TCP/IP Transport Layer

TCP/IP application layer uses HTTP to transfer file that make up the web pages of World Wide Web Two important protocols used in TCP/IP transport layer are Transmission control protocol (TCP) and User Datagram protocol (UDP). To know the functions of these transport layer protocols, it is very important to know the services provided by this protocol to the layer above it. Each layer provides services to the layer above it.

Example: HTTP is used to transfer a default home page (name.htm) from Ruby to John. But what would be the result, if John’s HTTP losses the request transmitted over TCP/IP network or what would be the result if Ruby’s reply which contains of the home page, was lost? Logically the page will not be displayed.

TCP services provided to HTTP


So, TCP/IP requires a method to get an assurance for the delivery of data across the TCP/IP network. John sends a request to Ruby to synchronize a sequence number (a SYN packet) and to establish a connection. The receiving device (Ruby) receives the request and replies it by sending a message. The first device (John) responds by sending an acknowledgment (ACK) to receiver (Ruby) indicating that the connection is established. When the connection is established data will be transferred from Ruby to John and helps to display the web page. This concept is known as 3-way handshake.

Use of ACK
Protocols at Transport Layer

Transmission Control protocol :

Transmission control protocol receive large amount of information from the application layer and breaks them into smaller segments. TCP assigns numbers and sequences each segment in such a way that the TCP protocol at the destination can put the segment back in the same order the application intended. After transmitting these segments, TCP waits for the acknowledgment from the receiving end and retransmits those, which are not acknowledged. Before sending the segments, down the model, the sender’s TCP protocol; communicates with destination’s TCP protocol to establish connection. This connection is known as virtual-circuit. And the type of communication is known as connection-oriented communication. During this initial handshake the TCP protocol checks the amount of data to be sent before the receiving device send the acknowledgment. After checking everything, reliable communication takes place.

TCP Segment Properties :

A TCP segment is the packet of information that is used by TCP to exchange data with is TCP running on other hosts. The segment is encapsulated into IP datagram and transmitted over the network the TCP header is 20 bytes long or up to 24 bytes with option. It is very important to understand each field in the TCP segment. The TCP segment contains following fields.

TCP Header Field :


TCP Header Field

Source Port: 16 bits : The source port number.

Destination Port: 16 bits : The destination port number.

Sequence Number: 32 bits : The sequence number of the first data octet in this segment (except when SYN is present).If SYN is present the sequence number is the initial sequence number (ISN) and the first data octet is ISN+1.

Acknowledgment Number: 32 bits : If the ACK control bit is set this field contains the value of the next sequence number the sender of the segment is expecting to receive. Once a connection is established this is always sent.

Data Offset: 4 bits : The number of 32 bit words in the TCP Header. This indicates where the data begins. The TCP header (even one including options) is an integral number of 32 bits long.

Reserved: 6 bits : Reserved for future use. Must be zero.

Control Bits: 6 bits (from left to right):
  • CWR : Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism.
  • ECE : ECN-Echo indicates   # If the SYN flag is set, that the TCP peer is ECN capable. # If the SYN flag is clear, that  a packet with Congestion Experienced flag in IP header set is received during normal transmission.
  • URG: Urgent Pointer field significant
  • ACK: Acknowledgment field significant
  • PSH: Push Function
  • RST: Reset the connection
  • SYN: Synchronize sequence numbers
  • FIN: No more data from sender

Window: 16 bits : The number of data octets beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.

Checksum: 16 bits : The checksum field is the 16 bit one's complement of the one's complement sum of all 16 bit words in the header and text. If a segment contains an odd number of  header and text octets to be checksum, the last octet is padded on the right  with zeros to form a 16 bit word for checksum purposes. The pad is not  transmitted as part of the segment. While computing the checksum, the checksum  field itself is replaced with zeros.

The checksum also covers a 96 bit pseudo header conceptually prefixed to the TCP header. This pseudo header contains the Source Address, the Destination Address, the Protocol, and TCP length. This gives the TCP protection against misrouted segments. This information is carried in the Internet Protocol and is transferred across the TCP/Network interface in the arguments or results of calls by the TCP on the IP.

+--------+--------+--------+--------+
| Source Address |
+--------+--------+--------+--------+
| Destination Address |
+--------+--------+--------+--------+
| zero | PTCL | TCP Length |
+--------+--------+--------+--------+

The TCP Length is the TCP header length plus the data length in octets (this is  not an explicitly transmitted quantity, but is computed), and it does not count  the 12 octets of the pseudo header.

Urgent Pointer: 16 bits : This field communicates the current value of the urgent pointer as a positive  offset from the sequence number in this segment. The urgent pointer points to the sequence number of the octet following the urgent data. This field is only be  interpreted in segments with the URG control bit set.

