Lecture 2: IP addresses, TCP and UDP

1
Lecture 2 IP addresses, TCP and UDP

• This lecture will cover
• The whole thing (how your email gets to you)
• More about IP addresses.
• How names become IP addresses.
• TCP and UDP
• ICMP
• More Information
• Bertsekas/Gallager Section 2.8-2.9
• Tanenbaum Section 6.1-6.4

2
Reminder from last lecture

• IP sends data from place to place. TCP or UDP
  sit above it at either end.
• When you use the internet you use addresses like
  http//manor.york.ac.uk or dave_at_hotmail.com
• These addresses must then be converted to an IP
  address e.g. 144.32.100.24
• This means that data (packets) can get from A to
  B.
• But what happens if data is lost, how do we know
  where they are going to and how can we put
  packets back together into data?

3
The Internet - emailing a friend
your computer
university of york
G/169 router
JANET
transatlantic cable
LAN
your friend's computer
US backbone
4
Domain Name System (DNS)

• DNS takes the human readable name and converts it
  to octets.
• On a unix machine you can try this using
  nslookup. (Linux users may prefer dig).

manor.york.ac.uk 1 nslookup www.ntk.net Server
castle2.york.ac.uk Address 144.32.128.5 Non-aut
horitative answer Name vwww.flirble.org Addre
ss 195.40.6.34 Aliases www.ntk.net
Question
Answer
5
DNS(2)
generic/US
national
TLDs (Top Level Domains)
com
org
gov
mil
net
jp
uk
nl
sun
ac
vnvnation
co
org
musicnonstop
eng
www
york
ic
manor
www
doc
www
src
6
DNS (3)
7
Routing Tables

• How do packets know where to go?
• This problem is known as routing.
• The oldest (and easiest) solution is static
  routing.
• Each computer has a table saying where to go to
  get to each other computer.
• On a Local Area Network (LAN) list all machines
  on your subnet and the address of the external
  router for everything else.
• Most machines only need to know how to get to
  their nearest router. Much more will be said
  about routing later in the course

8
TCP and UDP

• Once weve got our IP packet safely to its
  destination what happens next?
• Having stripped off the header, the first thing
  we find is another header.
• The second header provides information on which
  port to enter the machine on and where to send
  the reply.
• It also provides a checksum to check the data is
  valid.
• UDP will do nothing else. TCP will ensure that
  the connection is lossless.

9
What are ports?

• Ports are conceptual points of entry into a
  host computer.
• They do not correspond with real hardware but are
  an abstraction for convenience.
• Usually a service is associated with a port (e.g.
  http on port 80).
• Servers listen on a port for connection
  attempts.
• Ports provide one level of internet security.
• Generally, low number ports (lt 100) are reserved
  for special services.

10
Common Services and Ports

• Service Listens on Port
• ftp 21
• telnet 23
• smtp (mail) 25
• finger 79
• http 80
• User configured services (your Half-Life server?)
  will listen on high numbered ports which are
  usually left open to all users.

11
UDP data

• User Datagram Protocol the header is shown
  below.
• Length and checksum are as for IP.

12
About UDP

• Provides a lossy connection (data may vanish).
• Does not guarantee packets are delivered in
  order.
• Useful for real time applications. (It is no use
  having your Quake III information arriving
  correctly but ten seconds late).
• UDP applications can implement their own packet
  loss checking but it is best to use TCP for this.

13
The TCP header

• The TCP header is shown below

14
About the TCP header

• Sequence number (what is the order of this
  packet) incremented by 1 for every packet.
• Acknowledgement number (what packet sequence
  number does this acknowledge).
• Header length (how many 32 bit words are in
  options).
• Flags SYN start connection, ACK acknowledge
  packet, FIN finish connection.
• (Three other flags, URG, RST, PSH).

15
TCP header (2)

• Window size will be described in more detail
  later (it sets how many unacknowledged packets
  may exist).
• Checksum is as for IP and UDP.
• Urgent Pointer points to part of the data that
  must be looked at by the receiver before the TCP
  session (rarely used).
• Offsets says how long the options field is (the
  options field can contain other things extra
  facilities that TCP might implement).

16
About TCP

• TCP provides a lossless connection (or flags an
  error when losses occur).
• Data packets are given an order and can be
  reassembled.
• TCP provides some limited congestion control.
• TCP is most useful for applications where data
  validity is important but real-time is not
  critical (email, www, ftp).
• TCP packets are part of a TCP session.

17
TCP connections

• This diagram shows the start of a TCP connection.

A sends packet X with SYN. Hello I would like
to talk. B sends a SYN, ACK pair I got
your message. I would also like to talk A sends
an ACK (and some data) I got your message, here
is some data.
18
TCP mechanisms

• The window size is the number of outstanding
  (unacknowledged) packets that that a TCP session
  can send.
• The window size provides a crude method for
  congestion control.
• The window size increases to allow more packets
  to be sent (it increases throughput).
• If a packet is lost then the window is reduced
  again.

