TN211: Computer Networking Protocols

Transport Layer Protocols

12/31/2023 11:21 PM TN211 CIVE 2018/19 1

 Transport Layer Protocols
◼ There are two fundamental protocols:
✓ Transmission Control Protocol (TCP): connection-
oriented protocol
✓ User Datagram Protocol (UDP): connectionless
protocol
◼ Connection-oriented communication:
establishes a logical (virtual) connection prior to
sending data.
◼ Connectionless communication: sends data right
away without establishing a logical connection.
12/31/2023 11:21 PM TN211 CIVE 2018/19 2
 Transport Layer Protocols
◼ Why Transport Layer Protocols?
✓ IP provides a weak, but efficient service model (best-
effort)
❑Packets can be delayed, dropped, reordered,
duplicated
❑Packets have limited size (why?)
✓ IP packets are addressed to a host
❑How to decide which application gets which
packets?

12/31/2023 11:21 PM TN211 CIVE 2018/19 3

 Transport Layer Protocols
◼ Why Transport Layer Protocols
✓ How should hosts send into the network?
❑Flow Control
❑Too fast is bad; too slow is not efficient

12/31/2023 11:21 PM TN211 CIVE 2018/19 4

 Types of Data Deliveries
◼ The transport layer is responsible for process-to-
process delivery.

12/31/2023 11:21 PM TN211 CIVE 2018/19 5

 Ports
◼ Since there are many applications running on a
computer, there is a need to decide which application
gets which packet.
◼ A port number is a way to identify a specific
application (process) to which an Internet or other
network message is to be forwarded when it arrives
at a server.
◼ It is essentially a memory space denoted by a 16-bit
non-negative integer ranging from 0-65,535 inclusive.

12/31/2023 11:21 PM TN211 CIVE 2018/19 6

 Ports..
◼ One port is linked to only one application.
◼ One application may use many ports for different
purposes (e.g. FTP: 20, 21)
◼ Port numbers can be categorized into 3:
✓ Well-known Ports: range 0-1023
✓ Registered Ports: range 1024-49151
✓ Dynamic ports: range 49152-65535

12/31/2023 11:21 PM TN211 CIVE 2018/19 7

 Well-Known Ports
◼ These ports are reserved for services and applications.
✓ Everyone agrees what services run on these ports. E.g.
ssh:22, http:80
◼ By defining these well-known ports for server applications,
client applications can be programmed to request a
connection to that specific port and its associated service.
✓ Client must know server’s port.
◼ The Well Known Ports are assigned by the IANA and on
most systems can only be used by system (or root)
processes or by programs executed by privileged users.

12/31/2023 11:21 PM TN211 CIVE 2018/19 8

 Registered Ports
◼ These port numbers are assigned to user processes or
applications.
◼ These processes are primarily individual applications that a
user has chosen to install rather than common applications
that would receive a Well Known Port.
✓ Used for non-common applications.
◼ When not used for a server resource, these ports may also
be used dynamically selected by a client as its source port.

12/31/2023 11:21 PM TN211 CIVE 2018/19 9

 Dynamic Ports
◼ Also known as Ephemeral Ports
◼ Usually assigned automatically to client applications when
initiating a connection.
✓ May be used as client’s source port or server’s
destination port
◼ In practice, it may also include the range of Registered
Ports (Numbers 1024 to 49151)

12/31/2023 11:21 PM TN211 CIVE 2018/19 10

 Socket
◼ A socket is one endpoint of a two-way
communication link between two programs running
on the network.
✓ The endpoint is a combination of an IP address and a
port number and transport layer protocol (usually TCP).
✓ Every TCP connection can be uniquely identified by its
two endpoints.
✓ That way you can have multiple connections between
your host and the server.
◼ It is bound to a port number so that the TCP layer
can identify the application that data is destined to be
sent to.
12/31/2023 11:21 PM TN211 CIVE 2018/19 11
 Port Implementation

