lecture 2: ip addresses, tcp and udp this lecture will cover: the “whole thing” (how your...
TRANSCRIPT
Lecture 2: IP addresses, TCP and UDP
This lecture will cover: The “whole thing” (how your email gets to you) More about IP addresses. How names become IP addresses. TCP and UDP ICMP
More Information Bertsekas/Gallager: Section 2.8-2.9 Tanenbaum: Section 6.1-6.4
Reminder from last lecture
IP sends data from place to place. TCP or UDP sit above it at either end.
When you use the internet you use addresses like http://manor.york.ac.uk or [email protected]
These addresses must then be converted to an IP address e.g. 144.32.100.24
This means that data (packets) can get from A to B. But what happens if data is lost, how do we know
where they are going to and how can we put packets back together into data?
The Internet - emailing a friend
your computer
G/169router
university ofyork
JANETtransatlanticcable
US backbone
LANyour friend'scomputer
Domain Name System (DNS)
DNS takes the human readable name and converts it to octets.
On a unix machine you can try this using nslookup. (Linux users may prefer dig).
manor.york.ac.uk 1% nslookup www.ntk.netServer: castle2.york.ac.ukAddress: 144.32.128.5
Non-authoritative answer:Name: vwww.flirble.orgAddress: 195.40.6.34Aliases: www.ntk.net
Answer
Question
DNS(2)
com org gov mil jp uk nl
sun
eng
vnvnation
www
ac co org
york
www manor
ic
doc
src
net
generic/US national
musicnonstop
www
TLDs (Top Level Domains)
DNS (3)
Routing Tables
How do packets know where to go? This problem is known as routing. The oldest (and easiest) solution is static routing. Each computer has a table saying where to go to get to
each other computer. On a Local Area Network (LAN) list all machines on
your subnet and the address of the external router for everything else.
Most machines only need to know how to get to their nearest router. Much more will be said about routing later in the course
TCP and UDP
Once we’ve got our IP packet safely to its destination what happens next?
Having stripped off the header, the first thing we find is another header.
The second header provides information on which port to enter the machine on and where to send the reply.
It also provides a checksum to check the data is valid. UDP will do nothing else. TCP will ensure that the
connection is lossless.
What are ports?
Ports are conceptual “points of entry” into a host computer.
They do not correspond with real hardware but are an abstraction for convenience.
Usually a service is associated with a port (e.g. http on port 80).
Servers “listen on a port” for connection attempts. Ports provide one level of internet security. Generally, low number ports (< 100) are reserved
for special services.
Common Services and Ports
Service Listens on Portftp 21telnet 23smtp (mail) 25finger 79 http 80
User configured services (your Half-Life server?) will listen on high numbered ports which are usually left open to all users.
UDP data
User Datagram Protocol – the header is shown below.
Length and checksum are as for IP.
About UDP
Provides a lossy connection (data may vanish). Does not guarantee packets are delivered in
order. Useful for real time applications. (It is no use
having your Quake III information arriving correctly but ten seconds late).
UDP applications can implement their own packet loss checking but it is best to use TCP for this.
The TCP header
The TCP header is shown below
About the TCP header
Sequence number (what is the “order” of this packet) incremented by 1 for every packet.
Acknowledgement number (what packet sequence number does this acknowledge).
Header length (how many 32 bit words are in options).
Flags: SYN = start connection, ACK = acknowledge packet, FIN= finish connection.
(Three other flags, URG, RST, PSH).
TCP header (2)
Window size will be described in more detail later (it sets how many unacknowledged packets may exist).
Checksum – is as for IP and UDP. Urgent Pointer – points to part of the data that must be
looked at by the receiver before the TCP session (rarely used).
Offsets says how long the options field is (the options field can contain “other things” – extra facilities that TCP might implement).
About TCP
TCP provides a lossless connection (or flags an error when losses occur).
Data packets are given an order and can be reassembled.
TCP provides some limited congestion control. TCP is most useful for applications where data
validity is important but real-time is not critical (email, www, ftp).
TCP packets are part of a TCP session.
TCP connections
This diagram shows the start of a TCP connection.
A sends packet X withSYN. “Hello I would like to talk”.B sends a SYN, ACKpair “I got yourmessage. I wouldalso like to talk”A sends an ACK (andsome data) “Igot your message,here is some data.”
TCP mechanisms
The window size is the number of outstanding (unacknowledged) packets that that a TCP session can send.
The window size provides a crude method for congestion control.
The window size increases to allow more packets to be sent (it increases throughput).
If a packet is lost then the window is reduced again.
TCP lost packets
When a packet is received out of sequence the receiver sends an ACK with the same number as the previous.
If the sender receives three duplicate ACKs then it assumes the packet has been lost and resends.
