Post on 05-Apr-2018
8/2/2019 Acit Final
1/36
ADVANCED COMPUTER INVESTIGATION TOPIC
ADVANCED COMPUTER INVESTIGATION TOPIC
(CEOO298-M)
SUBMITTED BY : GOGUMALLA PRASHANTH MOHAN
REGISTRATION NO : GV006352
AWARD : M.SC COMPUTER SCIENCE
SUBMITTED TO : STELLA MILLS
1 | P a g e
8/2/2019 Acit Final
2/36
ADVANCED COMPUTER INVESTIGATION TOPIC
S.NO INDEX PG NO
1. ABSTRACT...........................................................................................................3
2. INTRODUCTION TO INTERNET.......................................................................3
2.1.WHO RUNS INTERNET....................................................................................4
2.2.HOW TO ACCESS INTERNET.........................................................................5
3. INTRODUCTION TO COMPUTER NETWORKS .............................................7
4. TYPES OF INTERNET CONNECTIONS.............................................................84.1.CLIENT-SERVER MODEL.................................................................................8
4.2.TYPES OF SERVER PROCESSES......................................................................9
4.3.BENEFITS.............................................................................................................9
4.4.PITFALLS..............................................................................................................9
5. CONNECTION-ORIENTED, CONNECTION-LESS MODE PROTOCOLS.......9
5.1.CONNECTION-ORIENTED OPERATIONS.......................................................10
5.2.CONNECTION-LESS OPERATIONS..................................................................10
6. TYPES OF PROTOCOLS........................................................................................11
7. OSI-REFERENCE MODEL....................................................................................12
7.1.ADVANTAGES.....................................................................................................13
7.2.DISADVANTAGES...............................................................................................13
7.3.COMPARISON OF OSI AND TCP/IP MODELS.................................................13
8. TCP/IP MODEL.........................................................................................................13
8.1.TRANSMISSION CONTROL PROTOCOL(TCP)................................................14
8.2.MAJO CHARACTERISTICS OF TCP...................................................................15
9. INTERNET PROTOCOL(IP)....................................................................................16
2 | P a g e
8/2/2019 Acit Final
3/36
ADVANCED COMPUTER INVESTIGATION TOPIC
9.1.LAYERING IN THE INTERNET PROTOCOL SUITE........................................18
10. USER DATAGRAM PROTOCOL(UDP)...........................................................18
10.1. 4-LAYER MODEL SHOWING UDP, TCP & IP...............................................1910.2. FORMAT OF UDP DATAGRAM20
11. TRANSMISSION CONTROL PROTOCOL AND USER DATAGRAM PROTOCOL
11.1. RELATIONSHIP OF TRANSPORT LAYER TO OTHER LAYERS....................23
11.2. COMPARISON OF PROTOCOL FEATURES FOR UDP AND TCP....................23
12.USING MULTIPLEXING TO SUPPORT SOCKETS2412.1. PASSIVE AND ACTIVE
OPEN..24
12.2. SEGMENTS25
12.3. TCP SEGMENT (PDU).25
13. CONCLUSION.......................................................................................................25
14. REFERENCE LIST.27
3 | P a g e
8/2/2019 Acit Final
4/36
ADVANCED COMPUTER INVESTIGATION TOPIC
A BRIEF INSIGHT OF INTERNET, CRITIQUE
ON NETWORKING MODELS & PROTOCOLS
1. ABSTRACT:
This paper gives a comprehensive review and evaluates the quality of services required for
networking. This paper briefly explains the growth and need of INTERNET and
NETWORKING. Research is mainly done on the working concepts, design structures,
architectures, data communication of both the networking models i.e. OSI model and TCP/IP
model. It brings out the pros and cons of both connection-oriented services and connection-less
services. Finally, this paper shows the deployment and working procedure of the protocols in
data transfer for a network.
2. INTRODUCTION TO INTERNET:
4 | P a g e
8/2/2019 Acit Final
5/36
ADVANCED COMPUTER INVESTIGATION TOPIC
The internet is a vast international network of networks that allows different computers
to communicate and share information, services mutually as if they belong to one global
computing system. The Internet is also known as the NET, largest computer network: The global
communication system that connects millions of computers through the TCP/IP protocol. The
Internet could represent the interconnectivity of hundreds of thousands of computers around the
world.
The seed of internet emerged out in 1957 from the U.S defense department as the fault
tolerant wide area computer networking paradigm, one that would survive a nuclear the most
potent and definitely the most uncontrollable force in the world (Comer, 2006).
