Intermediate TCP/IP

PJC CCNA Semester 2 Ver. 3.0by

William Kelly

The TCP/IP Protocol Suite

Standard for Internetwork Communications

TCP/IP closely maps to the OSI model and is helpful in understanding other protocols

TCP/IP includes layer 3 and 4 protocols as well as upper layer protocols

OSI vs. TCP

Application

Presentation

Session

Transport

Network

Data Link

Physical1

2

3

4

5

6

7

Application

Transport

Internet

NetworkInterface

Common TCP Protocols DNS – Domain Name Server WINS – Windows Naming Service HOSTS – Static IP mapping file POP3 – Post Office Protocol SMTP – Simple Mail Transfer Protocol FTP – File Transfer Protocol TFTP – Trivial File Transfer Protocol HTTP – Hypertext Transfer Protocol

Troubleshooting Protocols

Telnet - used for testing the application layer

Packet Internet Groper (ping) – used for lower layer testing

traceroute – used to find a break in the internetwork path between the source and the destination networks

Windows Troubleshooting Protocols

NBSTAT- used to troubleshoot NETBIOS name resolution

NETSTAT – useful to summarize TCP/IP connections

ipconfig/winipcfg – displays the current network settings (IP address of host, mask, gateway, and DNS information)

Transport Layer key points

Protocols (TCP and UDP) Flow Control/Windowing Data Reliability 3-way handshakes Denial of Service Ports

Layer 4: Transport LayerTCP vs. UDP

Connection-oriented Reliable Messages divided

into segments Reassembles at

destination Resends data that is

not acknowledged

Connectionless Unreliable Messages are called

datagrams Software checking of

message delivery No reassembly of

messages No acknowledgements No Flow Control

Transport Layer Protocols: TCP Segment Format

0 168 31

Source Port (16) Destination Port (16)

Sequence Number (32)

Acknowledgement Number (32)

HeaderLength (4)

HeaderLength (4) Code Bits (6) Window (16)

Checksum (16) Urgent(16)

Options (0 or 32 if any)

Data (varies)

Transport Layer Protocols: UDP Segment Format

0 168 31Source Port

(16)Destination

Port (16) Length (16) Checksum (16) Data (Variable)

Notice port numbers are used in the formation of both UDP and TCP segments

Flow Control and Windowing Flow control is the regulation of how much

data is sent during a transmission period and windowing is the process of flow control

TCP breaks down large pieces of data into segments suitable for transmission

Windows size determines how many segments can be sent before acknowledgement A sliding window adjusts the number of segments

sent to cope with congestion or slow processing by the destination host

Data ReliabilityReliability is provided in 3 ways:1. Sliding windows

Controls the amount of information transferred Congestion avoidance and control Allows more than one segment to be sent

before acknowledgement Positive acknowledgement with retransmission

2. Synchronization3. Sequence numbers

Sequencing of segments at source before transmission

3 Way Handshakes TCP allows a synchronization process prior

to data transmission that forms a virtual circuit

Sequence numbers included in the handshake assure that positive acknowledgements can be made to the connection request and to transmitted segments (Remember IP provides no verification that data was transmitted successfully)

3 Way Handshakes (cont.)Host A

Host BSendSeq.=x

ReceiveSeq.=xAck X + 1

Send Y

Ack Y + 1

Denial of Service Attacks During Synchronization

Syn Flooding is one type of DOS that uses a false source IP address during a 3 way handshake causing a reply to a non-existent address. This fills up the connection queue and exhausts system resources. Possible defenses include: Decreasing the connection timeout Increasing the size of the connection queue

Ports Ports are represented by a 16 bit number ( 0 -

65,535 possible) Three types of ports are:

Well Known – 0 – 1023 Registered – 1024 – 49,151 Dynamic or Private – 49,152 – 65,535

A port number and an IP address for a socket Usually clients randomly assign source port

numbers Note: Numbers below 255 are for public

applications, numbers between 255 and 1023 are assigned to companies for marketable applications, and numbers above 1023 are unregulated

Important Port Numbers!!

Internet Layer Protocols IP – connectionless best-effort system to

move datagrams to a destination ICMP – Provides control and messaging ARP – Address Resolution Protocol

determines a MAC address for a known IP address

RARP – Reverse Address Resolution Protocol determines an IP address for a known MAC address (diskless workstations)