Transport Layer

Data networks and the Internet support the human network by supplying reliable communication between people. On a single device, people can use
multiple applications and services such as email, the web, and instant messaging to send messages or retrieve information. Data from each of these
applications is packaged, transported and delivered to the
appropriate application on the destination device.

The processes described in the OSI transport layer accept data

from the application layer and prepare it for addressing at the
network layer. A source computer communicates with a receiving
computer to decide how to break up data into segments, how to
make sure none of the segments get lost, and how to verify all the
segments arrived. When thinking about the transport layer, think
of a shipping department preparing a single order of multiple
packages for delivery.

Role of the Transport Layer

The transport layer is responsible for establishing a temporary

communication session between two applications and delivering
data between them. An application generates data that is sent from
an application on a source host to an application on a destination
host. This is without regard to the destination host type, the type
of media over which the data must travel, the path taken by the
data, the congestion on a link, or the size of the network. As
shown in the figure, the transport layer is the link between the
application layer and the lower layers that are responsible for
network transmission.

Figure shows the four layers of the TCP/IP model and how it enables applications on devices to communicate. The figure highlights the Transport
layer, which is responsible for moving data between applications on devices in the network. The transport layer on the sending device corresponds
with the transport layer of the receiving device.

Transport Layer Responsibilities

Tracking Individual Conversations

At the transport layer, each set of data flowing between a

source application and a destination application is known as
a conversation (Figure 1). A host may have multiple
applications that are communicating across the network
simultaneously. Each of these applications communicates
with one or more applications on one or more remote hosts.
It is the responsibility of the transport layer to maintain and
track these multiple conversations.

Segmenting Data and Reassembling Segments

Data must be prepared to be sent across the media in

manageable pieces. Most networks have a limitation on the
amount of data that can be included in a single packet.
Transport layer protocols have services that segment the
application data into blocks that are an appropriate size
(Figure 2). This service includes the encapsulation required
on each piece of data. A header, used for reassembly, is
added to each block of data. This header is used to track the
data stream.

At the destination, the transport layer must be able to

reconstruct the pieces of data into a complete data stream that is useful to the application layer. The protocols at the transport layer describe how the
transport layer header information is used to reassemble the data pieces into streams to be passed to the application layer.
Identifying the Applications

To pass data streams to the proper applications, the transport layer must identify the target application (Figure 3). To accomplish this, the transport
layer assigns each application an identifier called a port number. Each software process that needs to access the network is assigned a port number
unique to that host.

Conversation Multiplexing

Sending some types of data (for example, a streaming

video) across a network, as one complete
communication stream, can consume all of the available
bandwidth. This will then prevent other communications
from occurring at the same time. It would also make
error recovery and retransmission of damaged data
difficult.

The figure shows that segmenting the data into smaller

chunks enables many different communications, from
many different users, to be interleaved (multiplexed) on
the same network.

To identify each segment of data, the transport layer

adds a header containing binary data organized into
several fields. It is the values in these fields that enable
various transport layer protocols to perform different
functions in managing data communication.

The figure shows a single computer that has multiple

web pages open along with an instant messaging
window, an e-mail application, a streaming video application and a VoIP phone application running. There is a series of data blocks of
varying colors that represent the various applications running on the computer. The series of blocks are created by the transport layer
breaking the data into segments, and each block is a segment. This is multiplexing where multiple applications can use the network at
the same time. Each data block can have error checking performed on it to check if the segment was changed during transmission.
Transport Layer Reliability

The transport layer is also responsible for managing

reliability requirements of a conversation. Different
applications have different transport reliability requirements.

IP is concerned only with the structure, addressing, and

routing of packets. IP does not specify how the delivery or
transportation of the packets takes place. Transport
protocols specify how to transfer messages between hosts.
TCP/IP provides two transport layer protocols,
Transmission Control Protocol (TCP) and User Datagram
Protocol (UDP), as shown in the figure. IP uses these
transport protocols to enable hosts to communicate and
transfer data.

TCP is considered a reliable, full-featured transport layer

protocol, which ensures that all of the data arrives at the
destination. However, this requires additional fields in the
TCP header which increases the size of the packet and
also increases delay. In contrast, UDP is a simpler
transport layer protocol that does not provide for reliability.
It therefore has fewer fields and is faster than TCP.

TCP

TCP transport is analogous to sending packages that are tracked from source to destination. If a shipping order is broken up into
several packages, a customer can check online to see the order of the delivery.
 With TCP, there are three basic operations of reliability:

 Numbering and tracking data segments transmitted to

a specific host from a specific application

 Acknowledging received data

 Retransmitting any unacknowledged data after a

certain period of time

Click Play in the figure to see how TCP segments and

acknowledgments are transmitted between sender and
receiver.

