Overview of TCP / IP protocols

TCP: It is a connection oriented protocol that provides a reliable, full duplex, bytestream for a user process. It takes care of details such as acknowledgment, timeouts, retransmissions etc. TCP can use either IPv4 or IPv6.

UDP: It is a connectionless protocol and UDP sockets are example of datagram sockets. In this there is no guarantee that UDP datagram ever reach their intended destination. It can also use IPv4 or IPv6.

ICMP: Internet Control Message Protocol : It handles errors and control information between router and hosts. These are generated and processed by TCP /IP networking software itself.

IGMP : Internet Group Management Protocol: It is used with multicasting which is optional with IPv4.

ARP : Address Resolution Protocol, maps an IPv4 address into a hardware address (such as an Ethernet address). ARP is normally used on a broadcast networks such as Ethernet, token ring and FDDI but it is not needed in a point to point network.

RARP : Reverse ARP: This maps a hardware address into an IPv4 address. It is sometimes used when a diskless node such as X terminal is booting.

ICMPv6:  It combines the functionality of ICMPv4, IGMP and ARP.

BPF : BSD Packet Filter: This interface provides the access to the datalink for a process. It is found in Berkley derived kernals.

DLPI: Data Link Provider Interface. This provides access to the datalink and is normally provided with SVR4.

All the above protocols are defined in the RCF (Request For Comments), which are supported by their formal specification.

UDP: User Datagram Protocol ():

•         The application writes a datagram to a UDP socket which is encapsulated either in an IPv4 or IPv6 datagram and then sent to destination.

•         UDP datagram lacks reliability as it requires to build acknowledgements, timeouts, retransmission etc in the protocol.

•         Datagram has a length and if its checksum is correct at the receiving end, it is passed to the receiver.

•         It is a connectionless service. A client UDP socket can send successive datagram to different server and similarly, the server UDP socket can receive datagram from different clients.

TCP: Transmission Control Protocol:

•         A TCP provides a connections between clients and servers.

•         A TCP client establishes a connection with a given server, exchanges data with that server across the connection and then terminates the connection.

•         • TCP provides reliability. When data is sent on a TCP socket, it waits for an acknowledgement for a duration equal or more than the RTT- round trip time. If after reasonable amount of time, the acknowledgment is not received, TCP will give up.

•         RTT is calculated periodically to take care of the congestion in the network.

•         TCP sequences the data by associating a sequence number with every byte that it sends. (A byte stream larger than 1024 bytes is split into segments of 1024 bytes and sent to IP. The sequence number of 1-1024 is allotted for first segment, 1025 - … allotted for second segment and so on.)

•         TCP provides flow control: Receiver advertises the size of data which it can accept to its peer. This size of the window varies dynamically. If the buffer at the receiver is full, the receiver may not accept the data till it is free.

•         TCP connection is also fully duplex: This means an application can send and receive data in both direction on a given connection at any time. The TCP must keep track of state information such as sequence number and window size for each direction of data flow: sending and receiving.

TCP connection establishment and termination:

To understand the connect, accept and close functions and to debug TCP application using neststat we need to follow the state transition diagram.

The three way handshake that take place is as follows:

1.     The server must be prepared to accept an incoming connection. This is normally done by calling socket, bind and listen functions and is called passive open.

2. The client issues an active open by calling connect. This causes the client TCP to send SYN segment to tell the server that the client‘s initial sequence number for the data that the client will send on that connection. No data is sent with SYN. ITtcontains an IP header, TCP header and possible TCP options.

3. The server acknowledges the client‘s SYN and sends its own SYN and the ACK of the client‘s SYN in a single segment.

4.  The client must ACK the server‘s SYN.

As the minimum number of packets required is 3, it is called three way handshake. This is shown in the following figure.

J is the initial sequence number of client and Kis that of Server. ACK number is he initial sequence number plus 1.

TCP Options:

TCP SYN can contain TCP options. Common options are: MSS (Maximum Segment Size), Window Scale Option, Time Stamp Option.

•         MSS Option: With this option the TCP sending SYN announces its maximum segment size, the maximum amount of data that it is willing to accept in each TCP segment, on this connection. This option is set by TCP_ MAXSEG socket option.

• Window scale option: The maximum window that either TCP can advertise to the other TCP is 65535 as the corresponding field in the TCP header occupies 16 bits. But high speed connections (45 Mbps/sec) or long delay paths require larger window which can be set by left shifting (scaling) by 0-14 bits giving rise to one gigabyte. This is effected with SO_RCVBUF socket option.

•         Timestamp option: This option is needed for high speed connections to prevent possible data corruption caused by lost packets that then reappears.

Last two options being new, may not be supported. These are also known as ‗long fat pipe‘ option.

TCP connection Termination:

It takes four segment to terminate a TCP connection as shown below:

1. One application calls close, and we say that this end performs the active close. This end‘s TCP sends FIN segment, which means it is finished sending data.

2.          The other end that receives the FIN performs the passive close. The received FIN is acknowledged by TCP. The FIN is passed to the application as an end of file(after any data that may already be queued for the application to receive) and the receiver will not receive any further data from the sender.

3.    When the received application closes its socket, the TCP sends FIN.

4.    The TCP on the system that receives the FIN  acknowledges the  FIN.

The client in this example announces an MSS(Maximum Segment Size) of 1460 and the server announces an MSS of 1024. Once the connection is established, the client forms a request and sends it to the server (fits in one segment). The server processes the request and sends a reply. The data segments transfer is shown in bold arrows The four segment shown terminate the connection. As it can be seen that the end that performs the active close enters the TIME_WAIT state.

Port Numbers: At any time multiple processes can use either UDP or TCP and both use 16 bit integer port numbers to differentiate these processes. Both TCP and UDP define a group of well known ports that identity services. Some of these are port 21 for FTP, TFTP is assigned UDP port 69 etc. Clients use ephemeral ports that is short lived ports. These port numbers are manually assigned by TCP or UDP to the client. The port numbers are divided into three categories

• Well known ports : 0 – 1023 These port numbers are controlled and assigned by the IANA. When possible same port number is assigned for both TCP and UDP as in the case of web server.

• The Registered Ports: 1024 – 49151 These are not controlled by IANA bit it registers and list the uses of these ports as a convenience to the community

•         Dynamic private ports : 49152 – 65535 These are what we call as ephemeral ports.

Socket Pair: The two values that identify each endpoint, an IP address and a port number, are called a socket. The socket pair for a TCP connection is the 4 tuple that defined the two end points of the connection: the local IP address, local TCP port, foreign IP address, and foreign TCP port.