Business Data Communications and Networkingalfarrar/courses/ESE13711_Sp2020/slides/CH-05.pdfBusiness Data Communications and Networking Most of the slides in this lecture are either

Abdullah Alfarrarjeh

Business Data

Communications and

Networking

Most of the slides in this lecture are either from or adapted from the slides provided by Dr. Hussein Alzoubi

▪ Be aware of the TCP/IP protocols

▪ Be familiar with linking to the application layer, segmenting, and session management

▪ Be familiar with addressing

▪ Be familiar with routing

▪ Understand how TCP/IP works

5/22/2020 Business Data Communications and Networks (13711) 2

▪ Transmission Control Protocol/Internet Protocol (TCP/IP) is the most commonly used set of transport and network layer protocols

▪ The Protocol Data Unit (PDU) at the transport layer is called a segment.

▪ Network layer PDUs are called packets.



▪ The Transmission Control Protocol/Internet Protocol (TCP/IP) was developed for the U.S. Department of Defense’s Advanced Research Project Agency network (ARPANET) by Vinton Cerf and Bob Kahn in 1974.

▪ TCP/IP is compatible with a variety of data link protocols,

▪ which is one reason for its popularity.


5.2.1 Transmission Control Protocol (TCP)

▪ Atypical TCP segment has a 192-bit header (24 bytes) of control information

▪ The options field is optional and rarely used. ▪ Therefore, this results in a 20-byte-long TCP header.

▪ The header length field is used to tell the receiver how long the TCP segment is—▪ that is, whether the options field is included.


User Datagram Protocol (UDP)

▪ UDP is another transport protocol (i.e., alternative of TCP).

▪ UDP is an unreliable, connectionless transport layer protocol.

▪ UDP provides an unreliable datagram service▪ Packets may be lost or delivered out of order▪ Users exchange datagrams (not streams)▪ Connection-less▪ Not buffered -- UDP accepts data and transmits

immediately (no buffering before transmission)▪ Full duplex -- concurrent transfers can take place in both

directions



▪ Typically, UDP is used when the sender needs to send a single small packet to the receiver.

▪ When there is only one small packet to be sent, the transport layer doesn’t need to worry about segmenting the outgoing messages or reassembling them upon receipt, so transmission can be faster.

▪ UDP is used for the real-time services; such as computer gaming, voice or video communication, live conferences. Since high performance is needed, UDP permits packets to be dropped instead of processing delayed packets.



▪ A UDP datagram has only four fields (8 bytes of overhead) plus the application layer packet:▪ source port, destination port, length,

and aCRC 16.

▪ Unlike TCP, UDP does not check for lost messages, so occasionally a UDP datagram is lost and the message must be resent.

▪ Interestingly, it is not the transport layer that decides whether TCP or UDP is going to be used. This decision is left to the engineer who is writing the application.


5.2.2 Internet Protocol (IP)▪ The older form is IP version 4 (IPv4), which has a 192-bit

header (24 bytes)▪ Similar to the TCP header, the options field is rarely used, and therefore,

the header is usually 20 bytes long.

▪ The new form is IP version 6 (IPv6), which has a 320-bit header (40 bytes).


IPv4 vs. IPv6▪ IPv4 uses a 4-byte address field, which means that there is

a theoretical maximum of about 4.2 billion addresses.▪ IPv6 uses a 16-byte address field, which means that there is

a theoretical maximum of about 3.8 * 1038 addresses.▪ IPv4 uses decimals to express addresses (e.g.,

128.192.55.72), but IPv6 uses hexadecimal (base 16)


▪ IPv6 Addresses are eight sets of 2-byte numbers

▪ (e.g., 2001:0890:0600:00d1:0000:0000:abcd:f010),

▪ but because this can be long to write,

▪ there is a IPv6 “compressed notation” that eliminates the leading zeros within each block and blocks that are all zeros.

▪ So, the preceding IPv6 address could also be written as 2001:890:600:d1::abcd:f010.


5.2.2 Internet Protocol (IP)

▪ Adoption of IPv6 has been slow.▪ IPv6 is not backward-compatible with IPv4,

▪ which means that all network devices must be changed to understand both IPv4 and IPv6.

▪ To encourage the move to IPv6, the U.S. government required all of its agencies to convert to IPv6 on their WANs and BNs by June 2008, ▪ but the change was not completed on time.

▪ The size of the message field depends on the data link layer protocol used. ▪ TCP/IP is commonly combined with Ethernet.

