Overview of Transport Layer Ports 829 because both SMTP and the World Wide Web services use TCP as their transport layer protocol. A port number must be associated with the conversation between hosts to ensure that the packet reaches the appropriate service on the server. Without a way to distinguish between different conversations, the client is unable to send an e-mail and browse a web page at the same time using one server. A method to separate transport layer conversations must be used. Hosts running TCP/IP associate ports at the transport layer with certain applications. Port numbers are used to keep track of different conversations that cross the network at the same time. Port numbers are necessary when a host is communicating with a server running multiple services. Both TCP and UDP use port, or socket, numbers to pass information to the upper layers. Figure 19-13 shows an example of TCP and UDP port numbers. Figure 19-13 TCP and UDP Port Numbers Application software developers have agreed to use the well-known port numbers that are defined in RFC 1700. For example, any conversation bound for the FTP applica- tion uses the standard port number 21. Conversations that do not involve applications with well-known port numbers are assigned port numbers that have been randomly selected from within a specific range. These port numbers are used as source and desti- nation addresses in the TCP segment. Table 19-1 lists the reserved TCP and UDP port numbers. Table 19-1 Reserved TCP and UDP Port Numbers Decimal Keyword Description 0 - Reserved 1–4 - Unassigned 5 rje Remote job entry (RJE) continues F T P T e l n e t S M T P D N S T F T P S N M P 21 Application Layer Transport Layer Port Numbers 23 TCP UDP 25 53 69 161 1102.book Page 829 Tuesday, May 20, 2003 2:53 PM 830 Chapter 19: Intermediate TCP 7 echo Echo 9 discard Discard 11 users Active users 13 daytime Daytime 15 netstat Who is up or netstat 17 quote Quote of the day 19 chargen Character generator 20 ftp-data FTP (data) 21 ftp FTP 23 telnet Terminal connection 25 smtp SMTP 37 time Time of day 39 rlp Resource Location Protocol 42 nameserver Host name server 43 nickname Who is 53 domain DNS 67 bootps Bootstrap protocol server 68 bootpc Bootstrap protocol client 69 tftp TFTP 75 - Any private dial-out service 77 - Any private RJE Service 79 finger Finger 80 HTTP Hypertext Transfer Protocol 123 ntp Network Time Protocol (NTP) 133–159 - Unassigned 160–223 - Reserved Table 19-1 Reserved TCP and UDP Port Numbers (Continued) Decimal Keyword Description 1102.book Page 830 Tuesday, May 20, 2003 2:53 PM Overview of Transport Layer Ports 831 Port numbers have the following assigned ranges: ■ Numbers below 255 are for public applications. ■ Numbers from 255 to 1023 are assigned to companies for marketable applications. ■ Numbers above 1023 are unregulated. End systems use port numbers to select proper applications. As shown in Figure 19-14, the originating source port number (1028) is dynamically assigned by the source host. Usually, this port number is larger than 1023. The Internet Assigned Numbers Author- ity (IANA) controls Port numbers in the range of zero to 1023. Figure 19-14 Source and Destination Ports Ports for Services Services running on hosts must have a port number assigned to them for communica- tion to occur. A remote host attempting to connect to a service expects that service to run on certain transport layer protocols at particular ports. Some ports, defined in RFC 1700, are known as the well-known ports. These ports are reserved in both TCP and UDP. These well-known ports can identify applications that run above the transport layer protocols. For example, a server running the FTP service forwards TCP connections using ports 20 and 21 from clients to its FTP application. This way, the server can 224–241 - Unassigned 242–255 - Unassigned Table 19-1 Reserved TCP and UDP Port Numbers (Continued) Decimal Keyword Description Source Port Destination Port Source Port 1028 Destination Port Telnet Z Destination port = 23. Send packets to my Telnet application. Host A Host Z 23 1102.book Page 831 Tuesday, May 20, 2003 2:53 PM 832 Chapter 19: Intermediate TCP determine exactly what service a client is requesting. TCP and UDP use port numbers to determine the correct service to forward service requests to. Ports for Clients Whenever a client connects to a service on a server, a