Transcript Document

Chapter 23
Process-to-Process Delivery:
UDP, TCP, and SCTP
23.1
Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Transport layer duties
23.2
23-1 PROCESS-TO-PROCESS DELIVERY
Overview: The transport layer is responsible for
process-to-process delivery—the delivery of a packet,
part of a message, from one process to another. Two
processes communicate in a client/server relationship.
23.3
Note
The transport layer is responsible for
process-to-process delivery – the
delivery of a packet, part of a message,
from one process to another.
23.4
Figure 23.1 Types of data deliveries
23.5
Client/Server Paradigm
23.6
Client/Server Paradigm



23.7
If several people in the office
need to communicate with
remote personnel via SMS, it is
not necessary to equip each
computer with a GSM modem.
Headwind SMS suite allows to
share one GSM modem between
several computers.
The computer connected with a
GSM modem (server) must be
equipped with Headwind GSM
Modem Driver, which uses DCOM
(Distributed Component Object
Model) technology to provide
access to the SMS capabilities to
other computers (clients) in the
network.
Client/Server Paradigm

23.8
Operating systems today support both multiuser
and multiprogramming environments.
Addressing
23.9
Addressing
23.10
Addressing
23.11
Figure 23.2 Port numbers
23.12
Figure 23.3 IP addresses versus port numbers
23.13
Addressing

23.14
In the Internet model, the port numbers
are 16-bit integers between 0 and 65,535.
Summary
In the client-server paradigm, an application
program on the local host, called the client, needs
services from an application program on the
remote host, called a server.
The server program is assigned a universal port
number called a well-known port number.
The client program is assigned a random port
number called the ephemeral port number.
23.15
IANA* Ranges

Well Known Ports: 0 to 1023

Registered Ports: 1024 to 49,151

Dynamic Ports: 49,152 to 65,535
* Internet Assigned Number Authority
23.16
Figure 23.4 IANA ranges
23.17
Socket Addresses

23.18
Process to Process delivery needs two
identifiers, IP address, and port number,
at each end to make a connection.
Figure 23.5 Socket address
23.19
Socket Addresses

23.20
A Transport Layer protocol needs a pair of
socket addresses; the client socket
address and the server socket address.
Review


23.21
The transport layer is where data is
encapsulated into segments. These
segments are then sent using either TCP
or UDP protocols.
TCP is a connection-oriented protocol,
which means the sender does not send
any data to the destination node until the
destination node acknowledges that it is
listening to the sender.
TCP Ports


23.22
A port is the logical, not physical component, of
a TCP connection. Every TCP connection
requires a source and destination port in
addition to any other addressing scheme, such
as IP addressing. The port identifies the service
that is running.
In TCP packets, ports are identified using a 16bit number. TCP packets have two such fields:
source port and destination port.
TCP Ports


23.23
Ports also help network administrators to
identify, stop, or disable services that are not
really needed. As a network administrator or IT
professional, you should be familiar with ports
and control their use. Open ports are an
invitation for attacks.
Port numbers can go up to 65,535 but only the
first 1023 ports are considered well-known. Let’s
check www.iana.org for a list of well-known
ports.
State Table example
23.24
Figure 23.6 Multiplexing and demultiplexing
23.25
Figure 23.7 Error control
23.26
Figure 23.8 Position of UDP, TCP, and SCTP in TCP/IP suite
23.27
23-2 USER DATAGRAM PROTOCOL (UDP)
Overview: The User Datagram Protocol (UDP) is
called a connectionless, unreliable transport protocol.
It does not add anything to the services of IP except to
provide process-to-process communication instead of
host-to-host communication.
23.28
Table 23.1 Well-known ports used with UDP
23.29
UDP - Summary



