Sessions 31, 32

Telecommunication Networks

P C Gupta

P C Gupta 1
 Contents

Transport and TCP/UDP description -1, 2

TCP
• Transport layer of OSI
• TCP/UDP layer, addressing
• TCP format
• TCP operation
• SYN flooding attack

P C Gupta 2
 OSI Transport Layer
• Transport layer provides end-to-end transport service of
required quality in cost effective manner.
• It relieves the applications of concerns about network
technology being used.
• Transport service is can be
– connection-oriented.
– connectionless.

End System A End System B

Application Application
Presentation Presentation
Session Session
Transport Transport
Network Network Network Network
Data link Data link Data link Data link
Physical Physical Physical Physical

Gupta
P C Gupta 3
 TCP/UDP Layer
• TCP/UDP layer is equivalent of Transport layer of OSI. It
layer is present in the end systems only.
– TCP/UDP protocol interactions are between two end systems.
• It consists of two different protocols:
– Transmission control protocol (TCP) - connection oriented.
– User datagram protocol (UDP) – connectionless.

End system A End system B

Appn Appn

TCP/UDP TCP/UDP

IP IP IP IP
DLL DLL DLL DLL
Phy Phy Phy Phy

Gupta
P C Gupta 4
 TCP/UDP Layer - Addressing

• TCP/UDP data unit carries two addresses

– destination port address to which receiving application
process is attached.
– source port address to which source application process is
attached.
• [Port, IP address] tuple is called socket.
– A socket identifies the host (by its IP address) and the
process (by its port address).

Application
process

Port address TCP/UDP

IP address

P C Gupta 5
 TCP/UDP Layer - Addressing

• Server port numbers are well known so that any client

may be able to access a server process. E.g.
TCP DNS(53), SMTP(25), FTP(20,21), HTTP(80)
UDP DHCP(67), SNMP(161), TFTP(69)
• Client process chooses its port number> 1023.

Client
process
Server
process

Port address TCP/UDP

IP address

P C Gupta 6
 Transmission Control Protocol (TCP)

• TCP supplements IP service by providing reliable service:

– It is end-to-end error free, flow controlled, sequenced
delivery service.
– All the user data bytes are acknowledged.
• TCP is connection oriented.
– It has connection establishment, data transfer, and
connection release phases.
• TCP has congestion avoidance mechanism.
– On receipt of congestion indication from IP network, TCP
reduces volume of data it hands over to IP layer.

Gupta
P C Gupta 7
 Transmission Control Protocol (TCP)

• A data unit at TCP layer is called a TCP segment.

TCP segment
Header Application data bytes

• Sliding window flow control is used.

Acknowledged TCP buffer

data bytes
Sliding Application
window data bytes

– Window contains application data bytes that can be sent.

– Window size at sending end is dynamically controlled by
the receiver at the other end.
– Receiver specifies sender’s window size depending on
its available free buffer.
– Window size is specified in terms of number of bytes.
Gupta
P C Gupta 8
 Transmission Control Protocol (TCP)

TCP buffers Sending process Receiving process

TCP TCP
buffer buffer

• Sending application process writes data bytes into TCP buffer.

• Receiving application process lifts data bytes from TCP buffer.
– Empty locations at the receiving end depend on the rate at which
application process lifts data bytes.
– Number of empty locations determine the number of data bytes,
the receiving TCP entity can accept from the sending TCP entity.
– Therefore receiving TCP entity constantly indicates to the sending
TCP entity number of more data bytes that it can accept.
– Sending TCP entity sets its window (called receiver window, rwnd)
accordingly.

Gupta
P C Gupta 9
 TCP Ports

• An application is attached to TCP entity through a port.

• Multiple processes can be served simultaneously using
different port numbers. Some well known ports are
Telnet: 23, FTP: 20, HTTP: 80, SMTP: 25
• A server process can have several simultaneous
connections through its one port.

TCP port
Server process Client process

TCP 33 53 1093 1067

10.0.0.1 10.0.0.2 10.0.0.3

Gupta
P C Gupta 10
10
 Format of TCP Segment

Source & destination port numbers (16 bits each)

• These are the port numbers to which sending and
receiving application processes are attached.

0 31 bits
Source port number Destination port number
Sequence number
Acknowledgement number
UAPRSF
Header Header
Reserved R C S S Y I Window size
length GKHT NN
TCP checksum Urgent pointer

TCP options (if any) + Pad

Data

Gupta
P C Gupta 11
11
 Format of TCP Segment

Sequence number (32 bits)

• It is sequence number of first user data byte. It is a
running number.
– If this TCP segment contains N bytes of user data, the
sequence number in the next TCP segment will S + N.

