Jan 15, 2016
Protocol Levels
TCP Header Data
DataEthernet Header
IP Header Data
HTTP: Packet
TCP/IP Protocols
MAC Layer (Ethernet)
TCP UDP ICMP
IP ARP
SMTP Telnet
FTP HTTP
DHCPDNS
PINGSNMPPOP
source
router
router
Destination
IP packet
IP packet fragments
Reassembly Required
Fragments Created
TCP
• Connection Oriented– state
• Stream Oriented– Sequence number
• Full Duplex
• Reliable– acknowledgment
TCP Commands
• Syn – synchronize sequence numbers
• Ack – acknowledgement
• Fin – close connection
• Push – send data immediately
• Urgent – look at data out of sequence
• Reset – reject connection
TCP Connection
• Passive Open– Server opens known port and waits for client to
connect (no traffic on network)
• Active open– Client opens any available port and connects to
server on known port (starts three way handshake)
TCP Connection States
LISTEN Server waiting
SYN-SENT Waiting for ack
SYN-RCVD Syn received
ESTABLISHED Connection established
FIN-WAIT-1 Closing requested
FIN-WAIT-2 Closing accepted
CLOSE-WAIT Server waiting for client to close
LAST-ACK Server waiting for last ack
CLOSED
LISTEN
ESTABLISHED
SYN-SENT
CLOSE-WAIT
SYN-RCVD
FIN-WAIT-1
LAST-ACK
FIN-WAIT-2
TIME-WAIT
Passive openActive open/syn
Syn/ syn+ack
Syn+ack/ack
Close/fin
Ack/
timeout
Fin/ack
ack
ack
Close/fin
Fin/ack
TCP Sliding Window
• Sequence No. - number of first byte in the segment
• Acknowledgement – number of next byte expected
• Sliding Window – number of bytes that can be transmitted without an acknowledgement
K S U G O L D E N F L A S H E S
Sliding Window
Sliding Window
Sender
Receiver
K S U G O L D E N F L A S H E S
K S U
Sliding Window Ready to send
Sent, not yet acked
K S U G O L D E N F L A S H E S
K S U D E N F L A
Sent and
ACKed
Sliding Window Ready to send
Sent, not yet acked
K S U G O L D E N F L A S H E S
K S U G O L D E N F L A
Sent and
ACKed
Sliding Window
Syn
ClientServer
Seq 7280
Client sends syn to open connection
Syn
ClientServer
Syn, Ack
Server sends Ack and Syn
Seq 5965 Ack 7281
Syn
ClientServer
Syn, Ack
Ack Cient sends Ack, connection is established
Seq 7281 Ack 5966
Syn
ClientServer
Syn, Ack
AckAck, Push Client requests Web Page
Seq 7281 Ack 5966
Syn
ClientServer
Syn, Ack
AckAck
AckServer sends first part of Web
Page
Seq 5966 ack 7532
Syn
ClientServer
Syn, Ack
AckAck
Ack
Ack
Ack
Server sends remainder of page
Seq 5966 ack 7531
Seq 7426 ack 7531
Syn
ClientServer
Syn, Ack
AckAck
Ack
Ack
Ack
Ack Client sends ack
Seq 7531 ack 8886
Syn
ClientServer
Syn, Ack
AckAck
Ack
Ack
Ack
Ack
Ack, Fin, Push
Server starts closing of connection
Seq 8886 ack 7531
Syn
ClientServer
Syn, Ack
AckAck
Ack
Ack
Ack
Ack
Ack, Fin, Push
Ack Client acks closing of server’s side of connection
Seq 7531 ack 9203
Syn
ClientServer
Syn, Ack
AckAck
Ack
Ack
Ack
Ack
Ack, Fin, Push
Ack
Ack, Fin Client requests closing of its side of connection
Seq 7531 ack 9203
Syn
ClientServer
Syn, Ack
AckAck
Ack
Ack
Ack
Ack
Ack, Fin, Push
Ack
Ack, Fin
Ack
Server sends Ack, connection closed
Seq 9203 ack 7532
ARP
ARP Request(broadcast)
Who is 131.123.8.8 ?
ARP
ARP Response(unicast)
I am 131.123.8.8, HA= 00-C0-4F-AB-DA-0C
http://www.rhyshaden.com/arp.htm
DHCP
DHCP Request(broadcast)
DHCP Server
DHCP Client
DHCP
DHCP Response(Unicast)
DHCP Server
DHCP Client
IP 131.123.8.173Mask: 255.255.255.0Router: 131.123.8.10DNS: 131.123.1.1 131.123.4.23
TYPE
IDENTIFIER
OPTIONAL DATA
SEQUENCE NUMBER
CODE CHECKSUM
0 8 16 31
ICMP Echo message
ftp client ftp server
Proto Local Address Foreign Address TCP 131.123.8.111:2349 131.123.250.211:21
TCP 131.123.8.111:2353 131.123.250.211:20
2349 212353 20
TCP Segments
131.123.8.111
131.123.250.211