TN211: Computer Networking

Protocols

Transport Layer Protocols

7/14/2021 4:32 AM TN211 CIVE 2018/19 1

 Transport Layer Protocols
 There are two fundamental protocols:
 Transmission Control Protocol (TCP):
connection-oriented protocol
User Datagram Protocol (UDP):
connectionless protocol
 Connection-oriented communication:
establishes a logical (virtual) connection
prior to sending data.
 Connectionless communication: sends
data right away without establishing a
logical connection.
7/14/2021 4:32 AM TN211 CIVE 2018/19 2
 Transport Layer Protocols
 Why Transport Layer Protocols?
 IP provides a weak, but efficient service
model (best-effort)
Packets can be delayed, dropped,
reordered, duplicated
Packets have limited size (why?)
 IP packets are addressed to a host
How to decide which application gets
which packets?

7/14/2021 4:32 AM TN211 CIVE 2018/19 3

 Transport Layer Protocols

 Why Transport Layer Protocols

 How should hosts send into the network?
Flow Control
Too fast is bad; too slow is not efficient

7/14/2021 4:32 AM TN211 CIVE 2018/19 4

 Types of Data Deliveries

 The transport layer is responsible for

process-to-process delivery.

7/14/2021 4:32 AM TN211 CIVE 2018/19 5

 Ports
 Since there are many applications
running on a computer, there is a need to
decide which application gets which
packet.
 A port number is a way to identify a
specific application (process) to which an
Internet or other network message is to be
forwarded when it arrives at a server.
 It is essentially a memory space denoted
by a 16-bit non-negative integer ranging
from 0-65,535 inclusive.
7/14/2021 4:32 AM TN211 CIVE 2018/19 6
 Ports..
 One port is linked to only one application.
 One application may use many ports for
different purposes (e.g. FTP: 20, 21)
 Port numbers can be categorized into 3:
 Well-known Ports: range 0-1023
 Registered Ports: range 1024-49151
 Dynamic ports: range 49152-65535

7/14/2021 4:32 AM TN211 CIVE 2018/19 7

 Well-Known Ports
 These ports are reserved for services and
applications.
 Everyone agrees what services run on these
ports. E.g. ssh:22, http:80
 By defining these well-known ports for server
applica t i o n s , c l i e n t a p p l i c a t i o n s c a n b e
programmed to request a connection to that
specific port and its associated service.
 Client must know server’s port.
 The Well Known Ports are assigned by the
IANA and on most systems can only be used
by system
7/14/2021 4:32 AM (or root) processes
TN211 CIVE 2018/19 or by programs
8
 Registered Ports
 These port numbers are assigned to user
processes or applications.
 These processes are primarily individual
applications that a user has chosen to
install rather than common applications that
would receive a Well Known Port.
 Used for non-common applications.
 When not used for a server resource, these
ports may also be used dynamically selected
by a client as its source port.

7/14/2021 4:32 AM TN211 CIVE 2018/19 9

 Dynamic Ports
 Also known as Ephemeral Ports
 Usually assigned automatically to client
applications when initiating a connection.
 May b e u se d a s c l i e n t ’ s sou r c e p o r t o r
server’s destination port
 In practice, it may also include the range of
Registered Ports (Numbers 1024 to 49151)

7/14/2021 4:32 AM TN211 CIVE 2018/19 10

 Socket
 A socket is one endpoint of a two-way
communication link between two programs
running on the network.
 The endpoint is a combination of an IP
address and a port number and transport
layer protocol (usually TCP).
 Every TCP connection can be uniquely
identified by its two endpoints.
 That way you can have multiple connections
between your host and the server.
 It is bound to a port number so that the
TCP layer can identify the application that
7/14/2021 4:32 AM TN211 CIVE 2018/19 11
 Port Implementation

 Typically, a port is implemented by OS

as a message queue:
 Incoming messages added to queue for
specified port.
 Messages removed by application when it
reads the port
 Messages discarded if queue is full
 Process blocks if queue is empty when it
reads

7/14/2021 4:32 AM TN211 CIVE 2018/19 12

 Obtaining Port Numbers-Linux
Systems
 Need host IP and port to talk to server
 Once server has address, it can respond to
address in packet it received
 Different techniques for getting port #
 Use a well-known port (i.e. DNS uses 53).
 Values found in /etc/services for Linux Systems.