◼ Typically, a port is implemented by OS as a

message queue:
✓ Incoming messages added to queue for specified
port.
✓ Messages removed by application when it reads the
port
✓ Messages discarded if queue is full
✓ Process blocks if queue is empty when it reads

12/31/2023 11:21 PM TN211 CIVE 2018/19 12

Obtaining Port Numbers-Linux Systems
◼ Need host IP and port to talk to server
✓ Once server has address, it can respond to address in packet it
received
◼ Different techniques for getting port #
✓ Use a well-known port (i.e. DNS uses 53).
✓ Values found in /etc/services for Linux Systems.

✓ Use a port mapper–single process that runs on the server and

knows the ports for different services.
✓ Use a directory service that runs on the network and knows
the port numbers for services on any host.
12/31/2023 11:21 PM TN211 CIVE 2018/19 13
Obtaining Port Numbers-Windows Systems
◼ Open command prompt and enter netstat
command:
✓ Use option u for open UDP ports
✓ Option t for open TCP ports

12/31/2023 11:21 PM TN211 CIVE 2018/19 14

 UDP
◼ It is a connectionless protocol:
✓ Provides a way to send IP datagrams without establishing a
connection.
✓ Same best-effort service model as IP.
✓ Only adds multiplexing and de-multiplexing capability to basic
best-effort delivery provided by IP.
✓ Minimalist protocol with messages of up to 64KB.

◼ Needs to identify target process for

message/datagram
✓ Could use some direct identifier like process ID, but that
might not work with all OSes.
✓ Instead uses indirect handle, the port number.
12/31/2023 11:21 PM TN211 CIVE 2018/19 15
 Well-Known Ports Used with UDP
Port Protocol Description
7 Echo Echoes received datagram back to the
sender
9 Discard Discard any datagram that is received
11 Users Active users
13 Daytime Returns the date and the time
17 Quote Returns quote of the day
19 Chargen Returns a string of characters
53 Domain Domain Name Service
67 Bootps Server port to download bootstrap
information
12/31/2023 11:21 PM TN211 CIVE 2018/19 16
 Well-Known Ports Used with UDP..
Port Protocol Description
68 Bootpc Client port to download bootstrap
information
69 TFTP Trivial File Transfer Protocol
111 RPC Remote Procedure Call
123 NTP Network Time Protocol
161 SNMP Simple Network Management
Protocol
162 SNMP Simple Network Management
Protocol (Trap)
520 RIP Routing Information Protocol
12/31/2023 11:21 PM TN211 CIVE 2018/19 17
 UDP Header Format

12/31/2023 11:21 PM TN211 CIVE 2018/19 18

 UDP Header Format

◼ Source port:
✓ Uses 2 Bytes=16Bits
✓ UDP port of the sending host.
✓ The sending port value is optional.
✓ If not used, it is set to zero.

12/31/2023 11:21 PM TN211 CIVE 2018/19 19

 UDP Header Format

◼ Destination port:
✓ Uses 2 Bytes=16Bits
✓ UDP port of destination host.
✓ This provides an endpoint for communications.

12/31/2023 11:21 PM TN211 CIVE 2018/19 20

 UDP Header Format

◼ Length:
✓ Uses 2 Bytes=16Bits.
✓ Refers to the size of the UDP message.
✓ The minimum UDP packet contains only the header
information (8 bytes).
✓ UDP length includes header and data.
✓ UDP length = IP length – IP header’s length
12/31/2023 11:21 PM TN211 CIVE 2018/19 21
 UDP Header Format

◼ Checksum:
✓ Uses 2 Bytes=16Bits.
✓ Verifies that the header is not corrupted.
✓ The checksum value is optional in IPv4, required in
IPv6.
✓ If not used, it is set to zero.
✓ It is the same algorithm used for TCP and IP.

