531 AOL Instant Messenger, IRC Source Port 16 bits | Destination Port 16 bits | ‘Well Known or Registered aa Port Number @ Well Known Ports Numbers 0 to 1023 | | ^ | Source Port 16 b
Trang 1Cisco SYSTEMS
Networking manor
Chapter 4
Transport Layer
Trang 2Cisco SYSTEMS
etworking
Academy —
Overview
® Explain the role of Transport Layer protocols and
services in Supporting communications across data
networks
® Analyze the application and operation of TCP
mechanisms that support reliability
@® Analyze the application and operation of TCP
mechanisms that support reassembly and manage data
loss
@® Analyze the operation of UDP to support communicate
between two processes on end devices
Trang 4OSI Model TCP/IP Model
5 Session TCP U DP ¬ | 4.Transport | | Transport |
@® Transport Layer:
Responsible for creating and maintaining a logical connection
between the endpoints
@ What are the two protocols at the transport layer?
TCP — Transmission Control Protocol
UDP — User Datagram Protocol
Trang 5Cisco SYSTEMS
etworking Academ _
Transport Layer Role and Services
@ Major functions of the transport layer and the role it plays
in data networks
— Tracking the individual communication between
applications on the source and destination hosts
— Segmenting data and managing each piece
— Reassembling the segments into streams of application
data
— Identifying the different applications
Trang 6CISCO SYSTEMS
TCP Header UDP Header
Source Port (16 bits) Destination Port (16 bits) Source Port (16 bits) Destination Port (16 bits)
Sequence Number (32 bits) Length (16 bits) Checksum (16 bits)
Data
Reserved |© [4 [| |= |x
đun (6 bits) = 5 ta |2 = = Window (16 bits)
Checksum (16 bits) Urgent Pointer (16 bits) What is the application
PDU called?
Options and Padding
Application PDU: Data Header + data
Trang 7Managing each segment
Trang 9CISCO SYSTEMS /
Metworking
Academy
TCP vs UDP Streaming media, real-time multiplayer
games and voice over IP (VoIP) applications that do not require reliability mechanisms and may even
be hindered by them
Why would any application use UDP?
What is the “cost” of all this reliability
and flow control of TCP?
eee erry 5555551234 [ Teak Nome tướm [te 2
1 = New Product Development Te 766 days
New product opportunty | Oecrite new product we | Í 24sys 3 Presset engmeering
Trang 10TCP
TCP TCP ISP’s
Trang 11Cisco SYSTEMS
Networking manor
Port Numbers: TCP and UDP
Trang 12UDP Header Port Numbers
4-bit Header 6-bit U AI PỊ RỊ SỊ F
Length (Reserved) 4 ` a n N N 16-bit Window Size HTT D is Po rt 80
16-bit TCP Checksum 16-bit Urgent Pointer
Options (if any)
Data (if any)
@ Both TCP and UDP use ports (or sockets) numbers to pass information to the
upper layers
12
Trang 14Port numbers are used to
by the sender to tell the
receiver which network = Port Number Ỷ
application it should use
for the “Data”
Port numbers are used by
the receiver so it knows Port Number
which application it should
send the “Data” to
Trang 15spr-itunes 0/tcb Shirt Pocket netTunes
spl-itunes 0/tcp Shirt Pocket launchTunes
tcpmux 1/tcp TCP Port Service Multiplexer
tcpmux 1/udp TCP Port Service Multiplexer
+ Mark Lottor <MKLénisc.sri.com>
compressnet 2/tcp Management Utility
compressnet 2/udp Management Utility
compressnet 3/tcp Compression Process
compressnet 3/udp Compression Process
+ Bernie Volz <volzécisco.com>
rje 5/tcp Remote Job Entry
rje 5/udp Remote Job Entry
+ David Nanian <dnanianéshirt-pocket.com> 28 September 2007
Trang 16Port Number Range Port Group
0 to 1023 Well Known (Contact) Ports "
49152 to 65535 Private and/or Dynamic Ports
Well Known TCP Ports Well Known UDP Ports:
194 Internet Relay Chat (IRC) 461 SNMP
mm 531 AOL Instant Messenger, IRC
Source Port (16 bits) | Destination Port (16 bits) |
‘Well Known or Registered aa Port Number
@ Well Known Ports (Numbers 0 to 1023) | | ^ |
Source Port (16 bits) Destination Port (16 bits)
Reserved for common services and |
Client: TCP destination port
Trang 17
Port Number Range Port Group
0 to 1023 Well Known (Contact) Ports "
Registered UDP Ports:
1812 RADIUS Authentication Protocol Source Port (16 bits) Destination Port (16 bits)
2000 Cisco SCCP (VoIP)
5004 RTP (Voice and Video Transport Protocol) Well Known or Registered
Registered TCP/UDP Common Ports:
@ Registered Ports (Numbers 1024 to 49151)
Assigned to user processes or
Server: TCP source port ©
May also be used as dynamic or private
Trang 18Port Number Range Port Group
somes Dost (26 Cate) Destination Port (16 bits) Source Port (16 bits) | Destination Port (16 bits) |
Well Known or Registered Well Known or Registered Private/Dynamic Port
@ Dynamic or Private Ports (Numbers 49152 to 65535)