 Use a port mapper–single process that runs on

the server and knows the ports for different
services.
 Use a directory service that runs on the network
7/14/2021 4:32 AM TN211 CIVE 2018/19 13
and knows the port numbers for services on any
 Obtaining Port Numbers-Windows
Systems
 Open command prompt and enter
netstat command:
 Use option u for open UDP ports
 Option t for open TCP ports

7/14/2021 4:32 AM TN211 CIVE 2018/19 14

 UDP
 It is a connectionless protocol:
 Provides a way to send IP datagrams without
establishing a connection.
 Same best-effort service model as IP.
 Only adds multiplexing and de-multiplexing
capability to basic best-effort delivery provided by
IP.
 Minimalist protocol with messages of up to 64KB.

 Needs to identify target process for

message/datagram
 Could use some direct identifier like process ID,
but that might not work with all OSes.
7/14/2021 4:32 AM TN211 CIVE 2018/19 15
 Well-Known Ports Used with UDP
Port Protocol Description
7 Echo Echoes received datagram
back to the sender
9 Discard Discard any datagram that is
received
11 Users Active users
13 Daytime Returns the date and the time
17 Quote Returns quote of the day
19 Chargen Returns a string of characters
53 Domain Domain Name Service
67 Bootps Server port to download
7/14/2021 4:32 AM bootstrap
TN211 CIVE 2018/19 information 16
Well-Known Ports Used with UDP..
Port Protocol Description
68 Bootpc Client port to download
bootstrap information
69 TFTP Trivial File Transfer Protocol
111 RPC Remote Procedure Call
123 NTP Network Time Protocol
161 SNMP Simple Network Management
Protocol
162 SNMP Simple Network Management
Protocol (Trap)
520 RIP Routing Information Protocol
7/14/2021 4:32 AM TN211 CIVE 2018/19 17
 UDP Header Format

7/14/2021 4:32 AM TN211 CIVE 2018/19 18

 UDP Header Format

 Source port:
 Uses 2 Bytes=16Bits
 UDP port of the sending host.
 The sending port value is optional.
 If not used, it is set to zero.

7/14/2021 4:32 AM TN211 CIVE 2018/19 19

 UDP Header Format

 Destination port:
 Uses 2 Bytes=16Bits
 UDP port of destination host.
T h i s p r o v i d e s a n e n d p o i n t f o r
communications.

7/14/2021 4:32 AM TN211 CIVE 2018/19 20

 UDP Header Format

 Length:
 Uses 2 Bytes=16Bits.
 Refers to the size of the UDP message.
 The minimum UDP packet contains only the
header information (8 bytes).
 UDP length includes header and data.
 UDP length = IP length – IP header’s
length
7/14/2021 4:32 AM TN211 CIVE 2018/19 21
 UDP Header Format

 Checksum:
 Uses 2 Bytes=16Bits.
 Verifies that the header is not corrupted.
 The checksum value is optional in IPv4,
required in IPv6.
 If not used, it is set to zero.
 It is the same algorithm used for TCP and
IP.
7/14/2021 4:32 AM TN211 CIVE 2018/19 22
 UDP Header Format

 Checksum:
 If an error is detected, the entire UDP
segment is discarded and no further action
is taken.
 It is computed over message data, UDP
header, and pseudo-header–protocol
number and source and destination IP
addresses, plus TN211
7/14/2021 4:32 AM
UDP length.
CIVE 2018/19 23
Checksum Calculation of a Simple
UDP User Datagram

 Next slide shows the checksum

calculation for a very small user
datagram with only 7 bytes of data.
 Because the number of bytes of data is odd,
padding is added for checksum calculation.
 The pseudoheader as well as the padding
will
7/14/2021 4:32 AMbe dropped TN211
when the user datagram24is
CIVE 2018/19
Checksum Calculation of a Simple
UDP User Datagram
Source Port Dest. Port
Length D. Checksum

