Routers and Routing Basics CCNA 2

1
Routers and Routing Basics CCNA 2
Chapter 10
2
Intermediate TCP/IP

• TCP and UDP Operation
• Flow Control and Windowing
• Establishing and Terminating TCP Connections
• Denial-of-Service Attacks and SYN Floods
• TCP Error Recovery (Reliability)
• Segmentation, Reassembly, and In-Order Delivery
• Comparing TCP and UDP
• Operation of Transport Layer Ports
• Connecting to Servers Well-Known Ports
• Comparing Well-Known, Dynamic, and Registered
  Ports
• Comparing MAC Addresses, IP Addresses, and Port
  Numbers
• Summary

3
TCP and UDP Operation

• The TCP/IP transport layer includes several
  protocols, the most important are
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP).
• TCP provides several more functions
• The main goal of the transport layer can be
  summarized as follows
• - to provide the function of taking data from
  one application process on one computer
• - delivering that data to the correct
  application process on another computer.

4
Comparing TCP and UDP
5
Flow Control and Windowing

• When a host sends data using TCP, the receiving
  host can control how fast each TCP sender sends
  the data over time. This process is called flow
  control.
• The main reasons for flow control are time for
  data processing and limited memory on receiving
  side.
• Two forms of flow control
• dynamic sliding windows
• withholding acknowledgments.

6
Flow Control Through Dynamic Sliding Windows

• The receiver tells the sending host how many
  bytes the
• sending host can send before it receives an
• acknowledgment a value called a window.
• When the sending host sends an entire windows
• worth of data, it must wait on an acknowledgment,
  thereby
• slowing its rate of sending data.

7
Dynamic Windowing

• 1. PC2 sends a segment to PC1 in which the Window
  field in the header is set to 3000. This means
  that PC2 grants PC1 the right to send 3000 bytes
  to PC2.
• 2. PC1 sends PC2 3000 bytes via three 1000-byte
  segments.
• 3. PC1 has sent all 3000 bytes, but it has not
  received any acknowledgments therefore, it must
  wait.
• 4. PC2 sends PC1 an acknowledgment, and this time
  it grants a slightly larger 4000-byte window.
• 5. PC1 now sends four 1000-byte segments.

8
Withholding Acknowledgments

• 1. PC2 sends a segment to PC1 in which the Window
  field in the header is set to 3000. This means
  that PC2 grants PC1 the right to send 3000 bytes
  to PC2.
• 2. PC1 sends PC2 3000 bytes via three 1000-byte
  segments.
• 3. PC2 has received all 3000 bytes but
• needs more time to process the data.
• 4. Instead of immediately acknowledging receipt
  of the segments, PC2 waits until it can catch up
  on the work and then sends an acknowledgment.
• Note PC2 did not increase the window size at
  Step 4 because it is already having
• difficulty processing 3000 bytes at a time.

This process of withholding acknowledgments is
sometimes referred to as start/stop flow control.
9
Establishing and Terminating TCP Connections

• Connection-oriented protocols (including TCP) use
  messages, events, or other prearranged settings
  on the communicating devices before they allow
  any end-user communication to occur.
• TCP also allows two computers to agree to many
  other settings before the hosts attempt to send
  any end-user data.
• TCP uses a process called a three-way handshake
  to create a new TCP connection and to initialize
  the various numbers used to control and manage a
  TCP connection.

10
Three-Way TCP Connection Establishment

• 1. The first segment has a SYN flag set but does
  not have the ACK flag set. This means that the
  SYN bit in the TCP header is set to binary 1, and
  the ACK flag is set to binary 0.
• 2. The second segment has both SYN and ACK set.
• 3. The third and ongoing segments have only the
  ACK bit set.

11
Denial-of-Service Attacks and SYN Floods

• A network attack that is primarily intended to do
  harm is called a
• denial-of-service (DoS) attack.
• A SYN flood attack is one of the most common
  types of DoS attacks.
• A SYN flood occurs when a hacker sends a lot of
  TCP segments to a server, with each segment
  looking like a new request for a new TCP
  connection.
• However, the attacker never sends the
• third segment in the connection
• establishment request.

12
TCP Error Recovery (Reliability)

• TCP is a reliable protocol at least as far as
  networking terminology is concerned.
• In networking, reliable protocols perform error
  recovery, which means that they ensure that all
  the data eventually gets to the receiver, even if
  some data is lost in transit.
• The practice of acknowledging data by stating the
  next byte expected to be received, rather than
  identifying the last byte received, is called a
  forward acknowledgment or
• expectational acknowledgment.

13
TCP Acknowledgments with No Error Recovery Needed

• TCP uses two TCP header fields
• the Sequence Number and Acknowledgment Number
• Fields to tell the other computer whether a
  segment was received.
• The sequence number keeps
• track of all the bytes sent over a TCP connection
  by numbering the first byte of data inside each
  segment.

14
TCP Error Recovery

• TCP performs error recovery by having the
  receiving host send an acknowledgment that
  implies some data was lost.
• The PCs recover some lost data, using a process
  called Positive Acknowledgment with
  Retransmission (PAR).

15
Segmentation, Reassembly, and In-Order Delivery

• TCP segmentation refers to the process of TCP
  accepting a large chunk of data from the
  application protocol and breaking it into pieces
  that are small enough to be appropriate for
  transmission
• through the internetwork.
• The data portion of a TCP segment is typically
  limited to 1460 bytes.
• The maximum length of the TCP Data field is
  referred to as the
• maximum segment size (MSS).
• TCP on the receiving computer reassembles the
  data into its original form.
• TCP provides a guarantee of in-order delivery.