Four American universities joined together to form the first distributed packing-
switching network by December 1969.during 1970s and the early years of 1980s, the Internet
Protocol (IP), a procedure that determines the packets address and appropriate rooting of data
over the network. ARPANET continued to grow and, By August 1983 there were 562
networking host computers. Other independent networks were also being created at the sametime. USENET (UNIX Users Group Network) started in 1979, and CSNET (Computer and
Science Network) and BITNET (Because Its Time) in 1981. Networks also began to spring up in
Europe, Including EARN (European Academic research network) and JANET (Joint Academic
Network).
The Internet is a three level hierarchy composed of backbone networks (For example
APRANET, NSANET, MILNET), mid level networks and sub networks. The sub net includes
among others, commercial (.COM, or .CO) university (.AC or .EDU), research networks
(.ORG, .NET) and military networks (.MIL).
2.1.WHO RUNS INTERNET:
5 | P a g e
8/2/2019 Acit Final
6/36
ADVANCED COMPUTER INVESTIGATION TOPIC
No one runs it or owns it. Internet can be imagined as working like mail. Internet works
by many entities such as universities, government agencies, Business and individuals, each
maintaining their own computer networks. These separate entities have agreements that allow
each other to send and receive information over each other networks to make this all work under
a body, called the internet society that sets international standards for the internet. However, a
voluntary members organization called Internet Society (ISOC) is then set up by vendors, users
and network provides to promote global information exchanging through Intranet technology. It
invites volunteers to the Internet Architecture Board, or the IAB to take up the technical
management and setting direction of the Internet (American University, 2002).
2.2.HOW TO ACCESS THE INTERNET:
To access the Internet, one needs a computer, a modem, an Internet Service Provider
(ISP) and communication software. Having a high powered computer is not necessary. However
some of the newest software may have certain minimum requirements. A modem of at least
14,000 bits per second (14.4) is best for accessing the Internet, and it is a minimum requirementfor accessing the web. This is because the web is a graphical environment. To view, graphics
requires more data to be transferred over ones modem, making the speed of the modem a crucial
element.
3. INTRODUCTION TO COMPUTER NETWORKS:
Growth in the field of science and technology led to a high level change in the 21 st
century with the need of information rising beyond expectations. Communication plays a vital
role and is increasing in importance with a steady pace with the human needs. Data collection,
data retrieval and data storing is very important. Computers a revolutionary device is mainly
used in this context. Communication between the computers is mainly done in three ways such
as
LAN- Local Area Network
6 | P a g e
8/2/2019 Acit Final
7/36
ADVANCED COMPUTER INVESTIGATION TOPIC
WAN- Wide Area Network
MAN- Metropolitan Area Network
In our day to day life, computer networking has pervaded from electronic mail services,
to automated teller machines, to e-reservation, to e-business, to e-commerce and have
revolutionised the use of computers. Major factors for the drastic growth in the field of computer
networking are:
Demand for networks has been fuelled by the proliferation of workstations and
computers during the early 80s.
Computer networks used to be expensive and were restricted to large
universities, government research sites and large co-operations. Establishing
computer network have been reduced vastly in terms of cost due to technology
and are mostly found in organisations of different magnitude.
Many computer manufacturers now package networking software as part of the basic operating
system (Tanenbaum, 2002).
These days networking software is packaged along with the basic operatingsystems by all the computer manufacturers.
In the era of information, computer networks are becoming an entire part in the
broadcasting and communication.
Earlier computer systems were separate entities with the required hardware peripheralsand software for doing a task. If a task is to be carried out such as line printing, a line printer is
required to connect the computer. This brought a change in the realisation that systems and its
users need information and resource sharing. This is achieved using electronic mail, file transfer
etc. exchanging magnetic tapes, decks of punched cards, and line printer listings were used in file
and information sharing. Today computer systems can be linked using various electronic
techniques called networks. A network is a simple connection between personal computers
connected together using a 1200 baud modem, or as complex as the TCP/IP Internet. Some of the
network applications are
7 | P a g e
8/2/2019 Acit Final
8/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Exchange files between systems. For many applications it is just as to distribute
the application electronically, instead of mailing diskettes or magnetic tapes. File
transfer across the network also provides faster delivery.
Share peripheral devices. Example, range from the sharing of line printers to
the sharing of magnetic tape drives. A large push towards the sharing of peripheral
devices has come from the personal computer and workstation marker, since often the
cost of a peripheral can exceed the cost of the computer. In an organisation with many
personal computers or workstations, sharing peripherals makes sense.
Execute a program on another computer. These are cases where some other
computer is better suited to run a particular program. For example, time-sharing or aworkstation with good program development tools might be the best system on which
to edit and debug a program. Another system, however, might be better equipped to
run the program. This is often with programs that require special features, such as
parallel processing or vast amounts of storage.
