Presentation is loading. Please wait.

Presentation is loading. Please wait.

Transport Layer Protocols TCP and UDP. L.Krist NVCC2 Transport Control Protocols The function of the Transport Layer is to insure packets have no errors.

Similar presentations

Presentation on theme: "Transport Layer Protocols TCP and UDP. L.Krist NVCC2 Transport Control Protocols The function of the Transport Layer is to insure packets have no errors."— Presentation transcript:

1 Transport Layer Protocols TCP and UDP

2 L.Krist NVCC2 Transport Control Protocols The function of the Transport Layer is to insure packets have no errors and that all packets arrive and are correctly reassembled. Two protocols are used: User Datagram Protocol.  Provides unreliable, connectionless delivery service using Internet Protocol.  Application programs utilizing UDP accepts full responsibility for packet reliability including message loss, duplication, delay, out of sequence, multiplexing and connectivity loss. Transmission Control Protocol.  Provides a reliable, connection delivery service using Internet Protocol.  It provides reliable packet delivery, packet sequencing, error control, multiplexing. Hardware IP Applications TCPUDP Packet TCP and UDP pass IP packets to the applications

3 L.Krist NVCC3 Connectionless vs Connection-oriented Protocols Connection-oriented – Two computers connect before sending any data, sender lets receiver know that data is on the way; recipient acknowledges receipt of data (ACK) or denies receipt (NACK). The ACKing and NACKing is called handshaking. (Type supported by TCP). Reliable, but carries overhead burden. Connectionless – Computers involved know nothing about each other or the data being sent. Makes no attempt to cause networks senders and receivers to exchange information about their availability or ability to communicate with one another, “best effort” delivery. (Type supported by IP, UDP). Not reliable, but faster and may be good enough. Also upper layer apps may worry about errors and reliability processing, so no need to do it twice.

4 L.Krist NVCC4 Transport Layer Ports Both TCP and UDP use port numbers to pass to the upper layers. Port numbers have the following ranges:  0-255 used for public applications, 0-1023 also called well- known ports, regulated by IANA.  Numbers from 255-1023 are assigned to marketable applications  1024 through 49151 Registered Ports, not regulated.  49152 through 65535 are Dynamic and/or Private Ports. Port numbers are used to keep track of different conversations that cross the network at the same time. Port numbers identify which upper layer service is needed, and are needed when a host communicates with a server that uses multiple services.

5 L.Krist NVCC5 9DiscardDiscard all incoming data port 7EchoEcho 19ChargenExchange streams of data port 20FTP-DataFile transfer data port 21FTP-CMDFile transfer command port 23TelnetTelnet remote login port 25SMTPSimple Mail Transfer Protocol port 53DOMAINDomain Name Service 79FingerObtains information about active users 80HTTPHypertext Transfer Protocol port 88KerberosAuthentication Protocol 110POP3PC Mail retrieval service port 119NNTPNetwork news access port 161SMTPNetwork Management 179BGPBorder Gateway Protocol 513RloginRemote Login In PortApplicationDescription Some Well-Known TCP Ports

6 L.Krist NVCC6 Destination PortSource Port Ports for Clients 80 1032 1. Client requests a web page from server 1032 2. Server responds to client Clients and servers both use ports to distinguish what process each segment is associated with. Source ports, which are set by the client, are determined dynamically, usually a randomly assigned a number above 1023.

7 L.Krist NVCC7 FCS PREAMBLE DESTINATION ADDR 00 00 1B 12 23 34 SOURCE ADDR 00 00 1B 09 08 07 FIELD TYPE ETHERNET 6 Source IP Address; Destination IP Address; IP Header TCP Header IP HEADER TCP HEADER DATA Source Port 5512 Destination Port 23 Telnet DATA LINK LAYER NETWORK LAYER TRANSPORT LAYER APPLICATION LAYER Protocols and Port Numbers

8 L.Krist NVCC8 FCS PREAMBLE DESTINATION ADDR 00 00 1B 12 23 34 SOURCE ADDR 00 00 1B 09 08 07 FIELD TYPE ETHERNET 17 Source IP Address; Destination IP Address; IP Header UDP IP HEADER TCP HEADER DATA Source Port 5512 Destination Port 69 TFTP DATA LINK LAYER NETWORK LAYER TRANSPORT LAYER APPLICATION LAYER Protocols and Port Numbers

9 L.Krist NVCC9 TCP Operation TCP is a connection-oriented protocol. TCP provides the following major services to the upper protocol layers:  Connection-oriented data management to assure the end-to-end transfer of data across the network(s).  Reliable data transfer to assure that all data is accurately received, in sequence and with no duplicates.  Stream-oriented data transfer takes place between the sender application and TCP and the receiving application and TCP. To stream is to send individual characters not blocks or frames. Prior to data transmission, hosts establish a virtual connection via a synchronization process. The synch process is a 3-way “handshake”, which ensures both sides are ready to transfer data and determines the initial sequence numbers. Sequence numbers give hosts a way to acknowledge what they have received. TCP header contain SYN bits, or flags, to achieve this.