23.30
UDP is a fast but unreliable protocol that also
operates on the transport layer of the TCP/IP
stack.
UDP is unreliable because it does not verify
whether the receiver is listening or ready to
receive. This is the reason why UDP is also
known as a connectionless protocol.
Although unreliable, UDP is widely used on the
Internet because of its speed. Higher layers of
the TCP/IP stack are responsible for providing
reliability.
Example 23.1
In UNIX, the well-known ports are stored in a file called
/etc/services. Each line in this file gives the name of the
server and the well-known port number. We can use the
grep utility to extract the line corresponding to the desired
application. The following shows the port for FTP. Note
that FTP can use port 21 with either UDP or TCP.
23.31
Example 23.1 (continued)
SNMP uses two port numbers (161 and 162), each for a
different purpose.
23.32
Figure 23.9 User datagram format
23.33
Note
UDP length
= IP length – IP header’s length
23.34
Figure 23.10 Pseudoheader for checksum calculation
23.35
Example 23.2
Figure 23.11 shows the checksum calculation for a very
small user datagram with only 7 bytes of data. Because
the number of bytes of data is odd, padding is added for
checksum calculation. The pseudoheader as well as the
padding will be dropped when the user datagram is
delivered to IP.
23.36
Figure 23.11 Checksum calculation of a simple UDP user datagram
23.37
Figure 23.12 Queues in UDP
23.38
23-3 TCP
Overview: TCP is a connection-oriented protocol; it
creates a virtual connection between two TCPs to send
data. In addition, TCP uses flow and error control
mechanisms at the transport level.
Topics discussed in this section:
TCP Services
TCP Features
Segment
A TCP Connection
Flow Control
Error Control
23.39
Table 23.2 Well-known ports used by TCP
23.40
Figure 23.13 Stream delivery
23.41
Figure 23.14 Sending and receiving buffers
23.42
Figure 23.15 TCP segments
23.43
Note
The bytes of data being transferred in
each connection are numbered by TCP.
The numbering starts with a randomly
generated number.
23.44
Example
Imagine a TCP connection is transferring a file of 6000 bytes. The
first byte is numbered 10,010. What are the sequence numbers for
each segment if data are sent in five segments with the first four
segments carrying 1000 bytes and the last segment carrying 2000
bytes?
Solution
The following shows
Segment 1 ==>
Segment 2 ==>
Segment 3 ==>
Segment 4 ==>
Segment 5 ==>
23.45
the sequence number for each segment:
sequence number: 10,010 (range: 10,010
sequence number: 11,010 (range: 11,010
sequence number: 12,010 (range: 12,010
sequence number: 13,010 (range: 13,010
sequence number: 14,010 (range: 14,010
to 11,009)
to 12,009)
to 13,009)
to 14,009)
to 16,009)
Note
The value in the sequence number field
of a segment defines the
number of the first data byte
contained in that segment.
23.46
Note
The value of the acknowledgment field
in a segment defines
the number of the next byte a party
expects to receive.
The acknowledgment number is
cumulative.
23.47
Figure 23.16 TCP segment format
23.48
Header fields
23.49
 Source port address: A 16-bit value that defines the
port number of the application program in the host that is
sending the segment
 Destination port address: A 16-bit value that defines the
port number of the application program in the host that is
receiving the segment
 Sequence number: A 32-bit value that defines the
number assigned to the first byte of data contained in
this segment
 Acknowledge number: A 16-bit value that defines the
byte number that the sender of the segment is expecting
to receive from the other party
 Header length: A 4-bit value that indicates the number
of 4-byte words in the TCP header
 Reserved: A 6-bit field reserved for future use
 Control: A 6-bit field that defines 6 different control
bits or flags, as shown in figure 22.15
Header fields (cont.)
 Window size: A 16-bit value in bytes that the other party
must maintain
 Checksum: A 16-bit checksum; its calculation follows the
UDP procedure
 Urgent pointer: A 16-bit value, which is valid only if the
urgent flag is set, is used when the segment contains
urgent data
 Options: There can be up to 40 bytes of optional
information in the TCP header
23.50
Figure 23.17 Control field
23.51
Table 23.3 Description of flags in the control field
23.52
The TCP three-way handshake process



