Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

npch2

advertisement 
Transport Layer: TCP and UDP
• Overview of TCP/IP protocols
• Comparing TCP and UDP
• TCP connection: establishment, data transfer,
and termination
• Allocation of port numbers
• Size matters: MTU, datagram, MSS, buffer
• Standard Internet services and applications
• Debugging techniques and tools
1
Overview of TCP/IP Protocols
tcpdump
IGMP
mrouted
ICMP
ARP/RARP
BPF/DLPI
ping
traceroute
TCP
IPv4
UDP
applications
ICMPv6
IPv6
datalink
2
Comparing TCP and UDP
TCP
UDP
Binding between Yes (connection- No (connectionclient and server oriented)
less)
Data
Byte-stream
Record
Reliability
Sequencing
Flow control
Full-duplex
Yes (ack, timeout, retx)
Yes
No
Yes (windowbased)
Yes
No
No
Yes
3
TCP Connection: Establishment
Three-way handshake
client
socket
connect (blocks)
(active open) SYN_SENT
server
SYN j
SYN k, ack j+1
ESTABLISHED
connect returns
ack k+1
socket,bind,listen
LISTEN(passive open)
accept (blocks)
SYN_RCVD
ESTABLISHED
accept returns
read (blocks)
TCP options (in SYN): MSS (maximum segment size) option,
window scale option (advertized window up to 65535x2^14, 1GB),
timestamp option (the latter two: long fat pipe options)
4
TCP Connection: Data Transfer
client
write
read(blocks)
server
request
reply
ack of request
read returns
read returns
(server processes request)
write
read(blocks)
ack of reply
5
TCP Connection: Termination
Four-way handshake
client
close
(active close) FIN_WAIT_1
server
FIN m
ack m+1
FIN_WAIT_2
TIME_WAIT
1~4 mins
FIN n
ack n+1
CLOSE_WAIT (passive close)
read returns 0
close
LAST_ACK
CLOSED
CLOSED
TIME_WAIT to allow old duplicate segment to expire for reliable termination
(the end performing active close might have to retx the final ACK)
6
TCP State Transition Diagram
CLOSED
appl:passive open
send:<nothing>
LISTEN
recv:SYN,send:SYN,ACK
recv:RST
SYN_RSVD
recv:ACK
send:<nothing>
recv:SYN
SYN_SENT
recv:SYN,ACK
send:ACK
ESTABLISHED
recv:FIN
(simultaneous close)
send:ACK
CLOSING
recv:FIN,ACK
send:ACK
passive
close
CLOSE_WAIT
(data transfer state) recv:FIN
send:ACK
appl:close
send:FIN
FIN_WAIT_1
appl:close
or timeout
send:SYN,ACK
(simultaneous open)
recv:ACK
send:<nothing>
active
close
appl:active open
send:SYN
appl:close
send:FIN
LAST_ACK
recv:ACK
send:<nothing>
recv:ACK
send:<nothing>
2MSL timeout
FIN_WAIT_2
recv:FIN
send:ACK
TIME_WAIT
7
Allocation of Port Numbers
IANA
well-known ports
IANA
(Internet Assigned
Numbers Authority)
BSD
1
Solaris
1023 1024
BSD
reserved ports
1
IANA
registered ports
49151 49152
BSD
ephemeral ports
1023 1024
rrsevport
513-1023
IANA
dynamic or private ports
65535
BSD
nonprivileged servers
50000 50001
65535
Solaris
ephemeral ports
32768
65535
8
Multiple Sockets with the Same Port
(in Concurrent Server)
listening socket
server
(*.21,*.*)
connected socket
server
(child1)
(206.62.226.35.21,
198.69.10.2.1500)
client1
(198.69.10.2.1500,
206.62.226.35.21)
client2
(198.69.10.2.1501,
206.62.226.35.21)
connected socket
server
(child2)
(206.62.226.35.21,
198.69.10.2.1501)
All TCP segments destined for port 21, with socket pairs different from
(206.62.226.35.21,198.69.10.2.1500) and (206.62.226.35.21,198.69.10.2.1501),
are delivered to the original server with the listening socket.
9
Size Matters:
MTU, datagram, TCP MSS, buffer
• Link MTU (maximum transmission unit): Ethernet
MTU: 1500 bytes, PPP MTU: configurable
• Path MTU: the smallest link MTU in the path, can
be discovered by IP DF (don’t fragment) bit
• Maximum IP datagram: 65535 (IPv4), 65575
(IPv6) (IPv6 has 32-bit jumbo payload option),
minimum IP reassembly buffer size
• TCP MSS (maximum segment size): actual value
of reassembly buffer size, often the link MTU
minus IP and TCP headers, to avoid fragmentation 10
TCP Output and UDP Output
application
application buffer
write
TCP
application
sendto
user process
kernel
socket send buffer
(SO_SNDBUF)
UDP
MSS-sized TCP
segment
IP
no buffering
but SO_SNDBUF
exists
UDP datagram
IP
MTU-sized packet
output queue
datalink
application buffer
MTU-sized packet
output queue
datalink
11
Standard Internet Services and Applications
• Standard services provided by inetd daemon:
echo/port7/RFC862, discard/port9/RFC863,
daytime/port13/RFC867, chargen/port19/RFC864,
time/port37/RFC868
• tested by “telnet machine service”, service mapped
by /etc/services
• Common application types: diagnostic, routing
protocol, datagram, virtual circuit, etc.
12
Protocol Usage of Various Common Applications
Application
Ping
Traceroute
OSPF
RIP
BGP
BOOTP
DHCP
NTP
TFTP
SNMP
SMTP
Telnet
FTP
HTTP
NNTP
DNS
NFS
RPC
IP
ICMP
x
x
UDP
TCP
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
x
13
Debugging Techniques and Tools
• System call tracing: truss (in SVR4), ktrace &
kdump (in BSD) (Note that socket is a system call
in BSD, while putmsg and getmsg are the actual
system calls in SVR4)
• sock developed by W.R. Stevens: used to generate
special case conditions, as stdin/stdout client,
stdin/stdout server, source client, sink server
• tcpdump: dump packets matching some criteria
• netstat: status of interfaces, multicast groups, perprotocol statistics, routing table, etc.
• lsof (list open files): which process has a socket
open on a specified IP address or port
14
Related documents
TCP Split Handshake Attack
TCP Split Handshake Attack
Chapter 2
Chapter 2
midterm-review
midterm-review
Q13 Why do manufacturers of network hardware and software follow
Q13 Why do manufacturers of network hardware and software follow
Transportation Layer (2)
Transportation Layer (2)
TCP FIN TCP FIN
TCP FIN TCP FIN
Shakin' Hands and Living in SYN
Shakin' Hands and Living in SYN
Download
advertisement