7/14/2021 4:32 AM TN211 CIVE 2018/19 25

Example of Lab Work and Tutorial..
 Suppose following is a dump of a UDP
header in hexadecimal format:

a) The source port number is the first four

hexadecimal digits (CB84)16 or 52100.

b) The destination port number is the second

four hexadecimal digits (000D)16 or 13.

c) The third four hexadecimal digits (001C)16

define
7/14/2021 4:32 AM the length of
TN211the whole UDP packet as
CIVE 2018/19 26
Example of Lab Work and Tutorial..
 Suppose following is a dump of a UDP
header in hexadecimal format:

a) The length of the data is the length of the

whole packet
minus the length of the header, or 28 – 8 =
20 bytes.

b) Since the destination port number is 13

(well-known port), the packet is from the
client to the server.
7/14/2021 4:32 AM TN211 CIVE 2018/19 27
Example of Lab Work and Tutorial
 Suppose following is a dump of a UDP
header in hexadecimal format:
CB480045001C001C
a) What is the source port number?
b) What is the destination port number?
c) What is the total length of the user datagram?
d) What is the length of the data?
e) Is the packet directed from a client to a server
or vice versa?
f) What is the client process?

7/14/2021 4:32 AM TN211 CIVE 2018/19 28

When is the Use of Connectionless
Service Justified?
 Inward data collection:
 Periodic active or passive sampling of data
sources, such as sensors, and automatic self-
test reports from security equipment or
network devices.
 In a real-time monitoring situation, the loss of
an occasional data unit would not cause
distress, because the next report should arrive
shortly.
 Outward data dissemination:
 Broadcast and multicast messages to network
7/14/2021 4:32 AM TN211 CIVE 2018/19 29
 When is the Use of Connectionless
Service Justified?
 Request-response:
 Applications in which a transaction service is
provided by a common server to a number of
distributed TS users, and for which a single
request-response sequence is typical.
 Use of the service is regulated at the application
level, and lower-level c o n n e c tio n s are o f te n
unnecessary and cumbersome.
 Real-time applications:
 ..such as voice and telemetry, involving a degree of
redundancy and/or real-time transmission
requirement. 30
7/14/2021 4:32 AM TN211 CIVE 2018/19
 Popular Applications That Use
UDP
 Multimedia streaming
 Retransmitting lost/corrupted packets is not
worthwhile
 By the time the packet is retransmitted, it’s
too late
 E.g., telephone calls, video conferencing,
gaming
 Simple query
“Addressprotocols
for www.cnn.com?” like Domain

Name System
 Overhead of connection establishment is
“12.3.4.15”
overkill
7/14/2021 4:32 AM TN211 CIVE
31 2018/19
 UDP Case Studies
 DHCP – Dynamic Host Configuration
Protocol
 TCP
connection is impossible
We don't have an IP address yet!

 DNS – Domain Name System

 TCP connection is too expensive
Everybody on the planet talks to root
name servers
That would be a lot of kernel socket
buffers!
 TCP connection TN211
7/14/2021 4:32 AM
expense
CIVE 2018/19
is wasteful 32
 UDP Case Studies
 NTP – Network Time Protocol
 Setting your clock requires estimating
latency to peer
TCP buffering interferes with
estimation

 TFTP
 TCP implementation is too expensive
Boot code in BIOS...size is limited

7/14/2021 4:32 AM TN211 CIVE 2018/19 33

 UDP Case Studies
 SNMP – Simple Network Management
Protocol
 TCP connection is too expensive
Workgroup router can't afford
connection state...
...would be easy denial-of-service attack

 Kerberos, Zephyr
 Like DNS: many clients, request/response
pattern
 T C P c o n n e c t iTN211
7/14/2021 4:32 AM
o nCIVEi 2018/19
s t o o e x p e n s i v e &34
 UDP Case Studies
 AFS - “Andrew File System” (or not)
 Counts as “experimental transport
protocol”
 In 1980's, many TCP implementations
had poor throughput
 Easier to implement a similar protocol
than to fix kernels
 Unclear what the “right” answer is

 NFS – Sun's “Network File System”

