chapter 7: objectives part 1 describe the purpose of the transport layer in managing the...

Chapter 7: Objectives

Part 1Describe the purpose of the transport layer in managing the transportation of data in end-to-end communication.Describe characteristics of the TCP and UDP protocols, including port numbers and their uses.

Part 2Explain how TCP session establishment and termination processes facilitate reliable communication.Explain how TCP protocol data units are transmitted and acknowledged to guarantee delivery.Explain the UDP client processes to establish communication with a server.Determine whether high-reliability TCP transmissions, or non-guaranteed UDP transmissions, are best suited for common applications. 1

The Transport Layer

Encapsulation

S.P / D.P. / S.N. / Ack # / … DATA

DATA

IPv / HLEN / Flag / S. IP / D. IP / … DATA (SEGMENT)

Frame Header DATA (PACKET) Trailer

111010110101011100001001011010101010010101010101101101010001010101010110101010

SEGMENT

PACKET

FRAME

3

4

DataHTTP Header

TCP Header

IP Header

Data Link Header

Data Link Trailer

IP PacketData Link Header

Data Link Trailer


Data Link Trailer


Data Link Trailer


Data Link Trailer


Data Link Trailer


Data Link Trailer

DataHTTP Header

TCP Header

IP Header

Data Link Header

Data Link Trailer

Reminder of encapsulation/decapsulation

5

Focus on Transport LayerTCP

TCP

Role of the Transport Layer

The Transport Layer is responsible for establishing a temporary communication session between two applications and delivering data between them.

It regulates the flow of information from source to destination, reliably and accurately.

TCP UDP

6

1. Tracking the individual communication between applications on the source and destination hosts

2. Segmenting data for manageability and reassembling segmented data into streams of application data at the destination

3. Identifying the proper application for each communication stream

www.cisco.com

TCP Segment

TCP Segment

TCP Segment

TCP Segment

Transport Layer Responsibility

7

8

What two protocols are at the Transport Layer? TCP UDP

IP is a best-effort delivery service. What does that mean? No guarantees Best-effort service “Unreliable service”

TCP/UDP is responsible for extending IP’s delivery service between two end systems.

Tracking Individual Conversations

Any host on a network can have multiple applications that are communicating simultaneously. It is the responsibility of the Transport layer to maintain the

multiple communication streams between these applications.9

10

A single client may have multiple transport connections with multiple servers.

Notice that TCP is a connection-oriented service (two-way arrow) between the hosts, whereas UDP is a connectionless service (one-way arrow) . (later)

TCPTCP

TCP

TCP

TCP

TCP

HTTPHTTP

FTP

TCP

SMTP

TCP

Cabrillo Web Server

ISP’s Email and FTP Server

Identifying the Application

11

The transport layer assigns each application an identifier called a port number. The transport layer uses ports to identify the application or service.

0 15 16 31

16-bit Source Port Number

16-bit Destination Port Number

32-bit Sequence Number

32 bit Acknowledgement Number

4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum

16-bit Urgent Pointer

Options (if any)

Data (if any)

TCP Header

HTTP is Port 80

UDP Header

12

To pass data streams to the proper applications, the Transport layer must identify the target application. Accomplished by referencing the port number in the header.

Each software process that needs to access the network is assigned a port number unique in that host. This port number is used in the transport layer header to indicate

to which application that piece of data is associated. More later!

segment segment

13

http://www.apache.org/

Segmenting and Reassembling Segments

Some transport layer protocols can also reassemble the data pieces into streams to be passed to the application layer.

14

Transport Layer Protocols TCP/IP uses two transport layer protocols:

Transmission Control Protocol (TCP) User Datagram Protocol (UDP)

Acronym Alert

15

TCP versus UDP

Two protocols for different types of traffic.

TCP UDP

16

TCP is a more complex protocol.

0 15 16 31





4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum


Options (if any)

Data (if any)

TCP Header UDP Header

17

TCP Segment and UDP Datagram

18

TCP

TCP is considered a reliable transport protocol. Introduced in RFC 793. It includes processes to ensure reliable delivery between. Analogous to sending packages using FedEx.

With TCP, the three basic operations of reliability are: Tracking transmitted data segments Acknowledging received data Retransmitting any unacknowledged data

Jon Postel made many significant contributions to the development of the Internet, particularly in the area of standards.

He is principally known for being the editor of the Request for Comment (RFC) document series, and for serving as the Internet Assigned Numbers Authority (IANA) until his death.

