TCP Connection Management

Yuli Aria Winata

¡ Introduction¡ TCP Connection Establishment¡ TCP Options¡ Path MTU Discovery with TCP¡ TCP State Transitions¡ Reset Segments


¡ Problem of communication environment is medium may lost or not correctly received

¡ Some way to avoid this are§ Handling Errors§ Try sending again

¡ Approach to try sending packets until it is received correctly called Automatic Repeat Request.

¡ Problem of communication environment is medium may lost or not correctly received

¡ Some way to avoid this are§ Handling Errors§ Try sending again

¡ Approach to try sending packets until it is received correctly called Automatic Repeat Request.

¡ ARQ requires way to determine the packet has been arrived and not duplicated.

¡ The receiver might receive duplicate copies of the packet. This problem is addressed using a sequence number.

¡ The method for a receiver to signal to a sender that it has received a packet is called an acknowledgment, or ACK.

¡ ARQ requires way to determine the packet has been arrived and not duplicated.

¡ The receiver might receive duplicate copies of the packet. This problem is addressed using a sequence number.

¡ The method for a receiver to signal to a sender that it has received a packet is called an acknowledgment, or ACK.

¡ TCP is more complicated protocol than UDP¡ TCP must established a connection¡ TCP connection is defined to be a 4-tuple,

which is Client_IP, Client_port, Server_ip, Server_port

¡ TCP is more complicated protocol than UDP¡ TCP must established a connection¡ TCP connection is defined to be a 4-tuple,

which is Client_IP, Client_port, Server_ip, Server_port

¡ Algorithms to prevent that the sender overruns the receiver with information

¡ TCP implements sliding window flow control¡ Some parameters returned to to the sender

are :

¡ The interpretation is:§ I am ready to receive new data with ▪ SeqNo= AckNo, AckNo+1, …., AckNo+Win-1

¡ Algorithms to prevent that the sender overruns the receiver with information

¡ TCP implements sliding window flow control¡ Some parameters returned to to the sender

are :

¡ The interpretation is:§ I am ready to receive new data with ▪ SeqNo= AckNo, AckNo+1, …., AckNo+Win-1

AckNo window size(win)

32 bits 16 bits

¡ Algorithms to prevent that the sender overloads the network

¡ Congestion window is adjusted based on feedback from the network

¡ Algorithms to prevent that the sender overloads the network

¡ Congestion window is adjusted based on feedback from the network

¡ Often called three way handshake.¡ The purpose are to let each other know that

connection is starting.

SYN : SynchronizationACK : AcknowledgementISN : Initial Sequence Number

(c) : Client(s) : Server(options) : TCP Options

¡ Traditionally, it was most common for the client to initiate a close.

¡ However, other servers (e.g., Web servers) initiate a close after they have completed a request.

¡ Traditionally, it was most common for the client to initiate a close.

¡ However, other servers (e.g., Web servers) initiate a close after they have completed a request.

FIN : FinishACK : AcknowledgementSeq : Sequence Number

(c) : Client(s) : Server(options) : TCP OptionsK = Current Seq numberL = Last data sent

¡ TCP Half-Close§ Passive opener can still send a data even after

Active Opener have sent FIN Segments¡ Simultaneous Open and Close

§ Requires each end to have an IP address and port number.

§ Both ends act as client and server.

¡ TCP Half-Close§ Passive opener can still send a data even after

Active Opener have sent FIN Segments¡ Simultaneous Open and Close

§ Requires each end to have an IP address and port number.

§ Both ends act as client and server.

¡ Before establish connection, a device chooses an ISN.

¡ Sequence number also represents vulnerability of TCP.

¡ In modern System, ISN selected in semi-random way.

¡ Linux use clock based scheme, but starts the clock at random offset for each connection.

¡ The offset chosen as secret input for a hash function and changed every 5 minutes.

¡ This produces ISN that is difficult to guess, but also increases overtime

¡ Before establish connection, a device chooses an ISN.

¡ Sequence number also represents vulnerability of TCP.