12/31/2023 11:21 PM TN211 CIVE 2018/19 22

 UDP Header Format

◼ Checksum:
✓ If an error is detected, the entire UDP segment is
discarded and no further action is taken.
✓ It is computed over message data, UDP header, and
pseudo-header–protocol number and source and
destination IP addresses, plus UDP length.

12/31/2023 11:21 PM TN211 CIVE 2018/19 23

Checksum Calculation of a Simple UDP
User Datagram

◼ Next slide shows the checksum calculation for a

very small user datagram with only 7 bytes of data.
✓ Because the number of bytes of data is odd, padding is
added for checksum calculation.
✓ The pseudoheader as well as the padding will be
dropped when the user datagram is delivered to IP.
12/31/2023 11:21 PM TN211 CIVE 2018/19 24
Checksum Calculation of a Simple UDP
User Datagram
Source Port Dest. Port
Length D. Checksum

12/31/2023 11:21 PM TN211 CIVE 2018/19 25

 Example of Lab Work and Tutorial..
◼ Suppose following is a dump of a UDP header in
hexadecimal format:

a) The source port number is the first four hexadecimal

digits (CB84)16 or 52100.
b) The destination port number is the second four
hexadecimal digits (000D)16 or 13.
c) The third four hexadecimal digits (001C)16 define the
length of the whole UDP packet as 28 bytes.
12/31/2023 11:21 PM TN211 CIVE 2018/19 26
 Example of Lab Work and Tutorial..
◼ Suppose following is a dump of a UDP header in
hexadecimal format:

a) The length of the data is the length of the whole packet

minus the length of the header, or 28 – 8 = 20 bytes.
b) Since the destination port number is 13 (well-known
port), the packet is from the client to the server.
c) The client process is the Daytime

12/31/2023 11:21 PM TN211 CIVE 2018/19 27

 Example of Lab Work and Tutorial
◼ Suppose following is a dump of a UDP header in
hexadecimal format:
CB480045001C001C
a) What is the source port number?
b) What is the destination port number?
c) What is the total length of the user datagram?
d) What is the length of the data?
e) Is the packet directed from a client to a server or vice versa?
f) What is the client process?

12/31/2023 11:21 PM TN211 CIVE 2018/19 28

 When is the Use of Connectionless
Service Justified?
◼ Inward data collection:
✓ Periodic active or passive sampling of data sources, such as
sensors, and automatic self-test reports from security
equipment or network devices.
✓ In a real-time monitoring situation, the loss of an
occasional data unit would not cause distress, because the
next report should arrive shortly.
◼ Outward data dissemination:
✓ Broadcast and multicast messages to network users, the
announcement of a new node or the change of address of a
service, and the distribution of real-time clock values.
12/31/2023 11:21 PM TN211 CIVE 2018/19 29
 When is the Use of Connectionless Service
Justified?
◼ Request-response:
✓ Applications in which a transaction service is provided by a
common server to a number of distributed TS users, and for
which a single request-response sequence is typical.
✓ Use of the service is regulated at the application level, and lower-
level connections are often unnecessary and cumbersome.
◼ Real-time applications:
✓ ..such as voice and telemetry, involving a degree of redundancy
and/or real-time transmission requirement.
✓ These must not have connection-oriented functions such as
retransmission.
12/31/2023 11:21 PM TN211 CIVE 2018/19 30
 Popular Applications That Use UDP
◼ Multimedia streaming
✓ Retransmitting lost/corrupted packets is not worthwhile
✓ By the time the packet is retransmitted, it’s too late
✓ E.g., telephone calls, video conferencing, gaming

◼ Simple query protocols like Domain Name System

✓ Overhead of connection establishment is overkill
✓ Easier to have application retransmit if needed
“Address for www.cnn.com?”

“12.3.4.15”
12/31/2023 11:21 PM TN211 CIVE
31 2018/19
 UDP Case Studies
◼ DHCP – Dynamic Host Configuration Protocol
✓ TCP connection is impossible
❑We don't have an IP address yet!

