Transport Layer

Protocols
TCP and UDP

Dr. Muazzam A. Khan

 Transport Control Protocols
 The function of the Transport Layer is to
insure packets have no errors and that Applications
all packets arrive and are correctly
reassembled. Two protocols are used: Packet Packet

 User Datagram Protocol.

 Provides unreliable, connectionless TCP UDP
delivery service using Internet Protocol.
Packet Packet
 Application programs utilizing UDP
accepts full responsibility for packet IP
reliability including message loss,
duplication, delay, out of sequence, Packet
multiplexing and connectivity loss.
 Transmission Control Protocol. Hardware
 Provides a reliable, connection delivery
service using Internet Protocol.
 It provides reliable packet delivery, TCP and UDP pass IP
packet sequencing, error control, packets to the
multiplexing. applications

Dr. Muazzam A. Khan 2

Connectionless vs Connection-oriented
Protocols
 Connection-oriented – Two
computers connect before sending any
data, sender lets receiver know that
data is on the way; recipient
acknowledges receipt of data (ACK) or
denies receipt (NACK). The ACKing
and NACKing is called handshaking.
(Type supported by TCP). Reliable,
but carries overhead burden.
 Connectionless – Computers
involved know nothing about each
other or the data being sent. Makes no
attempt to cause networks senders
and receivers to exchange information
about their availability or ability to
communicate with one another, “best
effort” delivery. (Type supported by IP,
UDP). Not reliable, but faster and may
be good enough. Also upper layer
apps may worry about errors and
reliability processing, so no need to do
it twice.

Dr. Muazzam A. Khan 3

Transport Layer Ports
 Port numbers are used to keep track
of different conversations that cross
the network at the same time.
 Port numbers identify which upper
layer service is needed, and are
needed when a host communicates
with a server that uses multiple
services.

 Both TCP and UDP use port numbers to pass to the upper layers.
 Port numbers have the following ranges:
 0-255 used for public applications, 0-1023 also called well-known
ports, regulated by IANA (Internet assigned numbers authority).
 Numbers from 255-1023 are assigned to marketable applications
 1024 through 49151 Registered Ports, not regulated.
 49152 through 65535 are Dynamic and/or Private Ports .

Dr. Muazzam A. Khan 4

Some Well-Known TCP Ports
Port Application Description
9 Discard Discard all incoming data port
7 Echo Echo
19 Chargen Exchange streams of data port
20 FTP-Data File transfer data port
21 FTP-CMD File transfer command port
23 Telnet Telnet remote login port
25 SMTP Simple Mail Transfer Protocol port
53 DOMAIN Domain Name Service
79 Finger Obtains information about active users
80 HTTP Hypertext Transfer Protocol port
88 Kerberos Authentication Protocol
110 POP3 PC Mail retrieval service port
119 NNTP Network news access port
161 SMTP Network Management
179 BGP Border Gateway Protocol
513 Rlogin Remote Login In

Dr. Muazzam A. Khan 5

 Ports for Clients
 Clients and servers both use ports to distinguish what process each
segment is associated with.
 Source ports, which are set by the client, are determined
dynamically, usually a randomly assigned a number above 1023.

Source Port Destination Port

1. Client requests a web page from server 1032 80
2. Server responds to client 80 1032

Dr. Muazzam A. Khan 6

Protocols and Port Numbers
APPLICATION Telnet
LAYER

Source Port
5512 Destination Port
23
TRANSPORT
LAYER TCP Header

NETWORK
LAYER 6
IP Header Source IP Address; 128.66.12.2

Destination IP Address; 128.66.13.1

ETHERNET
DATA LINK
LAYER PREAMBLE
DESTINATION ADDR SOURCE ADDR
00 00 1B 09 08 07
FIELD
IP
HEADER
TCP
HEADER DATA FCS
00 00 1B 12 23 34 TYPE

Dr. Muazzam A. Khan 7

Protocols and Port Numbers
APPLICATION FTP
LAYER

Source Port
5512 Destination Port
TRANSPORT UDP 69
LAYER

NETWORK
IP Header
LAYER 17
Source IP Address; 128.66.12.2

Destination IP Address; 128.66.13.1

ETHERNET
DATA LINK
LAYER PREAMBLE
DESTINATION ADDR SOURCE ADDR
00 00 1B 09 08 07
FIELD
IP
HEADER
TCP
HEADER DATA FCS
00 00 1B 12 23 34 TYPE

