www.ciscopress.com routers and routing basics ccna 2 chapter 10

www.ciscopress.com

Routers and Routing Basics CCNA 2 Chapter 10

www.ciscopress.com2

Intermediate TCP/IP

TCP and UDP Operation Flow Control and Windowing Establishing and Terminating TCP ConnectionsDenial-of-Service Attacks and SYN FloodsTCP Error Recovery (Reliability)Segmentation, Reassembly, and In-Order DeliveryComparing TCP and UDP

Operation of Transport Layer PortsConnecting to Servers: Well-Known Ports

Comparing Well-Known, Dynamic, and Registered Ports Comparing MAC Addresses, IP Addresses, and Port Numbers

Summary

www.ciscopress.com3

TCP and UDP Operation

The TCP/IP transport layer includes several protocols, the most important are:

Transmission Control Protocol (TCP) User Datagram Protocol (UDP).

TCP provides several more functions

The main goal of the transport layer can be summarized as follows:

- to provide the function of taking data from one application process on one computer

- delivering that data to the correct application process on another computer.

www.ciscopress.com4

Comparing TCP and UDP

www.ciscopress.com5

Flow Control and Windowing

When a host sends data using TCP, the receiving host can control how fast each TCP sender sends the data over time. This process is called flow control.

The main reasons for flow control are time for data processing and limited memory on receiving side.

Two forms of flow control: dynamic sliding windows withholding acknowledgments.

www.ciscopress.com6

Flow Control Through Dynamic Sliding Windows

The receiver tells the sending host how many bytes the

sending host can send before it receives an

acknowledgment — a value called a window.

When the sending host sends an entire window’s

worth of data, it must wait on an acknowledgment, thereby

slowing its rate of sending data.

www.ciscopress.com7

Dynamic Windowing

1. PC2 sends a segment to PC1 in which the Window field in the header is set to 3000. This means that PC2 grants PC1 the right to send 3000 bytes to PC2.

2. PC1 sends PC2 3000 bytes via three 1000-byte segments.

3. PC1 has sent all 3000 bytes, but it has not received any acknowledgments; therefore, it must wait.

4. PC2 sends PC1 an acknowledgment, and this time it grants a slightly larger 4000-byte window.

5. PC1 now sends four 1000-byte segments.

www.ciscopress.com8

Withholding Acknowledgments

1. PC2 sends a segment to PC1 in which the Window field in the header is set to 3000. This means that PC2 grants PC1 the right to send 3000 bytes to PC2.

2. PC1 sends PC2 3000 bytes via three 1000-byte segments.

3. PC2 has received all 3000 bytes butneeds more time to process the data.

4. Instead of immediately acknowledging receipt of the segments, PC2 waits until it can catch up on the work and then sends an acknowledgment.

Note: PC2 did not increase the window size at Step 4 because it is already havingdifficulty processing 3000 bytes at a time.

This process of withholding acknowledgments is sometimes referred to as start/stop flow control.

www.ciscopress.com9

Establishing and Terminating TCP Connections

Connection-oriented protocols (including TCP) use messages, events, or other prearranged settings on the communicating devices before they allow any end-user communication to occur.

TCP also allows two computers to agree to many other settings before the hosts attempt to send any end-user data.

TCP uses a process called a three-way handshake to create a new TCP connection and to initialize the various numbers used to control and manage a TCP connection.

www.ciscopress.com10

Three-Way TCP Connection Establishment

1. The first segment has a SYN flag set but does not have the ACK flag set. This means that the SYN bit in the TCP header is set to binary 1, and the ACK flag is set to binary 0.

2. The second segment has both SYN and ACK set.

3. The third and ongoing segments have only the ACK bit set.


Denial-of-Service Attacks and SYN Floods

A network attack that is primarily intended to do harm is called a denial-of-service (DoS) attack.

A SYN flood attack is one of the most common types of DoS attacks.

A SYN flood occurs when a hacker sends a lot of TCP segments to a server, with each segment looking like a new request for a new TCP connection.

However, the attacker never sends thethird segment in the connectionestablishment request.


TCP Error Recovery (Reliability)

TCP is a reliable protocol — at least as far as networking terminology is concerned.

In networking, reliable protocols perform error recovery, which

means that they ensure that all the data eventually gets to the receiver, even if some data is lost in transit.

The practice of acknowledging data by stating the next byte expected to be received, rather than identifying the last byte received, is called a forward acknowledgment or

expectational acknowledgment.


TCP Acknowledgments with No Error Recovery Needed

TCP uses two TCP header fields

— the Sequence Number and Acknowledgment Number

Fields — to tell the other computer whether a segment was received.

The sequence number keeps

track of all the bytes sent over a TCP connection by numbering the first byte of data inside each segment.


TCP Error Recovery

TCP performs error recovery by having the receiving host send an acknowledgment that implies some data was lost.

The PCs recover some lost data, using a process called Positive Acknowledgment with Retransmission (PAR).