If the sender has not received an ACK for a packet within a certain amount of time then it times out and assumes the packet lost.
Packet loss causes the packet to be resent and the congestion window to be reduced.
TCP Window Increase/Decrease
Transmission no
Threshold
Threshold
Congestion window
The initial doubling of thewindow size is called “slowstart”.
Timeout
Closing a TCP/session – an interesting dilemma (aside)
How can we close a TCP session and stop listening?
ICMP
Internet Control Message Protocol packets are used for various control purposes. Here are some common ones:
Time exceeded: TTL hit 0. Echo request: Can you hear me out there? Echo reply: Yes I can hear you. Source Quench: Stop sending so much data. Timestamp request/reply (as echo but with
times).
The story of ping
Ping is a handy utility for checking if a computer is alive using ICMP echo request/reply (or timestamp if we want).
Ping is a first test if a computer is networked. We can even measure the speed of light using ping.
http://xxx.lanl.gov/abs/physics/0201053 Hacking makes it increasingly unused.
manor.york.ac.uk 20% ping -s castle.york.ac.ukPING castle2.york.ac.uk: 56 data bytes64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=0. time=1. ms64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=1. time=1. ms64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=2. time=1. ms64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=3. time=1. ms
Traceroute
Traceroute neatly combines ping and the TTL flag to get a “route” to a computer.
If the TTL is one the the packet will “die” after one hop.
ICMP will return a Time exceeded flag. This will tell us where the first “hop” of our
journey is. Increase the TTL by one to find the next “hop”.
ICMP tourism (with traceroute)
traceroute to host213-121-67-224: (213.121.67.224): 2-20 hops, 38 byte packets 2 213.180.11.162 tondi-CR.online.ee 1.62 ms (ttl=127) 3 213.180.25.1 liiva-CR.online.ee 1.82 ms (ttl=126) 4 213.180.11.189 tix-CR.online.ee 2.16 ms (ttl=125) 5 212.47.215.6 r1-Fa4-0-80-Tln-TIX.EE.KPNQwest.net 2.28 ms (ttl=251) 6 134.222.224.5 r5-AT3-1.105.sthm-KPN1.SE.kpnqwest.net 12.2 ms (ttl=250) 7 134.222.119.226 r2-Ge0-2-0-0.Sthm-KQ1.SE.KPNQwest.net 34.3 ms (ttl=246!) 8 134.222.230.157 r2-Se0-3-0.hmbg-KQ2.DE.KPNQwest.net 33.4 ms (ttl=247!) 9 134.222.230.117 r2-Se0-2-0.0.ffm-KQ1.DE.kpnqwest.net 34.1 ms (ttl=249!)10 134.222.230.29 r2-Se0-3-0.0.ledn-KQ1.NL.kpnqwest.net 39.6 ms (ttl=248!)11 134.222.230.169 r1-Se0-0-0.0.ldn-KQ1.UK.kpnqwest.net 43.7 ms (ttl=246!)12 134.222.231.14 r1-Se0-0-0.0.Ldn-KQ4.UK.KPNQwest.net 44.9 ms (ttl=245!)13 134.222.109.241 r13-Gi5-0.200.ldn-KQ4.UK.kpnqwest.net 45.4 ms (ttl=245!)14 195.66.225.10 linx-l1.ukcore.bt.net 45.2 ms (ttl=244!)15 194.74.65.126 core2-pos14-0.ilford.ukcore.bt.net 45.3 ms (ttl=243!)16 194.74.65.222 core2-pos5-0.reading.ukcore.bt.net 46.7 ms (ttl=242!)17 62.6.196.109 core2-pos8-0.birmingham.ukcore.bt.net 54.3 ms (ttl=241!)18 194.74.16.194 core2-pos9-0.rochdale.ukcore.bt.net 51.0 ms (ttl=240!)19 217.32.168.5 vhsaccess1-gig1-0.rochdale.fixed.bt.net 51.1 ms (ttl=239!)20 213.121.156.22 ugint0066-p.vhsaccess1.rochdale.fixed-nte.bt.net 51.3 ms (ttl=238!)
This shows the trip from Estonia to my flat in Fulfordvia my Internet Service Provider (ISP) – V21 in Rochdale
The journey of email
To: [email protected]: richard@manor
Dave, Great to see youthe other day...
Look up IPname fordistant.com
Dav e, Gr
eat to s
Packetisethe data
Dav
Add TCPheader tofirst packet
Dav
Add IPheader tofront of that
Get firsthop fromrouting table
SYNSYN,ACKACK
Set up the TCP connection
Send thefirst packetto its first hop
And so onfor furtherhops.
Destination gets packetand returns ACK
Start sending rest of data