Objective: In this lab, you will explore TCP Protocol operation Differences betw

Question

Objective:
In this lab, you will explore
TCP Protocol operation
Differences between TCP and UDP Protocols

Required Equipment:
A PC with Wireshark program installed
Files: ECET-375IntroTCP-pcattcp-1.pcap
ECET-375TCPandUDP-Transmit-wait-5ms.pcap

Discussion:

TCP (Transport Control Protocol) and UDP (User Datagram Protocol) operate at the Transport layer of the Internet Protocol Hierarchy. They deliver information between Internet applications. To identify the applications running on a host, Internet transport layer uses port numbers, each a sixteen-bit number expressed as a decimal number (e.g. 80). Each host interface on the Internet is uniquely identified by an IP address, a 32-bit number usually expressed in dotted decimal notation (e.g.192.168.1.45). TCP and UDP combine data from multiple applications into a single outgoing connection at a source host. This process is called multiplexing. These protocols, at a destination host, separate data arriving at an incoming connection destined for different applications. This process is called demultiplexing. TCP is connection oriented and has many other features geared towards providing reliable communication, flow control and congestion control. UDP is connectionless and does not have these features.

In this lab, you will analyze pre-captured Wireshark files to explore features of TCP and UDP protocols and their differences.

Procedure:

TCP protocol

TCP protocol is defined in RFC 793. Its operation, for the purpose of understanding, is compared to sending documents using a Fax machine. You first send a title page with sender, receiver information, number of pages to follow, etc. The receiver may let you know if some pages are missing. The TCP header is akin to the title page and TCP acknowledgement and retransmissions have obvious interpretations. To get started on learning details about the TCP protocol operation, start up the Wireshark program and open the capture file: ECET-375IntroTCP-pcattcp-1.pcap. Follow the following activities and answer the questions.
Select the Packet #10 in the List View pane.
What are the source and destination IP addresses for the packet?

Source IP address:
Destinations IP address:

What are the corresponding MAC (physical) addresses?
Source MAC Address:
Destination MAC Address:

Select the corresponding

Explanation / Answer

Source and destination ip address of packet

Packet Flow in Network

All the hosts in IPv4 environment are assigned unique logical IP addresses. When a host wants to send some data to another host on the network, it needs the physical (MAC) address of the destination host. To get the MAC address, the host an broadcasts ARP message and asks to give the MAC address whoever is the owner of destination IP address. All the hosts on that segment receive the ARP packet, but only the host having its IP matching with the one in the ARP message, replies with its MAC address. Once the sender receives the MAC address of the receiving station, data is sent on the physical media.

In case the IP does not belong to the local subnet, the data is sent to the destination by means of Gateway of the subnet. To understand the packet flow, we must first understand the following components:

We can now describe the packet flow. Assume that a user wants to access www.TutorialsPoint.com from her personal computer. She has internet connection from her ISP. The following steps will be taken by the system to help her reach the destination website.

Step: 1 Acquiring an IP Address (DHCP)

When the users PC boots up, it searches for a DHCP server to acquire an IP address. For the same, the PC sends a DHCPDISCOVER broadcast which is received by one or more DHCP servers on the subnet and they all respond with DHCPOFFER which includes all the necessary details such as IP, subnet, Gateway, DNS, etc. The PC sends DHCPREQUEST packet in order to request the offered IP address. Finally, the DHCP sends DHCPACK packet to tell the PC that it can keep the IP for some given amount of time that is known as IP lease.

Alternatively, a PC can be assigned an IP address manually without taking any help from DHCP server. When a PC is well configured with IP address details, it can communicate other computers all over the IP enabled network.

Step: 2 DNS Query

When a user opens a web browser and types www.tutorialpoints.com which is a domain name and a PC does not understand how to communicate with the server using domain names, then the PC sends a DNS query out on the network in order to obtain the IP address pertaining to the domain name. The pre-configured DNS server responds to the query with IP address of the domain name specified.

Step: 3 ARP Request

The PC finds that the destination IP address does not belong to his own IP address range and it has to forward the request to the Gateway. The Gateway in this scenario can be a router or a Proxy Server. Though the Gateways IP address is known to the client machine but computers do not exchange data on IP addresses, rather they need the machines hardware address which is Layer-2 factory coded MAC address. To obtain the MAC address of the Gateway, the client PC broadcasts an ARP request saying "Who owns this IP address?" The Gateway in response to the ARP query sends its MAC address. Upon receiving the MAC address, the PC sends the packets to the Gateway.

An IP packet has both source and destination addresses and it connects the host with a remote host logically, whereas MAC addresses help systems on a single network segment to transfer actual data. It is important that source and destination MAC addresses change as they travel across the Internet (segment by segment) but source and destination IP addresses never change.

Source IP address

The source IP address is the IP address of the computer and or website you are currently visiting, or using.

