Hour 6

The Transport Layer

1

What You'll Learn in This Hour

Connections oriented and connectionless protocols

Ports and sockets

TCP

UDP

2

At the completion of this hour, you will be able to Describe the basic duties of the Transport layer

Explain the difference between a connection-oriented protocol and a connectionless protocol

Explain how Transport layer protocols provide an interface to network applications through ports and sockets

Describe the differences between TCP and UDP

Identify the fields that make up the TCP header

Describe how TCP opens and closes a connection

Describe how TCP sequences and acknowledges data transmissions

Identify the four fields that comprise the UDP header

3

the Transport layer protocols to provide the following:

– Interface for network applications

– A mechanism for multiplexing/demultiplexing

– Error checking, flow control, and verification

– Transport Control Protocol (TCP)

– User Datagram Protocol (UDP)

4

Transport Layer Concepts

Connection-oriented and connectionless protocols

Ports and sockets

Multiplexing

5

Connection-Oriented and Connectionless Protocols

Connection-Oriented

Connectionless-Oriented

6

Ports and Sockets A port is a predefined internal address that

serves as a pathway from the application to the Transport layer or from the Transport layer to the application.

A socket is an address formed by concatenating the IP address and the port number. For instance, the socket number 111.121.131.141.21 refers to port 21 on the computer with the IP address 111.121.131.141.

7

Port

8

Socket

1.1.1.11.1.1.2

Socket 1.1.1.2.2500

Socket 1.1.1.1.23

9

Well-Known Port

A well-known port is a port number that is assigned to a specific application by ICANN

See more details in “Sams Teach Yourself TCP/IP in 24 Hours, Third Edition”

Or you can see in http://www.iss.net/security_center/advice/Exploits/Ports/default.htm

10

Multiplexing/Demultiplexing

The socket addressing system enables TCP and UDP to perform another important Transport layer task: multiplexing and demultiplexing

11

Multiplexing/Demultiplexing

Multiplexing/demultiplexing enables the lower levels of the TCP/IP stack to process data without regard to which application initiated that data.

All associations with the originating application are settled at the Transport layer, and data passes to and from the Internet layer in a single, application-independent pipeline.

The key to multiplexing and demultiplexing is the socket address. Because the socket address combines the IP number with the port number, it provides a unique identifier for a specific application on a specific machine. 12

Multiplexing/Demultiplexing

13

Multiplexing/Demultiplexing

See the Telnet server depicted in previous page

All client machines use the well-known port address TCP 23 to contact the Telnet server, but the destination socket for each of the connecting PCs is unique.

Likewise, all network applications running on the Telnet server use the server's IP address, but only the Telnet service uses the socket address, consisting of the server's IP address plus TCP port 23.

14

TCP: The Connection-Oriented Transport Protocol Stream-oriented processing— TCP processes data in a stream. In other words, TC

P can accept data a byte at a time rather than as a preformatted block. TCP formats the data into variable-length segments, which it will pass to the Internet layer.

Resequencing— If data arrives at the destination out of order, the TCP module is capable of resequencing the data to restore the original order.

Flow control — TCP's flow control feature ensures that the data transmission won't outrun or overrun the destination machine's capability to receive the data. This is especially critical in a diverse environment in which there may be considerable variation of processor speeds and buffer sizes.

Precedence and security— The Department of Defense specifications for TCP call for optional security and priority levels that can be set for TCP connections. Many TCP implementations, however, do not provide these security and priority features.

Graceful close— TCP is as careful about closing a connection as it is about opening a connection. The graceful close feature ensures that all segments have been sent and received before a connection is closed.

15

16

TCP Header Format

192 bits24 Bytes

17

TCP Header Source Port (16-bit)— The port number assigned to the application on the source ma

chine.

Destination Port (16-bit)— The port number assigned to the application on the destination machine.

Sequence Number (32-bit)—The sequence number of the first byte in this particular segment, unless the SYN flag is set to 1. If the SYN flag is set to 1, the Sequence Number field provides the initial sequence number (ISN), which is used to synchronize sequence numbers. If the SYN flag is set to 1, the sequence number of the first octet is one greater than the number that appears in this field (in other words, ISN+1).

Acknowledgment Number (32-bit)— The acknowledgment number acknowledges a received segment. The value is the next sequence number the receiving computer is expecting to receive, in other words, the sequence number of the last byte received +1.