▪ Ethernet has a maximum packet size of 1,492 bytes, ▪ so the maximum size of a TCP message field if IPv4 is used is 1,492 − 24 (the

size of the TCP header) − 24 (the size of the IPv4 header) = 1,444.


5.2.2 Internet Protocol (IP)

▪ In this section, we focus on three unique functions performed by the transport layer:

▪ linking the application layer to the network layer,

▪ segmenting,

▪ and session management.


5.3.1 Linking to the Application Layer

▪ Most computers have many application layer software packages (e.g., Web browser, email program, word processor) running at the same time. Similarly, many servers act as Web servers, mail servers, FTP servers, and so on.

▪ With TCP, each application layer software package has a unique port address.

▪ When an application layer program generates an outgoing message, it tells the TCP software its own port address (i.e., the source port address) and the port address at the destination computer (i.e., the destination port address).


5.3.1 Linking to the Application Layer (Cont.)

▪ Port addresses can be any 16-bit (2-byte) number.

▪ On the Internet, all port addresses for popular services such as the Web, email, and FTP have been standardized.▪ Web servers with a port address of 80, FTP servers

use port 21, Telnet 23, SMTP 25

▪ Network managers are free to use whatever port addresses they want, ▪ but if they use a nonstandard port number, then the

application layer software on the client must specify the correct port number.



5.3.1 Linking to the Application Layer

(1027, 1028, and 1029) are called temporary port numbers

▪ Segmenting means to take one outgoing message from the application layer and breakit into a set of smaller segments for transmission through the network. It also means to take the incoming set of smaller segments from the network layer and reassemble them into one message for the application layer.


5.3.2 Segmenting

5.3.2 Segmenting

▪ The data link layer can transmit only messages of certain lengths

▪ It is therefore up to the sender’s transport layer to break the data into several smaller segments that can be sent by the data link layer across the circuit.

▪ At the other end, the receiver’s transport layer must receive all these separate segments and recombine them into one large message.


▪ One of the challenges at the transport layer is deciding how big to make the segments.

▪ When transport layer software is set up, it is told what size segments it should use to make best use of its own data link layer protocols ▪ (or it chooses the default size of 536).

▪ However, it has no idea what size is best for the destination.▪ Therefore, the transport layer at the sender negotiates

with the transport layer at the receiver to settle on the best segment sizes to use.▪ This negotiation is done by establishing a TCP connection between

the sender and receiver.


5.3.2 Segmenting

▪ in the receiver side, the application layer for some applications chooses to wait until all segments are received so that it can order them and create the full message (because some segments might be delivered unordered when transmitted) or sometimes it chooses to use one by one whenever a segment is receivedjust render it (for example when the application is web server or something that can't be affected by disordering). ▪ Web browsers, for example, usually request delivery of

packets as they arrive,▪ Most email software, conversely, usually requests that

messages be delivered only after all packets have arrived and TCP has organized them into one intact message.


5.3.2 SegmentingTwo strategies

5.3.3 Session Management

▪ A session can be thought of as a conversation between two computers.

▪ Connection-oriented messaging sets up a TCP connection (also called a session) between the sender and receiver. To establish a connection, the transport layer on both the sender and the receiver must send a SYN (synchronize) and receive a ACK (acknowledgement) segment.▪ three-way handshake: SYN-ACK-SYN

▪ This process also contains the segment size negotiation and is responsible for error correction via retransmission


Three-way Handshake

▪ Step 1: In the first step, the client establishes a connection with a server. It sends a segment with SYN and informs the server about the client should start communication, and with what should be its sequence number.

▪ Step 2: In this step server responds to the client request with SYN-ACKsignal set. ACK helps you to signify the response of segment that is received and SYN signifies what sequence number it should able to start with the segments.

▪ Step 3: In this final step, the client acknowledges the response of the Server, and they both create a stable connection will begin the actual data transfer process.


Stop-and-Wait ARQ

• With stop-and-wait ARQ, the sender stops and waits for a response from the receiver after each data packet.

• After receiving a packet, the receiver sends either an acknowledgment (ACK), if the packet was received without error, or a negative acknowledgment (NAK), if the message contained an error.

• If it is an NAK, the sender resends the previous message.

• Stop-and-wait ARQ is by definition a half-duplex transmission technique


Continuous ARQ

▪ With continuous ARQ, the sender does not wait for an acknowledgment after sending a message; it immediately sends the next one.

▪ Although the messages are being transmitted, the sender examines the stream of returning acknowledgments. If it receives an NAK, the sender retransmits the needed messages.

