Transport Layer
TCP Flow Control - Window Size and Acknowledgments (Reliability 2)
-16 bit Windows Size header is used to adjust the rate of data flow between source and destination for a given session. -This improves the reliability of the TCP session -Window Size is how much data the sender can transmit before receiving an acknowledgement -The acknowledgment number is the number of the next expected byte. -Typically, the destination will not wait for all the bytes for its window size to be received before replying with an acknowledgment. As the bytes are received and processed, the destination will send acknowledgments to inform the source that it can continue to send additional bytes. -A destination sending acknowledgments as it processes bytes received, and the continual adjustment of the source send window, is known as sliding windows. -The receiver typically sends an acknowledgment after every two segments it receives. Figure: For example, it is typical that PC B would not wait until all 10,000 bytes have been received before sending an acknowledgment. This means PC A can adjust its send window as it receives acknowledgments from PC B. As shown in the figure, when PC A receives an acknowledgment with the acknowledgment number 2,921, which is the next expected byte. The PC A send window will increment 2,920 bytes. This changes the send window from 10,000 bytes to 12,920. PC A can now continue to send up to another 10,000 bytes to PC B as long as it does not send more than its new send window at 12,920.
What is a ISN in TCP?
-ISN is the sequence number -It is randomly generated -Represents the starting value of the bytes that are transmitted to the receiving application As data is transmitted during the session, the ISN is incremented by the number of bytes that have been transmitted. -Allows for data byte tracking which allows each segment to be uniquely identified and acknowledged so missing segments can be re-sent and re-assembled in the right order
How does UDP reassemble the data, by sequence number or in the order it was received?
-In the order it was received, data may and will most likely be out of order -It is up to the application to keep track of the data and reassemble it if segment tracking is needed.
Transmission Control Protocol (TCP)
-TCP is considered a reliable, full-featured transport layer protocol, which ensures that all of the data arrives at the destination. -TCP includes fields which ensure the delivery of the application data. These fields require additional processing by the sending and receiving hosts.
UDP Low Overhead versus Reliability
-UDP does NOT establish a connection before sending data. -It has low overhead so it can send data quickly for applications like VoIP
UDP Datagram Reassembly
-UDP has no way to reorder the datagrams into their transmission order, as shown in the figure. -If the data sequence is important to the application, the application must identify the proper sequence and determine how the data should be processed. UDP: Connectionless and Unreliable
User Datagram Protocol (UDP)
-UDP is a simpler transport layer protocol than TCP. -It does not provide reliability and flow control, which means it requires fewer header fields. Because the sender and the receiver UDP processes do not have to manage reliability and flow control, this means UDP datagrams can be processed faster than TCP segments. -UDP provides the basic functions for delivering datagrams between the appropriate applications, with very little overhead and data checking. -UDP divides data into datagrams that are also referred to as segments.
UDP Server Processes and Requests
-When UDP receives a datagram destined for one of these ports (ports that the application is listening on), it forwards the application data to the appropriate application based on its port number.
TCP Reliability - Data Loss and Retransmission (Reliability 1)
-The sequence (SEQ) number and acknowledgement (ACK) number are used together to confirm receipt of the bytes of data contained in the transmitted segments. -The SEQ number identifies the first byte of data in the segment being transmitted. -TCP uses the ACK number sent back to the source to indicate the next byte that the receiver expects to receive. This is called expectational acknowledgement. -Prior to later enhancements, TCP could only acknowledge the next byte expected. For example, in the figure, using segment numbers for simplicity, host A sends segments 1 through 10 to host B. If all the segments arrive except for segments 3 and 4, host B would reply with acknowledgment specifying that the next segment expected is segment 3. Host A has no idea if any other segments arrived or not. Host A would, therefore, resend segments 3 through 10. If all the resent segments arrived successfully, segments 5 through 10 would be duplicates. This can lead to delays, congestion, and inefficiencies. -Host operating systems today typically employ an optional TCP feature called selective acknowledgment (SACK), negotiated during the three-way handshake. If both hosts support SACK, the receiver can explicitly acknowledge which segments (bytes) were received including any discontinuous segments. The sending host would therefore only need to retransmit the missing data. For example, in the next figure, again using segment numbers for simplicity, host A sends segments 1 through 10 to host B. If all the segments arrive except for segments 3 and 4, host B can acknowledge that it has received segments 1 and 2 (ACK 3), and selectively acknowledge segments 5 through 10 (SACK 5-10). Host A would only need to resend segments 3 and 4. ---------------------------------------- TCP typically sends ACKs for every other packet, but other factors beyond the scope of this topic may alter this behavior. TCP uses timers to know how long to wait before resending a segment.
