ADVANCED COMPUTER INVESTIGATION TOPIC

ADVANCED COMPUTER INVESTIGATION TOPIC (CEOO298-M)

SUBMITTED BY

GOGUMALLA PRASHANTH MOHAN

REGISTRATION NO

GV006352

AWARD

M.SC COMPUTER SCIENCE

SUBMITTED TO

STELLA MILLS

1|Page

ADVANCED COMPUTER INVESTIGATION TOPIC S.NO INDEX PG NO

1. ABSTRACT...........................................................................................................3

2. INTRODUCTION TO INTERNET.......................................................................3 2.1.WHO RUNS INTERNET....................................................................................4 2.2.HOW TO ACCESS INTERNET.........................................................................5

3. INTRODUCTION TO COMPUTER NETWORKS .............................................7

4. TYPES OF INTERNET CONNECTIONS.............................................................8 4.1.CLIENT-SERVER MODEL.................................................................................8 4.2.TYPES OF SERVER PROCESSES......................................................................9 4.3.BENEFITS.............................................................................................................9 4.4.PITFALLS..............................................................................................................9

5. CONNECTION-ORIENTED, CONNECTION-LESS MODE PROTOCOLS.......9 5.1.CONNECTION-ORIENTED OPERATIONS.......................................................10 5.2.CONNECTION-LESS OPERATIONS..................................................................10

6. TYPES OF PROTOCOLS........................................................................................11

7. OSI-REFERENCE MODEL....................................................................................12 7.1.ADVANTAGES.....................................................................................................13 7.2.DISADVANTAGES...............................................................................................13 7.3.COMPARISON OF OSI AND TCP/IP MODELS.................................................13

8. TCP/IP MODEL.........................................................................................................13 8.1.TRANSMISSION CONTROL PROTOCOL(TCP)................................................14 8.2.MAJO CHARACTERISTICS OF TCP...................................................................15

9. INTERNET PROTOCOL(IP)....................................................................................16
2|Page

ADVANCED COMPUTER INVESTIGATION TOPIC 9.1.LAYERING IN THE INTERNET PROTOCOL SUITE........................................18

10. USER DATAGRAM PROTOCOL(UDP)...........................................................18 10.1. 4-LAYER MODEL SHOWING UDP, TCP & IP...............................................19 10.2. FORMAT OF UDP DATAGRAM 20

11. TRANSMISSION CONTROL PROTOCOL AND USER DATAGRAM PROTOCOL 11.1. RELATIONSHIP OF TRANSPORT LAYER TO OTHER LAYERS....................23 11.2. COMPARISON OF PROTOCOL FEATURES FOR UDP AND TCP....................23

12. USING MULTIPLEXING TO SUPPORT SOCKETS24 12.1. PASSIVE AND ACTIVE

OPEN..24 12.2. SEGMENTS 25 12.3. TCP SEGMENT (PDU) .25

13. CONCLUSION.......................................................................................................25

14. REFERENCE LIST.27

3|Page

ADVANCED COMPUTER INVESTIGATION TOPIC

A BRIEF INSIGHT OF INTERNET, CRITIQUE ON NETWORKING MODELS & PROTOCOLS

1. ABSTRACT:

This paper gives a comprehensive review and evaluates the quality of services required for networking. This paper briefly explains the growth and need of INTERNET and NETWORKING. Research is mainly done on the working concepts, design structures, architectures, data communication of both the networking models i.e. OSI model and TCP/IP model. It brings out the pros and cons of both connection-oriented services and connection-less services. Finally, this paper shows the deployment and working procedure of the protocols in data transfer for a network.

2. INTRODUCTION TO INTERNET:

4|Page

ADVANCED COMPUTER INVESTIGATION TOPIC The internet is a vast international network of networks that allows different computers to communicate and share information, services mutually as if they belong to one global computing system. The Internet is also known as the NET, largest computer network: The global communication system that connects millions of computers through the TCP/IP protocol. The Internet could represent the interconnectivity of hundreds of thousands of computers around the world.

