TCP and UDP, by doug@mscs.mu.edu

TCPandUDP

TCP Connection Establishment

I am going to show who a UDP packet works and how TCP connection establishment and release takes place.

Code links

UDPPacketforDNS.txt
TCPConnectionEstablishment.txt
TCPConnectionRelease.txt

Listings

UDP - A connectionless transport protocol

Host can send UDP packets without having to establish a connection. The main value of having UDP over IP is the addition of source and destination port. With the port assigned the transport layer knows what to do with the packet.It only has source,destination port, length and checksum.

^ UDPPacketforDNS.txt

[2.00164.00455](0.00012.00559)   CAPTURE-00008 78/78
PROVIDER:ether USER:ip <14+64>
Available bytes:78
src:00-1a-73-26-9b-b4 dst:00-11-6b-25-54-c0 length: 2048
PROVIDER:ip USER:udp <20+44>
Available bytes:64
4    src:192.168.123.170 dst:65.24.7.10   hlen:20 len:44 tos:0 id:31094 ttl:128 protocol:17 CheckSum:3cc2
PROVIDER:udp USER:dns <8+36>
Available bytes:44
src:51009 dst:53 length=44 cksum=ff77
PROVIDER:dns USER:none <36+-1>
00000000   4a d7 01 00 00 01 00 00 00 00 00 00 07 66 72 6f  J............fro
00000010   6f 67 6c 65 06 67 6f 6f 67 6c 65 03 63 6f 6d 00  ogle.google.com.
00000020   00 01 00 01                                      ....

[2.00189.00292](0.00024.00837)   CAPTURE-00009 358/358
PROVIDER:ether USER:ip <14+344>
Available bytes:358
src:00-11-6b-25-54-c0 dst:00-1a-73-26-9b-b4 length: 2048
PROVIDER:ip USER:udp <20+324>
Available bytes:344
4    src:65.24.7.10 dst:192.168.123.170   hlen:20 len:324 tos:0 id:50747 ttl:246 protocol:17 CheckSum:38e4
PROVIDER:udp USER:dns <8+316>
Available bytes:324
src:53 dst:51009 length=324 cksum=d4e0
PROVIDER:dns USER:none <316+-1>
00000000   4a d7 81 80 00 01 00 03 00 07 00 07 07 66 72 6f  J............fro
00000010   6f 67 6c 65 06 67 6f 6f 67 6c 65 03 63 6f 6d 00  ogle.google.com.
00000020   00 01 00 01 c0 0c 00 05 00 01 00 04 ab 49 00 0c  .............I..
00000030   07 66 72 6f 6f 67 6c 65 01 6c c0 14 c0 30 00 01  .froogle.l...0..
00000040   00 01 00 00 00 67 00 04 d8 ef 33 68 c0 30 00 01  .....g....3h.0..
00000050   00 01 00 00 00 67 00 04 d8 ef 33 63 c0 38 00 02  .....g....3c.8..
00000060   00 01 00 01 14 89 00 04 01 61 c0 38 c0 38 00 02  .........a.8.8..
00000070   00 01 00 01 14 89 00 04 01 67 c0 38 c0 38 00 02  .........g.8.8..
00000080   00 01 00 01 14 89 00 04 01 64 c0 38 c0 38 00 02  .........d.8.8..
00000090   00 01 00 01 14 89 00 04 01 63 c0 38 c0 38 00 02  .........c.8.8..
000000a0   00 01 00 01 14 89 00 04 01 62 c0 38 c0 38 00 02  .........b.8.8..
000000b0   00 01 00 01 14 89 00 04 01 65 c0 38 c0 38 00 02  .........e.8.8..
000000c0   00 01 00 01 14 89 00 04 01 66 c0 38 c0 68 00 01  .........f.8.h..
000000d0   00 01 00 00 b1 7a 00 04 d1 55 8b 09 c0 a8 00 01  .....z...U......
000000e0   00 01 00 00 b1 ff 00 04 40 e9 b3 09 c0 98 00 01  ........@.......
000000f0   00 01 00 00 b1 7a 00 04 40 e9 a1 09 c0 88 00 01  .....z..@.......
00000100   00 01 00 00 b2 2c 00 04 42 f9 5d 09 c0 b8 00 01  .....,..B.].....
00000110   00 01 00 00 b1 c8 00 04 d1 55 89 09 c0 c8 00 01  .........U......
00000120   00 01 00 00 b7 9d 00 04 48 0e eb 09 c0 78 00 01  ........H....x..
00000130   00 01 00 00 b1 ff 00 04 40 e9 a7 09              ........@...

^ TCP Connection Establishment

To open a connection host 1 sends TCP segment with a SYN bit on and ACK bit off with a SEQ number. Host2 also sends with SYN and ACK bit on with its SEQ number and an ACK which is one plus the Host1's SEQ number. Host1 now sends again with (1+its SEQ number) and an ACK number which is (HOST2's SEQ+1). This the normal scenario.

