Download (PPT, 327KB)

Document related concepts

Deep packet inspection wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Real-Time Messaging Protocol wikipedia , lookup

IEEE 1355 wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

UniPro protocol stack wikipedia , lookup

TCP congestion control wikipedia , lookup

Internet protocol suite wikipedia , lookup

Transcript
• Transmission Control Protocol
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol
The Transmission Control Protocol
(TCP) is one of the core protocols of
the Internet protocol suite (IP), and is
so common that the entire suite is
often called TCP/IP. TCP provides
reliable, ordered, error-checked
delivery of a stream of octets between
programs running on computers
connected to a local area network,
intranet or the public Internet. It
resides at the transport layer.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol
Web browsers use TCP when they
connect to servers on the World Wide
Web, and it is used to deliver email and
transfer files from one location to another.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol
1
Applications that do not require the
reliability of a TCP connection may
instead use the connectionless User
Datagram Protocol (UDP), which
emphasizes low-overhead operation
and reduced latency rather than error
checking and delivery validation.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Historical origin
The monolithic Transmission Control
Program was later divided into a modular
architecture consisting of the Transmission
Control Protocol at the connectionoriented layer and the Internet Protocol at
the internetworking (datagram) layer
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
The protocol corresponds to the transport
layer of TCP/IP suite. TCP provides a
communication service at an intermediate
level between an application program and the
Internet Protocol (IP). That is, when an
application program desires to send a large
chunk of data across the Internet using IP,
instead of breaking the data into IP-sized
pieces and issuing a series of IP requests,
the software can issue a single request to
TCP and let TCP handle the IP details.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
IP works by exchanging pieces of
information called packets. A packet
is a sequence of octets (bytes) and
consists of a header followed by a
body. The header describes the
packet's source, destination and
control information. The body
contains the data IP is transmitting.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
1
Due to network congestion, traffic load
balancing, or other unpredictable network
behavior, IP packets can be lost,
duplicated, or delivered out of order
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
1
TCP is utilized extensively by many of the
Internet's most popular applications,
including the World Wide Web (WWW), Email, File Transfer Protocol, Secure Shell,
peer-to-peer file sharing, and some
streaming media applications.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
1
TCP is optimized for accurate delivery
rather than timely delivery, and
therefore, TCP sometimes incurs
relatively long delays (on the order of
seconds) while waiting for out-of-order
messages or retransmissions of lost
messages. It is not particularly suitable
for real-time applications such as Voice
over IP. For such applications, protocols
like the Real-time Transport Protocol
(RTP) running over the User Datagram
Protocol (UDP) are usually
recommended instead.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
TCP is a reliable stream delivery
service that guarantees that all bytes
received will be identical with bytes
sent and in the correct order
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Network function
1
While IP handles actual delivery of the
data, TCP keeps track of the individual
units of data transmission, called
segments, that a message is divided into
for efficient routing through the network
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
Transmission Control Protocol accepts
data from a data stream, divides it into
chunks, and adds a TCP header creating a
TCP segment. The TCP segment is then
encapsulated into an Internet Protocol (IP)
datagram, and exchanged with peers.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
The term TCP packet, though
sometimes informally used, is not in
line with current terminology, where
segment refers to the TCP Protocol
Data Unit (PDU), datagram to the IP
PDU and frame to the data link layer
PDU:
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
Processes transmit data by calling on
the TCP and passing buffers of data as
arguments. The TCP packages the data
from these buffers into segments and
calls on the internet module [e.g. IP] to
transmit each segment to the
destination TCP.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
A TCP segment consists of a segment
header and a data section. The TCP
header contains 10 mandatory fields, and
an optional extension field (Options,
orange background in table).
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
The data section follows the header. Its
contents are the payload data carried
for the application. The length of the
data section is not specified in the TCP
segment header. It can be calculated by
subtracting the combined length of the
TCP header and the encapsulating IP
header from the total IP datagram
length (specified in the IP header).