UDP Client Processes
1. Clients Sending UDP Requests -Client 1 is sending a DNS request while Client 2 is requesting RADIUS authentication services of the same server. 2. UDP Request Destination Ports -Client 1 is sending a DNS request using the well-known destination port 53 while Client 2 is requesting RADIUS authentication services using the registered destination port 1812. 3. UDP Request Source Ports -The requests of the clients dynamically generate source port numbers. In this case, Client 1 is using source port 49152 and Client 2 is using source port 51152. 4. UDP Response Destination -When the server responds to the client requests, it reverses the destination and source ports of the initial request. In the Server response to the DNS request is now destination port 49152 and the RADIUS authentication response is now destination port 51152. 5. UDP Response Source Ports -The source ports in the server response are the original destination ports in the initial requests.
What are the 3 functions of the 3-Way TCP handshake?
1. It establishes that the destination device is present on the network. 2. It verifies that the destination device has an active service and is accepting requests on the destination port number that the initiating client intends to use. 3. It informs the destination device that the source client intends to establish a communication session on that port number.
What are the 2 protocols in the transport layer?
1. Transmission Control Protocol (TCP) 2. User Datagram Protocol (UDP)
Well-Known Port Numbers
20 - TCP - File Transfer Protocol (FTP) - Data 21 - TCP - File Transfer Protocol (FTP) - Control 22 - TCP - Secure Shell (SSH) 23 - TCP - Telnet 25 - TCP - Simple Mail Transfer Protocol (SMTP) 53 - UDP, TCP - Domain Name Service (DNS) 67 - UDP - Dynamic Host Configuration Protocol (DHCP) - Server 68 - UDP - Dynamic Host Configuration Protocol - Client 69 - UDP - Trivial File Transfer Protocol (TFTP) 80 - TCP - Hypertext Transfer Protocol (HTTP) 110 - TCP - Post Office Protocol version 3 (POP3) 143 - TCP - Internet Message Access Protocol (IMAP) 161 - UDP - Simple Network Management Protocol (SNMP) 443 - TCP - Hypertext Transfer Protocol Secure (HTTPS)
Does communication between 2 DNS servers use TCP or UDP? What about between a client and DNS server?
Between 2 DNS: TCP Between Client and server: UDP
What TCP header indicates the progress and status of the connection?
Control Bits header -The six bits in the Control Bits field of the TCP segment header are also known as flags. -A flag is a bit that is set to either on or off.
What are the UDP Features?
Features of UDP: 1. Data is reconstructed in the order that it is received. 2. Any segments that are lost are not resent. 3. There is no session establishment. 4. The sending is not informed about resource availability. ------------------------------ -UDP is a lightweight transport protocol that offers the same data segmentation and reassembly as TCP, but without TCP reliability and flow control. -UDP is a stateless protocol, meaning neither the client, nor the server, tracks the state of the communication session. -If reliability is required when using UDP as the transport protocol, it must be handled by the application. -Live video and voice applications can tolerate some data loss with minimal or no noticeable effect, and are perfectly suited to UDP. -The blocks of communication in UDP are called datagrams, or segments.
Is TCP half-duplex or full-duplex?
Full-duplex, where each connection represents two one-way communication sessions.
UDP Header
Header Fields: Source Port - A 16-bit field used to identify the source application by port number. Destination Port - A 16-bit field used to identify the destination application by port number. Length - A 16-bit field that indicates the length of the UDP datagram header. Checksum - A 16-bit field used for error checking of the datagram header and data.
What do TCP hosts do?
Hosts: 1. maintain state 2. track each data segment within a session 3. exchange information about what data is received using the information in the TCP header.
How does TCP protect again TCP hijacking?
It creates a random initial sequence number that is needed to establish TCP connection. So it would be hard for an attacker to guess that number.
Can 2 services on one server use the same port number?
NO -An individual server cannot have two services assigned to the same port number within the same transport layer services. For example, a host running a web server application and a file transfer application cannot have both configured to use the same port, such as TCP port 80. -Any incoming client request addressed to the correct socket is accepted, and the data is passed to the server application. There can be many ports open simultaneously on a server, one for each active server application.
