Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
TCP
CIT 384: Network Administration Slide #1
Topics
Application 1. UDP
2. TCP
Presentation
3. QoS
Session 4. Security
Transport
Network
Data Link
Physical
CIT 384: Network Administration Slide #2
UDP: User Datagram Protocol
Simple datagram transport layer protocol.
Each application output generates one UDP
datagram, which produces one IP datagram.
Trades reliability for speed
Sends datagrams directly to unreliable IP layer.
16bit port numbers
Identify sending and receiving processes.
Applications
DNS, SNMP, TFTP, VOIP, streaming video
CIT 384: Network Administration Slide #3
UDP Header
CIT 384: Network Administration Slide #4
UDP Example: TFTP
Trivial File Transfer Protocol
No authentication
TFTP Session:
sun16 > tftp at204m02
tftp> get readme.txt
Received 1024 bytes in 0.2 seconds.
tftp> quit
CIT 384: Network Administration Slide #5
TFTP Packet Types
Packet types
1) read a file (filename, ascii/binary)
2) write a file (filename, ascii/binary)
3) file data block
4) ACK
5) error
CIT 384: Network Administration Slide #6
TFTP Packet Diagram
CIT 384: Network Administration Slide #7
TFTP Session Trace
at204m02 > snoop udp sun16
2 0.00000 sun16 -> at204m02 TFTP Read "2sun"
(netascii)
CIT 384: Network Administration Slide #8
TFTP Security
Feature: no username/password required
TFTP used for diskless hosts to boot.
How to protect /etc/passwd?
Limit TFTP server filesystem access.
Generally only can access /tftpboot directory.
CIT 384: Network Administration Slide #9
TCP: Transmission Control Protocol
Connectionoriented
Must establish connection before sending data.
3way handshake.
Reliable bytestream
TCP decides how to divide stream into packets.
ACK, timeout, retransmit, reordering.
16bit source and destination ports.
FTP(21), HTTP(80), POP(110), SMTP(25)
CIT 384: Network Administration Slide #10
TCP Reliability
1. Breaks data into bestsized chunks.
2. After sending segment, maintains timer; if no
ACK within time limit, resends segment.
3. Sends ACK on receipt of packets.
4. Discards pkts on bad checkum of header and
data.
5. Receiver resequences TCP segments so data
arrives in order sent.
6. Receiver discards duplicate segments.
7. Flow control: only sends as much data as receiver
can process.
CIT 384: Network Administration Slide #11
TCP Header
CIT 384: Network Administration Slide #12
TCP Header
Source Port: 16bit source identifier
Destination Port: 16bit destination identifier
Sequence Number: 32bit segment identifier.
Acknowledgment: next sequence number
expected by sender of ACK
TCP is full duplex so both sides of connection have
own set of sequence numbers
CIT 384: Network Administration Slide #13
Headers
CIT 384: Network Administration Slide #14
TCP: Three Applications
CIT 384: Network Administration Slide #15
Using Port Numbers to Multiplex
Concept of Socket: IP address, transport protocol, port number
CIT 384: Network Administration Slide #16
TCP/IP Applications
• WWW
• DNS
• SNMP
• TFTP
• SMTP
• POP3
CIT 384: Network Administration Slide #17
WellKnown Port Numbers
CIT 384: Network Administration Slide #18
Sequence Numbers and ACKs
Sequence=1, 1000 bytes
Sequence=1001, 1000 bytes
ACK=2002
ACK specifies next byte to be received, i.e.
it acknowledges receipt of all bytes up to but
not including the ACK number.
CIT 384: Network Administration Slide #19
Errors and Retransmission
Sequence=1, 1000 bytes
Sequence=1001, 1000 bytes
ACK=1001
Sequence=1001, 1000 bytes
Sender also sets retransmission timer. If no ACK
received by the time the timer expires, then sender
retransmits the segments sent since timer was set.
CIT 384: Network Administration Slide #20
TCP Flow Control
Window size: number
of bytes receiver is
willing to accept
Sender must stop
sending if window
full and no ACK
received yet.
Window starts small,
then grows until
errors occur.
CIT 384: Network Administration Slide #21
TCP Header Flags (Code Bits)
URG: urgent pointer is valid
ACK: acknowledgement number is valid
PSH: rcvr should pass data to app asap
RST: reset connection
SYN: synchronize sequence numbers to
initiate a connection
FIN: sender is finished sending data
CIT 384: Network Administration Slide #22
TCP Options
Header length: length of header in 32bit words
(20bytes default–60bytes w/ options)
End of option list (kind=0)
NOP (kind=1)
Used to pad fields to 32bit boundary
Maximum Segment Size (MSS) (kind=2)
Len=4 (length includes kind + len bytes)
16bit MSS
Default: 536 data + 20 TCP hdr + 20 IP hdr
Window Scale Factor (kind=3)
Timestamp (kind=8)
CIT 384: Network Administration Slide #23
TCP Connections
Establishment
3way handshake
Connection Trace
Termination
Normal Termination
Connection Trace
Reset
CIT 384: Network Administration Slide #24
Connection Establishment Protocol
1. Requester (client) sends a SYN segment,
specifying the port number of the server to which
it wants to connect and the client’s initial
sequence number (ISN).