Remove login. If two systems are connected using a network, the users should
be able to login from one another. It is usually easier to connect computers using a
network, and provides a remote login application, than to connect every terminal in an
organisation to every computer.
Electronic-commerce. The new developments in the field of computer
networks enable us to perform commercial transactions (like bank transactions)
electronically.
Multimedia and networking have made home-shopping possible. An
atmosphere similar to the one in the mall is simulated, a connection to the mall is
established and the customer can shop as though he/she is in the mall even though at
home (Tanenbaum, 2002).
4. TYPES OF INTERNET CONNECTIONS:
8 | P a g e
8/2/2019 Acit Final
9/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Depending on how to link to the Internet, there are a number of choices for the
physical connection to the Internet. These physical connections vary in capacity from the low
28.8 KBPS modem to the 45 MBPS T3 line. To run a web site on your computer you need,
bandwidths between 56 KBPS and 1.544 MBPS (T1 LINE).
Listed here are some physical connection options:
Dial-up modem
ISDN
B-ISDN
DSL
Cable internet connections
Wireless internet connections
T-1 lines
T-3 lines
Satellite (Webopedia.com, 2009).
5. CLIENT-SERVER MODEL:
Client-server model is a basic and standard model used for network applications. A
client is a process that requests information and the server is a process waiting to get connected
and communicate with it. The client server scenario is as follows,
A host system initiates the server process that initiates itself, waits for a request
from the client process and goes to sleep until pinged.
The client process is user initiated on a different host system by a command to
the time-sharing system with a network connection between them. A server provides
various kinds of services to the client such as
9 | P a g e
8/2/2019 Acit Final
10/36
ADVANCED COMPUTER INVESTIGATION TOPIC
11 Returning the time and day
11 File printing on the printer
11 File read/write on the servers system
11Login access to the servers system
11 Execute a command for the client on the servers system.
The server system immediately goes to sleep, waits for a request from a client
after providing the desired service to the client system.
5.1. TYPES OF SERVER PROCESSES:
Iterative servers- servers that handle a clients request itself when the request
can be handled in a short period of time.
Concurrent servers- servers that typically handle the clients request in a
concurrent approach when the time to service entirely depends on the request itself. Aconcurrent server appeals and allows other processes to handle the clients request in
order to get back to sleep, waiting for the next request. Client requests that deal mostly
with file information such as printing, read/write are concurrently handled by the server
because the amount of the time taken to service is proportionate to the file size and
type.
5.2. BENEFITS OF CLIENT/SERVER:
In a client-server model, it is an added advantage if the client and server run on different
computers. It is always preferred to use computers with high performance processors, highmemory and disk space to run the server. This helps the server to store huge amounts of data and
10 | P a g e
8/2/2019 Acit Final
11/36
ADVANCED COMPUTER INVESTIGATION TOPIC
handle different client requests simultaneously. In contrary, it is always preferred to use a
computer with low processor speed, a graphic card, minimal memory and disk space for running
the client application.
The client-server model adapts and reacts aptly for all changes in the hardware and software.
Such as, if a computer delivering high performance and service at almost half the price then the
system disconnects the old server and automatically connects with the new server.
Every functional component in the system is specialized to carry out a specific task in different
style.
5.3. PITFALLS OF CLIENT/SERVER:
Reliability of a client/server system, management of hardware and software components
is comparatively low than compared with a centrally managed homogeneous system. Cost savingrely on choosing the appropriate application for running the model.
11 CONNECTION-ORIENTED AND CONNECTIONLESS-MODE PROTOCOLS:
Internet uses two types of communication protocols namely connection-oriented
operations and connection-less operations. Their key characteristics and features are as follows
6.1. CONNECTION-ORIENTED OPERATIONS:
11 | P a g e
8/2/2019 Acit Final
12/36
ADVANCED COMPUTER INVESTIGATION TOPIC
In creating an end-to-end connection, devices perform handshaking process. It does not
work in uni-directional environment and works only in bi-directional environments. This process
can be as easy as synchronization in TCP or can be as intricate as communicating parameters
with a modem. Both devices must be able to convey a connection. This operates mainly in three
phases i.e. connection setup, data transfer and connection release. While the first phase deals
with establishing a connection and conveys the parameters defining the connection. In the second
phase, messages exchanges under advocacy of the connection. In the last phase, it terminates the
connection as it is no longer needed.
