1. UDP & TCP Where would we be without them!

2. UDP User Datagram Protocol

3. UDP (1 of 5)  How does it work? Connectionless Provides only checksum Provides delivery to port number No detection of lost packets

4. UDP (2 of 5)  Why use it? Designed for apps that do not need to put sequences of packets together. Speed  No acknowledgments are required Multicast applications? Definitely!

5. UDP (3 of 5)  Source Port (2 Bytes) UDP port used by the sender Defines that application that is sending the packet May be all zeros (very rare)  Destination Port (2 Bytes) Defines the destination application to receive the packet

6. UDP (4 of 5)  Header Length (2 Bytes) Defines the length of the packet from the UDP header to the end of UDP data  Checksum (2 Bytes) Different from other headers Performed on contents of UDP header, less the checksum field itself, the data and a pseudo- header derived from the IP header. Pseudo-header is derived from the IP Source address, destination address, protocol, and UDP length fields.

7. UDP (5 of 5)  Data (variable length) Contains the payload of the packet E.g. DHCP

9. TCP Transmission Control Protocol

10. TCP Header

11. TCP  What is it? Designed to address several issues not addressed by IP.  Packets arriving out of sequence  Packets not arriving at all  Recipient not acknowledging receipt  Excessive traffic flow Packets arrive too fast for recipient to process  Packets too large for recipient

12. TCP  What is it? (cont.) Addresses these issues  Ensures packets reach their destination  Retransmitting lost packets  Tracks packet sequence numbers for reassembly in right order  Manages traffic flow via a windowing process

13. TCP  How does it work? Ensures reliable communication between sender and recipient Establishes this via a Three-Way- Handshake process Via the TWH, negotiates a “socket” The socket remains open for duration of communication

14. TCP  Sockets are paired into sender and receiver sockets IP address of sender Port number of sender IP address of receiver Port number of receiver  Allows multiple connections between two systems by changing the above combinations

15. TCP 3 Way Handshake

16. TCP  Reliability TCP uses Sequencing to ensure that a datagram hasn’t gotten lost If the receiver determines something is wrong, it will notify the sender to resend the missing packet(s) The acknowledgement field assists by informing the sender what the next sequence number is expected to be  It is always one greater than the most recently received data byte.

17. TCP Sequencing example  Sequence number of last packet 100  Data offset (in Bytes) 256  Therefore 100 + 256 + 1 = 357  Next expected sequence number 357

18. TCP TCP Sequencing with no errors

19. TCP TCP Sequencing with errors

20. TCP Flow Control  Flow control Sliding window  Amount of data sent to a host before expecting to get an ack.  Negotiated by the two systems during the 3-way handshake.  Primary reason is for congestion control.  Window size can be reduced to alleviate congestion

21. TCP Windowing

22. TCP End Communication

23. TCP Vulnerabilities  3-Way handshake Server will wait for a while after sending the SYN/ACK. Server will send another SYN/ACK Repeated 5-6 times. Each time, server waits twice as long to give client a better chance to connect. If server tries 6 times and starts with a 3 second delay, total wait time could be 189 seconds!

24. TCP Vulnerabilities  Denial of service SYN Flood  Attacking system sends SYN packets to server with invalid return address.  Server will try sending a SYN/ACK to the non-existent address.  End result is that the socket the attacker sent the SYN to is blocked temporarily.  1000’s of SYNs are sent, blocking all available sockets on the server.

25. TCP Vulnerabilities  Denial of service (cont.) SYN Flood  Many attempts have been made to stop this attack.  E.g. Sending RST to suspicious SYN packets Failed to stop attack due to volume of SYN packets.

26. TCP