Options: variable : Options may occupy space at the end of the TCP header and are a multiple of 8 bits in length. All options are included in the checksum. An option may begin on any octet boundary. There are two cases for the format of an option:

Case 1: A single octet of option-kind.

Case 2: An octet of option-kind, an octet of option-length, and the actual option-data octets.

The option-length counts the two octets of option-kind and option-length as well as the option-data octets.

Note that the list of options may be shorter than the data offset field might imply. The content of the header beyond the End-of-Option option must be header padding (i.e., zero).

A TCP must implement all options.
Currently defined options include (kind indicated in octal):
Kind     Length    Meaning
---- ------ -------
0 - End of option list.
1 - No-Operation.
2 4 Maximum Segment Size.
Specific Option Definitions

End of Option List
+--------+
|00000000|
+--------+
Kind=0
This option code indicates the end of the option list. This might not coincide  with the end of the TCP header according to the Data Offset field.  This is used at the end of all options, not the end of each option, and need only be used if the end of the options would not otherwise coincide with the end of the TCP header.

No-Operation

+--------+
|00000001|
+--------+
Kind=1
This option code may be used between options, for example, to align the beginning of a subsequent option on a word boundary. There is no guarantee that senders will use this option, so receivers must be prepared to process options even if they do not begin on a word boundary.
Maximum Segment Size

+--------+--------+---------+--------+
|00000010|00000100| max seg size |
+--------+--------+---------+--------+
Kind=2 Length=4
Maximum Segment Size Option Data: 16 bits

If this option is present, then it communicates the maximum receive segment size at the TCP which sends this segment. This field must only be sent in the initial connection request (i.e., in segments with the SYN control bit set). If this option is not used, any segment size is allowed.

Padding: variable
the TCP header padding is used to ensure that the TCP header ends and data begins on a 32 bit boundary. The padding is composed of zeros.

Data: A variable length field which holds messages or data from application.

These fields are required to establish and control connection, as well as to provide reliable service which guarantees the delivery of data.

TCP Features

Multiplexing using TCP ports
Multiplexing using TCP ports

A single host can set up multiple connections over the TCP/IP network at any time. This is called multiplexing. If multiple applications or network processes are running, each may set up a connection to a different computer.

For example, multiple Web browsers can be opened and can be connected with multiple sites.

Example: Two computers John and Ruby are connected to each other. Let’s say John is using three applications: Application I, Application II, and web server application. Now Ruby has to decide which application to give the data to, as all the three packets are from same Ethernet and IP address. You might say that Ruby will check at whether the packet contains TCP or UDP header but as you see in figure, two applications are using TCP and one is using UDP.

TCP and UDP helps to solve this problem by using port number field on TCP and UDP headers respectively. Each of John’s TCP and UDP segment uses different destination port number, so that Ruby knows which application to send the data to.

Multiplexing uses a concept called as socket. A socket contains IP address, transport protocol and a port number. So Ruby, a web server application, the socket, the socket is (192.168.12, TCP, port80), because web server by default uses a well-known port number. When John is connected to web server, john uses socket (192.168.1.1, TCP, port1030). Because John requires a port number which is unique and recognize that port 1030 is available and he uses it. John uses this port because ports below 1024 are reserved for well-known application.

When three applications are running at the same time, three socket connections open. A connection between two sockets is unique connection between to computers, as a socket on single computer is unique. Because of unique socket connection, multiple applications can be used at the same time. Discussing about multiplexing based on socket, it enables delivery of data to correct location.

John sending packets to Ruby with three applications


Error recovery (Reliability)

TCP assigns sequence numbers to each data byte and expects a positive acknowledgment (ACK) from receiving TCP. If the acknowledgment is not received, the data will be retransmitted. The receiving TCP rearranges the segments using sequence number, when it arrives out of order.

TCP acknowledgment without errors


The Acknowledgement field (4000) sent by web client indicates the next byte to be received. And the sequence number indicates the first byte in each TCP segment. Each TCP segment in this example is 1000 bytes in length. As there are no errors, the web client sends an acknowledgement.

TCP acknowledgment with errors


In this case TCP segment is found with errors. Web client responds with acknowledgement field equal to 2000. Web server recovers the lost data and resends the second TCP segment. Web server replies with an acknowledgement equal to 4000.TCP maintains timers on data sent. The sending TCP waits for the receiver to reply with an acknowledgement for specified time. If the timer expires before receiving an acknowledgement, the sender can retransmit the segment.

Flow control is a technique whose primary purpose is to properly match the transmission rate of sender to that of the receiver and the network. For this purpose, flow control uses sequence and acknowledgement fields in the TCP header. In addition to these two fields, it also uses another field known as window field. During data transfer, window field is used to adjust the rate of flow of data between communicating TCPs.