6.2. CONNECTIONLESS-MODE OPERATIONS:
In creating an end-to-end data transmission between the host and the network, logical
connection is not established. This type of operations user uses PDUs for transmitting data as
separate entities. There is no association between consecutive data transfers, and some records
are stored on the progress of user-to-user connections process over the network. In the operation
of data transfer, options are not negotiated and the created tables are managed. The QOS features
must be predetermined, and the interacted entities should have a brief agreement before. For each
PDU transmitted QOS is provided, and every single PDU comprises of fields that recognize
types and levels of service.
Each PDU is handled as a different entity, so a connectionless network is more strong than
connection-oriented. To avoid congestion at a point in the network, data units follow different
circuitous path.
11 TYPES OF PROTOCOLS:
12 | P a g e
8/2/2019 Acit Final
13/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Listed below are some of the protocols used in networking and in the OSI as well as the TCP/IP
models. They are,
HTTP- Hyper Text Transfer Protocol
POP3- Post Office Protocol
SMTP- Simple Mail Transfer Protocol
FTP- File Transfer protocol
IP- Internet Protocol
DHCP- Dynamic Host Configuration Protocol
IMAP- Internet Message Access Protocol
ARCNET
TELNET
FDDI
UDP
X.25
TFTP
SNMP
PPTP and so on (Networktutorials.info, 2007).
11 OSI-REFERENCE MODEL:
13 | P a g e
8/2/2019 Acit Final
14/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Fig: architecture of OSI model
http://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/mhl/archi.html
The OSI reference model is the basic conceptual model used for stacking the protocols
(networking). It is termed as open system interconnection model also reffered as 7-layer OSI
model. This model provides a level of abstraction. It is a seven layered model with different
protocols stacked in each layer. The above figure shows the layering of protocols and its
working. The specifications of each layer is discussed below,
Application layer: it is the top most layer of the model that defines the applications
procedure of interaction with the network, electronic mail, database and terminal
emulation program. A set of interfaces are provided for application to gain access to all
networks available. Ex: HTTP- Hyper Text Transfer Protocol.
Presentation layer: this layer is used only for transmission, data manipulation, data
encapsulation, data encryption. The data formation, presentation, encoding is defined by
this layer.
14 | P a g e
http://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/mhl/archi.htmlhttp://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/mhl/archi.html8/2/2019 Acit Final
15/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Session layer: this layer is used for creating a session, data transmission and later ends
the session when the work is finished. As long the data is to be passed from presentation
layer, it will be active, communicating with the upper layer and performs a steady
session.
Transport layer: this layer defines the protocols for building messages and checking the
transmission validity with the help of checksums. It helps the data stream to resize itself
in order to pass through the packet.
Network layer: this layer defines the protocols for data routing and to check whether the
data has arrived at the desired destination or not.
Data link layer: this layer is used for synchronizing and controlling the data flow. Data
is packaged into special streams from bits to cells with special variations on checksums.
Physical layer: this layer is used to communicate the transmission medium and hardware
interface (Sheppard, 2005).
8.1. ADVANTAGES:
It is a model legally recognized and standardized by the ISO. It works both in connectionless and
connection-oriented services. All the protocols are well safe and are hidden and is flexible to
change when the technology changes.
8.2. DISADVANTAGES:
15 | P a g e
8/2/2019 Acit Final
16/36
ADVANCED COMPUTER INVESTIGATION TOPIC
More complex and is high in cost.
Not widely used for networking like that of TCP/IP model.
Basing on all the factors, a new model for networking is developed that overcomes all the
drawbacks of the OSI model with more effectiveness, robust, better performance and low in cost.
This model is termed as TCP/IP model.
8.3. COMPARISON OF OSI MODEL AND TCP/IP MODEL:
11 TCP/IP MODEL:
16 | P a g e
8/2/2019 Acit Final
17/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Transmission Control Protocol/Internet Protocol is a standard network communication protocol
used to connect computer systems across the Internet. This model is an enhanced version with
almost all the features and working principles of the OSI model. Only difference is that TCP/IP
has only 4 layers (Comer, 2006).
9.1. TRANSMISSION CONTROL PROTOCOL (TCP):
TCP is a connection-oriented transport layer protocol that offers a full-duplex, reliable,data service. It is often called as TCP/IP protocol as it uses internet protocol.
OOSI OSI OSI LAYERS
LAYE 5-7
17 | P a g e
USERPROCE
USERPROCE
Application
(HTTP, ftp, telnet,.)
Transport
(TCP/IP, UDP)
Network
(IP)
Link
8/2/2019 Acit Final
18/36
ADVANCED COMPUTER INVESTIGATION TOPIC
OSI LAYER
4
18 | P a g e
TCP TCP
ICMP IP ARP RARP
Hardware
Interface
8/2/2019 Acit Final
19/36
ADVANCED COMPUTER INVESTIGATION TOPIC
9.2. MAJOR CHARACTERISTICS OF TCP:
The following services are provided by TCP to the upper layers.
