ITECH1102 Networking and Security Topic 6 – The Transport Layer (TCP & UDP)
Last week Last week: The Network Layer is concerned with IP addressing and Routing. The Network layer is responsible for Host to Host communications Each network on the Internet has a unique network ID. (Top part of associated IP address) All IP addresses consist of Network part (left most bits) and Node part (rightmost bits) The subnet mask (or CIDR value) tells us which bits are network and which are node. A computer often gets IP settings from a local DHCP server There are two version of IP (IPv4 & IPv6) DNS translates machine names (eg www.abc.net.au to its associated IP address) There are two types of IP addresses, Private & Public) Network Address Translation is used to allow private addresses to get Internet access Routers are only concerned with sending IP packets one step towards their destination. ITECH1102 Networking & Security
Review of what we know to date Data Link Layer It delivers network packets to the MAC address of a device on the local network. Two choices are: Deliver to intended destination. (This is a local delivery) This occurs when the source & destination network addresses are the same. Send the packet to the local router. (This is a remote delivery) This occurs when the source & destination network addresses are different. It is the role of routers to work together to deliver packets to a remote host computer. ITECH1102 Networking & Security
Review of what we know (continued) Network Layer The IP address of any host identifies its location on the Internet. Individual routers are only concerned with sending a packet one hop towards its destination. Routers use routing protocols (RIP, OSPF, BGP) to maintain their routing tables. Routing tables specify the Interface & next hop for each destination network. The IP address contains the network ID of each IP packet. The subnet mask is used to compute the network ID. The next part of the puzzle: How does network traffic identify the correct destination application on the destination host? How do we ensure the network traffic has arrived without errors? ITECH1102 Networking & Security
Networking’s levels of addressing Different layers of the Internet model address different networking entities as described below. Data Link Layer: Addresses local devices via their MAC address. Network Layer: Address local and remote hosts by their IP address. Upper bits of the IP address, address the IP network. Lower order bits address the individual host. Transport Layer: Ports address individual application sessions. Well known ports are used for server applications. Other ports are used for client sessions. ITECH1102 Networking & Security
Protocol Data Units at each layer When discussing networking, the data units that are generated at the different layers of the TCP/IP model are given specific names as follows: Transport Layer: TCP Segment (Segment, Packet) UDP Datagram Network Layer: IP Datagram Data Link Layer: Frame (Eg. Ethernet frame) Physical Layer: Bits (Binary Digit) ITECH1102 Networking & Security
Why do we need the Transport Layer? Computers run multiple user applications concurrently: Browser Email Streaming Video etc. Part of the Transport Layers role is to ensure that: Each application has access to the network. (This is called multiplexing) Each application can be distinguished from other applications that are running on the computer. It may also be a requirement of an application that data arrives without errors, but this is not always the case. ITECH1102 Networking & Security
Transport Layer topics we will cover are: Segmentation/Reassembly Individual identification of applications (Port numbers) Transport Layer Services: - UDP (unreliable service) - TCP (reliable transport service) TCP connections (establishment and termination) Flow control ITECH1102 Networking & Security
1. Segmentation and Reassembly Applications often send large streams of data for delivery. (Example – web page images, file transfers etc.) The Transport Layer breaks up large chunks of data into manageable sized segments so the Network layer (routers) are able to handle them and so multiple applications can each get access to the network (this is called multiplexing). At the destination, the segmented data must be reassembled by the transport layer back into the format sent by the sending application. This is called reassembly. Reassembly may also involve reordering in cases where packets were delivered out of order. ITECH1102 Networking & Security