19
TCP lost packets

• When a packet is received out of sequence the
  receiver sends an ACK with the same number as the
  previous.
• If the sender receives three duplicate ACKs then
  it assumes the packet has been lost and resends.
• If the sender has not received an ACK for a
  packet within a certain amount of time then it
  times out and assumes the packet lost.
• Packet loss causes the packet to be resent and
  the congestion window to be reduced.

20
TCP Window Increase/Decrease
Congestion window
The initial doubling of the window size is called
slow start.
Timeout
Threshold
Threshold
Transmission no
21
Closing a TCP/session an interesting dilemma
(aside)

• How can we close a TCP session and stop listening?

22
ICMP

• Internet Control Message Protocol packets are
  used for various control purposes. Here are some
  common ones
• Time exceeded TTL hit 0.
• Echo request Can you hear me out there?
• Echo reply Yes I can hear you.
• Source Quench Stop sending so much data.
• Timestamp request/reply (as echo but with times).

23
The story of ping

• Ping is a handy utility for checking if a
  computer is alive using ICMP echo request/reply
  (or timestamp if we want).
• Ping is a first test if a computer is networked.
• We can even measure the speed of light using
  ping. http//xxx.lanl.gov/abs/physics/0201053
• Hacking makes it increasingly unused.

manor.york.ac.uk 20 ping -s castle.york.ac.uk PIN
G castle2.york.ac.uk 56 data bytes 64 bytes from
castle2.york.ac.uk (144.32.128.5) icmp_seq0.
time1. ms 64 bytes from castle2.york.ac.uk
(144.32.128.5) icmp_seq1. time1. ms 64 bytes
from castle2.york.ac.uk (144.32.128.5)
icmp_seq2. time1. ms 64 bytes from
castle2.york.ac.uk (144.32.128.5) icmp_seq3.
time1. ms
24
Traceroute

• Traceroute neatly combines ping and the TTL flag
  to get a route to a computer.
• If the TTL is one the the packet will die after
  one hop.
• ICMP will return a Time exceeded flag.
• This will tell us where the first hop of our
  journey is.
• Increase the TTL by one to find the next hop.

25
ICMP tourism (with traceroute)
This shows the trip from Estonia to my flat in
Fulford via my Internet Service Provider (ISP)
V21 in Rochdale
traceroute to host213-121-67-224
(213.121.67.224) 2-20 hops, 38 byte packets 2
213.180.11.162
tondi-CR.online.ee 1.62 ms (ttl127) 3
213.180.25.1
liiva-CR.online.ee 1.82 ms (ttl126) 4
213.180.11.189
tix-CR.online.ee 2.16 ms (ttl125) 5
212.47.215.6 r1-Fa4-0-80-Tln-TIX.EE.KPNQwest.n
et 2.28 ms (ttl251) 6 134.222.224.5
r5-AT3-1.105.sthm-KPN1.SE.kpnqwest.net 12.2 ms
(ttl250) 7 134.222.119.226 r2-Ge0-2-0-0.Sthm-K
Q1.SE.KPNQwest.net 34.3 ms (ttl246!) 8
134.222.230.157 r2-Se0-3-0.hmbg-KQ2.DE.KPNQwest.n
et 33.4 ms (ttl247!) 9 134.222.230.117
r2-Se0-2-0.0.ffm-KQ1.DE.kpnqwest.net 34.1 ms
(ttl249!) 10 134.222.230.29
r2-Se0-3-0.0.ledn-KQ1.NL.kpnqwest.net 39.6 ms
(ttl248!) 11 134.222.230.169
r1-Se0-0-0.0.ldn-KQ1.UK.kpnqwest.net 43.7 ms
(ttl246!) 12 134.222.231.14
r1-Se0-0-0.0.Ldn-KQ4.UK.KPNQwest.net 44.9 ms
(ttl245!) 13 134.222.109.241
r13-Gi5-0.200.ldn-KQ4.UK.kpnqwest.net 45.4 ms
(ttl245!) 14 195.66.225.10
linx-l1.ukcore.bt.net 45.2 ms (ttl244!) 15
194.74.65.126 core2-pos14-0.ilford.ukcore.bt.n
et 45.3 ms (ttl243!) 16 194.74.65.222
core2-pos5-0.reading.ukcore.bt.net 46.7 ms
(ttl242!) 17 62.6.196.109
core2-pos8-0.birmingham.ukcore.bt.net 54.3 ms
(ttl241!) 18 194.74.16.194
core2-pos9-0.rochdale.ukcore.bt.net 51.0 ms
(ttl240!) 19 217.32.168.5
vhsaccess1-gig1-0.rochdale.fixed.bt.net 51.1
ms (ttl239!) 20 213.121.156.22
ugint0066-p.vhsaccess1.rochdale.fixed-nte.bt.net
51.3 ms (ttl238!)
26
The journey of email
SYN SYN,ACK ACK
Set up the TCP connection
Look up IP name for distant.com
Dav
e, Gr
eat
to s
To dave_at_distant.com From richard_at_manor Dave,
Great to see you the other day...
Packetise the data
Dav
Dav
Get first hop from routing table
Add TCP header to first packet
Add IP header to front of that
Send the first packet to its first hop
Destination gets packet and returns ACK
And so on for further hops.
Start sending rest of data