Lecture 2: IP addresses, TCP and UDP

This lecture will cover: The “whole thing” (how your email gets to you) More about IP addresses. How names become IP addresses. TCP and UDP ICMP

More Information Bertsekas/Gallager: Section 2.8-2.9 Tanenbaum: Section 6.1-6.4

Reminder from last lecture

IP sends data from place to place. TCP or UDP sit above it at either end.

When you use the internet you use addresses like http://manor.york.ac.uk or dave@hotmail.com

These addresses must then be converted to an IP address e.g. 144.32.100.24

This means that data (packets) can get from A to B. But what happens if data is lost, how do we know

where they are going to and how can we put packets back together into data?

The Internet - emailing a friend

your computer

G/169router

university ofyork

JANETtransatlanticcable

US backbone

LANyour friend'scomputer

Domain Name System (DNS)

DNS takes the human readable name and converts it to octets.

On a unix machine you can try this using nslookup. (Linux users may prefer dig).

manor.york.ac.uk 1% nslookup www.ntk.netServer: castle2.york.ac.ukAddress: 144.32.128.5

Non-authoritative answer:Name: vwww.flirble.orgAddress: 195.40.6.34Aliases: www.ntk.net

Answer

Question

DNS(2)

com org gov mil jp uk nl

sun

eng

vnvnation

www

ac co org

york

www manor

ic

doc

src

net

generic/US national

musicnonstop

www

TLDs (Top Level Domains)

DNS (3)

Routing Tables

How do packets know where to go? This problem is known as routing. The oldest (and easiest) solution is static routing. Each computer has a table saying where to go to get to

each other computer. On a Local Area Network (LAN) list all machines on

your subnet and the address of the external router for everything else.

Most machines only need to know how to get to their nearest router. Much more will be said about routing later in the course

TCP and UDP

Once we’ve got our IP packet safely to its destination what happens next?

Having stripped off the header, the first thing we find is another header.

The second header provides information on which port to enter the machine on and where to send the reply.

It also provides a checksum to check the data is valid. UDP will do nothing else. TCP will ensure that the

connection is lossless.

What are ports?

Ports are conceptual “points of entry” into a host computer.

They do not correspond with real hardware but are an abstraction for convenience.

Usually a service is associated with a port (e.g. http on port 80).

Servers “listen on a port” for connection attempts. Ports provide one level of internet security. Generally, low number ports (< 100) are reserved

for special services.

Common Services and Ports

Service Listens on Portftp 21telnet 23smtp (mail) 25finger 79 http 80

User configured services (your Half-Life server?) will listen on high numbered ports which are usually left open to all users.

UDP data

User Datagram Protocol – the header is shown below.

Length and checksum are as for IP.

About UDP

Provides a lossy connection (data may vanish). Does not guarantee packets are delivered in

order. Useful for real time applications. (It is no use

having your Quake III information arriving correctly but ten seconds late).

UDP applications can implement their own packet loss checking but it is best to use TCP for this.

The TCP header

The TCP header is shown below

About the TCP header

Sequence number (what is the “order” of this packet) incremented by 1 for every packet.

Acknowledgement number (what packet sequence number does this acknowledge).

Header length (how many 32 bit words are in options).

Flags: SYN = start connection, ACK = acknowledge packet, FIN= finish connection.

(Three other flags, URG, RST, PSH).

TCP header (2)

Window size will be described in more detail later (it sets how many unacknowledged packets may exist).

Checksum – is as for IP and UDP. Urgent Pointer – points to part of the data that must be

looked at by the receiver before the TCP session (rarely used).

Offsets says how long the options field is (the options field can contain “other things” – extra facilities that TCP might implement).

About TCP

TCP provides a lossless connection (or flags an error when losses occur).

Data packets are given an order and can be reassembled.

TCP provides some limited congestion control. TCP is most useful for applications where data

validity is important but real-time is not critical (email, www, ftp).

TCP packets are part of a TCP session.

TCP connections

This diagram shows the start of a TCP connection.

A sends packet X withSYN. “Hello I would like to talk”.B sends a SYN, ACKpair “I got yourmessage. I wouldalso like to talk”A sends an ACK (andsome data) “Igot your message,here is some data.”

TCP mechanisms

The window size is the number of outstanding (unacknowledged) packets that that a TCP session can send.

The window size provides a crude method for congestion control.

The window size increases to allow more packets to be sent (it increases throughput).

If a packet is lost then the window is reduced again.

TCP lost packets

When a packet is received out of sequence the receiver sends an ACK with the same number as the previous.

If the sender receives three duplicate ACKs then it assumes the packet has been lost and resends.

