1

Semester 2 Module 10 Intermediate TCP/IP

Yuda college of business

James Chen

ydjames@ydu.edu.tw

2

Outline

TCP Operation Overview of Transport Layer Ports

3

TCP operation IP addresses allow for the routing of packets

between networks. However, IP makes no guarantees about delivery. The transport layer is responsible for the reliable

transport of and regulation of data flow from source to destination.

This is accomplished using sliding windows and sequencing numbers along with a synchronization process that ensures each host is ready and willing to communicate.

4

5

Synchronization or 3-way handshake

This is a three-step process that establishes the virtual connection between the two devices.  First, one host initiates a connection by sending a

synchronization (SYN) packet indicating its initial sequence number of x with a certain bit in the header set to indicate a connection request. This bit is set in the acknowledgment number field of the TCP header (also referred to as the code field). 

Second, the other host receives the packet, records the sequence number of x, replies with an acknowledgment of x + 1, and includes its own initial sequence number of y. The acknowledgment number of x + 1 means the host has received all octets up to and including x, and is expecting x + 1 next.

Finally, the initiating host responds with a simple acknowledgment (ACK) of y + 1 (host B’s sequence number + 1), indicating it received the previous ACK which finalizes the connection process.

6

7

Denial of service attacks Denial of service (DoS) attacks are designed to

deny services to legitimate hosts attempting to establish connections.

DoS attacks are a common method that hackers utilize to halt system response.

One type of DoS is known as SYN flooding. SYN flooding exploits the normal three-way

handshake and causes targeted devices to ACK to source addresses that will not complete the handshake.

8

9

Windowing and window size

Window size determines the amount of data that can be transmitted at one time before receiving an acknowledgment from the destination.

After a host transmits the window-sized number of bytes, the host must receive an acknowledgment that the data has been received before it can send any more data.

For example, with a window size of 1, each individual segment must be acknowledged before sending the next segment.

10

11

TCP utilizes a sliding window when determining transmission size.

A sliding window allows for devices to negotiate a window size to allow for more than one byte to be sent during a single transmission.

This sliding window also allows the destination device to indicate to the source a need to decrease or increase the amount of data being sent because it is incapable at that time of dealing with that much data.

12

13

Sequencing numbers

TCP applies sequence numbers to the data segments it is transmitting so that the receiver will be able to properly reassemble the bytes in their original order.

Sequencing numbers indicate to the destination device the correct order in which to put the bytes when they are received.

These sequencing numbers also act as reference numbers so that the receiver will know if it has received all of the data.

They also identify the missing data pieces to the sender so it can retransmit the missing data.

This offers increased efficiency since the sender only needs to re-transmit the missing segments instead of the entire set of data.

14

15

Positive ACK

Acknowledgement is a common step in the synchronization process which includes sliding windows and data sequencing.

TCP utilizes positive acknowledgment and retransmission to control data flow and confirm data delivery.

Positive acknowledgment and retransmission (PAR) is a common technique many protocols use to provide reliability.

With PAR, the source sends a packet, starts a timer, and waits for an acknowledgment before sending the next packet.

If the timer expires before the source receives an acknowledgment, the source retransmits the packet and starts the timer over again.

16

Windowing is a flow control mechanism requiring that the source device receive an acknowledgment from the destination after transmitting a certain amount of data.

With a window size of three, the source device can send three octets to the destination.

It must then wait for an acknowledgment. If the destination receives the three octets, it sends

an acknowledgment to the source device, which can now transmit three more octets.

17

If, for some reason, the destination does not receive the three octets, possibly due to overflowing buffers, it does not send an acknowledgment.

Because the source does not receive an acknowledgment, it knows that the octets should be retransmitted and that the transmission rate should be slowed.

18

UDP operation

TCP must be used when applications need to guarantee that a packet arrives intact(完整的 ), in sequence, and unduplicated.

UDP does not use windowing or acknowledgments so application layer protocols must provide error detection.

19

Outline

TCP Operation Overview of Transport Layer Ports

20

Multiple conversations between hosts If a server is running both SMTP and WWW, it uses

the destination port field to determine what service the source is requesting.

A port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server.

Without a way to distinguish between different conversations, the client would be unable to send both an email and browse a web page, using one server at the same time.

21

22

Port numbers have the following assigned ranges: Numbers below 255 are reserved for public

applications Numbers from 255-1023 are assigned to

companies for marketable applications Numbers above 1023 are unregulated

23

End systems use port numbers to select proper applications.

Source port numbers are dynamically assigned by the originating host, and are usually a number larger than 1023.

Port numbers in the range of 0-1023 are controlled by the Internet Assigned Numbers Authority.

24

Ports for services

Some ports, defined in RFC 1700 are known as the well-known ports, and reserved in both TCP and UDP.

These well-known ports define applications that run above the transport layer protocols.

25

26

Ports for clients

In general, a client determines the source port by randomly assigning a number above 1023.

For instance, a client attempting to communicate with a web server uses TCP and assigns the destination port as 80 and the source port as 1045.

When the packet arrives at the server, it passes up to the transport layer and eventually to the HTTP service which operates at port 80.

The HTTP server responds to the clients request with a segment which uses port 80 as the source and 1045 as the destination.

In this way, clients and servers use ports to distinguish what process the segment is associated with.

27

Port numbering and well-known port numbers Port numbers are represented by 2 bytes in

the header of a TCP or UDP segment. This 16-bit value can result in port numbers

ranging from 0 to 65535. These port numbers are divided into three

different categories: well-known ports, registered ports, and dynamic or private ports.

28

Example of multiple sessions between hosts

Port numbers are used to track multiple sessions that can occur between hosts.

The source and destination port numbers combine with the network address to form a socket.

A pair of sockets, one on each host, forms a unique connection.

For instance, a host might have a telnet connection, port 23, while at the same time be surfing the net, port 80.

The IP and the MAC addresses would be the same because the packets are coming from the same host.

29

Comparison of MAC addresses, IP addresses, and port numbers

These three methods of addressing are often confusing, but this can be avoided if the addresses are explained in reference to the OSI model.

Port numbers are located at the transport layer and are serviced by the network layer.

The network layer assigns the logical address (IP address) and is then serviced by the data link layer which assigns the physical address (MAC address).