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
0 0Source port
Destination port
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
8 64 Acknowledgment number
(if ACK set)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
If the SYN flag is set (1), then this is the
initial sequence number. The sequence
number of the actual first data byte and
the acknowledged number in the
corresponding ACK are then this
sequence number plus 1.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
If the SYN flag is clear (0), then this is
the accumulated sequence number of
the first data byte of this segment for
the current session.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
if the ACK flag is set then the value of
this field is the next sequence number
that the receiver is expecting. This
acknowledges receipt of all prior bytes
(if any). The first ACK sent by each end
acknowledges the other end's initial
sequence number itself, but no data.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
specifies the size of the TCP header in 32bit words. The minimum size header is 5
words and the maximum is 15 words thus
giving the minimum size of 20 bytes and
maximum of 60 bytes, allowing for up to
40 bytes of options in the header. This
field gets its name from the fact that it is
also the offset from the start of the TCP
segment to the actual data.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
CWR (1 bit) – Congestion Window
Reduced (CWR) flag is set by the sending
host to indicate that it received a TCP
segment with the ECE flag set and had
responded in congestion control
mechanism (added to header by RFC
3168).
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
If the SYN flag is clear (0), that a
packet with Congestion Experienced
flag in IP header set is received
during normal transmission (added to
header by RFC 3168).
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
URG (1 bit) – indicates
that the Urgent pointer
field is significant
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
ACK (1 bit) – indicates that the
Acknowledgment field is significant. All
packets after the initial SYN packet sent
by the client should have this flag set.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
PSH (1 bit) – Push function. Asks to push the
buffered data to the receiving application.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
SYN (1 bit) – Synchronize sequence
numbers. Only the first packet sent from
each end should have this flag set. Some
other flags change meaning based on this
flag, and some are only valid for when it is
set, and others when it is clear.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
the size of the receive window, which
specifies the number of window size
units (by default, bytes) (beyond the
sequence number in the
acknowledgment field) that the sender
of this segment is currently willing to
receive (see Flow control and Window
Scaling)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
The 16-bit checksum
field is used for
error-checking of the
header and data
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
if the URG flag is set, then this 16-bit
field is an offset from the sequence
number indicating the last urgent data
byte
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
The length of this field is
determined by the data
offset field
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
1 (8 bits) – No operation (NOP, Padding)
This may be used to align option fields on
32-bit boundaries for better performance.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
8,10,TTTT,EEEE (80 bits)- Timestamp and echo of
previous timestamp (see TCP timestamps for
details)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
1
(The remaining options are obsolete, experimental,
not yet standardized, or unassigned)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP segment structure
The TCP header padding is used to
ensure that the TCP header ends and data
begins on a 32 bit boundary. The padding
is composed of zeros.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
TCP protocol operations may be
divided into three phases.
Connections must be properly
established in a multi-step handshake
process (connection establishment)
before entering the data transfer
phase. After data transmission is
completed, the connection
termination closes established virtual
circuits and releases all allocated
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
A TCP connection is managed by an
operating system through a
programming interface that
represents the local end-point for
communications, the Internet socket.
During the lifetime of a TCP
connection the local end-point
undergoes a series of state changes:
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
(server) represents waiting for a connection request
from any remote TCP and port.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
(client) represents waiting for a
matching connection request after
having sent a connection request.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
(server) represents waiting for a
confirming connection request
acknowledgment after having both
received and sent a connection
request.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
(both server and client) represents an
open connection, data received can be
delivered to the user. The normal state
for the data transfer phase of the
connection.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
(both server and client) represents waiting
for a connection termination request from
the remote TCP, or an acknowledgment of
the connection termination request
previously sent.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
(both server and client) represents waiting
for an acknowledgment of the connection
termination request previously sent to the
remote TCP (which includes an
acknowledgment of its connection
termination request).
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Protocol operation
1
(either server or client) represents waiting
for enough time to pass to be sure the
remote TCP received the acknowledgment
of its connection termination request.
[According to RFC 793 a connection can
stay in TIME-WAIT for a maximum of four
minutes known as a MSL (maximum
segment lifetime).]