Connection-oriented data management
Reliable data transfer
Stream-oriented data transfer
Push functions
Re-Sequencing
Flow control(sliding window)
Multiplexing
Full-duplex transmission
Precedence and Security
Graceful close
TCP is a connection-oriented protocol. TCP maintains status and state information about each
user data stream flowing into and out of the TCP module. It is also responsible for end-to-end
transfer of data across one network or multiple networks to a receiving user application. TCP
ensures that data are transmitted and received between the two hosts by using the sequence
numbers and positive acknowledgments. A sequence number is assigned to each byte
transmitted. The receiving TCP module uses a checksum routine to check the data for damage
that might have occurred during transmission. If the data are acceptable, TCP returns a positive
acknowledgement (ACK) to the sending TCP module. If the data are damaged the receiving
TCP discards the data and uses a sequence number to inform the sending TCP about the problem.
TCP timers ensure that the lapse of time is not excessive before remedial measures are taken.
The upper layer protocol transmits data to TCP in a stream oriented fashion i.e. It sends
individual characters, not blocks, frames, or datagrams. The bytes are sent from the ULP on a
stream basis, byte-by-byte. When they arrive at the TCP layer, the bytes are grouped into TCP
segments. TCP allows the use of variable length segments because of its stream-oriented nature.
To preserve fixed block nature, action must be taken at the applicant level to delineate the blocks
within the TCP streams.
19 | P a g e
8/2/2019 Acit Final
20/36
ADVANCED COMPUTER INVESTIGATION TOPIC
TCP also checks for the duplicate data. In addition to using the sequence numbers for
acknowledgement, TCP uses them to re-sequence the segments if they arrive at the final
destination out of order. TCP uses an inclusive acknowledgement scheme that acknowledges
all bytes up to and including acknowledgement number minus one. Flow control of senders
data is also possible which is useful in preventing buffer overrun and possible saturation of the
receiving machine. TCP also has a facility for multiplexing multiple user sessions with in a
single host computer on to the ULPs. This is accomplished using simple naming conventions for
ports and sockets in the TCP and IP modules. Full-duplex transmission between two TCP
entities is provided. TCP also provides the user with the capability to specify levels of safety and
priority level for the link. TCP also provides a graceful close to the connection between the two
users.
Upper-layer user of a TCP in a host machine is recognized with a port number that should be
unique throughout the internet. A socket is created by linking the port value with the IP address.
A pair of sockets uniquely identifies each end-point connection. Such as:
Sending socket = source IP address + source PORT number
Receiving socket = destination IP address + destination PORT number
111 INTERNET PROTOCOL (IP):
IP is an internetworking protocol developed by the department of defense. IP is a data oriented
connectionless service protocol that enables flow of traffic among two host systems. Because
the IP is connectionless, loss of datagrams is possible between the two end users systems.
Internet protocol router can enforce a maximum queue length size and the buffer
20 | P a g e
8/2/2019 Acit Final
21/36
ADVANCED COMPUTER INVESTIGATION TOPIC
overflows if the queue length is disturbed. The remaining datagrams are later removed from the
network. Thus the higher layer protocol is neccesary to recover these drawbacks.
The sub-network is hidden from the end-user thus allowing it to create a virtual network used for
connecting an IP gateway to different networks. Due to robust and connectionless service, it is
easy to install. Most of the drawbacks are dealt by TCP, the next higher layer.
Some of the drawbacks of IP are as follows
As IP is unreliable, it provides no flow-control and reliability mechanisms.
Datagrams are volatile and can be lost, duplicated and may get altered in their arrival.
IP supports fragmentation operations. The term fragmentation refers to an operation wherein a
PDU is divided or segmented into smaller units. This feature can be quite useful because all
networks do not use the same size PDU. Without use of gragmentation, a router would be tasked
with trying to resolve incompatible PDU sizes between networks. IP solves the problem by
establishing the rules for fragmentation at the router and reassembly at the receiving host.
HOST A HOST B
21 | P a g e
UPPERLAYER
PROTOCOLS
(ULP)
!
!
IP OR CLNP
!
!
SNP-1
IP or CLP
SNP-1 SNP-2 SNP-n
UPPERLAYER
PROTOCOLS
(ULP)
!
!
IP OR CLNP
!
!