If the sender has not received an ACK for a packet within a certain amount of time then it times out and assumes the packet lost.

Packet loss causes the packet to be resent and the congestion window to be reduced.

TCP Window Increase/Decrease

Transmission no

Threshold

Threshold

Congestion window

The initial doubling of thewindow size is called “slowstart”.

Timeout

Closing a TCP/session – an interesting dilemma (aside)

How can we close a TCP session and stop listening?

ICMP

Internet Control Message Protocol packets are used for various control purposes. Here are some common ones:

Time exceeded: TTL hit 0. Echo request: Can you hear me out there? Echo reply: Yes I can hear you. Source Quench: Stop sending so much data. Timestamp request/reply (as echo but with

times).

The story of ping

Ping is a handy utility for checking if a computer is alive using ICMP echo request/reply (or timestamp if we want).

Ping is a first test if a computer is networked. We can even measure the speed of light using ping.

http://xxx.lanl.gov/abs/physics/0201053 Hacking makes it increasingly unused.

manor.york.ac.uk 20% ping -s castle.york.ac.ukPING castle2.york.ac.uk: 56 data bytes64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=0. time=1. ms64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=1. time=1. ms64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=2. time=1. ms64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=3. time=1. ms

Traceroute

Traceroute neatly combines ping and the TTL flag to get a “route” to a computer.

If the TTL is one the the packet will “die” after one hop.

ICMP will return a Time exceeded flag. This will tell us where the first “hop” of our

journey is. Increase the TTL by one to find the next “hop”.

ICMP tourism (with traceroute)

traceroute to host213-121-67-224: (213.121.67.224): 2-20 hops, 38 byte packets 2 213.180.11.162 tondi-CR.online.ee 1.62 ms (ttl=127) 3 213.180.25.1 liiva-CR.online.ee 1.82 ms (ttl=126) 4 213.180.11.189 tix-CR.online.ee 2.16 ms (ttl=125) 5 212.47.215.6 r1-Fa4-0-80-Tln-TIX.EE.KPNQwest.net 2.28 ms (ttl=251) 6 134.222.224.5 r5-AT3-1.105.sthm-KPN1.SE.kpnqwest.net 12.2 ms (ttl=250) 7 134.222.119.226 r2-Ge0-2-0-0.Sthm-KQ1.SE.KPNQwest.net 34.3 ms (ttl=246!) 8 134.222.230.157 r2-Se0-3-0.hmbg-KQ2.DE.KPNQwest.net 33.4 ms (ttl=247!) 9 134.222.230.117 r2-Se0-2-0.0.ffm-KQ1.DE.kpnqwest.net 34.1 ms (ttl=249!)10 134.222.230.29 r2-Se0-3-0.0.ledn-KQ1.NL.kpnqwest.net 39.6 ms (ttl=248!)11 134.222.230.169 r1-Se0-0-0.0.ldn-KQ1.UK.kpnqwest.net 43.7 ms (ttl=246!)12 134.222.231.14 r1-Se0-0-0.0.Ldn-KQ4.UK.KPNQwest.net 44.9 ms (ttl=245!)13 134.222.109.241 r13-Gi5-0.200.ldn-KQ4.UK.kpnqwest.net 45.4 ms (ttl=245!)14 195.66.225.10 linx-l1.ukcore.bt.net 45.2 ms (ttl=244!)15 194.74.65.126 core2-pos14-0.ilford.ukcore.bt.net 45.3 ms (ttl=243!)16 194.74.65.222 core2-pos5-0.reading.ukcore.bt.net 46.7 ms (ttl=242!)17 62.6.196.109 core2-pos8-0.birmingham.ukcore.bt.net 54.3 ms (ttl=241!)18 194.74.16.194 core2-pos9-0.rochdale.ukcore.bt.net 51.0 ms (ttl=240!)19 217.32.168.5 vhsaccess1-gig1-0.rochdale.fixed.bt.net 51.1 ms (ttl=239!)20 213.121.156.22 ugint0066-p.vhsaccess1.rochdale.fixed-nte.bt.net 51.3 ms (ttl=238!)

This shows the trip from Estonia to my flat in Fulfordvia my Internet Service Provider (ISP) – V21 in Rochdale

The journey of email

To: dave@distant.comFrom: richard@manor

Dave, Great to see youthe other day...

Look up IPname fordistant.com

Dav e, Gr

eat to s

Packetisethe data

Dav

Add TCPheader tofirst packet

Dav

Add IPheader tofront of that

Get firsthop fromrouting table

SYNSYN,ACKACK

Set up the TCP connection

Send thefirst packetto its first hop

And so onfor furtherhops.

Destination gets packetand returns ACK

Start sending rest of data