◼ DNS – Domain Name System

✓ TCP connection is too expensive
❑Everybody on the planet talks to root name servers
❑That would be a lot of kernel socket buffers!
✓ TCP connection expense is wasteful
❑TCP connection costs 5 packets (2 RTT) by itself
❑DNS query/response needs only 2 packets, 1 RTT

12/31/2023 11:21 PM TN211 CIVE 2018/19 32

 UDP Case Studies
◼ NTP – Network Time Protocol
✓ Setting
your clock requires estimating latency to peer
✓ TCP buffering interferes with estimation

◼ TFTP
✓ TCP implementation is too expensive
❑Boot code in BIOS...size is limited

12/31/2023 11:21 PM TN211 CIVE 2018/19 33

 UDP Case Studies
◼ SNMP – Simple Network Management Protocol
✓ TCP connection is too expensive
❑Workgroup router can't afford connection state...
❑...would be easy denial-of-service attack

◼ Kerberos, Zephyr
✓ Like
DNS: many clients, request/response pattern
✓ TCP connection is too expensive & wasteful

12/31/2023 11:21 PM TN211 CIVE 2018/19 34

 UDP Case Studies
◼ AFS - “Andrew File System” (or not)
✓ Counts as “experimental transport protocol”
✓ In 1980's, many TCP implementations had poor
throughput
✓ Easier to implement a similar protocol than to fix
kernels
✓ Unclear what the “right” answer is
◼ NFS – Sun's “Network File System”
✓ Similarreasons, judgement to AFS
✓ Lots of people run NFS over TCP
12/31/2023 11:21 PM TN211 CIVE 2018/19 35
 UDP Case Studies
◼ RPC (Remote Procedure Call) libraries
✓ SunRPC, CORBA, DCOM, etc.
✓ Many operate over both UDP and TCP
✓ Application often selects via flag
❑Application, not library, knows how many calls to
same server
◼ Special-purpose communications
✓ Examples:
❑ISIS distributed-computation library
❑IP multicast
✓ Communication pattern isn't point-to-point
TN211 CIVE 2018/19 36
12/31/2023 11:21 PM
 UDP Advantages
◼ Finer control over what data is sent and when
✓ As soon as an application process writes into the
socket.
✓ … UDP will package the data and send the packet.

◼ No delay for connection establishment

✓ UDP just blasts away without any formal
preliminaries.
✓ … which avoids introducing any unnecessary delays.

12/31/2023 11:21 PM TN211 CIVE

37 2018/19
 UDP Advantages..

◼ No connection state:
✓ No allocation of buffers, parameters, sequence #s, etc.
✓ … making it easier to handle many active clients at
once.
◼ Small packet header overhead:
✓ UDP header is only eight-bytes long.

12/31/2023 11:21 PM TN211 CIVE

38 2018/19
 UDP Disadvantages
◼ There is no congestion control, meaning that
bottlenecks build up to the point that no traffic
can be transmitted.
◼ UDP is unreliable-data may be dropped or arrive
out of order and provides no acknowledgement.

