Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate.

Published byIsabella Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate."— Presentation transcript:

1 The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate and terminate a stream transfer –Format of the data and acknowledgments that two computers exchange to achieve a reliable transfer –Procedures the computers use to ensure that the data arrives correctly

2 Establishing a TCP Connection The 3-way handshake –Guarantee that both sides are ready for connection –Allows both sides to agree on initial sequence numbers Receive SYN Site 1NetworkSite 2 Send SYN seq=x Send SYN seq=y, ACK x+1 Send ACK y+1 Receive SYN&ACK Receive ACK

3 SYN Flood After the second message has been sent but before the third message has been received the connection is “half opened” –Most hosts store these half-opened connections in a fixed-size table while they await the third message –Half-opened connections are timed out after after half a minute or so

4 SYN Flood (cont) Attacker attempts to: –Fill up the half-opened connection table Attacker sends the victim machine a large number of SYN segments with spoofed source addresses (to nonexistent or unreachable hosts) Produces a large number of half-opened connections at the victim’s machine that will never become fully open The half-opened connection table fills and no new connections can be accepted until space is available –Keep it full Continue sending SYN segments to replace half-open connections as they time out Result: the victim host cannot accept any other, legitimate attempts to open a connection

5 Land Attack tool exploits a vulnerability in certain TCP implementations Attacker creates an invalid TCP SYN segment: –Spoofed source address is identical to the destination address –Source port is identical to the destination port Causes some TCP implementations to freeze or crash Fixed with software patches

6 Tribe Flood Network (TFN) Distributed denial of service attack tool –Newer versions have been developed (TFN2K, TFN3K, Stacheldraht) –Used in February, 2000 to attack several major e-commerce sites on the Web Similar to trinoo: –Daemon programs: listen for and execute commands from a master –Master programs Control a number of daemons Communicate with an attacker and pass his/her commands on to daemons

7 TFN (cont) “Improvements” over trinoo: –Random protocol (TCP, UDP, or ICMP) for communication between master and daemons –Can send out “decoy” packets to random IP addresses to obscure the true target of the attack –Daemons spoof the source IP address in the attack packets they send –Daemons can attack multiple targets –Wider variety of attacks

8 TFN (cont) Daemon attack strategies: –UDP flood (like with trinoo) –TCP SYN flood –ICMP ping flood –ICMP directed broadcast flood (smurf) –All of the above

9 Attacks Against Initial Sequence Numbers Recall: the 3-way handshake allows two communicating parties to agree on Initial Sequence Numbers (ISNs) What if the ISN can be guessed by a third-party?

10 Attacks Against ISNs (cont) If the ISN of an existing or future TCP connection can be determined an attacker may be able to: –Complete a 3-way handshake using a spoofed source IP address –Close an ongoing connection –Hijack an ongoing connection

11 Scans and Probes Attackers typically engage in a variety of reconnaissance activities before attacking: –To identify important/interesting hosts –To identify potential vulnerabilities that could be exploited A port scanner is a program that tries to determine which ports have programs listening on them Example: –Attempts to open a TCP connection to each port in order –If a connection is made then immediately close it and record the fact that the port is open –If the connection fails then the port is closed

12 Port Scanning (cont) Using fully-open connections to scan is likely to draw a lot of attention to the scan –Most hosts log: Each attempt to connect to a closed port Each time a newly-opened connection is closed with little or no data having been sent Clandestine scanning methods: –SYN scan: A SYN segment is sent to each port and any port that responds with a SYN+ACK segment is opened Instead of completing the handshake, a RST (reset) segment is sent to close the connection before it is fully opened Some hosts do not log half-opened connections

13 Closing a TCP Connection Applications should close a connection when they have no more data to transmit Connection can be closed in either one or both directions –Site 1 finishes transmitting data and waits for ACK from site 2 –Site 1 transmits a segment with the FIN bit set –Site 2 acknowledges the FIN segment –Site 2 notifies the application that no more data is coming –Data can still be transmitted from site 2 to site 1 –Site 1 will still receive and acknowledge data from site 2 –Eventually, site 2 will finish transmitting and close its connection –Both endpoints delete record of the connection

