Internet protocol stack

§ application: supporting network

applications
• FTP, SMTP, HTTP application
§ transport: process-process data
transfer transport
• TCP, UDP
network
§ network: routing of datagrams from
source to destination
link
• IP, routing protocols
§ link: data transfer between physical
neighboring network elements
• Ethernet, 802.111 (WiFi), PPP
§ physical: bits “on the wire”
Introduction 1-76
ISO/OSI reference model
§ presentation: allow applications
to interpret meaning of data, application
e.g., encryption, compression,
machine-specific conventions presentation
§ session: synchronization, session
checkpointing, recovery of data transport
exchange
network
§ Internet stack “missing” these
layers! link
• these services, if needed, must be physical
implemented in application
• needed?

Introduction 1-77
 message M
source
application
Encapsulation
segment Ht M transport
datagram Hn Ht M network
frame Hl Hn Ht M link
physical
link
physical

switch

destination Hn Ht M network
M application Hl Hn Ht M link Hn Ht M
Ht M transport physical
Hn Ht M network
Hl Hn Ht M link router
physical

Introduction 1-78
Chapter 1: roadmap
1.1 what is the Internet?
1.2 network edge
§ end systems, access networks, links
1.3 network core
§ packet switching, circuit switching, network structure
1.4 delay, loss, throughput in networks
1.5 protocol layers, service models
1.6 networks under attack: security
1.7 history

Introduction 1-79
Network security
§ field of network security:
• how bad guys can attack computer networks
• how we can defend networks against attacks
• how to design architectures that are immune to attacks
§ Internet not originally designed with (much)
security in mind
• original vision: “a group of mutually trusting users
attached to a transparent network” J
• Internet protocol designers playing “catch-up”
• security considerations in all layers!

Introduction 1-80
Bad guys: put malware into hosts via Internet
§ malware can get in host from:
• virus: self-replicating infection by receiving/executing
object (e.g., e-mail attachment)
• worm: self-replicating infection by passively receiving
object that gets itself executed
§ spyware malware can record keystrokes, web
sites visited, upload info to collection site
§ infected host can be enrolled in botnet, used for
spam. DDoS attacks

Introduction 1-81
Bad guys: attack server, network infrastructure
Denial of Service (DoS): attackers make resources
(server, bandwidth) unavailable to legitimate traffic
by overwhelming resource with bogus traffic

1. select target
2. break into hosts around
the network (see botnet)
3. send packets to target from
compromised hosts
target

Introduction 1-82
The Mirai Botnet (2016)
• Malware scans and infects IoT devices (with default factory
credentials) and turn them into bots
• Large scale attacks (SYN Flood) à inaccessibility of several high-
profile websites such as GitHub,Twitter, Reddit, Netflix,Airbnb and
many others

83

Introduction 1-83
Other notable cyber attacks
§ Ukraine power grid hack
• Caused power outages for roughly
230,000 consumers in Ukraine for 1-6
hours. - attributed to a Russian advanced
persistent threat group known as
"Sandworm". the first publicly
acknowledged successful cyberattack on a
power grid.

84

Introduction 1-84
Other notable cyber attacks
§ Stuxnet
• Stuxnet is a malicious computer worm first
uncovered in 2010 and thought to have
been in development since at least 2005.

• Stuxnet targets supervisory control and

data acquisition (SCADA) systems and is
believed to be responsible for causing
substantial damage to the nuclear program
of Iran.[

Exploiting four zero-day flaws, Stuxnet functions

by targeting machines using the Microsoft
Windows operating system and networks, then
seeking out Siemens Step7 software.
85

Introduction 1-85
Other notable cyber attacks
§ Ransomware
• ransomware cyberattack that
impacted computerized
equipment managing the
pipeline
• vulnerability of infrastructure
(including critical infrastructure)
• Company shuts down service to
contain attack
• Paid $4.4M

86

Introduction 1-86
Bad guys can sniff packets
packet “sniffing”:
§ broadcast media (shared Ethernet, wireless)
§ promiscuous network interface reads/records all packets
(e.g., including passwords!) passing by