 Similar reasons, judgement to AFS
 Lots
7/14/2021 4:32 AM of people run NFS
TN211 CIVE over TCP
2018/19 35
 UDP Case Studies
 RPC (Remote Procedure Call) libraries
 SunRPC, CORBA, DCOM, etc.
 Many operate over both UDP and TCP
 Application often selects via flag
Application, not library, knows how many
calls to same server
 Special-purpose communications
 Examples:
ISIS distributed-computation library
IP multicast
 Communication
7/14/2021 4:32 AM pattern
TN211 CIVE 2018/19isn't point-to-point
36
 UDP Advantages
 Finer control over what data is sent
and when
 As soon as an application process writes
into the socket.
 … UDP will package the data and send
the packet.
 No delay for connection establishment
 UDP just blasts away without any formal
preliminaries.
… which avoids introducing any
7/14/2021 4:32 AM TN211 CIVE
37 2018/19
unnecessary delays.
 UDP Advantages..

 No connection state:
 No allocation of buffers, parameters,
sequence #s, etc.
 … making it easier to handle many active
clients at once.
 Small packet header overhead:
 UDP header is only eight-bytes long.

7/14/2021 4:32 AM TN211 CIVE

38 2018/19
 UDP Disadvantages
 There is no congestion control, meaning
that bottlenecks build up to the point
that no traffic can be transmitted.
 UDP is unreliable-data may be dropped
or arrive out of order and provides no
acknowledgement.

7/14/2021 4:32 AM TN211 CIVE 2018/19 39

 Scanning UDP Protocols
 Scanning UDP can be Frustrating.
 A UDP packet that reaches a server port which is
open replies with nothing
 A UDP packet that reaches a server port which is
closed replies with an ICMP type 3 message that
the service is not reachable
 A UDP packet that gets lost or dropped on the way
to the server port (it happens) returns no response
 A UDP packet that reaches a server port which is
open and the protocol matches, replies with
service
 A UDP packet that reaches a server port which is
closed and the firewall is configured to disallow
ICMP replies, returns nothing or may return a
packet which says this is not allowed by the
administrator
 So Why scan UDP?
 TCP
 Connection oriented:
 Explicit set-up and tear-down of TCP session
 Stream-of-bytes service
 Sends and receives a stream of bytes, not
messages
 Reliable, in-order delivery
 Checksums to detect corrupted data
 Acknowledgments & retransmissions for reliable
delivery
 Sequence numbers to detect losses and reorder
data
 Flow control
 Prevent overflow of the receiver’s buffer space
TN211 CIVE 2018/19 41
7/14/2021 4:32 AM
Well-Known Ports Used with TCP
Port Protocol Description
7 Echo Echoes received datagram
back to the sender.
9 Discard Discard any datagram that is
received.
11 Users Active users.
13 Daytime Returns the date and the time.
17 Quote Returns quote of the day.
19 Chargen Returns a string of characters.
20 FTP-data FTP port for sending data.
21 FTP- FTP port for authentication.
7/14/2021 4:32 AMcontrol TN211 CIVE 2018/19 42
 Well-Known Ports Used with TCP..
Port Protocol Description
22 SSH Secure Shell-protocol uses
encryption to secure the
connection between a client and
a server.
23 Telnet Terminal Network
25 SMTP Simple Mail Transfer Protocol
53 DNS Domain Name Server
67 BOOTP Bootstrap Protocol
79 Finger Finger protocol-provide status
reports on a particular computer
system or a particular person at
7/14/2021 4:32 AM network sites.
TN211 CIVE 2018/19 43
Well-Known Ports Used with TCP..
Port Protocol Description
110 Pop3 Post Office Protocol Version 3-
used for retrieving E-mails.
143 IMAP3 Internet Message Access
Protocol version 3-retrieving
emails
179 BGP Border Gateway Protocol.
194 IRC Internet Relay Chat.
443 HTTPS HTTP Protocol over TLS/SSL
(encrypted transmission).
…..

