Download presentation
Presentation is loading. Please wait.
Published byCecily Douglas Modified over 9 years ago
1
www.ciscopress.com Routers and Routing Basics CCNA 2 Chapter 10
2
www.ciscopress.com 2 Intermediate TCP/IP TCP and UDP Operation Flow Control and Windowing Establishing and Terminating TCP Connections Denial-of-Service Attacks and SYN Floods TCP Error Recovery (Reliability) Segmentation, Reassembly, and In-Order Delivery Comparing TCP and UDP Operation of Transport Layer Ports Connecting to Servers: Well-Known Ports Comparing Well-Known, Dynamic, and Registered Ports Comparing MAC Addresses, IP Addresses, and Port Numbers Summary
3
www.ciscopress.com 3 TCP and UDP Operation The TCP/IP transport layer includes several protocols, the most important are: Transmission Control Protocol (TCP) User Datagram Protocol (UDP). TCP provides several more functions The main goal of the transport layer can be summarized as follows: - to provide the function of taking data from one application process on one computer - delivering that data to the correct application process on another computer.
4
www.ciscopress.com 4 Comparing TCP and UDP
5
www.ciscopress.com 5 Flow Control and Windowing When a host sends data using TCP, the receiving host can control how fast each TCP sender sends the data over time. This process is called flow control. The main reasons for flow control are time for data processing and limited memory on receiving side. Two forms of flow control: dynamic sliding windows withholding acknowledgments.
6
www.ciscopress.com 6 Flow Control Through Dynamic Sliding Windows The receiver tells the sending host how many bytes the sending host can send before it receives an acknowledgment — a value called a window. When the sending host sends an entire window’s worth of data, it must wait on an acknowledgment, thereby slowing its rate of sending data.
7
www.ciscopress.com 7 Dynamic Windowing 1. PC2 sends a segment to PC1 in which the Window field in the header is set to 3000. This means that PC2 grants PC1 the right to send 3000 bytes to PC2. 2. PC1 sends PC2 3000 bytes via three 1000-byte segments. 3. PC1 has sent all 3000 bytes, but it has not received any acknowledgments; therefore, it must wait. 4. PC2 sends PC1 an acknowledgment, and this time it grants a slightly larger 4000-byte window. 5. PC1 now sends four 1000-byte segments.
8
www.ciscopress.com 8 Withholding Acknowledgments 1. PC2 sends a segment to PC1 in which the Window field in the header is set to 3000. This means that PC2 grants PC1 the right to send 3000 bytes to PC2. 2. PC1 sends PC2 3000 bytes via three 1000-byte segments. 3. PC2 has received all 3000 bytes but needs more time to process the data. 4. Instead of immediately acknowledging receipt of the segments, PC2 waits until it can catch up on the work and then sends an acknowledgment. Note: PC2 did not increase the window size at Step 4 because it is already having difficulty processing 3000 bytes at a time. This process of withholding acknowledgments is sometimes referred to as start/stop flow control.
9
www.ciscopress.com 9 Establishing and Terminating TCP Connections Connection-oriented protocols (including TCP) use messages, events, or other prearranged settings on the communicating devices before they allow any end-user communication to occur. TCP also allows two computers to agree to many other settings before the hosts attempt to send any end-user data. TCP uses a process called a three-way handshake to create a new TCP connection and to initialize the various numbers used to control and manage a TCP connection.
10
www.ciscopress.com 10 Three-Way TCP Connection Establishment 1. The first segment has a SYN flag set but does not have the ACK flag set. This means that the SYN bit in the TCP header is set to binary 1, and the ACK flag is set to binary 0. 2. The second segment has both SYN and ACK set. 3. The third and ongoing segments have only the ACK bit set.
11
www.ciscopress.com 11 Denial-of-Service Attacks and SYN Floods A network attack that is primarily intended to do harm is called a denial-of-service (DoS) attack. A SYN flood attack is one of the most common types of DoS attacks. A SYN flood occurs when a hacker sends a lot of TCP segments to a server, with each segment looking like a new request for a new TCP connection. However, the attacker never sends the third segment in the connection establishment request.
12
www.ciscopress.com 12 TCP Error Recovery (Reliability) TCP is a reliable protocol — at least as far as networking terminology is concerned. In networking, reliable protocols perform error recovery, which means that they ensure that all the data eventually gets to the receiver, even if some data is lost in transit. The practice of acknowledging data by stating the next byte expected to be received, rather than identifying the last byte received, is called a forward acknowledgment or expectational acknowledgment.
13
www.ciscopress.com 13 TCP Acknowledgments with No Error Recovery Needed TCP uses two TCP header fields — the Sequence Number and Acknowledgment Number Fields — to tell the other computer whether a segment was received. The sequence number keeps track of all the bytes sent over a TCP connection by numbering the first byte of data inside each segment.
14
www.ciscopress.com 14 TCP Error Recovery TCP performs error recovery by having the receiving host send an acknowledgment that implies some data was lost. The PCs recover some lost data, using a process called Positive Acknowledgment with Retransmission (PAR).
15
www.ciscopress.com 15 Segmentation, Reassembly, and In-Order Delivery TCP segmentation refers to the process of TCP accepting a large chunk of data from the application protocol and breaking it into pieces that are small enough to be appropriate for transmission through the internetwork. The data portion of a TCP segment is typically limited to 1460 bytes. The maximum length of the TCP Data field is referred to as the maximum segment size (MSS). TCP on the receiving computer reassembles the data into its original form. TCP provides a guarantee of in-order delivery.
