Sunday, May 5, 2013

CCNA Review 03

In this article we are going to talk about two of the most common transport layer protocols: UDP and TCP.

If the two protocols could talk, UDP would say, "I hope it gets there", while TCP would say, "I'll make sure it gets there".

UDP (User Datagram Protocol) is a connectionless protocol. It does not establish connections and packets sent by it has no guarantee of reaching the intended target. Therefore, UDP is unreliable. However, it has many practical uses due to its low overhead and is typically used in time-sensitive, real-time applications like VoIP where a dropped packet is not important but latency and jitter could render the whole protocol useless.

An example of a UDP protocol is DNS Client. The DNS Client is UDP not because of the time-sensitive nature but because everything fits into one packet and it makes no sense to have to establish a full connection with the 3-Way Handshake and the subsequent ACKs and termination just to send that one packet. If the request is dropped the client simply has to send another one after a timeout. Much more efficient than using TCP.

TCP (Transmission Control Protocol) is a connection-oriented protocol. Before the start of every transmission, there is a Three-Way Handshake that starts a session between the clients. The handshake consists of a SYN, SYN-ACK and ACK, which will be covered more in detail later. TCP requires ACK for messages, which allows dropped packets to be detected and resent. TCP is therefore reliable. However, due to the connection-oriented nature, it has costly overhead and is more suitable for applications that deal with large transfers that has a requirement for data integrity. TCP has a mechanism known as the TCP Sliding Window Protocol, which allows more efficient use of the acknowledgment system. This will be covered in greater detail later.

An example of TCP is the HTTP, where a 3-Way Handshake is first established before the client sends a GET message. Since web-browsing is data-integrity sensitive and bandwidth-heavy, TCP is the perfect protocol. Protocols like FTP use TCP for the same reason.

As previously mentioned, the Three-Way Handshake consists of a SYN, SYN-ACK, and an ACK. It is used to initialize a connection between two communicating hosts. The initiating host (in the case of a client accessing a web server) would first send a SYN 0 to the target. This is a good time to introduce the concept of sequence numbers, which TCP uses to track what's been received and what's not been received. The server would then reply with a ACK 1, stating that it has received 0 and is ready for 1. It would also send a SYN 0 along with it. Finally, the client sends a ACK 1.

At this point there would be a connection ready for data to be transmitted. The first HTTP packet would then be sent out.

The sequence number represents the amount of bytes sent out by the sender. The ACK number represents the sequence that it is ready to receive. This is particularly useful in implementing the TCP Sliding Window Protocol. To implement the Sliding Window, TCP first sends out one segment. Once it is successful, it would send more segment at one go (e.g. 2). If it is successful, it would send some more (e.g. 4), and so on. It would do so until it reaches the tolerance of the end-to-end devices and packets get dropped. It knows that packets get dropped when the ACK it receives is not what is expects. The next transmission would then start from that number of packets, and then from there it slowly increases.

The common TCP and UDP ports are:

21 - FTP (File Transfer Protocol)
22 - SSH (Secure SHell)
23 - Telnet
25 - SMTP (Simple Mail Transfer Protocol)
53 - DNS Server (DNS server-server communication)
80 - HTTP (Hyper-text Transfer Protocol)
110 - POP3 (Post Office Protocol 3)
443 - HTTPS (Hyper-text Transfer Protocol Secure)

53 - DNS Client (DNS client-server communication)
69 - TFTP (Trivial File Transfer Protocol)

Both protocols have 65535 distinct ports.
Well known ports are from 0 to 1023.
1024 to 49151 are registered ports.
Finally, 49152 to 65535 (215+214 to 216-1) are the dynamic/private ports.

Let us look at the previous examples we used again.

If A wants to visit a website on B, then this is going to happen.

Again, A would check if B is in the same network. It would realize that B is in a different network, so it needs to send it through its default gateway. It ARPs for the router's MAC and once it gets it, the following frame is created:

FCS (Created at the end)
S TCP - 58372 (Randomly generated)
D TCP - 80
S IP - A's IP
D IP - B's IP
D MAC - R1's MAC

As the switch receives the frame, it would associate A's MAC to the interface, then forward it out of all ports because it does not know where the router is. When the router receives the frame, it would look deeper at the IP header and realize that it's intended for another network that it can reach by sending it to R2. It would replace the S and D MAC, recalculate the FCS, then send it out as:

FCS (Created at the end)
S TCP - 58372
D TCP - 80
S IP - A's IP
D IP - B's IP
S MAC - R1's MAC
D MAC - R2's MAC

Once F2 gets it, it would realize that it is intended for something connected to S2, so it sends it out of that interface like this:

FCS (Created at the end)
S TCP - 5837
D TCP - 80
S IP - A's IP
D IP - B's IP
S MAC - R2's MAC

The switch learns that R2 is at that interface, then sends it out through all the other ports. B receives it, processes the IP header and realizes that it's for itself. Once it reaches the TCP header, it would realize that something is trying to initiate a connection to its port 80 (HTTP) from port 58372. It then replies with the following:

FCS (Created at the end)
S TCP - 80
D TCP - 58372
S IP - B's IP
D IP - A's IP
D MAC - R2's MAC

The same process happens but the other way round, till A receives the SYN,ACK. It would then proceed to send an ACK. Thereafter, the HTTP connection would take place.

No comments :

Post a Comment