TCP Connection Establishment (TCP 3-Way Handshake)
SYN = Synchronization message ACK = acknowledgement 1. SYN -The initiating client requests a client-to-server communication session with the server. 2. ACK and SYN -The server acknowledges the client-to-server communication session and requests a server-to-client communication session. 3. ACK -The initiating client acknowledges the server-to-client communication session. --------------------------------------- -The three-way handshake validates that the destination host is available to communicate.
What are the snippets of data TCP chops up for transmission called?
Segments
What must TCP do to maintain the state of a conversation and track the information?
TCP must first establish a connection between the sender and the receiver. This is why TCP is known as a connection-oriented protocol.
TCP Session Termination Process
Termination Steps: 1. FIN (Finish control flag) -When the client has no more data to send in the stream, it sends a segment with the FIN flag set 2. ACK -The server sends an ACK to acknowledge the receipt of the FIN to terminate the session from client to server. 3. FIN -The server sends a FIN to the client to terminate the server-to-client session. 4. ACK The client responds with an ACK to acknowledge the FIN from the server. -------------------------------------------- -To close a connection, the Finish (FIN) control flag must be set in the segment header. -To end each one-way TCP session, a two-way handshake, consisting of a FIN segment and an Acknowledgment (ACK) segment, is used. -Therefore, to terminate a single conversation supported by TCP, four exchanges are needed to end both sessions. Either the client or the server can initiate the termination.
What does the transport layer not know?
The transport layer has no knowledge of the destination host type, the type of media over which the data must travel, the path taken by the data, the congestion on a link, or the size of the network.
What do transport layer protocols specify and what are they responsible for?
Transport layer protocols specify how to transfer messages between hosts, and are responsible for managing reliability requirements of a conversation. The transport layer includes the TCP and UDP protocols. Look at figure for the two transport layer protocols and what application services they are associated with
Can video data be sent over either TCP or UDP?
Yes video is transported over both TCP and UDP in different situations. -Applications that stream stored audio and video typically use TCP. -The application uses TCP to perform buffering, bandwidth probing, and congestion control, in order to better control the user experience. -Applications that stream stored audio and video use TCP. For example, if your network suddenly cannot support the bandwidth needed to watch an on-demand movie, the application pauses the playback. During the pause, you might see a "buffering..." message while TCP works to re-establish the stream. When all the segments are in order and a minimum level of bandwidth is restored, your TCP session resumes, and the movie resumes playing.
Is UDP a connectionless protocol?
Yes, because UDP does not provide reliability or flow control, it does not require an established connection. -Because UDP does not track information sent or received between the client and server, UDP is aka aa stateless protocol
TCP Flow Control - Congestion Avoidance
-By determining the rate at which TCP segments are sent but not acknowledged, the source can assume a certain level of network congestion. -Whenever there is congestion, retransmission of lost TCP segments from the source will occur. -If the retransmission is not properly controlled, the additional retransmission of the TCP segments can make the congestion even worse. -Not only are new packets with TCP segments introduced into the network, but the feedback effect of the retransmitted TCP segments that were lost will also add to the congestion. -To avoid and control congestion, TCP employs several congestion handling mechanisms, timers, and algorithms. If the source determines that the TCP segments are either not being acknowledged or not acknowledged in a timely manner, then it can reduce the number of bytes it sends before receiving an acknowledgment. -As illustrated in the figure, PC A senses there is congestion and therefore, reduces the number of bytes it sends before receiving an acknowledgment from PC B. Notice that it is the source that is reducing the number of unacknowledged bytes it sends and not the window size determined by the destination.
What are some applications for TCP? Also description of why TCP is used for these applications.
-For other applications it is important that all the data arrives and that it can be processed in its proper sequence. For these types of applications, TCP is used as the transport protocol. -For example, applications such as databases, web browsers, and email clients, require that all data that is sent arrives at the destination in its original condition. Any missing data could corrupt a communication, making it either incomplete or unreadable. -For example, it is important when accessing banking information over the web to make sure all the information is sent and received correctly. -Real-time video and voice usually use UDP, but may also use TCP, or both UDP and TCP. A video conferencing application may use UDP by default, but because many firewalls block UDP, the application can also be sent over TCP. Applications that use TCP: 1. HTTP 2. FTP 3. SMTP 4. SSH
What are some applications for UDP? Also description of why UDP is used for these applications.
