Professional Documents
Culture Documents
* What can you tell from the following output? TCP? UDP? Application?
(Find an old picture of TCP vs. UDP)
* There are some fields are unique for TCP and some fields are unique for UDP.
Therefore, you are expected to identify whether a segment is a TCP segment or a UDP
segment?
– In TCP, each segment header contains a sequence number. This sequence number
allows the Transport layer functions on the destination host to reassemble segments in
the order in which they were transmitted.
– In UDP header, there is no sequence number. UDP is a simpler design and generates
less overhead than TCP, resulting in a faster transfer of data.
– The reliability of TCP communication is performed using connection-oriented sessions.
(3 way handshake)
– TCP also provides mechanisms for flow control.
– The TCP services on the destination host acknowledge the data that it has received to
the source application.
* What are the fields that exist in both TCP and UDP segments?
In the header of each segment or datagram, there is a source and destination
port.
The source port number is the number for this communication associated with
the originating application on the local host.
The destination port number is the number for this communication associated
with the destination application on the remote host.
* You need to memorize some of the popular port numbers and the application
associated with those ports:
- Port 23
- Port 53
- Port 80
- Port 110
- Port 443
* You should know the interaction between the source port and destination port and the
acknowledge number for out-going segment and the same fields of the returning
segment.
- The source port becomes the destination port.
- The destination port becomes the source port.
- Acknowledge number increment by the size of bytes received by the destination.
* You are expected to know and memorize the number of 3 distinct of IANA assigned
port number groups:
1. Well Known Ports (Numbers 0 to 1023)
These numbers are reserved for services and applications.
2. Registered Ports (Numbers 1024 to 49151)
When not used for a server resource, these ports may also be used
dynamically selected by a client as its source port.
3. Dynamic or Private Ports (Numbers 49152 to 65535)
Also known as Ephemeral Ports, these are usually assigned
dynamically to client applications when initiating a connection
* You are expected to know all 3 different stages of the 3-way handshake.
A TCP client begins the 3-way handshake by sending a segment with the SYN
(Synchronize Sequence Number) control flag set, indicating an initial value in the
sequence number field in the header.
The SYN control flag is set and the relative sequence number is at 0.
TCP server needs to acknowledge the receipt of the SYN from the client to
establish the session from the client.
The server sends a segment back to the client with the ACK flag set indicating
that the Acknowledgment number is significant
The value of acknowledgment number is the initial sequence number plus 1.
Finally, the TCP client responds with a segment containing an ACK that is the
response to the TCP SYN sent by the server.
The value in the acknowledgment number field contains one more than the initial
sequence number received from the server.
* You are expected to know how to read the “netstat” command output.
How many session of TCP are running at the machine?
What is port 443? What is port 80? (What is port 110”)
What are the ports: 1029, 1033, and …….?
What situation will the connection generate the output for state:
“ESTABLISHED” and “TIME_WAIT”? What is relation between these states
and “3 way handshake”?