Assignment 9.1: TCP Analysis and Chapter 8 from Practical Packet Analysis - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Transport Layer Protocols - Reasearch/Notes

Eph port last conversation 2nd server port 2834 on question

Transmission Control Protocol (TCP)

The goal of ICP is to provide end-to-end reliability for the delivery of data.

  • defined by RFC 793

RFC or "request for comments" is a formal document from the IETF that includes specifications and notes about internet an computer networking topics such as protocols.

handles data sequencing and error recovery and ultimately ensures that data gets where its supposed to go

TCP is connection oriented protocol because it establishes a formal connection before transmitting data, tracks packet delivery and usually attempts to formally close communication channels when transmission is complete.

  • Many commonly used application-layer protocols rely on TCP and IP to deliver packets to their final destination.

TCP Packet Structure

Source Port

The port used to transmit the packet

Destination Port

The port which the packet will be transmitted

Sequence Number

The number used to identify a TCP segment. This field is used to ensure that parts of a data stream are not missing

Acknowledgement Number

The sequence number that is to be expected in the next packet from the other device taking part in the communication

Flags

The URG,ACK,PSH,RST,SYN, and FIN flags are used to identify the type of TCP packet being transmitted.

Window Size

The size of the TCP receiver buffer in bytes

Checksum

Used to ensure the contents of the TCP header and data are intact upon arrival

Urgent Pointer

If the URG flag is set, this field is examined for additional instructions for where the CPU should be after reading the date within the packet

Options

Various optional fields that can be specified in a TCP packet

image

TCP Port Communication

All TCP communication takes place using source and destination ports which can be found in every TCP header.

a port is like the jack on an old telephone switchboard; a switchboard operator would monitor a board of lights and plugs. When a light lit up he would connect with the caller, ask who they wanted to talk to and then connect her to the other party by plugging in a cable. Every call needed to have a source (the called) and a destination (the recipient)

To transmit data to a particular application on a remote server or device a TCP packet must know the poet the remote service is listening on. If you try and access an application on a port other than the one configured for use, the communication will fail.

image

  • There are 65,535 available for communicating with TCP (they are divided into 2 groups:
    • System port group
      • known as the standard port or well known port group
      • from 1 to 1023 (ignoring 0 because its reserved)
      • well known and established services fall in this category
    • Ephemeral port group
      • from 1024 to 65535
      • Only one service can communicate on a port at any given time, so source ports are selected randomly by OS's to make communications unique

The TCP Three-Way Handshake

All TCP-based communication must begin with a handshake between two hosts. It allows the transmitting host to ensure that the recipient host is up and able to communicate. It also lets the transmitting host check that the recipient is listening on the port the transmitting host is attempting to communicate on.

image

TCP Teardown

Every TCP handshake has a teardown that is used to end a connection between two devices after they have finished communicating.

image

TCP Resets

Sometimes things go wrong with a TCP connection and they end abruptly and not with a teardown.

  • This could be from a misconfigured host or a potential attacker may preform a port scan

If a packet is sent to a device that is not willing to accept it, a TCP packet with a RST flag may be sent

  • The RST flag is used to indicate that a connection was closed abruptly or a refuse a connection attempt.

User Datagram Protocol (UDP)

UDP is the other layer 4 protocol commonly used on modern networks. While TCP is designed for reliable data delivery with built-in error checking, UDP aims to provide speedy transmission.

  • UDP is a best-effort service or connectionless protocol

A connectionless protocol doesn't formally establish and terminate a connection between hosts, unlike TCP with its handshake and teardown processes.

UDP Packet Structure

Source Port

The port used to transmit the packet

Destination Port

The port to which the packet will be transmitted

Packet Length

The length of the packet in bytes

Checksum

Used to ensure that the contents of the UDP header and data are intact upon arrival

image

UDP does not care about reliable delivery