< Internet Protocol Analysis

This lesson introduces the Transport layer and looks at User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Activities include using netstat to display protocol statistics and using Wireshark to examine UDP and TCP network traffic.

Readings

  1. Wikipedia: Transport layer
  2. Wikipedia: User Datagram Protocol
  3. Wikipedia: Transmission Control Protocol

Multimedia

  1. YouTube: 03 01 Introduction to TCP & UDP Protocols
  2. YouTube: Basics of ipconfig, ping, tracert, nslookup and netstat
  3. YouTube: The Netstat Command - CompTIA Network+ N10-005: 4.3

Activities

  1. Use netstat to display protocol statistics.
  2. Use netstat to display all active connections and listening ports.
  3. Use Wireshark to capture and analyze User Datagram Protocol (UDP) traffic.
  4. Use Wireshark to capture and analyze Transmission Control Protocol (TCP) traffic.
  5. Consider situations in which a packet analyzer might be used to troubleshoot transport layer traffic.

Lesson Summary

  • The transport layer provides end-to-end communication services for applications.[1]
  • The transport layer provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.[2]
  • The Transmission Control Protocol (TCP) is used for connection-oriented transmissions. The User Datagram Protocol (UDP) is used for connection-less messaging transmissions.[3]
  • Many of the services attributed to the transport layer are specific to TCP and do not apply to UDP. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.[4]
  • Transport layer protocols include source and destination port numbers to identify process-to-process communication.[5] Sessions are identified using the client's IP address and port number.[6]
  • TCP packets are referred to as segments. UDP packets are referred to as datagrams.[7]
  • UDP has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program.[8]
  • UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.[9]
  • UDP is simple and stateless, with minimal delay, and works well in unidirectional (broadcast / multicast) communication.[10]
  • The UDP header includes fields for: source port, destination port, length, and checksum.[11]
  • TCP is reliable, ordered, heavyweight, and streaming.[12]
  • UDP is unreliable, un-ordered, lightweight, and without streaming or connection control.[13]
  • UDP provides a datagram service that emphasizes reduced latency over TCP stream reliability.[14] TCP is optimized for accurate delivery rather than timely delivery.[15]
  • TCP is a reliable stream delivery service that guarantees that all bytes received will be identical with bytes sent and in the correct order.[16]
  • The TCP header includes fields for: source port, destination port, sequence number, acknowledgement number, data offset, flags, window size, checksum, and an urgent pointer.[17]
  • TCP protocol operations are divided into three phases: connection establishment, data transfer, and connection termination.[18]
  • TCP connection establishment is performed through a three-way handshake exchanging sequence numbers and acknowledgements (SYN, SYN-ACK, ACK).[19]
  • TCP connection termination is performed through a four-way handshake of exchanging finish flags and acknowledgements (FIN, ACK, FIN, ACK).[20]
  • TCP achieves reliable transmission by using a sequence number to account for each byte of data.[21]
  • TCP performs error detection through sequence numbers, acknowledgements, and a checksum for each packet.[22]
  • TCP uses a sliding window flow control process in which the receiver specifies the amount of additional data that it is willing to accept for the connection and the sending host can send only up to that amount of data before it must wait for an acknowledgment from the receiving host.[23]
  • TCP achieves congestion control through slow-start, congestion avoidance, fast retransmit, fast recovery, and retransmission timeout.[24]
  • TCP and UDP port numbers range from 0 to 65535.[25]
  • The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers 0 through 1023 are used for common, well-known services. Port numbers 1024 through 49151 are registered ports used for IANA-registered services. Ports 49152 through 65535 are dynamic ports that can be used for any purpose.[26]

