent port P on host X, or existent port P on host X, or – For whatever reason (idle for a long For whatever reason (idle for a long

time, or an abnormal condition, ...), time, or an abnormal condition, ...), the host X (client or the sever) the host X (client or the sever) wishes to close the connection. wishes to close the connection.

Resetting is unilateral.Resetting is unilateral.

Documents

TCP/IP Refresher Prabhaker Mateti (ack: Many many sources …)