23.53
:
Host A sends a TCP packet with the SYN
flag set (that is, a SYN packet) to Host B.
After receiving the packet, Host B sends
Host A its own SYN packet with an ACK
flag (a SYN-ACK packet) set.
In response to the SYN-ACK packet from
Host B, Host A sends Host B a TCP packet
with the ACK flag set (an ACK packet).
TCP SEGMENT HEADERS




23.54
As an IT professional, it is important for
you to clearly understand the critical
components of a TCP header. Hackers
usually try to exploit these components to
discover vulnerabilities and perform
attacks. Critical components include:
TCP flags
Initial Sequence Number (ISN)
Source and destination port
Initial Sequence Number (ISN)


23.55
Let’s define ISN as a 32-bit number that
tracks the packets received by the node
and enables the reassembly of large
packets that have been broken up into
smaller packets.
Two hosts exchange their ISNs during
steps 1 and 2 of the TCP three-way
handshake.
Note of Interest

23.56
Kevin Mitnick, the legendary hacker, is
now a security consultant to corporations
worldwide and a cofounder of Defensive
Thinking. Find out more about him at
http://en.wikipedia.org/wiki/Kevin_Mitnick
Figure 23.18 Connection establishment using three-way handshaking
 Since steps 2 and 3 can occur at the same time, they can
be combined into one step
23.57
Note
A SYN segment cannot carry data, but it
consumes one sequence number.
23.58
Note
A SYN + ACK segment cannot
carry data, but does consume one
sequence number.
23.59
Note
An ACK segment, if carrying no data,
consumes no sequence number.
23.60
SYN Flooding

23.61
The connection establishment procedure in TCP
is susceptible to a serious security problem
called the SYN flooding attack.
23.62
SYN Flooding




23.63
The TCP server then sends the SYN + ACK segments to
the fake clients, which are lost.
During this time, however, a lot of resources are
occupied without being used.
If, during this short time, the number of SYN segments
is large, the server eventually runs out of resources and
may crash.
This SYN flooding attack belongs to a type of security
attack known as a denial-of-service attack, in which
an attacker monopolizes a system with so many service
requests that the system collapses and denies service to
every request.
SYN Flooding





23.64
Some implementations of TCP have strategies to
alleviate the effects of a SYN attack.
Some have imposed a limit on connection
requests during a specified period of time.
Others filter out datagrams coming from
unwanted source addresses.
One recent strategy is to postpone resource
allocation until the entire connection is set up,
using what is called a cookie.
SCTP, the new transport layer protocol that we
discuss in the next section, uses this strategy.
Figure 23.19 Data transfer
23.65
Figure 23.20 Connection termination using three-way handshaking
23.66
Note
The FIN segment consumes one
sequence number if it does
not carry data.
23.67
Note
The FIN + ACK segment consumes
one sequence number if it
does not carry data.
23.68
Structure of the OSI Reference
Model (continued)
23.69
Structure of the OSI Reference
Model

Communication between peer layers is “virtual”


In reality, communications pass up and down the
protocol stacks on both machines
As data gets passed from layer to layer, it’s divided
into data units appropriate for the layer


Protocol data units (PDUs) are passed as a self-contained
data structure from layer to layer
Encapsulation process adds “headers” to allow successful
delivery of each layer’s payload


23.70
Decapsulation strips header information on way up
No layer can pass information directly to its peer
counterpart except for the Physical layer
Transport Layer

Layer 4; PDU: segment


Manages end-to-end transfer of data
Segments long data streams into chunks





Includes error checks to ensure error-free delivery
Handles flow control
E.g., TCP (TCP/IP) and SPX (from IPX/SPX)
Layer 4 problems include a corrupt protocol stack and
segments that are too large for the medium between
the source and destination networks

23.71
Resequences chunks into original data on receipt
The latter forces Network layer to fragment segments, which
causes performance degradation
Transport Layer (continued)
23.72
Network Layer

Layer 3; PDU: packet






23.73
Handles addressing messages for delivery
Translates logical addresses into physical addresses
Determines how to route transmissions from sender
to receiver (routing process)
Traffic cop for network activity and handles routing
and access control (during routing process)
E.g., IP (from TCP/IP) and IPX (from SPX/IPX)
Possible problems: incorrect IP addresses or subnet
masks, incorrect router configuration, and router
operation errors
Network Layer
23.74
Understanding Types of Data
Frames

