Internet Protocol Analysis/Transport Layer
Appearance
This lesson introduces the Transport layer and looks at User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Activities include using netstat to display protocol statistics and using Wireshark to examine UDP and TCP network traffic.
Readings
[edit | edit source]- Wikipedia: Transport layer
- Wikipedia: User Datagram Protocol
- Wikipedia: Transmission Control Protocol
Multimedia
[edit | edit source]- YouTube: 03 01 Introduction to TCP & UDP Protocols
- YouTube: Basics of ipconfig, ping, tracert, nslookup and netstat
- YouTube: The Netstat Command - CompTIA Network+ N10-005: 4.3
Activities
[edit | edit source]- Use netstat to display protocol statistics.
- Use netstat to display all active connections and listening ports.
- Use Wireshark to capture and analyze User Datagram Protocol (UDP) traffic.
- Use Wireshark to capture and analyze Transmission Control Protocol (TCP) traffic.
- Consider situations in which a packet analyzer might be used to troubleshoot transport layer traffic.
Lesson Summary
[edit | edit source]- The transport layer provides end-to-end communication services for applications.[1]
- The transport layer provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.[2]
- The Transmission Control Protocol (TCP) is used for connection-oriented transmissions. The User Datagram Protocol (UDP) is used for connection-less messaging transmissions.[3]
- Many of the services attributed to the transport layer are specific to TCP and do not apply to UDP. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.[4]
- Transport layer protocols include source and destination port numbers to identify process-to-process communication.[5] Sessions are identified using the client's IP address and port number.[6]
- TCP packets are referred to as segments. UDP packets are referred to as datagrams.[7]
- UDP has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program.[8]
- UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.[9]
- UDP is simple and stateless, with minimal delay, and works well in unidirectional (broadcast / multicast) communication.[10]
- The UDP header includes fields for: source port, destination port, length, and checksum.[11]
- TCP is reliable, ordered, heavyweight, and streaming.[12]
- UDP is unreliable, un-ordered, lightweight, and without streaming or connection control.[13]
- UDP provides a datagram service that emphasizes reduced latency over TCP stream reliability.[14] TCP is optimized for accurate delivery rather than timely delivery.[15]
- TCP is a reliable stream delivery service that guarantees that all bytes received will be identical with bytes sent and in the correct order.[16]
- The TCP header includes fields for: source port, destination port, sequence number, acknowledgement number, data offset, flags, window size, checksum, and an urgent pointer.[17]
- TCP protocol operations are divided into three phases: connection establishment, data transfer, and connection termination.[18]
- TCP connection establishment is performed through a three-way handshake exchanging sequence numbers and acknowledgements (SYN, SYN-ACK, ACK).[19]
- TCP connection termination is performed through a four-way handshake of exchanging finish flags and acknowledgements (FIN, ACK, FIN, ACK).[20]
- TCP achieves reliable transmission by using a sequence number to account for each byte of data.[21]
- TCP performs error detection through sequence numbers, acknowledgements, and a checksum for each packet.[22]
- TCP uses a sliding window flow control process in which the receiver specifies the amount of additional data that it is willing to accept for the connection and the sending host can send only up to that amount of data before it must wait for an acknowledgment from the receiving host.[23]
- TCP achieves congestion control through slow-start, congestion avoidance, fast retransmit, fast recovery, and retransmission timeout.[24]
- TCP and UDP port numbers range from 0 to 65535.[25]
- The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers 0 through 1023 are used for common, well-known services. Port numbers 1024 through 49151 are registered ports used for IANA-registered services. Ports 49152 through 65535 are dynamic ports that can be used for any purpose.[26]
Key Terms
[edit | edit source]- ACK
- An acknowledgement signal passed between communicating processes or computers to signify acknowledgement, or receipt of response, as part of a communications protocol.[27]
- application programming interface (API)
- A protocol intended to be used as an interface by software components to communicate with each other.[28]
- Automatic Repeat reQuest (ARQ) (or Automatic Repeat Query)
- An error-control method for data transmission that uses acknowledgements (messages sent by the receiver indicating that it has correctly received a data frame or packet) and timeouts (specified periods of time allowed to elapse before an acknowledgment is to be received) to achieve reliable data transmission over an unreliable service.[29]
- buffer
- A region of a physical memory storage used to temporarily prevent data from continuing while it is being moved from one place to another.[30]
- buffer underrun
- A state occurring when a buffer used to communicate between two devices or processes is fed with data at a lower speed than the data is being read from it.[31]
- checksum
- A fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage.[32]
- connection-oriented communication
- A data communication mode whereby the devices at the end points use a protocol to establish an end-to-end logical or physical connection before any data may be sent.[33]
- connectionless