Source port number Destination port number

Sequence number (S)
Acknowledgement number
U A P R S F
Header
Reserved R C S S Y I Window size
length G K H T N N
TCP checksum Urgent pointer
TCP options (if any) + Pad

User data

Gupta
P C Gupta 12
12
 Format of TCP Segment

Acknowledgement number (16 bits)

• It is piggybacked acknowledgement of received data.
– It indicates sequence number next data byte expected.
– This field is valid only if the ACK flag is set to 1.
Window size (16 bits)
• It is number of additional bytes that can be accepted by
the sender of this TCP segment.
– Window size at the other end is set to this number.
Source port number Destination port number
Sequence number
Acknowledgement number
U A P R S F
Header
Reserved R C S S Y I Window size
length G K H T N N
TCP checksum Urgent pointer
TCP options (if any) + Pad
Gupta
P C Gupta 13
13
 Format of TCP Segment
Flags
SYN (Synchronization): It is used for synchronization of
sequence numbers during connection establishment.
FIN (Final): It is set for closing TCP connection in onwards
direction. Closing implies ‘I will not send any more data’.
RST (Reset): It used for
a) refusing connection request.
b) indicating to the other end that the connection must be
closed immediately.
– Reset implies ‘I will not send and accept any data’.

U A P R S F
R C S S Y I
G K H T N N

Gupta
P C Gupta 14
14
 Format of TCP Segment

PSH (Push): it indicates that application data is not to be

buffered.
– An application uses ‘Push’ attribute of TCP service to
indicate that TCP should send the data without waiting for
more data from the application.
– Sending TCP sets PSH flag to 1 in its TCP segment.
Receiving TCP entity hands over data to application.
URG (Urgent ): It is set to 1 to indicate that the value of
urgent pointer is valid.
– On receipt of URG =1, the receiving TCP entity notifies the
application to switch into ‘urgent mode’.
– The application switches to urgent mode to capture data
from the buffer.
U A P R S F
R C S S Y I
GK H T N N

Gupta
P C Gupta 15
15
 Format of TCP Segment
Urgent pointer
• It points to last byte of urgent data when URG flag is set.
– Urgent data is inserted at the beginning of user data field.
Last byte of urgent data is byte number (S+U).
Header length
• Header length in multiples of 4 bytes.

Source port number Destination port number

Sequence number (S)
Acknowledgement number
U A P R S F
Header
Reserved R C S S Y I Window size
length G K H T N N
TCP checksum Urgent pointer (U)
TCP options (if any) + Pad
Urgent data
Data
Gupta
P C Gupta 16
16
 Format of TCP Segment

TCP checksum
• It is used for error detection. It covers TCP header, user
data and pseudo IP header.
Options
• Commonly used option is to specify Maximum Segment
Size (MSS). MSS is maximum number of user data bytes
in a TCP segment.
Source port number Destination port number
Sequence number
Header Acknowledgement number
U A P R S F
Header
Reserved R C S S Y I Window size
length G K H T N N
TCP checksum Urgent pointer
TCP options (if any) + Pad

User data

Gupta
P C Gupta 17
17
 Pseudo IP Header

• An IP packet can be delivered to wrong destination.

• Error detection checksum in TCP header detects wrong
delivery and content errors of the TCP segment.
• TCP checksum is computed on TCP segment & pseudo IP
header.
– Destination IP layer hands over source & destination IP
addresses of the received packet to TCP.
– The TCP layer reconstructs the pseudo IP header & verifies
the checksum.

Source IP address
Destination IP address
Zeroes Protocol TCP segment length
1 1 2 bytes

Gupta
P C Gupta 18
18
 TCP Operation

• TCP operation has three phases

– Connection establishment, data transfer, disconnection.
TCP Connection Establishment
• Three way hand shake is used.
Request for connection
Acceptance of request
ACK of acceptance

• During hand shake, the TCP entities synchronize their

– sequence numbers, acknowledgement numbers and
options.
• Three-way hand shake ensures that lost, delayed,
duplicated requests & acknowledgements are taken care
of.

Gupta
P C Gupta 19
19
 TCP Connection Establishment
A B
Ack:
Seq: 270
Ack: 271
Seq: 478
Ack: 479
Seq: 271
Ack: 271
Synchronized Seq: 479

• A selects a random sequence number (270) for A → B

direction and sends it with SYN flag.
– SYN flag is indication to synchronize sequence numbers.
• B replies with random sequence number (478) for B → A
direction with
– SYN and ACK flags, and Ack number 271.

Gupta
P C Gupta 20
20
 TCP Connection Establishment
A B
Ack:
Seq: 270
Ack: 271
Seq: 478
Ack: 479
Seq: 271
Ack: 271
Synchronized Seq: 479

• A replies with
– ACK flag,
– Ack number 479,
– Sequence number 271
• With this hand shake, the acknowledgement and
sequence numbers are synchronized.