12/31/2023 11:21 PM TN211 CIVE 2018/19 39

 Scanning UDP Protocols
◼ Scanning UDP can be Frustrating.
✓ A UDP packet that reaches a server port which is open replies
with nothing
✓ A UDP packet that reaches a server port which is closed replies
with an ICMP type 3 message that the service is not reachable
✓ A UDP packet that gets lost or dropped on the way to the
server port (it happens) returns no response
✓ A UDP packet that reaches a server port which is open and the
protocol matches, replies with service
✓ A UDP packet that reaches a server port which is closed and
the firewall is configured to disallow ICMP replies, returns
nothing or may return a packet which says this is not allowed
by the administrator
◼ So Why scan UDP?
✓ It is a nice place to hide for attackers
✓ Most companies do not worry about UDP ports
 TCP
◼ Connection oriented:
✓ Explicit set-up and tear-down of TCP session
◼ Stream-of-bytes service
✓ Sends and receives a stream of bytes, not messages
◼ Reliable, in-order delivery
✓ Checksums to detect corrupted data
✓ Acknowledgments & retransmissions for reliable delivery
✓ Sequence numbers to detect losses and reorder data
◼ Flow control
✓ Prevent overflow of the receiver’s buffer space
◼ Congestion control
✓ Adapt to network congestion for the greater good
41
12/31/2023 11:21 PM TN211 CIVE 2018/19
 Well-Known Ports Used with TCP
Port Protocol Description
7 Echo Echoes received datagram back to the
sender.
9 Discard Discard any datagram that is received.
11 Users Active users.
13 Daytime Returns the date and the time.
17 Quote Returns quote of the day.
19 Chargen Returns a string of characters.
20 FTP-data FTP port for sending data.
21 FTP-control FTP port for authentication.

12/31/2023 11:21 PM TN211 CIVE 2018/19 42

 Well-Known Ports Used with TCP..
Port Protocol Description
22 SSH Secure Shell-protocol uses encryption to
secure the connection between a client
and a server.
23 Telnet Terminal Network
25 SMTP Simple Mail Transfer Protocol
53 DNS Domain Name Server
67 BOOTP Bootstrap Protocol
79 Finger Finger protocol-provide status reports on
a particular computer system or a
particular person at network sites.
80 HTTP Hypertext Transfer protocol- used for
12/31/2023 11:21 PM
transferring web pages.
TN211 CIVE 2018/19 43
 Well-Known Ports Used with TCP..
Port Protocol Description
110 Pop3 Post Office Protocol Version 3-used
for retrieving E-mails.
143 IMAP3 Internet Message Access Protocol
version 3-retrieving emails
179 BGP Border Gateway Protocol.
194 IRC Internet Relay Chat.
443 HTTPS HTTP Protocol over TLS/SSL
(encrypted transmission).
…..

12/31/2023 11:21 PM TN211 CIVE 2018/19 44

 Challenges of Reliable Data Transfer
◼ Over a perfectly reliable channel
✓ All of the data arrives in order, just as it was sent
✓ Simple: sender sends data, and receiver receives data
◼ Over a channel with bit errors
✓ All of the data arrives in order, but some bits corrupted
✓ Receiver detects errors and says “please repeat that”
✓ Sender retransmits the data that were corrupted
◼ Over a lossy channel with bit errors
✓ Some data are missing, and some bits are corrupted
✓ Receiver detects errors but cannot always detect loss
✓ Sender must wait for acknowledgment (“ACK” or “OK”)
✓ … and retransmit data after some time if no ACK arrives
45
12/31/2023 11:21 PM TN211 CIVE 2018/19
 TCP’s Support for Reliability
◼ Checksum
✓ Used to detect corrupted data at the receiver
✓ …leading the receiver to drop the packet
◼ Sequence numbers
✓ Used to detect missing data
✓ ... and for putting the data back in order
◼ Retransmission
✓ Sender retransmits lost or corrupted data
✓ Timeout based on estimates of round-trip time
✓ Fast retransmit algorithm for rapid retransmission

46
12/31/2023 11:21 PM TN211 CIVE 2018/19
 TCP Congestion Control
◼ When congestion occurs, IP has limited effect on
managing congestion.
◼ Most of the congestion control is done by TCP by
cutting down the data rate.
◼ Indication of congestion:
✓ Timeouts.
✓ Packet discards.
✓ In fiber optic cable transmission errors are minimized
so timeouts mainly due to congestion.

12/31/2023 11:21 PM TN211 CIVE 2018/19 47

 TCP Congestion Control
◼ (a) A fast network feeding a low capacity
receiver.
◼ (b) A slow network feeding a high-capacity
receiver.