The seed of internet emerged out in 1957 from the U.S defense department as the fault tolerant wide area computer networking paradigm, one that would survive a nuclear the most potent and definitely the most uncontrollable force in the world (Comer, 2006).

Four American universities joined together to form the first distributed packingswitching network by December 1969.during 1970s and the early years of 1980s, the Internet Protocol (IP), a procedure that determines the packets address and appropriate rooting of data over the network. ARPANET continued to grow and, By August 1983 there were 562 networking host computers. Other independent networks were also being created at the same time. USENET (UNIX Users Group Network) started in 1979, and CSNET (Computer and Science Network) and BITNET (Because Its Time) in 1981. Networks also began to spring up in Europe, Including EARN (European Academic research network) and JANET (Joint Academic Network).

The Internet is a three level hierarchy composed of backbone networks (For example APRANET, NSANET, MILNET), mid level networks and sub networks. The sub net includes among others, commercial (.COM, or .CO) university (.AC or .EDU), research networks (.ORG, .NET) and military networks (.MIL).

2.1.WHO RUNS INTERNET:

5|Page

ADVANCED COMPUTER INVESTIGATION TOPIC No one runs it or owns it. Internet can be imagined as working like mail. Internet works by many entities such as universities, government agencies, Business and individuals, each maintaining their own computer networks. These separate entities have agreements that allow each other to send and receive information over each other networks to make this all work under a body, called the internet society that sets international standards for the internet. However, a voluntary members organization called Internet Society (ISOC) is then set up by vendors, users and network provides to promote global information exchanging through Intranet technology. It invites volunteers to the Internet Architecture Board, or the IAB to take up the technical management and setting direction of the Internet (American University, 2002).

2.2.HOW TO ACCESS THE INTERNET:

To access the Internet, one needs a computer, a modem, an Internet Service Provider (ISP) and communication software. Having a high powered computer is not necessary. However some of the newest software may have certain minimum requirements. A modem of at least 14,000 bits per second (14.4) is best for accessing the Internet, and it is a minimum requirement for accessing the web. This is because the web is a graphical environment. To view, graphics requires more data to be transferred over ones modem, making the speed of the modem a crucial element.

3. INTRODUCTION TO COMPUTER NETWORKS: Growth in the field of science and technology led to a high level change in the 21 st century with the need of information rising beyond expectations. Communication plays a vital role and is increasing in importance with a steady pace with the human needs. Data collection, data retrieval and data storing is very important. Computers a revolutionary device is mainly used in this context. Communication between the computers is mainly done in three ways such as LAN- Local Area Network
6|Page

ADVANCED COMPUTER INVESTIGATION TOPIC WAN- Wide Area Network MAN- Metropolitan Area Network In our day to day life, computer networking has pervaded from electronic mail services, to automated teller machines, to e-reservation, to e-business, to e-commerce and have revolutionised the use of computers. Major factors for the drastic growth in the field of computer networking are: Demand for networks has been fuelled by the proliferation of workstations and computers during the early 80s. Computer networks used to be expensive and were restricted to large universities, government research sites and large co-operations. Establishing computer network have been reduced vastly in terms of cost due to technology and are mostly found in organisations of different magnitude. Many computer manufacturers now package networking software as part of the basic operating system (Tanenbaum, 2002). These days networking software is packaged along with the basic operating systems by all the computer manufacturers. In the era of information, computer networks are becoming an entire part in the broadcasting and communication.

