Documente Academic
Documente Profesional
Documente Cultură
The function of the Transport Layer is to insure packets have no errors and that all packets arrive and are correctly reassembled. Two protocols are used: User Datagram Protocol.
Applications
Packet Packet
Provides unreliable, connectionless delivery service using Internet Protocol. Application programs utilizing UDP accepts full responsibility for packet reliability including message loss, duplication, delay, out of sequence, multiplexing and connectivity loss.
TCP
Packet
UDP
Packet
IP
Packet
Hardware
Provides a reliable, connection delivery service using Internet Protocol. It provides reliable packet delivery, packet sequencing, error control, multiplexing.
L.Krist NVCC
Connection-oriented Two
computers connect before sending any data, sender lets receiver know that data is on the way; recipient acknowledges receipt of data (ACK) or denies receipt (NACK). The ACKing and NACKing is called handshaking. (Type supported by TCP). Reliable, but carries overhead burden. Connectionless Computers involved know nothing about each other or the data being sent. Makes no attempt to cause networks senders and receivers to exchange information about their availability or ability to communicate with one another, best effort delivery. (Type supported by IP, UDP). Not reliable, but faster and may be good enough. Also upper layer apps may worry about errors and reliability processing, so no need to do it twice.
L.Krist NVCC
Port numbers are used to keep track of different conversations that cross the network at the same time. Port numbers identify which upper layer service is needed, and are needed when a host communicates with a server that uses multiple services.
Both TCP and UDP use port numbers to pass to the upper layers. Port numbers have the following ranges: 0-255 used for public applications, 0-1023 also called wellknown ports, regulated by IANA. Numbers from 255-1023 are assigned to marketable applications 1024 through 49151 Registered Ports, not regulated. 49152 through 65535 are Dynamic and/or Private Ports .
L.Krist NVCC 4
Discard Echo Chargen FTP-Data FTP-CMD Telnet SMTP DOMAIN Finger HTTP Kerberos POP3 NNTP SMTP BGP Rlogin
Discard all incoming data port Echo Exchange streams of data port File transfer data port File transfer command port Telnet remote login port Simple Mail Transfer Protocol port Domain Name Service Obtains information about active users Hypertext Transfer Protocol port Authentication Protocol PC Mail retrieval service port Network news access port Network Management Border Gateway Protocol Remote Login In
L.Krist NVCC 5
Clients and servers both use ports to distinguish what process each segment is associated with. Source ports, which are set by the client, are determined dynamically, usually a randomly assigned a number above 1023.
Source Port 1. Client requests a web page from server 2. Server responds to client
1032 80
Destination Port
80 1032
L.Krist NVCC
Telnet
Destination Port 23
TRANSPORT LAYER
TCP Header
NETWORK LAYER
IP Header
6
Source IP Address; 128.66.12.2 Destination IP Address; 128.66.13.1
ETHERNET
PREAMBLE DESTINATION ADDR 00 00 1B 12 23 34 SOURCE ADDR 00 00 1B 09 08 07 FIELD TYPE IP HEADER TCP HEADER DATA FCS
L.Krist NVCC
TRANSPORT LAYER
UDP
Destination Port 69
NETWORK LAYER
IP Header
17
Source IP Address; 128.66.12.2 Destination IP Address; 128.66.13.1
ETHERNET
PREAMBLE DESTINATION ADDR 00 00 1B 12 23 34 SOURCE ADDR 00 00 1B 09 08 07 FIELD TYPE IP HEADER TCP HEADER DATA FCS
L.Krist NVCC
TCP Operation
TCP is a connection-oriented protocol. TCP provides the following major services to the upper protocol layers:
Connection-oriented data management to assure the end-to-end transfer of data across the network(s). Reliable data transfer to assure that all data is accurately received, in sequence and with no duplicates. Stream-oriented data transfer takes place between the sender application and TCP and the receiving application and TCP.
Prior to data transmission, hosts establish a virtual connection via a synchronization process. The synch process is a 3-way handshake, which ensures both sides are ready to transfer data and determines the initial sequence numbers. Sequence numbers give hosts a way to acknowledge what they have received. TCP header contain SYN bits, or flags, to achieve this.
L.Krist NVCC 9
Sequence numbers are reference numbers between the two devices. The sequence numbers give each host a way to ACK the SYN, so the receiver knows which connection request the sender is responding to.
Receive SYN Seq = x Send SYN Seq = y ACK = x + 1 Receive ACK ACK = y + 1
10
1.
2. 3.
Hacker initiates a SYN but spoofs the source IP address. Target replies to the unreachable IP address and waits for final ACK. Hackers floods target with false SYN requests tying up its connection resources, preventing it from responding to legitimate connection requests.
Send SYN Send SYN Send SYN Send SYN Send SYN Send SYN
Receive SYN
Send SYN/ACK
To defend against these attacks, decrease the connection timeout period and increase the connection queue size. Software also exists that can detect these types of attacks and initiate defensive measures.
L.Krist NVCC 11
Data often is too large to be sent in a single segment. TCP splits the data into multiple segments. TCP provides flow control through windowing to set the pace of how much data is sent at a time IE how many bytes per window, and how many windows between ACKs.
