Content Overview Routers use the
Internet Protocol (IP) address information in an IP packet
header to determine which interface the packet should be
switched to in order to move closer its destination. Because IP
does not provide any services to help insure that the packet
actually reaches the destination, it is described as an
unreliable, connectionless protocol, using best-effort
delivery. If packets are dropped in route, arrive in the wrong
order, or are transmitted faster than the receiver can accept
them, IP alone cannot correct the problem. To address these
problems, IP relies upon Transmission Control Protocol (TCP).
This module describes TCP and its functions and introduces UDP,
another important Layer 4 protocol.Each layer within the OSI
networking model has various functions. These functions are
independent of the other layers. Each layer expects to receive
services from the layer beneath it, and each layer provides
certain services to the layer above it. The application,
presentation, and session layers of the OSI model, which are
all considered to be part of the application layer in the
TCP/IP model, access the services of the transport layer
through logical entities called ports. This module will
introduce the concept of ports and will explain the critical
importance of ports and port numbers in data networking.
Students completing this module should be able to:
- Describe TCP and its function
- Describe TCP
synchronization and flow control
- Describe UDP
operation and processes
- Identify common port
numbers
- Describe multiple conversations between
hosts
- Identify ports used for services and
clients
- Describe port numbering and well known
ports
- Understand the differences and the relationship
between MAC addresses, IP addresses, and port numbers
Content 10.1 TCP Operation
10.1.1 TCP operation IP addresses allow for the
routing of packets between networks. However, IP makes no
guarantees about delivery. The transport layer is responsible
for the reliable transport of and regulation of data flow from
source to destination. This is accomplished using sliding
windows and sequencing numbers along with a synchronization
process that ensures each host is ready and willing to
communicate. To understand reliability and flow control, think
of a student who studies a foreign language for one year. Now
imagine the student visits a country where the language is
used. In conversation, the student must ask people to repeat
their words (for reliability) and to speak slowly, so the
student can understand the words (flow control). The transport
layer, Layer 4 of the OSI model, provides these services to
Layer 5 by way of TCP.
Content 10.1 TCP
Operation 10.1.2 Synchronization or 3-way
handshake TCP is a connection-oriented protocol. Prior to
data transmission, the two communicating hosts go through a
synchronization process to establish a virtual connection. This
synchronization process insures that both sides are ready for
data transmission and allows the devices to determine the
initial sequence numbers. This process is known as a three-way
handshake. This is a three-step process that establishes the
virtual connection between the two devices. - First, one
host initiates a connection by sending a synchronization (SYN)
packet indicating its initial sequence number of x with a
certain bit in the header set to indicate a connection request.
This bit is set in the acknowledgment number field of the TCP
header (also referred to as the code field).
- Second,
the other host receives the packet, records the sequence number
of x, replies with an acknowledgment of x + 1, and includes its
own initial sequence number of y. The acknowledgment number of
x + 1 means the host has received all octets up to and
including x, and is expecting x + 1 next.
- Finally,
the initiating host responds with a simple acknowledgment (ACK)
of y + 1 (host B’s sequence number + 1), indicating it received
the previous ACK which finalizes the connection process.
It is important to understand that sequence numbers are a
part of initiating communication between the two devices. They
act as reference starting numbers between the two devices. The
sequence numbers give each host a way to ACK the SYN so that
the receiver knows the sender is responding to the proper
connection request. Interactive Media Activity Drag and
Drop: TCP Synchronization After completing this activity, the
student will be able to understand TCP synchronization. Web
Links 3-Way Handshake http://www.cs.panam.edu/~meng/
Course/CS6345/ Notes/chpt-6/node8.html
Content
10.1 TCP Operation 10.1.3 Denial of
service attacks Denial of service (DoS) attacks are
designed to deny services to legitimate hosts attempting to
establish connections. DoS attacks are a common method that
hackers utilize to halt system response. One type of DoS is
known as SYN flooding. SYN flooding exploits the normal
three-way handshake and causes targeted devices to ACK to
source addresses that will not complete the handshake.The
three-way handshake begins when the initiating host sends a
synchronization (SYN) packet. The SYN packet would include the
source IP address and the destination IP address. This source
and destination address information is used by the recipient to
send the SYN/ACK packet back to the initiating device. In a DoS
attack, the hacker initiates a synchronization but spoofs the
source IP address. Spoofing is a term used when the receiving
device replies to a non-existent, unreachable IP address and
then is placed in a wait-state while waiting to receive the
final ACK from the initiator. The receiving device replies to a
non-existent, unreachable IP address and then is placed in a
wait state while waiting to receive the final ACK from the
initiator. The waiting request is placed in a connection queue
or a holding area in memory. This waiting state requires the
attacked device to commit system resources, such as memory, to
the waiting process until the connection timer times out.
Hackers will flood the attacked host with these false SYN
requests utilizing all of its connection resources to respond
and wait for false connections, preventing it from responding
to legitimate connection requests. To defend against these
attacks, system administrators may decrease the connection
timeout period and increase the connection queue size. Software
also exists that can detect these types of attacks and initiate
defensive measures. Web Links Denial of Service (DoS)
Attack Resources http://www.denialinfo.com/
Content
10.1 TCP Operation 10.1.4 Windowing
and window size The amount of data that needs to be
transmitted is often too large to be sent in a single data
segment. In this case, the data must be broken into smaller
pieces to allow for proper data transmission. TCP is
responsible for breaking data into segments. This is similar to
feeding a child. Since most small children cannot eat extremely
large bites the person feeding a child will often cut their
food into smaller pieces that the child's mouth can
accommodate. Additionally, receiving machines may not be able
to receive data as quickly as the source can send data, perhaps
because the receiving device is busy with other tasks or
perhaps the sender is simply a more robust device.Once the data
is segmented, it must be transmitted to the destination device.
One of the services provided by TCP is flow control, which
regulates how much data is sent during a given transmission
period. The process of flow control is known as windowing.
Window size determines the amount of data that can be
transmitted at one time before receiving an acknowledgment from
the destination. After a host transmits the window-sized number
of bytes, the host must receive an acknowledgment that the data
has been received before it can send any more data. For
example, with a window size of 1, each individual segment must