4 TCP2

CIT 384: Network Administration
TCP
CIT 384: Network Administration Slide #1
Topics
Application 1. UDP
2. TCP
Presentation
3. QoS
Session 4. Security
Transport
Network
Data Link
Physical
UDP: User Datagram Protocol
Simple datagram transport layer protocol.
Each application output generates one UDP
datagram, which produces one IP datagram.
Trades reliability for speed
Sends datagrams directly to unreliable IP layer.
16bit port numbers
Identify sending and receiving processes.
Applications
DNS, SNMP, TFTP, VOIP, streaming video
UDP Header
UDP Example: TFTP
Trivial File Transfer Protocol
No authentication
TFTP Session:
sun16 > tftp at204m02
tftp> get readme.txt
Received 1024 bytes in 0.2 seconds.
tftp> quit
TFTP Packet Types
Packet types
1) read a file (filename, ascii/binary)
2) write a file (filename, ascii/binary)
3) file data block
4) ACK
5) error
TFTP Packet Diagram
TFTP Session Trace
at204m02 > snoop udp sun16
2 0.00000 sun16 -> at204m02 TFTP Read "2sun"
(netascii)
4 0.00498 at204m02 -> sun16 TFTP Data block 1

(512 bytes)
6 0.00136 sun16 -> at204m02 TFTP Ack block 1
8 0.00010 at204m02 -> sun16 TFTP Data block 2

(300 bytes) (last block)
5 0.00119 sun16 -> at204m02 TFTP Ack block 2
TFTP Security
Feature: no username/password required
TFTP used for diskless hosts to boot.
How to protect /etc/passwd?
Limit TFTP server filesystem access.
Generally only can access /tftpboot directory.
TCP: Transmission Control Protocol
Connectionoriented
Must establish connection before sending data.
3way handshake.
Reliable bytestream
TCP decides how to divide stream into packets.
ACK, timeout, retransmit, reordering.
16bit source and destination ports.
FTP(21), HTTP(80), POP(110), SMTP(25)
TCP Reliability
1. Breaks data into bestsized chunks.
2. After sending segment, maintains timer; if no
ACK within time limit, resends segment.
3. Sends ACK on receipt of packets.
4. Discards pkts on bad checkum of header and
data.
5. Receiver resequences TCP segments so data
arrives in order sent.
6. Receiver discards duplicate segments.
7. Flow control: only sends as much data as receiver
can process.
TCP Header
TCP Header
Source Port: 16bit source identifier
Destination Port: 16bit destination identifier
Sequence Number: 32bit segment identifier.
Acknowledgment: next sequence number
expected by sender of ACK
TCP is full duplex so both sides of connection have
own set of sequence numbers
Headers
TCP: Three Applications
Using Port Numbers to Multiplex
Concept of Socket: IP address, transport protocol, port number
TCP/IP Applications
• WWW
• DNS
• SNMP
• TFTP
• SMTP
• POP3
WellKnown Port Numbers
Sequence Numbers and ACKs
Sequence=1, 1000 bytes
ACK=2002
ACK specifies next byte to be received, i.e.
it acknowledges receipt of all bytes up to but
not including the ACK number.
Errors and Retransmission
ACK=1001
Sender also sets retransmission timer. If no ACK
received by the time the timer expires, then sender
retransmits the segments sent since timer was set.
TCP Flow Control
Window size: number
of bytes receiver is
willing to accept
Sender must stop
sending if window
full and no ACK
received yet.
Window starts small,
then grows until
errors occur.
TCP Header Flags (Code Bits)
URG: urgent pointer is valid
ACK: acknowledgement number is valid
PSH: rcvr should pass data to app asap
RST: reset connection
SYN: synchronize sequence numbers to
initiate a connection
FIN: sender is finished sending data
TCP Options
Header length: length of header in 32bit words
(20bytes default–60bytes w/ options)
End of option list (kind=0)
NOP (kind=1)
Used to pad fields to 32bit boundary
Maximum Segment Size (MSS) (kind=2)
Len=4 (length includes kind + len bytes)
16bit MSS
Default: 536 data + 20 TCP hdr + 20 IP hdr
Window Scale Factor (kind=3)
Timestamp (kind=8)
TCP Connections
Establishment
3way handshake
Connection Trace
Termination
Normal Termination
Connection Trace
Reset
Connection Establishment Protocol
1. Requester (client) sends a SYN segment,
specifying the port number of the server to which
it wants to connect and the client’s initial
sequence number (ISN).
2. Server responds with SYN segment containing
server’s ISN. Server acknowledges client’s SYN
by ACKing the client’s ISN+1.
3. Client acknowledges server SYN by ACKing
server’s ISN+1.
TCP 3way Handshake
Connection Termination Protocol
As TCP is full duplex, each side must
terminate half of the connection as follows:
Send FIN segment (active close)
Other side ACKs w/ FIN sequence number +1
Halfclosed connections
Side that sent FIN can still receive data.
Example: ssh fasthost sort < words.txt
TCP Disconnection
TCP Reset
Connection Refused
> telnet at204m02 8192
Trying 10.1.0.90...
telnet: Unable to connect to remote host:
Connection refused
Packet Trace
sun09 -> at204m02 TCP D=8192 S=33048
Syn Seq=3848454475 Len=0 Win=24820
Options=<nop,nop,sackOK,mss 1460>
at204m02 -> sun09 TCP D=33048
S=8192 Rst Ack=3848454476 Win=0
TCP Reset (cont.)
Connection Abort
Any queued data is thrown away.
Other side is informed of abnormal close.
Packet Detail:
One side sends RST.
Other side aborts connection.
There is no ACK sent in response.
HalfOpen Connections
Connections where one side has aborted or
closed connection w/o knowledge of other.
– Client or server host has crashed.
– DOS attack: requester sends SYN, doesn’t
respond to SYN+ACK.
Example List of TCP Ports
TCP: IPv4 (netstat –na output)
Local Addr Rmt Addr State
---------- --------------------
*.111 *.* LISTEN
*.32771 *.* LISTEN
*.32772 *.* LISTEN
*.32773 *.* LISTEN
*.32774 *.* LISTEN
*.4045 *.* LISTEN
*.22 *.* LISTEN
*.2049 *.* LISTEN
*.515 *.* LISTEN
*.80 *.* LISTEN
*.6000 *.* LISTEN
*.22 10.17.0.23.32827 ESTABLISHED
*.2049 10.17.0.23.799 ESTABLISHED
TCP Servers
Local Address
*.80 means that it will accept connections on any network
interface on TCP port 80.
Foreign Address
*.* means that the server will accept connections from any
source host and port.
Conn=(src IP, src port, dst IP, dst port)
All connections to same server will have same dst IP and
port, but will have different source IPs and ports
Kernel maintains queue of ~5 incoming connections
for each server.
Sockets
Each TCP or UDP connection is a socket.
 Source IP
 Source port (chosen randomly >1024)
 Destination IP
 Destination port
Quality of Service Problems
Throughput (bandwidth)
Amount of data transferred per unit time.
Latency (delay)
Time packets take to reach their destination.
Jitter
Variation in latency.
Loss
Packets are lost in transit. TCP will retransmit them,
increasing latency. UDP will ignore.
Out of Order
Packets arrive out of order and have to be reordered,
increasing latency (TCP) or loss (UDP.)
QoS Minimum Needs
App Bandwidth Latency Jitter Loss
VoIP Low Low Low Low
2way Medium Low Low Low