Dr. Muazzam A. Khan 8

TCP Operation
 TCP is a connection-oriented protocol.
 TCP provides the following major services to the upper protocol
layers:
 Connection-oriented data management to assure the end-to-end transfer of
data across the network(s).
 Reliable data transfer to assure that all data is accurately received, in
sequence and with no duplicates.
 Stream-oriented data transfer takes place between the sender application and
TCP and the receiving application and TCP.
 To stream is to send individual characters not blocks or frames.
 Prior to data transmission, hosts establish a virtual connection via
a synchronization process. The synch process is a 3-way
“handshake”, which ensures both sides are ready to transfer data
and determines the initial sequence numbers.
 Sequence numbers give hosts a way to acknowledge what they
have received. TCP header contain SYN bits, or flags, to achieve
this.
Dr. Muazzam A. Khan 9
TCP Synchronization or 3-Way Handshake
TCP is a connection oriented protocol. Communicating hosts go through a
synchronization process to establish a virtual connection. This synchronization
process insures that both sides are ready for data transmission and allows the
devices to determine the initial sequence numbers.

Sequence numbers are

reference numbers
between the two devices. Send SYN
The sequence numbers Seq = x Receive SYN
give each host a way to Seq = x
ACK the SYN, so the
Receive SYN Send SYN
receiver knows which Seq = y
connection request the Seq = y ACK = x + 1
ACK = x + 1
sender is responding to.
Send ACK
ACK = y + 1 Receive ACK
ACK = y + 1
Dr. Muazzam A. Khan 10
 Denial of Service Attacks
DoS attacks are designed to deny services to legitimate users.
DoS attacks are used by hackers to overwhelm and crash systems.
SYN flooding is a DoS attack that exploits the three way handshake.
1. Hacker initiates a SYN but spoofs
the source IP address.
2. Target replies to the unreachable IP
Send SYN
address and waits for final ACK. Receive SYN
Send SYN
3. Hackers floods target with false Send SYN Send SYN/ACK
SYN requests tying up its Send SYN
connection resources, preventing it Send SYN
Send SYN
from responding to legitimate
connection requests.

To defend against these attacks, decrease the connection timeout period

and increase the connection queue size. Software also exists that can
detect these types of attacks and initiate defensive measures.

Dr. Muazzam A. Khan 11

TCP Windows and Flow Control
 Data often is too large to be sent in a single segment. TCP splits the
data into multiple segments.
 TCP provides flow control through “windowing” to set the pace of
how much data is sent at a time – IE how many bytes per window,
and how many windows between ACKs.

Window Size = 1 Window Size = 3

Dr. Muazzam A. Khan 12

 Windowing and Window Size
Window size determines the amount of
Fast enough I didn’t get
data that you can transmit before for you? all of that,
receiving an acknowledgment. This is slow down.
how TCP assists in congestion control.
Sliding window refers to the fact
that the window size is negotiated
dynamically during the TCP
session.
Expectational acknowledgment
means that the acknowledgment
number refers to the octet that is
next expected.
If the source receives no
acknowledgment, it knows to
retransmit at a slower rate.

Dr. Muazzam A. Khan 13

 Sequence and ACK Numbers
 Each TCP segment is numbered before transmission so that the
receiver will be able to properly reassemble the bytes in their
original order.
 They also identify missing data pieces so the sender can
retransmit them.
 Only the missing segments need to be re-transmitted.

Positive Acknowledgement and Retransmission

TCP utilizes PAR to control data flow and confirm data delivery.
 Source sends packet, starts timer, and waits for ACK.
 If timer expires before source receives ACK, source retransmits the
packet and restarts the timer.

Dr. Muazzam A. Khan 14

TCP Encapsulation 0 15 16 31

VERS HLEN TOS Total Length

4 bits 4 bits 8 bits 16 bits
Identification Flags Fragment Offset
16 bits 3 bits 13 bits
TTL Protocol Checksum
8 bits 8 bits 16 bits
Source IP Address IP Header
32 bits
Destination IP Address
32 bits
IP Options(if any)
32 bits

IP Datagram Source Port Destination Port

16 bits 16 bits
Sequence Number
32 bits
Acknowledgement Number
32 bits
Offset Reserved U A P R S F Receive Window Size TCP Header
4 bits 6 bits 16 bits
Checksum Urgent Pointer
16 bits 16 bits

Options (if any)

TCP Data (if any)

ETHERNET

PREAMBLE DESTINATION SOURCE FIELD IP TCP DATA FCS

ADDRESS ADDRESS TYPE HEADER HEADER 0-65535

2 4
8 6 6
Dr. Muazzam A. Khan 15
 TCP Segment Format
Number of the calling port Number of the called port

Used to ensure correct

sequencing of the arriving
data

Next expected TCP

octet
Number of 32-bit words in
the header

set to zero
Control setup and
termination of session
Number of octets sender is
Indicates the end of the urgent data willing to accept