2. Server responds with SYN segment containing
server’s ISN. Server acknowledges client’s SYN
by ACKing the client’s ISN+1.
3. Client acknowledges server SYN by ACKing
server’s ISN+1.
CIT 384: Network Administration Slide #25
TCP 3way Handshake
CIT 384: Network Administration Slide #26
Connection Termination Protocol
As TCP is full duplex, each side must
terminate half of the connection as follows:
Send FIN segment (active close)
Other side ACKs w/ FIN sequence number +1
Halfclosed connections
Side that sent FIN can still receive data.
Example: ssh fasthost sort < words.txt
CIT 384: Network Administration Slide #27
TCP Disconnection
CIT 384: Network Administration Slide #28
TCP Reset
Connection Refused
> telnet at204m02 8192
Trying 10.1.0.90...
telnet: Unable to connect to remote host:
Connection refused
Packet Trace
sun09 -> at204m02 TCP D=8192 S=33048
Syn Seq=3848454475 Len=0 Win=24820
Options=<nop,nop,sackOK,mss 1460>
at204m02 -> sun09 TCP D=33048
S=8192 Rst Ack=3848454476 Win=0
CIT 384: Network Administration Slide #29
TCP Reset (cont.)
Connection Abort
Any queued data is thrown away.
Other side is informed of abnormal close.
Packet Detail:
One side sends RST.
Other side aborts connection.
There is no ACK sent in response.
CIT 384: Network Administration Slide #30
HalfOpen Connections
Connections where one side has aborted or
closed connection w/o knowledge of other.
– Client or server host has crashed.
– DOS attack: requester sends SYN, doesn’t
respond to SYN+ACK.
CIT 384: Network Administration Slide #31
Example List of TCP Ports
TCP: IPv4 (netstat –na output)
Local Addr Rmt Addr State
---------- --------------------
*.111 *.* LISTEN
*.32771 *.* LISTEN
*.32772 *.* LISTEN
*.32773 *.* LISTEN
*.32774 *.* LISTEN
*.4045 *.* LISTEN
*.22 *.* LISTEN
*.2049 *.* LISTEN
*.515 *.* LISTEN
*.80 *.* LISTEN
*.6000 *.* LISTEN
*.22 10.17.0.23.32827 ESTABLISHED
*.2049 10.17.0.23.799 ESTABLISHED
CIT 384: Network Administration Slide #32
TCP Servers
Local Address
*.80 means that it will accept connections on any network
interface on TCP port 80.
Foreign Address
*.* means that the server will accept connections from any
source host and port.
Conn=(src IP, src port, dst IP, dst port)
All connections to same server will have same dst IP and
port, but will have different source IPs and ports
Kernel maintains queue of ~5 incoming connections
for each server.
CIT 384: Network Administration Slide #33
Sockets
Each TCP or UDP connection is a socket.
Source IP
Source port (chosen randomly >1024)
Destination IP
Destination port
CIT 384: Network Administration Slide #34
Quality of Service Problems
Throughput (bandwidth)
Amount of data transferred per unit time.
Latency (delay)
Time packets take to reach their destination.
Jitter
Variation in latency.
Loss
Packets are lost in transit. TCP will retransmit them,
increasing latency. UDP will ignore.
Out of Order
Packets arrive out of order and have to be reordered,
increasing latency (TCP) or loss (UDP.)
CIT 384: Network Administration Slide #35
QoS Minimum Needs
App Bandwidth Latency Jitter Loss
CIT 384: Network Administration Slide #36
Converting from Sound to Packets
with a VA (Voice Adapter)
CIT 384: Network Administration Slide #37
DNS Resolution and
Requesting a Web Page
CIT 384: Network Administration Slide #38
Multiple HTTP Get
Requests/Responses
CIT 384: Network Administration Slide #39
Network Security
CIT 384: Network Administration Slide #40
Typical Enterprise Internet
Connection with a Firewall
CIT 384: Network Administration Slide #41
Common Security Issues in an
Enterprise
CIT 384: Network Administration Slide #42
Common Internet Design Using
a Firewall
CIT 384: Network Administration Slide #43
Sample VPNs
CIT 384: Network Administration Slide #44
References
• James Boney, Cisco IOS in a Nutshell, 2nd edition,
O’Reilly, 2005.
• Cisco, Cisco Connection Documentation,
http://www.cisco.com/univercd/home/home.htm
• Cisco, Internetworking Basics,
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_do
c/introint.htm
• Wendell Odom, CCNA Official Exam Certification
Library, 3rd edition, Cisco Press, 2007.
• Priscilla Oppenheimer and Joseph Bardwell,
Troubleshooting Campus Networks, AddisonWesley,
2002.
• W. Richard Stevens, TCP/IP Illustrated, Addison
Wesley, 1994.
CIT 384: Network Administration Slide #45