You can check your IP address as well as the IP address of websites using many websites across the internet, the most popular being: http://whois.domaintools.com/

Destination IP address

IP addresses are used to deliver packets of data across a network and have what is termed end-to-end significance. This means that the source and destination IP address remains constant as the packet traverses a network.In simple terms again, Destination IP address is the receiver of information

What MAC Addresses Are Used For

RELATED ARTICLE

(function(){var f=function(a,b,c){if(a.addEventListener)a.addEventListener(b,c,!1);else if(a.attachEvent)a.attachEvent("on"+b,c);else{var d=a["on"+b];a["on"+b]=function(){c.call(this);d&&d.call(this)}}};window.pagespeed=window.pagespeed||{}; var g=window.pagespeed,k=function(a){this.d=[];this.e=0;this.c=!1;this.h=a;this.f=null;this.i=0;this.b=!1;this.a=0},l=function(a,b){var c=b.getAttribute("pagespeed_lazy_position");if(c)return parseInt(c,0);var c=b.offsetTop,d=b.offsetParent;d&&(c+=l(a,d));c=Math.max(c,0);b.setAttribute("pagespeed_lazy_position",c);return c},m=function(a,b){var c,d,e;if(!a.b&&(0==b.offsetHeight||0==b.offsetWidth))return!1;e:if(b.currentStyle)d=b.currentStyle.position;else{if(document.defaultView&&document.defaultView.getComputedStyle&& (d=document.defaultView.getComputedStyle(b,null))){d=d.getPropertyValue("position");break e}d=b.style&&b.style.position?b.style.position:""}if("relative"==d)return!0;e=0;"number"==typeof window.pageYOffset?e=window.pageYOffset:document.body&&document.body.scrollTop?e=document.body.scrollTop:document.documentElement&&document.documentElement.scrollTop&&(e=document.documentElement.scrollTop);c=window.innerHeight||document.documentElement.clientHeight||document.body.clientHeight;d=e;e=e+c;var h=b.getBoundingClientRect(); h?(e=h.top-c,d=h.bottom):(h=l(a,b),c=h+b.offsetHeight,e=h-e,d=c-d);return e<=a.e&&0<=d+a.e}; k.prototype.j=function(a){p(a);var b=this;window.setTimeout(function(){var c=a.getAttribute("pagespeed_lazy_src");if(null!=c)if((b.c||m(b,a))&&-1!=a.src.indexOf(b.h)){var d=a.parentNode,e=a.nextSibling;d&&d.removeChild(a);a.g&&(a.getAttribute=a.g);a.removeAttribute("onload");a.tagName&&"IMG"==a.tagName&&g.CriticalImages&&f(a,"load",function(){g.CriticalImages.checkImageForCriticality(this);b.b&&(b.a--,0==b.a&&g.CriticalImages.checkCriticalImages())});a.removeAttribute("pagespeed_lazy_src");a.removeAttribute("pagespeed_lazy_replaced_functions"); d&&d.insertBefore(a,e);a.src=c}else b.d.push(a)},0)};k.prototype.loadIfVisibleAndMaybeBeacon=k.prototype.j;k.prototype.k=function(){this.c=!0;q(this)};k.prototype.loadAllImages=k.prototype.k;var q=function(a){var b=a.d,c=b.length;a.d=[];for(var d=0;d<c;++d)a.j(b[d])},s=function(a,b){return a.a?null!=a.a(b):null!=a.getAttribute(b)};k.prototype.l=function(){for(var a=document.getElementsByTagName("img"),b=0,c;c=a[b];b++)s(c,"pagespeed_lazy_src")&&p(c)};k.prototype.overrideAttributeFunctions=k.prototype.l; var p=function(a){s(a,"pagespeed_lazy_replaced_functions")||(a.g=a.getAttribute,a.getAttribute=function(a){"src"==a.toLowerCase()&&s(this,"pagespeed_lazy_src")&&(a="pagespeed_lazy_src");return this.g(a)},a.setAttribute("pagespeed_lazy_replaced_functions","1"))}; g.m=function(a,b){var c=new k(b);g.lazyLoadImages=c;f(window,"load",function(){c.b=!0;c.c=a;c.e=200;if(g.CriticalImages){for(var b=0,d=document.getElementsByTagName("img"),r=0,n;n=d[r];r++)-1!=n.src.indexOf(c.h)&&s(n,"pagespeed_lazy_src")&&b++;c.a=b;0==c.a&&g.CriticalImages.checkCriticalImages()}q(c)});0!=b.indexOf("data")&&((new Image).src=b);var d=function(){if(!(c.b&&a||c.f)){var b=200;200<(new Date).getTime()-c.i&&(b=0);c.f=window.setTimeout(function(){c.i=(new Date).getTime();q(c);c.f=null}, b)}};f(window,"scroll",d);f(window,"resize",d)};g.lazyLoadInit=g.m;})(); pagespeed.lazyLoadInit(true, "/pagespeed_static/1.JiBnMqyl6S.gif");

What Exactly Is a MAC Address Used For?
Every piece of hardware on your local network has a MAC address in addition to the IP address assigned to... [Read Article]

In addition to their core networking use, MAC addresses are often used for other purposes:

Source MAC and Destination MAC address

Source MAC = A

Destination MAC = C

Why: When A needs to send data to another host it first determines whether or not the detination host is on the local network. Upon determining that the destination is not local, A sends the data to it's configured default gateway, which is C.