Unicast frame: addressed to only one computer


Broadcast frame: created for all computers on a
network


Destination address is a value of all binary 1s
Multicast frame: created for any computers on a
network that “listen” to a shared network address

23.75
Adapters read the frames and pass them to higher layers only if
the destination address in the frame header matches their own
address
A special kind of address allows any interested receiver to read
these data streams
Connectionless Versus ConnectionOriented Protocols

Protocols that use connectionless delivery place data
on the network and assume it will get through



Connectionless protocols aren’t entirely reliable
Are fast: little overhead, don’t waste time
establishing/managing/tearing down connections
Connection-oriented protocols are more reliable and,
consequently, slower

Two computers establish a connection before data transfer
begins


23.76
In a connection, data is sent in an orderly fashion
Ensures that all data is received and is accurate, or that suitable
error messages are generated
Protocols in a Layered Architecture
23.77
Transport Protocols

Transport protocols can be connectionoriented (reliable) or connectionless (best-effort)
delivery

Transmission Control Protocol (TCP)


Sequential Packet Exchange (SPX)


Novell’s connection-oriented protocol used to guarantee data
delivery
NetBIOS/NetBEUI


23.78
Responsible for reliable data delivery in TCP/IP
NetBIOS establishes/manages communications between
computers and provides naming services
NetBEUI provides data transport services for these
communications
TCP/IP Network Layer Protocols

Internet Protocol version 4 (IPv4) is a Network
layer protocol that provides source and destination
addressing and routing for the TCP/IP suite


Internet Control Message Protocol (ICMP) is a
Network layer protocol used to send error and control
messages between systems or devices


23.79
Connectionless protocol; fast but unreliable
The Ping utility uses ICMP to request a response from a remote
host to verify availability
Address Resolution Protocol (ARP) resolves logical
(IP) addresses to physical (MAC) addresses
IP, ICMP, and ARP in Action
23.80
TCP/IP Transport Layer Protocols

Transmission Control Protocol (TCP) is the
primary Internet transport protocol




Connection oriented using a three-way handshake
Message fragmentation and reassembly
Uses acknowledgements to ensure that all data was
received and to provide flow control
User Datagram Protocol (UDP) is
connectionless

Generally faster, although less reliable, than TCP



23.81
Doesn’t segment data or resequence packets
Doesn’t use acknowledgements for reliability
Used by NFS and DNS
TCP/IP Application Layer Protocols

Domain Name System (DNS)


Hypertext Transport Protocol (HTTP)


Remote terminal emulation; operates at layers 7-5
Simple Mail Transport Protocol (SMTP)

23.82
For file transfer and directory and file manipulation
Telnet


To transfer Web pages from Web server to browser
File Transfer Protocol (FTP)


Session layer name-to-address resolution protocol
Operates at layers 7-5; provides messaging services
Flow Control

23.83
TCP uses a sliding window, as
discussed in Chapter 11, to
handle flow control.
Figure 23.22 Sliding window
23.84
Note
A sliding window is used to make
transmission more efficient as well as
to control the flow of data so that the
destination does not become
overwhelmed with data.
TCP sliding windows are byte-oriented.
23.85
Note:

23.86
The size of the window at one end is determined
by the lesser of two values: receiver window
(rwnd) or congestion window (cwnd). The
receiver window is the value advertised by the
opposite end in a segment containing
acknowledgement.
Sender buffer
 The buffer contains bytes that a host can send before
worrying about acknowledgement from the other host
23.87
Receiver window
 The receiver window establishes how many bytes the
receiver can store
23.88
Sender buffer and sender window
 We have flow control if the sender creates a window –the
sender window- with a size less than or equal to the size
of the receiver window
23.89
Sliding the sender window
 Messages from the receiver change the position of the
sender window.
23.90
Expanding the sender window
 If the receiving process consumes data faster than it
receives, the size of the receiver window expands
23.91
Shrinking the sender window
 If the receiving process consumes data more slowly than
it receives data, the size of the receiver window
decreases
23.92
Example 23.4
What is the value of the receiver window (rwnd) for host
A if the receiver, host B, has a buffer size of 5000 bytes
and 1000 bytes of received and unprocessed data?
Solution
The value of rwnd = 5000 − 1000 = 4000. Host B can
receive only 4000 bytes of data before overflowing its
buffer. Host B advertises this value in its next segment to
A.
23.93
Example 23.5
What is the size of the window for host A if the value of
rwnd is 3000 bytes and the value of cwnd is 3500 bytes?
Solution
The size of the window is the smaller of rwnd and cwnd,
which is 3000 bytes.
23.94
Example 23.6
Figure 23.23 (next slide) shows an unrealistic example of
a sliding window. The sender has sent bytes up to 202. We
assume that cwnd is 20 (in reality this value is thousands
of bytes). The receiver has sent an acknowledgment
number of 200 with an rwnd of 9 bytes (in reality this
value is thousands of bytes). The size of the sender
window is the minimum of rwnd and cwnd, or 9 bytes.
Bytes 200 to 202 are sent, but not acknowledged. Bytes
203 to 208 can be sent without worrying about
acknowledgment. Bytes 209 and above cannot be sent.
23.95
Figure 23.23 Example 23.6
23.96
Note
Some points about TCP sliding windows:
❏ The size of the window is the lesser of rwnd and
cwnd.
❏ The source does not have to send a full window’s
worth of data.
❏ The window can be opened or closed by the
receiver, but should not be shrunk.
❏ The destination can send an acknowledgment at
any time as long as it does not result in a shrinking
window.
❏ The receiver can temporarily shut down the
window; the sender, however, can always send a
segment of 1 byte after the window is shut down.
23.97
Error Control


23.98
TCP is a reliable transport layer
protocol.
This means that an application
program that delivers a stream of
data to TCP relies on TCP to deliver
the entire stream to the application
program on the other end in order,
without error, and without any part
lost or duplicated
TCP uses acknowledgements to conform the receipt of data
segments. Control segments that carry no data but consume
a sequence number are also acknowledged.
Note
ACK segments do not consume
sequence numbers and are not
acknowledged.
23.99
The heart of the error control mechanism is the retransmission
of segments. When a segment is corrupted, lost, or delayed, it
is retransmitted.
Note
In modern implementations, a
retransmission occurs if the
retransmission timer expires or three
duplicate ACK segments have arrived.
23.100
Note that no retransmission occurs of segments that do not
consume sequence numbers. In particular, there is no
transmission for an ACK segment.
Note
No retransmission timer is set for an
ACK segment.
23.101
Out-of-order segments:
Note
Data may arrive out of order and be
temporarily stored by the receiving TCP,
but TCP guarantees that no out-of-order
segment is delivered to the process.
23.102
Key Terms





23.103
ACK —A TCP flag that acknowledges a TCP packet with
SYN-ACK flags set.
connection-oriented —A method of transferring data
over a network that requires a session connection before
data is sent. With TCP/IP, this step is accomplished by
sending a SYN packet.
connectionless — With a connectionless protocol, no
session connection is required before data is transmitted.
UDP and IP are examples of connectionless protocols.
initial sequence number (ISN) —A number that
keeps track of what packets a node has received.
Internet Assigned Numbers Authority (IANA) —
The organization responsible for assigning IP addresses.
Key Terms



23.104
Internet Control Message Protocol (ICMP)
—The protocol used to send informational
messages and test network connectivity.
port —The logical component of a connection
that identifies the service running on a network
device. For example, port 110 is the POP3 mail
service.
protocol —A language used to transmit data
across a network infrastructure.
Key Terms



23.105
session hijacking—An attack on a
network that requires guessing ISNs. See
also initial sequence number (ISN).
SYN —A TCP flag that signifies the
beginning of a session.
SYN-ACK —A reply to a SYN packet sent
by a host.
Key Terms


