Lecture 2: IP addresses, TCP and UDP

puffyyaphankyonkersNetworking and Communications

Oct 26, 2013 (3 years and 11 months ago)

61 views

Lecture 2: IP addresses, TCP and
UDP


This lecture will cover:


The “whole thing” (how your email gets to you)


More about IP addresses.


How names become IP addresses.


TCP and UDP


ICMP


More Information


Bertsekas/Gallager: Section 2.8
-
2.9


Tanenbaum: Section 6.1
-
6.4





Reminder from last lecture


IP sends data from place to place. TCP or UDP sit
above it at either end.


When you use the internet you use addresses like
http://manor.york.ac.uk or dave@hotmail.com


These addresses must then be converted to an IP
address e.g. 144.32.100.24


This means that data (packets) can get from A to B.


But what happens if data is lost, how do we know
where they are going to and how can we put packets
back together into data?

The Internet
-

emailing a friend

your computer

G/169

router

university of

york

JANET

transatlantic

cable

US
backbone

LAN

your friend's

computer

Domain Name System (DNS)


DNS takes the human readable name and
converts it to octets.


On a unix machine you can try this using
nslookup. (Linux users may prefer dig).

manor.york.ac.uk 1%
nslookup www.ntk.net

Server: castle2.york.ac.uk

Address: 144.32.128.5


Non
-
authoritative answer:

Name: vwww.flirble.org

Address: 195.40.6.34

Aliases: www.ntk.net

Answer

Question

DNS(2)

com

org

gov

mil

jp

uk

nl

sun

eng

vnvnation

www

ac

co

org

york

www

manor

ic

doc

src

net

generic/US

national

musicnonstop

www

TLDs (Top Level Domains)

DNS (3)

Routing Tables


How do packets know where to go?


This problem is known as routing.


The oldest (and easiest) solution is
static routing
.


Each computer has a table saying where to go to get to
each other computer.


On a Local Area Network (LAN) list all machines on
your subnet and the address of the external router for
everything else.


Most machines only need to know how to get to their
nearest router. Much more will be said about routing
later in the course

TCP and UDP


Once we’ve got our IP packet safely to its destination
what happens next?


Having stripped off the header, the first thing we find
is another header.


The second header provides information on which
port

to enter the machine on and where to send the reply.


It also provides a
checksum

to check the data is valid.


UDP will do nothing else. TCP will ensure that the
connection is
lossless
.

What are ports?


Ports are conceptual “points of entry” into a host
computer.


They do not correspond with real hardware but are
an abstraction for convenience.


Usually a service is associated with a port (e.g. http
on port 80).


Servers “listen on a port” for connection attempts.


Ports provide one level of internet security.


Generally, low number ports (< 100) are reserved
for special services.



Common Services and Ports

Service


Listens on Port

ftp



21

telnet



23

smtp (mail)


25

finger



79

http



80


User configured services (your Half
-
Life server?)
will listen on high numbered ports which are
usually left open to all users.

UDP data


User Datagram Protocol


the header is shown
below.


Length and checksum are as for IP.

About UDP


Provides a
lossy

connection (data may vanish).


Does not guarantee packets are delivered in
order.


Useful for real time applications. (It is no use
having your Quake III information arriving
correctly but ten seconds late).


UDP applications can implement their own
packet loss checking but it is best to use TCP for
this.

The TCP header



The TCP header is shown below

About the TCP header


Sequence number (what is the “order” of this
packet) incremented by 1 for every packet.


Acknowledgement number (what packet
sequence number does this acknowledge).


Header length (how many 32 bit words are in
options).


Flags: SYN = start connection, ACK =
acknowledge packet, FIN= finish connection.


(Three other flags, URG, RST, PSH).


TCP header (2)


Window size will be described in more detail later (it
sets how many unacknowledged packets may exist).


Checksum


is as for IP and UDP.


Urgent Pointer


points to part of the data that must be
looked at by the receiver before the TCP session (rarely
used).


Offsets says how long the options field is (the options
field can contain “other things”


extra facilities that
TCP might implement).

About TCP


TCP provides a
lossless

connection (or flags an
error when losses occur).


Data packets are given an order and can be
reassembled.


TCP provides some limited congestion control.


TCP is most useful for applications where data
validity is important but real
-
time is not critical
(email, www, ftp).


TCP packets are part of a TCP
session
.


TCP connections


This diagram shows the start of a TCP connection.

A sends packet X with

SYN. “Hello I would

like to talk”.

B sends a SYN, ACK

pair “I got your

message. I would

also like to talk”

A sends an ACK (and

some data) “I

got your message,

here is some data.”

TCP mechanisms



The
window size

is the number of outstanding
(unacknowledged) packets that that a TCP
session can send.


The window size provides a crude method for
congestion control.


The window size increases to allow more
packets to be sent (it increases throughput).


If a packet is lost then the window is reduced
again.

TCP lost packets


When a packet is received out of sequence the
receiver sends an ACK with the same number as
the previous.


If the sender receives three
duplicate ACKs

then
it assumes the packet has been lost and resends.