(1943 – 1998)

19

http://en.wikipedia.org/wiki/Jon_Postel

TCP The user uses FTP to upload a file to an FTP server.

20

UDP

Providing the reliability functions of TCP also adds additional overhead.

UDP provides just the basic functions for delivering data segments between the appropriate applications, with very little overhead and data checking. It is known as a best-effort delivery protocol. Analogous to sending a regular, non-registered, letter in the mail.

0 15 16 31



16-bit UDP Length

16-bit UDP Checksum

Data (if any)

21

UDP The user uses TFTP to upload a file to a TFTP server.

22

TCP Services

TCP provides reliable delivery on top of unreliable IP In addition to supporting the basic functions of data segmentation

and reassembly, TCP also provides: Reliable delivery Error checking Flow control Congestion control Ordered delivery Connection establishment

0 15 16 31





4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum


Options (if any)

Data (if any)

24

Transmission Control Protocol (TCP)

Connection-oriented protocol, described in RFC 793. TCP incurs additional overhead to gain functions. Each TCP segment adds a 20 byte header to the Application

layer data. Applications that use TCP include:

Web Browsers E-mail File Transfers

The TCP PDU is called a segment.

HTTP FTP SMTP

25

ftp://ftp.rfc-editor.org/in-notes/rfc793.txt

Segmenting Data

TCP encapsulates data into multiple segments. Segments are required to make network communication efficient.

The segments header contain: Source port number to help keep track of individual conversations. Destination port number to enable a receiving host to forward the

data to the appropriate application. Sequence numbers help segmenting and reassembling segments. Window size to help with flow control. Error checking mechanisms.

Application Data (100,000 bytes)

1-1000 1001-2000 2001-3000 3001-4000 4001-5000 …

TCP 1-1000 TCP Segment

26

Reassembling Segments

At the receiving host, each segment is examined and reconstructed into a complete data stream using the sequence numbers. Missing segments can be requested from the source.

It is then directed to the appropriate application identified in the segment header.

0 15 16 31





4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum


Options (if any)

Data (if any)

27

Same Order Delivery

Having taken different routes to the destination, the segments arrive out of order.

Segments can arrive out-of-order but are reorganized using sequence numbers.

NOTE:•Establishing a Session, Reliable Delivery, and Flow Control will be discussed later.

28

TCP Header

29

Sample TCP Segment CaptureSource Port (16) Destination Port (16)

Sequence Number (32)

Acknowledgement Number (32)

Header Length (4)

Reserved (6)Control Bits

(6)Window (16)

Checksum (16) Urgent (16)

Options

Application Layer Data

30

Source Port (16) Destination Port (16)



Header Length (4)


(6)Window (16)


Options


Source Port (16 bits)

– Number of the calling port.

– Dynamically assigned to the sending host.

– Number ranges from 1024 to 65,535.

– The source port makes it possible to have multiple sessions of FTP running simultaneously.

Source Port (16 bits)

– Number of the calling port.

– Dynamically assigned to the sending host.

– Number ranges from 1024 to 65,535.

– The source port makes it possible to have multiple sessions of FTP running simultaneously.

31




Header Length (4)


(6)Window (16)


Options


Destination Port (16 bits)

– Number of the called port.

– Sending host usually selects a number between 1 and 1023.

– End systems use the same port numbers to select the proper application.

– E.g., when telnetting, Telnet on the source (port 23) is talking to Telnet on the destination (port 23).

Destination Port (16 bits)

– Number of the called port.

– Sending host usually selects a number between 1 and 1023.

– End systems use the same port numbers to select the proper application.

– E.g., when telnetting, Telnet on the source (port 23) is talking to Telnet on the destination (port 23).

32




Header Length (4)


(6)Window (16)


Options


Sequence Number (32 bits)

– Used to establish reliability.

– Number ensures correct sequencing of arriving data.

– Identifies the position in the sender’s byte stream of data.

Sequence Number (32 bits)


– Number ensures correct sequencing of arriving data.

– Identifies the position in the sender’s byte stream of data.

33




Header Length (4)


(6)Window (16)


Options


Acknowledgement Number (32 bits)


– Next expected TCP octet.

Acknowledgement Number (32 bits)


– Next expected TCP octet.

34




Header Length (4)


(6)Window (16)


Options


Header Length (4 bits)

– Known as ʺdata offsetʺ.

– Indicates the length of the TCP segment header.

Header Length (4 bits)

– Known as ʺdata offsetʺ.