23.106
TCP flag —The six flags in a TCP header
are switches that can be set to on or off to
indicate the status of a port or service.
three-way handshake —The method
the transport layer uses to create a
connection-oriented session.
Key Terms


23.107
Transmission Control
Protocol/Internet Protocol (TCP/IP)
—The main protocol used to connect
computers over the Internet.
User Datagram Protocol (UDP) —A
fast, unreliable transport layer protocol
that is connectionless.
23-4 SCTP
Overview: Stream Control Transmission Protocol
(SCTP) is a new reliable, message-oriented transport
layer protocol. SCTP, however, is mostly designed for
Internet applications that have recently been
introduced. These new applications need a more
sophisticated service than TCP can provide.
Topics discussed in this section:
SCTP Services and Features
Packet Format
An SCTP Association
Flow Control and Error Control
23.108
UDP


23.109
UDP is a message-oriented protocol.
A process delivers a message to UDP,
which is encapsulated in a user
datagram and sent over the network.
UDP conserves the message
boundaries; each message is
independent of any other message.
TCP
TCP is a byte-oriented
protocol.
 It receives a message or
messages from a process,
stores them as a stream of
bytes, and sends them in
segments.

23.110
SCTP

23.111
SCTP combines the best
features of UDP and TCP.
SCTP is a reliable messageoriented protocol
Table 23.4 Some SCTP applications
23.112
Note
An association in SCTP can involve
multiple streams.
23.113
Figure 23.27 Multiple-stream concept
23.114
Figure 23.28 Multihoming concept
23.115
SCTP “Packets”

23.116
Data are carried as data
chunks, control information is
carried as control chunks.
Figure 23.29 Comparison between a TCP segment and an SCTP packet
23.117
SCTP “Packets”
Steps 1 through 8 – p. 739 -740.
23.118
SCTP “Packets”
Steps 1 through 8 – p. 739 -740.
23.119
SCTP “Packets”
Steps 1 through 8 – p. 739 -740.
23.120
Note
SCTP association allows multiple IP
addresses for each end.
23.121
Note
In SCTP, a data chunk is numbered
using a TSN (Transmission Sequence
Number).
23.122
Note
To distinguish between different
streams, SCTP uses an SI (Stream
Identifier).
23.123
Note
To distinguish between different data
chunks belonging to the same stream,
SCTP uses SSNs (Stream Sequence
Numbers).
23.124
Note
TCP has segments; SCTP has packets.
23.125
Note
In SCTP, control information and data
information are carried in separate
chunks.
23.126
Figure 23.30 Packet, data chunks, and streams
23.127
Note
Data chunks are identified by three
items: TSN, SI, and SSN.
TSN is a cumulative number identifying
the association; SI defines the stream;
SSN defines the chunk in a stream.
TSN = Transmission Sequence Number
SI = Stream Identifier
SSN = Stream Sequence Number
23.128
Note
In SCTP, acknowledgment numbers are
used to acknowledge only data chunks;
control chunks are acknowledged by
other control chunks if necessary.
23.129
Figure 23.31 SCTP packet format
23.130
Note
In an SCTP packet, control chunks come
before data chunks.
23.131
Figure 23.32 General header
23.132
Table 23.5 Chunks
23.133
Note
A connection in SCTP is called an
association.
23.134
Note
No other chunk is allowed in a packet
carrying an INIT or INIT ACK chunk.
A COOKIE ECHO or a COOKIE ACK
chunk can carry data chunks.
23.135
Figure 23.33 Four-way handshaking
23.136
Note
In SCTP, only DATA chunks
consume TSNs;
DATA chunks are the only chunks
that are acknowledged.
23.137
Figure 23.34 Simple data transfer
23.138
Note
The acknowledgment in SCTP defines
the cumulative TSN, the TSN of the last
data chunk received in order.
23.139
Figure 23.35 Association termination
23.140
Figure 23.36 Flow control, receiver site
23.141
Figure 23.37 Flow control, sender site
23.142
Figure 23.38 Flow control scenario
23.143
Figure 23.39 Error control, receiver site
23.144
Figure 23.40 Error control, sender site
23.145