TCP/IP Protocol Stack Overview Overview Overview Transport Layer

Overview
TCP/IP Protocol Stack
• To communicate, two machines have to
use the same protocol
• TCP/IP has become the defacto
protocol for the transport and network
layers of the network stack
• Application layer is informally
represented by system libraries
Overview
• TCP/IP is based on the Client/Server
model
• One machine/host is called the Server
and provides services. The Server
LISTENS for requests
• The other side of the connection is a
client, that initiates the connection by
requesting services from a server
Overview
• Peer to Peer relationships, (Microsoft
file sharing, Bit Torrent) are represented
by having both machines act as both
clients and servers
• There is no special support for Peer to
Peer communication in TCP/IP
TCP/IP
Transport Layer
Transport Layer
• There are two major protocols used for
delivering data at the transport layer:
– TCP, and
– UDP.
TCP/IP
TCP/IP
Transport Layer
Transport Layer
• UDP is a simple protocol that does not
promise delivery of packets.
• TCP is a more complicated protocol that does
promise packet delivery.
TCP/IP
Service Ports
Service Ports
Service Ports
• Physical ports include
– Parallel port for older printers
– Comm ports for external modems
• USB port is actually a kind of simple
network connection
• Both TCP and UDP use numeric port
numbers to do their work.
• These port number represent virtual or
imaginary ports.
• In many ways, these resemble the
physical ports you plug devices into on
your computer.
TCP/IP
Service Ports
• The reason for ports is that computers can
communicate for a number of different
reasons.
– For example, web pages, email, streaming video.
• The ports identify
– the program (service) that a client is requesting
from a server
– The program on the client that the server is
replying to.
TCP/IP
TCP/IP
Service Ports
Service Ports
• These port numbers can be used to
indicate the program (client or server)
– sending a packet, or
– Receiving a packet.
• For instance servers for
– http (web pages) typically use port 80.
• This makes sure that information (the
packets) get sent to the correct program
running on the computer.
TCP/IP
TCP/IP
Service Ports
Service Ports
• For instance servers for
– POP3 (downloading email) typically
use port 110
• For instance servers for
– SMTP (sending email) typically use
port 25.
TCP/IP
TCP/IP
Service Ports
Service Ports
• It is however possible to set up services
to use non-standard port numbers.
• It is however possible to set up services
to use non-standard port numbers.
– You could set up a http/web server that
uses port 1234 if you wanted. 8080 is
commonly used for private web servers.
• Typically, standard ports are used,
called Well Known Ports, because it
makes services easier for clients to find.
Service Ports – Client Side
• Typically Client machines are assigned
random ports by the operating system
when they request a connection to a
server.
• These ports are assigned outside the
usual range of numbers for server ports.
UDP
TCP/IP
TCP/IP
UDP
UDP
• The UDP Protocol is conceptually very
simple.
• Packets are sent to their destination.
• No effort is made to ensure their delivery.
• Overhead is very low, so there is very little
delay . . . If the Packet makes it.
– In practice, modern networks are very
reliable
• UDP is typically used for situations
when the loss of an occasional packet is
acceptable.
– For example, streaming audio or video
might use UDP.
• UDP is used in “real time” applications,
were delay is not easily tolerated
– Communication with monitoring sensors.
TCP/IP
TCP
TCP
• The TCP protocol is used when it is
important that each packet be delivered.
– For example, when sending
• Compressed video or image file.
• A computer program.
– Situations where the loss or mix-up of
a packet would corrupt the
information being sent.
TCP/IP
TCP/IP
TCP
TCP
• TCP has multiple ways to ensure packets
are delivered.
• Because of the overhead for ensuring
delivery, TCP is slower than UDP.
• Nothing comes for free.
• Delays on individual packets, can reach
several seconds before the connection
is abandoned. Up to 60 second delays
are tolerated
– An important way is acknowledgement (ACK).
• When a message is received at its destination, an
acknowledgement message is sent back to the
source.
• The ACK tells not just that a message was
received, but exactly which message was
received.
TCP/IP
TCP
• Overhead is extra computer operations
that the computer must do, such as
sending and receiving
acknowledgement messages.
• Since each computer instruction takes
time, overhead slows down the task the
computer is performing.
ICMP
TCP/IP
TCP/IP
ICMP
ICMP
• In addition to TCP and UDP, there is an
additional protocol, ICMP.
• ICMP (Internet Control Message
Protocol) is used for
– diagnosing, and
– reporting
network errors.