▪ The packets that are retransmitted may be a) only those containing an error (called Selective-Repeat ARQ or Link

Access Protocol for Modems [LAP-M]), orb) the first packet with an error and all those that followed it (called

Go-Back-N ARQ).

▪ LAP-M is better because it is more efficient.▪ Continuous ARQ is by definition a full-duplex transmission

technique



Continuous ARQ

Continuous ARQ is sometimes called sliding window

▪ Continuous ARQ is also important in providing flow control, which means ensuring that the computer sending the message is not transmitting too quickly for the receiver.

▪ By using ACKs and NAKs,

▪ the receiver can control the rate at which it receives information.

▪ With stop-and-wait ARQ,

▪ the receiver does not send an ACK until it is ready to receive more packets.

▪ In continuous ARQ,

▪ the sender and receiver usually agree on the size of the sliding window.

▪ Once the sender has transmitted the maximum number of packets permitted in the sliding window, ▪ it cannot send any more packets until the receiver sends an ACK.


Continuous ARQ

▪ When the transmission is complete, the session is terminated using a four-way handshake.

▪ The sender (i.e., the client) will start by sending with a FIN to inform the receiver (i.e., the server) that is finished sending data.

▪ The server acknowledges the FIN sending an ACK.

▪ Then the server sends a FIN to the client.

▪ The connection is successfully terminated when the server receives the ACK for its FIN from the client.


Connection Termination

Connectionless Messaging

▪ Connectionless messaging means each packet is treated separately and makes its own waythrough the network.

▪ Because packets following different routes may travel at different speeds, they may arrive out of sequence at their destination.

▪ The sender’s network layer, therefore, puts a sequence number on each packet, ▪ the receiver’s network layer must reassemble them in

the correct order before passing the message to the application layer.


▪ The Internet Protocol Suite can operate either as connection-oriented or connectionless.▪ When connection-oriented messaging is desired, TCP is used. ▪ When connectionless messaging is desired, the TCP segment is

replaced with a UDP packet.▪ The UDP header is much smaller than the TCP header (only 8 bytes).

▪ Connectionless is most commonly used when the application data or message can fit into one single message.▪ HTTP requests are often very short, they might use UDP

connectionless rather than TCP connection-oriented messaging. However, All of the application layer software we have discussed so far uses TCP (HTTP, SMTP, FTP, Telnet)

▪ UDP is most commonly used for control messages:▪ Addressing, DHCP [Dynamic Host Configuration Protocol]▪ Routing control messages, RIP [Routing Information Protocol]▪ Network management, SNMP [Simple Network Management Protocol]


Connectionless Messaging

Quality of Service

▪ With QoS routing, different classes of service are defined, each with different priorities. ▪ For example, a packet of videoconferencing

images would likely get higher priority than would an SMTP packet with an email message and thus be routed first.

▪ When the transport layer software attempts to establish a connection (i.e., a session), it specifies the class of service that connection requires.


▪ The Internet provides several QoS protocolsthat can work in a TCP/IP environment.

▪ Resource Reservation Protocol (RSVP), and

▪ Real-Time Streaming Protocol (RTSP)

▪ both permit application layer software to request a connection (or session) that has certain minimum data rate.

▪ As one might expect, RTSP is geared toward audio/video streaming applications, whereas RSVP is more for general purpose.


Quality of Service

RSV

Pan

dR

TSP

are

exam

ple

of

tran

spo

rt la

yer

pro

toco

ls

▪ The network layer identifies the data link layer address of the next computer to which the message should be sent.

▪ Data link layer addresses are needed only on multipoint circuits that have more than one computer on them. ▪ For example, many WANs are built with point-to-point circuits

that use Point-to-Point Protocol (PPP) as the data link layer protocol. ▪ These networks do not have data link layer addresses.


5.4.1 Assigning Addresses

▪ Data link layer address is also commonly called the physical address or the media access control (MAC) address. ▪ This address is part of the hardware (e.g., Ethernet

card) and should never be changed.

▪ Hardware manufacturers have an agreement that assigns each manufacturer a unique set of permitted addresses, ▪ so even if you buy hardware from different

companies, it will never have the same address.


▪ Network layer addresses are generally assigned by software.

▪ Network managers can assign any network layer addresses they want.

▪ Application layer addresses (such as Internet domain names or Windows device names) are also assigned by a software configuration file.