Segmentation, Reassembly, and In-Order Delivery

TCP segmentation refers to the process of TCP accepting a large chunk of data from the application protocol and breaking it into pieces that are small enough to be appropriate for transmission

through the internetwork. The data portion of a TCP segment is typically limited to 1460 bytes. The maximum length of the TCP Data field is referred to as the

maximum segment size (MSS). TCP on the receiving computer reassembles the data into its

original form. TCP provides a guarantee of in-order delivery.


TCP Providing In-Order Delivery

1. PC2 sends two segments. The first segment (sequence number 1) is routed over the slow high route.

2. Router R2 sends the second segment (sequence number 1001) over the fast low route.

3. The second segment sent arrives before the first segment sent, so PC1 copies the segment into a memory buffer.

4. The first segment sent arrives next.

5. The first segment sent (sequence number 1) should be in front of the segment with sequence number 1001, so PC1’s TCP software stores this data in the correct order in its memory buffer.


Comparing TCP and UDP

Popular Applications and Transport Layer Protocols


Comparing TCP and UDP (Continued)

TCP and UDP Headers


Comparing TCP and UDP (Continued)

TCP Header Fields UDP Header Fields


Operation of Transport Layer Ports

Both UDP and TCP provide a means to identify the specific application process that was the source of the data

and the application process that is the destination for the data.

TCP and UDP use port numbers.

Each application uses a different local port number, identifying each of the different application processes.


Using Port Numbers to Identify the Correct Application Process

1. An IP packet with a TCP segment inside it arrives at the PC. Because it is a TCP segment, IP gives the segment to the TCP software inside the computer.

2. TCP examines the destination port number in the header. The destination port number identifies the application process on the destination computer (Keith).

3. Based on a value of 1031 in the Destination Port Number field, the PC’s TCP software gives the data to Browser2.

The shown port numbers are called dynamic port numbers because the host computer dynamically picks which port number to use for each application process.


Connecting to Servers: Well-Known Ports

Servers cannot use dynamic port numbers because the clients that use the server must know ahead of time what port number the server uses.

TCP/IP defines well-known (or static) ports, each reserved for use by a specific application protocol.

When a client connects to a server, the client already knows what well-known port the server should be using.


Client Connecting to Well-Known Port of a Web Server (80)

1. Keith’s browser sends the segment as shown, with a destination port of 80.2. The segment has a source port of 80 because it comes from the web server, and the destination port matches the port used on Keith’s computer.


Popular Applications and Their Well-Known Port Numbers


Using Port Numbers to Identify the Correct Application Process


Comparing Well-Known, Dynamic, and Registered Ports

The Internet Assigned Numbers Authority (IANA [www.iana.org]) assigns the values for wellknown ports and the values for a similar concept called registered port numbers.

The difference between well-known and registered ports is that registered ports are assigned to servers that the average end user can start. Well-known ports are used only for applications typically controlled by IT staff.

However, web services, FTP services, and e-mail services, which are usually controlled by IT staff in a typical company, use well-known port numbers.


Uses of Port Numbers


Port Number Used on Your PC

Most operating systems (OSs) include commands that display the port numbers used on that computer.

Microsoft OSs support the netstat -an command to display the

currently used TCP and UDP port numbers. To see some useful output from this command, create a new TCP

connection by opening a web browser and loading a web page. Then, use the netstat -an command to view the TCP connection,

along with the port number used on yourPC and the web server.


Comparing MAC Addresses, IP Addresses, and Port Numbers

MAC addresses, IP addresses, and port numbers all perform some role in addressing, or identifying, the senders and intended recipients of data.

- MAC addresses—Define the physical addressing of LAN NICs, which allows frames to be delivered over a LAN.

- IP addresses—Define logical (meaning not physical) addresses that define a way to group addresses (subnets), and define a routing process to allow end-to-end delivery of packets between hosts.

- Port numbers—Identify the application processes on the sending (source port) and receiving (destination port) computers. Port numbers do not define any methods of sending data over a physical network or any means to deliver data end to end over an internetwork.


Socket

In the world of TCP and UDP, a socket is a set of three things:

- The computer’s IP address

- The transport protocol (TCP or UDP)

- The port number used by an application

For example, a web server whose IP address is 10.1.1.1, using the well-

known port for HTTP, would be using a socket of (10.1.1.1, TCP, 80).


Summary

The primary duty of the transport layer, which is OSI model Layer 4, is to provide the service of taking data from one application process on one computer and delivering the data to the correct application process on another computer.

UDP essentially provides only the basic delivery and identification of applications using port numbers. TCP provides several additional functions, including reliability (error recovery), flow control, segmentation and reassembly, and in-order data delivery.

Flow control ensures that a transmitting node does not overwhelm a receiving node with data.


Summary (End)

The term Positive Acknowledgment with Retransmission (PAR) refers to the process of explicitly acknowledging received data, with the sender resending any unacknowledged segments.

A port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server. Port numbers have the following assigned ranges:

- The well-known ports are those from 0 through 1023.- The registered ports are those from 1024 through 49,151.- The dynamic and/or private ports are those from 49,152 through 65,535

www.ciscopress.com routers and routing basics ccna 2 chapter 10

Documents