Fall 2008CSCI 690 CSCI-690 C omputer Networks: Shrinking the globe one click at a time Lecture 3 Khurram Kazi

Fall 2008 CSCI Major sources of the slides for this lecture  Slides from Tanenbaum’s and William Stallings’ website are used in this lecture  Interworking with TCP/IP, M , Global knowledge, training manual, (  Teach yourself TCP/IP in 24 hours, Joe Casad, Bob Willsey, SAMS  The Internet and Its Protocol, Adrian Farrel’s book.

Fall 2008 CSCI Topics for the next few weeks  For the next few weeks we will concentrate on:  Protocols  IP  TCP / UDP  IP Addressing  Go through an example of the Life of a Packet in a Network  In the process we will develop a functional model of a ROUTER.

Fall 2008 CSCI Reference Network: For discussion purposes

Fall 2008 CSCI Source of IP Traffic  Application Traffic type could be  FTP (file transfer)  Instant messaging  Secure or non-secure web access  Streaming video  Document sharing (similar to net meeting)  Database access (across the street or across the continent)  Voice over IP  It all boils down to what protocols are used

Fall 2008 CSCI Summarizing Features of the Protocol Functions  have a small set of functions that form basis of all protocols  Encapsulation (e.g. IP packets encapsulated in Ethernet frames)  fragmentation and reassembly (e.g. fragmentation of a file during an FTP and reassembly of it at the destination)  connection control (e.g. during TCP session)  ordered delivery  flow control  error control  addressing  multiplexing  transmission services

Fall 2008 CSCI PDUs (Protocol Data Units) and Fragmentation Example: Fragmentation seen during file transfer using FTP This can be an IP Packet This can be a TCP component of the Packet

Fall 2008 CSCI Demonstrate file transfer using FTP while capturing the data by Wireshark Starting from the traffic source

Fall 2008 CSCI Fragmentation and Reassembly  Protocol exchanges data between two entities  Lower-level protocols may need to break data up into smaller blocks, called fragmentation  For various reasons  Network only accepts blocks of a certain size  More efficient error control & smaller retransmission units  Fairer access to shared facilities  Smaller buffers  Disadvantages  Smaller buffers  More interrupts & processing time

Fall 2008 CSCI Starting the protocol stack analysis with The IP Protocol (RFC 791) h ttp:// The IPv4 (Internet Protocol) header.

Fall 2008 CSCI IP Header Fields continued  Version (4 bits)  (whether the format is of type)  currently IP v4  IP v6  Internet Header Length (IHL) (4 bits)  Is the length of header in 32 bit words,  Points to the beginning of the data (payload)  including options  Minimum value for a correct header is 5

Fall 2008 CSCI IP Header Fields continued Type of Service (8 bits) (see RFC 791 for details)  Is an indication of the abstract parameters of the Quality of Service (QoS) desired. These parameters are to be used to guide the selection of the actual service parameters when transmitting a datagram through a particular network. Several networks offer service precedence, which somehow treats high precedence traffic as more important than other traffic (generally by accepting only traffic above a certain precedence at time of high load). The major choice is a three way tradeoff between low-delay, high-reliability, and high-throughput. Bits 0-2: Precedence: Primarily used within a particular network Network Control Internetwork Control CRITIC/ECP Flash Override Flash Immediate Priority Routine

Fall 2008 CSCI IP Header Fields continued Type of Service (8 bits) (see RFC 791 for details)  Is an indication of the abstract parameters of the Quality of Service (QoS) desired. These parameters are to be used to guide the selection of the actual service parameters when transmitting a datagram through a particular network. Several networks offer service precedence, which somehow treats high precedence traffic as more important than other traffic (generally by accepting only traffic above a certain precedence at time of high load). The major choice is a three way tradeoff between low-delay, high-reliability, and high-throughput. Bit 3: 0 = Normal Delay, 1 = Low Delay. Bits 4: 0 = Normal Throughput, 1 = High Throughput. Bits 5: 0 = Normal Reliability, 1 = High Reliability. Bit 6 1 = minimize monetary cost [defined in RFC 1349] Bit 7: Reserved for Future Use. Only one of the bits [6:3] can be set to a 1

Fall 2008 CSCI IP Header Fields continued  Total Length (16 bits)  Total Length is the length of the datagram, measured in octets, including internet header and data. This field allows the length of a datagram to be up to 65,535 octets. Such length of a datagram are impractical for most hosts and networks. Since there is no “end of datagram” character/indicator, network hosts use the datagram length to figure out when the datagram ends and other network data begins. Q. Can an IP datagram be as large as 65,535 octets when the data is transmitted over Ethernet (in LAN applications)?

