TCP: TRANSMISSION CONTROL PROTOCOL

hello guys-

today i am going to discus  TCP.very very very conceptual topic.

if you have good hands on tcp then you are hot cake in networking field.i will try to give a very good concept of tcp in this blog.

many question are assosciate with TCP like what is tcp.where tcp lies in network layer and so on?

TCP- transmission control protocol

this protocols  reside in transport layer(layer 4) of OSI model..do you know who else reside in network layer ?
it is UDP(use datagram protocol).it is also transport layer protocol

basic difference between TCP and UDP is reliable concerns, TCP more reliable and UDP less.

i will discuss UDP in my next blog.right now we  will discuss TCP.



Where and why would we use the TCP ?


TCP is used in almost every type of network. As a protocol, it is not restricted to any type of network topology, whether it be a local area network (LAN) or wide area network (WAN). Being a transport protocol, we call it a transport protocol because it's located in the transport layer of the OSI model its primary job is to get data from one location to another, regardless of the physical network and location.


and why we use TCP because it is more reliable than UDP(other network layer protocol)





The concept of a transport protocol-


TCP is a transport protocol and this means it is used to transfer data of other protocols.dont u think it sound weird? no it is not.


let me try to present an analogy of TCP.
just think tcp is like carriage or truck which is used to take the applicatoin layers protocol (HTTP,SMTP.POP,FTP) from source to destination.


the road on which our carriage travelling is layer 3 network layer. now let me try to summarize this analogy,

1> our carriage or truck(TCP)
2>our stuffs or goods present in truck(is upper layer protocols such as  HTTP.POP,FTP,SMTP).
3>our road or way from source to destination is network layer.


so now we can conclude that our stuffs(upper layer protocols) are safe and secure.





Some common protocols that use TCP are: FTP, Telnet, HTTP, HTTPS, DNS, SMTP and POP3. Let's have a closer look at the main characteristics of this wonderful protocol.


now i would like to discuss in details about TCP.

When people refer to "TCP/IP" remember that they are talking about a suite of protocols and not just one protocol, like most people think. TCP/IP is not one protocol.

Main Features-

       1> Reliable Transport

      2>Connection-Oriented

      3>Flow Control

      4>Windowing

      5>Acknowledgements

      6>More overhead

Reliable Transport

It's a reliable transport because of the different techniques it uses to ensure that the data received is error free. TCP is a robust protocol used for file transfers where data error is not an option. When you decide to download a 500MB file from a website, you wouldn't want to find out after the download is complete that the file has an error! Even though, in reality, this does happen, it just goes to show that you can't always be perfect with certain things.

this picture shows TCP header with in ethernet 2 frame.

The diagram below shows the individual breakdown of each field within the TCP header along with its length in bits.

Remember that 8 bits equal to 1 byte.

The most popular fields within the TCP header are the Source Port, Destination Port and Code bits. These Code bits are also known as 'flags'.

The rest of the fields help make sure all TCP segments make it to their destination and are reassembled in the correct order, while at the same time providing an error free mechanism should a few segments go missing and never reach their destination.

CONNECTION -ORIENTED-

What this basically means is that a connection is established between the two hosts or rather, the two computers, before any data is transferred. When the term "connection is established" is used, this means that both computers know about each other and have agreed on the exchange of data. This is also where the famous 3-way handshake happens. You will find the SYN and ACK bits in the Code bits field which are used to perform the 3-way handshake. Thanks to the 3-way handshake, TCP is connection oriented.

The following diagram explains the procedure of the 3-way handshake:

STEP 1: Host A sends the initial packet to Host B. This packet has the "SYN" bit enabled.Host B receives the packet and sees the "SYN" bit which has a value of "1" (in binary, this means ON) so it knows that Host A is trying to establish a connection with it.

STEP 2: Assuming Host B has enough resources, it sends a packet back to Host A and with the "SYN and ACK" bits enabled (1). The SYN that Host B sends, at this step, means 'I want to synchronise with you' and the ACK means 'I acknowledge your previous SYN request'.