TCP/IP
TCP-based Communications
ICMP
TCP
• ICMP is also a great protocol to use
(abuse!) as the basis for network
attacks.
• We will discuss precisely how . . . Later.
• TCP is the work-horse transport level
protocol on the Internet.
• Much of the information that gets sent
across the Internet uses TCP.
• Most applications cannot tolerate
– Lost packets, or
– Packets that arrive out of order.
TCP-based Communications
TCP-based Communications
TCP
TCP
• TCP
• To do this, it uses several mechanisms:
– ensures delivery,
– in the proper order
of packets sent between two computers.
TCP-based Communications
TCP-based Communications
TCP
TCP
• To do this, it uses several mechanisms:
• To do this, it uses several mechanisms:
– Exclusive TCP Connection - hosts establish a
session that allows them to track the traffic
between them.
– TCP Sequence Numbers - packets sent using
TCP have packet sequence numbers.
TCP-based Communications
TCP-based Communications
TCP
TCP Connection
• To do this, it uses several mechanisms:
– Acknowledgements - Using sequence
numbers, the recipient acknowledges packets
received.
– Because the client is requesting a service
from the server.
TCP-based Communications
TCP-based Communications
TCP Connection
TCP Connection
• A potential sender and receiver
establish a TCP connection by a
procedure known as a handshake.
•
• The host requesting a TCP connection
is known as the client, and the other is
the server.
• The handshake procedure:
TCP-based Communications
TCP-based Communications
TCP Connection
TCP Connection
The handshake procedure:
1. The client sends a SYN message(SYNc) to
request a TCP connection with the server.
•
The handshake procedure:
1. The client sends a SYN message(SYNc) to
request a TCP connection with the server.
2. A server returns a single packet that both
•
•
Acknowledges (ACKc) the client’s SYN, and
Sends its own connection request (SYNs).
•
TCP-based Communications
TCP-based Communications
TCP Connection
TCP Connection
The handshake procedure:
•
1. The client sends a SYN message(SYNc) to
request a TCP connection with the server.
2. A server returns a single packet that both
•
•
The handshake procedure:
1. The client sends a SYN message(SYNc) to
request a TCP connection with the server.
2. A server returns a single packet that both
Acknowledges (ACKc) the client’s SYN, and
Sends its own connection request (SYNs).
•
•
3. The client acknowledges (ACKs) the server’s
message.
Acknowledges (ACKc) the client’s SYN, and
Sends its own connection request (SYNs).
3. The client acknowledges (ACKs) the server’s
message.
•
After the handshake, the connection is
established.
TCP-based Communications
TCP Handshake
TCP Handshake
Client
• The TCP handshake is often
represented using a timeline.
Server
Time
TCP-based Communications
TCP-based Communications
TCP Handshake
TCP Handshake
Client
Send SYNc
Server
Client
Send SYNc
Server
SYNc
TCP-based Communications
TCP-based Communications
TCP Handshake
TCP Handshake
Client
Send SYNc
Server
Receive SYNc
SYNc
Client
Send SYNc
Server
Receive SYNc
SYNc
Send SYNs/ACKs
TCP-based Communications
TCP-based Communications
TCP Handshake
TCP Handshake
Client
Send SYNc
Server
Receive SYNc
SYNc
Send SYNs/ACKs
SYNs + ACKc
Receive
SYNs + ACKc
Send ACKs
Send SYNc
Server
Receive SYNc
SYNc
Receive
SYNs + ACKc
Send SYNs/ACKs
SYNs + ACKc
TCP-based Communications
TCP-based Communications
TCP Handshake
TCP Handshake
Client
Send SYNc
Client
Server
SYNc
SYNs + ACKc
Receive SYNc
Send SYSs/ACKs
Client
Send SYNc
Receive
SYNs + ACKc
Send ACKs
Server
SYNc
SYNs + ACKc
ACKs
Receive SYNc
Send SYSs/ACKs
TCP-based Communications
TCP-based Communications
TCP Handshake
TCP Handshake
Client
Send SYNc
Receive
SYNs + ACKc
Send ACKs
Server
SYNc
SYNs + ACKc
ACKs
Receive SYNc
Send SYSs/ACKs
Receive ACKs
Client
Send SYNc
Receive
SYNs + ACKc
Send ACKs
Server
SYNc
SYNs + ACKc
ACKs
Receive SYNc
Send SYNs/ACKs
Receive ACKs
(Connection Established)
SYN Attack
SYN Attack
• Hackers use the handshake for denial
of service attacks
• Hacker sends a SYN
• Attacked computer sends a SYN/ACK
• Hacker never sends ACK, so computer
waits for ACK for many seconds, tying
up resources
• Hacker continues sending SYN’s to the
host until all resources are used up, and
the host can not open any more
connections
• This prevents anyone else from
connecting to the server
TCP-based Communications
TCP-based Communications
TCP Connection
TCP Connection
• The TCP Handshake actually
establishes two connections:
• The TCP Handshake actually
establishes two connections:
– One from the client to the server, and
TCP-based Communications
TCP-based Communications
TCP Connection
TCP Connection
• The TCP Handshake actually
establishes two connections:
– One from the client to the server, and
– One from the server to the client.
