Intermediate TCPIP

1
Intermediate TCP/IP

• CCNA 2 v3 Module 10

2
TCP Synchronization or 3-Way Handshake

• TCP is a _________-oriented protocol.

connection
Communicating hosts go through a synchronization
process to establish a virtual connection. This
synchronization process insures that both sides
are ready for data transmission and allows the
devices to determine the initial sequence
numbers.
Sequence numbers are reference numbers between
the two devices. The sequence numbers give each
host a way to ACK the SYN, so the receiver knows
which connection request the sender is responding
to.
Send SYN Seq x
Send SYN Seq y ACK x 1
Send ACK ACK y 1
3
Denial of Service Attacks
DoS attacks are designed to deny services to
________________. DoS attacks are used by hackers
to _____________________________. SYN flooding is
a DoS attack that exploits the ___________________
_.
legitimate users
overwhelm and crash systems
three-way handshake

• Hacker initiates a SYN but spoofs the source IP
  address.

• Target replies to the unreachable IP address and
  waits for final ACK.

Send SYN

• Hackers floods target with false SYN requests
  tying up its connection resources, preventing it
  from responding to legitimate connection requests.

Send SYN/ACK
To defend against these attacks, decrease the
connection timeout period and increase the
connection queue size. Software also exists that
can detect these types of attacks and initiate
defensive measures.
4
TCP Segment Format
5
Windowing and Window Size
_______________ determines the amount of data
that you can transmit before receiving an
acknowledgment.
Window size
I didnt get all of that, slow down.
Fast enough for you?
Sliding window refers to the fact that the window
size is negotiated ___________ during the TCP
session.
dynamically
Expectational acknowledgment means that the
acknowledgment number refers to the octet that is
______________.
next expected
If the source receives no acknowledgment, it
knows to retransmit at a ________ rate.
slower
6
Sequence and ACK numbers

• Each TCP segment is numbered before transmission
  so that the receiver will be able to properly
  reassemble the bytes _____________________.
• They also identify missing data pieces so the
  sender can ____________ them.
• Only the _________________ need to be
  re-transmitted.

in their original order
retransmit
missing segments
Positive Acknowledgement and Retransmission
TCP utilizes PAR to control data flow and confirm
data delivery.

• Source sends packet, starts timer, and waits for
  _____.
• If timer expires before source receives
  ACK,source __________________ and ______________.

ACK
retransmits packet
re-starts timer
7
UDP Operation
Two protocols at OSI Layer 4

• TCP enables connection-oriented, ________
  transmission.
• TCP provides services for applications, such as
  _________________________
• UDP provides, ______________ non-guaranteed
  transmission.
• UDP is the transport layer protocol used by
  ___________________________.

reliable
FTP, HTTP, SMTP, and DNS.
connectionless
DNS, TFTP, SNMP, and DHCP
Applications that do not need to guarantee data
delivery use the faster UDP. UDP has no
windowing or acknowledgments, so error detection
is provided by application layer protocols. UDP
is encapsulated within the IP packet.
8
Overview of Transport Layer Ports
TCP
UDP

• Both _____ and _____ use port or socket numbers.

Port nos.

• __________ work as source and destination
  addresses for TCP segments.

appropriate service

• Ports ensure packets reach the ___________________
  ___ on the server.

destination port

• The _________________ field determines which
  service the source is requesting.

ports

• TCP/IP associate ______ at the transport layer
  with certain applications.

• Software developers have agreed on ____________
  ports, for example
• a packet bound for an FTP server would use port
  ___.

well-known
21

• Conversations that do not involve applications
  with well-known ports are assigned ports
  __________ selected from a specific range.

randomly

• Port numbers have the following assigned ranges
• Below 255 are reserved for ___________________.
• From ___ - ____ assigned to companies for
  marketable applications.
• Above 1023 are ____________.

public applications
255
1023
unregulated

• Source port numbers are dynamically assigned by
  the originating host, and are usually a number
  larger than _____.

1023
0
1023

• Port numbers in the range of _____ - _____ are
  controlled by IANA.

9
Reserved TCP and UDP Ports for Services
10
Ports for Clients
TCP and UDP segments contain fields for source
and destination ports. The port number combines
with the network address to form a socket.
Destination ports (services) are normally defined
using the well-known ports. Source ports set by
the client are determined dynamically. Usually
source ports are randomly assigned a number above
1023.
80
1032
80
1032
Port numbers are 16-bit values ranging from 0 to
65535. This range is divided into three different
categories

• Below 1023 are well-known ports.
• 1024 to 49151 are registered ports (used by
  ordinary user processes).
• Between 49152 and 65535 are defined as dynamic or
  private ports.