Upper layer protocol data

Dr. Muazzam A. Khan 16
 Details on TCP Fields
 Sequence Number. TCP numbers each byte in the TCP data with a sequence number.
 The sequence number identifies the first byte in the data segment being transmitted from the sending TCP to
the receiving TCP.
 Acknowledgement Number. The acknowledgement number contains the next sequence number
the receiving station (sending the acknowledgement) expects to receive. The Acknowledgement flag
is set.
 Offset. It is perhaps more descriptive to call this field the TCP Header Length. This field is required because the
length of the options field is variable.
 It indicates where the TCP header ends and the data begins. The header is 20 bytes without the options field.
 Reserved. This field is reserved for future use and is set to zero.
 TCP software uses the 6 Code Bits to determine the purpose and contents of the segment.
 Urg This flag indicates that this segment contains an Urgent pointer field. The Urgent Pointer field is
explained below. 1 = Urgent, 0 = Not Urgent.
 Ack This flag indicates that this segment contains an Acknowledgement field. 1 = Ack, 0 = No Ack.
 Psh The segment requests a Push. TCP software usually gathers enough data to fill the transmit buffer prior
to transmitting the data. 1 = Push, 0 = No Push. If an application requires data to be transmitted even though a
buffer may not be full then a PUSH flag bit is set. At the receive side the PUSH makes the data available to the
application without delay.
 Reset This field will Reset the connection. 1 = Reset, 0 = No Reset.
 Syn This flag field is used to Synchronize sequence numbers to initiate a connection. 1 = Syn, 0 = No Syn
 Fin The Finish flag bit is used to indicate the termination of a connection. 1 = Fin, 0 = No Fin.
 Urgent Pointer. This field presents a way for the sender to transmit emergency data to the receiver.
The URG flag must be set.
 The Urgent Pointer is a 16 bit positive offset that is added to the sequence number field in the TCP header to
obtain the sequence number of the last byte of the urgent data.
 The application determines where the urgent data starts in the data stream.
 The field is normally used by the application to indicate the pressing of an interrupt key during Telnet/Rlogin or
a file transfer abort during FTP.

Dr. Muazzam A. Khan 17

UDP/TCP Operation Comparison
 There are two protocols at Layer 4 TCP UDP
– TCP and UDP. Both TCP and
UDP use IP as their underlying Connection-oriented Connectionless
protocol. delivery delivery, faster
 TCP must be used when Uses windows and No windows or ACKs
applications need to guarantee the ACKs
delivery of a packet. When Full header Smaller header, less
applications do not need a overhead
guarantee, UDP is used.
Sequencing No sequencing
 UDP is often used for applications
and services such as real-time Provides reliability Relies on app layer
audio and video. These protocols for reliability
applications require less FTP, HTTP, SMTP, DNS, TFTP, SNMP,
overhead. They also do not need and DNS and DHCP
to be re-sequenced since packets
that arrive late or out of order have
no value.
UDP segment format
 0 – 15   16 - 31   31 - 47   48 – 63  64 

Source Port Destination Port Length Checksum Data…

Dr. Muazzam A. Khan 18
 User Datagram Protocol
0 15 16 31

UDP Source Port UDP Destination Port

UDP Message Length UDP Checksum

Data

. . .
ETHERNET FCS
DESTINATION SOURCE FIELD IP HEADER UDP DATAGRAM
PREAMBLE TYPE
ADDRESS ADDRESS
8 6 6 2 8-1500 4

 UDP is a connectionless, unreliable Transport level service protocol. It is

primarily used for protocols that require a broadcast capability, i.e RIP.
 It provides no packet sequencing, may lose packets, and does not check for
duplicates.
 It is used by applications that do not need a reliable transport service.
 Application data is encapsulated in a UDP header which in turn is encapsulated in
an IP header.
 UDP distinguishes different applications by port number which allows multiple
applications running on a given computer to send /receive datagrams
independently of one another.

Dr. Muazzam A. Khan 19

 UDP Port Numbers
Echo 7 Echo user datagram back to user
Discard 9 Discard user datagrams
Daytime 13 Report time in a user friendly fashion
Quote 17 Return "Quote of the day"
Chargen 19 Character generator
Nameserver 53 Domain Name Server
Sql-Net 66 Oracle Sequel Network
BOOTPS 67 Server port to download configuration information
BOOTPC 68 Client port to receive configuration information
TFTP 69 Trivial File Transport Protocol
POP3 110 Post Office Protocol - V3
SunRPC 111 Sun Remote Procedure Call
NTP 123 Network Time Protocol
SNMP 161 Used to receive network management queries
SNMP-trap 162 Used to receive network problem reports.
IRC 194 Internet Relay Chat
IPX 213 IPX - IP Tunneling
SysLog 514 System Log
RIP 520 Routing Information Protocol
NFS 2049 Network File Service 20
Dr. Muazzam A. Khan