Lecture 17                                                                    Date: March 23, 2006

 

Lecture about: TCP and UDP

 

A brief description about the protocol stack:

A commonly used protocol stack looks like this

+- - - - - -+

| HTTP      |

+- - - - - -+

| TCP       |

+- - - - - -+

| IP        |

+- - - - - -+

| Ethernet  |

+- - - - - -+

 

1. Here Ethernet incorporates both the physical and the data-link layer. It defines all the electrical and physical specifications of the devices, establishment and termination of a connection, contention resolution and flow control, modulation. The same applies to the other local-area networks, such as Token ring, FDDI. It also provides functional and procedural means to transfer data between network entities and detect and correct errors.
2. IP forms the network layer and provides the functional and procedural means of transferring variable length data sequences from a source to a destination via one or more networks while maintaining the quality of service requested by the Transport layer. It gives a way of addressing hosts on the network. IP runs all the intermediate nodes around like gateways and servers.
3. TCP/UDP forms the Transport layer. It provides transparent transfer of data between end users, thus relieving the upper layers from any concern with providing reliable and cost-effective data transfer. The transport layer controls the reliability of a given link. However TCP/UDP wasn’t designed with security in mind, suffers from problems like authenticating host.

 

Application / Network

 

• IP packets size is limited to 64k and hence messages are fragmented, which leads to problems like duplicate data, out of order arrival, dropping of one fragment, more overhead on data exceeding 64K, so we require ability to transfer arbitrary length messages.
• Another issue is regarding Bandwidth – Need some protocol to inform the source to send data at a rate slower than client’s capacity. Flow control accounts for dataflow between client and source.
• Internet was designed with ‘good users’ in mind so it was decided that resources would be shared between the users, this leads to congestion of resources for which we need mechanism to prevent that which is provided by TCP/UDP

 

 

 

UDP

 

 

• A wrapper over IP
• UDP gives unreliable, not ordered connectivity but it’s a very simple protocol. Here datagrams may arrive out of order or go missing without notice. However, as a result, UDP is faster and more efficient for many lightweight or time-sensitive purposes. For example streaming a video is fine to UDP because we don’t need reliability if the packet’s goes out of order a little bit. No overhead of client and host communicating, and allows some loss of data. In general where some reliability can be tolerated we can use UDP. VOIP also uses UDP since people are good at constructing lost data.
• UDP gives the benefit of multiplexing at the end (host).
• Ports – Some conventions of which programs run on which port no’s. /etc/servces file will give a list of ports and which applications are talked on this port. TCP and UDP use the same convention for ports. Range of ports are reserved for operating system, we require root password for running application on those ports. Well known programs running at known ports helps configuring Fire walls.
• Ports – In operating system port just corresponds to the queue which will  be configured to some Ethernet adapter.

 

 

TCP

• Built on top of IP hence TCP/IP. The protocol guarantees reliable and in-order delivery of sender to receiver data. TCP also distinguishes data for multiple, concurrent applications (e.g. Web server and email server) running on the same host.
• Prevents the received from being overwhelmed and avoids congestion in the network.
• Unlike UDP where each packet itself was an IP packet, TCP has a buffer corresponding to each and every port. The higher level application doesn’t need to know about the buffer just writes in the buffer. Its then TCP’s responsibility to form chunks of data from the buffer, which are called segments, where the process of segmentation is called marshalling. Segments are numbered and contains information such as what part of the byte stream it lies.
• Time outs and retransmission – Buffer at the receivers end  waiting for a particular segment if does not receive that for a long time it sends an error message in which case the sender buffer will re transmit the message.
• Sender and receiver are supposed to agree on the size of the buffer. Flags in the packet are imp cause they tell you which part of the protocol both the ends are, they synchronize the protocol between the sender and receiver.
• Unlike UDP that can immediately start sending packets, TCP requires a connection establishment before sending data and a connection termination on completion of sending data.
• To establish a connection, TCP uses a 3 way handshake
• The connection takes place in two phases. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established then a client may initiate an active open. To establish a connection, the 3-way (or 3-step) handshake occurs.
• Client needs to contact the server and tell it that it wants to start  a tcp session, hence it uses 3WH.
• Random sequence numbers are chosen in order to avoid the race condition between the old message and new message of the same sequence number.
• They also send buffer size with 3WH.

Flow Control Mechanism (TCP Receiver and Sender) (Additive increase and multiplicative decrease.)

 

• TCP is based on sliding window algorithm for reliable transmission. Think of a window on the sender’s buffer which represents data that the client had sent but not received an ACK yet and all the data before the window is data that is transmitted and received an ACK. At the receiver side think of the window as the data that it received but did not ACK.  If a particular message is not received then the receiver knows using the segment number. As well as the sender knows that the data is lost since it did not receive the ACK.
• If a packet is dropped then the timer on the sender’s side says that the message is dropped so is the scene if the ACK is dropped. Receiver advertises its buffer size. If the buffer size is small then it is piggybacked on the ACK messages.
• Application wise Java serializable objects are feed into these buffers and then sent across.
• Lots of TCP are working at the same time and a particular router is overloaded and dropping packet so more timeouts. If starts timing out and never receiving ACK is the sign of congestion in the network. So the timeouts help to identify congestion in the network and flow control is taken care by the sliding window algorithm where the receiver sends the buffer size.
• Protocol needs to adapt itself to see if there is traffic in the network then the sender will cut down its sliding window. So it starts of with the smaller window and if t receives proper ACK messages then it increases the window size (grow linearly i.e slow) and if it learns that there is congestion in the network then it cuts the window by ½ that reduces the network pressure quickly.(decreases quickly). Hence it leads to a saw tooth pattern.
• Additive increase happens only in the middle of the transmission but in the beginning it will be aggressive and wont increase linearly. 
• Time out for ACK2 does not imply timeout for ACK1
• ACK could say that it has received all the segments till that segment. Sometimes it says which packet it has received.

 

 

 

 

 

Network Vulnerabilities

 

 

·        Lack of authentication – anybody can hack the initial connection since we are just generating a particular packet with sequence number. This leads to real problem of denial service attack. Server has no was of knowing whether it is a legitimate connection. Just receivneg one of the SYN requires a book keeping action. Quick check – Before creating a book keeping action challenge the user before connection and then set up the connecton based on the users input. Once the server checks the hash function it maintains initial state.

·        Functions which are hard to compute and easy to verify can be used to prevent the denial service attack

·        We can’t look at IP address to stop this attack since the IP addresses are spoofable.

·        Distributed denial services attack – the attacking computer hosts are often zombie computers with broadband connections to the Internet that have been compromised by viruses or Trojan horse programs that allow the perpetrator to remotely control the machine and direct the attack. With enough such slave hosts, the services of even the largest and most well-connected websites can be denied.

·        You can write your version of TCP and change the protocol since TCP does not force to use its protocol.

·        Syn flood attack – the receiver has to keep a state for open TCP connection. It might have room for just 20 messages and it might overload that capacity Timer expires which signifies that the client was not able to complete 3WH protocol and we get a session timeout saying that it was unable to connect to the server.