TCP/IP In-depth

Abhilash D
Project Engineer
C-DAC, Hyderabad
Universal Language?

Centre for Development of Advanced 2

Computing, Hyderabad
 Topics

• TCP/IP Protocol Stack

• Ethernet Frame
• Address Resolution Protocol (ARP)
• Internet Protocol (IP)
• Transmission Control Protocol (TCP)
• User Datagram Protocol (UDP)
• Packet Capture Demonstration

Centre for Development of Advanced 3

Computing, Hyderabad
Centre for Development of Advanced 4
Computing, Hyderabad
 Today !

Centre for Development of Advanced 5

Computing, Hyderabad
Chat Friends Finally Meet !

Centre for Development of Advanced 6

Computing, Hyderabad
Evolution Contd..

Centre for Development of Advanced 7

Computing, Hyderabad
 Tomorrow !

Centre for Development of Advanced 8

Computing, Hyderabad
TCP/IP Protocol Stack

Centre for Development of Advanced 9

Computing, Hyderabad
TCP/I P Protocol Stack

Centre for Development of Advanced 10

Computing, Hyderabad
Encapsulation

Centre for Development of Advanced 11

Computing, Hyderabad
Data Encapsulation

Centre for Development of Advanced 12

Computing, Hyderabad
 Demultiplexing

Application 1 Application 2 Demux

based on
port in TCP
Header
TCP UDP
Demux based
on protocol
ICMP value in IP
Header
IP

ARP RARP Demux based

on frame type
Ethernet Driver in ethernet
header
Centre for Development of Advanced 13
Computing, Hyderabad
 Layered Addressing

Host Address www.cdac.in

Port 8080
Internet Address 204.101.32.100
MAC Address 00-80-48-24-34-fc

Centre for Development of Advanced 14

Computing, Hyderabad
 Internet Address Classes

A 0.0.0.0 127.255.255.255
B 128.0.0.0 191.255.255.255
C 192.0.0.0 223.255.255.255
D 224.0.0.0 239.255.255.255
E 240.0.0.0 247.255.255.255

Centre for Development of Advanced 15

Computing, Hyderabad
 Ethernet Frame

• DestAddr: Physical address of the

destination machine
• SrcAddr: Physical address of the Source
machine
• Type: Type of network service Eg:
– 0x0800 (IP), 0x0806
• CRC: Cyclic Redundancy Check
Centre for Development of Advanced 16
Computing, Hyderabad
Address Resolution
Protocol (ARP)
Address Resolution Protocol (ARP)

Centre for Development of Advanced 18

Computing, Hyderabad
 ARP Cache

Centre for Development of Advanced 19

Computing, Hyderabad
Internet Protocol (IP)
 IP Header

Centre for Development of Advanced 21

Computing, Hyderabad
 IP Header Fields

• Vers (4 bits): version of IP protocol (IPv4=4)

• Hlen (4 bits): Header length in 32 bit words, without options (usual case)
= 20
• Type of Service – TOS (8 bits): little used in past, now being used for
QoS
• Total length (16 bits): length of datagram in bytes, includes header and
data
• Time to live – TTL (8bits): specifies how long datagram is allowed to
remain in internet
– Routers decrement by 1
– When TTL = 0 router discards datagram
– Prevents infinite loops
• Protocol (8 bits): specifies the format of the data area
– Protocol numbers administered by central authority to guarantee
agreement, e.g. TCP=6, UDP=17 …
Centre for Development of Advanced 22
Computing, Hyderabad
 IP Header Fields Contd..
 Identification. This field uniquely identifies each datagram sent by the host.
 It is normally incremented by one each time a datagram is sent.
 The receiving IP layer will utilize the Identification, Source IP address,
Destination IP address and Protocol fields to identify which fragments belong
together.
 Flags. The low order two bits control fragmentation.
 The first control bit is a do not fragment bit because a setting of 1 indicates
that this datagram should not be fragmented.
 The low order bit is called the more fragment bit because when set to 1 it
indicates to the receiver that more fragments are to follow.
 A 0 setting indicates the last fragment.
 Fragment Offset. This field specifies the offset in the original datagram of the
data being carried in this fragment measured in bytes starting at offset zero.
 To reassemble the datagram the receiver must obtain all fragments starting
with fragment offset 0 through the highest offset.
• Source & destination IP address (32 bits each): contain IP address of sender and
intended recipient
• Options (variable length): Mainly used to record a route, or timestamps, or specify
routing

Centre for Development of Advanced 23

Computing, Hyderabad
IP Fragmentation

Centre for Development of Advanced 24

Computing, Hyderabad
 IP Routing

Centre for Development of Advanced 25

Computing, Hyderabad
Transmission Control
Protocol (TCP)
 Transmission Control Protocol(TCP)

 IP protocol provides connectionless packet delivery

 Packets can be lost or destroyed
 Packets can be delivered out of order or in duplicate
 TCP provides a connection-oriented, reliable packet
delivery by:
 Sending Acknowledgements.
 Maintaining a retransmit timer.
 Checksum on header and data.
 Segment and resequence data.
 Checks for and discards duplicates.
 Provides flow control.
 TCP is used by services such as TELNET, FTP, SMTP
and WWW.