- A data communication mode in which a message can be sent from one end point to another without prior arrangement.[34]
- data stream
- A sequence of digitally encoded coherent signals (packets of data or data packets) used to transmit or receive information that is in the process of being transmitted.[35]
- datagram
- A basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order of arrival are not guaranteed by the network service.[36]
- deadlock
- A situation in which two or more competing actions are each waiting for the other to finish, and thus neither ever does.[37]
- ephemeral port
- A short-lived transport protocol port allocated automatically from a predefined range.[38]
- error detection
- Techniques that enable reliable delivery of digital data over unreliable communication channels.[39]
- flow control
- The process of managing the rate of data transmission between two nodes to prevent a fast sender from outrunning a slow receiver.[40]
- handshaking
- An automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins.[41]
- latency
- A measure of time delay experienced in a system.[42]
- maximum segment size (MSS)
- A parameter of the TCP protocol that specifies the largest amount of data that a computer or communications device can receive in a single TCP segment.[43]
- multiplexing
- A method by which multiple analog message signals or digital data streams are combined into one signal over a shared medium.[44]
- NAK
- A negative acknowledgement signal passed between communicating processes or computers to signify an error or lack of acceptance as part of a communications protocol.[45]
- network congestion
- A data communication situation in which a link or node is carrying so much data that its quality of service deteriorates.[46]
- registered port
- A transport protocol port assigned by the Internet Assigned Numbers Authority (IANA) for use with a certain protocol or application.[47]
- reliability
- A reliable protocol is one that provides reliability properties with respect to the delivery of data to the intended recipient(s), as opposed to an unreliable protocol, which does not provide notifications to the sender as to the delivery of transmitted data.[48]
- Slow-start
- One of the algorithms that TCP uses to control congestion inside the network, in which the TCP window size is increased each time an acknowledgment is received.[49]
- TCP window scale option
- An option to increase the TCP receive window size above its maximum value of 65,535 bytes.[50]
Review Questions
[edit | edit source]Click on a question to see the answer.
-
The transport layer provides _____.The transport layer provides end-to-end communication services for applications.
-
The transport layer provides services such as _____.The transport layer provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.
-
The Transmission Control Protocol (TCP) is used for _____ transmissions. The User Datagram Protocol (UDP) is used for _____ transmissions.The Transmission Control Protocol (TCP) is used for connection-oriented transmissions. The User Datagram Protocol (UDP) is used for connection-less messaging transmissions.
-
Many of the services attributed to the transport layer are specific to _____ and do not apply to _____. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.Many of the services attributed to the transport layer are specific to TCP and do not apply to UDP. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.
-
Transport layer protocols include source and destination _____ to identify process-to-process communication. Sessions are identified using _____.Transport layer protocols include source and destination port numbers to identify process-to-process communication. Sessions are identified using the client's IP address and port number.
-
TCP packets are referred to as _____. UDP packets are referred to as _____.TCP packets are referred to as segments. UDP packets are referred to as datagrams.
-
UDP has no _____, and thus exposes any unreliability of the underlying network protocol to the user's program.UDP has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program.
-
UDP provides _____ for data integrity, and _____ for addressing different functions at the source and destination of the datagram.UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.
-
UDP is _____, with _____ delay, and works well in unidirectional (broadcast / multicast) communication.UDP is simple and stateless, with minimal delay, and works well in unidirectional (broadcast / multicast) communication.
-
The UDP header includes fields for: _____.The UDP header includes fields for: source port, destination port, length, and checksum.
-
TCP is _____.TCP is reliable, ordered, heavyweight, and streaming.
-
UDP is _____.UDP is unreliable, un-ordered, lightweight, and without streaming or connection control.
-
UDP provides a datagram service that emphasizes _____ over TCP _____. TCP is optimized for _____ rather than _____.UDP provides a datagram service that emphasizes reduced latency over TCP stream reliability. TCP is optimized for accurate delivery rather than timely delivery.
-
TCP is a _____ delivery service that _____.TCP is a reliable stream delivery service that guarantees that all bytes received will be identical with bytes sent and in the correct order.
-
The TCP header includes fields for: _____.The TCP header includes fields for: source port, destination port, sequence number, acknowledgement number, data offset, flags, window size, checksum, and an urgent pointer.
-
TCP protocol operations are divided into three phases: _____.TCP protocol operations are divided into three phases: connection establishment, data transfer, and connection termination.