Figure is an animation that shows a computer sending a

file to a server using the FTP application, which utilizes
TCP at the transport layer. The data is segmented into
six segments and to start the process three packets
leave the computer and is sent to a router and then
directed to the FTP. server on a remote server farm
network. The server receives the three packets and then
it sends an acknowledgment packet back to the
computer saying that it did receive three packets. The computer now sends the next three packets to the server, but they become lost
in the network for some unknown reason. Since the server did not receive any packets it doesn’t send the acknowledgment. After a
period of time of not receiving an acknowledgment packet the sending computer determines that the final three packets were not
received so it will resend those last three packets. The server receives them this time and will send the acknowledgment packet.

 The first 3 out of 6 segments are forwarded to the server

 The file server acknowledges the first 3 segments received
 The clients forward the next 3 segments
 No segments are received no acknowledgements is sent
 The clients resend the final 3 segments
 The final 3 segments are received and acknowledged

UDP

While the TCP reliability functions provide more robust communication between applications, they also incur additional overhead and
possible delays in transmission. There is a trade-off between the value of reliability and the burden it places on network resources.
Adding overhead to ensure reliability for some applications could reduce the usefulness of the application and can even be detrimental.
In such cases, UDP is a better transport protocol.

UDP provides the basic functions for delivering data segments between the appropriate applications, with very little overhead and data
checking. UDP is known as a best-effort delivery protocol. In the context of networking, best-effort delivery is referred to as unreliable
because there is no acknowledgment that the data is received at the destination. With UDP, there are no transport layer processes that
inform the sender of a successful delivery.

UDP is similar to placing a regular, non-registered, letter in the mail. The sender of the letter is not aware of the availability of the
receiver to receive the letter. Nor is the post office responsible for tracking the letter or informing the sender if the letter does not arrive
at the final destination.

Click Play in the figure to see an animation of UDP segments being transmitted from sender to receiver.

Figure is an animation that shows a computer sending a file to a server using the TFTP application, which utilizes the UDP at the
transport layer. The data is segmented into six segments and all packets leave the computer and are sent to a router and then directed
to the TFTP server on a remote server farm network. The server receives all the packets, but since it is using UDP no acknowledgment
packet is sent from the server.

 The file is sent to a server using the (TFTP) application.

 UDP segments the data to be sent and sends all data , best effort.
 The file server received all 6 segments no acknowledgements is sent
 The Right Transport Layer
Protocol for the Right
Application

For some applications, segments must arrive in

a very specific sequence to be processed
successfully. With other applications, all data
must be fully received before any is considered
useful. In both of these instances, TCP is used
as the transport protocol. Application
developers must choose which transport
protocol type is appropriate based on the
requirements of the applications.

For example, applications such as databases,

web browsers, and email clients, require that all
data that is sent arrives at the destination in its
original condition. Any missing data could
cause a corrupt communication that is either
incomplete or unreadable. These applications
are designed to use TCP.

In other cases, an application can tolerate some data loss during transmission over the network, but delays in transmission are
unacceptable. UDP is the better choice for these applications because less network overhead is required. UDP is preferable for
applications such as streaming live audio, live video, and Voice over IP (VoIP). Acknowledgments and retransmission would slow down
delivery.

For example, if one or two segments of a live video stream fail to arrive, it creates a momentary disruption in the stream. This may
appear as distortion in the image or sound, but may not be noticeable to the user. If the destination device had to account for lost data,
the stream could be delayed while waiting for retransmissions, therefore causing the image or sound to be greatly degraded. In this
case, it is better to render the best media possible with the segments received, and forego reliability.

Note: Applications that stream stored audio and video use TCP. For example, if your network suddenly cannot support the bandwidth
needed to watch an on-demand movie, the application pauses the playback. During the pause, you might see a “buffering...” message
while TCP works to re-establish the stream. Once all the segments are in order and a minimum level of bandwidth is restored, your
TCP session resumes and the movie begins playing.

Figure shows UDP protocol properties on the left including fast, low overhead, does not require acknowledgments, and delivers data as
it arrives. On the right are the TCP properties including reliable, acknowledges data, resends lost data, and delivers data in order sent.
Example UDP applications include IP telephony and streaming live video. Example TCP applications include Email and HTTP.

TCP Features

To understand the differences between TCP and UDP, it is important to understand how each protocol implements specific reliability
features and how they track conversations. In addition to supporting the basic functions of data segmentation and reassembly, TCP, as
shown in the figure, also provides other services.

Establishing a Session
 TCP is a connection-oriented protocol. A
connection-oriented protocol is one that
negotiates and establishes a permanent
connection (or session) between source and
destination devices prior to forwarding any
traffic. Through session establishment, the
devices negotiate the amount of traffic that can
be forwarded at a given time, and the
communication data between the two can be
closely managed.

Reliable Delivery

In networking terms, reliability means ensuring

that each segment that the source sends
arrives at the destination. For many reasons, it
is possible for a segment to become corrupted
or lost completely, as it is transmitted over the
network.

Same-Order Delivery

Because networks may provide multiple routes

that can have different transmission rates, data can arrive in the wrong order. By numbering and sequencing the segments, TCP can
ensure that these segments are reassembled into the proper order.

