Transport Layer: TCP and UDP • Overview of TCP/IP protocols • Comparing TCP and UDP • TCP connection: establishment, data transfer, and termination • Allocation of port numbers • Size matters: MTU, datagram, MSS, buffer • Standard Internet services and applications • Debugging techniques and tools 1 Overview of TCP/IP Protocols tcpdump IGMP mrouted ICMP ARP/RARP BPF/DLPI ping traceroute TCP IPv4 UDP applications ICMPv6 IPv6 datalink 2 Comparing TCP and UDP TCP UDP Binding between Yes (connection- No (connectionclient and server oriented) less) Data Byte-stream Record Reliability Sequencing Flow control Full-duplex Yes (ack, timeout, retx) Yes No Yes (windowbased) Yes No No Yes 3 TCP Connection: Establishment Three-way handshake client socket connect (blocks) (active open) SYN_SENT server SYN j SYN k, ack j+1 ESTABLISHED connect returns ack k+1 socket,bind,listen LISTEN(passive open) accept (blocks) SYN_RCVD ESTABLISHED accept returns read (blocks) TCP options (in SYN): MSS (maximum segment size) option, window scale option (advertized window up to 65535x2^14, 1GB), timestamp option (the latter two: long fat pipe options) 4 TCP Connection: Data Transfer client write read(blocks) server request reply ack of request read returns read returns (server processes request) write read(blocks) ack of reply 5 TCP Connection: Termination Four-way handshake client close (active close) FIN_WAIT_1 server FIN m ack m+1 FIN_WAIT_2 TIME_WAIT 1~4 mins FIN n ack n+1 CLOSE_WAIT (passive close) read returns 0 close LAST_ACK CLOSED CLOSED TIME_WAIT to allow old duplicate segment to expire for reliable termination (the end performing active close might have to retx the final ACK) 6 TCP State Transition Diagram CLOSED appl:passive open send:<nothing> LISTEN recv:SYN,send:SYN,ACK recv:RST SYN_RSVD recv:ACK send:<nothing> recv:SYN SYN_SENT recv:SYN,ACK send:ACK ESTABLISHED recv:FIN (simultaneous close) send:ACK CLOSING recv:FIN,ACK send:ACK passive close CLOSE_WAIT (data transfer state) recv:FIN send:ACK appl:close send:FIN FIN_WAIT_1 appl:close or timeout send:SYN,ACK (simultaneous open) recv:ACK send:<nothing> active close appl:active open send:SYN appl:close send:FIN LAST_ACK recv:ACK send:<nothing> recv:ACK send:<nothing> 2MSL timeout FIN_WAIT_2 recv:FIN send:ACK TIME_WAIT 7 Allocation of Port Numbers IANA well-known ports IANA (Internet Assigned Numbers Authority) BSD 1 Solaris 1023 1024 BSD reserved ports 1 IANA registered ports 49151 49152 BSD ephemeral ports 1023 1024 rrsevport 513-1023 IANA dynamic or private ports 65535 BSD nonprivileged servers 50000 50001 65535 Solaris ephemeral ports 32768 65535 8 Multiple Sockets with the Same Port (in Concurrent Server) listening socket server (*.21,*.*) connected socket server (child1) (206.62.226.35.21, 198.69.10.2.1500) client1 (198.69.10.2.1500, 206.62.226.35.21) client2 (198.69.10.2.1501, 206.62.226.35.21) connected socket server (child2) (206.62.226.35.21, 198.69.10.2.1501) All TCP segments destined for port 21, with socket pairs different from (206.62.226.35.21,198.69.10.2.1500) and (206.62.226.35.21,198.69.10.2.1501), are delivered to the original server with the listening socket. 9 Size Matters: MTU, datagram, TCP MSS, buffer • Link MTU (maximum transmission unit): Ethernet MTU: 1500 bytes, PPP MTU: configurable • Path MTU: the smallest link MTU in the path, can be discovered by IP DF (don’t fragment) bit • Maximum IP datagram: 65535 (IPv4), 65575 (IPv6) (IPv6 has 32-bit jumbo payload option), minimum IP reassembly buffer size • TCP MSS (maximum segment size): actual value of reassembly buffer size, often the link MTU minus IP and TCP headers, to avoid fragmentation 10 TCP Output and UDP Output application application buffer write TCP application sendto user process kernel socket send buffer (SO_SNDBUF) UDP MSS-sized TCP segment IP no buffering but SO_SNDBUF exists UDP datagram IP MTU-sized packet output queue datalink application buffer MTU-sized packet output queue datalink 11 Standard Internet Services and Applications • Standard services provided by inetd daemon: echo/port7/RFC862, discard/port9/RFC863, daytime/port13/RFC867, chargen/port19/RFC864, time/port37/RFC868 • tested by “telnet machine service”, service mapped by /etc/services • Common application types: diagnostic, routing protocol, datagram, virtual circuit, etc. 12 Protocol Usage of Various Common Applications Application Ping Traceroute OSPF RIP BGP BOOTP DHCP NTP TFTP SNMP SMTP Telnet FTP HTTP NNTP DNS NFS RPC IP ICMP x x UDP TCP x x x x x x x x x x x x x x x x x x x x 13 Debugging Techniques and Tools • System call tracing: truss (in SVR4), ktrace & kdump (in BSD) (Note that socket is a system call in BSD, while putmsg and getmsg are the actual system calls in SVR4) • sock developed by W.R. Stevens: used to generate special case conditions, as stdin/stdout client, stdin/stdout server, source client, sink server • tcpdump: dump packets matching some criteria • netstat: status of interfaces, multicast groups, perprotocol statistics, routing table, etc. • lsof (list open files): which process has a socket open on a specified IP address or port 14