Session 1: TCP Flashcards
What are some of TCP’s main features?
The TCP protocol provides the abstraction of a reliable, full-duplex transport over IP.
Some of the features include
- Flow control: users are free to control the segment size using the window field
- Congestion control: Senders can measure traffic congestion by looking at rate of ACK segments¨
- Data integrity and Error correction
- End-to-end Connection between hosts
- Process to process delivery
On which level in the protocol stack does TCP reside?
Transport layer. (along with UDP)
The transport layer’s tasks include error correction as well as segmenting and desegmenting data before and after it’s transported across the network. This layer is also responsible for flow control and making sure that segmented data is delivered over the network in the correct sequence.
What does the TCP header look like?
Couldn’t upload image, so here is a rough ASCII representation
One row is equal to 32 bits, with each ‘+’ being roughly 1 bit.
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|………..Source Port…………………|…………….Destination Port………|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|………………………………..Sequence Number……………………………….|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|…………………………Acknowledgment Number…………………………..|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|..Data.-.|..Res-..|…….TCP…………|………………………………………………..|
|.Offset.|.erved.|…..FLAGS……..|………………..Window…………………|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|……………..Checksum………………|……………Urgent Pointer………….|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|…………………….Options (variable length, optional)………………….|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| …………………………………………..data…………………………………………….|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
How does handshake work in TCP?
In order to communicate using TCP, you need to have a connection. TCP connections are established through three-way handshakes.
In TCP, this is done through three steps:
- Alice sends Bob a synchronize (SYN) message with its unique sequence number, x.
- Bob replies with a synchronize-acknowledgement (SYN-ACK) message with its own sequence number y and acknowledgement number x+1
- Alice replies with an acknowledgement (ACK) message with acknowledgement number y+1
How does retransmission work in TCP?
Also, how can the retransmission-feature be abused?
Retransmission is a feature in the TCP protocol that aims to prevent packet loss.
In TCP, all packets are to be acknowledged from the receiver by a acknowledgement (ACK) packet that contains the sequence number for the packet. If this ACK is not received within a set amount of time, the sender will assume that it was lost and will attempt to resend it.
The maximum number of packets that are in transit at the same time is determined by the size of the congestion window.
What is a SYN flooding attack?
A SYN attack/flood is a form of DoS attack that uses SYN packets to overload servers.
When receiving a SYN-packet, the server has to spend resources on sending SYN-ACKs and waiting for final ACKs never arrive.
How can TCP connections be spoofed?
In order to hijack a TCP session, the attacker must guess the right sequence number and disable the original connection.
While there are over four billion options for what the sequence number can be, the pseudo-random generators are imperfect and increase the likelihood predicting sequence numbers.
For large business sites, spoofing can be a big problem. The likelihood of guessing the correct sequence number of a specific connection can be difficult, but the likelihood of guessing a arbitrary connection’s sequence number can be manageable.