SNP-2
Network
1
Network
2
Network
3
ROUTING
TABLE
8/2/2019 Acit Final
22/36
ADVANCED COMPUTER INVESTIGATION TOPIC
IP/CLNP MODEL:
10.1. LAYERING IN THE INTERNET PROTOCOL SUITE:
A port number is assigned for TCP protocol to identify itself. It is used to
recognize which application process is yet to obtain the incoming traffic amid host computers.
Each application layer provides a multiplexing capability by enabling multiple programs to
correspond with one application program concurrently.
The port numbers identify these application entities. The concept is related to OSI models service
access point (SAP). In addition to the use of ports, TCP/IP based protocols use an abstract
identifier called a socket. The socket was derived from the network input output operations of
the 4.3 BSD UNIX system. It is quite similar to UNIX file access procedures in that it identifies
an endpoint communication process.
22 | P a g e
8/2/2019 Acit Final
23/36
ADVANCED COMPUTER INVESTIGATION TOPIC
In the Internet,some port numbers are preassigned. These are called as well known ports that are
used to identify widely used applications called well-known services. The well-known port
numbers occupy values ranging from 0 to 255. Organisations should not use the numbers within
these ranges because they are reserved.
111 USER DATAGRAM PROTOCOL (UDP):
UDP is used as an easy application interface to the Internet Protocol. Due to no reliability,
flow-control or error-recovery measures, it serves mainly as a port multiplexer/demultiplexer for
receiving and sending of application traffic and IP.
The UDP is classified as a connectionless protocol, although the operating system must maintain
information about each active UDP socket. A better description of UDP is that it is connection-
oriented, but does not employ the extensive state management operations normally used in
connection-oriented protocols. It is sometimes used as an alternative to TCP when all the features
of TCP are not required. Some of them that use UDP are:
trivial file transfer protocol (TFTP)
simple network management protocol (SNMP)
Remote procedure calls (RPC).
23 | P a g e
8/2/2019 Acit Final
24/36
ADVANCED COMPUTER INVESTIGATION TOPIC
PROCESS
LAYER
TRANSPORT
LAYER
NETWORK LAYER
DATA-LINK LAYER
11.1. 4-LAYER MODEL SHOWING UDP, TCP & IP:
UDP serves as a simple application interface to the IP. The figure illustrates how UDP
accepts datagram from IP.
24 | P a g e
User
Process
User
Process
TCP TCP
IP
Hardware
Interfac
8/2/2019 Acit Final
25/36
ADVANCED COMPUTER INVESTIGATION TOPIC
UDP LAYER
IP LAYER
FIG-UDP MULTIPLEXING
11.2. FORMAT OF UDP DATAGRAM:
32 BIT
25 | P a g e
SOURCE PORT DESTINATION PORT
LENGTH CHECKSUM
DATA
8/2/2019 Acit Final
26/36
ADVANCED COMPUTER INVESTIGATION TOPIC
The figure illustrates the format containing the following fields:
1. Source Port: This value identifies the port of the sending application process. This fieldis optional, and, if not used, a value of 0 is inserted.
2.Destination Port: This value identifies the receiving process on the destination host
machine.
3.Length: This value indicates the length of the user datagram, including the header and
data. This value implies that the minimum length is 8 octets.
4.Checksum: This optional value is the 16-bit ones complement of the ones complement
sum of the pseudo-IP header, the UDP header, and the data. It also performs a
checksum on any padding (if the message needed to contain a multiple of two octets).
The pseudo-header (also used in TCP) ensures that the UDP data unit has arrived at the proper
destination address. Therefore, the pseudo header includes the IP address and is included as part
of the checksum calculation. The final destination performs a complementary checksum on the
pseudo-header (and, of course, the remainder of the UDP data unit) to verify that the traffic is not
altered and it reached the correct destination address. UDP is minimal level of service used in
many transaction-based application systems that is quite useful if the full services of TCP are not
needed.
TCP provides a simple set of services for the UDPs of an Internet. TCP has relatively few
features, but the features are designed to provide end-to-end reliability, graceful closes,
unambiguous connections, handshakes, and several quality-of-service operations, the Internet
transport layer also provides a connectionless operation called, the UDP. UDP is minimal level
of service, principally offering source and destination ports for multiplexing. With UDP, the user
application is typically tasked with performing some end-to-end reliability operations that would
normally be done by TCP.
26 | P a g e
8/2/2019 Acit Final
27/36
ADVANCED COMPUTER INVESTIGATION TOPIC
111 TRANSMISSION CONTROL PROTOCOL AND USER DATAGRAMPROTOCOL:
The IP is not designed to recover from certain problems, nor does it gaurantee
traffic delivery. IP discards datagrams that have exceeded the number of permissible transit
hops. Certain user applications reuire assurance that all datagrams have been delivered safely to
the destination. The transmitting user might need to know lthat the traffic has been delivered at
the receiving host. The mechanism to achieve these important services resides in TCP; UDP,
however, does not provide delivery assurance services (Stevens, 2002).