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection establishment
1
To establish a connection, TCP uses a
three-way handshake. Before a client
attempts to connect with a server, the
server must first bind to and listen at a
port to open it up for connections: this
is called a passive open. Once the
passive open is established, a client
may initiate an active open. To
establish a connection, the three-way
(or 3-step) handshake occurs:
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection establishment
1
SYN: The active open is performed by
the client sending a SYN to the server.
The client sets the segment's sequence
number to a random value A.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection establishment
SYN-ACK: In response, the server
replies with a SYN-ACK. The
acknowledgment number is set to one
more than the received sequence
number i.e. A+1, and the sequence
number that the server chooses for the
packet is another random number, B.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection establishment
1
ACK: Finally, the client sends an ACK
back to the server. The sequence
number is set to the received
acknowledgement value i.e. A+1, and
the acknowledgement number is set to
one more than the received sequence
number i.e. B+1.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection establishment
At this point, both the client and
server have received an
acknowledgment of the connection.
The steps 1, 2 establish the connection
parameter (sequence number) for one
direction and it is acknowledged. The
steps 2, 3 establish the connection
parameter (sequence number) for the
other direction and it is
acknowledged. With these, a full1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection termination
1
The connection termination phase uses a
four-way handshake, with each side of the
connection terminating independently
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection termination
A connection can be "half-open", in
which case one side has terminated
its end, but the other has not. The side
that has terminated can no longer
send any data into the connection, but
the other side can. The terminating
side should continue reading the data
until the other side terminates as well.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection termination
1
It is possible for both hosts to send FINs
simultaneously then both just have to
ACK. This could possibly be considered a
2-way handshake since the FIN/ACK
sequence is done in parallel for both
directions.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection termination
1
Some host TCP stacks may implement a halfduplex close sequence, as Linux or HP-UX do
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection termination
Some application protocols may violate
the OSI model layers, using the TCP
open/close handshaking for the application
protocol open/close handshaking — these
may find the RST problem on active close.
As an example:
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection termination
1
For a usual program flow like above, a
TCP/IP stack like that described above
does not guarantee that all the data
arrives to the other application.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Resource usage
1
Most implementations allocate an entry in
a table that maps a session to a running
operating system process
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Resource usage
1
The number of sessions in the server side
is limited only by memory and can grow as
new connections arrive, but the client must
allocate a random port before sending the
first SYN to the server
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Resource usage
1
Both endpoints must also allocate space for
unacknowledged packets and received (but
unread) data.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Data transfer
1
Ordered data transfer — the destination host
rearranges according to sequence number
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Data transfer
1
Retransmission of lost packets — any cumulative
stream not acknowledged is retransmitted
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Data transfer
Flow control — limits the rate a sender
transfers data to guarantee reliable
delivery. The receiver continually hints the
sender on how much data can be received
(controlled by the sliding window). When
the receiving host's buffer fills, the next
acknowledgment contains a 0 in the
window size, to stop transfer and allow the
data in the buffer to be processed.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Reliable transmission
TCP uses a sequence
number to identify each
byte of data
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Reliable transmission
TCP primarily uses a cumulative
acknowledgment scheme, where the
receiver sends an acknowledgment
signifying that the receiver has received all
data preceding the acknowledged
sequence number
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Reliable transmission
In addition to cumulative
acknowledgments, TCP receivers can also
send selective acknowledgments to
provide further information.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Error detection
Sequence numbers allow receivers to
discard duplicate packets and properly
sequence reordered packets.
Acknowledgments allow senders to
determine when to retransmit lost packets.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Error detection
1
To assure correctness a checksum
field is included (see TCP segment
structure for details on
checksumming)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Flow control
1
TCP uses an end-to-end flow control
protocol to avoid having the sender
send data too fast for the TCP receiver
to receive and process it reliably.