– Indicates the length of the TCP segment header.

35




Header Length (4)


(6)Window (16)


Options


Control Bits (Flags) (6 bits)

– Includes bit codes, or flags, that indicate the purpose and function of the TCP segment.

Control Bits (Flags) (6 bits)

– Includes bit codes, or flags, that indicate the purpose and function of the TCP segment.

36




Header Length (4)


(6)Window (16)


Options


Window (16 bits)

– Number of octets that the receiver is willing to accept.

– This number can be adjusted while data is being transmitted.

Window (16 bits)

– Number of octets that the receiver is willing to accept.

– This number can be adjusted while data is being transmitted.

37




Header Length (4)


(6)Window (16)


Options


Checksum (16 bits)

– Calculated checksum of the header and data fields.

Checksum (16 bits)

– Calculated checksum of the header and data fields.

38

Port Numbers

40

Both TCP and UDP use ports (or sockets) numbers to pass information to the upper layers.

0 15 16 31





4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum


Options (if any)

Data (if any)

TCP Header

HTTP is Port 80

UDP Header

41

The application this TCP segment came from.

The application this TCP segment is going to.

The application this TCP segment came from.

The application this TCP segment is going to.



42

Application Header + dataPort numbers are used by

the receiver so it knows which application it should

send the “Data” to.

Application Header + dataPort numbers are used to

by the sender to tell the receiver which network

application it should use for the “Data”.

Port Number

Port Number

43

http://www.iana.org/assignments/port-numbers

TBA The Internet Assigned Numbers Authority (IANA) assigns port

numbers.

44

Well Known Ports (Numbers 0 to 1023) Reserved for common services and

applications Client: TCP destination port Server: TCP source port

Well Known or Registered Port Number


45



Registered Ports (Numbers 1024 to 49151) Assigned to user processes or

applications. Non-common applications.

Client: TCP destination port Server: TCP source port

May also be used as dynamic or private port (next).

46

Dynamic or Private Ports (Numbers 49152 to 65535) Also known as Ephemeral Ports Usually assigned dynamically to client applications when initiating a

connection. Client: TCP source port Server: TCP destination port

May also include the range of Registered Ports (Numbers 1024 to 49151)


Private/Dynamic Port Number



47

Client Server

Telnet

48

Client sends TCP segment with: Destination Port: 23 (Well known port number) Source Port: 1028 (Dynamic Port assigned by client)

Client TCP Header0 15 16 31





4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum


Options (if any)

Data (if any)

231028

Data for Telnet

Client Server

49

Server responds with TCP segment with: Destination Port: 1028 (Dynamic Port assigned by client) Source Port: 23 (Well known port number)

Server TCP Header0 15 16 31





4-bit Header Length

6-bit (Reserved)

URG

ACK

PSH

RST

SYN

FIN

16-bit Window Size

16-bit TCP Checksum


Options (if any)

Data (if any)

102823

Data for Telnet

Client Server

50

Notice the difference in how source and destination port numbers are used with clients and servers:

Client (initiating Telnet service): Destination Port = 23 (telnet) Source Port = 1028 (dynamically assigned)

Server (responding to Telnet service): Destination Port = 1028 (source port of client) Source Port = 23 (telnet)

51

Same client to same server - Two different HTTP sessions Client: Same destination port Client: Different source ports to uniquely identify this web session.

4989049888

52

C:\Users\rigrazia>netstat -n

Active Connections

Proto Local Address Foreign Address State TCP 192.168.1.101:49888 198.133.219.25:80 TIME_WAIT TCP 192.168.1.101:49890 198.133.219.25:80 TIME_WAIT

C:\Users\rigrazia>

TCP or UDP

Source Port

Destination IP

Destination Port Connection State

Source IP

4989049888

53

What makes each connection unique? How does the server know which source port 49888 is who?

Connection defined by the pair of numbers: Source IP address, Source port (From Client to Server) Destination IP address, Destination port (From Server to

Client) Different connections can use the same destination port on server

host as long as the source ports or source IPs are different.

192.168.1.101

172.16.5.5

Destination Port

8080

80

Source Port

49890

49888

Source Port

198.133.219.2549888

www.cisco.com

Sockets

Combining the transport layer port number and the network layer IP address uniquely identifies a particular application process running on an individual host device. This combination is called a socket.

A socket pair, consisting of the source and destination IP addresses and port numbers, is also unique and identifies the specific conversation between the two hosts.

