Presentation on theme: "CISCO NETWORKING ACADEMY PROGRAM (CNAP)"— Presentation transcript:
1CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 2/ MODULE 10Intermediate TCP/IP
2CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPOverviewRouters use the Internet Protocol (IP) address information in an IP packet header to determine which interface the packet should be switched to in order to move closer its destination.It is described as an unreliable, connectionless protocol, using best-effort delivery.If packets are dropped in route, arrive in the wrong order, or are transmitted faster than the receiver can accept them, IP alone cannot correct the problem.To address these problems, IP relies upon Transmission Control Protocol (TCP).
3TCP/IP TCP/IP operations CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPTCP/IP operationsIP addresses allow for the routing of packets between networks. However, IP makes no guarantees about delivery.The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination by using sliding windows and sequencing numbers along with a synchronization process that ensures each host is ready and willing to communicate.
4TCP three-ways handshake open-connection CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPTCP three-ways handshake open-connectionThis synchronization process insures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers.
5Denial of Service Attacks CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPDenial of Service AttacksDenial of service (DoS) attacks are designed to deny services to legitimate hosts attempting to establish connections.One type of DoS is known as SYN flooding.SYN flooding exploits the normal three-way handshake and causes targeted devices to ACK to source addresses that will not complete the handshake.
6CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPDenial attacksIn a DoS attack, the hacker initiates a synchronization but spoofs the source IP address.Spoofing is a term used when the receiving device replies to a non-existent, unreachable IP address and then is placed in a wait state while waiting to receive the final ACK from the initiator.
7CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPDenial attacksThe waiting request is placed in a connection queue or a holding area in memory. This waiting state requires the attacked device to commit system resources, such as memory, to the waiting process until the connection timer times out. Hackers will flood the attacked host with these false SYN requests utilizing all of its connection resources to respond and wait for false connections, preventing it from responding to legitimate connection requests.To defend against these attacks, system administrators may decrease the connection timeout period and increase the connection queue size.Software also exists that can detect these types of attacks and initiate defensive measures.
8TCP is responsible for breaking data into segments. CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPSimple window slidingThe amount of data that needs to be transmitted is often too large to be sent in a single data segment.Thereby, the data must be broken into smaller pieces to allow for proper data transmission.TCP is responsible for breaking data into segments.Once the data is segmented, it must be transmitted to the destination device.One of the services provided by TCP is flow control, which regulates how much data is sent during a given transmission period.The process of flow control is known as windowing.
9TCP/IP TCP sliding window CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPTCP sliding windowTCP utilizes a sliding window when determining transmission size.A sliding window allows for devices to negotiate a window size to allow for more than one byte to be sent during a single transmission.This sliding window also allows the destination device to indicate to the source a need to decrease or increase the amount of data being sent because it is incapable at that time of dealing with that much data.
10TCP/IP TCP segment format CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPTCP segment formatPositive acknowledgment and retransmission (PAR) is a common technique many protocols use to provide reliability.With PAR, the source sends a packet, starts a timer, and waits for an acknowledgment before sending the next packet. If the timer expires before the source receives an acknowledgment, the source retransmits the packet and starts the timer over again.TCP uses expectational acknowledgments in which the acknowledgment number refers to the next octet that is expected.
11TCP/IP Protocol suit TCP/IP CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPProtocol suit TCP/IP
12TCP/IP TCP segment format CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPTCP segment format
13TCP/IP UDP segment format CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPUDP segment format
14CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10TCP/IPPort numbersPort numbers are represented by 2 bytes in the header of a TCP or UDP segment.This 16-bit value can result in port numbers ranging from 0 toThese port numbers are divided into three different categories:1. Well-known ports: the first 1023 ports, used for well-known network services2. Registered ports: range from 1024 to 491513. Dynamic or private ports: ports between and 68835
15TCP sequence and acknowledgement numbers CISCO NETWORKING ACADEMY PROGRAMSEMESTER 2/ MODULE 10TCP/IPTCP sequence and acknowledgement numbers