Flow Control

Network hosts have limited resources, such as memory and processing power. When TCP is aware that these resources are
overtaxed, it can request that the sending application reduce the rate of data flow. This is done by TCP regulating the amount of data
the source transmits. Flow control can prevent the need for retransmission of the data when the receiving host's resourses are
overwhelmed.

For more information on TCP, read the RFC.

The figure shows a single computer that has multiple web pages open along with an instant messaging window and an e-mail
application running. Four core services provided by T.C.P. are establishing a session, providing reliable delivery of data, providing
proper order of data sent and managing flow control.

TCP Header

TCP is a stateful protocol. A stateful protocol is a protocol that keeps track of the state of the communication session. To track the state
of a session, TCP records which information it has sent and which information has been acknowledged. The stateful session begins
with the session establishment and ends when closed with the session termination.

As shown in the figure, each TCP segment has 20 bytes of overhead in the header encapsulating the application layer data:

 Source Port (16 bits) and Destination Port (16 bits) - Used to identify the application.

 Sequence number (32 bits) - Used for data reassembly purposes.

  Acknowledgment number (32 bits) -
Indicates data has been received and the next
byte expected from the source.

 Header length (4 bits) - Known as ʺdata

offsetʺ. Indicates the length of the TCP segment
header.

 Reserved (6 bits) - This field is reserved for

the future.

 Control bits (6 bits) - Includes bit codes, or

flags, which indicate the purpose and function of
the TCP segment.

 Window size (16 bits) - Indicates the

number of bytes that can be accepted at one time.

 Checksum (16 bits) - Used for error

checking of the segment header and data.

 Urgent (16 bits) - Indicates if data is urgent.

Figure shows the fields of the TCP header including source and destination ports, sequence number, acknowledgment number, header
length, and window size.
UDP Features

User Datagram Protocol (UDP) is considered a best-effort

transport protocol. UDP is a lightweight transport protocol that
offers the same data segmentation and reassembly as TCP, but
without TCP reliability and flow control. UDP is such a simple
protocol that it is usually described in terms of what it does not do
compared to TCP.

The features of UDP are described in the figure.

For more information on UDP, read the RFC.

Figure shows characteristics of UDP. These include no ordered

delivery of data packets, unreliable delivery, no flow control and no
session establishment which is considered connectionless.

UDP Header

UDP is a stateless protocol, meaning neither the

client, nor the server, is obligated to keep track of the
state of the communication session. If reliability is
required when using UDP as the transport protocol, it
must be handled by the application.

One of the most important requirements for delivering

live video and voice over the network is that the data
continues to flow quickly. Live video and voice
applications can tolerate some data loss with minimal
or no noticeable effect, and are perfectly suited to
UDP.
The pieces of communication in UDP are called datagrams, as shown in the figure. These datagrams are sent as best-effort by the
transport layer protocol. UDP has a low overhead of 8 bytes.

Figure shows fields of the UPD header including source and destination port numbers, length, and checksum.

Multiple Separate Conversations

The transport layer must be able to separate and

manage multiple communications with different
transport requirement needs. Users expect to be
able to simultaneously receive and send email and
instant messages, view websites, and conduct a
VoIP phone call. Each of these applications is
sending and receiving data over the network at the
same time, despite different reliability
requirements. Additionally, data from the phone call
is not directed to the web browser, and text from an
instant message does not appear in an email.

TCP and UDP manage these multiple

simultaneous conversations by using header fields
that can uniquely identify these applications. These
unique identifiers are the port numbers.

Figure shows a computer with three different applications open and the port number associated with each. Some email applications will
use port 110, an HTTP page may use port 80, and an Internet chat window will use port 531.

Port Numbers

The source port number is associated with the

originating application on the local host. The
destination port number is associated with the
destination application on the remote host.

Source Port

The source port number is dynamically generated

by the sending device to identify a conversation
between two devices. This process allows multiple
conversations to occur simultaneously. It is
common for a device to send multiple HTTP
service requests to a web server at the same
time. Each separate HTTP conversation is tracked
based on the source ports.

Destination Port

The client places a destination port number in the

segment to tell the destination server what service
is being requested, as shown in the figure. For
example, when a client specifies port 80 in the destination port, the server that receives the message knows that web services are
being requested. A server can offer more than one service simultaneously such as web services on port 80 at the same time that it
offers File Transfer Protocol (FTP) connection establishment on port 21.

Figure shows a computer with three different applications open and the port number associated with each. Below each application is
the specific protocol in use and the transport layer adds the proper port number to form the segment. POPv3 uses port 110, HTTP uses
port 80 and Instant Messaging uses port 531.