A C

src:B dest:A payload

B

§ wireshark software used for end-of-chapter labs is a

(free) packet-sniffer
Introduction 1-87
Bad guys can use fake addresses
IP spoofing: send packet with false source address
A C

src:B dest:A payload

… lots more on security (throughout, Chapter 8)

Introduction 1-88
Chapter 1: roadmap
1.1 what is the Internet?
1.2 network edge
§ end systems, access networks, links
1.3 network core
§ packet switching, circuit switching, network structure
1.4 delay, loss, throughput in networks
1.5 protocol layers, service models
1.6 networks under attack: security
1.7 history

Introduction 1-89
Internet history
1961-1972: Early packet-switching principles
§ 1961: Kleinrock - § 1972:
queueing theory shows • ARPAnet public demo
effectiveness of packet- • NCP (Network Control
switching Protocol) first host-host
§ 1964: Baran - packet- protocol
switching in military nets • first e-mail program
§ 1967: ARPAnet • ARPAnet has 15 nodes
conceived by Advanced
Research Projects
Agency
§ 1969: first ARPAnet node
operational

Introduction 1-90
Internet history
1972-1980: Internetworking, new and proprietary nets
§ 1970: ALOHAnet satellite
network in Hawaii
§ 1974: Cerf and Kahn -
architecture for interconnecting
networks
§ 1976: Ethernet at Xerox PARC
§ late70’s: proprietary
architectures: DECnet, SNA,
XNA
§ late 70’s: switching fixed length
packets (ATM precursor)
§ 1979: ARPAnet has 200 nodes
Cerf and Kahn’s
internetworking principles:
• minimalism, autonomy - no
internal changes required to
interconnect networks
• best effort service model
• stateless routers
• decentralized control
define today’s Internet
architecture
Introduction 1-91
Internet history
1980-1990: new protocols, a proliferation of networks
§ 1983: deployment of § new national networks:
TCP/IP CSnet, BITnet, NSFnet,
§ 1982: smtp e-mail Minitel
protocol defined § 100,000 hosts connected
§ 1983: DNS defined for to confederation of
name-to-IP-address networks
translation
§ 1985: ftp protocol defined
§ 1988: TCP congestion
control

Introduction 1-92
Internet history
1990, 2000’s: commercialization, the Web, new apps
§ early 1990’s: ARPAnet
decommissioned
§ 1991: NSF lifts restrictions on
commercial use of NSFnet
(decommissioned, 1995)
§ early 1990s: Web
• hypertext [Bush 1945,
Nelson 1960’s]
• HTML, HTTP: Berners-Lee
• 1994: Mosaic, later Netscape
• late 1990’s:
commercialization of the Web
late 1990’s – 2000’s:
§ more killer apps: instant
messaging, P2P file sharing
§ network security to
forefront
§ est. 50 million host, 100
million+ users
§ backbone links running at
Gbps
Introduction 1-93
Internet history
2005-present
§ ~5B devices attached to Internet (2016)
• smartphones and tablets
§ aggressive deployment of broadband access
§ increasing ubiquity of high-speed wireless access
§ emergence of online social networks:
• Facebook: ~ one billion users
§ service providers (Google, Microsoft) create their own
networks
• bypass Internet, providing “instantaneous” access to
search, video content, email, etc.
§ e-commerce, universities, enterprises running their
services in “cloud” (e.g., Amazon EC2)

Introduction 1-94
Introduction: summary
covered a “ton” of material! you now have:
§ Internet overview § context, overview, “feel”
§ what’s a protocol? of networking
§ network edge, core, access § more depth, detail to
network follow!
• packet-switching versus
circuit-switching
• Internet structure
§ performance: loss, delay,
throughput
§ layering, service models
§ security
§ history

Introduction 1-95
 Chapter 1
Additional Slides

Introduction 1-96
 application
(www browser,
packet
email client)
analyzer
application

OS
packet Transport (TCP/UDP)
capture copy of all Network (IP)
Ethernet Link (Ethernet)
(pcap) frames
sent/receive Physical
d
Chapter 3
Transport Layer

A note on the use of these Powerpoint slides:

We’re making these slides freely available to all (faculty, students, readers).
They’re in PowerPoint form so you see the animations; and can add, modify,
and delete slides (including this one) and slide content to suit your needs.

