TCP/IP - Oakton Community College

puffyyaphankyonkersΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 4 χρόνια και 8 μήνες)

88 εμφανίσεις


CIS 238

Oakton Community College

TCP/IP Model


TCP/IP Protocols

IP Protocols

Internet Control Message Protocol (ICMP)

Handles communication error messages

Internet Group Management Protocol (IGMP)

Provides functionality for multicasting

Internet Protocol (IP)

Connectionless, layer three protocol

Determines proper routing within multiple networks

Address Resolution Protocol (ARP)

Maps a known IP address to a Media Access Control (MAC) layer

TCP/IP Protocols

oriented protocols (TCP)

Guarantee that packets arrive intact, in sequence,
and without errors

Sacrifice speed for reliability

Connectionless protocols (UDP)

Send packets without regard for guaranteed

Sacrifice reliability for speed

Way Handshake

(Session Establishment)

To establish a connection, the three
way (or 3
handshake occurs:


The active open is performed by the client sending a SYN to
the server. (S/R) counters set.


In response, the server replies with a SYN
ACK. (R/S)
counters set.


Finally the client sends an ACK back to the server.

TCP/IP Applications

TCP / UDP Applications are defined by a destination port #.

Reserved port #’s (< 1024) are assigned by RFC.

Registered ports 1025

49151 are for IANA approved (not
necessarily RFC).

Source port #’s are (usually) random port #’s greater than
1024 (or 2048. 4096. 8192) depending on TCP/IP stack.

Common TCP application ports: FTP (20, 21) SSH (22) TELNET
(23) SMTP (25) HTTP (80) HTTPS (443)

TCP Session Transfer

During data transfer, TCP enforces:


Ordered data transfer

the destination host rearranges according to
sequence numbe


Retransmission of lost packets

any cumulative stream not
acknowledged will be retransmitted


Discarding duplicate packets


free data transfer


Flow control

limits the rate a sender transfers data to guarantee reliable
delivery. When the receiving host's buffer fills, then next
acknowledgement contains a 0 in the window size, to stop transfer and
allow the data in the buffer to be processed


Congestion control

using TCP sliding window

TCP Session Termination

The connection termination phase uses, at most, a four
way handshake,
with each side of the connection terminating independently. When an
endpoint wishes to stop its half of the connection, it transmits a FIN
packet, which the other end acknowledges with an ACK. Therefore, a
typical tear
down requires a pair of FIN and ACK segments from each TCP

A connection can be "half
open", in which case one side has terminated
its end, but the other has not resulting in a timeout, or a RST, and
termination half
open session. With the possible result of lost data.
There is no way for thje other side of the session to detemine if this is a
Data Loss Reset versus a Connection Aboort Reset.

Connection termination by a 3
way handshake can also occur when host
A sends a FIN and host B replies with a FIN & ACK and host A replies with
an ACK.

TCP Session States

Displayed by “netstat

an”. Some OSes allow options to display the process controlllng an open port


ban” under Windows, “netstat

pan” under LINUX. Or “lsof” as an option under some UNIXes.


represents waiting for a connection request from any remote TCP and port. (usually set by TCP

SENT represents waiting for the remote TCP to send back a TCP packet with the SYN and ACK flags set.
(usually set by TCP clients)

RECEIVED represents waiting for the remote TCP to send back an acknowledgment after having sent
back a connection acknowledgment to the remote TCP. (usually set by TCP servers)


represents that the port is ready to receive/send data from/to the remote TCP. (set by TCP
clients and servers)


represents waiting for enough time to pass to be sure the remote TCP received the
acknowledgment of its connection termination request. According to RFC 793 a connection can stay in
WAIT for a maximum of four minutes.

ACK, CLOSED all relate to various states of TCP session
termination depending on the method used.

TCP Session States


Each IP packet has a Time to Live (TTL) section that keeps track of the
number of network devices the packet has passed through to reach its
destination. The server sending the packet sets the initial TTL value, and
each network device that the packet passes through then reduces this
value by 1. If the TTL value reaches 0, the network device will discard the
packet. See the TRACEROUTE command.

This mechanism helps to ensure that bad routing on the Internet won't
cause packets to aimlessly loop around the network without being
removed. TTLs therefore help to reduce the clogging of data circuits with
unnecessary traffic.

TCP/IP and the LAN

IP was originally designed as a WAN protocol. Address Resolution Protocol
ARP is a Link Layer protocol that resolves IP addresses to LAN MAC
addresses on the local area network segment (Layer 2) that a host is
connected to. On Ethernet networks, these packets use an EtherType of
0x0806, and are sent to the broadcast MAC address of FF:FF:FF:FF:FF:FF.

On a local network the target IP address will “hear” the broadcast ARP
request and respond with an ARP response reversing MAC and IP source
and destination IP address, substituting it’s own MAC address for the
broadcast address on the response packet.

All local LAN segment communication via IP uses ARP. Even when routing
to a different network , the host ARPs for the gateway to that network
ARP entries matching IP to MAC address are kept in memory on the local
host in the “arp cache” for a TCP stack determined period of time; which is
displayed with the command “arp

a” or the equivalent command.

TCP stack datasets (UNIX/LINUX)

maps port numbers to named services mostly IANA reserved
ports under 1024 (RFC 1700) and proprietary registered ports thru

maps network numbers to network names as seen by the


maps IP protocol names to IP protocol as seen by the

maps name lookup procedures for all services that
references names

maps TCP/IP name lookup procedures for all services that
references TCP/IP names.

etc/hosts c
ontains local, static host to IP name
address mappings.

/etc/resolv.conf con
tains information for locating TCP/IP name/address
mappings from a separate (DNS) server.

contains information for the TCP stack DNS Server

Troubleshooting TCP/IP

line tools:

ipconfig (Windows) or ifconfig

ping (Packet Internet Groper)

tracert (Windows)/traceroute


nbtstat (Windows)

netdiag (Windows)

pathping (Windows)

telnet <ip address> <port #>



ethtool, ndd


i (sockets)