source and destination port must be specified. TCP and UDP segments contain fields for source and destination ports. Destination ports, or ports for services, are normally defined using the well-known ports. Source ports, those set by the client, are determined dynamically. In general, a client determines the source port by randomly assigning a number above 1023. For instance, a client attempting to communicate with a web server uses TCP and assigns the destination port as 80 and the source port as 1045. When the packet arrives at the server, it passes up to the transport layer and eventually to the World Wide Web service, which operates at port 80. The World Wide Web server responds to the client’s request with a segment that uses port 80 as the source and port 1045 as the destination. In this way, clients and servers use ports to distinguish what process the segment is associated with. If a client has two browser sessions open to two different web servers, the destination port is 80 for both sessions. However, the source port is a different number for each session (for example, 1045 and 1048). This difference allows the client to keep track of the two different conversations. Port Numbering and Well-Known Ports Port numbers are represented by 2 bytes in the header of a TCP or UDP segment. This 16-bit value can result in port numbers ranging from 0 to 65,535. These port numbers are divided into three different categories: ■ Well-known ports ■ Registered ports ■ Dynamic or private ports The first 1023 ports are well-known ports. As previously discussed, these ports are used for well-known network services such as FTP, Telnet, DNS, or HTTP. Registered ports range from 1024 to 49151 and identify services such as Cisco-Net-Mgmt and Calendar Access Protocol. Finally, ports between 49152 and 65535 are defined as dynamic or private ports. Example of Multiple Sessions Between Hosts Port numbers are used to track multiple sessions that can occur between hosts. A port number and a network address combine to form a socket. A pair of sockets, one on each 1102.book Page 832 Tuesday, May 20, 2003 2:53 PM TCP/IP and the Internet Layer 833 host, forms a unique connection. For example, a host can have a Telnet connection through port 23, while simultaneously surfing the net through port 80. The IP address and the MAC address are the same because the packets are coming from the same host. However, the port numbers are different because they are different protocols and, thus, different sockets. Comparison of MAC Addresses, IP Addresses, and Port Numbers MAC addresses, IP addresses, and port numbers are often confusing, but this confu- sion can be avoided if the addresses are explained in reference to the OSI reference model. Port numbers are located at the transport layer and are serviced by the network layer. The network layer assigns the logical address, or IP. It is then serviced by the data link layer, which assigns the physical address, or MAC. TCP/IP and the Internet Layer Internet Protocol (IP) is the Layer 3 protocol responsible for the addressing scheme that allows packets to be properly routed over intranets and the Internet to their desti- nations. Routers use the IP address information in an IP packet header to determine which interface the packet should be switched to in order to reach its destination. IP does not provide any services to ensure that the packet reaches its destination. IP is described as an unreliable, connectionless protocol. Packets might be dropped in route, arrive in the wrong order, or be transmitted faster than the receiver can accept them. IP has no means of overcoming these and other delivery issues. The Internet layer of the TCP/IP stack corresponds to the network layer of the OSI model. The network layer is responsible for getting packets through a network using software addressing. Lab Activity—Multiple Active Host Sessions In this activity, you enable HTTP services on a router and observe multiple HTTP and Telnet sessions on a single host using the netstat command. Lab Activity—Well-Known Port Numbers and Multiple Sessions In this activity, you observe the well-known port numbers of multiple sessions on a single host using the netstat command. 