7/14/2021 4:32 AM TN211 CIVE 2018/19 44

 Challenges of Reliable Data
Transfer
 Over a perfectly reliable channel
 All of the data arrives in order, just as it was
sent
 Simple: sender sends data, and receiver
receives data
 Over a channel with bit errors
 All of the data arrives in order, but some bits
corrupted
 Receiver detects errors and says “please repeat
that”
 Sender retransmits the data that were
corrupted
 Over a lossy channel with bit errors
 Some data are missing, and some bits
45 are
corrupted
7/14/2021 4:32 AM TN211 CIVE 2018/19
 TCP’s Support for Reliability
 Checksum
 Used to detect corrupted data at the receiver
 …leading the receiver to drop the packet
 Sequence numbers
 Used to detect missing data
 ... and for putting the data back in order
 Retransmission
 Sender retransmits lost or corrupted data
 Timeout based on estimates of round-trip
time
 Fast retransmit algorithm for rapid
retransmission
TN211 CIVE 2018/19 46
7/14/2021 4:32 AM
 TCP Congestion Control
 When congestion occurs, IP has limited
effect on managing congestion.
 Most of the congestion control is done
by TCP by cutting down the data rate.
 Indication of congestion:
 Timeouts.
 Packet discards.
 In fiber optic cable transmission errors are
minimized so timeouts mainly due to
congestion.
7/14/2021 4:32 AM TN211 CIVE 2018/19 47
 TCP Congestion Control
 (a) A fast network feeding a low
capacity receiver.
 (b) A slow network feeding a high-
capacity receiver.

7/14/2021 4:32 AM TN211 CIVE 2018/19 48

TCP Congestion Control
 Congestion Window

 In addition to receiver’s buffer

information, the sender also
maintains a congestion window.
 This is mainly due to the fact that
even if receiver may have space for
fast data transfer, network may not
carry it due to congestion.
 The number of bytes to be sent is the
minimum of the two windows
(sender’s window and receiver’s 50
7/14/2021 4:32 AM TN211 CIVE 2018/19
 Windowing
 Windowing is a flow control
mechanism requiring that the source
device receive an acknowledgment
from the destination after transmitting
a certain amount of data.
 With a window size of three, the source
device can send three octets to the
destination.
I t m u s t t h e n w a i t f o r a n
acknowledgment.
 If the destination receives the three
octets, it sends an acknowledgment to
the source device, which can now
transmit three more octets.
 Windowing..

 If, for some reason, the destination

does not receive the three octets,
possibly due to overflowing buffers, it
does not send an acknowledgment.
 Because the source does not receive
an acknowledgment, it knows that
the octets should be retransmitted
and that the transmission rate should
be slowed.
 Window Size
 Window size determines the amount of
data that can be transmitted at one
time before receiving an
acknowledgment from the destination.
 After a host transmits the window-sized
number of bytes, the host must receive
an acknowledgment that the data has
been received before it can send any
more data.
 For example, with a window size of 1,
each individual segment must be
acknowledged before sending the next
Windowing and Window
Size

54
 Sliding Window
 TCP utilizes a sliding window when
determining transmission size.
 A sliding window allows for devices to
negotiate a window size to allow for
more than one byte to be sent during
a single transmission.
 This sliding window also allows the
destination device to indicate to the
source a need to decrease or increase
the amount of data being sent
because it is incapable at that time of
dealing with that much data.
 Sliding Window..
 The size of the window is the lesser of
receiver’s window and sender’s
window.
 The source does not have to send a full
window’s worth of data.
 The window can be opened or closed by
the receiver, but should not be shrunk.
 The destination can send an
acknowledgment at any time as long as
it does not result in a shrinking
window.
 The receiver can temporarily shut down
 Sliding Window..
 What is the value of the receiver window
(rwnd) for host A if the receiver, host B, has
a buffer size of 5000 bytes and 1000 bytes
of received and unprocessed data?
 Solution
 The value of rwnd = 5000 − 1000 = 4000.
Host B can receive only 4000 bytes of data
before overflowing its buffer. Host B
advertises this value in its next segment to
A.
 What is the size of the window for host A
if the value of rwnd is 3000 bytes and the
value of sender’s window (cwnd) is 3500
bytes?
 Solution
Sliding Window..
 Sequencing Numbers
 TCP applies sequence numbers to the data
segments it is transmitting so that the
receiver will be able to properly reassemble
the bytes in their original order.
 Sequencing numbers indicate to the
destination device the correct order in
which to put the bytes when they are
received.
 These sequencing numbers also act as
reference numbers so that the receiver will
know if it has received all of the data.
 They also identify the missing data pieces
to the sender so it can retransmit the
missing data.
 Sequencing Numbers..
 This offers increased efficiency since the
sender only needs to re-transmit the
missing segments instead of the entire set
of data.
 The value in the sequence number field of a
segment defines the number assigned to
the first data byte contained in that
segment.
 The value of the acknowledgment field in
a segment defines the number of the next
byte a party expects to receive.
The acknowledgment number is
cumulative.
 Read about Kevin Mitnick and Predictable
 Sequencing Numbers..