Data offset (4 bits) — A field that tells the receiving TCP software how long the header is and, therefore, where the data begins. The data offset is expressed as an integer number of 32-bit words.

18

TCP Header Reserved (6 bits)— Reserved for future use. The Reserved field provides room to

accommodate future developments of TCP and must be all zeros

Control flags (1 bit each)— The control flags communicate special information about the segment.

– URG— A value of 1 announces that the segment is urgent and the Urgent Pointer field is significant.

– ACK— A value of 1 announces that the Acknowledgment Number field is significant.

– PSH— A value of 1 tells the TCP software to push all the data sent so far through the pipeline to the receiving application.

– RST— A value of 1 resets the connection.

– SYN— A value of 1 announces that sequence numbers will be synchronized, marking the beginning of a connection. See the discussion of the three-way handshake, later in this hour.

– FIN— A value of 1 signifies that the sending computer has no more data to transmit. This flag is used to close a connection.

19

TCP Header Window (16-bit)— A parameter used for flow control. The window defines the range o

f sequence numbers beyond the last acknowledged sequence number that the sending machine is free to transmit without further acknowledgment.

Checksum (16-bit)— A field used to check the integrity of the segment. A receiving computer performs a checksum calculation based on the segment and compares the value to the value stored in this field. TCP and UDP include a pseudo-header with IP addressing information in the checksum calculation. See the discussion of the UDP pseudo-header later in this hour.

Urgent Pointer (16-bit)— An offset pointer pointing to the sequence number that marks the beginning of any urgent information.

Options— Specifies one of a small set of optional settings.

Padding— Extra zero bits (as needed) to ensure that the data begins on a 32-bit boundary.

Data— The data being transmitted with the segment.

20

TCP Connection

Passive open— A given application process notifies TCP that it is prepared to receive incoming connections through a TCP port. Thus, the pathway from TCP to the application is opened in anticipation of an incomin

g connection request.

Active open— An application requests that TCP initiate a connection with another computer that is in

the passive open state. (Actually, TCP can also initiate a connection to a computer that is in the active open state, in case both computers are

attempting to open a connection at once.)

21

Establishing a Connection This synchronization of sequence numbers is called a three-way

handshake. The three-way handshake always occurs at the beginning of a TCP connection. The three steps of a three-way handshake are as follows:

22

Establishing a Connection

23

24

TCP Retransmission

25

TCP Flow Control The Window field in the TCP header provides a flow control mechanism

for the connection.

The purpose of the Window field is to ensure that the sending computer doesn't send too much data too quickly, which could lead to a situation in which data is lost because the receiving computer can't process incoming segments as quickly as the sending computer can transmit them.

The flow control method used by TCP is called the sliding window method. The receiving computer uses the Window field (also known as the buffer size field) to define a window of sequence numbers beyond the last acknowledged sequence number that the sending computer is authorized to transmit.

The sending computer cannot transmit beyond that window until it receives the next acknowledgment.

26

Sliding Window

Stop and Wait

Sliding Window 27

Closing a Connection When it is time to close the connection, the computer initiating

the close, Computer A, places a segment in the queue with the FIN flag set to one.

The application then enters what is called the fin-wait state. In the fin-wait state, Computer A's TCP software continues to receive segments and processes the segments already in the queue, but no additional data is accepted from the application.

When Computer B receives the FIN segment, it returns an acknowledgment to the FIN, sends any remaining segments, and notifies the local application that a FIN was received.

Computer B sends a FIN segment to Computer A, which Computer A acknowledges, and the connection is closed

28

Closing a Connection

29

Closing a Connection (Continue)

30

UDP: The Connectionless Transport Protocol

UDP is much simpler than TCP, and it doesn't perform any of the functions listed in the preceding

section..

First, although UDP is sometimes described as having no error-checking capabilities, in fact, it is cap

able of performing rudimentary error checking.

Second, UDP does not offer the resequencing of data provided by TCP.

31

UDP Header

32

UDP Header

Source Port— This field occupies the first 16 bits of the UDP header. This field typically holds the UDP port number of the application sending this datagram.

Destination Port— This 16-bit field holds the port address to which the UDP software on the receiving machine will deliver this datagram.

Length— This 16-bit field identifies the length in octets of the UDP datagram. The length includes the UDP header as well as the UDP data payload.

Checksum— This 16-bit field is used to determine whether the datagram was corrupted during transmission. The checksums generated at the source and verified at the destination allow the client application to determine if the datagram has been corrupted.

33