UDP & TCP Where would we be without them!. UDP User Datagram Protocol

Click here to load reader

  • date post

  • Category


  • view

  • download


Embed Size (px)

Transcript of UDP & TCP Where would we be without them!. UDP User Datagram Protocol

  • Slide 1
  • UDP & TCP Where would we be without them!
  • Slide 2
  • UDP User Datagram Protocol
  • Slide 3
  • UDP (1 of 5) How does it work? Connectionless Provides only checksum Provides delivery to port number No detection of lost packets
  • Slide 4
  • UDP (2 of 5) Why use it? Designed for apps that do not need to put sequences of packets together. Speed No acknowledgments are required Multicast applications? Definitely!
  • Slide 5
  • UDP (3 of 5) Source Port (2 Bytes) UDP port used by the sender Defines that application that is sending the packet May be all zeros (very rare) Destination Port (2 Bytes) Defines the destination application to receive the packet
  • Slide 6
  • UDP (4 of 5) Header Length (2 Bytes) Defines the length of the packet from the UDP header to the end of UDP data Checksum (2 Bytes) Different from other headers Performed on contents of UDP header, less the checksum field itself, the data and a pseudo- header derived from the IP header. Pseudo-header is derived from the IP Source address, destination address, protocol, and UDP length fields.
  • Slide 7
  • UDP (5 of 5) Data (variable length) Contains the payload of the packet E.g. DHCP
  • Slide 8
  • Slide 9
  • TCP Transmission Control Protocol
  • Slide 10
  • TCP Header
  • Slide 11
  • Source & Destination Ports 16 bits Specify source and destination applications for encapsulated data Assigned ports are numbered from 0 1023 Example: TFTP is port 69, Doom is 666 Any private application uses port numbers above 1023 Sequence Numbers 32 bits Identifies where encapsulated data fits in data stream from sender Example: if sequence # of segment is 1234 and segment contains 512 bytes of data, next segment should have sequence # of 1747 (1234 + 512)
  • Slide 12
  • Acknowledgement Number 32 bits Identifies sequence number source expects to receive from destination I.e: if last segment sent had sequence number of 101, expects to see 613 (101 + 512) here Header Length 4 bits Length of TCP header in 32-bit words Reserved 6 bits For future use (?) set to all 0s.
  • Slide 13
  • Flags 6 bits Used for data flow and connection control Urgent (URG), Acknowledgement (ACK), Push (PSH), Reset (RST), Synchronize (SYN), Final (FIN) Window Size 16 bits Used for flow control Specifies number of bytes that can be sent without waiting for acknowledgement Can be used for OS fingerprinting
  • Slide 14
  • Checksum 16 bits Covers both header and encapsulated data, providing error detection Urgent Pointer 16 bits Used only when flag set to URG indicating end of urgent data Options and Padding 32 bits (optional) Only really used for setting Maximum Segment Size informing receiver of max. size segment source is willing to accept Padding is used to fill in 0s to make sure header length is multiple of 32 bits
  • Slide 15
  • TCP TCP Flags A, ACK- (Acknowledge) The receiver will send an ACK that equals the senders sequence number plus the Len, or amount of data, at the TCP layer. SYN, and FIN flags count as 1 byte. The ACK can also be thought of as the sequence number of the next octet the receiver expects to receive. S, SYN- Synchronize is used during session setup to agree on initial sequence numbers. Sequence numbers are random. F, FIN- Finish is used during a graceful session close to show that the sender has no more data to send. R, RST- Reset is an instantaneous abort in both directions (abnormal session disconnection). P, PSH- Push forces data delivery without waiting for buffers to fill. This is used for interactive traffic. The data will also be delivered to the application on the receiving end with out buffering. U, URG- Urgent- Data is sent out of band.
  • Slide 16
  • TCP What is it? Designed to address several issues not addressed by IP. Packets arriving out of sequence Packets not arriving at all Recipient not acknowledging receipt Excessive traffic flow Packets arrive too fast for recipient to process Packets too large for recipient
  • Slide 17
  • TCP What is it? (cont.) Addresses these issues Ensures packets reach their destination Retransmitting lost packets Tracks packet sequence numbers for reassembly in right order Manages traffic flow via a windowing process
  • Slide 18
  • TCP How does it work? Ensures reliable communication between sender and recipient Establishes this via a Three-Way- Handshake process Via the TWH, negotiates a socket The socket remains open for duration of communication
  • Slide 19
  • TCP Sockets are paired into sender and receiver sockets IP address of sender Port number of sender IP address of receiver Port number of receiver Allows multiple connections between two systems by changing the above combinations
  • Slide 20
  • TCP 3 Way Handshake
  • Slide 21
  • TCP Reliability TCP uses Sequencing to ensure that a datagram hasnt gotten lost If the receiver determines something is wrong, it will notify the sender to resend the missing packet(s) The acknowledgement field assists by informing the sender what the next sequence number is expected to be It is always one greater than the most recently received data byte.
  • Slide 22
  • TCP Sequencing example Sequence number of last packet 100 Data offset (in Bytes) 256 Therefore 100 + 256 + 1 = 357 Next expected sequence number 357
  • Slide 23
  • TCP TCP Sequencing with no errors
  • Slide 24
  • TCP TCP Sequencing with errors
  • Slide 25
  • TCP Flow Control Flow control Sliding window Amount of data sent to a host before expecting to get an ack. Negotiated by the two systems during the 3-way handshake. Primary reason is for congestion control. Window size can be reduced to alleviate congestion
  • Slide 26
  • TCP Windowing
  • Slide 27
  • TCP End Communication
  • Slide 28
  • TCP Vulnerabilities 3-Way handshake Server will wait for a while after sending the SYN/ACK. Server will send another SYN/ACK Repeated 5-6 times. Each time, server waits twice as long to give client a better chance to connect. If server tries 6 times and starts with a 3 second delay, total wait time could be 189 seconds!
  • Slide 29
  • TCP Vulnerabilities Denial of service SYN Flood Attacking system sends SYN packets to server with invalid return address. Server will try sending a SYN/ACK to the non-existent address. End result is that the socket the attacker sent the SYN to is blocked temporarily. 1000s of SYNs are sent, blocking all available sockets on the server.
  • Slide 30
  • TCP Vulnerabilities Denial of service (cont.) SYN Flood Many attempts have been made to stop this attack. E.g. Sending RST to suspicious SYN packets Failed to stop attack due to volume of SYN packets.