1102.book Page 833 Tuesday, May 20, 2003 2:53 PM 834 Chapter 19: Intermediate TCP As shown in the Figure 19-15, several protocols operate at the TCP/IP Internet layer, corresponding to the OSI network layer: ■ IP—Provides addressing and connectionless, best-effort delivery routing of data- grams, is not concerned with the content of the datagrams, and looks for a way to move the datagrams to their destination ■ ICMP—Provides control and messaging capabilities ■ Address Resolution Protocol (ARP)—Determines the data link layer (MAC) addresses for known IP addresses ■ Reverse Address Resolution Protocol (RARP)—Determines network addresses when data link layer addresses are known Figure 19-15 OSI Network Layer How ARP Works ARP is used to resolve or map a known IP address to a MAC sublayer address. This mapping allows for communication because the data link hardware will not accept a frame unless the MAC address in the frame matches the hardware MAC address (or it is a broadcast MAC address). To determine a destination MAC address for a datagram, a table called the ARP cache is checked. Every host on a TCP/IP network (routers, workstations, servers, and so on) maintains an ARP cache. If the address is not in the table, ARP sends a broadcast that is received by every station on the network, looking for the destination station. The term local ARP describes the search for an address when the requesting host and the destination host share the same medium or wire. As shown in Figure 19-16, before issuing the ARP, the subnet mask must be consulted. In this case, the mask determines that the nodes are on the same subnet. Transport Internet Network Interface Application IP ICMP ARP RARP 1102.book Page 834 Tuesday, May 20, 2003 2:53 PM Summary 835 Figure 19-16 OSI Network Layer RARP is a TCP/IP protocol that permits a physical address, such as an Ethernet address, to be translated into an IP address. Consequently, this protocol is the opposite of ARP. Hosts such as diskless workstations often know only their hardware interface addresses, or MAC address, when booted, but not their IP addresses. They must dis- cover their IP addresses from an external source. Usually, a RARP server using the RARP protocol can resolve this situation. Summary In this chapter, you learned the following: ■ TCP is a connection-oriented transport layer protocol that provides necessary quality of service processes to the unreliable IP protocol. ■ TCP provides reliability, flow control, and virtual connection services. ■ TCP utilizes a three-way handshake to establish synchronized communication between hosts. ■ Sliding windows allows for dynamic data flow control. ■ Sequence numbers ensure proper data reassembly by the receiving host. ■ UDP is a connectionless transport layer protocol. ■ UDP and TCP use ports to distinguish upper layer applications. To supplement all that you’ve learned in this chapter, refer to the chapter-specific Videos, PhotoZooms, and e-Lab Activities on the CD-ROM accompanying this book. IP: 172.16.3.2 = ? ? ? IP: 172.16.3.2 Ethernet: 0800.0020.1111 I need the Ethernet address of 172.16.3.2. I heard that broadcast; that is me. Here is my Ethernet address. 172.16.3.1 172.16.3.2 1102.book Page 835 Tuesday, May 20, 2003 2:53 PM 836 Chapter 19: Intermediate TCP Key Terms ARP (Address Resolution Protocol) Internet protocol used to map an IP address to a MAC address. DoS (denial-of-service) Type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. flow control The process of adjusting the flow of data from one device to another to ensure that the receiving device can handle all of the incoming data. RARP (Reverse Address Resolution Protocol) Protocol in the TCP/IP stack that provides a method for finding IP addresses based on MAC addresses. TCP (Transmission Control Protocol) Connection-oriented transport layer protocol that provides reliable full-duplex data transmission. TCP is part of the TCP/IP protocol stack. UDP (User Datagram Protocol) Connectionless transport layer protocol in the TCP/IP protocol stack. UDP is a simple protocol that exchanges datagrams without acknowledgments or guaranteed delivery, requiring that error processing and retrans- mission be handled by other protocols. well-known ports These ports are defined in RFC 1700 and are reserved in both TCP and UDP. These well-known ports can identify applications that run above the transport layer protocols. windowing Manages the flow. The recipient reports to the sender what size window in terms of octets it’s able to accept at this