Having a mechanism for flow control
is essential in an environment where
machines of diverse network speeds
communicate. For example, if a PC
sends data to a smartphone that is
slowly processing received data, the
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Flow control
TCP uses a sliding window flow
control protocol. In each TCP
segment, the receiver specifies in the
receive window field the amount of
additionally received data (in bytes)
that it is willing to buffer for the
connection. The sending host can send
only up to that amount of data before it
must wait for an acknowledgment and
window update from the receiving
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Flow control
1
When a receiver advertises a window size
of 0, the sender stops sending data and
starts the persist timer
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Congestion control
The final main aspect of TCP is
congestion control. TCP uses a number
of mechanisms to achieve high
performance and avoid congestion
collapse, where network performance
can fall by several orders of magnitude.
These mechanisms control the rate of
data entering the network, keeping the
data flow below a rate that would
trigger collapse. They also yield an
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Congestion control
1
Acknowledgments for data sent, or lack of
acknowledgments, are used by senders to
infer network conditions between the TCP
sender and receiver. Coupled with timers,
TCP senders and receivers can alter the
behavior of the flow of data. This is more
generally referred to as congestion control
and/or network congestion avoidance.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Congestion control
Modern implementations of TCP
contain four intertwined algorithms:
Slow-start, congestion avoidance, fast
retransmit, and fast recovery (RFC
5681).
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Congestion control
In addition, senders employ a
retransmission timeout (RTO) that is
based on the estimated round-trip time (or
RTT) between the sender and receiver, as
well as the variance in this round trip time
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Congestion control
1
Enhancing TCP to reliably handle loss,
minimize errors, manage congestion and
go fast in very high-speed environments
are ongoing areas of research and
standards development. As a result, there
are a number of TCP congestion
avoidance algorithm variations.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Maximum segment size
1
The maximum segment size (MSS) is the
largest amount of data, specified in bytes,
that TCP is willing to receive in a single
segment
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Maximum segment size
1
MSS announcement
is also often called
"MSS negotiation"
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Selective acknowledgments
Relying purely on the cumulative
acknowledgment scheme employed
by the original TCP protocol can lead
to inefficiencies when packets are lost
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Selective acknowledgments
To solve this problem TCP employs
the selective acknowledgment (SACK)
option, defined in RFC 2018, which
allows the receiver to acknowledge
discontinuous blocks of packets that
were received correctly, in addition to
the sequence number of the last
contiguous byte received
successively, as in the basic TCP
acknowledgment
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Selective acknowledgments
1
A TCP sender can interpret an out-of-order
packet delivery as a lost packet. If it does
so, the TCP sender will retransmit the
packet previous to the out-of-order packet
and slow its data delivery rate for that
connection. The duplicate-SACK option,
an extension to the SACK option that was
defined in RFC 2883, solves this problem.
The TCP receiver sends a D-ACK to
indicate that no packets were lost, and the
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Selective acknowledgments
1
The SACK option is not mandatory and
it is used only if both parties support
it. This is negotiated when connection
is established. SACK uses the optional
part of the TCP header (see TCP
segment structure for details). The use
of SACK is widespread — all popular
TCP stacks support it. Selective
acknowledgment is also used in
Stream Control Transmission Protocol
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Window scaling
For more efficient use of high
bandwidth networks, a larger TCP
window size may be used. The TCP
window size field controls the flow of
data and its value is limited to
between 2 and 65,535 bytes.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Window scaling
1
Since the size field cannot be expanded, a
scaling factor is used. The TCP window
scale option, as defined in RFC 1323, is
an option used to increase the maximum
window size from 65,535 bytes to 1
gigabyte. Scaling up to larger window
sizes is a part of what is necessary for
TCP Tuning.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Window scaling
1
The window scale option is used only
during the TCP 3-way handshake. The
window scale value represents the
number of bits to left-shift the 16-bit
window size field. The window scale
value can be set from 0 (no shift) to 14
for each direction independently. Both
sides must send the option in their SYN
segments to enable window scaling in
either direction.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Window scaling
1
Some routers and packet firewalls rewrite
the window scaling factor during a
transmission. This causes sending and
receiving sides to assume different TCP
window sizes. The result is non-stable
traffic that may be very slow. The problem
is visible on some sites behind a defective
router.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP timestamps
TCP timestamps, defined in RFC 1323,
can help TCP determine in which order
packets were sent. TCP timestamps are
not normally aligned to the system clock
and start at some random value. Many
operating systems will increment the
timestamp for every elapsed millisecond;
however the RFC only states that the ticks
should be proportional.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP timestamps
1
a 4-byte echo reply timestamp value (the most
recent timestamp received from you).