END-END COMMUNICATIONS
HOST GATEWAY HOST GATEWAY
A B
27 | P a g e
Upper
Layers
TCP
IP
Data Link
Physical
IP
Data Link
Physical
IP
Data Link
Physical
Upper
Layers
TCP
IP
Data Link
Physical
8/2/2019 Acit Final
28/36
ADVANCED COMPUTER INVESTIGATION TOPIC
12.1. RELATIONSHIP OF TRANSPORT LAYER TO OTHER LAYERS:
TCP must establish and manage sessions between its local lusers and these users
remote communicating partners. Thus TCP must constantly be aware of the users on-goingactivities to support the users data transfer through the Internet.
The transport layer of the conventional seven-layered model holds the TCP. It is located below
the upper layers and over the IP. It is not loaded into the router to support user data transfer. It
resides in the machine or host system with end-to-end user data transfer and supports other
protocols.
12.2. COMPARISON OF PROTOCOL FEATURES FOR UDP AND TCP:
IP UDP TCP
Connection-
Oriented NoNo
Yes
28 | P a g e
Subnet
1
Subnet
2
Subnet
3
8/2/2019 Acit Final
29/36
ADVANCED COMPUTER INVESTIGATION TOPIC
Message
boundaries?
Yes
Yes
No
Data checksum?
No
Opt
Yes
Positive ack.
No
No
Yes
Timeout &
remit?
No
No
Yes
Duplicate
detection?
No
No
Yes
Sequencing?
No
No
Yes
Flow control?
No
No
No
111 USING MULTIPLEXING TO SUPPORT SOCKETS:
Because the port numbers can be used by more than one end-point connection, users
can simultaneously share a port resource.
13.1. PASSIVE AND ACTIVE OPEN:
The passive-open mode allows the ULP to tell the TCP and the host operating system
to wait for the arrival of connection request from the remote system rather than issue an active-
open. Upon receiving this request, the host operating system assigns an identifier to this end.
This feature could be used to accommodate communications from remote users without
29 | P a g e
8/2/2019 Acit Final
30/36
ADVANCED COMPUTER INVESTIGATION TOPIC
encountering the delay of active-open. The applications process requesting the passive-open can
accept a connection request from any user.
The second form of connection establishment, the active-open, is used when the ULP designates
a specific socket through which a connection is to be established. Typically, the active-open is
issued to a passive-open port to establish a connection. Two active-opens can be issued at the
same time. The applications can therefore issue an open at any time without concern that
another application has also issued an open.
Transmission control block (TCB) is used to store the information in TCP. The following are the
entries stored in TCB:
Local and remote socket numbers.
Pointers to the send and receive buffers.
Pointers to the retransmit queue.
Security and precedence values for the connection.
Current segment.
13.2. SEGMENTS:
The PDUs exchanged between two TCP modules are called segments. The segment
comprises of a header and the data. The first two fields hold the source port and the destination
30 | P a g e
8/2/2019 Acit Final
31/36
ADVANCED COMPUTER INVESTIGATION TOPIC
port numbers. The sequence number is used during connection management operations. The
acknowledgement number is set to a value that acknowledges earlier received data.
13.3. TCP Segment (PDU):
TCP stream data is acknowledged by the receiver on a byte basis, not on a PDU. The
acknowledgement number, returned by the receiver, refers to the highest byte received in the data
stream. The sending TCP software keeps a copy of data until it has been acknowledged. Once
acknowledged, it turns off a retransmission timer and deletes the segment copy from a
retransmission queue. If necessary, TCP retransmits lost of error data. This technique is called
inclusive acknowledgement. It works well on systems that deliver data in sequential order, but
the underlying IP might data out of order or discard data. In such an event, TCP has no way to
notify the sender that it has received certain segments of a transmission. It can only relay the
value of the contiguous, accumulated bytes. Consequently the sending TCP software can timeout
and re-send the data segments that have already been successfully received. Finally, TCP can
provide considerable information to the network manager (For example, if TCP is sendingexcessive retransmissions, it might provide a clue to problems in the network, such as dead
routers or timers that are not functioning properly). The positive acknowledgements also could
be used to determine how well the components in an Internet are functioning.
111 CONCLUSION:
Growth in the field of information and technology and globalisation of the world made the need
for networking and mobility of data communication which led to the development of protocols
and networking models. A brief critique is done on the models which are extensively used for
networking, have their own limitation. On an all this paper will fetch a lot for a learner and can
give a brief overview of the internet, networking models, protocols.
