-
October 2nd, 2003, 01:22 AM
#1
Basic TCP/IP and Networking
The two most commonly used protocols are Trasmission Control Protocol(TCP) and User Datagram Protocol(UDP). There are two main differences between TCP and UDP. TCP is more reliable, it lets you know what happened to the data sent. Also, its maintains a connection throughout the conversation between comuters. When data is sent through a network there is always something that may happen to it and stop it from arriving such as the computer disconnecting from the network. TCP offers a way to make sure your data has arrived, and if it hasnt arrived, it can also let you know. UDP does not offer this, it is connectionless and unreliable. Mostly UDP is used for broadcasting data across networks when you do not care who recieves it or if it has arrived sucsessfully.
There are different kinds of TCP packets. These packets are distinguished by what are called flags. Other things can be used to tell packets apart but I will only explain flags for now. The three kinds of flags I will explain are SYN, ACK, and FIN. These are the TCP flags used to open a connection between two computers. The SYN flag is used to Request A Connection, The ACK Flag is used when you ACKnowledge a request for a connection or that the data has been recieved, and a FIN flag is used to finalize a connection. Note that these are not the only kind of flags just the ones I chose to explain.
Data cant just be sent across a network raw, some things must happen between the computers sending and reciving and the data being sent. When data is getting ready to be sent the raw data goes through a kind of "packaging process". The raw data is wrapped up in a TCP/IP header. The header contains information such as the flags (SYN,ACK,FIN), The TTL (Time to live, recently changed to Hops), and Source and Destination IP along with other information. Once the data is "packaged" it is ready to be sent. First off a connection must be open. To do this, something called a Three Way Handshake[/b] must occur. It happens like this, A Computer sends a Syn Packet (Connection Request) to the computer it wishes to connect to, if the packet arrives sucsessfully then the reciving computer sends back a ACK (Acknowledge) and another SYN. Once these packets arrive, the first computer sends back a ACK and a FIN (Finalize) and the connection is made and data is ready to be sent.
Three Way Handshake
Step One
|_Computer A__| TCP(SYN) packet sent to a computer -------> |__Computer B__|
Step Two
|__Computer A__| <---- TCP(ACK) Sent Back along with TCP(SYN) |__Computer B__|
Step Three
|__Computer A__| Reply with TCP(ACK) and TCP(FIN) ----------> |__Computer B__|
One a connection is made data can be sent. Remember that the raw data alone is not sent, it is attached to a header containing properties about the packet and information about the connection. Data can arrive to a computer in many ways. Sometimes data will need to go through one more more routers. On the internet data will travel through more than 8 routers to get to its destination. On a small netowork this number is much smaller. A router connects two networks together. If data is sent from computer A to computer B and they are not on the same network, the data will need to go through a router. Once data is sent to a router, the router takes the data and reads the header for the destination IP. If the IP is located on that routers network the data is send to that computer. If the computer is not on a attached network the router chooses an appropiate path and sends the data to another router and it repeats this process until the specified computer recieves the data.
I hope this helps some. If this interests you and you wish to learn more about TCP/IP and networking there are alot of good tutorials already posted on AO. Also here are some links that I have found that might help. Good luck!
Thanks to Diemos for the help! (Unerror IRC)
www.private.org.il/tcpip_rl.html
www.catalyst.com/support/tutorials/tcpintro/
www.catalyst.com/support/tutorials/tcpintro/
www.freeprogrammingresources.com/tcp.html
www.freeprogrammingresources.com/tcp.html
[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]
-
October 2nd, 2003, 05:15 AM
#2
Member
Very nice little tut.
I read a little about TCP in Internet Security and Firewalls, but it was way over my head. Then I understood a little more about it when I read Networking+, but now I have just a little bit more of a hold on it. Thanks.
/Note I would send you a nice lil positive antipoint, but I dont have enuff so it wouldnt help ya any.
-Ep
01001001001000000100110001101111011101100110010100100000010000100110010101110100011101000111100100100001
-
October 2nd, 2003, 05:32 AM
#3
Yeah, TCP is a connection orientated protocol, while UDP does not require a connection to be made to send a packet. TCP is the slower of the two protocols as it requires acknowlegement that the packet has been received. It also makes sure that all packets get there in the same order that they were sent. UDP is faster as it does not require to make sure that the packets get there or that they get there in the right order.
TCP provides flow control while UDP does not. If a computer did not receive a TCP packet, the sender will resend teh data. This is also called an automatic repeat request. So TCP is reliable but slower, and UDP is unreliable but faster.
Just thought I'd add that in.
-
October 2nd, 2003, 04:53 PM
#4
[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]
-
October 2nd, 2003, 07:49 PM
#5
Junior Member
Another addition:
UDP, being broadcasted, does not pass through routers since routers do not pass broadcast traffic. This is why UDP will only be found small, internal networks, and TCP, even with it's slightly greater overhead, is much more common.
-
October 3rd, 2003, 05:03 PM
#6
Ok thanks, any other info you can provide is welcomed
[gloworange]And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict\'s veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found. \"This is it... this is where I belong...\" I know everyone here... even if I\'ve never met them, never talked to them, may never hear from them again... I know you all...[/gloworange]
-
October 3rd, 2003, 05:50 PM
#7
Originally posted here by Arcanus Aegis
Another addition:
UDP, being broadcasted, does not pass through routers since routers do not pass broadcast traffic. This is why UDP will only be found small, internal networks, and TCP, even with it's slightly greater overhead, is much more common.
UDP will only be found on small, internal networks? Man you just made my jaw drop. TCP is more common because it is connection-oriented and provides "reliable" transport of the data. Routers don't pass any broadcast traffic regardless of if it's TCP, UDP, ICMP or anything else. That's why they are said to create Broadcast Domains. However UDP does not have to be broadcast, you can send a udp packet from one computer to another. A good example would be the original Back Orifice, it ran on udp port 31337. People used it over the internet all the time. Routers didn't drop it, and last time I checked the internet wasn't a small, internal network. Anyways.. thanks for the laugh.
-
October 3rd, 2003, 08:52 PM
#8
[i] . Routers don't pass any broadcast traffic regardless of if it's TCP, UDP, ICMP or anything else. That's why they are said to create Broadcast Domains. [/B]
Just an FYI,
This is only on by default............many vendors support feature of forwarding UDP broadcasts and is very popular and alot of times necessary for support to some of todays applications.
Cheers.....
-
October 4th, 2003, 12:49 AM
#9
UDP, being broadcasted, does not pass through routers since routers do not pass broadcast traffic. This is why UDP will only be found small, internal networks, and TCP, even with it's slightly greater overhead, is much more common.
LOL, wow, now that I stopped crying from laughing so hard, I thought I might add just a tidbit of info to this already wild and crazy thread.
UDP traffic is mainly used for streaming media and other such files where integrity isn't as important as speed. Another place you'll see UDP used is for DNS lookups. TCP is used for DNS zone transfers, which should be a trigger to take a look at when you see tcp on port 53 to be sure that a client isn't doing a DNS dump. For all you security folks out there, if a client is doing this, you can be sure bad things are soon to come on your network.
Anyway, that's my 2 cents!
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
October 6th, 2003, 07:43 PM
#10
Wow....I also had to join in on the laughs!!!
You should also read the advisory put out by ISS (http://xforce.iss.net/xforce/alerts/id/147). The Windows RPC/DCOM vulnerability also includes UDP traffic. Although it was primarily TCP based, it was obviously concern enough for ISS to advise against udp-135 also. Seems like it's a bit overkill since UDP will not work through a router
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|