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP timestamps
1
TCP timestamps are used in an algorithm
known as Protection Against Wrapped
Sequence numbers, or PAWS (see RFC
1323 for details). PAWS is used when the
TCP window size exceeds the possible
numbers of sequence numbers (232). In
the case where a packet was potentially
retransmitted it answers the question: "Is
this sequence number in the first 4 GB or
the second?" And the timestamp is used to
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP timestamps
1
RFC 1323 incorrectly states in section
2.3 that the window scale must be
limited to 230 to remain under 1 GB
(which is correct, but the sequence
number limit is 4 GB); however a scale
of 16 and a window size of 65535 would
be 65536 less than the 232 possible
sequence numbers and thus an
acceptable yet excessive value.
Because of this error many systems
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP timestamps
Also, the Eifel detection algorithm
(RFC 3522) uses TCP timestamps to
determine if retransmissions are
occurring because packets are lost or
simply out of order.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Out of band data
1
One is able to interrupt or abort the queued
stream instead of waiting for the stream to
finish
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Out of band data
1
TCP OOB data was not designed for the
modern Internet. The urgent pointer only
alters the processing on the remote host
and doesn't expedite any processing on
the network itself. When it gets to the
remote host there are two slightly different
interpretations of the protocol, which
means only single bytes of OOB data are
reliable. This is assuming it is reliable at all
as it is one of the least commonly used
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Forcing data delivery
1
Normally, TCP waits for 200 ms or for a full
packet of data to send (Nagle's Algorithm
tries to group small messages into a single
packet). This wait creates small, but
potentially serious, delays if repeated
constantly during a file transfer. For
example, a typical send block would be 4
KB, a typical MSS is 1460, so 2 packets
go out on a 10 Mbit/s ethernet taking ~1.2
ms each followed by a third carrying the
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Forcing data delivery
1
In the case of telnet, each user keystroke
is echoed back by the server before the
user can see it on the screen. This delay
would become very annoying.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Forcing data delivery
Setting the socket option
TCP_NODELAY overrides the default
200 ms send delay. Application
programs use this socket option to
force output to be sent after writing a
character or line of characters.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Forcing data delivery
1
The RFC defines the PSH push bit as
"a message to the receiving TCP stack
to send this data immediately up to
the receiving application". There is no
way to indicate or control it in User
space using Berkeley sockets and it is
controlled by Protocol stack only.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Vulnerabilities
1
TCP may be attacked in a variety of
ways. The results of a thorough
security assessment of TCP, along
with possible mitigations for the
identified issues, were published in
2009, and is currently being pursued
within the IETF.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Denial of service
By using a spoofed IP address and
repeatedly sending purposely
assembled SYN packets, followed by
many ACK packets, attackers can
cause the server to consume large
amounts of resources keeping track of
the bogus connections
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection hijacking
1
An attacker who is able to eavesdrop a TCP session
and redirect packets can hijack a TCP connection
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Connection hijacking
1
Impersonating a different IP address
was not difficult prior to RFC 1948,
when the initial sequence number was
easily guessable
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP veto
An attacker who can eavesdrop and
predict the size of the next packet to be
sent can cause the receiver to accept a
malicious payload without disrupting the
existing connection
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP ports
1
TCP uses port numbers to identify sending
and receiving application end-points on a
host, or Internet sockets
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP ports
1
Port numbers are categorized into
three basic categories: well-known,
registered, and dynamic/private
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
1
TCP is a complex protocol
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
1
The original TCP congestion avoidance
algorithm was known as "TCP Tahoe", but
many alternative algorithms have since
been proposed (including TCP Reno, TCP
Vegas, FAST TCP, TCP New Reno, and
TCP Hybla).