If the sender has not received an ACK for a
packet within a certain amount of time then it
times out

and assumes the packet lost.


Packet loss causes the packet to be resent and the
congestion window to be reduced.

TCP Window Increase/Decrease

Transmission no

Threshold

Threshold

Congestion window

The initial doubling of the

window size is called “slow

start”.

Timeout

Closing a TCP/session


an
interesting dilemma (aside)


How can we close a TCP session and stop
listening?

ICMP


Internet Control Message Protocol packets are
used for various control purposes. Here are
some common ones:


Time exceeded: TTL hit 0.


Echo request: Can you hear me out there?


Echo reply: Yes I can hear you.


Source Quench: Stop sending so much data.


Timestamp request/reply (as echo but with
times).

The story of ping


Ping is a handy utility for checking if a computer is alive
using ICMP echo request/reply (or timestamp if we
want).






Ping is a first test if a computer is networked.


We can even measure the speed of light using ping.
http://xxx.lanl.gov/abs/physics/0201053


Hacking makes it increasingly unused.

manor.york.ac.uk 20% ping
-
s castle.york.ac.uk

PING castle2.york.ac.uk: 56 data bytes

64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=0. time=1. ms

64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=1. time=1. ms

64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=2. time=1. ms

64 bytes from castle2.york.ac.uk (144.32.128.5): icmp_seq=3. time=1. ms

Traceroute


Traceroute neatly combines ping and the TTL
flag to get a “route” to a computer.


If the TTL is one the the packet will “die” after
one hop.


ICMP will return a Time exceeded flag.


This will tell us where the first “hop” of our
journey is.


Increase the TTL by one to find the next “hop”.


ICMP tourism (with traceroute)

traceroute to host213
-
121
-
67
-
224: (213.121.67.224): 2
-
20 hops, 38 byte packets


2 213.180.11.162 tondi
-
CR.online.ee 1.62 ms (ttl=127)


3 213.180.25.1 liiva
-
CR.online.ee 1.82 ms (ttl=126)


4 213.180.11.189 tix
-
CR.online.ee 2.16 ms (ttl=125)


5 212.47.215.6 r1
-
Fa4
-
0
-
80
-
Tln
-
TIX.EE.KPNQwest.net 2.28 ms (ttl=251)


6 134.222.224.5 r5
-
AT3
-
1.105.sthm
-
KPN1.SE.kpnqwest.net 12.2 ms (ttl=250)


7 134.222.119.226 r2
-
Ge0
-
2
-
0
-
0.Sthm
-
KQ1.SE.KPNQwest.net 34.3 ms (ttl=246!)


8 134.222.230.157 r2
-
Se0
-
3
-
0.hmbg
-
KQ2.DE.KPNQwest.net 33.4 ms (ttl=247!)


9 134.222.230.117 r2
-
Se0
-
2
-
0.0.ffm
-
KQ1.DE.kpnqwest.net 34.1 ms (ttl=249!)

10 134.222.230.29 r2
-
Se0
-
3
-
0.0.ledn
-
KQ1.NL.kpnqwest.net 39.6 ms (ttl=248!)

11 134.222.230.169 r1
-
Se0
-
0
-
0.0.ldn
-
KQ1.UK.kpnqwest.net 43.7 ms (ttl=246!)

12 134.222.231.14 r1
-
Se0
-
0
-
0.0.Ldn
-
KQ4.UK.KPNQwest.net 44.9 ms (ttl=245!)

13 134.222.109.241 r13
-
Gi5
-
0.200.ldn
-
KQ4.UK.kpnqwest.net 45.4 ms (ttl=245!)

14 195.66.225.10 linx
-
l1.ukcore.bt.net 45.2 ms (ttl=244!)

15 194.74.65.126 core2
-
pos14
-
0.ilford.ukcore.bt.net 45.3 ms (ttl=243!)

16 194.74.65.222 core2
-
pos5
-
0.reading.ukcore.bt.net 46.7 ms (ttl=242!)

17 62.6.196.109 core2
-
pos8
-
0.birmingham.ukcore.bt.net 54.3 ms (ttl=241!)

18 194.74.16.194 core2
-
pos9
-
0.rochdale.ukcore.bt.net 51.0 ms (ttl=240!)

19 217.32.168.5 vhsaccess1
-
gig1
-
0.rochdale.fixed.bt.net 51.1 ms (ttl=239!)

20 213.121.156.22 ugint0066
-
p.vhsaccess1.rochdale.fixed
-
nte.bt.net 51.3 ms
(ttl=238!)


This shows the trip from Estonia to my flat in Fulford

via my Internet Service Provider (ISP)


V21 in Rochdale

The journey of email

To: dave@distant.com

From: richard@manor


Dave,


Great to see you

the other day...

Look up IP

name for

distant.com

Dav

e, Gr

eat

to s

Packetise

the data

Dav

Add TCP

header to

first packet

Dav

Add IP

header to

front of that

Get first

hop from

routing table

SYN

SYN,ACK

ACK

Set up

the TCP

connection

Send the

first packet

to its first

hop

And so on

for further

hops.

Destination gets packet

and returns ACK

Start sending rest of data