16
www.ciscopress.com 16 TCP Providing In-Order Delivery 1. PC2 sends two segments. The first segment (sequence number 1) is routed over the slow high route. 2. Router R2 sends the second segment (sequence number 1001) over the fast low route. 3. The second segment sent arrives before the first segment sent, so PC1 copies the segment into a memory buffer. 4. The first segment sent arrives next. 5. The first segment sent (sequence number 1) should be in front of the segment with sequence number 1001, so PC1’s TCP software stores this data in the correct order in its memory buffer.
17
www.ciscopress.com 17 Comparing TCP and UDP Popular Applications and Transport Layer Protocols
18
www.ciscopress.com 18 Comparing TCP and UDP (Continued) TCP and UDP Headers
19
www.ciscopress.com 19 Comparing TCP and UDP (Continued) TCP Header FieldsUDP Header Fields
20
www.ciscopress.com 20 Operation of Transport Layer Ports Both UDP and TCP provide a means to identify the specific application process that was the source of the data and the application process that is the destination for the data. TCP and UDP use port numbers. Each application uses a different local port number, identifying each of the different application processes.
21
www.ciscopress.com 21 Using Port Numbers to Identify the Correct Application Process 1. An IP packet with a TCP segment inside it arrives at the PC. Because it is a TCP segment, IP gives the segment to the TCP software inside the computer. 2. TCP examines the destination port number in the header. The destination port number identifies the application process on the destination computer (Keith). 3. Based on a value of 1031 in the Destination Port Number field, the PC’s TCP software gives the data to Browser2. The shown port numbers are called dynamic port numbers because the host computer dynamically picks which port number to use for each application process.
22
www.ciscopress.com 22 Connecting to Servers: Well-Known Ports Servers cannot use dynamic port numbers because the clients that use the server must know ahead of time what port number the server uses. TCP/IP defines well-known (or static) ports, each reserved for use by a specific application protocol. When a client connects to a server, the client already knows what well-known port the server should be using.
23
www.ciscopress.com 23 Client Connecting to Well-Known Port of a Web Server (80) 1. Keith’s browser sends the segment as shown, with a destination port of 80. 2. The segment has a source port of 80 because it comes from the web server, and the destination port matches the port used on Keith’s computer.
24
www.ciscopress.com 24 Popular Applications and Their Well-Known Port Numbers
25
www.ciscopress.com 25 Using Port Numbers to Identify the Correct Application Process
26
www.ciscopress.com 26 Comparing Well-Known, Dynamic, and Registered Ports The Internet Assigned Numbers Authority (IANA [www.iana.org]) assigns the values for wellknown ports and the values for a similar concept called registered port numbers. The difference between well-known and registered ports is that registered ports are assigned to servers that the average end user can start. Well-known ports are used only for applications typically controlled by IT staff. However, web services, FTP services, and e-mail services, which are usually controlled by IT staff in a typical company, use well- known port numbers.
27
www.ciscopress.com 27 Uses of Port Numbers
28
www.ciscopress.com 28 Port Number Used on Your PC Most operating systems (OSs) include commands that display the port numbers used on that computer. Microsoft OSs support the netstat -an command to display the currently used TCP and UDP port numbers. To see some useful output from this command, create a new TCP connection by opening a web browser and loading a web page. Then, use the netstat -an command to view the TCP connection, along with the port number used on your PC and the web server.
29
www.ciscopress.com 29 Comparing MAC Addresses, IP Addresses, and Port Numbers MAC addresses, IP addresses, and port numbers all perform some role in addressing, or identifying, the senders and intended recipients of data. - MAC addresses—Define the physical addressing of LAN NICs, which allows frames to be delivered over a LAN. - IP addresses—Define logical (meaning not physical) addresses that define a way to group addresses (subnets), and define a routing process to allow end-to-end delivery of packets between hosts. - Port numbers—Identify the application processes on the sending (source port) and receiving (destination port) computers. Port numbers do not define any methods of sending data over a physical network or any means to deliver data end to end over an internetwork.
30
www.ciscopress.com 30 Socket In the world of TCP and UDP, a socket is a set of three things: - The computer’s IP address - The transport protocol (TCP or UDP) - The port number used by an application For example, a web server whose IP address is 10.1.1.1, using the well- known port for HTTP, would be using a socket of (10.1.1.1, TCP, 80).
31
www.ciscopress.com 31 Summary The primary duty of the transport layer, which is OSI model Layer 4, is to provide the service of taking data from one application process on one computer and delivering the data to the correct application process on another computer. UDP essentially provides only the basic delivery and identification of applications using port numbers. TCP provides several additional functions, including reliability (error recovery), flow control, segmentation and reassembly, and in-order data delivery. Flow control ensures that a transmitting node does not overwhelm a receiving node with data.
32
www.ciscopress.com 32 Summary (End) The term Positive Acknowledgment with Retransmission (PAR) refers to the process of explicitly acknowledging received data, with the sender resending any unacknowledged segments. A port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server. Port numbers have the following assigned ranges: - The well-known ports are those from 0 through 1023. - The registered ports are those from 1024 through 49,151. - The dynamic and/or private ports are those from 49,152 through 65,535
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.