10 L.Krist NVCC10 TCP Synchronization or 3-Way Handshake TCP is a connection oriented protocol. Communicating hosts go through a synchronization process to establish a virtual connection. This synchronization process insures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers. Send ACK ACK = y + 1 Receive SYN Seq = x Send SYN Seq = y ACK = x + 1 Receive SYN Seq = y ACK = x + 1 Send SYN Seq = x Receive ACK ACK = y + 1 Sequence numbers are reference numbers between the two devices. The sequence numbers give each host a way to ACK the SYN, so the receiver knows which connection request the sender is responding to.

11 L.Krist NVCC11 Denial of Service Attacks 1.Hacker initiates a SYN but spoofs the source IP address. DoS attacks are designed to deny services to legitimate users. DoS attacks are used by hackers to overwhelm and crash systems. SYN flooding is a DoS attack that exploits the three way handshake. To defend against these attacks, decrease the connection timeout period and increase the connection queue size. Software also exists that can detect these types of attacks and initiate defensive measures. Send SYN Receive SYN Send SYN/ACK Send SYN 2.Target replies to the unreachable IP address and waits for final ACK. 3.Hackers floods target with false SYN requests tying up its connection resources, preventing it from responding to legitimate connection requests.

12 L.Krist NVCC12 TCP Windows and Flow Control Data often is too large to be sent in a single segment. TCP splits the data into multiple segments. TCP provides flow control through “windowing” to set the pace of how much data is sent at a time – IE how many bytes per window, and how many windows between ACKs. Window Size = 1 Window Size = 3

13 L.Krist NVCC13 Sliding window refers to the fact that the window size is negotiated dynamically during the TCP session. Window size determines the amount of data that you can transmit before receiving an acknowledgment. This is how TCP assists in congestion control. Windowing and Window Size If the source receives no acknowledgment, it knows to retransmit at a slower rate. Expectational acknowledgment means that the acknowledgment number refers to the octet that is next expected. Fast enough for you? I didn’t get all of that, slow down.

14 L.Krist NVCC14 Sequence and ACK Numbers Each TCP segment is numbered before transmission so that the receiver will be able to properly reassemble the bytes in their original order. They also identify missing data pieces so the sender can retransmit them. Only the missing segments need to be re-transmitted. Positive Acknowledgement and Retransmission TCP utilizes PAR to control data flow and confirm data delivery. Source sends packet, starts timer, and waits for ACK. If timer expires before source receives ACK, source retransmits the packet and restarts the timer.

15 L.Krist NVCC15 VERS FCS PREAMBLE DESTINATION ADDRESS SOURCE ADDRESS FIELD TYPE ETHERNET 0-65535 2 6 6 8 4 HLEN TOS Total Length 4 bits 8 bits16 bits Identification 16 bits Flags 3 bits Fragment Offset 13 bits TTL 8 bits Protocol 8 bits Checksum 16 bits Source IP Address 32 bits Destination IP Address 32 bits IP Options(if any) 32 bits TCP Data (if any) 0 15 16 31 Source Port Destination Port Sequence Number Acknowledgement Number Offset U AP R S F Reserved Receive Window Size Checksum Urgent Pointer 16 bits 32 bits 4 bits 6 bits 16 bits IP Header TCP Header IP Datagram Options (if any) DATAIP HEADER TCP HEADER TCP Encapsulation

16 L.Krist NVCC16 Number of the calling port Number of the called port Used to ensure correct sequencing of the arriving data Next expected TCP octet Number of 32-bit words in the header set to zero Control setup and termination of session Number of octets sender is willing to accept Indicates the end of the urgent data Upper layer protocol data TCP Segment Format