 Suppose a TCP connection is transferring a

file of 5,000 bytes. The first byte is
numbered 10,001. What are the sequence
numbers for each segment if data are sent
in five segments, each carrying 1,000
bytes?

 Solution:
 The following shows the sequence
number for each segment:
 Protecting against
Wraparound
 Relevance of the 32-bit sequence number
space.
 The sequence number used on a given
connection might wraparound.
 A byte with sequence number x could be
sent at one time, and then at a later time
a second byte with the same sequence
number x could be sent.
 Packets cannot survive in the Internet for
longer than the Maximum Segment
Lifetime (MSL).
 MSL is set to 120 sec.
 We need to make sure that the sequence
Protecting against
Wraparound..
 Positive ACK
 Acknowledgement is a common step in the
synchronization process which includes
sliding windows and data sequencing.
 TCP utilizes positive acknowledgment and
retransmission to control data flow and
confirm data delivery.
 Positive acknowledgment and retransmission
(PAR) is a common technique many protocols
use to provide reliability.
 With PAR, the source sends a packet, starts
a timer, and waits for an acknowledgment
before sending the next packet.
 If the timer expires before the source
receives an acknowledgment, the source
retransmits the packet and starts the timer
 TCP Header

TCP Header Format

TCP Header-Types of Flags
 TCP Header..
 Source port address: This is a 16-bit field
that defines the port number of the
application program in the host that is
sending the segment.
 Destination port address: This is a 16-
bit field that defines the port number of
the application program in the host that
is receiving the segment.
 Sequence number: This 32-bit field
defines the number assigned to the first
byte of data contained in this segment.
7/14/2021 4:32 AM TN211 CIVE 2018/19 68
 TCP Header..
 Acknowledgment number. This 32-bit
field defines the byte number that the
receiver of the segment is expecting to
receive from the other party.
 If the receiver of the segment has
successfully received byte number x from
the other party, it returns x + 1 as the
acknowledgment number.
 Header length.This 4-bit field indicates the
number of 4-byte words in the TCP header.
 The length of the header can be between
20 and 60 bytes.
 T h e r e f o r e , t hTN211
7/14/2021 4:32 AM
e vCIVEa2018/19
l u e o f t h i s f i e l d 69
is
 TCP Header..
 Reserved. This is a 6-bit field reserved for
future use.
 Flags. This field defines 6 different control
bits or flags:
 URG: is contained at the front of the
segment body, up to and including a
value of UrgPtr bytes into the segment.
A C K : is set any time the
Acknowledgment field is valid, implying
that the receiver should pay attention to
it.
 PSH: Push the data. This flag signifies
that the sender invoked the push
op
7/14/2021 4:32e
AMr a t i o n , w TN211
h i CIVE
c h2018/19
i n d i c a t e s t o t h70e
 TCP Header..
 Flags. This field defines 6 different control
bits or flags:
 SYN: Synchronize sequence numbers. It
is used when establishing a TCP
connection.
 RST: Reset the connection. This flag
signifies that the receiver has become
confused, it received a segment it did
not expect to receive—and so wants to
abort the connection.
 FIN: Terminate the TCP connection.