Window slides as bytes in the stream when data is sent and acknowledged, so it is also called as “sliding window”. When window size is full, the sender will not send any data and thus controls the flow of data.

Windowing

After sending third segment, the web server has to wait because the window size is full. Web server can send another window only after receiving acknowledgement. As there was no errors, web client send larger window to the server. Now web server can send 4000 bytes before requiring acknowledgement from web client.

Window

Connection establishment and termination

TCP Connection establishment and termination

Connection establishment


Connection is established before any other TCP feature starts its function.Connection establishment is the process, which initializes sequence and acknowledgement fields. In order for two hosts to communicate using TCP, connection has to be established by exchanging message.

Host A initiates the connection by sending a TCP segment with SYN control bit and initial sequence number (ISN) which is represented as variable “X” in the sequence number field.

Host B receives this SYN segment, process it and responds with TCP segment of its own which is represented as variable Y. Host B also sets ACK control bit to indicate next expected byte from Host A which should contain data starting with sequence number X+1.

When Host A receives Host B’s ACK, it finishes the connection establishment by sending a final acknowledgement segment to Host B. Host A sets the ACK control bit and indicates the next expected byte from Host B by placing acknowledgement number Y+1 in the acknowledgement field. In addition to this, source and destination ports are also added in each sender’s segment.

Data Transfer

Once the ISNs have been exchanged, the communicating devices can exchange data between each other. TCP places the segments into the network as long as there is data to send. When the receiver accepts and processes the TCP segment, it sends a positive acknowledgement. These acknowledgements also contain “window” which determines how many bytes the receiver sis currently willing to accept. If the data is lost, receiver doesn’t send acknowledgment.

If there is no send, the receiver waits for the application to put data into the stream. If the data queued by the sender exceeds the receiver window size, the sender has to wait for further acknowledgements. Timers are used to avoid overload.

Connection Termination


To terminate the connection four segments are required. Instead of SYN control bit field, FIN control bit field is used to signal the termination of connection.

In this example, the application running on Host A signals TCP to close the connection. This generates first FIN segment from Host A to Host B. when Host B receives the first FIN segment, it  acknowledges the segment and indicates its destination application about the termination request. Once the application on Host B decides to close the connection, it sends FIN segment, which Host A responds by sending an acknowledgement.

User datagram protocol (UDP)

UDP transports information that doesn’t require reliable delivery; it can have less overhead than TCP as no sequencing or acknowledgements are used. UDP is connectionless protocol and provides fast delivery of datagram to the network host. UDP receives a block of information from upper layer and breaks it into segments and assigns number to each segment.

UDP segment Format
UDP segment Format

In the figure above you can see that UDP does not use windowing or provide for acknowledgements in the UDP header. It is very important to understand each field in the UDP segment. UDP segment contains the following fields:

UDP Message Format
Field Name
Size (bytes)
Description
Source Port
2
Source Port: The 16-bit port number of the process that originated the UDP message on the source device. This will normally be an ephemeral (client) port number for a request sent by a client to a server, or a well-known/registered (server) port number for a reply sent by a server to a client.
Destination Port
2
Destination Port: The 16-bit port number of the process that is the ultimate intended recipient of the message on the destination device. This will usually be a well-known/registered (server) port number for a client request, or an ephemeral (client) port number for a server reply.
Length
2
Length: The length of the entire UDP datagram, including both header and Data fields.
Checksum
2
Checksum: An optional 16-bit checksum computed over the entire UDP datagram plus a special “pseudo header” of fields. See below for more information.
Data
Variable
Data: The encapsulated higher-layer message to be sent.


How TCP and UDP use port numbers

The port numbers has to be kept open to allow the protocols to flow through the network. For file Transport protocols, standard post number 20 and 21 has to be open.


TCP and UDP use port numbers to communicate with upper layers. Port numbers keep a track of different sessions across network. In some cases, conversation does not use an application with a familiar port numbers, for those the port numbers are assigned randomly from a particular range.

The assigned range of port numbers are:
  • Port numbers which lie below 1024 are known as well-known ports. These ports are assigned to common protocols.
  • Port numbers which lie above 1024 are dynamically assigned ports.
  • Registered port numbers are assigned to vendor specific application.
Tcp state diagram
Tcp state diagram

TCP/IP Application Layer

Application Layer Protocols

Application layer in TCP/IP model is the first step in the communication during which data is encoded and sent to and from transport layer ports. Application layer defines user-friendly method of presenting, naming, sending and receiving data.

The most common and popular TCP/IP application is the web browser. Using a web browser, it’s very simple and easy to browse any web site. Select a web site and type the name of web site in web browser to view web page on your computer.