Fall 2008 CSCI IP Header Fields continued  Identification (16 bits)  An identifying value assigned by the sender to aid in assembling the fragments of a datagram. It is assigned by the originating host. At the source, there is one-to-one relation between datagrams and datagram identifier. As these datagrams traverse the network, they could be split. Hence this field is used by the receiving host to reassemble the original datagram.

Fall 2008 CSCI IP Header Fields continued  Flags (3 bits) Bit 0: reserved, must be zero Bit 1: (DF) 0 = May Fragment, 1 = Don't Fragment. Bit 2: (MF) 0 = Last Fragment, 1 = More Fragments.  If the datagram cannot be routed without being fragmented, the router will throw it away and send an error message back to the originating host.  When MF=1, it means that the datagram is one of the two or more fragments, but not the last one of the fragments. Receiving hosts use this flag along with the fragment offset to reassemble the fragmented datagrams.

Fall 2008 CSCI IP Header Fields continued  Fragment Offset (13 bits)  This field specifies how many units from the start of the original datagram the current datagram is. In other words, the first fragment datagram would have a value of 0 for the offset; if the second datagram starts 100 units from the beginning of the original datagram, the offset would be 100. the unit size is eight bytes (instead of one byte) since the field is only 13 bits wide.

Fall 2008 CSCI IP Header Fields continued  Time to Live (8 bits)  This field indicated how long the datagram should be allowed to exist after entering the internetwork, measuring in seconds (maximum TTL is 255). Presently as datagrams traverse a router, this number is decremented by one.  This informally represents the maximum number of hops that a datagram can make before being discarded.

Fall 2008 CSCI IP Header Fields continued  Protocol (8 bits)  This field identifies the next higher layer protocol of the data being carried in the datagram. 01 hexICMP 06 hexTCP 11 hexUDP the different protocols and their identifier numbers

Fall 2008 CSCI IP Header Fields continued  Header Checksum (16 bits)  This field provides error checking on the IP header only, and does not cover the data that is carried at the end of the header. If the header is extended using the options field, then the checksum includes the extended header field too.  If the target IP-addressed interface receives a datagram with a failed checksum, the entire datagram is silently discarded.

Fall 2008 CSCI IP Header Fields continued  Source IP Address (32 bits)  The sender’s interface’s 32-bit Internet address is identified in four bytes/octets.  e.g.  C0 99 B8 01Four pair of Hex characters   Find the decimal equivalent of the following IP address represented in Hex  0F  ??

Fall 2008 CSCI IP Header Fields continued  Destination IP Address (32 bits)  The target’s host’s 32-bit Internet address is identified in four bytes/octets.  e.g.  C0 99 B8 03Four pair of Hex characters 

Fall 2008 CSCI Connectionless Transport with User Datagram Protocol (UDP)  Connectionless protocols have the ability to transmit messages without first establishing a circuit.  The network does not need to do anything except transmit packets to the destination  All error checking and flow control is handled by the sending and receiving applications

Fall 2008 CSCI Advantages and disadvantages of UDP  Speed  UDP offers speed as it carries short messages between hosts on the same network  Can be used in events where a single packet of data needs to be exchanged between hosts  Reliability  In UDP the data is transmitted “blindly” as opposed to sending the data and waiting for an acknowledgement. This may result in data loss  Only application layer deals with error recovery  Applications can simply turn to the user to send the message again!  Optional checksum

Fall 2008 CSCI UDP Header

Fall 2008 CSCI UDP Header  The process layer uses TCP or UDP to pass information to the internetwork layer. It is necessary to identify the client or server tasks uniquely so that the information is passed to the proper service or user task. The identification used in the TCP/IP protocol is called the “ Port Number ”.  UDP and TCP identify server tasks by using a port number that is consistent and well known. To access a service such as DNS (Domain Name Server), the software knows that DNS is waiting for sessions to be established at port 53.  Client tasks are identified by using port numbers that are variable and temporary, called random port numbers. The client random port numbers exist during the communication process and are discarded when the communication process is complete.