17 L.Krist NVCC17 Details on TCP Fields Sequence Number. TCP numbers each byte in the TCP data with a sequence number.  The sequence number identifies the first byte in the data segment being transmitted from the sending TCP to the receiving TCP. Acknowledgement Number. The acknowledgement number contains the next sequence number the receiving station (sending the acknowledgement) expects to receive. The Acknowledgement flag is set.  Offset. It is perhaps more descriptive to call this field the TCP Header Length. This field is required because the length of the options field is variable.  It indicates where the TCP header ends and the data begins. The header is 20 bytes without the options field. Reserved. This field is reserved for future use and is set to zero. TCP software uses the 6 Code Bits to determine the purpose and contents of the segment.  Urg This flag indicates that this segment contains an Urgent pointer field. The Urgent Pointer field is explained below. 1 = Urgent, 0 = Not Urgent.  Ack This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0 = No Ack.  Psh The segment requests a Push. TCP software usually gathers enough data to fill the transmit buffer prior to transmitting the data. 1 = Push, 0 = No Push. If an application requires data to be transmitted even though a buffer may not be full then a PUSH flag bit is set. At the receive side the PUSH makes the data available to the application without delay.  Reset This field will Reset the connection. 1 = Reset, 0 = No Reset.  Syn This flag field is used to Synchronize sequence numbers to initiate a connection. 1 = Syn, 0 = No Syn  Fin The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 = No Fin. Urgent Pointer. This field presents a way for the sender to transmit emergency data to the receiver. The URG flag must be set.  The Urgent Pointer is a 16 bit positive offset that is added to the sequence number field in the TCP header to obtain the sequence number of the last byte of the urgent data.  The application determines where the urgent data starts in the data stream.  The field is normally used by the application to indicate the pressing of an interrupt key during Telnet/Rlogin or a file transfer abort during FTP.

18 L.Krist NVCC18 UDP/TCP Operation Comparison There are two protocols at Layer 4 – TCP and UDP. Both TCP and UDP use IP as their underlying protocol. TCP must be used when applications need to guarantee the delivery of a packet. When applications do not need a guarantee, UDP is used. UDP is often used for applications and services such as real-time audio and video. These applications require less overhead. They also do not need to be re-sequenced since packets that arrive late or out of order have no value. TCPUDP Connection-oriented delivery Connectionless delivery, faster Uses windows and ACKs No windows or ACKs Full headerSmaller header, less overhead SequencingNo sequencing Provides reliabilityRelies on app layer protocols for reliability FTP, HTTP, SMTP, and DNS DNS, TFTP, SNMP, and DHCP  0 – 15  16 - 31  31 - 47  48 – 63  64  Source PortDestination PortLengthChecksumData… UDP segment format

19 L.Krist NVCC19 User Datagram Protocol UDP is a connectionless, unreliable Transport level service protocol. It is primarily used for protocols that require a broadcast capability, i.e RIP. It provides no packet sequencing, may lose packets, and does not check for duplicates.  It is used by applications that do not need a reliable transport service.  Application data is encapsulated in a UDP header which in turn is encapsulated in an IP header. UDP distinguishes different applications by port number which allows multiple applications running on a given computer to send /receive datagrams independently of one another. FCS IP HEADER PREAMBLE DESTINATION ADDRESS SOURCE ADDRESS FIELD TYPE ETHERNET 8-1500 2 6 6 8 4 UDP Source Port 0 15 16 31 UDP Message Length Data UDP Destination Port UDP Checksum... UDP DATAGRAM

20 L.Krist NVCC20 UDP Port Numbers Echo7Echo user datagram back to user Discard9Discard user datagrams Daytime13Report time in a user friendly fashion Quote17Return "Quote of the day" Chargen19Character generator Nameserver53Domain Name Server Sql-Net66Oracle Sequel Network BOOTPS67Server port to download configuration information BOOTPC68Client port to receive configuration information TFTP69Trivial File Transport Protocol POP3110Post Office Protocol - V3 SunRPC111Sun Remote Procedure Call NTP123Network Time Protocol SNMP161Used to receive network management queries SNMP-trap162Used to receive network problem reports. IRC194Internet Relay Chat IPX213IPX - IP Tunneling SysLog514System Log RIP520Routing Information Protocol NFS2049Network File Service

21 L.Krist NVCC21 Packet Analysis Ethereal and dns-moviefone.pkt trace

Download ppt "Transport Layer Protocols TCP and UDP. L.Krist NVCC2 Transport Control Protocols The function of the Transport Layer is to insure packets have no errors."

Similar presentations

Ads by Google