video
1way Medium Medium Medium Low
video
Interactive Medium Medium High High
web app
File xfer High High High High
Converting from Sound to Packets
with a VA (Voice Adapter)
DNS Resolution and
Requesting a Web Page
Multiple HTTP Get
Requests/Responses
Network Security
Typical Enterprise Internet
Connection with a Firewall
Common Security Issues in an
Enterprise
Common Internet Design Using
a Firewall
Sample VPNs
References
• James Boney, Cisco IOS in a Nutshell, 2nd edition,
O’Reilly, 2005.
• Cisco, Cisco Connection Documentation,
http://www.cisco.com/univercd/home/home.htm
• Cisco, Internetworking Basics,
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_do
c/introint.htm
• Wendell Odom, CCNA Official Exam Certification
Library, 3rd edition, Cisco Press, 2007.
• Priscilla Oppenheimer and Joseph Bardwell,
Troubleshooting Campus Networks, AddisonWesley,
2002.
• W. Richard Stevens, TCP/IP Illustrated, Addison
Wesley, 1994.

4 TCP2

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 TCP2

Uploaded by

Copyright:

Available Formats

CIT 384: Network Administration

4 0.00498 at204m02 -> sun16 TFTP Data block 1

6 0.00136 sun16 -> at204m02 TFTP Ack block 1

8 0.00010 at204m02 -> sun16 TFTP Data block 2

5 0.00119 sun16 -> at204m02 TFTP Ack block 2

VoIP Low Low Low Low

2way Medium Low Low Low

You might also like

4 TCP2

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

4 TCP2

Uploaded by

Copyright:

Available Formats

CIT 384: Network Administration

4 0.00498 at204m02 -> sun16 TFTP Data block 1

6 0.00136 sun16 -> at204m02 TFTP Ack block 1

8 0.00010 at204m02 -> sun16 TFTP Data block 2

5 0.00119 sun16 -> at204m02 TFTP Ack block 2

VoIP Low Low Low Low

2­way Medium Low Low Low

You might also like

2way Medium Low Low Low