^ TCPConnectionEstablishment.txt

[2.00193.00163](0.00003.00871)   CAPTURE-00010 66/66
PROVIDER:ether USER:ip <14+52>
Available bytes:66
src:00-1a-73-26-9b-b4 dst:00-11-6b-25-54-c0 length: 2048
PROVIDER:ip USER:tcp <20+32>
Available bytes:52
4    src:192.168.123.170 dst:216.239.51.104   hlen:20 len:32 tos:0 id:31095 ttl:128 protocol:6 CheckSum:38a2
PROVIDER:tcp USER:http <32+0>
     src:53822 dst:80   S    s:0 l:0 a:0 w:8192 
PROVIDER:http USER:none <0+-1>


[2.00244.00547](0.00051.00384)   CAPTURE-00011 66/66
PROVIDER:ether USER:ip <14+52>
Available bytes:66
src:00-11-6b-25-54-c0 dst:00-1a-73-26-9b-b4 length: 2048
PROVIDER:ip USER:tcp <20+32>
Available bytes:52
4    src:216.239.51.104 dst:192.168.123.170   hlen:20 len:32 tos:0 id:44697 ttl:50 protocol:6 CheckSum:9180
PROVIDER:tcp USER:http <32+0>
     src:80 dst:53822   SA   s:0 l:0 a:1 w:5720 
PROVIDER:http USER:none <0+-1>


[2.00244.00668](0.00000.00121)   CAPTURE-00012 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-1a-73-26-9b-b4 dst:00-11-6b-25-54-c0 length: 2048
PROVIDER:ip USER:tcp <20+20>
Available bytes:40
4    src:192.168.123.170 dst:216.239.51.104   hlen:20 len:20 tos:0 id:31096 ttl:128 protocol:6 CheckSum:38ad
PROVIDER:tcp USER:http <20+0>
     src:53822 dst:80    A   s:1 l:0 a:1 w:67 
PROVIDER:http USER:none <0+-1>

^ TCP Connection Release

Connection can be closed with tree way or 4 way handshake. Host1 sends a TCP segment with FIN bit set and when the other side acknowledges the FIN the connection from Host1 to Host2 is closed. Similarly, Host2 initiates its connection release.

TCPConnectionRelease.txt

[12.00157.00400](0.00001.00477)   CAPTURE-00074 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-1a-73-26-9b-b4 dst:00-11-6b-25-54-c0 length: 2048
PROVIDER:ip USER:tcp <20+20>
Available bytes:40
4    src:192.168.123.170 dst:216.239.51.104   hlen:20 len:20 tos:0 id:31127 ttl:128 protocol:6 CheckSum:388e
PROVIDER:tcp USER:http <20+0>
     src:53820 dst:80    AF  s:585 l:0 a:397 w:65 
PROVIDER:http USER:none <0+-1>


[12.00206.00733](0.00049.00333)   CAPTURE-00075 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-11-6b-25-54-c0 dst:00-1a-73-26-9b-b4 length: 2048
PROVIDER:ip USER:tcp <20+20>
Available bytes:40
4    src:216.239.51.104 dst:192.168.123.170   hlen:20 len:20 tos:0 id:45996 ttl:241 protocol:6 CheckSum:cd78
PROVIDER:tcp USER:http <20+0>
     src:80 dst:53820    A   s:3798944981 l:0 a:3854497013 w:6424 
PROVIDER:http USER:none <0+-1>


[12.00307.00284](0.00100.00551)   CAPTURE-00076 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-11-6b-25-54-c0 dst:00-1a-73-26-9b-b4 length: 2048
PROVIDER:ip USER:tcp <20+20>
Available bytes:40
4    src:216.239.51.104 dst:192.168.123.170   hlen:20 len:20 tos:0 id:44700 ttl:50 protocol:6 CheckSum:9189
PROVIDER:tcp USER:http <20+0>
     src:80 dst:53822    AF  s:416 l:0 a:857 w:6848 
PROVIDER:http USER:none <0+-1>


[12.00307.00376](0.00000.00092)   CAPTURE-00077 54/54
PROVIDER:ether USER:ip <14+40>
Available bytes:54
src:00-1a-73-26-9b-b4 dst:00-11-6b-25-54-c0 length: 2048
PROVIDER:ip USER:tcp <20+20>
Available bytes:40
4    src:192.168.123.170 dst:216.239.51.104   hlen:20 len:20 tos:0 id:31128 ttl:128 protocol:6 CheckSum:388d
PROVIDER:tcp USER:http <20+0>
     src:53822 dst:80    A   s:857 l:0 a:417 w:65 
PROVIDER:http USER:none <0+-1>