Earlier computer systems were separate entities with the required hardware peripherals and software for doing a task. If a task is to be carried out such as line printing, a line printer is required to connect the computer. This brought a change in the realisation that systems and its users need information and resource sharing. This is achieved using electronic mail, file transfer etc. exchanging magnetic tapes, decks of punched cards, and line printer listings were used in file and information sharing. Today computer systems can be linked using various electronic techniques called networks. A network is a simple connection between personal computers connected together using a 1200 baud modem, or as complex as the TCP/IP Internet. Some of the network applications are
7|Page

ADVANCED COMPUTER INVESTIGATION TOPIC Exchange files between systems. For many applications it is just as to distribute the application electronically, instead of mailing diskettes or magnetic tapes. File transfer across the network also provides faster delivery. Share peripheral devices. Example, range from the sharing of line printers to the sharing of magnetic tape drives. A large push towards the sharing of peripheral devices has come from the personal computer and workstation marker, since often the cost of a peripheral can exceed the cost of the computer. In an organisation with many personal computers or workstations, sharing peripherals makes sense. Execute a program on another computer. These are cases where some other computer is better suited to run a particular program. For example, time-sharing or a workstation with good program development tools might be the best system on which to edit and debug a program. Another system, however, might be better equipped to run the program. This is often with programs that require special features, such as parallel processing or vast amounts of storage. Remove login. If two systems are connected using a network, the users should be able to login from one another. It is usually easier to connect computers using a network, and provides a remote login application, than to connect every terminal in an organisation to every computer. Electronic-commerce. The new developments in the field of computer networks enable us to perform commercial transactions (like bank transactions) electronically. Multimedia and networking have made home-shopping possible. An

atmosphere similar to the one in the mall is simulated, a connection to the mall is established and the customer can shop as though he/she is in the mall even though at home (Tanenbaum, 2002).

4. TYPES OF INTERNET CONNECTIONS:

8|Page

ADVANCED COMPUTER INVESTIGATION TOPIC Depending on how to link to the Internet, there are a number of choices for the physical connection to the Internet. These physical connections vary in capacity from the low 28.8 KBPS modem to the 45 MBPS T3 line. To run a web site on your computer you need, bandwidths between 56 KBPS and 1.544 MBPS (T1 LINE). Listed here are some physical connection options: Dial-up modem ISDN B-ISDN DSL Cable internet connections Wireless internet connections T-1 lines T-3 lines Satellite (Webopedia.com, 2009).

5. CLIENT-SERVER MODEL:

Client-server model is a basic and standard model used for network applications. A client is a process that requests information and the server is a process waiting to get connected and communicate with it. The client server scenario is as follows, A host system initiates the server process that initiates itself, waits for a request from the client process and goes to sleep until pinged.

The client process is user initiated on a different host system by a command to the time-sharing system with a network connection between them. A server provides various kinds of services to the client such as

9|Page

ADVANCED COMPUTER INVESTIGATION TOPIC 11 11 11 11 11 Returning the time and day File printing on the printer File read/write on the servers system Login access to the servers system Execute a command for the client on the servers system.

The server system immediately goes to sleep, waits for a request from a client after providing the desired service to the client system.

5.1. TYPES OF SERVER PROCESSES: Iterative servers- servers that handle a clients request itself when the request can be handled in a short period of time. Concurrent servers- servers that typically handle the clients request in a concurrent approach when the time to service entirely depends on the request itself. A concurrent server appeals and allows other processes to handle the clients request in order to get back to sleep, waiting for the next request. Client requests that deal mostly with file information such as printing, read/write are concurrently handled by the server because the amount of the time taken to service is proportionate to the file size and type.

5.2. BENEFITS OF CLIENT/SERVER:

In a client-server model, it is an added advantage if the client and server run on different computers. It is always preferred to use computers with high performance processors, high memory and disk space to run the server. This helps the server to store huge amounts of data and
10 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC handle different client requests simultaneously. In contrary, it is always preferred to use a computer with low processor speed, a graphic card, minimal memory and disk space for running the client application.

The client-server model adapts and reacts aptly for all changes in the hardware and software. Such as, if a computer delivering high performance and service at almost half the price then the system disconnects the old server and automatically connects with the new server. Every functional component in the system is specialized to carry out a specific task in different style.

5.3. PITFALLS OF CLIENT/SERVER:

Reliability of a client/server system, management of hardware and software components is comparatively low than compared with a centrally managed homogeneous system. Cost saving rely on choosing the appropriate application for running the model.

