CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 2/ MODULE 10 Intermediate TCP/IP
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Overview Routers use the Internet Protocol (IP) address information in an IP packet header to determine which interface the packet should be switched to in order to move closer its destination. It is described as an unreliable, connectionless protocol, using best-effort delivery. If packets are dropped in route, arrive in the wrong order, or are transmitted faster than the receiver can accept them, IP alone cannot correct the problem. To address these problems, IP relies upon Transmission Control Protocol (TCP).
TCP/IP TCP/IP operations CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP TCP/IP operations IP addresses allow for the routing of packets between networks. However, IP makes no guarantees about delivery. The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination by using sliding windows and sequencing numbers along with a synchronization process that ensures each host is ready and willing to communicate.
TCP three-ways handshake open-connection CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP TCP three-ways handshake open-connection This synchronization process insures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers.
Denial of Service Attacks CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Denial of Service Attacks Denial of service (DoS) attacks are designed to deny services to legitimate hosts attempting to establish connections. One type of DoS is known as SYN flooding. SYN flooding exploits the normal three-way handshake and causes targeted devices to ACK to source addresses that will not complete the handshake.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Denial attacks In a DoS attack, the hacker initiates a synchronization but spoofs the source IP address. Spoofing is a term used when the receiving device replies to a non-existent, unreachable IP address and then is placed in a wait state while waiting to receive the final ACK from the initiator.
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Denial attacks The waiting request is placed in a connection queue or a holding area in memory. This waiting state requires the attacked device to commit system resources, such as memory, to the waiting process until the connection timer times out. Hackers will flood the attacked host with these false SYN requests utilizing all of its connection resources to respond and wait for false connections, preventing it from responding to legitimate connection requests. To defend against these attacks, system administrators may decrease the connection timeout period and increase the connection queue size. Software also exists that can detect these types of attacks and initiate defensive measures.
TCP is responsible for breaking data into segments. CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Simple window sliding The amount of data that needs to be transmitted is often too large to be sent in a single data segment. Thereby, the data must be broken into smaller pieces to allow for proper data transmission. TCP is responsible for breaking data into segments. Once the data is segmented, it must be transmitted to the destination device. One of the services provided by TCP is flow control, which regulates how much data is sent during a given transmission period. The process of flow control is known as windowing.
TCP/IP TCP sliding window CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP TCP sliding window TCP utilizes a sliding window when determining transmission size. A sliding window allows for devices to negotiate a window size to allow for more than one byte to be sent during a single transmission. This sliding window also allows the destination device to indicate to the source a need to decrease or increase the amount of data being sent because it is incapable at that time of dealing with that much data.
TCP/IP TCP segment format CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP TCP segment format Positive acknowledgment and retransmission (PAR) is a common technique many protocols use to provide reliability. With PAR, the source sends a packet, starts a timer, and waits for an acknowledgment before sending the next packet. If the timer expires before the source receives an acknowledgment, the source retransmits the packet and starts the timer over again. TCP uses expectational acknowledgments in which the acknowledgment number refers to the next octet that is expected.
TCP/IP Protocol suit TCP/IP CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Protocol suit TCP/IP
TCP/IP TCP segment format CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP TCP segment format
TCP/IP UDP segment format CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP UDP segment format
CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP Port numbers Port numbers are represented by 2 bytes in the header of a TCP or UDP segment. This 16-bit value can result in port numbers ranging from 0 to 65535. These port numbers are divided into three different categories: 1. Well-known ports: the first 1023 ports, used for well-known network services 2. Registered ports: range from 1024 to 49151 3. Dynamic or private ports: ports between 49152 and 68835
TCP sequence and acknowledgement numbers CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/ MODULE 10 TCP/IP TCP sequence and acknowledgement numbers