• The TCP Handshake actually
establishes two connections:
– One from the client to the server, and
– One from the server to the client.
TCP-based Communications
TCP-based Communications
TCP Connection
TCP Connection
• These two connections can
communicate independently.
• These two connections can
communicate independently.
– For this reason, TCP is known as a full
duplex protocol.
TCP-based Communications
TCP-based Communications
Ports
Ports
• As mentioned earlier, computers
offering various services (e.g. smtp,
http) tend to offer them on well-known
ports.
– For example, smtp on port 25, telnet on
port 23.
• This allows clients who want that
service to connect to the well-known
port.
• Clients on the other hand, use
ephemeral ports for connections.
• Ephemeral ports are different, and
randomly chosen, for each connection.
TCP-based Communications
TCP-based Communications
Ports
Ports
• The client and server port are usually
used for the duration of the connection.
• A socket pair will be unique.
– The pair of ports
• The well-known port for the server, and
• The ephemeral port chosen by the client
is known as a socket pair.
TCP-based Communications
TCP-based Communications
Ports
Ports
• For instance, even if many separate
users on a computer are all doing http
with ebay.com, all of those connections
will have a different ephemeral port id,
and hence a unique socket pair.
• This allows the clients and servers to
keep track of their connections.
TCP-based Communications
Data Transfer
• After establishing a connection using
the TCP handshake, the two hosts
transfer data.
• The two send new data, and
acknowledge receipt of packets.
• When they are done they exchange
messages to terminate the connection.
The Network Layer
The Network Layer
The Network Layer
Network Layer
Network Layer
• The next layer down from the transport
layer is the Network Layer.
• The task of the network layer is to move
data from the source computer across
the network to the destination computer.
The Network Layer
Network Layer
• The network layer in most networks
uses the Internet Protocol (IP).
The Network Layer
IP Addresses
IP Addresses
• At the network layer, each computer
has an IP address.
• The IP address is used to locate the
computer on the Internet, so it can send
or receive data.
The Network Layer
The Network Layer
IP Addresses
IP Addresses
• An IP address is a 32 bit quantity.
• It is usually represented as 4, 8-bit
parts, where each 8-bit part can have
values between 0-255:
• With 32 bits, there are 232 possible IP
addresses.
– That’s 4,294,967,296 possible addresses.
– e.g. 169.226.1.110
The Network Layer
The Network Layer
IP Addresses
IP Addresses
• That may seem like a lot, but with all of the
computers, routers, and other devices being
connected to the Internet, there is concern
about running out.
• A possible IP address shortage is one
reason consideration is given to moving
to IP version 6, with an increased
addressing space.
– Along with other advantages.
The Network Layer
IP Addresses
Host Names
• The host names used on the Internet
translate to IP addresses.
• For example,
– www.cnn.com translates to 64.236.24.20
– www.nytimes.com translates to 199.239.137.200
The Network Layer
IP Addresses
• Host computer names are usually translated
to IP addresses by sending the name to a
server running the Domain Name Service
(DNS) protocol.
• A DNS server will return the IP address for a
host computer name sent to it by a client.
Routing
The Network Layer
The Network Layer
Routing
Routing
• The Network Layer is primarily
concerned with routing.
The Network Layer
Routing
• Two computers on the same local
network can easily exchange packets
across that network.
• Routing is how to get a packet
– from the source computer,
– across a potentially complex set of network
connections,
– to the destination computer.
The Network Layer
Routing
• But, how do we send information off of
the local network?
The Network Layer
The Network Layer
Routing
Routing
• Each computer has a routing table.
• A routing table contains information on
how to send packets of information to
other computers.
• In addition to information about
computers on the local network, a
routing table has an entry for a default
router.
• A default router is a computer on the
local network.
• It accepts packets destined for non-local
networks.
Download PDF
Similar pages