11 CONNECTION-ORIENTED AND CONNECTIONLESS-MODE PROTOCOLS:

Internet uses two types of communication protocols namely connection-oriented operations and connection-less operations. Their key characteristics and features are as follows

6.1. CONNECTION-ORIENTED OPERATIONS:

11 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC In creating an end-to-end connection, devices perform handshaking process. It does not work in uni-directional environment and works only in bi-directional environments. This process can be as easy as synchronization in TCP or can be as intricate as communicating parameters with a modem. Both devices must be able to convey a connection. This operates mainly in three phases i.e. connection setup, data transfer and connection release. While the first phase deals with establishing a connection and conveys the parameters defining the connection. In the second phase, messages exchanges under advocacy of the connection. In the last phase, it terminates the connection as it is no longer needed. 6.2. CONNECTIONLESS-MODE OPERATIONS:

In creating an end-to-end data transmission between the host and the network, logical connection is not established. This type of operations user uses PDUs for transmitting data as separate entities. There is no association between consecutive data transfers, and some records are stored on the progress of user-to-user connections process over the network. In the operation of data transfer, options are not negotiated and the created tables are managed. The QOS features must be predetermined, and the interacted entities should have a brief agreement before. For each PDU transmitted QOS is provided, and every single PDU comprises of fields that recognize types and levels of service.

Each PDU is handled as a different entity, so a connectionless network is more strong than connection-oriented. To avoid congestion at a point in the network, data units follow different circuitous path.

11 TYPES OF PROTOCOLS:

12 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC Listed below are some of the protocols used in networking and in the OSI as well as the TCP/IP models. They are,

HTTP- Hyper Text Transfer Protocol POP3- Post Office Protocol SMTP- Simple Mail Transfer Protocol FTP- File Transfer protocol IP- Internet Protocol DHCP- Dynamic Host Configuration Protocol IMAP- Internet Message Access Protocol ARCNET TELNET FDDI UDP X.25 TFTP SNMP PPTP and so on (Networktutorials.info, 2007).

11 OSI-REFERENCE MODEL:

13 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

Fig: architecture of OSI model http://www.doc.ic.ac.uk/~nd/surprise_97/journal/vol4/mhl/archi.html

The OSI reference model is the basic conceptual model used for stacking the protocols (networking). It is termed as open system interconnection model also reffered as 7-layer OSI model. This model provides a level of abstraction. It is a seven layered model with different protocols stacked in each layer. The above figure shows the layering of protocols and its working. The specifications of each layer is discussed below, Application layer: it is the top most layer of the model that defines the applications procedure of interaction with the network, electronic mail, database and terminal emulation program. A set of interfaces are provided for application to gain access to all networks available. Ex: HTTP- Hyper Text Transfer Protocol.

Presentation layer: this layer is used only for transmission, data manipulation, data encapsulation, data encryption. The data formation, presentation, encoding is defined by this layer.

14 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC Session layer: this layer is used for creating a session, data transmission and later ends the session when the work is finished. As long the data is to be passed from presentation layer, it will be active, communicating with the upper layer and performs a steady session.

Transport layer: this layer defines the protocols for building messages and checking the transmission validity with the help of checksums. It helps the data stream to resize itself in order to pass through the packet.

Network layer: this layer defines the protocols for data routing and to check whether the data has arrived at the desired destination or not.

Data link layer: this layer is used for synchronizing and controlling the data flow. Data is packaged into special streams from bits to cells with special variations on checksums.

Physical layer: this layer is used to communicate the transmission medium and hardware interface (Sheppard, 2005).

8.1. ADVANTAGES:

It is a model legally recognized and standardized by the ISO. It works both in connectionless and connection-oriented services. All the protocols are well safe and are hidden and is flexible to change when the technology changes. 8.2. DISADVANTAGES:
15 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

More complex and is high in cost. Not widely used for networking like that of TCP/IP model.