-Some applications can tolerate some data loss during transmission over the network, but delays in transmission are unacceptable. -For these applications, UDP is the better choice because it requires less network overhead. UDP is preferable for applications such as Voice over IP (VoIP). Acknowledgments and retransmission would slow down delivery and make the voice conversation unacceptable. -UDP is also used by request-and-reply applications where the data is minimal, and retransmission can be done quickly. For example, domain name service (DNS) uses UDP for this type of transaction. -The client requests IPv4 and IPv6 addresses for a known domain name from a DNS server. If the client does not receive a response in a predetermined amount of time, it simply sends the request again. -For example, if one or two segments of a live video stream fail to arrive, it creates a momentary disruption in the stream. This may appear as distortion in the image or sound, but may not be noticeable to the user. If the destination device had to account for lost data, the stream could be delayed while waiting for retransmissions, therefore causing the image or sound to be greatly degraded. In this case, it is better to render the best media possible with the segments received, and forego reliability.
TCP Header
-TCP is a stateful protocol which means it keeps track of the state of the communication session. Header field: Source Port - A 16-bit field used to identify the source application by port number. Destination Port - A 16-bit field used to identify the destination application by port number. Sequence Number - A 32-bit field used for data reassembly purposes. Acknowledgment Number - A 32-bit field used to indicate that data has been received and the next byte expected from the source. Header Length - A 4-bit field known as ʺdata offsetʺ that indicates the length of the TCP segment header. Reserved - A 6-bit field that is reserved for future use. Control bits - A 6-bit field that includes bit codes, or flags, which indicate the purpose and function of the TCP segment. Window size - A 16-bit field used to indicate the number of bytes that can be accepted at one time. Checksum - A 16-bit field used for error checking of the segment header and data. Urgent - A 16-bit field used to indicate if the contained data is urgent.
Port Number Groups
-The Internet Assigned Numbers Authority (IANA) is the standards organization responsible for assigning various addressing standards, including the 16-bit port numbers. -The 16 bits used to identify the source and destination port numbers provides a range of ports from 0 through 65535. IANA Port Ranges/Descriptions: 1. Well-known Ports -Range: 0 to 1,023 -These port numbers are reserved for common or popular services and applications such as web browsers, email clients, and remote access clients. -Defined well-known ports for common server applications enables clients to easily identify the associated service required. 2. Registered Ports -Range: 1,024 to 49,151 -These port numbers are assigned by IANA to a requesting entity to use with specific processes or applications. -These processes are primarily individual applications that a user has chosen to install, rather than common applications that would receive a well-known port number. -For example, Cisco has registered port 1812 for its RADIUS server authentication process. 3. Private and/or Dynamic Ports -Range: 49,152 to 65,535 -These ports are also known as ephemeral ports. -The client's OS usually assign port numbers dynamically when a connection to a service is initiated. -The dynamic port is then used to identify the client application during communication.
Socket Pairs
-The combination of the source IP address and source port number, or the destination IP address and destination port number is known as a socket. -In the example in the figure, the PC is simultaneously requesting FTP and web services from the destination server. -The socket is used to identify the server and service being requested by the client. A client socket might look like this, with 1099 representing the source port number: 192.168.1.5:1099 -The socket on a web server might be 192.168.1.7:80 -Together, these two sockets combine to form a socket pair: 192.168.1.5:1099, 192.168.1.7:80 -Sockets enable multiple processes, running on a client, to distinguish themselves from each other, and multiple connections to a server process to be distinguished from each other. -The source port number acts as a return address for the requesting application. The transport layer keeps track of this port and the application that initiated the request so that when a response is returned, it can be forwarded to the correct application.
Netstat Command
-Unexplained TCP connections can pose a major security threat. -They can indicate that something or someone is connected to the local host. -Netstat displays the protocol in use, local address and port numbers, foreign address and port numbers, and connection state See figure for example output -By default, the netstat command will attempt to resolve IP addresses to domain names and port numbers to well-known applications. The -n option can be used to display IP addresses and port numbers in their numerical form.
Multiple Separate Communications explaination
-When the host initiates the web page request, the source port number is dynamically generated by the host to uniquely identify the conversation. Each request generated by a host will use a different dynamically created source port number. This process allows multiple conversations to occur simultaneously. -In the request, the destination port number is what identifies the type of service being requested of the destination web server.. For example, when a client specifies port 80 in the destination port, the server that receives the message knows that web services are being requested. -A server can offer more than one service simultaneously such as web services on port 80 while it offers File Transfer Protocol (FTP) connection establishment on port 21.
What are the TCP services?