STEP 3: So... after all that, Host A sends another packet to Host B and with the "ACK" bit set (1), it effectively tells Host B 'Yes, I acknowledge your previous request'.

Once the 3-way handshake is complete, the connection is established (virtual circuit) and the data transfer begins

FLOW CONTROL-

Flow control is used to control the data flow between the connection. If for any reason one of the two hosts are unable to keep up with the data transfer, it is able to send special signals to the other end, asking it to either stop or slow down so it can keep up.

For example, if Host B was a webserver from which people could download games, then obviously Host A is not going to be the only computer downloading from this webserver, soHost B must regulate the data flow to every computer downloading from it. This means it might turn to Host A and tell it to wait for a while until more resources are available because it has another 20 users trying to download at the same time.

Below is a diagram that illustrates a simple flow control session between two hosts. At this point, we only need to understand the concept of flow control:

Generally speaking, when a machine receives a flood of data too quickly for it to process, it stores it in a memory section called a buffer. This buffering action solves the problem only if the data bursts are small and don't last long.

However, if the data burst continues it will eventually exhaust the memory of the receiving end and that will result in the arriving data being discarded. So in this situation the receiving end will simply issue a "Not ready" or "Stop" indicator to the sender, or source of the flood. After the receiver processes the data it has in its memory, it sends out a "Ready" or "Go" transport indicator and the sending machine receives the "Go" indicator and resumes its transmission

WINDOWING

Data throughput, or transfer efficiency, would be low if the transmitting machine had to wait for an acknowledgment after sending each packet of data. Because there is time available after the sender transmits the data segment and before it finishes processing acknowledgments from the receiving machine, the sender uses the break to transmit more data. If we wanted to briefly define Windowing we could do so by stating that it is the number of data segments the transmitting machine is allowed to send without receiving an acknowledgment for them.

Windowing controls how much information is transferred from one end to the other. While some protocols quantify information by observing the number of packets, TCP/IP measures it by counting the number of bytes.

Let's explain what is happening in the above diagram.

Host B is sending data to Host A, using a window size equal to one. This means that Host B is expecting an "ACK" for each data segment it sends to Host A. Once the first data segment is sent, Host A receives it and sends an "ACK 2" to Host B. You might be wondering why "ACK 2"and not just "ACK"?

The "ACK 2" is translated by Host B to say: 'I acknowledge (ACK) the packet you just sent me and I am ready to receive the second (2) segment'. So Host B gets the second data segment ready and sends it off to Host A, expecting an "ACK 3" response from Host A so it can send the third data segment for which, as the picture shows, it receives the "ACK 3".

However, if it received an "ACK 2" again, this would mean something went wrong with the previous transmission and Host B will retransmit the lost segment. We will see how this works in the Acknowledgments section later on. Let's now try a different Window size to get a better understanding.. let's say 3!

Keep in mind the way the "ACK's" work, otherwise you might find the following example a bit confusing. If you can't understand it, read the previous example again where the Window size was equal to one.

In the above example, we have a window size equal to 3, which means that Host B can send 3 data segments to Host A before expecting an "ACK" back. Host B sends the first 3 segments (Send 1, Send 2 and Send 3), Host A receives them all in good condition and then sends the"ACK 4" to Host B. This means that Host A acknowledged the 3 data segments Host B sent and awaits the next data segments which, in this case, would be 4, 5 and 6

ACKNOWLEDGEMENT-

Reliable data delivery ensures the integrity of a stream of data sent from one machine to the other through a fully functional data link. This guarantees the data won't be duplicated or lost. The method that achieves this is known as positive acknowledgment with retransmission. This technique requires a receiving machine to communicate with the transmitting source by sending an acknowledgment message back to the sender when it receives data. The sender documents each segment it sends and waits for this acknowledgment before sending the next segment. When it sends a segment, the transmitting machine starts a timer and retransmits if it expires before an acknowledgment is returned from the receiving end.

