1

CCNA 2 v3.1 Module 10

2

Intermediate TCP/IP

CCNA 2

Module 10

333

TCP/IP Operations

• IP addresses

Allow for the routing of packets between networks

Makes no guarantees about delivery

• Transport layer is responsible for

Reliable transport of data and regulation of data flow from source to destination

This is accomplished using

sliding windows

sequencing numbers

a synchronization process that ensures each host is ready and willing to communicate

444

TCP/IP Segment Format

555

Synchronisation – 3 way handshaking

• Prior to data transmission the two communicating hosts go through a synchronization process to establish a virtual connection

• This synchronization process

Insures both sides are ready for data transmission

Allows the devices determine the initial sequence numbers

666

Synchronisation – 3 way handshaking

777

Sequence Numbers

• Part of initiating communication between the two devices

• Act as reference starting numbers between the two devices

• Give each host a way to ACK the SYN so that the receiver knows the sender is responding to the proper connection request

888

Denial Of Service Attacks

• Denial of service attacks (DoS)

• Designed to deny services to legitimate hosts attempting to establish connections

• Common method that hackers utilize to halt system response

• One type of DoS is known as SYN flooding

Exploits the normal three-way handshake and causes targeted devices to ACK to source addresses that will not complete the handshake

999

SYN Flooding

In a DoS attack, the hacker initiates a synchronization but spoofs the source IP address

To defend against these attacks, system administrators may decrease the connection timeout period and increase the connection queue size.

101010

Windowing and Window Size

Sliding window allows the destination device to indicate to the source a need to decrease or increase the amount of data being sent because it is incapable at that time of dealing with that much data

111111

Sequencing numbers

121212

Positive Acknowledgment and Retransmission (PAR)

•With PAR, source sends a packet, starts a timer, and waits for an ACK before sending the next packet

•If timer expires before source receives an ACK, the source retransmits the packet and restarts the timer

•TCP uses expectational acknowledgments - ACK number refers to the next octet that is expected

131313

UDP operation

•Not all applications need to guarantee delivery of the data packet

•They use UDP

a faster, connectionless delivery

Described in RFC 768

protocol that exchanges segments without acknowledgments or guaranteed delivery

Does not use windowing

Does not use acknowledgments

Application layer protocols must provide error detection

14

Overview of Transport Layer Ports

151515

Multiple Conversations Between HostsA port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server

Without a way to distinguish between different conversations, the client would be unable to send both an email and browse a web page, using one server at the same time

161616

Ports for Services

171717

Ports for Services continued…

181818

Ports for Clients

•Destination ports - ports for services

Normally defined using the well-known ports

•Source ports

Set by the client are determined dynamically

Client determines the source port by randomly assigning a number above 1023

191919

Port numbering & well-known port no’s

• Port numbers are represented by 2 bytes in the header of a TCP or UDP segment

16-bit value - port numbers from 0 to 65535

• Port numbers are divided into 3 categories

1 to 1023 ports are well-known ports

1024 to 49151 are registered ports

49152 to 65535 are defined as dynamic or private ports

202020

Multiple Sessions Between Hosts

• A pair of sockets, one on each host, forms a unique connection.

For instance, a host might have a telnet connection, port 23, while at the same time be surfing the net, port 80. The IP and the MAC addresses would be the same because the packets are coming from the same host.

212121

Sockets

• Transport layer

Port numbers are located here

Serviced by the network layer

• The network layer

assigns the logical address (IP address)

is then serviced by the data link layer

• Data link layer

assigns the physical address (MAC address)