Window Size = 1 Window Size = 3
L.Krist NVCC
12
Each TCP segment is numbered before transmission so that the receiver will be able to properly reassemble the bytes in their original order.
They also identify missing data pieces so the sender can retransmit them.
Only the missing segments need to be re-transmitted.
Source sends packet, starts timer, and waits for ACK. If timer expires before source receives ACK, source retransmits the packet and restarts the timer.
L.Krist NVCC
14
TCP Encapsulation
0 15 16
31
VERS HLEN
4 bits 4 bits 16 bits
TOS
8 bits
Total Length
16 bits
Identification TTL
8 bits
Flags
3 bits
Fragment Offset
13 bits
Protocol
8 bits
Checksum
16 bits
Source IP Address
32 bits
IP Header
Destination IP Address
32 bits
IP Options(if any)
32 bits
IP Datagram
Source Port
16 bits 32 bits
Destination Port
16 bits
TCP Header
Checksum
16 bits
Urgent Pointer
16 bits
ETHERNET PREAMBLE
8
DESTINATION ADDRESS
6
SOURCE ADDRESS
6
FIELD TYPE
2
IP HEADER
TCP HEADER
DATA
0-65535
FCS
4
L.Krist NVCC
15
Sequence Number. TCP numbers each byte in the TCP data with a sequence number.
The sequence number identifies the first byte in the data segment being transmitted from the sending TCP to the receiving TCP.
Acknowledgement Number. The acknowledgement number contains the next sequence number the receiving station (sending the acknowledgement) expects to receive. The Acknowledgement flag is set.
Offset. It is perhaps more descriptive to call this field the TCP Header Length. This field is required because the length of the options field is variable. It indicates where the TCP header ends and the data begins. The header is 20 bytes without the options field.
Reserved. This field is reserved for future use and is set to zero. TCP software uses the 6 Code Bits to determine the purpose and contents of the segment.
Urg This flag indicates that this segment contains an Urgent pointer field. The Urgent Pointer field is explained below. 1 = Urgent, 0 = Not Urgent. Ack This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0 = No Ack. Psh The segment requests a Push. TCP software usually gathers enough data to fill the transmit buffer prior to transmitting the data. 1 = Push, 0 = No Push. If an application requires data to be transmitted even though a buffer may not be full then a PUSH flag bit is set. At the receive side the PUSH makes the data available to the application without delay. Reset This field will Reset the connection. 1 = Reset, 0 = No Reset. Syn This flag field is used to Synchronize sequence numbers to initiate a connection. 1 = Syn, 0 = No Syn Fin The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 = No Fin.
Urgent Pointer. This field presents a way for the sender to transmit emergency data to the receiver. The URG flag must be set.
The Urgent Pointer is a 16 bit positive offset that is added to the sequence number field in the TCP header to obtain the sequence number of the last byte of the urgent data. The application determines where the urgent data starts in the data stream. The field is normally used by the application to indicate the pressing of an interrupt key during Telnet/Rlogin or a file transfer abort during FTP.
L.Krist NVCC
17
There are two protocols at Layer 4 TCP and UDP. Both TCP and UDP use IP as their underlying protocol. TCP must be used when applications need to guarantee the delivery of a packet. When applications do not need a guarantee, UDP is used. UDP is often used for applications and services such as real-time audio and video. These applications require less overhead. They also do not need to be re-sequenced since packets that arrive late or out of order have no value.
0 15 16 - 31
TCP
Connection-oriented delivery Uses windows and ACKs Full header Sequencing Provides reliability FTP, HTTP, SMTP, and DNS
UDP
Connectionless delivery, faster No windows or ACKs Smaller header, less overhead No sequencing Relies on app layer protocols for reliability DNS, TFTP, SNMP, and DHCP
Source Port
Destination Port
Length
L.Krist NVCC
Checksum
Data
18
. . .
ETHERNET PREAMBLE
8
FCS
DESTINATION ADDRESS
6
SOURCE ADDRESS
6
FIELD TYPE
2
IP HEADER
UDP DATAGRAM
4
8-1500
UDP is a connectionless, unreliable Transport level service protocol. It is primarily used for protocols that require a broadcast capability, i.e RIP. It provides no packet sequencing, may lose packets, and does not check for duplicates.
It is used by applications that do not need a reliable transport service. Application data is encapsulated in a UDP header which in turn is encapsulated in an IP header.
UDP distinguishes different applications by port number which allows multiple applications running on a given computer to send /receive datagrams independently of one another.
L.Krist NVCC 19
Quote Chargen Nameserver Sql-Net BOOTPS BOOTPC TFTP POP3 SunRPC NTP SNMP SNMP-trap IRC IPX SysLog RIP NFS
17 19 53 66 67 68 69 110 111 123 161 162 194 213 514 520 2049
Return "Quote of the day" Character generator Domain Name Server Oracle Sequel Network Server port to download configuration information Client port to receive configuration information Trivial File Transport Protocol Post Office Protocol - V3 Sun Remote Procedure Call Network Time Protocol Used to receive network management queries Used to receive network problem reports. Internet Relay Chat IPX - IP Tunneling System Log Routing Information Protocol Network File Service
L.Krist NVCC
20
Packet Analysis
Ethereal and dns-moviefone.pkt trace
L.Krist NVCC
21