This figure shows how the Acknowledgments work. If you examine the diagram closely you will see the window size of this transfer which is equal to 3. At first, Host B sends 3 data segments to Host A and they are received in perfect condition so, based on what we learned,Host A sends an "ACK 4" acknowledging the 3 data segments and requesting the next 3 data segments which will be 4, 5, 6. As a result, Host B sends data segments 4, 5, 6 but 5 gets lost somewhere along the way and Host A doesn't receive it so, after a bit of waiting, it realises that 5 got lost and sends an "ACK 5" to Host B, indicating that it would like data segment 5 retransmitted. Now you see why this method is called "positive acknowledgment with retransmission".

At this point Host B sends data segment 5 and waits for Host A to send an "ACK" so it can continue sending the rest of the data. Host A receives the 5th data segment and sends "ACK 7" which means 'I received the previous data segment, now please send me the next 3'. The next step is not shown on the diagram but it would be Host B sending data segments 7, 8 and 9

More Overhead

As you can see, there is quite a neat mechanism under the TCP hood that enables data to be transferred error free. All the features the protocol supports come at a price, and this is the overhead associated with TCP.

When we talk about overhead, we are referring to all the different fields contained within the TCP header and error checking that takes place to ensure no portion of the data is corrupt. While for most this is a fair trade off, some people simply can't spare the extra processing power, bandwidth and increased time the TCP transactions require, for this reason we have the alternative UDP protocol, which you can read about in the UDP protocol section.

OVERVIEW OF NAT

,--|192.168.1.1 (Computer A) | L |  |-------------------------| A |--|192.168.1.2 (Computer B) | N |  '-------------------------'   |  ,-------------------------,   '--|192.168.1.100   (ROUTER) |      '-------------------------'

  i have a  LAN with two computers and router. The LAN has its own private addressing scheme (Normally 192.168.1.x or similar) and each device connected to the LAN gets an IP from this range.


 As far as the internet is concerned I have a single 'outside' IP address (The one provided by your ISP).


 Since the router acts as a gateway between the 'inside' (your private LAN) and the outside.


Router sits between the 'inside' and the 'outside' and forms a kind of bridge over which data can pass.


if my  ISP gives you the address 11.22.33.44 then my  network will look something like the this..


      ,-------------------------,
   ,--|192.168.1.1 (Computer A) |
L  |  |-------------------------|
A  |--|192.168.1.2 (Computer B) |
N  |  '-------------------------'
   |  ,-------------------------,
   '--|192.168.1.100            |       inside
======|                (ROUTER) |================
   ,--|11.22.33.44              |       outside
   |  '-------------------------'
I  |
S  |
P \|/
   The basics (Or 'how  machines currently surf from a single IP')


 Now, when I set each computer to use 192.168.1.100 as its 'gateway' in the TCP/IP settings dialogue I am telling them where to send any traffic which does not belong in the 192.168.1.x range.


 Therefore, when I  type www.google.co.uk into  web browser this is translated into googles IP address say... 62.62.62.62 which obviously is NOT a part of 192.168.1.x so it gets sent to your router. 

What happens next is magic .

Lets follow what happens when Machine A (192.168.1.1) opens a temporary outgoing port, say 1025 ... and tries to connect to 62.62.62.62:80 (One of googles many webservers) 

Machine A sends a packet whos header contains...
SOURCE = 192.168.1.1 :1025
DESTINATION = 62.62.62.62 :80
... to the gateway ( router) for passing to the outside world

Router receives the packet, examines this header and makes a note in its 'translation table' 

INSIDE IP       INSIDE PORT    OUTSIDE IP     OUTSIDE PORT --------------------------------------------------------------- 192.168.1.1     1025           62.62.62.62

Now, just as each computer has 65000+ ports,  router also has 65000+ ports. It looks to see if port 1025 is available and in this case we will assume it is. It decides to use ITS port 1025 to send  data and notes this fact in the translation table 

INSIDE IP       INSIDE PORT    OUTSIDE IP     OUTSIDE PORT --------------------------------------------------------------- 192.168.1.1     1025           62.62.62.62    1025

This entry simply means, computer 192.168.1.1 (inside) used its port 1025 to send data to the public (outside) address 62.62.62.62... And the router sent this data from its own port 1025 (The 'outside port) 

It then sends the data... but only after changing the IP header 

packet received from LAN:
SOURCE = 192.168.1.1 :1025
DESTINATION = 62.62.62.62 :80

Packet sent to ISP:
SOURCE = 11.22.33.44 :1025
DESTINATION = 62.62.62.62 :80 

Notice that the destination is the same, but now the packets source is *ISP SUPPLIED* (or public) address. This is imortant since there may be billions of computers with the 'inside' IP 192.168.1.1 all over the world but there should only be one device with the unique public IP 11.22.33.44 ( router) ... and because of this, google knows unambiguously where to send the replies. 

