Transcript Routers and Routing Basics CCNA 2
Routers and Routing Basics CCNA 2 Chapter 10
www.ciscopress.com
Intermediate TCP/IP TCP and UDP Operation
Flow Control and Windowing Establishing and Terminating TCP Connections Denial-of-Service Attacks and SYN Floods TCP Error Recovery (Reliability) Segmentation, Reassembly, and In-Order Delivery Comparing TCP and UDP
Operation of Transport Layer Ports
Connecting to Servers: Well-Known Ports Comparing Well-Known, Dynamic, and Registered Ports Comparing MAC Addresses, IP Addresses, and Port Numbers
Summary
www.ciscopress.com
2
TCP and UDP Operation
The TCP/IP transport layer includes several protocols, the most important are:
Transmission Control Protocol (TCP) User Datagram Protocol (UDP)
. TCP provides several more functions The main goal of the transport layer can be summarized as follows: - to provide the function of taking data from one application process on one computer - delivering that data to the correct application process on another computer.
3
www.ciscopress.com
Comparing TCP and UDP
www.ciscopress.com
4
Flow Control and Windowing
When a host sends data using TCP, the receiving host can control how fast each TCP sender sends the data over time. This process is called
flow control
.
The main reasons for flow control are time for data processing and limited memory on receiving side.
Two forms of flow control:
dynamic sliding windows withholding acknowledgments
.
www.ciscopress.com
5
Flow Control Through Dynamic Sliding Windows
The receiver tells the sending host how many bytes the sending host can send before it receives an acknowledgment — a value called a
window
. When the sending host sends an entire window’s worth of data, it must wait on an acknowledgment, thereby slowing its rate of sending data.
6
www.ciscopress.com
Dynamic Windowing
1. PC2 sends a segment to PC1 in which the Window field in the header is set to 3000. This means that PC2 grants PC1 the right to send 3000 bytes to PC2.
2. PC1 sends PC2 3000 bytes via three 1000-byte segments.
3. PC1 has sent all 3000 bytes, but it has not received any acknowledgments; therefore, it must wait.
4. PC2 sends PC1 an acknowledgment, and this time it grants a slightly larger 4000-byte window.
5. PC1 now sends four 1000-byte segments.
7
www.ciscopress.com
Withholding Acknowledgments
This process of withholding acknowledgments is sometimes referred to as
start/stop flow control
.
www.ciscopress.com
1. PC2 sends a segment to PC1 in which the Window field in the header is set to 3000. This means that PC2 grants PC1 the right to send 3000 bytes to PC2.
2. PC1 sends PC2 3000 bytes via three 1000-byte segments.
3. PC2 has received all 3000 bytes but needs more time to process the data. 4. Instead of immediately acknowledging receipt of the segments, PC2 waits until it can catch up on the work and then sends an acknowledgment.
Note: PC2 did not increase the window size at Step 4 because it is already having difficulty processing 3000 bytes at a time.
8
Establishing and Terminating TCP Connections
Connection-oriented protocols (including TCP) use messages, events, or other prearranged settings on the communicating devices before they allow any end-user communication to occur.
TCP also allows two computers to agree to many other settings before the hosts attempt to send any end-user data.
TCP uses a process called a
three-way handshake
to create a new TCP connection and to initialize the various numbers used to control and manage a TCP connection.
9
www.ciscopress.com
Three-Way TCP Connection Establishment
1. The first segment has a SYN flag set but does not have the ACK flag set. This means that the SYN bit in the TCP header is set to binary 1, and the ACK flag is set to binary 0.
2. The second segment has both SYN and ACK set.
3. The third and ongoing segments have only the ACK bit set.
10
www.ciscopress.com
Denial-of-Service Attacks and SYN Floods
A network attack that is primarily intended to do harm is called a
denial-of-service (DoS) attack
.
A
SYN flood
attack is one of the most common types of DoS attacks.
A SYN flood occurs when a hacker sends a lot of TCP segments to a server, with each segment looking like a new request for a new TCP connection. However, the attacker never sends the third segment in the connection establishment request.
11
www.ciscopress.com
TCP Error Recovery (Reliability)
TCP is a reliable protocol — at least as far as networking terminology is concerned.
In networking, reliable protocols perform error recovery, which means that they ensure that all the data eventually gets to the receiver, even if some data is lost in transit.
The practice of acknowledging data by stating the next byte expected to be received, rather than identifying the last byte received, is called a
forward acknowledgment
or
expectational acknowledgment
.
www.ciscopress.com
12
TCP Acknowledgments with No Error Recovery Needed
TCP uses two TCP header fields — the Sequence Number and Acknowledgment Number Fields — to tell the other computer whether a segment was received. The sequence number keeps track of all the bytes sent over a TCP connection by numbering the first byte of data inside each segment .
13
www.ciscopress.com
TCP Error Recovery
TCP performs error recovery by having the receiving host send an acknowledgment that implies some data was lost.
The PCs recover some lost data, using a process called
Retransmission (PAR) Positive Acknowledgment with
.
14
www.ciscopress.com
Segmentation, Reassembly, and In-Order Delivery
TCP
segmentation
refers to the process of TCP accepting a large chunk of data from the application protocol and breaking it into pieces that are small enough to be appropriate for transmission through the internetwork.
The data portion of a TCP segment is typically limited to 1460 bytes.
The maximum length of the TCP Data field is referred to as the maximum segment size (MSS).