Socket Pairs

The source and destination ports are placed within the segment. The segments are then encapsulated within an IP packet. The IP
packet contains the IP address of the source and destination. The combination of the source IP address and source port number, or the
 destination IP address and destination port
number is known as a socket. The socket is used
to identify the server and service being requested
by the client. A client socket might look like this,
with 1099 representing the source port number:
192.168.1.5:1099

The socket on a web server might be:

192.168.1.7:80

Together, these two sockets combine to form a

socket pair: 192.168.1.5:1099, 192.168.1.7:80

Sockets enable multiple processes, running on a

client, to distinguish themselves from each other,
and multiple connections to a server process to be
distinguished from each other.

The source port number acts as a return address

for the requesting application. The transport layer
keeps track of this port and the application that
initiated the request so that when a response is
returned, it can be forwarded to the correct
application.

Figure shows the location of the source and destination port numbers within a segment. The figure is showing a computer that has both
an active FTP session and a web session. When data is meant for the FTP server the computer selects a random source port value
above 1023 and assigns 21 to the destination port. In the figure the source port used is 1305. The IP address and the port number
create the socket and this allows the computer to keep track of the FTP data. The web traffic also uses a random source port above
1023, and in the figure it is using port 1099. The data destined for the web server is assigned a destination port of 80, which is the port
used by web servers. The IP address and the port number create the socket and this allows the computer to keep track of the web
server connection.

Port Number Groups

The Internet Assigned Numbers Authority (IANA) is the

standards body responsible for assigning various
addressing standards, including port numbers. There are
different types of port numbers, as shown in Figure 1:

 Well-known Ports (Numbers 0 to 1023) - These

numbers are reserved for services and applications.
They are commonly used for applications such as web
browsers, email clients, and remote access clients. By
defining these well-known ports for server applications, client applications can be programmed to request a connection to that
specific port and its associated service.

 Registered Ports (Numbers 1024 to 49151) - These port numbers are assigned by IANA to a requesting entity to use with
specific processes or applications. These processes are primarily individual applications that a user has chosen to install, rather
than common applications that would receive a well-known port number. For example, Cisco has registered port 1985 for its Hot
Standby Routing Protocol (HSRP) process.

 Dynamic or Private Ports (Numbers 49152 to 65535) - Also known as ephemeral ports, these are usually assigned dynamically
by the client’s OS when a connection to a service is initiated. The dynamic port is then used to identify the client application
during communication.

Note: Some client operating systems may use registered port numbers instead of dynamic port numbers for assigning source ports.

Figure 2 displays some common well-known port numbers and their associated applications. Some applications may use both TCP and
UDP. For example, DNS uses UDP when clients send requests to a DNS server. However, communication between two DNS servers
always uses TCP.

Click here to view the full list of port numbers and associated applications at IANA’s website.
Figure 1 shows the three ranges used for port numbers. Ports 0 through 1023 are classified as well known ports. Numbers 1024
through 49151 are registered ports. Ports 49152 through 65535 are considered private and slash or dynamic ports. Figure 2 lists a
dozen of the more common well-known port numbers including FTP (20 and 21), SSH (22), SMTP (25), DNS (53), DHCP (67 and 68),
TFTP (69), HTTP (80), POP3 (110), IMAP (143), SNMP (161), and HTTPS (443).

The netstat Command

Unexplained TCP connections can pose a

major security threat. They can indicate that
something or someone is connected to the
local host. Sometimes it is necessary to know
which active TCP connections are open and
running on a networked host. Netstat is an
important network utility that can be used to
verify those connections. As shown in the
figure, enter the command netstat to list the
protocols in use, the local address and port
numbers, the foreign address and port
numbers, and the connection state.

By default, the netstat command will attempt

to resolve IP addresses to domain names
and port numbers to well-known applications.
The -n option can be used to display IP
addresses and port numbers in their
numerical form.

Figure shows the output from the netstat

command.

TCP Server Processes

Each application process running on the server is configured to use a port number, either by default or manually, by a system
administrator. An individual server cannot have two services assigned to the same port number within the same transport layer
services.
 For example, a host running a web
server application and a file
transfer application cannot have
both configured to use the same
port (for example, TCP port 80). An
active server application assigned
to a specific port is considered to
be open, which means that the
transport layer accepts and
processes segments addressed to
that port. Any incoming client
request addressed to the correct
socket is accepted, and the data is
passed to the server application.
There can be many ports open
simultaneously on a server, one for
each active server application.

Refer to Figures 1 through 5 to see

the typical allocation of source and
destination ports in TCP
client/server operations.

Figure shows a server running both

an HTTP server on port 80 and SMTP server running on port 25. The figure has two clients accessing the server. Client 1 is sending an
HTTP request from source port 49152 to destination port 80. Client 2 is sending an SMTP request from source port 51152 to
destination port 25. This demonstrates how port numbers are used to differentiate between multiple services running on one server.
Figure two highlights the use of the well-known ports for the services. Figure three highlights the use of random source ports as the
source ports. Figure four highlights the response from the server to each of the two requests and the fact that the server uses the
source port from the request packet as the destination. Figure five highlights the new destination port.