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
1
TCP Interactive (iTCP) is a research effort
into TCP extensions that allows
applications to subscribe to TCP events
and register handler components that can
launch applications for various purposes,
including application-assisted congestion
control.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
1
Multipath TCP (MPTCP) is an ongoing
effort within the IETF that aims at allowing
a TCP connection to use multiple paths to
maximise resource usage and increase
redundancy
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
1
TCP Cookie Transactions (TCPCT) is an
extension proposed in December 2009 to
secure servers against denial-of-service
attacks. Unlike SYN cookies, TCPCT does
not conflict with other TCP extensions
such as window scaling. TCPCT was
designed due to necessities of DNSSEC,
where servers have to handle large
numbers of short-lived TCP connections.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
1
tcpcrypt is an extension proposed in July
2010 to provide transport-level encryption
directly in TCP itself. It is designed to work
transparently and not require any
configuration. Unlike TLS (SSL), tcpcrypt
itself does not provide authentication, but
provides simple primitives down to the
application to do that. As of 2010, the first
tcpcrypt IETF draft has been published
and implementations exist for several
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Development
TCP Fast Open is an extension to
speed up the opening of successive
TCP connections between two
endpoints. It works by skipping the
three-way handshake using a
cryptographic "cookie". It is similar
to an earlier proposal called T/TCP,
which was not widely adopted due to
security issues. As of July 2012, it is an
IETF Internet draft.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP over wireless networks
TCP has been
optimized for wired
networks
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP over wireless networks
1
A number of alternative congestion control
algorithms have been proposed to help
solve the wireless problem, such as
Vegas, Westwood, Veno and Santa Cruz.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Hardware implementations
1
One way to overcome the processing
power requirements of TCP is to build
hardware implementations of it, widely
known as TCP Offload Engines (TOE).
The main problem of TOEs is that they
are hard to integrate into computing
systems, requiring extensive changes
in the Operating System of the
computer or device. One company to
develop such a device was Alacritech.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Debugging
1
A packet sniffer, which intercepts TCP traffic
on a network link, can be useful in debugging
networks, network stacks and applications
that use TCP by showing the user what
packets are passing through a link. Some
networking stacks support the SO_DEBUG
socket option, which can be enabled on the
socket using setsockopt. That option dumps
all the packets, TCP states, and events on
that socket, which is helpful in debugging.
Netstat is another utility that can be used for
debugging.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
For many applications TCP is not
appropriate. One problem (at least with
normal implementations) is that the
application cannot access the packets
coming after a lost packet until the
retransmitted copy of the lost packet is
received. This causes problems for realtime applications such as streaming
media, real-time multiplayer games and
voice over IP (VoIP) where it is generally
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
1
For both historical and performance
reasons, most storage area networks
(SANs) prefer to use Fibre Channel
protocol (FCP) instead of TCP/IP.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
1
Also, for embedded systems, network
booting, and servers that serve simple
requests from huge numbers of clients
(e.g. DNS servers) the complexity of
TCP can be a problem. Finally, some
tricks such as transmitting data
between two hosts that are both
behind NAT (using STUN or similar
systems) are far simpler without a
relatively complex protocol like TCP
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
1
Generally, where TCP is unsuitable, the
User Datagram Protocol (UDP) is used.
This provides the application multiplexing
and checksums that TCP does, but does
not handle streams or retransmission,
giving the application developer the ability
to code them in a way suitable for the
situation, or to replace them with other
methods like forward error correction or
interpolation.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
1
Stream Control Transmission Protocol
(SCTP) is another IP protocol that
provides reliable stream oriented
services similar to TCP. It is newer
and considerably more complex than
TCP, and has not yet seen widespread
deployment. However, it is especially
designed to be used in situations
where reliability and near-real-time
considerations are important.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
Venturi Transport Protocol (VTP) is a
patented proprietary protocol that is
designed to replace TCP transparently to
overcome perceived inefficiencies related
to wireless data transport.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
1
TCP also has issues in high bandwidth
environments. The TCP congestion
avoidance algorithm works very well
for ad-hoc environments where the
data sender is not known in advance,
but if the environment is predictable,
a timing based protocol such as
Asynchronous Transfer Mode (ATM)
can avoid TCP's retransmits overhead.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Alternatives
Multipurpose Transaction Protocol
(MTP/IP) is patented proprietary
software that is designed to adaptively
achieve high throughput and
transaction performance in a wide
variety of network conditions,
particularly those where TCP is
perceived to be inefficient.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv4
The checksum field is the 16 bit one's
complement of the one's complement sum
of all 16-bit words in the header and text. If
a segment contains an odd number of
header and text octets to be
checksummed, the last octet is padded on
the right with zeros to form a 16-bit word
for checksum purposes. The pad is not
transmitted as part of the segment. While
computing the checksum, the checksum
field itself is replaced with zeros.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv4
In other words, after appropriate
padding, all 16-bit words are added
using one's complement arithmetic.