31 | P a g e
8/2/2019 Acit Final
32/36
ADVANCED COMPUTER INVESTIGATION TOPIC
32 | P a g e
8/2/2019 Acit Final
33/36
ADVANCED COMPUTER INVESTIGATION TOPIC
111 REFERENCE LIST:
1. Andrew S. Tanenbaum, 2002. Computer Networks. Prentice Hall PTR.
http://books.google.co.uk/books?id=Pd-z64SJRBAC&printsec=frontcover#PPA44,M1
[Internet] [Accessed on May 5, 2009]
2. Douglas E.Comer, 2006. Internetworking with TCP/IP: Principles, protocols, and
architecture. Prentice Hall.
http://books.google.co.uk/books?
hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3
WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1
[Internet] [Accessed on May 5, 2009]
33 | P a g e
http://books.google.co.uk/books?id=Pd-z64SJRBAC&printsec=frontcover#PPA44,M1http://books.google.co.uk/books?hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1http://books.google.co.uk/books?hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1http://books.google.co.uk/books?hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1http://books.google.co.uk/books?id=Pd-z64SJRBAC&printsec=frontcover#PPA44,M1http://books.google.co.uk/books?hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1http://books.google.co.uk/books?hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1http://books.google.co.uk/books?hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M18/2/2019 Acit Final
34/36
ADVANCED COMPUTER INVESTIGATION TOPIC
3. Behrouz A. Ferouzan, Sophia Chung Fegan, 2002. TCP/IP protocol suite. McGraw-
Hill Professional.
http://books.google.co.uk/books?id=HsCjH_V04tUC
[Internet] [Accessed on May 5, 2009]
4. Daryl Sheppard, 2005. Troubleshooting complex network problems with the OSI model.
http://www.toastermechanic.com/NetTroubleShoot.pdf
[Internet] [Accessed on May 5, 2009]
5. Richard W. Stevens, 2002. TCP/IP illustrated, volume 1, the protocols.
http://www.inf.ufes.br/~zegonc/material/Arquitetura%20TCP-IP/tcpipStevens.pdf
[Internet] [Accessed on May 5, 2009]
6. Craig Partridge, Timothy J. Shepard, 1997. TCP/IP performance over satellite links.
BBN technologies.
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=620521&isnumber=13498
[Internet] [Accessed on May 5, 2009]
34 | P a g e
http://books.google.co.uk/books?id=HsCjH_V04tUChttp://www.toastermechanic.com/NetTroubleShoot.pdfhttp://www.inf.ufes.br/~zegonc/material/Arquitetura%20TCP-IP/tcpipStevens.pdfhttp://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=620521&isnumber=13498http://books.google.co.uk/books?id=HsCjH_V04tUChttp://www.toastermechanic.com/NetTroubleShoot.pdfhttp://www.inf.ufes.br/~zegonc/material/Arquitetura%20TCP-IP/tcpipStevens.pdfhttp://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=620521&isnumber=134988/2/2019 Acit Final
35/36
ADVANCED COMPUTER INVESTIGATION TOPIC
7. Antony Paga Gumi, 2007. OSI VS TCP.
http://kerjaannyagumi.blogspot.com/search?q=osi+vs+tcp
[Internet] [Accessed on May 5, 2009]
8. Webopedia, N.D.
http://www.webopedia.com/quick_ref/internet_connection_types.asp
[Internet] [Accessed on May 5, 2009]
9. Networktutorials.info, 2007. Introduction to computer network protocols.
http://www.networktutorials.info/protocols_stacks.html
[Internet] [Accessed on May 5, 2009]
10. American University in Cairo, 2002. University Networks Services, Internet
Introduction.
http://unsweb.aucegypt.edu/UNSWEB2/NetIntro.htm
[Internet] [Accessed on May 5, 2009]
35 | P a g e
http://kerjaannyagumi.blogspot.com/search?q=osi+vs+tcphttp://www.webopedia.com/quick_ref/internet_connection_types.asphttp://www.networktutorials.info/protocols_stacks.htmlhttp://unsweb.aucegypt.edu/UNSWEB2/NetIntro.htmhttp://kerjaannyagumi.blogspot.com/search?q=osi+vs+tcphttp://www.webopedia.com/quick_ref/internet_connection_types.asphttp://www.networktutorials.info/protocols_stacks.htmlhttp://unsweb.aucegypt.edu/UNSWEB2/NetIntro.htm8/2/2019 Acit Final
36/36
ADVANCED COMPUTER INVESTIGATION TOPIC