TCP on the receiving computer reassembles the data into its original form.
TCP provides a guarantee of
in-order delivery
.
15
www.ciscopress.com
TCP Providing In-Order Delivery
1. PC2 sends two segments. The first segment (sequence number 1) is routed over the slow high route.
2. Router R2 sends the second segment (sequence number 1001) over the fast low route.
3. The second segment sent arrives before the first segment sent, so PC1 copies the segment into a memory buffer.
4. The first segment sent arrives next.
5. The first segment sent (sequence number 1) should be in front of the segment with sequence number 1001, so PC1’s TCP software stores this data in the correct order in its memory buffer.
16
www.ciscopress.com
Comparing TCP and UDP
Popular Applications and Transport Layer Protocols
www.ciscopress.com
17
Comparing TCP and UDP
(Continued)
TCP and UDP Headers
www.ciscopress.com
18
Comparing TCP and UDP
(Continued)
TCP Header Fields UDP Header Fields
www.ciscopress.com
19
Operation of Transport Layer Ports
Both UDP and TCP provide a means to identify the specific application process that was the
source
of the data and the application process that is the
destination
for the data.
TCP and UDP use
port numbers
.
Each application uses a different local port number, identifying each of the different application processes.
20
www.ciscopress.com
Using Port Numbers to Identify the Correct Application Process
1. An IP packet with a TCP segment inside it arrives at the PC. Because it is a TCP segment, IP gives the segment to the TCP software inside the computer.
2. TCP examines the
destination port number
in the header. The destination port number identifies the application process on the destination computer (Keith).
The shown port numbers are called
dynamic port numbers
because the host computer dynamically picks which port number to use for each application process.
3. Based on a value of 1031 in the Destination Port Number field, the PC’s TCP software gives the data to Browser2 .
21
www.ciscopress.com
Connecting to Servers: Well-Known Ports
Servers cannot use dynamic port numbers because the clients that use the server must know ahead of time what port number the server uses.
TCP/IP defines
well-known (or static) ports
, each reserved for use by a specific application protocol.
When a client connects to a server, the client already knows what well-known port the server should be using.
22
www.ciscopress.com
Client Connecting to Well-Known Port of a Web Server (80)
1. Keith’s browser sends the segment as shown, with a destination port of 80.
2. The segment has a source port of 80 because it comes from the web server, and the destination port matches the port used on Keith’s computer.
23
www.ciscopress.com
Popular Applications and Their Well-Known Port Numbers
www.ciscopress.com
24
Using Port Numbers to Identify the Correct Application Process
www.ciscopress.com
25
Comparing Well-Known, Dynamic, and Registered Ports
The Internet Assigned Numbers Authority (IANA [www.iana.org]) assigns the values for wellknown ports and the values for a similar concept called
registered port numbers
. The difference between well-known and registered ports is that registered ports are assigned to servers that the average end user can start. Well-known ports are used only for applications typically controlled by IT staff.
However, web services, FTP services, and e-mail services, which are usually controlled by IT staff in a typical company, use well known port numbers.
www.ciscopress.com
26
Uses of Port Numbers
www.ciscopress.com
27
Port Number Used on Your PC
Most operating systems (OSs) include commands that display the port numbers used on that computer.
Microsoft OSs support the
netstat -an
command to display the currently used TCP and UDP port numbers.
To see some useful output from this command, create a new TCP connection by opening a web browser and loading a web page.
Then, use the
netstat -an
command to view the TCP connection, along with the port number used on your PC and the web server.
28
www.ciscopress.com
Comparing MAC Addresses, IP Addresses, and Port Numbers
MAC addresses, IP addresses, and port numbers all perform some role in addressing, or identifying, the senders and intended recipients of data.
-
MAC addresses
—Define the physical addressing of LAN NICs, which allows frames to be delivered over a LAN.
-
IP addresses
—Define logical (meaning not physical) addresses that define a way to group addresses (subnets), and define a routing process to allow end-to-end delivery of packets between hosts.
-
Port numbers
—Identify the application processes on the sending (source port) and receiving (destination port) computers. Port numbers do not define any methods of sending data over a physical network or any means to deliver data end to end over an internetwork.
29
www.ciscopress.com
Socket
In the world of TCP and UDP, a
socket
is a set of three things: The computer’s IP address - The transport protocol (TCP or UDP) - The port number used by an application For example, a web server whose IP address is 10.1.1.1, using the well known port for HTTP, would be using a socket of (10.1.1.1, TCP, 80).
30
www.ciscopress.com
Summary
The primary duty of the transport layer, which is OSI model Layer 4, is to provide the service of taking data from one application process on one computer and delivering the data to the correct application process on another computer.
UDP essentially provides only the basic delivery and identification of applications using port numbers. TCP provides several additional functions, including reliability (error recovery), flow control, segmentation and reassembly, and in-order data delivery.
Flow control ensures that a transmitting node does not overwhelm a receiving node with data.
31
www.ciscopress.com
Summary
(End)
The term
Positive Acknowledgment with Retransmission (PAR)
resending any unacknowledged segments.
refers to the process of explicitly acknowledging received data, with the sender A port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server. Port numbers have the following assigned ranges: - The well-known ports are those from 0 through 1023.
- The registered ports are those from 1024 through 49,151.
- The dynamic and/or private ports are those from 49,152 through 65,535 32
www.ciscopress.com