Cisco 2 - Routers

Perrine. J Page 104/18/23

Chapter 10

TCP/IP Protocol Suite

The function of the TCP/IP protocol stack is to transfer information from one network device to another.

In doing so, it closely maps the OSI reference model in the lower layers and supports all standard physical and data link protocols.

Cisco 2 - Routers

Perrine. J Page 204/18/23

Chapter 10

TCP/IP and Application Layer

The application layer of the TCP/IP combines the functionality found in the OSI :

• application

• presentation

• session layers

Cisco 2 - Routers

Perrine. J Page 304/18/23

Chapter 10

TCP/IP and Application Layer

The protocols of TCP/IP that support file transfer, e-mail and remote login, include the following:

• Domain Name System (DNS) – translate domain name to IP address

• HOSTS – supports static mappings between IP & computer names

• Post Office Protocol (POP3)

• Simple Mail Transfer Protocol (SMTP)

• Simple Network Management Protocol (SNMP) – monitor & control

• File Transfer Protocol (FTP)

• Trivial File Transfer Protocol (TFTP)

• Hypertext Transfer Protocol

Cisco 2 - Routers

Perrine. J Page 404/18/23

Chapter 10

TCP/IP and Application Layer

Troubleshooting protocols:

• Telnet

• Packet Internet Groper (ping) – uses ICMP

• traceroute

Windows based utilities:

• NBSTAT – trouble shoot NetBIOS

• NETSTAT – provides TCP/IP statistics

• ipconfig/winipcfg

Cisco 2 - Routers

Perrine. J Page 504/18/23

Chapter 10

TCP Protocol

TCP (Transmission Control Protocol):

• layer 4

• reliable

• connection-oriented

• uses

• windowing

• synchronization

• sequence numbers

• acknowledgements

Cisco 2 - Routers

Perrine. J Page 604/18/23

Chapter 10

TCP Protocol

Transport layer (layer 4) enables a user’s device to segment data from several upper-layer applications for placement on the same Layer 4 data stream & enables a receiving device to reassemble the upper-layer application segments.

This is a logical connection, sometimes called an end-to-end service.

The transport layer provides two (2) protocols:

• TCP

Which is connection-oriented, reliable providing flow control by sliding window & sequence numbers

• UDP

Which is connectionless & unreliable. It’s advantage is speed. Depends on upper layers for reliability.

Cisco 2 - Routers

Perrine. J Page 704/18/23

Chapter 10

Three-Way Handshake

A three-way handshake/open connection sequence synchronizes a connection at both ends before the transferred data reaches the ends. The exchange of introductory sequence numbers, during the connection sequence, ensures that any data that is lost, due to problems that may occur later, can be recovered.

Cisco 2 - Routers

Perrine. J Page 804/18/23

Chapter 10

Denial-of-Service - DoS

Denial-of-service (Dos) attacks are designed to deny services to legitimate hosts attempting to establish connections. One type of DoS is known as SYN flooding which occurs during the three-way handshake synchronization process utilized by TCP.

The hacker initiates a synchronization but falsifies the source IP address. This causes the attacked device to use up system resources such as memory and processing time.

One way to defend against this type of DoS is to decrease the connection timeout period and increase the connection queue size.

Cisco 2 - Routers

Perrine. J Page 904/18/23

Chapter 10Simple Acknowledgment

Window size determines the amount of data that can be transmitted at one time before receiving an acknowledgement. After a host transmits the window-sized number of bytes, it must receive an acknowledgement before it can send any more messages. For example, with a window size of 1, each individual segment must be acknowledged before the next segment can be transmitted. This results in inefficient use of bandwidth by the hosts.

Simple Acknowledgement

Sliding Window

Cisco 2 - Routers

Perrine. J Page 1004/18/23

Chapter 10Sequence and Acknowledgment Numbers

TCP provides sequencing of segments with a forward reference acknowledgment. Each datagram is numbered before transmission. At the receiving station, TCP reassembles the segment into a complete message. If a sequence number is missing in the series, that segment is re-transmitted. Segments that are not acknowledged within a given time period result in re-transmission.

Cisco 2 - Routers

Perrine. J Page 1104/18/23

Chapter 10

TCP/UDP Protocol

Both TCP & UDP uses IP as their underlying layer 3 protocol.

TCP provides services to:

• FTP

• HTTP

• SMTP

• DNS

UDP provides services to:

• DNS

• TFTP

• SNMP

• DHCP

Cisco 2 - Routers

Perrine. J Page 1204/18/23

Chapter 10Port Numbers

• Both TCP and UDP use port (or socket) numbers to pass information to the upper layers. Port numbers are used to keep track of different conversations that cross the network at the same time.

• Conversations, that do not involve applications with well-known port numbers, are assigned port numbers that have been randomly selected from within a specific range.

Cisco 2 - Routers

Perrine. J Page 1304/18/23

Chapter 10

Ports Numbers

Ports numbers have the following assigned ranges:

• numbers below 255 are for public applications

• numbers from 255 to 1023 are assigned to companies for marketable applications

• number above 1023 are unregulated

Port numbers are located at the transport layer and are serviced by the network layer.

The network layer assigns the logical address or IP. It is then serviced by the data link layer which assigns the physical or MAC address.

Ports in the header of TCP & UDP are called well-known or dynamic. The order of encapsulation is port number, IP address, MAC.

Cisco 2 - Routers

Perrine. J Page 1404/18/23

Chapter 10

ARP

ARP operates at the Internet layer of the TCP/IP layer.

Given an IP address, it will find the corresponding MAC address.

RARP – given MAC address, it will find the corresponding IP address.