TCP Connection Establishment

In some cultures, when two persons meet, they often

greet each other by shaking hands. The act of shaking
hands is understood by both parties as a signal for a
friendly greeting. Connections on the network are
similar. In TCP connections, the host client establishes
the connection with the server.

A TCP connection is established in three steps:

Step 1 - The initiating client requests a client-to-server

communication session with the server.

Step 2 - The server acknowledges the client-to-server

communication session and requests a server-to-client
communication session.

Step 3 - The initiating client acknowledges the server-

to-client communication session.

In the figure, click buttons 1 through 3 to see the TCP

connection establishment.

Figure shows the steps involved in the three-way

handshake during a TCP connection establishment. Step one shows the initiating client forming a SYN packet with a sequence number
of 100 and sends the SYN request to client B. Step two shows client B receiving the SYN and setting the sequence number to 300 and
sending the SYN along with an ACK packet back to client A. Step three shows client A receiving the SYN and ACK sent by client B, this
establishes the connection.

Application Layer

The Application Layer

 The application layer is closest to the
end user. As shown in the figure, it is the
layer that provides the interface between
the applications used to communicate
and the underlying network over which
messages are transmitted. Application
layer protocols are used to exchange
data between programs running on the
source and destination hosts.

The upper three layers of the OSI model

(application, presentation, and session)
define functions of the single TCP/IP
application layer.

There are many application layer

protocols, and new protocols are always
being developed. Some of the most
widely known application layer protocols
include Hypertext Transfer Protocol
(HTTP), File Transfer Protocol (FTP),
Trivial File Transfer Protocol (TFTP),
Internet Message Access Protocol
(IMAP), and Domain Name System (DNS) protocol.

Figure shows the TCP/IP and OSI models side by side. Sample Applications for the O.S.I. model Application layer include Domain
Name System, Hypertext Transfer Protocol, Simple Mail Transfer Protocol, Post Office Protocol, Dynamic Host Configuration Protocol,
File Transfer Protocol, and Internet Message Access Protocol.

Presentation and Session

Layer

The Presentation Layer

The presentation layer has three primary

functions:

 Formatting, or presenting, data at

the source device into a compatible form
for receipt by the destination device

 Compressing data in a way that can

be decompressed by the destination
device

 Encrypting data for transmission

and decrypting data upon receipt

As shown in the figure, the presentation layer formats data for the application layer, and it sets standards for file formats. Some well-
known standards for video include QuickTime and Motion Picture Experts Group (MPEG). Some well-known graphic image formats that
are used on networks are Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and Portable Network
Graphics (PNG) format.

The Session Layer

As the name implies, functions at the session layer create and maintain dialogs between source and destination applications. The
session layer handles the exchange of information to initiate dialogs, keep them active, and to restart sessions that are disrupted or idle
for a long period of time.

Figure shows the TCP/IP and OSI models side by side. Examples for the OSI model Presentation layer include Quick Time, Motion
Picture Experts Group (MPEG), Graphics Interchange Format (GIF), Joint Photographic Experts Group (JPEG), and Portable Network
Graphics (PNG).
 TCP/IP Application Layer
Protocols

The TCP/IP application protocols specify the format

and control information necessary for many
common Internet communication functions. Click
each application protocol in the figure to learn more
about them.

Application layer protocols are used by both the

source and destination devices during a
communication session. For the communications to
be successful the application layer protocols
implemented on the source and destination host
must be compatible.

The figure shows examples of OSI layer

functionality. Name System (DNS), Host Config
(BootP, DHCP), E Mail (SMTP, POP and IMAP),
File Transfer (FTP and TFTP) and Web (HTTP).
Clicking on any one of them displays a description.