2. Identification of Applications (Sockets) User’s computers normally run multiple networked applications concurrently. For instance a Browser, an email client and skype. The transport layer allocates each client application a port number to distinguish it from other networked applications running on that computer. Server daemons running on network servers are also allocated port numbers. The combination of IP address and port number therefore allows client applications to specify a particular server daemon. It also allows server daemons to distinguish between different applications and different sessions (Eg different browser tabs) running on a client computer. In summary: Each host is identified by its IP address. Each client application on that host is identified by a unique port number. The combination of Host IP and associated port number is called a Socket. ITECH1102 Networking & Security
IP addresses, Ports and Sockets Each IP address has associated with it 65536 ports ( numbered 0 – 65535). Sockets can be written as follows: 192.168.22.33:47658 Each end of a transport layer (UDP or TCP) conversation is identified by a socket. To view active sockets on Windows we use Netstat. It may require administrator privilege. ITECH1102 Networking & Security
Server Application (Daemon) Server Port numbers Port numbers 0 – 1023 are reserved for server daemons. These 1024 port numbers are also called Well-known ports. Specific server applications are allocated specific port numbers: Port Number Server Application (Daemon) 20 FTP - Data 109 POP2 21 FTP - Control 110 POP3 22 SSH 118 SQL 53 DNS 546 DHCP Client 80 HTTP 547 DHCP-Server 443 HTTPS 25 SMTP ITECH1102 Networking & Security
User application Port numbers User applications dynamically select an unused port number above 1023 when they connect to the network. Hence each application and even different tabs (sessions) of a user application like Firefox will each have different source port numbers. This allows server applications to uniquely identify different applications and even different sessions (browser tabs) that are running on the same computer. Because server daemons use specific port numbers, user applications know how to address requests to sever applications. (So both source and destination can uniquely identify each other). ITECH1102 Networking & Security
3. Transport layer services with UDP User Datagram Protocol (UDP) provides basic transport services for network applications. The UDP header specifies the source and destination port numbers, the length of the UDP header (in bytes) and a checksum. In UDP communications no checking is done to ensure packets arrive safely. UDP is an ideal transport protocol for streaming video and audio because of its speed and efficiency. UDP is also a stateless protocol. ITECH1102 Networking & Security
Stateless protocols A stateless protocol is a communications protocol that treats each request as an independent transaction that is unrelated to any previous request. Such protocols consists of independent pairs of requests and responses. Because each transmission is a totally independent event. A statement like send the next 10 bytes of data has no meaning in stateless protocols because there is no concept of state (or history). This also means that UDP requests must be 100% specific as to what they want the destination to do. For instance a UDP request as part of a file transfer would need to specify within the request the specific location within the destination file where the packet’s data must be placed (Eg. bytes 204 to 276), and all details of the file such as its full name (file123.txt) and absolute path (/home/user/myGames/). ITECH1102 Networking & Security
3. Transport Layer services with TCP (Transmission Control Protocol) The Sequence Number tracks the progress of data transfers. It is initialised during the connection phase (3-way handshake) Important fields of the TCP header are: Sequence Number Acknowledgement number Flags Window Size The Source and Destination port numbers provide the same functionality as UDP. Acknowledgement numbers confirm the successful delivery of data. Flag bits indicate the function being performed by the TCP segment. The Windows Size field implements flow control between source and destination. ITECH1102 Networking & Security
Benefits of TCP TCP is a connection oriented protocol. It guarantees reliable and in-order delivery of data from sender to receiver. Prior to sending data the sender and receiver must setup a connection. During the connection setup the sender and receiver exchange sequence numbers for use throughout the conversation. The sequence numbers are used to track data transfers throughout the session. Acknowledgements are used throughout the session to confirm the successful delivery of data. The sequence numbers and the associated acknowledgements are the basis of reliable communications. Because TCP must establish connections and send acknowledgements TCP is a slower protocol than UDP. Hence UDP is often preferred for time critical applications like video and audio. ITECH1102 Networking & Security
