TCP/IP - Oakton Community College

puffyyaphankyonkersΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 7 μήνες)

58 εμφανίσεις

TCP/IP

CIS 238

Oakton Community College


TCP/IP Model

TCP/IP Versus OSI

TCP/IP Protocols

IP Protocols


Internet Control Message Protocol (ICMP)


Handles communication error messages



Internet Group Management Protocol (IGMP)


Provides functionality for multicasting



Internet Protocol (IP)


Connectionless, layer three protocol


Determines proper routing within multiple networks



Address Resolution Protocol (ARP)


Maps a known IP address to a Media Access Control (MAC) layer
address



TCP/IP Protocols


Connection
-
oriented protocols (TCP)


Guarantee that packets arrive intact, in sequence,
and without errors


Sacrifice speed for reliability



Connectionless protocols (UDP)


Send packets without regard for guaranteed
delivery


Sacrifice reliability for speed


TCP 3
-
Way Handshake

(Session Establishment)


To establish a connection, the three
-
way (or 3
-
step)
handshake occurs:



-

The active open is performed by the client sending a SYN to
the server. (S/R) counters set.



-

In response, the server replies with a SYN
-
ACK. (R/S)
counters set.



-

Finally the client sends an ACK back to the server.





TCP/IP Applications


TCP / UDP Applications are defined by a destination port #.



Reserved port #’s (< 1024) are assigned by RFC.



Registered ports 1025


49151 are for IANA approved (not
necessarily RFC).



Source port #’s are (usually) random port #’s greater than
1024 (or 2048. 4096. 8192) depending on TCP/IP stack.



Common TCP application ports: FTP (20, 21) SSH (22) TELNET
(23) SMTP (25) HTTP (80) HTTPS (443)


TCP Session Transfer


During data transfer, TCP enforces:



-

Ordered data transfer
-

the destination host rearranges according to
sequence numbe


-

Retransmission of lost packets
-

any cumulative stream not
acknowledged will be retransmitted


-

Discarding duplicate packets


-

Error
-
free data transfer


-

Flow control
-

limits the rate a sender transfers data to guarantee reliable
delivery. When the receiving host's buffer fills, then next
acknowledgement contains a 0 in the window size, to stop transfer and
allow the data in the buffer to be processed


-

Congestion control


using TCP sliding window


TCP Session Termination


The connection termination phase uses, at most, a four
-
way handshake,
with each side of the connection terminating independently. When an
endpoint wishes to stop its half of the connection, it transmits a FIN
packet, which the other end acknowledges with an ACK. Therefore, a
typical tear
-
down requires a pair of FIN and ACK segments from each TCP
endpoint.



A connection can be "half
-
open", in which case one side has terminated
its end, but the other has not resulting in a timeout, or a RST, and
termination half
-
open session. With the possible result of lost data.
There is no way for thje other side of the session to detemine if this is a
Data Loss Reset versus a Connection Aboort Reset.




Connection termination by a 3
-
way handshake can also occur when host
A sends a FIN and host B replies with a FIN & ACK and host A replies with
an ACK.


TCP Session States


Displayed by “netstat

an”. Some OSes allow options to display the process controlllng an open port


“netstat

ban” under Windows, “netstat

pan” under LINUX. Or “lsof” as an option under some UNIXes.



LISTEN


represents waiting for a connection request from any remote TCP and port. (usually set by TCP
servers)



SYN
-
SENT represents waiting for the remote TCP to send back a TCP packet with the SYN and ACK flags set.
(usually set by TCP clients)



SYN
-
RECEIVED represents waiting for the remote TCP to send back an acknowledgment after having sent
back a connection acknowledgment to the remote TCP. (usually set by TCP servers)



ESTABLISHED


represents that the port is ready to receive/send data from/to the remote TCP. (set by TCP
clients and servers)



TIME
-
WAIT


represents waiting for enough time to pass to be sure the remote TCP received the
acknowledgment of its connection termination request. According to RFC 793 a connection can stay in
TIME
-
WAIT for a maximum of four minutes.



FIN
-
WAIT, FIN
-
WAIT
-
2, CLOSE
-
WAIT, CLOSING , LAST
-
ACK, CLOSED all relate to various states of TCP session
termination depending on the method used.


TCP Session States

TCP/IP TTL



Each IP packet has a Time to Live (TTL) section that keeps track of the
number of network devices the packet has passed through to reach its
destination. The server sending the packet sets the initial TTL value, and
each network device that the packet passes through then reduces this
value by 1. If the TTL value reaches 0, the network device will discard the
packet. See the TRACEROUTE command.



This mechanism helps to ensure that bad routing on the Internet won't
cause packets to aimlessly loop around the network without being
removed. TTLs therefore help to reduce the clogging of data circuits with
unnecessary traffic.


TCP/IP and the LAN



IP was originally designed as a WAN protocol. Address Resolution Protocol
ARP is a Link Layer protocol that resolves IP addresses to LAN MAC
addresses on the local area network segment (Layer 2) that a host is
connected to. On Ethernet networks, these packets use an EtherType of
0x0806, and are sent to the broadcast MAC address of FF:FF:FF:FF:FF:FF.



On a local network the target IP address will “hear” the broadcast ARP
request and respond with an ARP response reversing MAC and IP source
and destination IP address, substituting it’s own MAC address for the
broadcast address on the response packet.



All local LAN segment communication via IP uses ARP. Even when routing
to a different network , the host ARPs for the gateway to that network
.
ARP entries matching IP to MAC address are kept in memory on the local
host in the “arp cache” for a TCP stack determined period of time; which is
displayed with the command “arp

a” or the equivalent command.




TCP stack datasets (UNIX/LINUX)


/etc/services
maps port numbers to named services mostly IANA reserved
ports under 1024 (RFC 1700) and proprietary registered ports thru
49151.



/etc/networks
maps network numbers to network names as seen by the
server.



/etc/protcols

maps IP protocol names to IP protocol as seen by the
server.



/etc/nsswitch.conf
maps name lookup procedures for all services that
references names


/etc/host.conf
maps TCP/IP name lookup procedures for all services that
references TCP/IP names.



/
etc/hosts c
ontains local, static host to IP name
-
address mappings.



/etc/resolv.conf con
tains information for locating TCP/IP name/address
mappings from a separate (DNS) server.



/etc/named.conf
contains information for the TCP stack DNS Server
configuration


Troubleshooting TCP/IP


Command
-
line tools:


ipconfig (Windows) or ifconfig


ping (Packet Internet Groper)


tracert (Windows)/traceroute


netstat


nbtstat (Windows)


netdiag (Windows)


pathping (Windows)


telnet <ip address> <port #>


nslookup/dig


route


ethtool, ndd


arp



lsof
-
i (sockets)