-
TCP connection establishment is performed through _____.TCP connection establishment is performed through a three-way handshake exchanging sequence numbers and acknowledgements (SYN, SYN-ACK, ACK).
-
TCP connection termination is performed through _____.TCP connection termination is performed through a four-way handshake of exchanging finish flags and acknowledgements (FIN, ACK, FIN, ACK).
-
TCP achieves reliable transmission by using _____.TCP achieves reliable transmission by using a sequence number to account for each byte of data.
-
TCP performs error detection through _____.TCP performs error detection through sequence numbers, acknowledgements, and a checksum for each packet.
-
TCP uses a sliding window flow control process in which _____.TCP uses a sliding window flow control process in which the receiver specifies the amount of additional data that it is willing to accept for the connection and the sending host can send only up to that amount of data before it must wait for an acknowledgment from the receiving host.
-
TCP achieves congestion control through _____.TCP achieves congestion control through slow-start, congestion avoidance, fast retransmit, fast recovery, and retransmission timeout.
-
TCP and UDP port numbers range from _____.TCP and UDP port numbers range from 0 to 65535.
-
The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers _____ are used for common, well-known services. Port numbers _____ are registered ports used for IANA-registered services. Ports _____ are dynamic ports that can be used for any purpose.The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers 0 through 1023 are used for common, well-known services. Port numbers 1024 through 49151 are registered ports used for IANA-registered services. Ports 49152 through 65535 are dynamic ports that can be used for any purpose.
Assessments
[edit | edit source]See Also
[edit | edit source]References
[edit | edit source]- ↑ Wikipedia: Transport layer
- ↑ Wikipedia: Transport layer
- ↑ Wikipedia: Transport layer
- ↑ Wikipedia: Transport layer#Services
- ↑ Wikipedia: Transport layer#Analysis
- ↑ Wikipedia: Transmission Control Protocol#Resource usage
- ↑ Wikipedia: Transport layer#Analysis
- ↑ Wikipedia: User Datagram Protocol
- ↑ Wikipedia: User Datagram Protocol
- ↑ Wikipedia: User Datagram Protocol
- ↑ Wikipedia: User Datagram Protocol#Packet structure
- ↑ Wikipedia: User Datagram Protocol#Comparison of UDP and TCP
- ↑ Wikipedia: User Datagram Protocol#Comparison of UDP and TCP
- ↑ Wikipedia: Transmission Control Protocol
- ↑ Wikipedia: Transmission Control Protocol#Network function
- ↑ Wikipedia: Transmission Control Protocol#Network function
- ↑ Wikipedia: Transmission Control Protocol#TCP segment structure
- ↑ Wikipedia: Transmission Control Protocol#Protocol operation
- ↑ Wikipedia: Transmission Control Protocol#Protocol operation
- ↑ Wikipedia: Transmission Control Protocol#Protocol operation
- ↑ Wikipedia: Transmission Control Protocol#Reliable transmission
- ↑ Wikipedia: Transmission Control Protocol#Error detection
- ↑ Wikipedia: Transmission Control Protocol#Flow control
- ↑ Wikipedia: Transmission Control Protocol#Congestion control
- ↑ Wikipedia: Port (computer networking)#Common port numbers
- ↑ Wikipedia: Port (computer networking)#Common port numbers
- ↑ Wikipedia: Acknowledgement (data networks)
- ↑ Wikipedia: Application programming interface
- ↑ Wikipedia: Automatic repeat request
- ↑ Wikipedia: Data buffer
- ↑ Wikipedia: Buffer underrun
- ↑ Wikipedia: Checksums
- ↑ Wikipedia: Connection-oriented communication
- ↑ Wikipedia: Connectionless protocol
- ↑ Wikipedia: Data stream
- ↑ Wikipedia: Datagram
- ↑ Wikipedia: Deadlock
- ↑ Wikipedia: Ephemeral port
- ↑ Wikipedia: Error detection and correction
- ↑ Wikipedia: Flow control (data)
- ↑ Wikipedia: Handshaking
- ↑ Wikipedia: Latency (engineering)
- ↑ Wikipedia: Maximum segment size
- ↑ Wikipedia: Multiplexing
- ↑ Wikipedia: Negative-acknowledge character
- ↑ Wikipedia: Network congestion
- ↑ Wikipedia: Registered port
- ↑ Wikipedia: Reliability (computer networking)
- ↑ Wikipedia: Slow-start
- ↑ Wikipedia: TCP window scale option