Also known as Ephemeral Ports Usually assigned dynamically to client applications when initiating a connection
Client: TCP source port
Server: TCP destination port ©}
May also include the range of Registered Ports (Numbers 1024 to
Trang 1962-proto-server.india.adventnet.com~
-Viminfo
AdventNet
CLIZ.QaprilO6 imp backup zip checkin
CLIaprilO3 zip hai.java
Trang 204-bit Header 6-bit UA P| R S| F
Length (Reserved) | 8} G 5} 5} ¥ 1 16-bit Window Size
KHTNN
16-bit TCP Checksum 16-bit Urgent Pointer
Options (if any)
Data for Telnet pata cf any
® Client sends TCP segment with:
Destination Port: 23 (Well Known port number)
source Port: 1028 (Dynamic Port assigned by client)
Trang 2116-bit TCP Checksum 16-bit Urgent Pointer
Options (if any)
® Server responds with TCP segment with:
Destination Port: 1028 (Dynamic Port assigned by client)
source Port: 23 (Well known port number)
Server
Trang 22CISCO SYSTEMS
16-bit Source Port Number 16-bit Destination Port Number 16-bit Source Port Number 16-bit D estination Port Number
32-bit Sequence Number 32-bit Sequence Number
32 bit Acknowledgem ent Number 32 bit Acknowledgem ent Number
4 bit Header 6-bt |U[ AlP|R|S| F | 4 bit Heater é-bit [UA PR S| F
Length (Reserved) Si q n 5 " N 16-bit Window Size Length (Reserved) cla HN M 16-bit Window Size
16-bit TCP Checksum 16-bit Urgent Pointer 16-bit TCP Checksum 16-bit Ur gent Pointer
Options Gif any) @ Options Gif any)
Client (initiating Telnet service):
———@® Destination Port = 23 (telnet)
-® Source Port = 1028 (dynamically assigned)
Server (responding to Telnet service):
-® Destination Port = 1028 (source port of client) ©}
>® Source Port = 23 (telnet)
Trang 23
Mobility '
Welcome to
Security TelePresence
@ Same client to same server - Two different HTTP sessions
@® Client: Same destination port
@® Client: Different source ports to uniquely identify this web session
Trang 24Network Systems
Security TelePresence
Unified Communications
4 IH
@ Internet | Protected Mode: Off
Products & Services
16-bit Source Port Number
49890 16-bit Destination Port Number
Destination Port
State
\ Destination IP
TIME WALT TIME WALT
Connection State
⁄
Trang 25
What makes each connection unique? How does the server know
which source port 49888 is who?
@® Connection defined by the pair of numbers:
Source IP address, Source port (From Client to Server) Clon IP address, Destination port (From Server to ient
@ Different connections can use the same destination port on server
host as long as the source ports or source IPs are different 2B
WWW.CISCO.com
Trang 26122.12.158.112:1332 1272.12.158.112:1333 1272.17.159.112:1334 1°72 17.1586.112:1335 122.12.158.112:1336
www.google.com
@ Note: When downloading a web document and its objects it is common that
there will be several TCP sessions created
198.133.213.25:808
198 133.219.25:86 198.133.213.25:80 64.154.86.254:86
66 162.7.99:86
State ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED TIME_WAIT ESTABLISHED ESTABLISHED ESTABLISHED ESTABLISHED
netstat —n
26
Trang 27Cisco SYSTEMS
Metworking Acadamy
Using NetStat
Open a web browser
Open a command prompt window (Start->Run->cmd)
Enter a URL of your choice
Type netstat —n in the command window
Questions:
What is/are the source ports on your client?
What is/are the destination ports on your client?
What would be the source port(s) on the server?
What would be the destination port(s) on the server?
What application layer protocol is being used? How can you tell?
What transport layer protocol is being used?
Trying more at home:
Use netstat to look at other networking applications such as FTP
or Telnet
27
Trang 29
16-bit Source Port Number 4 16-bit Destination Port Number Ea Data
16-bit UDP Length a 16-bit UDP Checksum Vv
@® What do you notice looking at the UDP protocol?
@® No frills, barebones transport protocol
Destination and Source Ports Length and Checksum (used for error checking)
Trang 3016-bit UDP Length
Source port the number of the calling port
Sestination port the number of the called port
UDP length the length of the UDP header
Checksum the calculated checksum of the header and data fields
Data upper-layer protocol data
Cisco SYSTEMS
Metworking
Acadamy
30
Trang 31Metworking
Academy
Current Directory |E: \ethernut-á 1.1 xnutXbinSarrn7tdmi Browse |
16-bit Source Port Number 16-bit Destination Port Number
Server interfaces |1321 69 192 222 xị
Tft
16-bit UDP Length 16-bit UDP Checksum p Server | Syslog server |
X| P4 [12/01 12:42:41.B22]
| File size : 104420 BT eae bee)
Data (if any) ; 13824 Bytes sent 13824 Bytes/sec
Clear Copy Current Action lead request for file <xsvfexec.bin> Mod
Why would an application developer choose UDP rather than TCP?