time. The sender then sends that many octets to the receiving host. Check Your Understanding Complete all the review questions to test your understanding of the topics and con- cepts in this chapter. Answers are listed in Appendix C, “Check Your Understanding Answer Key.” 1. Which of the following best describes TCP/IP? A. It is a suite of protocols that can be used to communicate across any set of interconnected networks. B. It is a suite of protocols that allows LANs to connect into WANs. 1102.book Page 836 Tuesday, May 20, 2003 2:53 PM Check Your Understanding 837 C. It is a suite of protocols that allows for data transmission across a multitude of networks. D. It is a suite of protocols that allows different devices to be shared by intercon- nected networks. 2. Which of the following is one of the protocols found at the transport layer? A. UCP B. UDP C. TDP D. TDC 3. What is the purpose of port numbers? A. They keep track of different conversations crossing the network at the same time. B. Source systems use them to keep a session organized and to select the proper application. C. End systems use them to dynamically assign end users to a particular session, depending on their application use. D. Source systems generate them to predict destination addresses. 4. Which of the following best describes UDP? A. A protocol that acknowledges flawed or intact datagrams B. A protocol that detects errors and requests retransmissions from the source C. A protocol that processes datagrams and requests retransmissions when necessary D. A protocol that exchanges datagrams without acknowledgments or guaranteed delivery 5. Which of the following TCP/IP layers includes file transfer, e-mail, remote login, and network management? A. Transport B. Application C. Internet D. Network 1102.book Page 837 Tuesday, May 20, 2003 2:53 PM 838 Chapter 19: Intermediate TCP 6. Why are TCP three-way handshake/open connections used? A. To ensure that lost data can be recovered if problems occur later B. To determine how much data the receiving station can accept at one time C. To provide efficient use of bandwidth by users D. To change binary ping responses into information in the upper layers 7. What does a TCP sliding window do? A. It makes the window larger so that more data can come through at once, which results in more efficient use of bandwidth. B. The window size slides to each section of the datagram to receive data, which results in more efficient use of bandwidth. C. It allows the window size to be negotiated dynamically during the TCP session, which results in more efficient use of bandwidth. D. It limits the incoming data so that each segment must be sent one by one, which is an inefficient use of bandwidth. 8. UDP segments use what protocols to provide reliability? A. Network layer protocols B. Application layer protocols C. Internet protocols D. Transmission Control Protocols 9. Which of the following best describes window size? A. The maximum size of the window that software can have and still process data rapidly B. The number of messages or bytes that can be transmitted while awaiting an acknowledgment C. The size of the window, in picas, that must be set ahead of time so that data can be sent D. The size of the window opening on a monitor, which is not always equal to the monitor size 10. What is the function of ARP? A. It completes research for a Layer 3 destination address. B. It is used to develop a cached Layer 4 address resource table. C. It is used to map an IP address to a MAC address. D. It sends a broadcast message looking for the router IP address. 1102.book Page 838 Tuesday, May 20, 2003 2:53 PM . 17 2 .16 .3 .2 = ? ? ? IP: 17 2 .16 .3 .2 Ethernet: 0800.0 020 .11 11 I need the Ethernet address of 17 2 .16 .3 .2. I heard that broadcast; that is me. Here is my Ethernet address. 17 2 .16 .3 .1 1 72 .16 .3 .2 11 02. book. (RJE) continues F T P T e l n e t S M T P D N S T F T P S N M P 21 Application Layer Transport Layer Port Numbers 23 TCP UDP 25 53 69 16 1 11 02. book Page 829 Tuesday, May 20 , 20 03 2: 53 PM 830 Chapter 19 : Intermediate TCP 7 echo Echo 9 discard Discard 11 users Active users 13 daytime Daytime 15 netstat. TCP connections using ports 20 and 21 from clients to its FTP application. This way, the server can 22 4 2 41 - Unassigned 24 2 25 5 - Unassigned Table 19 -1 Reserved TCP and UDP Port Numbers (Continued) Decimal