192.168.1.101 Destination Port

80

Source Port 198.133.219.25

49888

www.cisco.com

54

Socket Port Number Example

A client socket might look like this, representing the source IP address and source port number: 192.168.1.101:49888

The socket on a web server might be, representing the destination IP address and destination port number: 192.133.219.25:80

Together, these two sockets combine to form a socket pair: 192.168.1.101:49888, 192.133.219.25:80

192.168.1.101 Destination Port

80

Source Port 198.133.219.25

49888

www.cisco.com

55

56

Note: When downloading a web document and its objects it is common that there will be several TCP sessions created.

netstat –n www.cisco.comwww.google.com

TCP or UDP Source Port

Destination IPDestination Port

Connection StateSource IP

Client Requesting a Webpage

57

Server Replying to the Client

58

Socket Port Number Example

So who makes sure that applications are assigned a specific port number?

59

Port Numbers

The Internet Assigned Numbers Authority (IANA) assigns port numbers. The IANA is a standards body that is responsible is responsible

for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources

Port numbers range from 0 to 65535 (16 bits). There are three categories of port numbers:

Well Known PortsWell Known Ports (0 – 1023) Registered PortsRegistered Ports (1024 – 49151) Private and/or Dynamic PortsPrivate and/or Dynamic Ports (49152 – 65535)

60

http://www.iana.org/

61

Well Known Ports (Numbers 0 to 1023) Reserved for common services and

applications Client: TCP destination port Server: TCP source port



62



Registered Ports (Numbers 1024 to 49151) Assigned to user processes or

applications. Non-common applications.

Client: TCP destination port Server: TCP source port

May also be used as dynamic or private port (next).

63

Dynamic or Private Ports (Numbers 49152 to 65535) Also known as Ephemeral Ports Usually assigned dynamically to client applications when initiating a

connection. Client: TCP source port Server: TCP destination port

May also include the range of Registered Ports (Numbers 1024 to 49151)





Transport Layer Port Numbers

Hypertext Transfer Protocol (HTTP) - TCP Port 8080 HTTP Secure (HTTPs) - TCP Port 443443 Simple Mail Transfer Protocol (SMTP) - TCP Port 2525 Post Office Protocol (POP) - TCP Port 110110 Telnet - TCP Port 2323 File Transfer Protocol (FTP) - TCP Ports 2020 & 2121 Trivial FTP (TFTP) - UDP 6969 Domain Name System (DNS) - TCP/UDP Port 5353 Dynamic Host Configuration Protocol - UDP Port 67 & 6867 & 68

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

64

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

TCP/IP Application Layer Protocols

ApplicationApplication LayerLayer

TransportTransport LayerLayer

Internet Internet LayerLayer

NetworkNetworkAccessAccess LayerLayer LAN / WAN

IP

TCP UDP

FTP HTTP SMTP Telnet TFTP SNMP DHCP DNS

20 & 2120 & 21 8080 2525 2323 6969 161161 67 & 6867 & 68 5353

65

Which Connections Are Open on a Host?

Sometimes it is necessary to know which active TCP connections are open and running on a networked host.

Netstat is a network utility that can be used to verify those connections. It lists the protocol in use, the local address and port number, the

foreign address and port number, and the state of the connection.

Apples-MacBook-Pro:~ rigrazia$ netstat Active Internet connectionsProto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 10.0.0.108.54500 a184-51-102-51.d.http ESTABLISHEDtcp4 0 0 10.0.0.108.54485 g1.v.fwmrm.net.http ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54455 nuq05s01-in-x11..https ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54419 edge-star6-shv-0.https ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54400 2001:559:0:54::6.https ESTABLISHEDtcp4 0 0 10.0.0.108.54385 a184-51-102-42.d.http CLOSE_WAIT tcp4 0 0 10.0.0.108.54368 a184-84-222-181..macro ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54297 nuq05s02-in-x01..https ESTABLISHEDtcp4 0 0 10.0.0.108.53964 valiente.cabrill.ssh ESTABLISHEDtcp4 0 0 10.0.0.108.53939 valiente.cabrill.ssh ESTABLISHEDtcp4 0 0 10.0.0.108.53913 gw094.lphbs.com.http ESTABLISHEDtcp4 0 0 10.0.0.108.53836 68.71.212.186.http ESTABLISHEDtcp4 0 0 localhost.49961 localhost.53264 ESTABLISHEDtcp4 0 0 localhost.53264 localhost.49961 ESTABLISHEDtcp4 0 0 localhost.49961 localhost.53263 ESTABLISHEDtcp4 0 0 localhost.53263 localhost.49961 ESTABLISHEDtcp4 0 0 10.0.0.108.52960 channelproxy-shv.https ESTABLISHEDtcp4 0 0 10.0.0.108.50737 boris.cabrillo.e.imaps ESTABLISHEDtcp4 0 0 10.0.0.108.62510 boris.cabrillo.e.imaps ESTABLISHEDtcp4 0 0 10.0.0.108.62508 boris.cabrillo.e.imaps ESTABLISHED