Centre for Development of Advanced 27

Computing, Hyderabad
 TCP Functions
TCP provides the following major services to the upper
protocol layers:
 Connection-oriented data management to assure the
end-to-end transfer of data across the network(s).
 Reliable data transfer to assure that all data is
accurately received, in sequence and with no duplicates.
 Stream-oriented data transfer takes place between the
sender application and TCP and the receiving application
and TCP.
 To stream is to send individual characters not blocks
or frames.
 Push Function to govern the TCP buffer management.
This assures that all data passed by the application
program to TCP has been transmitted
Centre for Development of Advanced 28
Computing, Hyderabad
 TCP Functions Contd..

TCP provides the following major services to the

upper protocol layers:
 Resequencing of data can take place at the
receiver in order to resequence out of order
segments and to eliminate duplicate segments.
 Flow Control is used to prevent buffer overrun
and saturation of the receiving machine.
 Multiplexing allows multiple user sessions with
a single host onto the upper layer protocols.
 Full-duplex transmission allows simultaneous
two-way transmission without waiting for a
turnaround signal
Centre for Development of Advanced 29
Computing, Hyderabad
TCP end-to-end Connection

Centre for Development of Advanced 30

Computing, Hyderabad
 TCP Header

Centre for Development of Advanced 31

Computing, Hyderabad
 TCP Header Fields

 Source/Destination Port. Identifies the sending and

receiving application. The source and destination port in
conjunction with the source and destination IP address
uniquely identify each connection. The IP address and port
number is sometimes called a socket.
 A socket pair (Source(IP address, port number), Destination(IP
address, port number) uniquely identify the two end points in a TCP
connection.
 Sequence Number. TCP numbers each byte in the TCP
data with a sequence number.
 The sequence number identifies the first byte in the data segment
being transmitted from the sending TCP to the receiving TCP.
 The first sequence number by each side is a randomly generated
Initial Sequence Number.

Centre for Development of Advanced 32

Computing, Hyderabad
 TCP Header Fields Contd..

 Acknowledgement Number. The acknowledgement

number contains the next sequence number the receiving
station (sending the acknowledgement) expects to
receive. The Acknowledgement flag is set.
 Offset. It is perhaps more descriptive to call this field the
TCP Header Length. This field is required because the
length of the options field is variable.
 It indicates where the TCP header ends and the data
begins. The header is 20 bytes without the options field.
 Reserved. This field is reserved for future use and is set to
zero.

Centre for Development of Advanced 33

Computing, Hyderabad
 TCP Header Fields Contd..

TCP software uses the 6-bit Code Bits to determine the purpose and contents
of the segment.
 Urg This flag indicates that this segment contains an Urgent pointer
field. The Urgent Pointer field is explained below. 1 = Urgent, 0 = Not
Urgent.
 Ack This flag indicates that this segment contains an
Acknowledgement field. The Acknowledgement field is explained
below. 1 = Ack, 0 = No Ack.
 Psh The segment requests a Push. TCP software usually gathers
enough data to fill the transmit buffer prior to transmitting the data. 1 =
Push, 0 = No Push.
 If an application requires data to be transmitted even though a
buffer may not be full then a PUSH flag bit is set.
 At the receive side the PUSH makes the data available to the
application without delay.
Centre for Development of Advanced 34
Computing, Hyderabad
 TCP Header Fields Contd..

TCP software uses the 6-bit Code Bits to determine the

purpose and contents of the segment.

 Syn This flag field is used to Synchronize sequence

numbers to initiate a connection. 1 = Syn, 0 = No Syn
 The sending and receiving station, at connection time,
choose an Initial Sequence Number at random.
 Fin The Finish flag bit is used to indicate the
termination of a connection. 1 = Fin, 0 = No Fin.

Centre for Development of Advanced 35

Computing, Hyderabad
 TCP Header Fields Contd..

TCP software uses the 6-bit Code Bits to determine the purpose and
contents of the segment.

 Rest This field will Reset the connection. 1 = Reset, 0 = No Reset.

 A Connection Request to a Nonexistent Port. A connection
request arrives and there is no process listening on the destination
port.
 TCP generates a RST to the transmitting station.
 Aborting a connection. A connection can be aborted by sending a
RST instead of a FIN.
 This is called an abortive release.
 A normal termination with a FIN is called an orderly release.
 This RST elicits no response from the receiver (not
acknowledged). The receiver aborts the connection and advises
the application that the connection was reset.

Centre for Development of Advanced 36

Computing, Hyderabad
 TCP Header Fields Contd..

