Contents Introduction TCP Operation Transport Layer Port
Introduction The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination. This is accomplished through the use of sliding windows and sequencing numbers along with a synchronization process. The transport layer provides transport services from the source host to the destination host. It establishes a logical connection between the endpoints of the network. Transport services segment and reassemble several upper-layer applications onto the same transport layer data stream.
TCP Operation Flow Control As the transport layer sends data segments, it tries to ensure that data is not lost. A receiving host that is unable to process data as quickly as it arrives could be a cause of data loss. The receiving host is then forced to discard it. Flow control avoids the problem of a transmitting host overflowing the buffers in the receiving host.
Session establishment, maintenance, and termination Transport functionality is accomplished on a segment- by-segment basis. For data transfer to begin, both the sending and receiving applications inform the respective operating systems that a connection will be initiated. The connection is established and the transfer of data begins after all synchronization has occurred. At the end of data transfer, the sending host sends a signal that indicates the end of the transmission.
TCP Operation Three-way handshake Prior to data transmission, the two communicating hosts go through a synchronization process to establish a virtual connection. It ensures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers. One host sends a synchronization (SYN) packet to initiate a connection. This packet has an initial sequence number of x with a bit in the header that indicates a connection request. This bit is set in the acknowledgment number field of the TCP header, which is also referred to as the code field.
TCP Operation The other host receives the packet, records the sequence number of x, replies with an acknowledgment (ACK) of x + 1, and includes its own initial sequence number of y. The acknowledgment number of x + 1 means the host has received all octets up to and including x, and expects x + 1 next. The initiating host responds with a simple ACK of y + 1, which is the sequence number of Host B + 1. This indicates that it received the previous ACK and finalizes the connection process.
Windowing TCP is responsible for breaking data into segments. Once the data is segmented, it must be transmitted to the destination device. Window size determines the amount of data that can be transmitted at one time before the destination responds with an ACK. After a host transmits the window-sized number of bytes, the host must receive an acknowledgment that the data has been received before it can send any more data.
TCP utilizes a sliding window when determining transmission size. A sliding window allows for devices to negotiate a window size to allow for more than one byte to be sent during a single transmission. For example, the sender sends three packets before expecting an ACK. If the receiver can handle a window size of only two packets, the window drops packet three, specifies three as the next packet, and specifies a new window size of two.
Sequence Number TCP applies sequence numbers to the data segments that are transmitted so that the receiver can reassemble the bytes in their original order. These sequencing numbers also act as reference numbers so that the receiver will know if it has received all of the data. They also identify the missing data pieces to the sender so it can retransmit the missing data.
TCP Operation Acknowledgement Positive acknowledgment with retransmission (PAR) is one technique that guarantees reliable delivery of data. It requires a recipient to communicate with the source and send back an acknowledgment message when the data is received. The sender also starts a timer when it sends a segment and will retransmit a segment if the timer expires before an acknowledgment arrives. If a packet does not arrive at the destination, the receiver acknowledges with a request to resend the packet. The sender will resends the packet
Denial of service attacks Deny services to legitimate hosts that try to establish connections. Used by hackers to halt system responses. One type of DoS is known as SYN flooding. The hacker initiates a SYN but spoofs the source IP address. Spoofing is a term used when the receiving device replies to a non-existent, unreachable IP address and then is placed in a wait state until it receives the final ACK from the initiator. This wait state requires the attacked device to use system resources, such as memory, until the connection timer times out
TCP Operation To defend against these attacks, system administrators may decrease the connection timeout period and increase the connection queue size.
Transport Layer Port A port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server. Hosts running TCP/IP associate ports at the transport layer with certain applications. Port numbers are needed for a host to communicate with a server that uses multiple services. Both TCP and UDP use port or socket numbers to pass information to the upper layers.
Port numbers have the following assigned ranges: The Well Known Ports are those from 0 through 1023 The Registered Ports are those from 1024 through 49151 The Dynamic and/or Private Ports are those from 49152 through 65535 Source port numbers for these requests are dynamically assigned by the originating host, and are usually a number larger than 1023. Clients and servers use ports to distinguish which process each segment is associated with.
Transport Layer Port Port numbers are represented by 2 bytes in the header of a TCP or UDP segment. This 16-bit value can result in port numbers ranging from 0 to 65535. The source and destination port numbers combine with the network address to form a socket. A pair of sockets, one on each host, forms a unique connection.