66

Netstat

Unexplained TCP connections can pose a major security threat. This is because they can indicate that something or someone is

connected to the local host. Additionally, unnecessary TCP connections can consume valuable

system resources thus slowing down the host's performance. Netstat can be used to examine the open connections on a host

when performance appears to be compromised. Netstat Security Podcast TCPView

Apples-MacBook-Pro:~ rigrazia$ netstat Active Internet connectionsProto Recv-Q Send-Q Local Address Foreign Address (state) tcp4 0 0 10.0.0.108.54500 a184-51-102-51.d.http ESTABLISHEDtcp4 0 0 10.0.0.108.54485 g1.v.fwmrm.net.http ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54455 nuq05s01-in-x11..https ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54419 edge-star6-shv-0.https ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54400 2001:559:0:54::6.https ESTABLISHEDtcp4 0 0 10.0.0.108.54385 a184-51-102-42.d.http CLOSE_WAIT tcp4 0 0 10.0.0.108.54368 a184-84-222-181..macro ESTABLISHEDtcp6 0 0 2601:9:6800:1e6:.54297 nuq05s02-in-x01..https ESTABLISHED

67

http://aolradio.podcast.aol.com/sn/SN-049.mp3

C:\Users\Admin> netstat /?

Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-t] [interval]

-a Displays all connections and listening ports. -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions. -e Displays Ethernet statistics. This may be combined with the -s option. -f Displays Fully Qualified Domain Names (FQDN) for foreign addresses. -n Displays addresses and port numbers in numerical form. -o Displays the owning process ID associated with each connection. -p proto Shows connections for the protocol specified by proto; proto may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s option to display per-protocol statistics, proto may be any of: IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6. -r Displays the routing table. -s Displays per-protocol statistics. By default, statistics are shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6; the -p option may be used to specify a subset of the default. -t Displays the current connection offload state. interval Redisplays selected statistics, pausing interval seconds between each display. Press CTRL+C to stop redisplaying statistics. If omitted, netstat will print the current configuration information once.

C:\Users\Admin> 68

C:\Users\Admin>netstat

Active Connections

Proto Local Address Foreign Address State TCP 127.0.0.1:5354 Admin-PC:49155 ESTABLISHED TCP 127.0.0.1:5354 Admin-PC:49156 ESTABLISHED TCP 127.0.0.1:19872 Admin-PC:49172 ESTABLISHED TCP 127.0.0.1:27015 Admin-PC:49168 ESTABLISHED TCP 127.0.0.1:49155 Admin-PC:5354 ESTABLISHED TCP 127.0.0.1:49156 Admin-PC:5354 ESTABLISHED TCP 127.0.0.1:49168 Admin-PC:27015 ESTABLISHED TCP 127.0.0.1:49172 Admin-PC:19872 ESTABLISHED TCP 192.168.1.116:2869 Home-Net:42808 TIME_WAIT TCP 192.168.1.116:49826 www.cisco.com:http ESTABLISHED TCP 192.168.1.116:49828 17.172.232.124:5223 ESTABLISHED TCP 192.168.1.116:49950 17.158.10.21:https CLOSE_WAIT TCP 192.168.1.116:50010 ec2-204-236-229-250:http TIME_WAIT TCP 192.168.1.116:50011 ec2-204-236-229-250:http TIME_WAIT TCP 192.168.1.116:50012 ec2-204-236-229-250:http ESTABLISHED TCP 192.168.1.116:50013 ec2-204-236-229-250:http TIME_WAIT TCP [::1]:49772 Admin-PC:49774 ESTABLISHED TCP [::1]:49774 Admin-PC:49772 ESTABLISHED

C:\Users\Admin>69

chapter 7: objectives part 1 describe the purpose of the transport layer in managing the...

Documents

transport layertcptcprole

multiple transport connections

streams of application

individual communication

multiple applications

multiple communication

segmented data

transportation of data