Basing on all the factors, a new model for networking is developed that overcomes all the drawbacks of the OSI model with more effectiveness, robust, better performance and low in cost. This model is termed as TCP/IP model.

8.3. COMPARISON OF OSI MODEL AND TCP/IP MODEL:

11

TCP/IP MODEL:

16 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC Transmission Control Protocol/Internet Protocol is a standard network communication protocol used to connect computer systems across the Internet. This model is an enhanced version with almost all the features and working principles of the OSI model. Only difference is that TCP/IP has only 4 layers (Comer, 2006). Application (HTTP, ftp, telnet,.) Transport (TCP/IP, UDP) Network (IP) Link (Device driver)

9.1. TRANSMISSION CONTROL PROTOCOL (TCP): TCP is a connection-oriented transport layer protocol that offers a full-duplex, reliable, data service. It is often called as TCP/IP protocol as it uses internet protocol.

OOSI OSI USER LAYE PROCE USER PROCE

OSI LAYERS 5-7

17 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

OSI LAYER TCP TCP 4

ICMP

IP

ARP

RARP

Hardware Interface

18 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC 9.2. MAJOR CHARACTERISTICS OF TCP:

The following services are provided by TCP to the upper layers. Connection-oriented data management Reliable data transfer Stream-oriented data transfer Push functions Re-Sequencing Flow control(sliding window) Multiplexing Full-duplex transmission Precedence and Security Graceful close

TCP is a connection-oriented protocol. TCP maintains status and state information about each user data stream flowing into and out of the TCP module. It is also responsible for end-to-end transfer of data across one network or multiple networks to a receiving user application. TCP ensures that data are transmitted and received between the two hosts by using the sequence numbers and positive acknowledgments. A sequence number is assigned to each byte transmitted. The receiving TCP module uses a checksum routine to check the data for damage that might have occurred during transmission. If the data are acceptable, TCP returns a positive acknowledgement (ACK) to the sending TCP module. If the data are damaged the receiving TCP discards the data and uses a sequence number to inform the sending TCP about the problem. TCP timers ensure that the lapse of time is not excessive before remedial measures are taken. The upper layer protocol transmits data to TCP in a stream oriented fashion i.e. It sends individual characters, not blocks, frames, or datagrams. The bytes are sent from the ULP on a stream basis, byte-by-byte. When they arrive at the TCP layer, the bytes are grouped into TCP segments. TCP allows the use of variable length segments because of its stream-oriented nature. To preserve fixed block nature, action must be taken at the applicant level to delineate the blocks within the TCP streams.
19 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

TCP also checks for the duplicate data.

In addition to using the sequence numbers for

acknowledgement, TCP uses them to re-sequence the segments if they arrive at the final destination out of order. TCP uses an inclusive acknowledgement scheme that acknowledges all bytes up to and including acknowledgement number minus one. Flow control of senders data is also possible which is useful in preventing buffer overrun and possible saturation of the receiving machine. TCP also has a facility for multiplexing multiple user sessions with in a single host computer on to the ULPs. This is accomplished using simple naming conventions for ports and sockets in the TCP and IP modules. Full-duplex transmission between two TCP entities is provided. TCP also provides the user with the capability to specify levels of safety and priority level for the link. TCP also provides a graceful close to the connection between the two users.

Upper-layer user of a TCP in a host machine is recognized with a port number that should be unique throughout the internet. A socket is created by linking the port value with the IP address. A pair of sockets uniquely identifies each end-point connection. Such as:

Sending socket = source IP address + source PORT number Receiving socket = destination IP address + destination PORT number

111

INTERNET PROTOCOL (IP):

IP is an internetworking protocol developed by the department of defense. IP is a data oriented connectionless service protocol that enables flow of traffic among two host systems. Internet protocol router can enforce a maximum queue length size and the buffer Because the IP is connectionless, loss of datagrams is possible between the two end users systems.

