Chapter 4: Transport Layer: TCP and UDP
-
The role of Transport Layer
Interface: with the current application on the machine
Multiplexing/demultiplexing: receiving data on multiple inputs and routing it on a single output.
TCP is the Acronym of Transmission Control Protocol, It is widely used connection-oriented data transport protocol.
Before data is exchanged between two hosts, a connection is established. This connection lasts during the transfer and may last longer.
Stream-oriented processing: Processes data byte by byte and formats it into segments of variable lengths. The size of the segments is defined by the maximum segment size (MSS) determined by the maximum size of the datagram that can be transmitted by the underlying network (Ethernet in general)
Sends data in order: TCP ensures that packets are transmitted correctly. If the data arrives at its destination out of order, TCP restores it to the original order.
Flow control: avoid sending too much data that the receivers could not handle.
Network congestion control: if the network is overloaded at any time, an algorithm adjusts the speed of sending packets based on network congestion
Error handling: TCP is able to retransmit missing packets
The larger the data size, the better the throughput because we send more data than ACKs.
Figure 4.1- Mux and Demux.
2. TCP (Transmission Control Protocol)
- Example of USE
The protocols that use TCP are: HTTP, HTTPS, SMTP, NFS, SMB, SSH, Telnet, RDP, LDAP, FTP, DNS.
Example: file transfer (film video), if a few gigabytes do not arrive, the file is corrupted.
- Opening and Closing a TCP Connexion
Figure 4.2 - Three way handshare
Where: SYN: Synchronized ACK: Acknowledge
The connection is done in three steps: Three way handshare
Each exchange contains two numbers: a sequence number (SEQ) and an acknowledgment number (ACK), these numbers are essential to track the connection.
We have two methods to close the connection :
The proper method: the source host sends a TCP FIN packet to the destination host to ask it to close the TCP connection. While waiting for the answer, he remains listening. The remote host responds with TCP ACK+TCP FIN. The source host responds again with TCP ACK and the connection is closed.
Figure 4.3 - Closing TCP connection.
The brutal method: if the connection cannot be terminated normally (impossible to reach the remote host, network outage, Bug), the connection must be forced to close by TCP RST (reset).
- DDOS ATTACK
Figure 4.4 - DDOS Attack.
- TCP segment structure
The complexity of this segment reveals the richness of TCP functions
The control and verification information contained in a TCP segment is only there to be used by the TCP software of the receiver machine. Routers along the way have no role in ensuring the quality of what they route.
Source port: port assigned to the application on the source machine.
Destination port: port assigned to the application on the destination machine.
Sequence number: used to number segments of data sent over a TCP connection. Each TCP segment is assigned a unique segment number so that the receiver can piece them together in the correct order, ensuring reliable data transmission.
Acknowledgment number or recognition number: number associated with a received segment = Sequence number of the last byte received + 1.
Header lenght: contains the length of the header = number of 32-bit words, it can go up to 15.
Reserved or N/A: for future development of TCP =0.
Flags:
URG=1, means urgent – ACK=1, acknowledgment number field must be taken into account
PSH=1, tells TCP to push data into the application pipe
RST=1, application reset – SYN=1, sequence numbers will be synchronized (start of a connection)
FIN=1, the transmitter has nothing to transmit.
Reception windows size: specifies the number of bytes of data that will be sent before receiving the acknowledgment, starting from the last byte that required an ACK.
Checksum: allows you to check the integrity of the data. If errors are detected, TCP re-requests retransmission of the corrupted segments, ensuring that the data is delivered error-free.
Pointer to urgent DATA: points to the sequence number indicating the start of urgent information.
Options: choice from a small set of options
Padding: complement with zeros to ensure a length of 32 bits.
3. UDP (User Datagram Protocol)
UDP is the acronym of USER DATAGRAM PROTOCOL. It is a connectionless communications protocol. It allows to transmit data to the destination host without checking whether the destination host received all the data. UDP does not establish any connection with the remote host and does not attempt to check for errors. It is faster than TCP and consumes fewer resources. UDP is not able to retransmit lost packets. It is based on the principle of Fire and forget. It provides rudimentary error checking. Lighter quality management does not mean total loss of quality
- Example of USE
The protocols that use TCP are: DNS, SNMP, NTP, TFTP...
Example:
Video streaming: It is possible to use TCP or UDP, it all depends on the requirements. UDP reduces the load on the remote server, especially if the loss of an image is tolerable (no point in searching for missing images), lower latency than TCP.
IP telephony: with TCP if the not received data will be retransmitted, the conversation would be strange! UDP is more appropriate in this case.
- UDP segment structure
Source port: port assigned to the application on the source machine.
Destination port: port assigned to the application on the destination machine.
UDP Length: is the datagram length (always ≥8)
UDP Checksum: is optional but often calculated. It is calculated on the entire UDP datagram. The receiver checks the checksum to detect any data corruption. If the checksum does not match, the datagram is usually discarded.
4. Port Number
TCP and UDP use data port numbers.
A port is a predetermined internal address that serves as a bidirectional path between applications and the transport layer.
If we take a closer look at the transport layer addressing process. For applications, we see that data under TCP or UDP is sent to a Socket which is a port number associated to an IP address:
Example
50.100.150.200.21 where 50.100.150.200 is @IP of the machine and 21 is the port number associated to FTP,
The socket addressing system allows TCP and UDP to perform an essential task: multiplexing/demultiplexing
Multiplexing: serializing data that arrives in parallel
Demultiplexing: putting data arriving in series back into parallel
Mux/Demux allows the low level of TCP/IP to process data without taking into account their original application. It uses socket addresses which is a unique entry point for an application on a given machine.
5. Comparison between TCP and UDP
|
Criteria |
TCP |
UDP |
|
Reliability |
High |
Low |
|
Speed |
Low |
High |
|
Errors detection |
Yes |
No |
|
Errors correction |
Yes, retransmission |
No |
|
Contrôle de la congestion |
Yes |
No |
|
ACK |
Yes |
No |
|
Type |
With connection |
Without connection |
|
Sequencing |
Yes, |
No |
|
Checksum |
Yes |
Optional but often used |
|
Mux/Demux |
Yes |
No |
6. Conclusion
TCP is a transport layer protocol which allows great reliability but that does not prevent UDP from remaining very useful in certain cases.