Fall 2008 CSCI UDP Headers

Fall 2008 CSCI UDP Headers The term sockets refers to both an API (application program interface) between host systems and the TCP/IP applications, and a pairing of the IP address and the port number being used. It is also considered the complete network address of an end of the UDP session. In the language of UDP, the sockets in the figure are ,53 and ,8193 This indicates the client is asking for DNS service

Fall 2008 CSCI Connection Oriented protocol

Fall 2008 CSCI Connection Oriented Protocol  A connection oriented protocol establishes and maintains a connection between communicating computers and monitors the state of that connection over the course of transmission. Each package of data sent across the network receives an acknowledgement, and the sending machine records status information to ensure each package is received without errors. At the end of the transmission, the sending and receiving computers gracefully close the connection.  This method is used by reliable transport services  TCP is connection oriented protocol. [RFC 793]

Fall 2008 CSCI Features of TCP [RFC 793]: Stream Oriented Processing  TCP processes data in a bytes stream. TCP formats the data into variable length segments which it will pass to the IP Layer.  In general, the TCPs decide when to block and forward data at their own convenience. Sometimes users need to be sure that all the data they have submitted to the TCP has been transmitted. For this purpose a push function is defined.  To assure that data submitted to a TCP is actually transmitted the sending user indicates that it should be pushed through to the receiving user. A push causes the TCPs to promptly forward and deliver data up to that point to the receiver. The exact push point might not be visible to the receiving user and the push function does not supply a record boundary marker.

Fall 2008 CSCI Features of TCP: Reliability/Re-sequencing  The TCP must recover from data that is damaged, lost, duplicated, or delivered out of order by the internet communication system. This is achieved by assigning a sequence number to each octet transmitted, and requiring a positive acknowledgment (ACK) from the receiving TCP.  If the ACK is not received within a timeout interval, the data is retransmitted. At the receiver, the sequence numbers are used to correctly order segments that may be received out of order and to eliminate duplicates.  Damage is handled by adding a checksum to each segment transmitted, checking it at the receiver, and discarding damaged segments.

Fall 2008 CSCI Features of TCP: Flow Control  TCP flow control feature ensures that the data transmission will not overflow or underflow the destination machine’s capability to receive data. This is a very critical feature as different machines may have different processor speeds and buffer sizes.  TCP provides a means for the receiver to govern the amount of data sent by the sender. This is achieved by returning a "window" with every ACK indicating a range of acceptable sequence numbers beyond the last segment successfully received. The window indicates an allowed number of octets that the sender may transmit before receiving further permission.

Fall 2008 CSCI Features of TCP: Multiplexing  To allow for many processes within a single Host to use TCP communication facilities simultaneously, the TCP provides a set of addresses or ports within each host. Concatenated with the network and host addresses from the internet communication layer, this forms a socket. A pair of sockets uniquely identifies each connection. That is, a socket may be simultaneously used in multiple connections.  The binding of ports to processes is handled independently by each Host. However, it proves useful to attach frequently used processes (e.g., a "logger" or timesharing service) to fixed sockets which are made known to the public. These services can then be accessed through the known addresses. Establishing and learning the port addresses of other processes may involve more dynamic mechanisms.

Fall 2008 CSCI Features of TCP: Connections  The reliability and flow control mechanisms described above require that TCPs initialize and maintain certain status information for each data stream. The combination of this information, including sockets, sequence numbers, and window sizes, is called a connection. Each connection is uniquely specified by a pair of sockets identifying its two sides.  When two processes wish to communicate, their TCP's must first establish a connection (initialize the status information on each side). When their communication is complete, the connection is terminated or closed to free the resources for other uses.  Since connections must be established between unreliable hosts and over the unreliable internet communication system, a handshake mechanism with clock-based sequence numbers is used to avoid erroneous initialization of connections.  Graceful termination: The graceful termination feature ensures that all segments have been sent and received before a connection is closed.

Fall 2008 CSCI Features of TCP: Connections; in a nutshell  A connection is established between {source IP address, source port} and {destination IP address, destination port}.  Connection ensures that applications are present at both sender and receiver and negotiates capabilities for use on the connection.