7/14/2021 4:32 AM TN211 CIVE 2018/19 71

 TCP Header..
 Window size. This field defines the window
size of the sending TCP in bytes.
 Note that the length of this field is 16
bits, which means that the maximum
size of the window is 65,535 bytes.
 Checksum. This 16-bit field contains the
checksum. It is computed over the TCP
header, the TCP data, and the
pseudoheader, which is made up of the
source address, destination address, and
length fields from the IP header.
 Urgent pointer. This 16-bit field, which is
valid only if the urgent flag is set, is used
7/14/2021 4:32 AM TN211 CIVE 2018/19 72
 Synchronization or 3-way
handshake
 This is a three-step process that
establishes the virtual connection
between the two devices.
 First, one host initiates a connection by
sending a synchronization (SYN) packet
indicating its initial sequence number of x with
a certain bit in the header set to indicate a
co nnect i o n r eq u es t . T h i s b i t i s s e t i n t h e
acknowledgment number field of the TCP
header (also referred to as the code field).
 Second, the other host receives the packet,
records the sequence number of x, replies with
an acknowledgment of x + 1, and includes its
own initial sequence number of y. The
acknowledgment number of x + 1 means the
host has received all octets up to and including
73
x, and is expecting x + 1 next.
 Finally, the initiating host responds with a
Synchronization or 3-way
handshake...
 Denial of Service Attacks

 Denial of service (DoS) attacks are

designed to deny services to legitimate
hosts attempting to establish
connections.
 DoS attacks are a common method
that hackers utilize to halt system
response.
 One type of DoS is known as SYN
flooding.
 SYN flooding exploits the normal
three-way handshake and causes
targeted devices to ACK to source
Denial of Service Attacks ..
 Hacker’s Use of TCP
 Hackers will mangle packets to confuse
target systems.
 A confused system can give up
information, provide access or even stop
responding.
 Some of the common Tricks:
 Setting no flags or all flags
 Attempt to connect using the handshake but
not complete it. This will provide a fast way
to enumerate ports.
 Setting strange combos of Flags may reveal
what OS we are dealing with. (Fingerprinting)
 Send a packet with the ACK flag set can get
past some simple firewall systems.
Example of Lab Work and Tutorial
 The following is a dump of a TCP header
in hexadecimal format.
05320017 00000001 00000000
500207FF 00000000
a. What is the source port number?
b. What is the destination port number?
c. What is the sequence number?
d. What is the acknowledgment number?
e. What is the length of header?
f. What is the type of segment?
g. What is the window size?
7/14/2021 4:32 AM TN211 CIVE 2018/19 78
Similarities Between TCP and UDP
 Both protocols ensure interface to the
higher layer-application protocols by
transmitting the data coming into the
host to the appropriate applications.
 Both use the idea of port and socket.
 Both support interface to the underlying
Network IP layer by encapsulating their
PDUs into IP packets.
 Both protocol entities are installed only
on end nodes.
7/14/2021 4:32 AM TN211 CIVE 2018/19 79
Differences Between TCP and UDP
Criteria TCP UDP

Connection Connection- Connectionless

oriented
Ordering of Rearranges No inherent
packets packets in the order as packets
order specified are independent
of each other
Speed of Slower than UDP Faster because
transfer there is no
connection
establishment
7/14/2021 4:32 AM TN211 CIVE 2018/19 80
and error
Differences Between TCP and UDP..
Criteria TCP UDP
Reliabilit There is guarantee No guarantee
y that data transferred that the
will remain intact and messages or
in the same order it packets will
was sent reach the
destination at
all
Header 20 Bytes 8 Bytes
size
Streamin Data is read as a byte Packets are
g7/14/2021
of Data stream sent
4:32 AM TN211 CIVE 2018/19 81
Differences Between TCP and UDP..
Criteria TCP UDP

Data Flow TCP does Flow UDP does not

Control Control. TCP have an option
requires three for flow control
packets to set up a
socket connection
Acknowle Acknowledgement No
dgement segments Acknowledgme
nt

7/14/2021 4:32 AM TN211 CIVE 2018/19 82

 Test Two

Sunday, 09 February 2020, Auditorium,

1500-1700hrs.

7/14/2021 4:32 AM TN211 CIVE 2018/19 83