Gupta
P C Gupta 21
21
 TCP Data Transfer

A B
Ack: 479 Ack: 271
Seq: 271 Seq: 479
Ack: 281
Seq: 479
Ack: 479
Seq: 281
Ack: 295
Seq: 479
Ack: 479
Seq: 295

Gupta
P C Gupta 22
22
 TCP Data Transfer

• Lost TCP segments or acknowledgements.

• After retransmission time out, TCP segment is sent
again.

A B

Retransmission
time out

Gupta
P C Gupta 23
23
 Disconnection Phase

• A TCP connection is to be viewed as two one-way

connections, one in each direction.
– Each one-way connection is closed separately.
• A TCP entity (A) indicates its intent to close connection
in the direction towards TCP entity (B) by sending FIN
flag set to 1.
• Receipt of acknowledgement from B closes the A→B
connection.
• A continues to receive data segments from B.
• B closes B → A connection in the same manner.
• Each entity ensures that it has sent all the data in its
buffer and has received acknowledgement for the same
before initiating connection closure.

Gupta
P C Gupta 24
24
 Disconnection Phase

A B
Ack: 295
Ack: 479 Seq: 479
Seq: 295
Ack: 296
Seq: 479
Ack: 479
Seq: 296
A to B connection Ack: 296
is closed Seq: 479
Ack: 480
Seq: 296
Ack: 296
Seq: 480

B to A connection
is closed

Gupta
P C Gupta 25
25
 Flow Control
• TCP implements end-to-end sliding window flow control.
– Flow control is based on volume of user data in bytes.
– Window size can be from 0 to 65535 bytes.
– Window size (called rwnd, receiver window) is controlled
by the receiving end.
A B
SYN, Seq=45, W=8
Connection
establishment SYN, ACK, Ack=46, Seq=71, W=4
phase
ACK, Ack=72, Seq=46, W=8

User’s data
Window bytes
Window at A just
after connection 46 47 48 49 50 51
establishment
First byte that Last byte that
can be sent can be sent

Gupta
P C Gupta 26
26
 Sliding Window Flow Control

• Left edge is controlled by the acknowledgements.

– Acknowledged bytes move out of window.
• The right edge is controlled by the receiver.
– If free buffer is available, the receiver asks the sender to
move the right edge to accommodate more data bytes.

Left Right
edge edge

46 47 48 49 50 51

Gupta
P C Gupta 27
27
 Sliding Window Flow Control
a. Current window at A
Window size = 4
46 47 48 49 50 51 52 53 54

b. B sends Ack = 49, Window = 3

Window size = 3
46 47 48 49 50 51 52 53 54

c. B sends Ack = 49, Window = 5

Window size = 5
46 47 48 49 50 51 52 53 54

Gupta
P C Gupta 28
28
 Fast Retransmission

• If a TCP segment is lost in the IP network, the sender

will retransmit the segment after expiry of
Retransmission Time Out (RTO).
• Fast retransmit enables the sender to retransmit a lost
TCP segment before expiry of RTO.
• When the receiver notices a missing segment, it repeats
the last Ack.
• When the sender receives a duplicate Ack, it comes to
know that a TCP segment is not received but next
segment or a duplicate is received.
• When the sender receives three duplicate
acknowledgements it retransmits the missing segment.

Gupta
P C Gupta 29
29
 Fast Retransmission

A B
Ack = 271
Seq = 271 (10 bytes)
Seq = 281 (10 bytes) Lost
Seq = 291 (10 bytes)
Seq = 301 (10 bytes)
Ack = 271
3 duplicate
acknowledgements are
detected
Missing TCP segment
[Seq = 271] is retransmitted
Ack = 311

Gupta
P C Gupta 30
30
 SYN Flooding Attack in TCP
• When a server receives TCP connection request, it
– responds with SYN, ACK flags,
– creates half-open connection state (reserves buffer) &
– waits for ACK flag from the client.
• An attacker can take advantage of half open connection
state for launching SYN flooding attack on the server.

P C Gupta 31
 SYN Flooding Attack in TCP

B C D TCP connection requests with fake

source address B, C, D from T.
Attacker T
TCP responses to destination
A Victim
address B, C, D.

– Attacker T sends large number of connection requests to

server A .
– These requests are sent with fake source addresses.
– Server A creates half-open connection states and waits for
confirmations (ACK flag).
– Large number of half-open connections exhaust A’s
resources.
– Server A is incapacitated to entertain new TCP connection
requests from legitimate users. Since source addresses
were fake, it cannot block the attacker.

P C Gupta 32
 SYN Flooding Attack in TCP

• The impact of attack can be minimized by:

– Limiting life time of a half open connection.
– Limiting number of half open connections from a source.
Overwriting old half open connection with new request.
– Using proxy to avoid direct TCP connections to the server.
– Using cookies to avoid tracking of half open connections.

P C Gupta 33