Fall 2008 CSCI The TCP Segment Header

Fall 2008 CSCI TCP Headers explained  Source port: (16 bits) – The port number assigned to the application on the source machine  Destination port: (16 bits) – The port number assigned to the application on the destination machine

Fall 2008 CSCI TCP Headers explained  Sequence Number: (32 bits) – The number of the first byte in this particular segment, unless SYN flag is set to one. If SYN Flag is set to a 1, the sequence number field provides the Initial Sequence Number (ISN), which is used to synchronize sequence numbers.  Sequence number DOES NOT represent how many bytes of user data may be in that segment  # of bytes of user data = IP total length – (IP + TCP Header bytes)

Fall 2008 CSCI TCP Headers explained  Sequence Number: The sequence number are chosen arbitrarily, rather than always starting at some standard number (e.g. 1). This to avoid confusing the system when a host unexpectedly is turned off (or crashes). If the system came back up soon enough after having started a TCP connection and attempted to reopen that connection, the remote would not be able to determine if the data being sent was a duplicate copy of the data it already received.

Fall 2008 CSCI TCP Headers explained  Acknowledgement Number: (32 bits) -- This number acknowledges a received segment. The value is the next sequence number the receiving computer is expecting to receive; in other words, the sequence number of the last byte received + 1.  For example from the sender if the seq. # was 12, then the ack. Seq. # sent from the receiver to the sender will be 13 (which ).

Fall 2008 CSCI TCP Headers explained  TCP Header Length: (4 bits) – The field tells the length of the TCP header. It is expressed as an integer number of 32-bit words. For example a value of 5 will translate into 20 bytes.

Fall 2008 CSCI TCP Headers explained: Session Bits Flags  First two bits of the octet are reserved, i.e. not used.  URG – Urgent data: If this bit is set to a 1, some of the data in this segment must be processed before all other data. The data usually makes changes in the state of the session.  ACK – Valid Acknowledgement: When this bit is set to a 1, the data in the acknowledgement field is a valid number.  PSH – Push Request: When set to a 1, it tells the TCP software to push all the data sent so far through the pipeline to the receiving application.  RST – Reset Session: A value of 1 resets the connection.  SYN – When set to a 1, it announces that the sequence numbers will be synchronized, marking the beginning of a connection.  FIN – Final Data: A value of 1 signifies that the sending computer has no more data to transmit. This flag is used to close a connection.

Fall 2008 CSCI TCP Headers explained  Window Size: (16 bits) A parameter used for flow control. The window size defines the range of sequence numbers beyond the last acknowledged sequence number that the sending machine is free to transmit without further acknowledgement.  ng_window/demo.html  darmstadt.de/projects/iteach/itbeankit/Applets/Sli ding_Window/sliding_window.html#Selective%20Re peat

Fall 2008 CSCI TCP Headers explained  Checksum: The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header and text. If a segment contains an odd number of header and text octets to be checksummed, the last octet is padded on the right with zeros to form a 16 bit word for checksum purposes. The pad is not transmitted as part of the segment.  The checksum also covers a 96 bit pseudo header conceptually prefixed to the TCP header. This pseudo header contains the Source Address, the Destination Address, the Protocol, and TCP length. This gives the TCP protection against misrouted segments.

Fall 2008 CSCI Fields used in calculating Checksum including Pseudo Header # of bytes of user data = IP total length – (IP Header bytes)

Fall 2008 CSCI Fields used in calculating Checksum including Pseudo Header (for UDP)

Fall 2008 CSCI Example of Checksum Calculation FFFF = = 73065; In Hex 9D = 11D – = 7530; In Hex remove the MSB and add 1 to 1D69 = 1D = 1D6A

Fall 2008 CSCI TCP Headers explained  Urgent Pointer: (16 bits) An offset pointer pointing to the sequence number that marks the beginning of any urgent information. Typically it is 0000 Hex.  When the target device is congested or has other data throughput problems, it clears the correct amount of buffer space to receive and process the urgent message.

Fall 2008 CSCI Connection Establishment  TCP connections are established and maintained on demand from applications and are kept active (barring network failure) until the applications explicitly release them  In order for the TCP connection to be established, the receiver must be listening– (similar to when a phone call is made the other party has to be present to answer it)  The application goes into listen mode

Fall 2008 CSCI Connection Establishment

Fall 2008 CSCI TCP stack is configured to deliver data in 2000-byte block. Transmission and acknowledgement of data on a TCP connection