12/31/2023 11:21 PM TN211 CIVE 2018/19 48

TCP Congestion Control
 Congestion Window
◼ In addition to receiver’s buffer information, the
sender also maintains a congestion window.
◼ This is mainly due to the fact that even if
receiver may have space for fast data transfer,
network may not carry it due to congestion.
◼ The number of bytes to be sent is the minimum
of the two windows (sender’s window and
receiver’s window).

12/31/2023 11:21 PM TN211 CIVE 2018/19 50

 Windowing
◼ Windowing is a flow control mechanism
requiring that the source device receive an
acknowledgment from the destination after
transmitting a certain amount of data.
◼ With a window size of three, the source device
can send three octets to the destination.
✓ It must then wait for an acknowledgment.
✓ If the destination receives the three octets, it sends
an acknowledgment to the source device, which can
now transmit three more octets.
 Windowing..
◼ If, for some reason, the destination does not
receive the three octets, possibly due to
overflowing buffers, it does not send an
acknowledgment.
◼ Because the source does not receive an
acknowledgment, it knows that the octets
should be retransmitted and that the
transmission rate should be slowed.
 Window Size
◼ Window size determines the amount of data that
can be transmitted at one time before receiving an
acknowledgment from the destination.
◼ After a host transmits the window-sized number
of bytes, the host must receive an
acknowledgment that the data has been received
before it can send any more data.
◼ For example, with a window size of 1, each
individual segment must be acknowledged before
sending the next segment.
Windowing and Window Size

54
 Sliding Window
◼ TCP utilizes a sliding window when determining
transmission size.
◼ A sliding window allows for devices to negotiate
a window size to allow for more than one byte
to be sent during a single transmission.
◼ This sliding window also allows the destination
device to indicate to the source a need to
decrease or increase the amount of data being
sent because it is incapable at that time of
dealing with that much data.
 Sliding Window..
◼ The size of the window is the lesser of receiver’s
window and sender’s window.
◼ The source does not have to send a full window’s
worth of data.
◼ The window can be opened or closed by the
receiver, but should not be shrunk.
◼ The destination can send an acknowledgment at
any time as long as it does not result in a
shrinking window.
◼ The receiver can temporarily shut down the
window; the sender, however, can always send a
segment of 1 byte after the window is shut down.
 Sliding Window..
◼ What is the value of the receiver window (rwnd) for
host A if the receiver, host B, has a buffer size of 5000
bytes and 1000 bytes of received and unprocessed data?
◼ Solution
✓ The value of rwnd = 5000 − 1000 = 4000. Host B can
receive only 4000 bytes of data before overflowing its
buffer. Host B advertises this value in its next segment
to A.
◼ What is the size of the window for host A if the
value of rwnd is 3000 bytes and the value of sender’s
window (cwnd) is 3500 bytes?
◼ Solution
✓ The size of the window is the smaller of rwnd and
cwnd, which is 3000 bytes.
Sliding Window..
 Sequencing Numbers
◼ TCP applies sequence numbers to the data segments it
is transmitting so that the receiver will be able to
properly reassemble the bytes in their original order.
◼ Sequencing numbers indicate to the destination device
the correct order in which to put the bytes when they
are received.
◼ These sequencing numbers also act as reference
numbers so that the receiver will know if it has
received all of the data.
◼ They also identify the missing data pieces to the sender
so it can retransmit the missing data.
 Sequencing Numbers..
◼ This offers increased efficiency since the sender only
needs to re-transmit the missing segments instead of
the entire set of data.
◼ The value in the sequence number field of a segment
defines the number assigned to the first data byte
contained in that segment.
◼ The value of the acknowledgment field in a segment
defines the number of the next byte a party expects
to receive.
✓ The acknowledgment number is cumulative.
◼ Read about Kevin Mitnick and Predictable Sequence
numbers:
https://course.ccs.neu.edu/cs6740/Lectures/Lecture-7.pdf
 Sequencing Numbers..
◼ Suppose a TCP connection is transferring a file of
5,000 bytes. The first byte is numbered 10,001. What
are the sequence numbers for each segment if data are
sent in five segments, each carrying 1,000 bytes?

