Lecture 17 Date:
March 23, 2006
Lecture about: TCP and UDP
A brief description about the protocol stack:
A commonly used protocol stack looks like this
+- - - - - -+
| HTTP |
+- - - - - -+
| TCP |
+- - - - - -+
| IP |
+- - - - - -+
| Ethernet |
+- - - - - -+
- Here Ethernet incorporates both the physical and the
data-link layer. It defines all the electrical and physical specifications
of the devices, establishment and termination of a connection, contention
resolution and flow control, modulation. The same applies to the other
local-area networks, such as Token ring, FDDI. It also provides functional
and procedural means to transfer data between network entities and detect
and correct errors.
- IP forms the network layer and provides the functional and
procedural means of transferring variable length data sequences from a
source to a destination via one or more networks while maintaining the quality
of service requested by the Transport layer. It gives a way of addressing
hosts on the network. IP runs all the intermediate nodes around like
gateways and servers.
- TCP/UDP forms the Transport layer. It provides
transparent transfer of data between end users, thus relieving the upper
layers from any concern with providing reliable and cost-effective data
transfer. The transport layer controls the reliability of a given link.
However TCP/UDP wasn’t designed with security in mind, suffers from
problems like authenticating host.
Application / Network
- IP packets size is limited to 64k and hence messages are
fragmented, which leads to problems like duplicate data, out of order
arrival, dropping of one fragment, more overhead on data exceeding 64K, so
we require ability to transfer arbitrary length messages.
- Another issue is regarding Bandwidth – Need some protocol
to inform the source to send data at a rate slower than client’s capacity.
Flow control accounts for dataflow between client and source.
- Internet was designed with ‘good users’ in mind so it was
decided that resources would be shared between the users, this leads to
congestion of resources for which we need mechanism to prevent that which
is provided by TCP/UDP
- A wrapper over IP
- UDP gives unreliable, not ordered connectivity but it’s a very
simple protocol. Here datagrams may arrive out of order or go missing
without notice. However, as a result, UDP is faster and more efficient for
many lightweight or time-sensitive purposes. For example streaming a video
is fine to UDP because we don’t need reliability if the packet’s goes out
of order a little bit. No overhead of client and host communicating, and
allows some loss of data. In general where some reliability can be
tolerated we can use UDP. VOIP also uses UDP since people are good at
constructing lost data.
- UDP gives the benefit of multiplexing at the end (host).
- Ports – Some conventions of which programs run on which
port no’s. /etc/servces file will give a list of ports and which
applications are talked on this port. TCP and UDP use the same convention
for ports. Range of ports are reserved for operating system, we require
root password for running application on those ports. Well known
programs running at known ports helps configuring Fire walls.
- Ports – In operating system port just corresponds to the
queue which will be configured to some Ethernet adapter.
- Built on top of IP hence TCP/IP. The protocol guarantees
reliable and in-order delivery of sender to receiver data. TCP also
distinguishes data for multiple, concurrent applications (e.g. Web server
and email server) running on the same host.
- Prevents the received from being overwhelmed and avoids congestion
in the network.
- Unlike UDP where each packet itself was an IP packet, TCP
has a buffer corresponding to each and every port. The higher level
application doesn’t need to know about the buffer just writes in the
buffer. Its then TCP’s responsibility to form chunks of data from the
buffer, which are called segments, where the process of segmentation is
called marshalling. Segments are numbered and contains information such as
what part of the byte stream it lies.
- Time outs and retransmission – Buffer at the receivers end
waiting for a particular segment if does not receive that for a long time
it sends an error message in which case the sender buffer will re transmit
- Sender and receiver are supposed to agree on the size of
the buffer. Flags in the packet are imp cause they tell you which part of
the protocol both the ends are, they synchronize the protocol between the
sender and receiver.
- Unlike UDP that can immediately start sending packets, TCP
requires a connection establishment before sending data and a connection
termination on completion of sending data.
- To establish a connection, TCP uses a 3 way handshake
- The connection takes place in two phases. Before a client
attempts to connect with a server, the server must first bind to a port
to open it up for connections: this is called a passive open. Once the
passive open is established then a client may initiate an active open. To
establish a connection, the 3-way (or 3-step) handshake occurs.
- Client needs to contact the server and tell it that it
wants to start a tcp session, hence it uses 3WH.
- Random sequence numbers are chosen in order to avoid the
race condition between the old message and new message of the same
- They also send buffer size with 3WH.
Flow Control Mechanism (TCP Receiver and Sender) (Additive
increase and multiplicative decrease.)
- TCP is based on sliding window algorithm for reliable
transmission. Think of a window on the sender’s buffer which represents
data that the client had sent but not received an ACK yet and all the data
before the window is data that is transmitted and received an ACK. At the
receiver side think of the window as the data that it received but did not
ACK. If a particular message is not received then the receiver knows
using the segment number. As well as the sender knows that the data is
lost since it did not receive the ACK.
- If a packet is dropped then the timer on the sender’s side
says that the message is dropped so is the scene if the ACK is dropped.
Receiver advertises its buffer size. If the buffer size is small then it
is piggybacked on the ACK messages.
- Application wise Java serializable objects are feed into
these buffers and then sent across.
- Lots of TCP are working at the same time and a particular
router is overloaded and dropping packet so more timeouts. If starts
timing out and never receiving ACK is the sign of congestion in the
network. So the timeouts help to identify congestion in the network and
flow control is taken care by the sliding window algorithm where the
receiver sends the buffer size.
- Protocol needs to adapt itself to see if there is traffic
in the network then the sender will cut down its sliding window. So it
starts of with the smaller window and if t receives proper ACK messages
then it increases the window size (grow linearly i.e slow) and if it
learns that there is congestion in the network then it cuts the window by
˝ that reduces the network pressure quickly.(decreases quickly). Hence it
leads to a saw tooth pattern.
- Additive increase happens only in the middle of the
transmission but in the beginning it will be aggressive and wont increase
- Time out for ACK2 does not imply timeout for ACK1
- ACK could say that it has received all the segments till
that segment. Sometimes it says which packet it has received.
Lack of authentication – anybody can hack the initial connection
since we are just generating a particular packet with sequence number. This
leads to real problem of denial service attack. Server has no was of knowing
whether it is a legitimate connection. Just receivneg one of the SYN requires a
book keeping action. Quick check – Before creating a book keeping action challenge
the user before connection and then set up the connecton based on the users
input. Once the server checks the hash function it maintains initial state.
Functions which are hard to compute and easy to verify can be
used to prevent the denial service attack
We can’t look at IP address to stop this attack since the IP
addresses are spoofable.
Distributed denial services attack – the attacking computer hosts
are often zombie computers with broadband connections to the Internet that have
been compromised by viruses or Trojan horse programs that allow the perpetrator
to remotely control the machine and direct the attack. With enough such slave
hosts, the services of even the largest and most well-connected websites can be
You can write your version of TCP and change the protocol since
TCP does not force to use its protocol.
Syn flood attack – the receiver has to keep a state for open TCP
connection. It might have room for just 20 messages and it might overload that
capacity Timer expires which signifies that the client was not able to complete
3WH protocol and we get a session timeout saying that it was unable to connect
to the server.