1. Which two characteristics are associated with UDP sessions? (Choose two.)
 Destination devices receive traffic with minimal delay.*
 Transmitted data segments are tracked.
 Destination devices reassemble messages and pass them to an application.
 Received data is unacknowledged.*
 Unacknowledged data packets are retransmitted.
Explain:
TCP:
· Provides tracking of transmitted data segments
· Destination devices will acknowledge received data.
· Source devices will retransmit unacknowledged data.
UDP
· Destination devices will not acknowledge received data
· Headers use very little overhead and cause minimal delay.
2. What happens if part of an FTP message is not delivered to the destination?
 The message is lost because FTP does not use a reliable delivery method.
 The FTP source host sends a query to the destination host.
 The part of the FTP message that was lost is re-sent.*
 The entire FTP message is re-sent.
Explain:
Because FTP uses TCP as its transport layer protocol, sequence and acknowledgment
numbers will identify the missing segments, which will be re-sent to complete the message.
3. A host device needs to send a large video file across the network while providing data
communication to other users. Which feature will allow different communication streams to
occur at the same time, without having a single data stream using all available bandwidth?
 window size
 multiplexing*
 port numbers
 acknowledgments
 Explain:
Multiplexing is useful for interleaving multiple communication streams. Window size is used to
slow down the rate of data communication. Port numbers are used to pass data streams to
their proper applications. Acknowledgments are used to notify a sending device that a stream
of data packets has or has not been received.
4. What kind of port must be requested from IANA in order to be used with a specific
application?
 registered port*
 private port
 dynamic port
 source port
Explain:
Registered ports (numbers 1024 to 49151) are assigned by IANA to a requesting entity to use
with specific processes or applications. These processes are primarily individual applications
that a user has chosen to install, rather than common applications that would receive a well-
known port number. For example, Cisco has registered port 1985 for its Hot Standby Routing
Protocol (HSRP) process.
5. What type of information is included in the transport header?
 destination and source logical addresses
 destination and source physical addresses
 destination and source port numbers*
 encoded application data
Explain:
In a segment, the transport layer header will include the source and destination process, or
port numbers. Destination and source physical addressing is included in the frame header.
Destination and source logical addressing is included in the network header. Application data
is encoded in the upper layers of the protocol stack.
6. What is a socket?
 the combination of the source and destination IP address and source and destination
Ethernet address
 the combination of a source IP address and port number or a destination IP address and port
number*
 the combination of the source and destination sequence and acknowledgment numbers
 the combination of the source and destination sequence numbers and port numbers
Explain:
A socket is a combination of the source IP address and source port or the destination IP
address and the destination port number.
7. What is the complete range of TCP and UDP well-known ports?
 0 to 255
 0 to 1023*
 256 – 1023
 1024 – 49151
Explain:
There are three ranges of TCP and UDP ports. The well-know range of port numbers is from
0 – 1023.
8. Which flag in the TCP header is used in response to a received FIN in order to terminate
connectivity between two network devices?
 FIN
 ACK*
 SYN
 RST
Explain:
In a TCP session, when a device has no more data to send, it will send a segment with the
FIN flag set. The connected device that receives the segment will respond with an ACK to
acknowledge that segment. The device that sent the ACK will then send a FIN message to
close the connection it has with the other device. The sending of the FIN should be followed
with the receipt of an ACK from the other device.
9. What is a characteristic of a TCP server process?
 Every application process running on the server has to be configured to use a dynamic port
number.
 There can be many ports open simultaneously on a server, one for each active server
application.*
 An individual server can have two services assigned to the same port number within the
same transport layer services.
 A host running two different applications can have both configured to use the same server
port.
Explain:
Each application process running on the server is configured to use a port number, either by
default or manually, by a system administrator. An individual server cannot have two services
assigned to the same port number within the same transport layer services. A host running a
web server application and a file transfer application cannot have both configured to use the
same server port. There can be many ports open simultaneously on a server, one for each
active server application.
10. Which two flags in the TCP header are used in a TCP three-way handshake to establish
connectivity between two network devices? (Choose two.)
 ACK*
 FIN
 PSH
 RST
 SYN*
 URG
Explain:
TCP uses the SYN and ACK flags in order to establish connectivity between two network
devices.
11. A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is
sending the file using 100-byte segments. How many segments will the server send before it
requires an acknowledgment from the PC?
 1 segment
 10 segments*
 100 segments
 1000 segments
Explain:
With a window of 1000 bytes, the destination host accepts segments until all 1000 bytes of
data have been received. Then the destination host sends an acknowledgment.
12. Which factor determines TCP window size?
 the amount of data to be transmitted
 the number of services included in the TCP segment
 the amount of data the destination can process at one time*
 the amount of data the source is capable of sending at one time
Explain:
Window is the number of bytes that the sender will send prior to expecting an
acknowledgement from the destination device. The initial window is agreed upon during the
session startup via the three-way handshake between source and destination. It is
determined by how much data the destination device of a TCP session is able to accept and