◼ Solution:
✓ The following shows the sequence number for
each segment:
 Protecting against Wraparound
◼ Relevance of the 32-bit sequence number space.
◼ The sequence number used on a given connection
might wraparound.
◼ A byte with sequence number x could be sent at one
time, and then at a later time a second byte with the
same sequence number x could be sent.
◼ Packets cannot survive in the Internet for longer than
the Maximum Segment Lifetime (MSL).
◼ MSL is set to 120 sec.
◼ We need to make sure that the sequence number does
not wrap around within a 120-second period of time.
◼ Depends on how fast data can be transmitted over the
Internet.
Protecting against Wraparound..
 Positive ACK
◼ Acknowledgement is a common step in the
synchronization process which includes sliding windows
and data sequencing.
◼ TCP utilizes positive acknowledgment and
retransmission to control data flow and confirm data
delivery.
◼ Positive acknowledgment and retransmission (PAR) is a
common technique many protocols use to provide
reliability.
◼ With PAR, the source sends a packet, starts a timer, and
waits for an acknowledgment before sending the next
packet.
◼ If the timer expires before the source receives an
acknowledgment, the source retransmits the packet and
starts the timer over again.
 TCP Header

TCP Header Format

TCP Header-Types of Flags
 TCP Header..
◼ Source port address: This is a 16-bit field that defines
the port number of the application program in the host
that is sending the segment.
◼ Destination port address: This is a 16-bit field
that defines the port number of the application
program in the host that is receiving the segment.
◼ Sequence number: This 32-bit field defines the
number assigned to the first byte of data contained
in this segment.

12/31/2023 11:21 PM TN211 CIVE 2018/19 68

 TCP Header..
◼ Acknowledgment number. This 32-bit field defines
the byte number that the receiver of the segment is
expecting to receive from the other party.
✓ If the receiver of the segment has successfully
received byte number x from the other party, it
returns x + 1 as the acknowledgment number.
◼ Header length.This 4-bit field indicates the number
of 4-byte words in the TCP header.
✓ The length of the header can be between 20 and 60
bytes.
✓ Therefore, the value of this field is always between
5 (5* 4= 20) and 15 (15 * 4= 60).
12/31/2023 11:21 PM TN211 CIVE 2018/19 69
 TCP Header..
◼ Reserved. This is a 6-bit field reserved for future use.
◼ Flags. This field defines 6 different control bits or
flags:
✓ URG: is contained at the front of the segment
body, up to and including a value of UrgPtr bytes
into the segment.
✓ ACK: is set any time the Acknowledgment field is
valid, implying that the receiver should pay
attention to it.
✓ PSH: Push the data. This flag signifies that the
sender invoked the push operation, which indicates
to the receiving side of TCP that it should notify
the receiving process of this fact.
12/31/2023 11:21 PM TN211 CIVE 2018/19 70
 TCP Header..
◼ Flags. This field defines 6 different control bits or
flags:
✓ SYN: Synchronize sequence numbers. It is used
when establishing a TCP connection.
✓ RST: Reset the connection. This flag signifies that
the receiver has become confused, it received a
segment it did not expect to receive—and so wants
to abort the connection.
✓ FIN: Terminate the TCP connection.