Computer
They obviously represent a lot of work on our part. In return for use, we only
ask the following:

§ If you use these slides (e.g., in a class) that you mention their source
(after all, we’d like people to use our book!)
Networking: A Top
§ If you post any slides on a www site, that you note that they are adapted
from (or perhaps identical to) our slides, and note our copyright of this Down Approach
material.
7th edition
Thanks and enjoy! JFK/KWR
Jim Kurose, Keith Ross
All material copyright 1996-2016 Pearson/Addison Wesley
J.F Kurose and K.W. Ross, All Rights Reserved April 2016
Transport Layer 2-1
Chapter 3: Transport Layer
our goals:
§ understand principles § learn about Internet
behind transport
layer services:
• multiplexing,
demultiplexing
• reliable data transfer
• flow control
• congestion control
transport layer protocols:
• UDP: connectionless
transport
• TCP: connection-oriented
reliable transport
• TCP congestion control
Transport Layer 3-2
Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and • segment structure
demultiplexing • reliable data transfer
3.3 connectionless • flow control
transport: UDP • connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-3

Transport services and protocols
application
transport
§ provide logical communication network
data link
between app processes physical

running on different hosts

lo
§ transport protocols run in

g
ica
end systems

le
nd
-e
• send side: breaks app

nd
messages into segments,

tra
ns
passes to network layer

po
rt
• rcv side: reassembles application
segments into messages, transport
network
passes to app layer data link
physical

§ more than one transport

protocol available to apps
• Internet: TCP and UDP
Transport Layer 3-4
Transport vs. network layer
§ network layer: logical household analogy:
communication
between hosts 12 kids in Ann’s house sending
letters to 12 kids in Bill’s
§ transport layer: house:
logical § hosts = houses
communication § processes = kids
between processes § app messages = letters in
envelopes
• relies on, enhances, § transport protocol = Ann
network layer and Bill who demux to in-
services house siblings
§ network-layer protocol =
postal service

Transport Layer 3-5

Internet transport-layer protocols
application
§ reliable, in-order transport
network

delivery (TCP) data link

physical
network

• congestion control network data link

lo
data link physical

g
physical

ica
• flow control network

le
data link

nd
• connection setup physical

-e
nd
network

§ unreliable, unordered data link

tra
physical

ns
delivery: UDP

po
network
data link

rt
physical
• no-frills extension of network
data link application
“best-effort” IP physical
network
data link
transport
network
data link
§ services not available: physical
physical

• delay guarantees
• bandwidth guarantees

Transport Layer 3-6

Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and • segment structure
demultiplexing • reliable data transfer
3.3 connectionless • flow control
transport: UDP • connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-7

Multiplexing/demultiplexing
multiplexing at sender:
handle data from multiple
sockets, add transport header
(later used for demultiplexing)
demultiplexing at receiver:
use header info to deliver
received segments to correct
socket

application

application P1 P2 application socket

P3 transport P4
process
transport network transport
network link network
link physical link
physical physical

Transport Layer 3-8

How demultiplexing works
§ host receives IP datagrams 32 bits
• each datagram has source IP source port # dest port #
address, destination IP
address
other header fields
• each datagram carries one
transport-layer segment
• each segment has source, application
destination port number data
§ host uses IP addresses & (payload)
port numbers to direct
segment to appropriate
TCP/UDP segment format
socket

Transport Layer 3-9

 Connectionless demultiplexing
§ recall: created socket has
host-local port #:
DatagramSocket mySocket1
= new DatagramSocket(12534);
§ when host receives UDP
segment:
• checks destination port #
in segment
• directs UDP segment to
socket with that port #
X
§ recall: when creating
datagram to send into UDP
socket, must specify
• destination IP address
• destination port #
IP datagrams with same
dest. port #, but different
source IP addresses
and/or source port
numbers will be directed
to same socket at dest
Transport Layer 3-10
Connectionless demux: example
DatagramSocket
DatagramSocket serverSocket = new
DatagramSocket
mySocket2 = new DatagramSocket mySocket1 = new
DatagramSocket (6428); DatagramSocket
(9157); application (5775);
application application
P1
P3 P4
transport
transport transport
network
network link network
link physical link
physical physical

source port: 6428 source port: ?