5.4.1 Assigning Addresses

Internet Addresses

▪ ICANN (Internet Corporation for Assigned Names and Numbers) is responsible for managing the assignment of:▪ network layer addresses (i.e., IP addresses) ▪ and application layer addresses (e.g., www.indiana.edu).

▪ ICANN sets the rules by which new domain names ▪ (e.g., .com, .org, .ca, .uk) are created and IP address numbers

are assigned to users.

▪ ICANN also directly manages a set of Internet domains (e.g., .com, .org, .net) and authorizes private companies to become domain name registrars for those domains. ▪ Once authorized, a registrar can approve requests for

application layer addresses and assign IP numbers for those requests.


▪ An address starting with 0 is not allowed.▪ The 127 address range is reserved for a computer

to communicate with itself and is called the loopback. ▪ Loopback is used mostly by developers and system

administrators when testing software. 5/22/2020 Business Data Communications and Networks (13711) 39

Internet Addresses

▪ Addresses starting from 224 are reserved addresses that should not be used on IP networks. ▪ Addresses from 224 to 239 belong to Class D and are

reserved for multicasting (i.e., sending a message to a group of computers instead of one computer).

▪ Addresses from 240 to 254 belong to Class E and are reserved for experimental use. ▪ Some companies use the Class E addresses for multicasting

internal content in addition to the Class D addresses.

▪ Addresses starting with 255 are reserved for broadcast messages (i.e., sending a message to every computer in a network)


Internet Addresses

▪ Within each class, there is a set of addresses that are labeled as private IPv4 address space▪ This address space can be used internally by

organizations, ▪ but routers on the Internet do not route packets that use

private addresses (they simply discard them). ▪ For this reason, private addresses are often used to increase

security.


Internet Addresses

▪ An organization will assign private addresses to its computers so that hackers can’t send messages to them. ▪ However, these computers need to be able to send

messages to other computers on the Internet.

▪ The organization has special devices (called NAT firewalls) ▪ that translate the private addresses on messages that

these computers send into valid public addresses for use on the Internet.


Internet Addresses

▪ Classless addressing uses a slash to indicate the address range▪ (it’s also called slash notation).

▪ The IP address shortage was one of the reasons behind the development of IPv6

▪ Most experts expect that all the current 4-byte addresses will simply be assigned an arbitrary 12-byte prefix (e.g., all zeros) ▪ so that the holders of the current addresses can

continue to use them.


Internet Addresses

Subnets▪ subnetworks or subnets are designed on the network

that subdivide the network into logical pieces.


128.192.56.0: the network address128.192.56.255: the broadcast address

128.192.55.0: the network address128.192.55.255: the broadcast address

Subnets

▪ Any portion of the IP address can be designated as a subnet by using a subnet mask.

▪ IP addresses are binary numbers, ▪ so partial bytes can also be used as subnets.

▪ For example, we could create a subnet that has IP addresses between 128.184.55.1 and 128.184.55.127

▪ and another subnet with addresses between 128.184.55.128 and 128.184.55.254.


Dynamic Addressing

▪ To this point, we have said that every computer knows its network layer address from a configuration file ▪ that is installed when the computer is first attached to the

network.

▪ However, this leads to a major network management problem.

▪ The easiest way around this is dynamic addressing. ▪ With this approach, a server is designated to supply a

network layer address to a computer each time the computer connects to the network.


Dynamic Host Configuration Protocol (DHCP)

▪ when the computer is turned on and connects to the network,▪ it first issues a broadcast DHCP message that is

directed to any DHCP server that can “hear” the message. ▪ This message asks the server to assign the requesting

computer a unique network layer address.

▪ The server runs a corresponding DHCP software package that responds to these requests▪ and sends a message back to the client, giving it its

network layer address (and its subnet mask).


▪ The DHCP server can be configured to assign the same network layer address to the computer ▪ (on the basis of its data link layer address) each time it

requests an address,

▪ or it can lease the address to the computer by picking the “next available” network layer address from a list of authorized addresses. ▪ Addresses can be leased for as long as the computer is

connected to the network ▪ or for a specified time limit (e.g., 2 hours).

▪ When the lease expires, the client computer must contact the DHCP server to get a new address.


Dynamic Host Configuration Protocol (DHCP)

5.4.2 Address Resolution

▪ To send a message, the sender must be able to translate the application layer address (or server name) of the destination into: ▪ a network layer address ▪ and in turn translate that into a data link layer address.

▪ This process is called address resolution.