Thats fine. But when  router receives a reply from google, how does it know which computer to send it to 

The IP header of the reply (google -> router) looks like this:
SOURCE = 62.62.62.62 :13948
DESTINATION = 11.22.33.44 :1025 

Translated packet as placed on LAN:
SOURCE = 62.62.62.62 :13948
DESTINATION = 192.168.1.1 :1025

And the packet is thus recieved by Machine A 

DO  NOT YOU THINK ITS FANTASTIC

How collisions are resolved when two machines use same Destination_IP / Local_PORT 

If Machine B also tried to contact google using a temporary outbound port 1025, but the routers port 1025 is 'in use' (possibly because of that last transaction involving Machine A) the router simply chooses a different port number. Thus it not only changes the IP from 192.168.1.2 to 11.22.33.44 but also the PORT from 1025 to perhaps 1027. And makes another note in the translation table:

INSIDE IP       INSIDE PORT    OUTSIDE IP     OUTSIDE PORT
---------------------------------------------------------------
192.168.1.1     1025           62.62.62.62    1025
192.168.1.2     1025           62.62.62.62    1027

Both machines have used the same inside port (1025) to talk to the same outside address (google at 62.62.62.62) but these are passed to google from different ports (1025 and 1027) and so, when replies come back to these two router ports it allows the router to identify where they belong.

The translation table above will convert:
Incoming data from outside address 62.62.62.62 arriving at routers outside port *1025* will be redirected to Machine A's port 1025 

Meanwhile...

Incoming data from outside address 62.62.62.62 arriving at routers outside port *1027* will be redirected to Machine B's port 1025 

And thats why both  machines can access the internet simultaneously even though 'the internet' sees only one IP. Each individual communication is differentiated by dynamically assigned port numbers.

SETTING UP A DHCP SERVER IN WINDOWS 2003

Installing the DHCP server is made quite easy in Windows 2003. By using the "Manage your server" wizard, you are able to enter the details you require and have the wizard set the basics for you. Open to "Manage your server" wizard, select the DHCP server option for the list of server roles and press Next.
You will be asked to enter the name and description of your scope.
Scope: A scope is a collection of IP addresses for computers on a subnet that use DHCP.

The next window will ask you to define the range of addresses that the scope will distribute across the network and the subnet mask for the IP address. Enter the appropriate details and click next.

You are shown a window in which you must add any exclusions to the range of IP addresses you specified in the previous window. If for example, the IP address 10.0.0.150 is that of the company router then you won't want the DHCP server to be able to distribute that address as well. In this example I have excluded a range of IP addresses, 10.0.0.100 to 10.0.0.110, and a single address, 10.0.0.150. In this case, eleven IP's will be reserved and not distributed amongst the network clients.

You are given a choice of whether or not you wish to configure the DHCP options for the scope now or later. If you choose Yes then the upcoming screenshots will be of use to you. Choosing No will allow you to configure these options at a later stage.

The router, or gateway, IP address may be entered in next. The client computers will then know which router to use

In the following window, the DNS and domain name settings can be entered. The DNS server IP address will be distributed by the DHCP server and given to the client.

If you have WINS setup then here is where to enter the IP Address of the WINS server. You can just input the server name into the appropriate box and press "Resolve" to allow it to find the IP address itself

The last step is to activate the scope - just press next when you see the window below. The DHCP server will not work unless you do this.

 

The DHCP server has now been installed with the basic settings in place. The next stage is to configure it to the needs of your network structure.