The sum is then bitwise complemented
and inserted as the checksum field. A
pseudo-header that mimics the IPv4
packet header used in the checksum
computation is shown in the table
below.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv4
1
TCP pseudo-header for
checksum computation
(IPv4)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv4
1
96 Source port
Destination port
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv4
1
The source and destination addresses are
those of the IPv4 header. The protocol
value is 6 for TCP (cf. List of IP protocol
numbers). The TCP length field is the
length of the TCP header and data
(measured in octets).
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv6
1
When TCP runs over IPv6, the method used to
compute the checksum is changed, as per RFC
2460:
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv6
Any transport or other upper-layer
protocol that includes the addresses
from the IP header in its checksum
computation must be modified for use
over IPv6, to include the 128-bit IPv6
addresses instead of 32-bit IPv4
addresses.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv6
1
A pseudo-header that mimics the IPv6 header for
computation of the checksum is shown below.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv6
1
320Source portDestination
port
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv6
1
Source address – the one in the
IPv6 header
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - TCP checksum for IPv6
Destination address – the final
destination; if the IPv6 packet doesn't
contain a Routing header, TCP uses
the destination address in the IPv6
header, otherwise, at the originating
node, it uses the address in the last
element of the Routing header, and, at
the receiving node, it uses the
destination address in the IPv6
header.
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Checksum offload
Many TCP/IP software stack
implementations provide options to
use hardware assistance to
automatically compute the checksum
in the network adapter prior to
transmission onto the network or upon
reception from the network for
validation. This may relieve the OS
from using precious CPU cycles
calculating the checksum. Hence,
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Checksum offload
1
This feature may cause packet analyzers
detecting outbound network traffic
upstream of the network adapter that are
unaware or uncertain about the use of
checksum offload to report invalid
checksum in outbound packets.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Further reading
1
Stevens, W. Richard. TCP/IP Illustrated, Volume 1:
The Protocols. ISBN 0-201-63346-9.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Further reading
1
Stevens, W. Richard; Wright, Gary R.
TCP/IP Illustrated, Volume 2: The
Implementation. ISBN 0-201-63354-X.
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Further reading
1
Stevens, W. Richard. TCP/IP Illustrated,
Volume 3: TCP for Transactions, HTTP,
NNTP, and the UNIX Domain Protocols.
ISBN 0-201-63495-3.**
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - RFC
1
RFC 4614 – A Roadmap for TCP
Specification Documents
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - RFC
1
RFC 6298 – Computing
TCP's Retransmission
Timer
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - RFC
1
RFC 6824 - TCP Extensions for
Multipath Operation with
Multiple Addresses
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Others
1
Oral history interview
with Robert E
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Others
John Kristoff's Overview of TCP
(Fundamental concepts behind TCP and
how it is used to transport data between
two endpoints)
1
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Others
1
TCP fast retransmit simulation animated:
slow start, sliding window, duplicated Ack,
congestion window
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Others
1
Engineer Francesco Buffa's
page about Transmission
Control Protocol
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
Transmission Control Protocol - Others
1
TCP Sliding Window
simulation animated
(ns2)
https://store.theartofservice.com/the-transmission-control-protocol-toolkit.html
For More Information, Visit:
• https://store.theartofservice.co
m/the-transmission-controlprotocol-toolkit.html
The Art of Service
https://store.theartofservice.com