Internet Protocol Analysis/Transport Layer

This lesson introduces the Transport layer and looks at User Datagram Protocol (UDP) and Transmission Control Protocol (TCP). Activities include using netstat to display protocol statistics and using Wireshark to examine UDP and TCP network traffic.

Readings

 * 1)  Transport layer
 * 2)  User Datagram Protocol
 * 3)  Transmission Control Protocol

Multimedia

 * 1) YouTube: 03 01 Introduction to TCP & UDP Protocols
 * 2) YouTube: Basics of ipconfig, ping, tracert, nslookup and netstat
 * 3) YouTube: The Netstat Command - CompTIA Network+ N10-005: 4.3

Activities

 * 1) Use netstat to  display protocol statistics.
 * 2) Use netstat to  display all active connections and listening ports.
 * 3) Use Wireshark to  capture and analyze User Datagram Protocol (UDP) traffic.
 * 4) Use Wireshark to  capture and analyze Transmission Control Protocol (TCP) traffic.
 * 5) Consider situations in which a packet analyzer might be used to troubleshoot transport layer traffic.

Lesson Summary

 * The transport layer provides end-to-end communication services for applications.
 * The transport layer provides services such as connection-oriented data stream support, reliability, flow control, and multiplexing.
 * The Transmission Control Protocol (TCP) is used for connection-oriented transmissions. The User Datagram Protocol (UDP) is used for connection-less messaging transmissions.
 * Many of the services attributed to the transport layer are specific to TCP and do not apply to UDP. These include connections, byte oriented data streams, sequencing, reliability, flow control, and congestion avoidance.
 * Transport layer protocols include source and destination port numbers to identify process-to-process communication. Sessions are identified using the client's IP address and port number.
 * TCP packets are referred to as segments. UDP packets are referred to as datagrams.
 * UDP has no handshaking dialogues, and thus exposes any unreliability of the underlying network protocol to the user's program.
 * UDP provides checksums for data integrity, and port numbers for addressing different functions at the source and destination of the datagram.
 * UDP is simple and stateless, with minimal delay, and works well in unidirectional (broadcast / multicast) communication.
 * The UDP header includes fields for: source port, destination port, length, and checksum.
 * TCP is reliable, ordered, heavyweight, and streaming.
 * UDP is unreliable, un-ordered, lightweight, and without streaming or connection control.
 * UDP provides a datagram service that emphasizes reduced latency over TCP stream reliability. TCP is optimized for accurate delivery rather than timely delivery.
 * TCP is a reliable stream delivery service that guarantees that all bytes received will be identical with bytes sent and in the correct order.
 * The TCP header includes fields for: source port, destination port, sequence number, acknowledgement number, data offset, flags, window size, checksum, and an urgent pointer.
 * TCP protocol operations are divided into three phases: connection establishment, data transfer, and connection termination.
 * TCP connection establishment is performed through a three-way handshake exchanging sequence numbers and acknowledgements (SYN, SYN-ACK, ACK).
 * TCP connection termination is performed through a four-way handshake of exchanging finish flags and acknowledgements (FIN, ACK, FIN, ACK).
 * TCP achieves reliable transmission by using a sequence number to account for each byte of data.
 * TCP performs error detection through sequence numbers, acknowledgements, and a checksum for each packet.
 * TCP uses a sliding window flow control process in which the receiver specifies the amount of additional data that it is willing to accept for the connection and the sending host can send only up to that amount of data before it must wait for an acknowledgment from the receiving host.
 * TCP achieves congestion control through slow-start, congestion avoidance, fast retransmit, fast recovery, and retransmission timeout.
 * TCP and UDP port numbers range from 0 to 65535.
 * The Internet Assigned Numbers Authority has divided TCP and UDP port numbers into three ranges. Port numbers 0 through 1023 are used for common, well-known services. Port numbers 1024 through 49151 are registered ports used for IANA-registered services. Ports 49152 through 65535 are dynamic ports that can be used for any purpose.

Key Terms

 * ACK
 * An acknowledgement signal passed between communicating processes or computers to signify acknowledgement, or receipt of response, as part of a communications protocol.


 * application programming interface (API)
 * A protocol intended to be used as an interface by software components to communicate with each other.


 * Automatic Repeat reQuest (ARQ) (or Automatic Repeat Query)
 * An error-control method for data transmission that uses acknowledgements (messages sent by the receiver indicating that it has correctly received a data frame or packet) and timeouts (specified periods of time allowed to elapse before an acknowledgment is to be received) to achieve reliable data transmission over an unreliable service.


 * buffer
 * A region of a physical memory storage used to temporarily prevent data from continuing while it is being moved from one place to another.


 * buffer underrun
 * A state occurring when a buffer used to communicate between two devices or processes is fed with data at a lower speed than the data is being read from it.


 * checksum
 * A fixed-size datum computed from an arbitrary block of digital data for the purpose of detecting accidental errors that may have been introduced during its transmission or storage.


 * connection-oriented communication
 * A data communication mode whereby the devices at the end points use a protocol to establish an end-to-end logical or physical connection before any data may be sent.


 * connectionless
 * A data communication mode in which a message can be sent from one end point to another without prior arrangement.


 * data stream
 * A sequence of digitally encoded coherent signals (packets of data or data packets) used to transmit or receive information that is in the process of being transmitted.


 * datagram
 * A basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order of arrival are not guaranteed by the network service.


 * deadlock
 * A situation in which two or more competing actions are each waiting for the other to finish, and thus neither ever does.


 * ephemeral port
 * A short-lived transport protocol port allocated automatically from a predefined range.


 * error detection
 * Techniques that enable reliable delivery of digital data over unreliable communication channels.


 * flow control
 * The process of managing the rate of data transmission between two nodes to prevent a fast sender from outrunning a slow receiver.


 * handshaking
 * An automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins.


 * latency
 * A measure of time delay experienced in a system.


 * maximum segment size (MSS)
 * A parameter of the TCP protocol that specifies the largest amount of data that a computer or communications device can receive in a single TCP segment.


 * multiplexing
 * A method by which multiple analog message signals or digital data streams are combined into one signal over a shared medium.


 * NAK
 * A negative acknowledgement signal passed between communicating processes or computers to signify an error or lack of acceptance as part of a communications protocol.


 * network congestion
 * A data communication situation in which a link or node is carrying so much data that its quality of service deteriorates.


 * registered port
 * A transport protocol port assigned by the Internet Assigned Numbers Authority (IANA) for use with a certain protocol or application.


 * reliability
 * A reliable protocol is one that provides reliability properties with respect to the delivery of data to the intended recipient(s), as opposed to an unreliable protocol, which does not provide notifications to the sender as to the delivery of transmitted data.


 * Slow-start
 * One of the algorithms that TCP uses to control congestion inside the network, in which the TCP window size is increased each time an acknowledgment is received.


 * TCP window scale option
 * An option to increase the TCP receive window size above its maximum value of 65,535 bytes.

Assessments

 * /Lesson Flashcards/
 * /Terms Flashcards/
 * /Quiz/