Key Terms

ACK
An acknowledgement signal passed between communicating processes or computers to signify acknowledgement, or receipt of response, as part of a communications protocol.[27]
application programming interface (API)
A protocol intended to be used as an interface by software components to communicate with each other.[28]
Automatic Repeat reQuest (ARQ) (or Automatic Repeat Query)
An error-control method for data transmission that uses acknowledgements (messages sent by the receiver indicating that it has correctly received a data frame or packet) and timeouts (specified periods of time allowed to elapse before an acknowledgment is to be received) to achieve reliable data transmission over an unreliable service.[29]
buffer
A region of a physical memory storage used to temporarily prevent data from continuing while it is being moved from one place to another.[30]
buffer underrun
A state occurring when a buffer used to communicate between two devices or processes is fed with data at a lower speed than the data is being read from it.[31]
checksum
A fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage.[32]
connection-oriented communication
A data communication mode whereby the devices at the end points use a protocol to establish an end-to-end logical or physical connection before any data may be sent.[33]
connectionless
A data communication mode in which a message can be sent from one end point to another without prior arrangement.[34]
data stream
A sequence of digitally encoded coherent signals (packets of data or data packets) used to transmit or receive information that is in the process of being transmitted.[35]
datagram
A basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order of arrival are not guaranteed by the network service.[36]
deadlock
A situation in which two or more competing actions are each waiting for the other to finish, and thus neither ever does.[37]
ephemeral port
A short-lived transport protocol port allocated automatically from a predefined range.[38]
error detection
Techniques that enable reliable delivery of digital data over unreliable communication channels.[39]
flow control
The process of managing the rate of data transmission between two nodes to prevent a fast sender from outrunning a slow receiver.[40]
handshaking
An automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins.[41]
latency
A measure of time delay experienced in a system.[42]
maximum segment size (MSS)
A parameter of the TCP protocol that specifies the largest amount of data that a computer or communications device can receive in a single TCP segment.[43]
multiplexing
A method by which multiple analog message signals or digital data streams are combined into one signal over a shared medium.[44]
NAK
A negative acknowledgement signal passed between communicating processes or computers to signify an error or lack of acceptance as part of a communications protocol.[45]
network congestion
A data communication situation in which a link or node is carrying so much data that its quality of service deteriorates.[46]
registered port
A transport protocol port assigned by the Internet Assigned Numbers Authority (IANA) for use with a certain protocol or application.[47]
reliability
A reliable protocol is one that provides reliability properties with respect to the delivery of data to the intended recipient(s), as opposed to an unreliable protocol, which does not provide notifications to the sender as to the delivery of transmitted data.[48]
Slow-start
One of the algorithms that TCP uses to control congestion inside the network, in which the TCP window size is increased each time an acknowledgment is received.[49]
TCP window scale option
An option to increase the TCP receive window size above its maximum value of 65,535 bytes.[50]

Review Questions

Click on a question to see the answer.

  1. The transport layer provides _____.
    The transport layer provides end-to-end communication services for applications.
  2. The transport layer provides services such as _____.
    The transport layer provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.
  3. The Transmission Control Protocol (TCP) is used for _____ transmissions. The User Datagram Protocol (UDP) is used for _____ transmissions.
    The Transmission Control Protocol (TCP) is used for connection-oriented transmissions. The User Datagram Protocol (UDP) is used for connection-less messaging transmissions.
  4. Many of the services attributed to the transport layer are specific to _____ and do not apply to _____. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.
    Many of the services attributed to the transport layer are specific to TCP and do not apply to UDP. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.
  5. Transport layer protocols include source and destination _____ to identify process-to-process communication. Sessions are identified using _____.
    Transport layer protocols include source and destination port numbers to identify process-to-process communication. Sessions are identified using the client's IP address and port number.
  6. TCP packets are referred to as _____. UDP packets are referred to as _____.
    TCP packets are referred to as segments. UDP packets are referred to as datagrams.
  7. UDP has no _____, and thus exposes any unreliability of the underlying network protocol to the user's program.
    UDP has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program.
  8. UDP provides _____ for data integrity, and _____ for addressing different functions at the source and destination of the datagram.
    UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.
  9. UDP is _____, with _____ delay, and works well in unidirectional (broadcast / multicast) communication.
    UDP is simple and stateless, with minimal delay, and works well in unidirectional (broadcast / multicast) communication.
  10. The UDP header includes fields for: _____.
    The UDP header includes fields for: source port, destination port, length, and checksum.
  11. TCP is _____.
    TCP is reliable, ordered, heavyweight, and streaming.
  12. UDP is _____.
    UDP is unreliable, un-ordered, lightweight, and without streaming or connection control.
  13. UDP provides a datagram service that emphasizes _____ over TCP _____. TCP is optimized for _____ rather than _____.
    UDP provides a datagram service that emphasizes reduced latency over TCP stream reliability. TCP is optimized for accurate delivery rather than timely delivery.
  14. TCP is a _____ delivery service that _____.
    TCP is a reliable stream delivery service that guarantees that all bytes received will be identical with bytes sent and in the correct order.
  15. The TCP header includes fields for: _____.
    The TCP header includes fields for: source port, destination port, sequence number, acknowledgement number, data offset, flags, window size, checksum, and an urgent pointer.
  16. TCP protocol operations are divided into three phases: _____.
    TCP protocol operations are divided into three phases: connection establishment, data transfer, and connection termination.
  17. TCP connection establishment is performed through _____.
    TCP connection establishment is performed through a three-way handshake exchanging sequence numbers and acknowledgements (SYN, SYN-ACK, ACK).
  18. TCP connection termination is performed through _____.
    TCP connection termination is performed through a four-way handshake of exchanging finish flags and acknowledgements (FIN, ACK, FIN, ACK).
  19. TCP achieves reliable transmission by using _____.
    TCP achieves reliable transmission by using a sequence number to account for each byte of data.
  20. TCP performs error detection through _____.
    TCP performs error detection through sequence numbers, acknowledgements, and a checksum for each packet.
  21. TCP uses a sliding window flow control process in which _____.
    TCP uses a sliding window flow control process in which the receiver specifies the amount of additional data that it is willing to accept for the connection and the sending host can send only up to that amount of data before it must wait for an acknowledgment from the receiving host.
  22. TCP achieves congestion control through _____.
    TCP achieves congestion control through slow-start, congestion avoidance, fast retransmit, fast recovery, and retransmission timeout.
  23. TCP and UDP port numbers range from _____.
    TCP and UDP port numbers range from 0 to 65535.
  24. The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers _____ are used for common, well-known services. Port numbers _____ are registered ports used for IANA-registered services. Ports _____ are dynamic ports that can be used for any purpose.
    The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers 0 through 1023 are used for common, well-known services. Port numbers 1024 through 49151 are registered ports used for IANA-registered services. Ports 49152 through 65535 are dynamic ports that can be used for any purpose.