® Finer application-layer control
TCP will continue to resend segments that are not acknowledged
Applications that use UDP can tolerate some data loss:
streaming video
VoIP (Voice over IP)
Application decides whether or not to resend entire file: TF TP
Trang 3216-bit Source Port Number 16-bit Destination Port Number
16-bit UDP Length 16-bit UDP Checksum Time
Data (if any)
Trang 33CISCO SYSTEMS
Metworking Acadamy
16-bit Source Port Number 16-bit Destination Port Number
16-bit UDP Length 16-bit UDP Checksum Time
Data (if any)
@® Small packet header overhead
TCP header has 20 bytes of overhead
UDP header has only 8 bytes of overhead
Trang 34Total: @ UDP checksum provides error detection, any changed|bits or missing segments 1111111111111111
® Simplified explanation (see RFC 1071 for more details):
@® Sender
UDP adds 16 bit ‘words’ keeping a cumulative sum
Performs one’s complement of the sum of all the 16-bit words in the segment
Trang 35What if there is an error?
@ UDP does nothing to recover the error
® Itis up to the application layer protocol (example TFITP) to decide what to do,
such as prompt the user to download/upload the entire file again
395
Trang 365 2./390/76192.168.1.101 204.127.199.8 DNS Standard query A www.ucsc.edu
/ 2 2.78462:192.168.1.101 128.114.124.7 ICMP Echo (ping) request
8 2.875/66128.114.124./ 192.168.1.101 ICMP Echo (ping) reply
9 3./8/42.192.166.1.101 128.114.124./ ICMP Echo (ping) request
10 3.88614 128.114.124./ 192.168.1.101 ICMP Echo (ping) reply
@ Frame 5 Cf2 bytes on wire, “2 bytes captured)
@ Ethernet II, Src: 192.168.1.101 (€00:20:e0:6b:17:62), Dst: 192.168.1.1 (C00:0f:66:09:4e:0f)
Checksum: Ox68/2 [correct]
& Domain Name System Cquery)
Transaction ID: Ôx1c02
G Flags: Ox0100 (Standard query)
1 eee eee Response: Message iS a query
.000 0 Opcode: Standard query (0)
weee 2 Oe Lee, Truncated: Message is not truncated
¬ Recursion desired: Do query recursively
Gwww.ucsc.edu: type A, class IN
Name: www.ucsc edu
Type: A CHost address)
0000 00 OF 66 09 4e OF O00 20 eÖ 6b 17 62 06 00 45 00 †,M .k.b E
0010 00 3a 27 60 00 00 60 11 bd 9d cŨ a6 Ô1 65 cc /f wee wee e
0020 c7 08 04 21 00 35 00 26 68 72 Ic O2 O1 00 00 01 .1,3,& hr
0030 00 00 00 00 00 00 03 77 77 7/7 04 75 B3 73 63 013 W WW.UCSC
0040 65 64 75 00 00 01 00 01 edu
Trang 38A-bit Header 6-bit UAP RS) F
Length (Reserved) | 8} G S| 5} ¥ 1 16-bit Window Size
Trang 394-bit Header 6-bit UA P/ RSF
Length (Reserved) | GS} s) ¥ 1 16-bit Window Size
source port the number of the calling port
destination port the number of the called port
sequence number the number used to ensure correct sequencing of the arriving
data
acknowledgment number the next expected TCP octet
HLEN the number of 32-bit words in the header
reserved set to 0
code bits the control functions (e.g setup and termination of a session)
window the number of octets that the sender is willing to accept
checksum the calculated checksum of the header and data fields
urgent pointer indicates the end of the urgent data
option one currently defined: maximum TCP segment size
data upper-layer protocol data sỹ
Trang 4032 bit Acknowledgement Number 4-bit Head -bit Header 6-bit -bi UA P fs] : ~ _ Ỏ Send SYN,ACK (2) - - -
Length (Reserved) | R dSỊ sỈy 16-bit Window Size SYN received (SEQ=300 ACK=101 CTL=SYN,ACK)
— (SEQ=101 ACK=301 CTL=ACK | ——————— »
16-bit TCP Checksum 16-bit Urgent Pointer
@® For aconnection to be established, the two end stations must synchronize
on each other's TCP initial sequence numbers (ISNs)
® Exchanging beginning sequence numbers during the connection sequence
ensures that lost data can be recovered 40
Trang 41= Cisco SYSTEMS Metworking
Academy
SYN, SEQ=8563
There are several reasons for có ;
this including segments that may Soe Por Nats 6 Desinatn Por Numb
still be in buffers and also STi Sequence None
security issues (Beyond the a ene te
scope of this presentation.) Sook woo AT ste
16-bit TCP Checksum 16-bit Urgent Pointer
eed
Web Server
® The three-way handshake happens before any data, HTTP Request (GET),
is sent by the client
@® A TCP client begins the three-way handshake by sending a segment with
the SYN (Synchronize Sequence Number) control flag set, indicating an
initial value in the sequence number field in the header
® The sequence number is the Initial Sequence Number (ISN), is
randomly chosen and is used to begin tracking the flow of data from the @ client to the server for this session
41