dest port: 9157 dest port: ?

source port: 9157 source port: ?

dest port: 6428 dest port: ?
Transport Layer 3-11
 Connection-oriented demux
§ TCP socket identified § server host may support
by 4-tuple: many simultaneous TCP
• source IP address sockets:
• source port number • each socket identified by
• dest IP address its own 4-tuple
• dest port number § web servers have
§ demux: receiver uses all different sockets for
four values to direct each connecting client
segment to appropriate • non-persistent HTTP will
socket have different socket for
each request

Transport Layer 3-12

 Connection-oriented demux: example

application
application P4 P5 P6 application
P3 P2 P3
transport
transport transport
network
network link network
link physical link
physical server: IP physical
address B

host: IP source IP,port: B,80 host: IP

address A dest IP,port: A,9157 source IP,port: C,5775 address C
dest IP,port: B,80
source IP,port: A,9157
dest IP, port: B,80
source IP,port: C,9157
dest IP,port: B,80
three segments, all destined to IP address: B,
dest port: 80 are demultiplexed to different sockets Transport Layer 3-13
 Connection-oriented demux: example
threaded server
application
application application
P4
P3 P2 P3
transport
transport transport
network
network link network
link physical link
physical server: IP physical
address B

host: IP source IP,port: B,80 host: IP

address A dest IP,port: A,9157 source IP,port: C,5775 address C
dest IP,port: B,80
source IP,port: A,9157
dest IP, port: B,80
source IP,port: C,9157
dest IP,port: B,80

Transport Layer 3-14

Chapter 3 outline
3.1 transport-layer 3.5 connection-oriented
services transport: TCP
3.2 multiplexing and • segment structure
demultiplexing • reliable data transfer
3.3 connectionless • flow control
transport: UDP • connection management
3.4 principles of reliable 3.6 principles of congestion
data transfer control
3.7 TCP congestion control

Transport Layer 3-15

UDP: User Datagram Protocol [RFC 768]
§ “no frills,” “bare bones” § UDP use:
Internet transport § streaming multimedia
protocol apps (loss tolerant, rate
§ “best effort” service, UDP sensitive)
segments may be: § DNS
• lost § SNMP
• delivered out-of-order § reliable transfer over
to app
UDP:
§ connectionless:
§ add reliability at
• no handshaking application layer
between UDP sender,
receiver § application-specific error
recovery!
• each UDP segment
handled independently
of others
Transport Layer 3-16
UDP: segment header
length, in bytes of
32 bits UDP segment,
source port # dest port # including header

length checksum
why is there a UDP?
§ no connection
application establishment (which can
data add delay)
(payload) § simple: no connection
state at sender, receiver
§ small header size
UDP segment format § no congestion control:
UDP can blast away as fast
as desired

Transport Layer 3-17

UDP checksum
Goal: detect “errors” (e.g., flipped bits) in transmitted
segment
sender: receiver:
§ treat segment contents, § compute checksum of
including header fields, received segment
as sequence of 16-bit § check if computed checksum
integers
equals checksum field value:
§ checksum: addition
(one’s complement sum) • NO - error detected
of segment contents • YES - no error detected.
§ sender puts checksum But maybe errors
value into UDP checksum nonetheless? More later
field ….

Transport Layer 3-18

Internet checksum: example
example: add two 16-bit integers
1 1 1 1 0 0 1 1 0 0 1 1 0 0 1 1 0
1 1 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1

wraparound 1 1 0 1 1 1 0 1 1 1 0 1 1 1 0 1 1

sum 1 1 0 1 1 1 0 1 1 1 0 1 1 1 1 0 0
checksum 1 0 1 0 0 0 1 0 0 0 1 0 0 0 0 1 1

Note: when adding numbers, a carryout from the most

significant bit needs to be added to the result

* Check out the online interactive exercises for more

examples: http://gaia.cs.umass.edu/kurose_ross/interactive/ Transport Layer 3-19