▪ There are many different approaches to address resolution ▪ that range from completely decentralized (each computer

is responsible for knowing all addresses) ▪ to completely centralized (there is one computer that

knows all addresses).


Server Name Resolution▪ Server name resolution is the translation of application

layer addresses into network layer addresses. This is done using the domain name service.

▪ DomainName Service (DNS):▪ Name servers have address databases that store thousands of

Internet addresses and their corresponding IP addresses.

▪ Every organization that has many servers also has its own DNS server, ▪ but smaller organizations that have only one or two servers

often use a DNS server provided by their ISP▪ When it registers its name, it must also provide the IP address of

the DNS server that it will use to provide the IP addresses for all the computers within this domain name range



Server Name Resolution

This is why it sometimes takes longer to access certain sites.

▪ DNS servers can also exchange information about new and changed addresses among themselves, ▪ a process called replication.

▪ Once your application layer software receives an IP address, ▪ it is stored on your computer in a DNS cache. ▪ This way, if you ever need to access the same

computer again, your computer does not need to contact its resolving name server.

▪ The DNS cache is routinely deleted whenever you turn off your computer.


Server Name Resolution

Data Link Layer Address Resolution

▪ To send a message to another computer in its subnet, ▪ a computer must know the correct data link layer address. ▪ In this case, the TCP/IP software sends a broadcast message to

all computers in its subnet.

▪ The message is a specially formatted request using Address Resolution Protocol (ARP) ▪ that says, “Whoever is IP address xxx.xxx.xxx.xxx, please send

me your data link layer address.”▪ The software in the computer with that IP address then sends

an ARP response with its data link layer address. ▪ The sender transmits its message using that data link layer address.

▪ The receiving computer also stores the data link layer address in its address table for future use.


▪ Routing is the process of determining the route or path through the network that a message will travel from the sending computer to the receiving computer.

▪ Routers are usually found at the edge of subnets


R has four interfaces,R2 also has four interfaces,


5.5.1 Types of Routing

▪ Centralized Routing With centralized routing, all routing decisions are made by one central computer or router. ▪ Centralized routing is commonly used in host-based

networks

▪ Static Routing ▪ Static routing is decentralized

▪ With static routing, routing decisions are made in a fixed manner by individual computers or routers.

▪ The routing table is developed by the network manager

▪ Static routing is commonly used in networks that have few routing options that seldom change.


▪ Dynamic Routing (or adaptive routing)▪ Dynamic routing attempts to improve network

performance by routing messages over the fastest possible route,▪ away from busy circuits and busy computers.

▪ An initial routing table is developed by the network manager ▪ but is continuously updated by the computers

themselves to reflect changing network conditions.


5.5.1 Types of Routing

Dynamic Routing

▪ With distance vector dynamic routing, routers count the number of hops along a route.

▪ With link state dynamic routing, computers or routers track the number of hops in the route, the speed of the circuits in each route, and how busy each route is.

▪ Link state protocols are preferred to distance vector protocols in large networks

▪ They are said to converge more quickly.


▪ There are two drawbacks to dynamic routing. ▪ First, it requires more processing by each computer or

router in the network than does centralized routing or static routing. ▪ Computing resources are devoted to adjusting routing tables

rather than to sending messages, ▪ which can slow down the network.

▪ Second, the transmission of routing information “wastes” network capacity. ▪ Some dynamic routing protocols transmit status information

very frequently, ▪ which can significantly reduce performance.


Dynamic Routing

5.5.2 Routing Protocols

▪ An autonomous system is simply a network operated by one organization, ▪ such as IBM or Indiana University, or an organization

that runs one part of the Internet.

▪ If an autonomous system grows too large, it can be split into smaller parts.

▪ The routing protocols used inside an autonomous system are called interior routing protocols.

▪ Protocols used between autonomous systems are called exterior routing protocols.


▪ Border Gateway Protocol (BGP) is a dynamic distance vector exterior routing protocol used on the Internet to exchange routing information between autonomous systems

▪ Internet Control Message Protocol (ICMP) is the simplest interior routing protocol on the Internet. ▪ ICMP is simply an error-reporting protocol that

enables computers to report routing errors to message senders.

▪ ICMP also has a very limited ability to update routing tables.



▪ Routing Information Protocol (RIP) is a dynamic distance vector interior routing protocol▪ that is commonly used in smaller networks, such

as those operated by one organization.

▪ Intermediate System to Intermediate System(IS-IS) is a link state interior routing protocol▪ that is commonly used in large networks.