A TCP segment consists of a segment header and a data section. The TCP header contains 10 mandatory fields, and an optional extension field (Options, pink background in table).

The data section follows the header. Its contents are the payload data carried for the application. The length of the data section is not specified in the TCP segment header. It can be calculated by subtracting the combined length of the TCP header and the encapsulating IP header from the total IP datagram length (specified in the IP header).

Source port (16 bits)

identifies the sending port

Destination port (16 bits)

identifies the receiving port

Sequence number (32 bits)

has a dual role:

Acknowledgment number (32 bits)

if the ACK flag is set then the value of this field is the next sequence number that the receiver is expecting. This acknowledges receipt of all prior bytes (if any). The first ACK sent by each end acknowledges the other end's initial sequence number itself, but no data.

Data offset (4 bits)

specifies the size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words thus giving the minimum size of 20 bytes and maximum of 60 bytes, allowing for up to 40 bytes of options in the header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data.

Reserved (3 bits)

for future use and should be set to zero

Flags (9 bits) (aka Control bits)

contains 9 1-bit flags

Window size (16 bits)

the size of the receive window, which specifies the number of window size units (by default, bytes) (beyond the sequence number in the acknowledgment field) that the sender of this segment is currently willing to receive (see Flow control and Window Scaling)

Checksum (16 bits)

The 16-bit checksum field is used for error-checking of the header and data

Urgent pointer (16 bits)

if the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte

Options (Variable 0320 bits, divisible by 32)

The length of this field is determined by the data offset field. Options have up to three fields: Option-Kind (1 byte), Option-Length (1 byte), Option-Data (variable). The Option-Kind field indicates the type of option, and is the only field that is not optional. Depending on what kind of option we are dealing with, the next two fields may be set: the Option-Length field indicates the total length of the option, and the Option-Data field contains the value of the option, if applicable. For example, an Option-Kind byte of 0x01 indicates that this is a No-Op option used only for padding, and does not have an Option-Length or Option-Data byte following it. An Option-Kind byte of 0 is the End Of Options option, and is also only one byte. An Option-Kind byte of 0x02 indicates that this is the Maximum Segment Size option, and will be followed by a byte specifying the length of the MSS field (should be 0x04). Note that this length is the total length of the given options field, including Option-Kind and Option-Length bytes. So while the MSS value is typically expressed in two bytes, the length of the field will be 4 bytes (+2 bytes of kind and length). In short, an MSS option field with a value of 0x05B4 will show up as (0x02 0x04 0x05B4) in the TCP options section.

Some options may only be sent when SYN is set; they are indicated below as [SYN]. Option-Kind and standard lengths given as (Option-Kind,Option-Length).

(The remaining options are historical, obsolete, experimental, not yet standardized, or unassigned)

Padding

The TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit boundary. The padding is composed of zeros

TCP Three-way Handshake

Step 1. Device A (Client) sends a TCP segment with SYN = 1, ACK = 0, ISN (Initial Sequence Number) = 2000.

An Initial Sequence Number (ISN) is a random Sequence Number, allocated for the first packet in a new TCP connection.

The Active Open device (Device A) sends a segment with the SYN flag set to 1, ACK flag set to 0 and an Initial Sequence Number 2000 (For Example), which marks the beginning of the sequence numbers for data that device A will transmit. SYN is short for SYNchronize. SYN flag announces an attempt to open a connection.

Step 2. Device B (Server) receives Device A's TCP segment and returns a TCP segment with SYN = 1, ACK = 1, ISN = 5000 (Device B's Initial Sequence Number), Acknowledgment Number = 2001 (2000 + 1, the next sequence number Device B expecting from Device A).

Step 3. Device A sends a TCP segment to Device B that acknowledges receipt of Device B's ISN, With flags set as SYN = 0, ACK = 1, Sequence number = 2001, Acknowledgment number = 5001 (5000 + 1, the next sequence number Device A expecting from Device B)

This handshaking technique is referred to as TCP Three-way handshake or SYN, SYN-ACK, ACK.

After the Three-way handshake, the connection is open and the participant computers start sending data using the agreed sequence and acknowledge numbers.

TCP is a full duplex

TCP works in layer 4 (transport layer), which is used for making connections between nodes on a network. TCP is indeed bidirectional, and it's sometimes referred to as connection-oriented.

meaning of the RESET flag bit

It's hard to give a firm but general answer, because every possible perversion has been visited on TCP since its inception, and all sorts of people might be inserting RSTs in an attempt to block traffic

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.