¡ In modern System, ISN selected in semi-random way.

¡ Linux use clock based scheme, but starts the clock at random offset for each connection.

¡ The offset chosen as secret input for a hash function and changed every 5 minutes.

¡ This produces ISN that is difficult to guess, but also increases overtime

Client : 192.168.35.130 : 3323Server : 10.0.0.2 : 80Protocol : TCP

Row 1-3 Connection setupRow 4-7 Connection close

(c) : Client(s) : ServerK = Current Seq numberL = Last data sent

FIN : FinishSYN : SynchronizationACK : AcknowledgementISN : Initial Sequence (Seq) Number

1. SYN | Seq : 685506836 (ISN(c)) ->2. <- SYN+ACK | Seq : 1479690171 (ISN(s)), Ack : 685506837 (ISN(c) + 1)3. ACK | Seq : 685506837 (K = ISN(c)) , Ack : 1479690172 (L = ISN(s) + 1) ->4. FIN+ACK | Seq : 685506837 (K) , Ack : 1479690172 (L) ->5. <- ACK | Seq : 1479690172 (L) , Ack : 685506838 (K + 1)6. <- FIN+ACK | Seq : 1479690172 (L) , Ack : 685506838 (K + 1)7. ACK | Seq : 685506838 (K) , Ack : 1479690173 (L + 1) ->

¡ Timeout of Connection Establishment§ If connection is timeout, the request will be sent

again using exponential back-off behavior¡ Connection and Translators (NAT with TCP)

§ NAT know from SYN bit field in a segment§ Determine fully established by looking for SYN +

ACK and AC segments

¡ Timeout of Connection Establishment§ If connection is timeout, the request will be sent

again using exponential back-off behavior¡ Connection and Translators (NAT with TCP)

§ NAT know from SYN bit field in a segment§ Determine fully established by looking for SYN +

ACK and AC segments

No. Time Source Destination Protocol

1 0.000000 192.168.10.144 192.168.10.180 TCP

2 2.997928 192.168.10.144 192.168.10.180 TCP

3 8.997962 192.168.10.144 192.168.10.180 TCP

3 (a)

6 (a x 2)3 8.997962 192.168.10.144 192.168.10.180 TCP

4 20.997942 192.168.10.144 192.168.10.180 TCP

5 44.997936 192.168.10.144 192.168.10.180 TCP

6 92.997937 192.168.10.144 192.168.10.180 TCP

12 (b x 2)

48 (d x 2)

6 (a x 2)

24 (c x 2)

¡ Let the sender place two 4-byte timestamp.¡ Sender place Timestamp value (TSV or TSval)¡ Receiver echoes back using Timestamp Echo

Retry field (TSER orTSerc) ¡ Provide a way for the receiver to avoid

receiving old segment and considering it as valid.

¡ Let the sender place two 4-byte timestamp.¡ Sender place Timestamp value (TSV or TSval)¡ Receiver echoes back using Timestamp Echo

Retry field (TSER orTSerc) ¡ Provide a way for the receiver to avoid

receiving old segment and considering it as valid.

¡ User Timeout (UTO)§ Specify amount of time a TCP sender is willing to

wait for ACK before concluding that the remote end has failed.

¡ TCP-AO§ Used to enhance the security of TCP Connection

¡ User Timeout (UTO)§ Specify amount of time a TCP sender is willing to

wait for ACK before concluding that the remote end has failed.

