Presentation on theme: "CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 2/ MODULE 10 Intermediate TCP/IP."— Presentation transcript:
CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 2/ MODULE 10 Intermediate TCP/IP
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Overview TCP/IP Routers use the Internet Protocol (IP) address information in an IP packet header to determine which interface the packet should be switched to in order to move closer its destination. It is described as an unreliable, connectionless protocol, using best-effort delivery. If packets are dropped in route, arrive in the wrong order, or are transmitted faster than the receiver can accept them, IP alone cannot correct the problem. To address these problems, IP relies upon Transmission Control Protocol (TCP).
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP operations TCP/IP IP addresses allow for the routing of packets between networks. However, IP makes no guarantees about delivery. The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination by using sliding windows and sequencing numbers along with a synchronization process that ensures each host is ready and willing to communicate.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP three-ways handshake open-connection TCP/IP This synchronization process insures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Denial of Service Attacks TCP/IP Denial of service (DoS) attacks are designed to deny services to legitimate hosts attempting to establish connections. One type of DoS is known as SYN flooding. SYN flooding exploits the normal three-way handshake and causes targeted devices to ACK to source addresses that will not complete the handshake.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Denial attacks TCP/IP In a DoS attack, the hacker initiates a synchronization but spoofs the source IP address. Spoofing is a term used when the receiving device replies to a non-existent, unreachable IP address and then is placed in a wait state while waiting to receive the final ACK from the initiator.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Denial attacks TCP/IP The waiting request is placed in a connection queue or a holding area in memory. This waiting state requires the attacked device to commit system resources, such as memory, to the waiting process until the connection timer times out. Hackers will flood the attacked host with these false SYN requests utilizing all of its connection resources to respond and wait for false connections, preventing it from responding to legitimate connection requests. To defend against these attacks, system administrators may decrease the connection timeout period and increase the connection queue size. Software also exists that can detect these types of attacks and initiate defensive measures.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Simple window sliding TCP/IP The amount of data that needs to be transmitted is often too large to be sent in a single data segment. Thereby, the data must be broken into smaller pieces to allow for proper data transmission. TCP is responsible for breaking data into segments. Once the data is segmented, it must be transmitted to the destination device. One of the services provided by TCP is flow control, which regulates how much data is sent during a given transmission period. The process of flow control is known as windowing.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP sliding window TCP/IP TCP utilizes a sliding window when determining transmission size. A sliding window allows for devices to negotiate a window size to allow for more than one byte to be sent during a single transmission. This sliding window also allows the destination device to indicate to the source a need to decrease or increase the amount of data being sent because it is incapable at that time of dealing with that much data.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP segment format TCP/IP Positive acknowledgment and retransmission (PAR) is a common technique many protocols use to provide reliability. With PAR, the source sends a packet, starts a timer, and waits for an acknowledgment before sending the next packet. If the timer expires before the source receives an acknowledgment, the source retransmits the packet and starts the timer over again. TCP uses expectational acknowledgments in which the acknowledgment number refers to the next octet that is expected.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Protocol suit TCP/IP TCP/IP
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP segment format TCP/IP
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 UDP segment format TCP/IP
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 Port numbers TCP/IP Port numbers are represented by 2 bytes in the header of a TCP or UDP segment. This 16-bit value can result in port numbers ranging from 0 to 65535. These port numbers are divided into three different categories: 1. Well-known ports: the first 1023 ports, used for well-known network services 2. Registered ports: range from 1024 to 49151 3. Dynamic or private ports: ports between 49152 and 68835
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP sequence and acknowledgement numbers TCP/IP