20 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC overflows if the queue length is disturbed. The remaining datagrams are later removed from the network. Thus the higher layer protocol is neccesary to recover these drawbacks. The sub-network is hidden from the end-user thus allowing it to create a virtual network used for connecting an IP gateway to different networks. Due to robust and connectionless service, it is easy to install. Most of the drawbacks are dealt by TCP, the next higher layer.

Some of the drawbacks of IP are as follows As IP is unreliable, it provides no flow-control and reliability mechanisms. Datagrams are volatile and can be lost, duplicated and may get altered in their arrival.

IP supports fragmentation operations. The term fragmentation refers to an operation wherein a PDU is divided or segmented into smaller units. This feature can be quite useful because all networks do not use the same size PDU. Without use of gragmentation, a router would be tasked with trying to resolve incompatible PDU sizes between networks. IP solves the problem by establishing the rules for fragmentation at the router and reassembly at the receiving host.

HOST A

HOST B

UPPERLAYER PROTOCOLS (ULP) ! ! IP OR CLNP !

Network IP or CLP

UPPERLAYER PROTOCOLS (ULP) ! ROUTING TABLE SNP-1 SNP-2

Network

! IP OR CLNP !
21 | P a g e Network

SNP-n

1 SNP-1

SNP-2 3

ADVANCED COMPUTER INVESTIGATION TOPIC

IP/CLNP MODEL:

10.1. LAYERING IN THE INTERNET PROTOCOL SUITE: A port number is assigned for TCP protocol to identify itself. It is used to recognize which application process is yet to obtain the incoming traffic amid host computers. Each application layer provides a multiplexing capability by enabling multiple programs to correspond with one application program concurrently.

The port numbers identify these application entities. The concept is related to OSI models service access point (SAP). In addition to the use of ports, TCP/IP based protocols use an abstract identifier called a socket. The socket was derived from the network input output operations of the 4.3 BSD UNIX system. It is quite similar to UNIX file access procedures in that it identifies an endpoint communication process.

22 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC In the Internet,some port numbers are preassigned. These are called as well known ports that are used to identify widely used applications called well-known services. The well-known port numbers occupy values ranging from 0 to 255. Organisations should not use the numbers within these ranges because they are reserved.

111

USER DATAGRAM PROTOCOL (UDP):

UDP is used as an easy application interface to the Internet Protocol. Due to no reliability, flow-control or error-recovery measures, it serves mainly as a port multiplexer/demultiplexer for receiving and sending of application traffic and IP. The UDP is classified as a connectionless protocol, although the operating system must maintain information about each active UDP socket. A better description of UDP is that it is connectionoriented, but does not employ the extensive state management operations normally used in connection-oriented protocols. It is sometimes used as an alternative to TCP when all the features of TCP are not required. Some of them that use UDP are:

trivial file transfer protocol (TFTP) simple network management protocol (SNMP)

Remote procedure calls (RPC).

23 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

User User

PROCESS LAYER

Process

Process

TCP

TCP

TRANSPORT LAYER

IP

NETWORK LAYER

DATA-LINK LAYERHardware Interfac e

11.1. 4-LAYER MODEL SHOWING UDP, TCP & IP: UDP serves as a simple application interface to the IP. The figure illustrates how UDP accepts datagram from IP.

24 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

UDP LAYER

IP LAYER

FIG-UDP MULTIPLEXING

11.2. FORMAT OF UDP DATAGRAM:

32 BIT
SOURCE PORT DESTINATION PORT

LENGTH

CHECKSUM

25 | P a g e

DATA

ADVANCED COMPUTER INVESTIGATION TOPIC

The figure illustrates the format containing the following fields:

1. Source Port: This value identifies the port of the sending application process. This field

is optional, and, if not used, a value of 0 is inserted. 2.Destination Port: This value identifies the receiving process on the destination host machine. 3.Length: This value indicates the length of the user datagram, including the header and data. This value implies that the minimum length is 8 octets. 4.Checksum: This optional value is the 16-bit ones complement of the ones complement sum of the pseudo-IP header, the UDP header, and the data. It also performs a checksum on any padding (if the message needed to contain a multiple of two octets). The pseudo-header (also used in TCP) ensures that the UDP data unit has arrived at the proper destination address. Therefore, the pseudo header includes the IP address and is included as part of the checksum calculation. The final destination performs a complementary checksum on the pseudo-header (and, of course, the remainder of the UDP data unit) to verify that the traffic is not altered and it reached the correct destination address. UDP is minimal level of service used in many transaction-based application systems that is quite useful if the full services of TCP are not needed. TCP provides a simple set of services for the UDPs of an Internet. TCP has relatively few features, but the features are designed to provide end-to-end reliability, graceful closes, unambiguous connections, handshakes, and several quality-of-service operations, the Internet transport layer also provides a connectionless operation called, the UDP. UDP is minimal level of service, principally offering source and destination ports for multiplexing. With UDP, the user application is typically tasked with performing some end-to-end reliability operations that would normally be done by TCP.

26 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC 111 TRANSMISSION CONTROL PROTOCOL AND USER DATAGRAM

PROTOCOL: The IP is not designed to recover from certain problems, nor does it gaurantee traffic delivery. IP discards datagrams that have exceeded the number of permissible transit hops. Certain user applications reuire assurance that all datagrams have been delivered safely to the destination. The transmitting user might need to know lthat the traffic has been delivered at the receiving host. The mechanism to achieve these important services resides in TCP; UDP, however, does not provide delivery assurance services (Stevens, 2002).

Upper Layers

END-END COMMUNICATIONS

Upper Layers

TCP HOST GATEWAY IP A HOST GATEWAY B

TCP

IP

Data Link

IP

IP

Data Link

Physical

Data Link

Data Link

Physical

Physical

Physical

27 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

Subnet 1

Subnet 2

Subnet 3

12.1. RELATIONSHIP OF TRANSPORT LAYER TO OTHER LAYERS: TCP must establish and manage sessions between its local lusers and these users remote communicating partners. Thus TCP must constantly be aware of the users on-going activities to support the users data transfer through the Internet. The transport layer of the conventional seven-layered model holds the TCP. It is located below the upper layers and over the IP. It is not loaded into the router to support user data transfer. It resides in the machine or host system with end-to-end user data transfer and supports other protocols.

12.2. COMPARISON OF PROTOCOL FEATURES FOR UDP AND TCP:

IP ConnectionOriented No

UDP No

TCP Yes

28 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC Message boundaries? Data checksum? No Positive ack. No Timeout remit? Duplicate detection? Sequencing? No Flow control? No No No & No No No No Yes Yes No Yes No Yes Yes Yes Opt Yes No

111

USING MULTIPLEXING TO SUPPORT SOCKETS:

Because the port numbers can be used by more than one end-point connection, users can simultaneously share a port resource.

13.1. PASSIVE AND ACTIVE OPEN:

The passive-open mode allows the ULP to tell the TCP and the host operating system to wait for the arrival of connection request from the remote system rather than issue an activeopen. Upon receiving this request, the host operating system assigns an identifier to this end. This feature could be used to accommodate communications from remote users without

29 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC encountering the delay of active-open. The applications process requesting the passive-open can accept a connection request from any user.

The second form of connection establishment, the active-open, is used when the ULP designates a specific socket through which a connection is to be established. Typically, the active-open is issued to a passive-open port to establish a connection. Two active-opens can be issued at the same time. The applications can therefore issue an open at any time without concern that another application has also issued an open.

Transmission control block (TCB) is used to store the information in TCP. The following are the entries stored in TCB:

Local and remote socket numbers. Pointers to the send and receive buffers. Pointers to the retransmit queue. Security and precedence values for the connection. Current segment.

13.2. SEGMENTS:

The PDUs exchanged between two TCP modules are called segments. The segment comprises of a header and the data. The first two fields hold the source port and the destination
30 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC port numbers. The sequence number is used during connection management operations. The acknowledgement number is set to a value that acknowledges earlier received data.

