CISCO NETWORKING ACADEMY PROGRAM CNAP

1
CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER
2/ MODULE 10
Intermediate TCP/IP
2

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Overview

• Routers use the Internet Protocol (IP) address
  information in an IP packet header to determine
  which interface the packet should be switched to
  in order to move closer its destination.
• It is described as an unreliable, connectionless
  protocol, using best-effort delivery.
• If packets are dropped in route, arrive in the
  wrong order, or are transmitted faster than the
  receiver can accept them, IP alone cannot correct
  the problem.
• To address these problems, IP relies upon
  Transmission Control Protocol (TCP).

3

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
TCP/IP operations

• IP addresses allow for the routing of packets
  between networks. However, IP makes no guarantees
  about delivery.
• The transport layer is responsible for the
  reliable transport of and regulation of data flow
  from source to destination by using sliding
  windows and sequencing numbers along with a
  synchronization process that ensures each host is
  ready and willing to communicate.

4

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
TCP three-ways handshake open-connection
This synchronization process insures that both
sides are ready for data transmission and allows
the devices to determine the initial sequence
numbers.
5

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Denial of Service Attacks

• Denial of service (DoS) attacks are designed to
  deny services to legitimate hosts attempting to
  establish connections.
• One type of DoS is known as SYN flooding.
• SYN flooding exploits the normal three-way
  handshake and causes targeted devices to ACK to
  source addresses that will not complete the
  handshake.

6

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Denial attacks

• In a DoS attack, the hacker initiates a
  synchronization but spoofs the source IP address.
  
• Spoofing is a term used when the receiving device
  replies to a non-existent, unreachable IP address
  and then is placed in a wait state while waiting
  to receive the final ACK from the initiator.

7

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Denial attacks

• The waiting request is placed in a connection
  queue or a holding area in memory. This waiting
  state requires the attacked device to commit
  system resources, such as memory, to the waiting
  process until the connection timer times out.
  Hackers will flood the attacked host with these
  false SYN requests utilizing all of its
  connection resources to respond and wait for
  false connections, preventing it from responding
  to legitimate connection requests.
• To defend against these attacks, system
  administrators may decrease the connection
  timeout period and increase the connection queue
  size.
• Software also exists that can detect these types
  of attacks and initiate defensive measures.

8

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Simple window sliding

• The amount of data that needs to be
  transmitted is often too large to be sent
  in a single data segment.
• Thereby, the data must be broken into
  smaller pieces to allow for proper data
  transmission.
• TCP is responsible for breaking data into
  segments.
• Once the data is segmented, it must be
  transmitted to the destination device.
• One of the services provided by TCP is flow
  control, which regulates how much data is
  sent during a given transmission period.
• The process of flow control is known as
  windowing.

9

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
TCP sliding window

• TCP utilizes a sliding window when determining
  transmission size.
• A sliding window allows for devices to
  negotiate a window size to allow for more than
  one byte to be sent during a single transmission.
  
• This sliding window also allows the
  destination device to indicate to the source a
  need to decrease or increase the amount of data
  being sent because it is incapable at that time
  of dealing with that much data.

10

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
TCP segment format

• Positive acknowledgment and retransmission
  (PAR) is a common technique many protocols use to
  provide reliability.
• With PAR, the source sends a packet, starts a
  timer, and waits for an acknowledgment before
  sending the next packet. If the timer expires
  before the source receives an acknowledgment, the
  source retransmits the packet and starts the
  timer over again.
• TCP uses expectational acknowledgments in which
  the acknowledgment number refers to the next
  octet that is expected.

11

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Protocol suit TCP/IP
12

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
TCP segment format
13

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
UDP segment format
14

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
Port numbers

• Port numbers are represented by 2 bytes in the
  header of a TCP or UDP segment.
• This 16-bit value can result in port numbers
  ranging from 0 to 65535.
• These port numbers are divided into three
  different categories
• 1. Well-known ports the first 1023 ports, used
  for well-known network services
• 2. Registered ports range from 1024 to 49151
• 3. Dynamic or private ports ports between 49152
  and 68835

15

CISCO NETWORKING ACADEMY PROGRAM SEMESTER 2/
MODULE 10
TCP/IP
TCP sequence and acknowledgement numbers