TCP Timers – (detecting lost segments) TCP employs timers to detect lost Transport layer segments. A sender starts a timer each time it sends a TCP segment. If an acknowledgement has not been received within the timeout period the sender assumes that packet is lost and so resends it. This can lead to duplicate segments on the network, but is useful for detecting lost segments. ITECH1102 Networking & Security
This TCP segment is acknowledging received data. Indicates this network segment (packet) is sending the initial sequence number (ISN) for use throughout the connection. TCP Flags The Flags field of the TCP header contains numerous flags (Booleans) that indicate the function of the TCP segment. Flags are either On or Off. TCP Flags SYN (Synchronise sequence numbers) ACK (Acknowledgement segment) FIN (Close a connection) RST (Abort a connection due to an error) PSH (Don’t buffer data, instead send it immediately) URG (Prioritize this packet) This TCP segment is acknowledging received data. ITECH1102 Networking & Security
4. TCP connection establishment & Termination TCP connections can last the duration of a session between a user application and a server daemon or connections can be setup and terminated regularly throughout a session. TCP connections are setup using a 3-way handshake. The three way handshake does the following: Facilitates the two ends of a connection to establish communication settings for the upcoming data transfers. Establishes an initial sequence number (ISN) between the client and server. Establishes a different ISN for communications in the opposite direction. ITECH1102 Networking & Security
3 way handshake Step 1: The client initiates a connection. It sends an Initial Sequence Number (ISN) to the destination. Sets the SYN flag to indicate the TCP segment is initiating a connection. Step 2: The server responds. The server acknowledges the client request. ( Ack # = client’s ISN + 1) The server sends its ISN (different to above) to the client. The SYN and the ACK flags are set. Step 3: The client acknowledges the server’s response (Ack # = server’s ISN +1) The ACK flag is set. Reliable data transfers can now proceed between the client and the server. ITECH1102 Networking & Security
How acknowledgements work!! The sequence number and acknowledgement number fields in TCP headers are 32 bit fields. Hence they tend to be quite large numbers. Wireshark displays Sequence numbers & Acknowledgement numbers relative to the initial sequence numbers setup during the 3-way handshake. This means the initial sequence number displays as seq=0 and subsequent sequence numbers are relative to zero. This makes readability of seq # & ack # easier to comprehend in Wireshark. Acknowledgement numbers sent from a receiver ( Eg Ack=55) indicate that all data bytes (54 of them) prior to the acknowledgement number have been successfully received and the next byte it expects to receive is byte number 55. ITECH1102 Networking & Security
A Typical exchange between client & server Client sends its Initial Sequence Number to the server (Seq = 0) The Server Acknowledges the setup request (Ack = 1) Server’s is indicating the next byte it expects is Byte # 1. Client sends 54 bytes to the server. Server responds with Ack = 55. Indicating the server has received the first 54 bytes and the next byte it expects to receive is byte # 55. This type of exchange occurs in both directions using the two sequence numbers setup during the 3-way handshake. ITECH1102 Networking & Security
A simple HTTP get interaction Segments 7 – 10: Server closes its connection with the client (FIN). Client sends its Ack. Client closes its connection with the server (FIN). Server sends its Ack. A simple HTTP get interaction Browser sends a HTTP Get to the server requesting a HTLM page. Server ack in next segment. 3-way handshake. SYN SYN, ACK ACK HTML Page is sent by the server to the Browser (client). Segments 1-3 3-way handshake. Segments 4-6 Exchange of data. Segments 7-10 Termination of the connections in both directions. ITECH1102 Networking & Security
5 – TCP Flow control Flow control is required by slow receivers to throttle the flow of data from fast senders. The Window Size field of the TCP header implements flow control. The value here specifies the maximum number of outstanding Bytes a sender can send without receiving a corresponding acknowledgement. A Receiver can slow or stop a sender from sending data by delaying acknowledgements. This mechanism is called sliding windows flow control. ITECH1102 Networking & Security
Tool Talk Linux command line: Wireshark: cp (copy) mv (move) . .. ~ * ? notations in copy and move commands Wireshark: HTTP traffic 3 way handshakes Capture filters ------- Demonstration ------- ITECH1102 Networking & Security
Next Week The Physical layer: Physical media Topologies (Physical and Logical) Encoding ITECH1102 Networking & Security