13.3. TCP Segment (PDU):

TCP stream data is acknowledged by the receiver on a byte basis, not on a PDU. The acknowledgement number, returned by the receiver, refers to the highest byte received in the data stream. The sending TCP software keeps a copy of data until it has been acknowledged. Once acknowledged, it turns off a retransmission timer and deletes the segment copy from a retransmission queue. If necessary, TCP retransmits lost of error data. This technique is called inclusive acknowledgement. It works well on systems that deliver data in sequential order, but the underlying IP might data out of order or discard data. In such an event, TCP has no way to notify the sender that it has received certain segments of a transmission. It can only relay the value of the contiguous, accumulated bytes. Consequently the sending TCP software can timeout and re-send the data segments that have already been successfully received. Finally, TCP can provide considerable information to the network manager (For example, if TCP is sending excessive retransmissions, it might provide a clue to problems in the network, such as dead routers or timers that are not functioning properly). The positive acknowledgements also could be used to determine how well the components in an Internet are functioning.

111

CONCLUSION:

Growth in the field of information and technology and globalisation of the world made the need for networking and mobility of data communication which led to the development of protocols and networking models. A brief critique is done on the models which are extensively used for networking, have their own limitation. On an all this paper will fetch a lot for a learner and can give a brief overview of the internet, networking models, protocols.
31 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

32 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

111

REFERENCE LIST:

1. Andrew S. Tanenbaum, 2002. Computer Networks. Prentice Hall PTR. http://books.google.co.uk/books?id=Pd-z64SJRBAC&printsec=frontcover#PPA44,M1 [Internet] [Accessed on May 5, 2009]

2. Douglas E.Comer, 2006. Internetworking with TCP/IP: Principles, protocols, and architecture. Prentice Hall. http://books.google.co.uk/books? hl=en&lr=&id=jonyuTASbWAC&oi=fnd&pg=PR23&dq=major+problems+of+tcp/ip+&ots=i3 WfT6-R_o&sig=1RawYAVxx9tHObfOhB6QyZzVnuc#PPA6,M1 [Internet] [Accessed on May 5, 2009]
33 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

3. Behrouz A. Ferouzan, Sophia Chung Fegan, 2002. TCP/IP protocol suite. McGrawHill Professional. http://books.google.co.uk/books?id=HsCjH_V04tUC [Internet] [Accessed on May 5, 2009]

4. Daryl Sheppard, 2005. Troubleshooting complex network problems with the OSI model. http://www.toastermechanic.com/NetTroubleShoot.pdf [Internet] [Accessed on May 5, 2009]

5. Richard W. Stevens, 2002. TCP/IP illustrated, volume 1, the protocols. http://www.inf.ufes.br/~zegonc/material/Arquitetura%20TCP-IP/tcpipStevens.pdf [Internet] [Accessed on May 5, 2009]

6. Craig Partridge, Timothy J. Shepard, 1997. TCP/IP performance over satellite links. BBN technologies. http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=620521&isnumber=13498 [Internet] [Accessed on May 5, 2009]

34 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC 7. Antony Paga Gumi, 2007. OSI VS TCP. http://kerjaannyagumi.blogspot.com/search?q=osi+vs+tcp [Internet] [Accessed on May 5, 2009]

8. Webopedia, N.D. http://www.webopedia.com/quick_ref/internet_connection_types.asp [Internet] [Accessed on May 5, 2009]

9. Networktutorials.info, 2007. Introduction to computer network protocols. http://www.networktutorials.info/protocols_stacks.html [Internet] [Accessed on May 5, 2009]

10. American University in Cairo, 2002. University Networks Services, Internet Introduction. http://unsweb.aucegypt.edu/UNSWEB2/NetIntro.htm [Internet] [Accessed on May 5, 2009]

35 | P a g e

ADVANCED COMPUTER INVESTIGATION TOPIC

36 | P a g e