¡ TCP-AO§ Used to enhance the security of TCP Connection

¡ TCP regular PMTUD process operates as follows.§ Connection Established§ Use Minimum MTU or MSS announced by the

other end.§ If Packet Too Big (PTB) received retransmits

signal, it will use different segment size▪ If PTB contains next hop MTU, segment size use next

hop MTU (minus the TCP header)▪ If not, sender may try variety of values

¡ TCP regular PMTUD process operates as follows.§ Connection Established§ Use Minimum MTU or MSS announced by the

other end.§ If Packet Too Big (PTB) received retransmits

signal, it will use different segment size▪ If PTB contains next hop MTU, segment size use next

hop MTU (minus the TCP header)▪ If not, sender may try variety of values

Linux(GW)# ifconfig ppp0 mtu 288Linux(C)# sysctl -w net.ipv4.route.min_pmtu=68

Open1. Server Listening2. Client Open, Send SYN3. Server Recv SYN, Server

send SYN + ACK4. Client Recv SYN + ACK,

Send ACK5. Server Recv ACK

21

3

4

5

Close1. Client Close, Send FIN2. Server Recv FIN, Send

ACK3. Client Recv ACK4. Server Close, Send FIN5. Client Receive FIN, Send

ACK

5

12

3

4

5

Close1. Client Close, Send FIN2. Server Recv FIN, Send

ACK3. Client Recv ACK4. Server Close, Send FIN5. Client Receive FIN, Send

ACK

Server and client above is only to make this diagram easier to understand.

In real world both server and client can be Active/ Pasive opener/closer

¡ State where TCP wait for a time equal to twice the Maximum Segment Lifetime (MSL).

¡ Since if the last ACK is lost, the other side will need to retransmit the FIN segment.

¡ The connection (IP, port) cannot be reused until the 2MSL wait is over.

¡ Normally client does the active close and go to TIME_WAIT state.

¡ State where TCP wait for a time equal to twice the Maximum Segment Lifetime (MSL).

¡ Since if the last ACK is lost, the other side will need to retransmit the FIN segment.

¡ The connection (IP, port) cannot be reused until the 2MSL wait is over.

¡ Normally client does the active close and go to TIME_WAIT state.

¡ What if the connection crash and reboot with the same IP, Port?

¡ Can be misinterpreted as the new connection.

¡ To protect against this scenario, TCP should wait an amount of time equal MSL before creating any new connection.

¡ What if the connection crash and reboot with the same IP, Port?

¡ Can be misinterpreted as the new connection.

¡ To protect against this scenario, TCP should wait an amount of time equal MSL before creating any new connection.

¡ What if FIN segment lost? FIN_WAIT_2 can be in this state forever.

¡ There is a timeout variable that can be adjusted to prevent this.

¡ What if FIN segment lost? FIN_WAIT_2 can be in this state forever.

¡ There is a timeout variable that can be adjusted to prevent this.

¡ Reset is sent by TCP whenever a segment arrives does not correct.

¡ Type of causes that make a reset segment§ Connection request to non-existent port. § Aborting a connection§ Half-Open Connections§ TIME-WAIT Assassinations (TWA)

¡ Reset is sent by TCP whenever a segment arrives does not correct.

¡ Type of causes that make a reset segment§ Connection request to non-existent port. § Aborting a connection§ Half-Open Connections§ TIME-WAIT Assassinations (TWA)

TCP UDP

Bigger header Smaller Header

Connection Based (3 way handshake)

ConnectionlessConnection Based (3 way handshake)

If packet get dropped, It will be sent again.

No Compensation for lost packet.

TCP will re-oder the packets Packet can arrive out of order

Delay transmission when thenetwork is congested.

No congestion control

¡ http://www.itcertnotes.com/2011/04/dissecting-tcp-and-ip-header-fields.html

¡ UDP and TCP: Comparison of Transport Protocols [Video]. (2013). Retrieved April, 2014, from http://www.youtube.com/watch?v=Vdc8TCESIg8

¡ http://www.tcpipguide.com/free/t_TCPSlidingWindowDataTransferandAcknowledgementMech-2.htm

¡ http://www.itcertnotes.com/2011/04/dissecting-tcp-and-ip-header-fields.html

¡ UDP and TCP: Comparison of Transport Protocols [Video]. (2013). Retrieved April, 2014, from http://www.youtube.com/watch?v=Vdc8TCESIg8

¡ http://www.tcpipguide.com/free/t_TCPSlidingWindowDataTransferandAcknowledgementMech-2.htm

TCP Connection Management

Documents

Transcript of TCP Connection Management