Marwan Al-Namari Week 6
TCP is a reliable, connection-oriented delivery service. The data is transmitted in segments. Connection-oriented means that a connection must be established before hosts can exchange data. Reliability is achieved by assigning a sequence number to each segment transmitted. An acknowledgement is used to verify that the data was received by the other host. For each segment sent, the receiving host must return an acknowledgement (ACK) within a specified period for bytes received. If an ACK is not received, the data is retransmitted. TCP uses byte-stream communications, wherein data within the TCP segment is treated as a sequence of bytes with no record or field boundaries. Following table describes the key fields in the TCP header.
FieldFunction Source PortTCP port of sending host. Destination PortTCP port of destination host. Sequence NumberSequence number of the first byte of data in the TCP segment. Acknowledgement Number Sequence number of the byte the sender expects to receive next from the other side of the connection. WindowCurrent size of a TCP buffer on the host sending this TCP segment to store incoming segments. TCP ChecksumVerifies the integrity of the TCP header and the TCP data.
A TCP connection is initialized through a three-way handshake. The purpose of the three-way handshake is to synchronize the sequence number and acknowledgement numbers of both sides of the connection and exchange TCP Window sizes. The following steps outline the process:
The client sends a TCP segment to the server with an initial Sequence Number for the connection and a Window size indicating the size of a buffer on the client to store incoming segments from the server.
The server sends back a TCP segment containing its chosen initial Sequence Number, an acknowledgement of the client’s Sequence Number, and a Window size indicating the size of a buffer on the server to store incoming segments from the client.
The client sends a TCP segment to the server containing an acknowledgement of the server’s Sequence Number. N.B. TCP uses a similar handshake process to end a connection. This guarantees that both hosts have finished transmitting and that all data was received.
TCP Port Number Description 20FTP (Data Channel) 21FTP (Control Channel) 23Telnet 80HTTP used for the World Wide Web 139NetBIOS session service For a current list of TCP and UDP well known ports, see the Internet Assigned Numbers Authority (IANA)
17TCPqotdquoteQuote of the day 17UDPqotdquoteQuote of the day 19TCPchargenttytst sourceCharacter generator 19UDPchargenttytst sourceCharacter generator 20TCPftp-dataFile Transfer 21TCPftpFTP Control 23TCPtelnetTelnet 25TCPsmtpmailSimple Mail Transfer 37TCPtime Time 37UDPtime Time 39UDPrlpresourceResource Location Protocol 42TCPnameservernameHost Name Server 42UDPnameservernameHost Name Server 43TCPnicnamewhoisWho Is 53TCPdomainDomain Name 53UDPdomainDomain Name Server 67UDPbootpsdhcpsBootstrap Protocol Server 68UDPbootpcdhcpcBootstrap Protocol Client 69UDPtftpTrivial File Transfer
70TCPgopherGopher 79TCPfingerFinger 80TCPhttpwww, httpWorld Wide Web 101TCPhostnamehostnamesNIC Host Name Server 107TCPrtelnetRemote Telnet Service 110TCPpop3postofficePost Office Protocol - Version 3 113TCPauthident tapAuthentication Service 119TCPnntpusenetNetwork News Transfer Protocol 123UDPntp Network Time Protocol 137TCPnetbios-nsnbnameNETBIOS Name Service 137UDPnetbios-nsnbnameNETBIOS Name Service 138UDPnetbios-dgmnbdatagramNETBIOS Datagram Service 139TCPnetbios-ssnnbsessionNETBIOS Session Service 143TCPimapimap4Internet Message Access Protocol 158TCPpcmail-srvrepositoryPC Mail Server 161UDPsnmp SNMP 162UDPsnmptrapsnmp-trapSNMP TRAP 179TCPbgpBorder Gateway Protocol 194TCPircInternet Relay Chat Protocol 213UDPipxIPX over IP
A useful TCP/IP diagnostic utility which shows the ports in use
Active Connections Proto Local Address Foreign Address State TCP : :80 CLOSE_WAIT TCP : :80 CLOSE_WAIT TCP : :80 CLOSE_WAIT TCP : :80 CLOSE_WAIT TCP : :80 ESTABLISHED TCP : :80 TIME_WAIT TCP : :80 TIME_WAIT TCP : :80 SYN_SENT
Will show the listening ports This is a good check to see if you have a Trojan programme running which opens a port as a ‘backdoor’ for hackers.
When a TCP connection is closed, the socket pair is placed into a state known as TIME-WAIT This is so that a new connection does not use the same protocol, source IP address, destination IP address, source port, and destination port until enough time has passed to ensure that any segments that have been misrouted or delayed will not be delivered unexpectedly.