▪ Open Shortest Path First (OSPF) is more efficient than RIP because it normally doesn’t use broadcast messages. ▪ Instead, it selectively sends status update messages

directly to selected computers or routers.

▪ Enhanced Interior Gateway Routing Protocol (EIGRP) is a dynamic hybrid interior routing protocol developed by Cisco and is commonly used inside organizations.▪ Hybrid means that it has some features that act like

distance vector protocols and some other features that act like link state protocols.

▪ As you might expect, EIGRP is an improved version of Interior Gateway Routing Protocol (IGRP).



5.5.3 Multicasting

▪ Types of messages:

▪ unicast message

▪ broadcast message

▪ Multicast message

▪ Internet Group Management Protocol (IGMP).

▪ Each multicast group is assigned a special IP address to identify the group.


5.5.4 The Anatomy of a Router


▪ The console port, also called the management port, is used to configure the router.▪ (e.g., IP address assignment, routing protocol selection)

▪ Once the basic setup is done, the network manager can log in to the router from any computer using the network interface using TCP/IP and Telnet with Secure Shell (SSH).

▪ Although routers come with an auxiliary port that allows an administrator to log via a direct, nonnetwork connection (e.g., using modems), ▪ This connection is rarely used today.



▪ A router, just like a computer, must have an operating system ▪ so that it can be configured.

▪ The operating system that is used in about 90% of routers is the Cisco Internetwork Operating Systems (IOS), ▪ although other operating systems exist as well.

▪ IOS uses a command line interface▪ rather than a graphical user interface.



▪ The network manager uses IOS commands to create a configuration file (also called a config file) that defines how the router will operate. ▪ The config file can contain

▪ the type of routing protocol to be used, ▪ the interfaces that are active/enabled and those that are down, ▪ and what type of encryption is used. ▪ The config file is central to a router’s operation, and the IOS refers to it

hundreds of times per second to tell the router how to do its job.

▪ The other important file is the Access Control List (ACL), ▪ which plays an important role in network security. ▪ The ACL defines what types of packets should be routed and

what types of packets should be discarded.▪ The ACL is discussed in more detail in Chapter 10 on security.



▪ When a computer is installed on a TCP/IP network (or dials into a TCP/IP network),▪ it must be given four pieces of network layer addressing and

routing information before it can operate.

▪ This information can be provided by a configuration file or via a DHCP server.

▪ The information is▪ Its IP address

▪ A subnet mask,

▪ The IP address of a DNS server,

▪ The IP address of an IP gateway (commonly called a router)



5.6.1 Known Addresses

▪ Suppose that a client computer in Building A (e.g., 128.192.98.130) wanted to get a Web page from a Web server A located in the data center (www2.anyorg.com).


5.6.2 Unknown Addresses

▪ Suppose that the client computer in Building A (128.192.98.130) wants to retrieve a Web page from the www1.anyorg.comWeb server ▪ but does not know the IP address of the Web server.

▪ What would happen if client in building A (128.192.98.130) did not know its router’s Ethernet address?▪ After getting the router’s Ethernet address using ARP,

▪ the network layer software on the client stores this address in its data link layer address table (called ARP cache).


5.6.3 TCP Connections▪ Whenever a computer transmits data to another computer, it

must choose whether to use a connection-oriented service via TCP or a connectionless service via UDP.

▪ Remember:▪ Before the first packet is sent, the transport layer first sends a SYN

segment to establish a session (also known as the three-way handshake).

▪ Once the session is established, then the data packets begin to flow. ▪ Once the data are finished, the session is closed with a FIN segment

(also known as the four-way handshake).

▪ With the newest version of HTTP, ▪ Web browsers open one session when they first issue an HTTP

request ▪ and leave that session open for all subsequent HTTP requests to the

same server.


5.6.4 TCP/IP and Network Layers


▪ Today, more than 3.5 billion users are on the Internet (you can check out the live stats of Internet users here: ▪ http://www.internetlivestats.com/internet-users/).

▪ One of the most exploited security flaws is the vulnerability created by the TCP three-way handshake▪ The largest attack of this kind was recorded in 2016 when

it brought down much of the Internet’s domain name system (DNS) infrastructure.

▪ Most websites are able to track your operating system, browser version, time zone, and many other information in addition to your IP address.


http://www.internetlivestats.com/internet-users/

Business Data Communications and Networkingalfarrar/courses/ESE13711_Sp2020/slides/CH-05.pdfBusiness Data Communications and Networking Most of the slides in this lecture are either

Documents