12/31/2023 11:21 PM TN211 CIVE 2018/19 71

 TCP Header..
◼ Window size. This field defines the window size of
the sending TCP in bytes.
✓ Note that the length of this field is 16 bits, which
means that the maximum size of the window is
65,535 bytes.
◼ Checksum. This 16-bit field contains the checksum. It
is computed over the TCP header, the TCP data, and
the pseudoheader, which is made up of the source
address, destination address, and length fields from the
IP header.
◼ Urgent pointer. This 16-bit field, which is valid only
if the urgent flag is set, is used when the segment
contains urgent data.
12/31/2023 11:21 PM TN211 CIVE 2018/19 72
 Synchronization or 3-way handshake
◼ This is a three-step process that establishes the
virtual connection between the two devices.
 First, one host initiates a connection by sending a
synchronization (SYN) packet indicating its initial
sequence number of x with a certain bit in the header set to
indicate a connection request. This bit is set in the
acknowledgment number field of the TCP header (also
referred to as the code field).
 Second, the other host receives the packet, records the
sequence number of x, replies with an acknowledgment of x
+ 1, and includes its own initial sequence number of y. The
acknowledgment number of x + 1 means the host has
received all octets up to and including x, and is expecting x
+ 1 next.
 Finally, the initiating host responds with a simple
acknowledgment (ACK) of y + 1 (host B’s sequence number
+ 1), indicating it received the previous ACK which finalizes
73 the connection process.
Synchronization or 3-way
handshake...
 Denial of Service Attacks
◼ Denial of service (DoS) attacks are designed to
deny services to legitimate hosts attempting to
establish connections.
◼ DoS attacks are a common method that hackers
utilize to halt system response.
◼ One type of DoS is known as SYN flooding.
◼ SYN flooding exploits the normal three-way
handshake and causes targeted devices to ACK
to source addresses that will not complete the
handshake.
Denial of Service Attacks ..
 Hacker’s Use of TCP
◼ Hackers will mangle packets to confuse target
systems.
◼ A confused system can give up information, provide
access or even stop responding.
◼ Some of the common Tricks:
✓ Setting no flags or all flags
✓ Attempt to connect using the handshake but not
complete it. This will provide a fast way to enumerate
ports.
✓ Setting strange combos of Flags may reveal what OS we
are dealing with. (Fingerprinting)
✓ Send a packet with the ACK flag set can get past some
simple firewall systems.
 Example of Lab Work and Tutorial
◼ The following is a dump of a TCP header in
hexadecimal format.
05320017 00000001 00000000 500207FF 00000000
a. What is the source port number?
b. What is the destination port number?
c. What is the sequence number?
d. What is the acknowledgment number?
e. What is the length of header?
f. What is the type of segment?
g. What is the window size?
12/31/2023 11:21 PM TN211 CIVE 2018/19 78
 Similarities Between TCP and UDP
◼ Both protocols ensure interface to the higher layer-
application protocols by transmitting the data
coming into the host to the appropriate
applications.
◼ Both use the idea of port and socket.
◼ Both support interface to the underlying Network
IP layer by encapsulating their PDUs into IP
packets.
◼ Both protocol entities are installed only on end
nodes.
12/31/2023 11:21 PM TN211 CIVE 2018/19 79
 Differences Between TCP and UDP
Criteria TCP UDP

Connection Connection-oriented Connectionless

Ordering of Rearranges packets in No inherent order as

packets the order specified packets are
independent of each
other
Speed of Slower than UDP Faster because there
transfer is no connection
establishment and
error checking.
12/31/2023 11:21 PM TN211 CIVE 2018/19 80
 Differences Between TCP and UDP..
Criteria TCP UDP

Reliability There is guarantee that data No guarantee that

transferred will remain the messages or
intact and in the same packets will reach
order it was sent the destination at all
Header 20 Bytes 8 Bytes
size
Streaming Data is read as a byte Packets are sent
of Data stream individually

12/31/2023 11:21 PM TN211 CIVE 2018/19 81

 Differences Between TCP and UDP..
Criteria TCP UDP

Data Flow TCP does Flow Control. UDP does not have
Control TCP requires three an option for flow
packets to set up a socket control
connection

Acknowledg Acknowledgement No
ement segments Acknowledgment

12/31/2023 11:21 PM TN211 CIVE 2018/19 82