Assessments

See Also

References

  1. Wikipedia: Transport layer
  2. Wikipedia: Transport layer
  3. Wikipedia: Transport layer
  4. Wikipedia: Transport layer#Services
  5. Wikipedia: Transport layer#Analysis
  6. Wikipedia: Transmission Control Protocol#Resource usage
  7. Wikipedia: Transport layer#Analysis
  8. Wikipedia: User Datagram Protocol
  9. Wikipedia: User Datagram Protocol
  10. Wikipedia: User Datagram Protocol
  11. Wikipedia: User Datagram Protocol#Packet structure
  12. Wikipedia: User Datagram Protocol#Comparison of UDP and TCP
  13. Wikipedia: User Datagram Protocol#Comparison of UDP and TCP
  14. Wikipedia: Transmission Control Protocol
  15. Wikipedia: Transmission Control Protocol#Network function
  16. Wikipedia: Transmission Control Protocol#Network function
  17. Wikipedia: Transmission Control Protocol#TCP segment structure
  18. Wikipedia: Transmission Control Protocol#Protocol operation
  19. Wikipedia: Transmission Control Protocol#Protocol operation
  20. Wikipedia: Transmission Control Protocol#Protocol operation
  21. Wikipedia: Transmission Control Protocol#Reliable transmission
  22. Wikipedia: Transmission Control Protocol#Error detection
  23. Wikipedia: Transmission Control Protocol#Flow control
  24. Wikipedia: Transmission Control Protocol#Congestion control
  25. Wikipedia: Port (computer networking)#Common port numbers
  26. Wikipedia: Port (computer networking)#Common port numbers
  27. Wikipedia: Acknowledgement (data networks)
  28. Wikipedia: Application programming interface
  29. Wikipedia: Automatic repeat request
  30. Wikipedia: Data buffer
  31. Wikipedia: Buffer underrun
  32. Wikipedia: Checksums
  33. Wikipedia: Connection-oriented communication
  34. Wikipedia: Connectionless protocol
  35. Wikipedia: Data stream
  36. Wikipedia: Datagram
  37. Wikipedia: Deadlock
  38. Wikipedia: Ephemeral port
  39. Wikipedia: Error detection and correction
  40. Wikipedia: Flow control (data)
  41. Wikipedia: Handshaking
  42. Wikipedia: Latency (engineering)
  43. Wikipedia: Maximum segment size
  44. Wikipedia: Multiplexing
  45. Wikipedia: Negative-acknowledge character
  46. Wikipedia: Network congestion
  47. Wikipedia: Registered port
  48. Wikipedia: Reliability (computer networking)
  49. Wikipedia: Slow-start
  50. Wikipedia: TCP window scale option
This article is issued from Wikiversity. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.