process at one time.
13. During a TCP session, a destination device sends an acknowledgment number to the source
device. What does the acknowledgment number represent?
 the total number of bytes that have been received
 one number more than the sequence number
 the next byte that the destination expects to receive*
 the last sequence number that was sent by the source
14. What information is used by TCP to reassemble and reorder received segments?
 port numbers
 sequence numbers*
 acknowledgment numbers
 fragment numbers
Explain:
At the transport layer, TCP uses the sequence numbers in the header of each TCP segment
to reassemble the segments into the correct order.
15. What does TCP do if the sending source detects network congestion on the path to the
destination?
 The source host will send a request for more frequent acknowledgments to the destination.
 The source will decrease the amount of data that it sends before it must receive
acknowledgements from the destination.*
 The destination will request retransmission of the entire message.
 The source will acknowledge the last segment that is sent and include a request for a
smaller window size in the message.
Explain:
If the source determines that TCP segments are either not being acknowledged or not
acknowledged in a timely manner, then it can reduce the number of bytes it sends before
receiving an acknowledgment. Notice that it is the source that is reducing the number of
unacknowledged bytes it sends. This does not involve changing the window size in the
segment header.
16. What is a characteristic of UDP?
 UDP datagrams take the same path and arrive in the correct order at the destination.
 Applications that use UDP are always considered unreliable.
 UDP reassembles the received datagrams in the order they were received.*
 UDP only passes data to the network when the destination is ready to receive the data.
Explain:
UDP has no way to reorder the datagrams into their transmission order, so UDP simply
reassembles the data in the order it was received and forwards it to the application.
17. What does a client do when it has UDP datagrams to send?
 It just sends the datagrams.*
 It queries the server to see if it is ready to receive data.
 It sends a simplified three-way handshake to the server.
 It sends to the server a segment with the SYN flag set to synchronize the conversation.
Explain:
When a client has UDP datagrams to send, it just sends the datagrams.
18. What happens if the first packet of a TFTP transfer is lost?
 The client will wait indefinitely for the reply.
 The TFTP application will retry the request if a reply is not received.*
 The next-hop router or the default gateway will provide a reply with an error code.
 The transport layer will retry the query if a reply is not received.
Explain:
The TFTP protocol uses UDP for queries, so the TFTP application must implement the
reliability, if needed.
19. A host device is receiving live streaming video. How does the device account for video data
that is lost during transmission?
 The device will immediately request a retransmission of the missing data.
 The device will use sequence numbers to pause the video stream until the correct data
arrives.
 The device will delay the streaming video until the entire video stream is received.
 The device will continue receiving the streaming video, but there may be a momentary
disruption.*
Explain:
When TCP is used as the transport protocol, data must be received in a specific sequence or
all data must be fully received in order for it to be used. TCP will use sequence numbers,
acknowledgments and retransmission to accomplish this. However, when UDP is used as the
transport protocol, data that arrives out of order or with missing segments may cause a
momentary disruption, but the destination device may still be able to use the data that it has
received. This technology results in the least amount of network delay by providing minimal
reliability. Since live streaming video applications use UDP as the transport protocol, the
receiver will continue showing the video although there may be a slight delay or reduction in
quality.
20. Why does HTTP use TCP as the transport layer protocol?
 to ensure the fastest possible download speed
 because HTTP is a best-effort protocol
 because transmission errors can be tolerated easily
 because HTTP requires reliable delivery*
Explain:
When a host requests a web page, transmission reliability and completeness must be
guaranteed. Therefore, HTTP uses TCP as its transport layer protocol.
21. When is UDP preferred to TCP?
 when a client sends a segment to a server
 when all the data must be fully received before any part of it is considered useful
 when an application can tolerate some loss of data during transmission*
 when segments must arrive in a very specific sequence to be processed successfully
Explain:
UDP can be used when an application can tolerate some data loss. UDP is the preferred
protocol for applications that provide voice or video that cannot tolerate delay.
22. Which three application layer protocols use TCP? (Choose three.)
 SMTP*
 FTP*
 SNMP
 HTTP*
 TFTP
 DHCP
Explain:
Some protocols require the reliable data transport that is provided by TCP. In addition, these
protocols do not have real time communication requirements and can tolerate some data loss
while minimizing protocol overhead. Examples of these protocols are SMTP, FTP, and HTTP.
23. Refer to the exhibit. Consider a datagram that originates on the PC and that is destined for
the web server. Match the IP addresses and port numbers that are in that datagram to the
description. (Not all options are used.)
 destination IP address -> 192.168.2.2
destination port number -> 80
source IP address -> 192.168.1.2
source port number -> 2578
Explain:
A TCP/IP segment that originated on the PC has 192.168.1.2 as the IP source address. 2578
is the only possible option for the source port number because the PC port number must be in
the range of registered ports 1024 to 49151. The destination is the web server, which has the
IP address 192.168.2.2, and the destination port number is 80 according to the HTTP protocol
standard.
24. What information is used by TCP to reassemble and reorder received segments?
 sequence numbers*
 acknowledgment numbers
 fragment numbers
 port numbers
Older Version
25. Refer to the exhibit. How many broadcast domains are there?

