TCP, UDP and Wireshark-Lab

 By Raul Bernardino

Abstract:

The transport-layer is providing logical communication between processes residing on different network nodes. Whenever, the word logical is mentioned in the computer literature, it denotes an abstract of physical. In other words, it’s making a complicated physical specification simpler. Thus we have logical memory addresses and physical memory address, logical records and physical records and so forth. In the same discussion, we understand that the transport-layer simplifies the communication between processes, by providing an abstract form instead of the actual complex communication form. Accordingly, an application located on one computer, can exchange messages with another remote application, as if both are resident on the same computer.

Introduction:

The transport-layer depends on the network-layer to obtain a logical communication link to other remote hosts. The network-layer provides only best-effort service to pass data between hosts. In other words, network-layer does not guaranteed communication channels. To offset the lack of reliability offered by the network-layer, the transport-layer applies data loss detection measures and retransmissions to provide applications with a reliable communication link. In addition, transport-layers regulate data transmission rates to avoid network link congestion. Within the transport-layer, operate two protocols: TCP and UDP.

These two protocols provide applications with the required quality of service: TCP guarantees error free service, while UDP provides constant data transmission. The choice between one protocol and the other depends on the application.

Multiplexing and De-multiplexing:

A major job of the transport-layer is to collect data units from the application layer, envelop them in headers and forward them to the network-layer to be sent to a destination host. We will follow the textbook convention by calling enveloped data units segments. Collecting segments from different applications is called multiplexing. At the receiving end, the transport-layer receives segments from the network-layer. In order to identify the recipient application, the receiving transport-layer analyzes the header attached to a segment by the sending transport-layer. Then, the receiving transport-layer passes on received segments to corresponding applications. This act is called de-multiplexing.

.

Transport-layers identify the receiving applications with the aid of a three-number address. Applications are associated with port numbers, which identify the interface between application layer and transport-layer. Since network applications follow the client/server model, port numbers for the sending and the receiving applications are the same. To allow more than one application of the same type to be active, a second number is added to distinguish between these applications.

Furthermore, allowing applications of the same type to run on other hosts and send segments to applications at a server, a third number is used. The third number reflects the identity of the host on which a client application runs. The three numbers taken together (triplet) serve to identify a receiving application for the transport layer.  

Connectionless Transport: UDP

We have already mentioned that there are two protocols operating within the transport layer (TCP and UDP). We also mentioned that the transport-layer is responsible for the reliability of transmission (we will find later that other layers also do different degrees of reliability control).

The UDP can be described as the less complex of the two transport-layer protocols, yet it is the more efficient one. Being a less complex protocol also means UDP provides less services for applications. The main difference between UDP and TCP is the quality of service. TCP invests more time in assuring error free delivery than UDP. However, time critical applications are less willing to pay for this assurance, especially if there is tolerance for some glitches in the received data. Imagine if you lost several milliseconds of voice in a radio (or TV) broadcast! It is not that much different than a perfect, but with variable speed, transmission?

There are obviously advantages to using UDP over TCP. Most of these advantages stem from the smaller UDP segments and un-throttled delivery. For example, the overhead in UDP segments is only 8 bytes vs. 20 bytes for TCP. In addition, TCP senders and receivers require additional storage to store the connection state.

UDP is not totally free of error checking. In fact, UDP does provide indication of corrupted data to the receiver, and then, it is left to the receiver to decide what to do. Some applications take advantage of this feature and include reaction to errors. Error detection is done in a simple way through a two-byte checksum attached to the segment header. The checksum contains the 1s complement of the sum of the data (plus header).

2 hosts A and B sent data-grams

The segment travel from B to A where have source port number is Y and the destination port number X as it sees in the below diagram:

Q2.: Yes, it is can running over UDP protocol. In order to explain that, we have to understand how is de-multiplexing and multiplexing works.

The de-multiplexing (de-mux):

a)     The host receives IP data-grams whereas each data-gram has the source and destination IP addresses, each data-gram carrying one transport layer segment, and each segment has the source and destination ports.

b)    The host uses IP address and port number to direct segment to appropriate socket ,as it sees in below diagram:

The UDP or connection-less de-multiplexing on the sender site:

UDP has created sockets with the port numbers, for instance socket-1 with port 1234 and socket-2 with port 1243; how to identify the UDP sockets. The UDP has 2-tuple whereas has the destination IP address and destination port number

The UDP or connectionless de-multiplexing on the receiver site:

The host receives segment: first check destination port in the segment then direct UDP segment to socket with the given port number; second the IP data-grams with the different IP source and source port number directs in to the same socket as it can be seen in below diagram:

From the process 1 (P1), client IP B sends data-gram with its own source port (SP):5775 and with destination port (DP): 6428 to the server IP C then server IP C directed DP: 6428 which is not IP C destination port. When the server IP C knows (P3) that is a client A IP destination port, the server IP C the change the original SP: 5775 with its own SP: 9157. In the P2 the client IP A acknowledges the port, it returns SP: 6428 to the destination 9157 (server IP C). In the P3 processes the server IP C forwards the SP: 6428 to DP: 5775 the original requestor.

Q3.:  The solotion is using the TCP Fair. Why is that? The 2 – TCP sessions use the same bottleneck link of the share bandwidth R bps. The transmission rate = R/2 as it sees in below diagram:

These 2 - TCPs sessions are competing to have the equal share of the existing bandwidth and the result as it sees on the diagram below:

Where the 2 - TCPs are adding the increases and giving the 1 slope as it increases the throughout in other end it is multiplicative the decrease of the throughout proportional decreases.

Q4.: Wireshark-Lab:

Q4.1: the IP address is 128.119.245.12 as it sees in the below screen shots:

Where the source port # is SP: http (80) and the destination port # is DP: 55070

Q4.2 the address of my computer IP is 10.2.0.93 as it sees in the screen shot below:

Where the source port # is SP: 55070 and the destination port # is DP: http (80)

Q4.3: TCP sequence #:449730, next sequence #449868 as it sees in the screen shot:

The POST data are 50 4f 53 54 as it sees in the screen shot:

Q4.4: the first length is 52 as it sees in the screen shot:

The second length is 52 as it sees in the screen shot:

The third length is 40 as it sees in the screen shot:

The fourth length is 40 as it sees in the screen shot:

The fifth length is 40 as it sees in the screen shot:

The sixth length is 40 as it sees as in the screen shot:

Reference List:

1.     Kurose James, Ross Keith, 2010;’Computer Networking; A Top-Down Approach: 5^th Edition’; Boston, Addison-Wesley

2.     Lecture notes, CPCOMM_week3_lecture

3.     Kessler, G.C, (Nov 9, 2010), An Overview of TCP/IP Protocols and the Internet, [on-line]. Available from: http://www.garykessler.net/library/tcpip.html   (Accessed: 24 May 2014)