But what makes these web pages to appear on your computer? Here is an example, which explains this process in detail

John web browser (Internet Explorer or Mozilla Firefox) is configured in such a web that, whenever he opens, it will automatically ask for web server Ruby’ s default web page (home page).

General Application logic to get web page



What actually happens is: First request from John asks Ruby to send her home page back. Ruby‘s web server has been configured to identify the location of the file (name.htm) where Ruby‘s web page is stored. John gets the file name.htm from Ruby and contents of the file will be displayed on the web browser window.

In the above example, two TCP/IP application layer protocols are used. Request for the file and transfer of file is executed by HTTP (Hypertext Transfer protocol). You might have noticed that most of the web sites URLs (universal Resource Locators: the text to recognize a web server and a specific web page) start with “http”, which means that HTTP is used to transfer the web pages.

The second protocol known as HTML (Hypertext Markup Language), describes how John’s web browser has to read the contents in the file to display it .The file may contain the size, color etc of the text or it may contain graphics, images and animation.

HTTP Request message format
The next example gives details about functions of networking protocols. Figure below shows the locations of HTTP header and data.

HTTP Get request and reply


Request from John is sent in the form of HTTP header, which contains commands to “get” the required file. Along with the command it also contains the name of the file (in this example it is name.htm). In case when the file name is not mentioned, the web server assumes that the request from John is for default home page. The reply from Ruby contains a HTTP return code along with header.

When the web page is not found in the web server, a HTTP404 “not found “error will be received, which means that you have received HTTP return code of 404. When the requested web page is found, the return code will be “0”.

Interaction between John and Ruby introduces a concept behind networking model. The application layer protocol on Ruby. This is done by creating and transferring application layer header and sometimes not. This process is known as same layer interaction.

Application layer provides the application, the ability to access the services provided by other layers. The most widely used protocols other than HTTP are listed below along with their respective port number and description.

HTTP Response message format

TCP/IP Model Introduction

The TCP/IP protocol suite is named for two of its most important protocols Transmission control protocol (TCP) and Internet protocol (IP). The TCP/IP protocol suite establishes the technical foundation of the Internet. The Department of Defense (DoD) developed TCP/IP to ensure and preserve date integrity. TCP/IP model contains a large number of protocols, which helps one computer to communicate with another. Description of each of these protocols is documented by Request for comments (RFC) and it is approved by Internet Engineering Task force (IETF). This model is a condensed version of the OSI model and contains only four layers. They are Application layer, Host-to-Host layer, Internet layer and Network access layer. Each of these layrerwill be discussed in detail in this lesson.

TCP/IP protocol Architecture

Like other networking models, TCP/IP divides the functions of communication protocols into different layers. Most description of TCP/IP defines three to five levels in the protocol architecture. The four level model is based on the three layers(Application, Transport and Network Access) as defined in the DOD protocol model with the addition of Internet layer. The protocols at the internet and transport later: Internet protocol (IP), Transmission control protocol (TCP) and User Datagram Protocol (UDP) is usually called as “core” of the suite which supports to perform a variety of functions at each of the TCP/IP model layer. The layers in TCP/IP Architectural Model are shown in figure.


TCP/IP and the DoD Model

The DoD model is basically a condensed version of the OSI model- it’s composed of four, instead of seven, layers:
  • Process/Application layer
  • Host-to-Host layer
  • Internet layer
  • Network Access
OSI-TCP/IP Model

Figure shows a comparison of the DoD model ( TCP/IP Mode ) and the OSI reference model. As you can see, the two are similar in concept, but each has a different number of layers with different names.

How protocol stack works

Two Internet hosts connected via two routers and the corresponding layers used at each hop.
TCP/IP Model and OSI model are quite similar in nature. Data is passed down the stack when it is being sent to the network and up the stack when it is received from the network. Every layer uses control information to keep addressing and other information that is needed by the protocol to deliver the data. These control information is called as header or trailer. Each layer upon receiving the data from the previous layer adds its own header in front of the information. This process of adding control information is known as Data encapsulation. When the data is received from the network, opposite procedure happens. At each layer the headers are the headers are stripped off and discarded before passing it to next layer. The process of removing header or trailer from the data is known as Decapsulation.

Encapsulation of application data descending through the TCP/IP layers

Each layer in TCP/IP model has its own data structure, but a layer will not know the data structure used by the layer below and above it.

Browser Properties

This utility is help to find the details of your current browser which includes the details like screen resolution, browser type, browser version, browser color depth, Browser Type, Operating System platform, java enabled status and anti-lasing fonts. These are the browser settings which is help to know before running the application
current resolution: x
browser:
max resolution: x
version:
color depth: bit
code name:
platform:
colors:
java enabled:
anti-aliasing fonts:

Network Tools