 1
 2
 3
 4*
26. How many usable host addresses are there in the subnet 192.168.1.32/27?
 32
 30*
 64
 16
 62
27. How many host addresses are available on the network 172.16.128.0 with a subnet mask of
255.255.252.0?
 510
 512
 1022*
 1024
 2046
 2048
28. A network administrator is variably subnetting a network. The smallest subnet has a mask of
255.255.255.248. How many host addresses will this subnet provide??
 4
 6*
 8
 10
 12
29. Refer to the exhibit. A company uses the address block of 128.107.0.0/16 for its network.
What subnet mask would provide the maximum number of equal size subnets while providing
enough host addresses for each subnet in the exhibit?

 255.255.255.0
 255.255.255.128*
 255.255.255.192
 255.255.255.224
 255.255.255.240
30. Refer to the exhibit. The network administrator has assigned the LAN of LBMISS an address
range of 192.168.10.0. This address range has been subnetted using a /29 prefix. In order to
accommodate a new building, the technician has decided to use the fifth subnet for configuring
the new network (subnet zero is the first subnet). By company policies, the router interface is
always assigned the first usable host address and the workgroup server is given the last usable
host address. Which configuration should be entered into the properties of the workgroup server
 to
allow

connectivity to the Internet?

 IP address: 192.168.10.65 subnet mask: 255.255.255.240, default gateway: 192.168.10.76

 IP address: 192.168.10.38 subnet mask: 255.255.255.240, default gateway: 192.168.10.33
 IP address: 192.168.10.38 subnet mask: 255.255.255.248, default gateway: 192.168.10.33*
 IP address: 192.168.10.41 subnet mask: 255.255.255.248, default gateway: 192.168.10.46
 IP address: 192.168.10.254 subnet mask: 255.255.255.0, default gateway: 192.168.10.1
31. How many bits must be borrowed from the host portion of an address to accommodate a
router with five connected networks?
 two
 three*
 four
 five
32. A company has a network address of 192.168.1.64 with a subnet mask of 255.255.255.192. The
company wants to create two subnetworks that would contain 10 hosts and 18 hosts respectively.
Which two networks would achieve that? (Choose two.)
 192.168.1.16/28
 192.168.1.64/27*
 192.168.1.128/27
 192.168.1.96/28*
 192.168.1.192/28
33. In a network that uses IPv4, what prefix would best fit a subnet containing 100 hosts?
 /23
 /24
 /25*
 /26
34. Refer to the exhibit.
Given the network address of 192.168.5.0 and a subnet mask of 255.255.255.224, how many total
 host addresses are unused in the assigned subnets?

 56
 60
 64
 68
 72*
35. When developing an IP addressing scheme for an enterprise network, which devices are
recommended to be grouped into their own subnet or logical addressing group?
 end-user clients
 workstation clients
 mobile and laptop hosts
 hosts accessible from the Internet*
36. A network administrator needs to monitor network traffic to and from servers in a data
center. Which features of an IP addressing scheme should be applied to these devices?
 random static addresses to improve security
 addresses from different subnets for redundancy
 predictable static IP addresses for easier identification*
 dynamic addresses to reduce the probability of duplicate addresses
37. Which two reasons generally make DHCP the preferred method of assigning IP addresses to
hosts on large networks? (Choose two.)
 It eliminates most address configuration errors.*
 It ensures that addresses are only applied to devices that require a permanent address.
 It guarantees that every device that needs an address will get one.
 It provides an address only to devices that are authorized to be connected to the network.
 It reduces the burden on network support staff.*
 38. Refer to the exhibit. A computer that is configured with the IPv6 address as shown in the
exhibit is unable to access the internet. What is the problem?

 The DNS address is wrong.

 There should not be an alternative DNS address.
 The gateway address is in the wrong subnet.*
 The settings were not validated.
39. When subnetting a /64 IPv6 network prefix, which is the preferred new prefix length?
 /66
 /70
 /72*
 /74
40. What is the subnet address for the address 2001:DB8:BC15:A:12AB::1/64?
 2001:DB8:BC15::0
 2001:DB8:BC15:A::0*
 2001:DB8:BC15:A:1::1
 2001:DB8:BC15:A:12::0
41. Which two notations are useable nibble boundaries when subnetting in IPv6? (Choose two.)
 /62
 /64*
 /66
 /68*
 /70
42. Fill in the blank.
In dotted decimal notation, the IP address 172.25.0.126 is the last host address for the network
172.25.0.64/26.
43. Fill in the blank.
In dotted decimal notation, the subnet mask 255.255.254.0 will accommodate 500 hosts per
subnet.
Consider the following range of addresses:
2001:0DB8:BC15:00A0:0000::
2001:0DB8:BC15:00A1:0000::
2001:0DB8:BC15:00A2:0000::
…
 2001:0DB8:BC15:00AF:0000::
The prefix-length for the range of addresses is /60
44. Fill in the blank.
A nibble consists of 4 bits.
45. Open the PT Activity. Perform the tasks in the activity instructions and then answer the
question. What issue is causing Host A to be unable to communicate with Host B?
 The subnet mask of host A is incorrect.
 Host A has an incorrect default gateway.
 Host A and host B are on overlapping subnets.*
 The IP address of host B is not in the same subnet as the default gateway is on.
46. Refer to the exhibit. Given the network address of 192.168.5.0 and a subnet mask of
255.255.255.224, how many addresses are wasted in total by subnetting each network with a
subnet mask of 255.255.255.224?

 56
 60
 64
 68
 72*

47. Match the subnetwork to a host address that would be included within the subnetwork. (Not
all option are used.)

Place the options in the following order:

– not scored –
192.168.1.64/27
– not scored –
192.168.1.32/27
192.168.1.96/27

48. Refer to the exhibit. Match the network with the correct IP address and prefix that will
satisfy the usable host addressing requirements for each network. (Not all options are used.)

Place the options in the following order:

– not scored –
Network C
– not scored –
Network A
Network D
Network B