 Checksum. This field verifies the integrity of the TCP header and the
TCP data.
 It is mandatory and is calculated using a pseudo-header similar to
UDP checksum.
 Urgent Pointer. This field presents a way for the sender to transmit
emergency data to the receiver. The URG flag must be set.
 The Urgent Pointer is a 16 bit positive offset that is added to the
sequence number field in the TCP header to obtain the sequence
number of the last byte of the urgent data.
 The application determines where the urgent data starts in the data
stream.
 The field is normally used by the application to indicate the pressing
of an interrupt key during Telnet/Rlogin or a file transfer abort
during FTP.

Centre for Development of Advanced 37

Computing, Hyderabad
 Well-known TCP Port Numbers

Port Application Description

9 Discard Discard all incoming data port
20 FTP-Data File transfer data port
21 FTP-CMD File transfer command port
23 Telnet Telnet remote login port
25 SMTP Simple Mail Transfer Protocol port
79 Finger Obtains information about active users
80 HTTP Hypertext Transfer Protocol port
88 Kerberos Authentication Protocol
110 POP3 PC Mail retrieval service port
119 NNTP Network news access port
179 BGP Border Gateway Protocol
513 Rlogin Remote Login In
514 Rexec Remote Execute

Centre for Development of Advanced 38

Computing, Hyderabad
TCP Hand Shake

Centre for Development of Advanced 39

Computing, Hyderabad
TCP Handshake Detailed

Centre for Development of Advanced 40

Computing, Hyderabad
TCP Connection Termination

Centre for Development of Advanced 41

Computing, Hyderabad
Sliding Window Protocol

Centre for Development of Advanced 42

Computing, Hyderabad
TCP Lost Segments

Centre for Development of Advanced 43

Computing, Hyderabad
User Datagram Protocol
(UDP)
Centre for Development of Advanced 45
Computing, Hyderabad
 UDP
 A very basic service that simply passes individual messages to the IP
for transmission.
 It has very little overhead(no set or tear down) and is suitable for:
 Broadcast and multicast messages
 Query and Response
 Monitoring
 Debugging
 Management
 Testing
 It is mostly used with applications that make use of broadcast or
multicasts.
 UDP does offer high performance because:
 It has very little overhead
 it inherits the reliability of its underlying transmission medium.
 IT deals with only one datagram at a time (datagram-centric).

Centre for Development of Advanced 46

Computing, Hyderabad
 UDP

 UDP is a connectionless, unreliable Transport level

service protocol. It is primarily used for protocols that
require a broadcast capability, i.e RIP.
 It provides no packet sequencing, may lose packets,
and does not check for duplicates.
 It is used by applications that do not need a reliable
transport service.
 Application data is encapsulated in a UDP header
which in turn is encapsulated in an IP header.
 UDP distinguishes different applications by port number
which allows multiple applications running on a given
computer to send /receive datagrams independently of
one another.

Centre for Development of Advanced 47

Computing, Hyderabad
 UDP Header

Centre for Development of Advanced 48

Computing, Hyderabad
 UDP Header Fields

 UDP Source/Destination Port.

1. The port numbers identify the receiving and sending process. It
demultiplexes the UDP datagram to a particular process running on the
computer.
2. The port number and the IP address allow any application in any
computer on internet to be uniquely identified.
3. UDP Message Length. This field indicates the size of the UDP header and the
following data in bytes. The minimum size must be 8 (size of header).
 UDP Checksum.
 The UDP Checksum covers the UDP header and the UDP data.
 It is optional and need not be utilized, however, it is usually
employed because the IP header does not include a checksum
on the data portion of the IP datagram.

Centre for Development of Advanced 49

Computing, Hyderabad
 Well-Known UDP Ports

Echo 7 Echo user datagram back to user

Discard 9 Discard user datagrams
Daytime 13 Report time in a user friendly fashion
Quote 17 Return "Quote of the day"
Chargen 19 Character generator
Nameserver 53 Domain Name Server
Sql-Net 66 Oracle Sequel Network
BOOTPS 67 Server port to download configuration information
BOOTPC 68 Client port to receive configuration information
TFTP 69 Trivial File Transport Protocol
POP3 110 Post Office Protocol - V3
SunRPC 111 Sun Remote Procedure Call
NTP 123 Network Time Protocol
SNMP 161 Used to receive network management queries
SNMP-trap 162 Used to receive network problem reports.
IRC 194 Internet Relay Chat
IPX 213 IPX - IP Tunneling
SysLog 514 System Log
RIP 520 Routing Information Protocol
NFS 2049 Network File Service

Centre for Development of Advanced 50

Computing, Hyderabad
Hyper Text Transfer
Protocol (HTTP)
Sample HTTP Request

Centre for Development of Advanced 52

Computing, Hyderabad
Sample HTTP Response

Centre for Development of Advanced 53

Computing, Hyderabad
Centre for Development of Advanced 54
Computing, Hyderabad