16
TCP Providing In-Order Delivery

• 1. PC2 sends two segments. The first segment
  (sequence number 1) is routed over the slow high
  route.
• 2. Router R2 sends the second segment (sequence
  number 1001) over the fast low route.
• 3. The second segment sent arrives before the
  first segment sent, so PC1 copies the segment
  into a memory buffer.
• 4. The first segment sent arrives next.
• 5. The first segment sent (sequence number 1)
  should be in front of the segment with sequence
  number 1001, so PC1s TCP software stores this
  data in the correct order in its memory buffer.

17
Comparing TCP and UDP
Popular Applications and Transport Layer Protocols
18
Comparing TCP and UDP (Continued)
TCP and UDP Headers
19
Comparing TCP and UDP (Continued)
TCP Header Fields
UDP Header Fields
20
Operation of Transport Layer Ports

• Both UDP and TCP provide a means to identify
• the specific application process that was the
  source of the data and
• the application process that is the destination
  for the data.
• TCP and UDP use port numbers.
• Each application uses a different local port
  number, identifying each of the different
  application processes.

21
Using Port Numbers to Identify the Correct
Application Process

• 1. An IP packet with a TCP segment inside it
  arrives at the PC. Because it is a TCP segment,
  IP gives the segment to the TCP software inside
  the computer.
• 2. TCP examines the destination port number in
  the header. The destination port number
  identifies the application process on the
  destination computer (Keith).
• 3. Based on a value of 1031 in the Destination
  Port Number field, the PCs TCP software gives
  the data to Browser2.

The shown port numbers are called dynamic port
numbers because the host computer dynamically
picks which port number to use for each
application process.
22
Connecting to Servers Well-Known Ports

• Servers cannot use dynamic port numbers because
  the clients that use the server must know ahead
  of time what port number the server uses.
• TCP/IP defines well-known (or static) ports, each
  reserved for use by a specific application
  protocol.
• When a client connects to a server, the client
  already knows what well-known port the server
  should be using.

23
Client Connecting to Well-Known Port of a Web
Server (80)

• 1. Keiths browser sends the segment as shown,
  with a destination port of 80.
• 2. The segment has a source port of 80 because it
  comes from the web server, and the destination
  port matches the port used on Keiths computer.

24
Popular Applications and Their Well-Known Port
Numbers
25
Using Port Numbers to Identify the Correct
Application Process
26
Comparing Well-Known, Dynamic, and Registered
Ports

• The Internet Assigned Numbers Authority (IANA
  www.iana.org) assigns the values for wellknown
  ports and the values for a similar concept called
  registered port numbers.
• The difference between well-known and registered
  ports is that registered ports are assigned to
  servers that the average end user can start.
  Well-known ports are used only for applications
  typically controlled by IT staff.
• However, web services, FTP services, and e-mail
  services, which are usually controlled by IT
  staff in a typical company, use well-known port
  numbers.

27
Uses of Port Numbers
28
Port Number Used on Your PC

• Most operating systems (OSs) include commands
  that display the port numbers used on that
  computer.
• Microsoft OSs support the netstat -an command to
  display the currently used TCP and UDP port
  numbers.
• To see some useful output from this command,
  create a new TCP connection by opening a web
  browser and loading a web page.
• Then, use the netstat -an command to view the TCP
  connection, along with the port number used on
  your
• PC and the web server.

29
Comparing MAC Addresses, IP Addresses, and Port
Numbers

• MAC addresses, IP addresses, and port numbers all
  perform some role
• in addressing, or identifying, the senders and
  intended recipients of data.
• - MAC addressesDefine the physical addressing
  of LAN NICs, which allows frames to be delivered
  over a LAN.
• - IP addressesDefine logical (meaning not
  physical) addresses that define a way to group
  addresses (subnets), and define a routing process
  to allow end-to-end delivery of packets between
  hosts.
• - Port numbersIdentify the application
  processes on the sending (source port) and
  receiving (destination port) computers. Port
  numbers do not define any methods of sending data
  over a physical network or any means to deliver
  data end to end over an internetwork.

30
Socket

• In the world of TCP and UDP, a socket is a set of
  three things
• - The computers IP address
• - The transport protocol (TCP or UDP)
• - The port number used by an application
• For example, a web server whose IP address is
  10.1.1.1, using the well-
• known port for HTTP, would be using a socket of
  (10.1.1.1, TCP, 80).

31
Summary

• The primary duty of the transport layer, which is
  OSI model Layer 4, is to provide the service of
  taking data from one application process on one
  computer and delivering the data to the correct
  application process on another computer.
• UDP essentially provides only the basic delivery
  and identification of applications using port
  numbers.
• TCP provides several additional functions,
  including reliability (error recovery), flow
  control, segmentation and reassembly, and
  in-order data delivery.
• Flow control ensures that a transmitting node
  does not overwhelm a receiving node with data.

32
Summary (End)

• The term Positive Acknowledgment with
  Retransmission (PAR) refers to the process of
  explicitly acknowledging received data, with the
  sender resending any unacknowledged segments.
• A port number must be associated with the
  conversation between hosts to ensure that the
  packet reaches the appropriate service on the
  server. Port numbers have the following assigned
  ranges
• - The well-known ports are those from 0 through
  1023.
• - The registered ports are those from 1024
  through 49,151.
• - The dynamic and/or private ports are those
  from 49,152
• through 65,535