14 Closing a TCP Connection (cont) Site 1NetworkSite 2 Send FIN seq=x Receive FIN Send ACK x+1 Receive FIN&ACK Receive ACK Send FIN seq=y, ACK x+1 Send ACK y+1 Receive ACK (app closes connection) (inform application) (app closes connection)

15 TCP Connection Reset Applications normally close connections Sometimes abnormal conditions arise that break a connection Broken connections can be reset: –Site 1 sends a segment with the RST bit set –Site 2 receives segment and aborts the connection –Transfers in both directions cease immediately –Resources for the connection are released –Applications programs are informed

16 Forcing Data Delivery TCP divides the stream of octets into segments for transmission This improves efficiency since octets can be buffered until a good-sized segment can be sent TCP provides a push operation for applications that want to force delivery of octets –Set PSH bit –Send segment

17 Reserved TCP Port Numbers Like UDP: –Static port bindings for commonly used services Ports 0-1024 are reserved –Dynamic port bindings Port numbers over 1024 Port numbers for services accessible by both UDP and TCP usually match –ECHO (7) –TIME (37)

18 Reserved TCP Port Numbers

19 TCP Performance Silly Window Syndrome –Sender generates data quickly –Receiver reads incoming data one octet at a time SenderReceiver

20 TCP Performance (cont) Silly Window Syndrome –Each ACK advertises a small amount of space –Each segment carries a small amount of data Problems: –Poor use of network bandwidth –Unnecessary computational overhead

21 TCP Performance (cont) Avoiding Silly Window Syndrome –Use heuristics at sender to avoid transmitting a small amount of data in each segment –Use heuristics at receiver to avoid sending small window advisements Receive-side silly window avoidance –Monitor receive window size –Delay advertising an increase until a “significant” increase is possible “Significant” = min(half the window, maximum segment size)

22 Receive-Side Silly Window Avoidance Example Receive 6 octets, send ACK 7 with window advisement of 0 Application reads one octet Send window advisement of 3, receive 3 octets

23 Receive-Side Silly Window Avoidance Two approaches: –Receiver can ACK received octets but does not advertise an increase in its window until the increase is significant –Receiver can not send ACKs when the window is not large enough to advertise Advantages/disadvantages?

24 Send-Side Silly Window Avoidance Goal: avoid sending small segments Application can generate data in small blocks TCP must collect data sent by application into a single large segment (clump) for transmission TCP must delay sending a segment until it contains a reasonable amount of data How long should TCP wait before transmitting data?

25 Send-Side Silly Window Avoidance (cont) The Nagle Algorithm: –Application generates data to be sent over a connection that has already transmitted some data If all previous transmissions have been acknowledged send the data immediately If any ACKs are still pending do not transmit until: –Maximum segment size is reached, or –An ACK arrives Self-clocking - does not compute delays Applies even if the application requests a push

26 TCP Summary Provides reliable stream delivery service –Full duplex –Out-of-band for urgent data Makes efficient use of the network –Piggybacking –Sliding windows Efficiency End-to-end flow control –Acknowledgment and retransmission –Congestion recovery/avoidance

Download ppt "The Transmission Control Protocol (TCP) TCP is a protocol that specifies: –How to distinguish among multiple destinations on a given machine –How to initiate."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Computer Security and Penetration Testing

Computer Security and Penetration Testing
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
Guide to TCP/IP, Third Edition

Guide to TCP/IP, Third Edition
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.

1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.
BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.

BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.
Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.

Transport Layer – TCP (Part1) Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:521-545.

Copyright 1999, S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 32 Transmission Control Protocol (TCP) Ref: Tanenbaum pp:
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Transport Layer.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Transport Layer.

Similar presentations

Ads by Google