1. Data segmentation and reassembly 2. Establishes a Session - TCP is a connection-oriented protocol that negotiates and establishes a permanent connection (or session) between source and destination devices prior to forwarding any traffic. Through session establishment, the devices negotiate the amount of traffic that can be forwarded at a given time, and the communication data between the two can be closely managed. 3. Ensures Reliable Delivery - For many reasons, it is possible for a segment to become corrupted or lost completely, as it is transmitted over the network. TCP ensures that each segment that is sent by the source arrives at the destination. 4. Provides Same-Order Delivery - Because networks may provide multiple routes that can have different transmission rates, data can arrive in the wrong order. By numbering and sequencing the segments, TCP ensures segments are reassembled into the proper order. 5. Supports Flow Control - Network hosts have limited resources (i.e., memory and processing power). When TCP is aware that these resources are overtaxed, it can request that the sending application reduce the rate of data flow. This is done by TCP regulating the amount of data the source transmits. Flow control can prevent the need for retransmission of the data when the resources of the receiving host are overwhelmed.
What are the basic operations of TCP that provide reliability and flow control?
1. Number and track data segments transmitted to a specific host from a specific application 2. Acknowledge received data 2. Retransmit any unacknowledged data after a certain amount of time 3. Sequence data that might arrive in wrong order 4. Send data at an efficient rate that is acceptable by the receiver
What are the transport layer responsibilities?
1. Tracking individual conversations -At the transport layer, each set of data flowing between a source application and a destination application is known as a conversation and is tracked separately. It is the responsibility of the transport layer to maintain and track these multiple conversations. 2. Segmenting Data and Reassembling Segments -It is the transport layer responsibility to divide the application data into appropriately sized blocks. Depending on the transport layer protocol used, the transport layer blocks are called either segments or datagrams. 3. Add Header Information -The transport layer protocol also adds header information containing binary data organized into several fields to each block of data. It is the values in these fields that enable various transport layer protocols to perform different functions in managing data communication. -For instance, the header information is used by the receiving host to reassemble the blocks of data into a complete data stream for the receiving application layer program. -The transport layer ensures that even with multiple application running on a device, all applications receive the correct data. 4. Identifying the Applications -To pass data streams to the proper applications, the transport layer identifies the target application using an identifier called a port number. -each software process that needs to access the network is assigned a port number unique to that host. 5. Conversation Multiplexing -the transport layer uses segmentation and multiplexing to enable different communication conversations to be interleaved on the same network. -Error checking can be performed on the data in the segment, to determine if the segment was altered during transmission.
What are the 6 control bits flag of TCP?
1. URG - Urgent pointer field significant 2. ACK - Acknowledgment flag used in connection establishment and session termination 2. PSH - Push function 3. RST - Reset the connection when an error or timeout occurs 4. SYN - Synchronize sequence numbers used in connection establishment 5. FIN - No more data from sender and used in session termination
What does the transport layer link together?
It links together the application layer with lower layers responsible for network transmission such as network, datalink, and physical layers.
What are Applications that use UDP
Live video and multimedia applications - These applications can tolerate some data loss, but require little or no delay. Examples include VoIP and live streaming video. Simple request and reply applications - Applications with simple transactions where a host sends a request and may or may not receive a reply. Examples include DNS and DHCP. Applications that handle reliability themselves - Unidirectional communications where flow control, error detection, acknowledgments, and error recovery is not required, or can be handled by the application. Examples include SNMP and TFTP.
TCP Flow Control - Maximum Segment Size (MSS)
MSS is part of the options field in the TCP header that specifies the largest amount of data, in bytes, that a device can receive in a single TCP segment. -MSS does not include the TCP header. -MSS is typically included during the 3-way handshake -1,460 bytes is a common MSS using IPv4 -A host determines the value of its MSS field by subtracting the IP and TCP headers from the Ethernet maximum transmission unit (MTU). -On an Ethernet interface, the default MTU is 1500 bytes. Subtracting the IPv4 header of 20 bytes and the TCP header of 20 bytes, the default MSS size will be 1,460 bytes, as shown in the figure.
Does UDP notify the sender if packets are received?
NO -UDP is also known as a best-effort delivery protocol because there is no acknowledgment that the data is received at the destination. With UDP, there are no transport layer processes that inform the sender of a successful delivery. Analogy: UDP is like placing a regular, nonregistered, letter in the mail. The sender of the letter is not aware of the availability of the receiver to receive the letter. Nor is the post office responsible for tracking the letter or informing the sender if the letter does not arrive at the final destination.
