C H A P T E R 6 Fundamentals of TCP/IP Transport, Applications, and Security The CCNA exams focus mostly on a deeper and broader examination of the topics covered in Chapter 3 (LANs), Chapter 4 (WANs), and Chapter 5 (routing). This chapter explains the basics of a few topics that receive less attention on the exams: the TCP/IP transport layer, the TCP/IP application layer, and TCP/IP network security. Although all three topics are covered on the various CCNA exams, the extent of that coverage is much less compared to LANs, WANs, and routing. “Do I Know This Already?” Quiz The “Do I Know This Already?” quiz allows you to assess whether you should read the entire chapter. If you miss no more than one of these ten self-assessment questions, you might want to move ahead to the “Exam Preparation Tasks” section. Table 6-1 lists the major headings in this chapter and the “Do I Know This Already?” quiz questions covering the material in those sections. This helps you assess your knowledge of these specific areas. The answers to the “Do I Know This Already?” quiz appear in Appendix A. 1. PC1 is using TCP and has a window size of 4000. PC1 sends four segments to PC2 with 1000 bytes of data each, with sequence numbers 2000, 3000, 4000, and 5000. PC2 replies with an acknowledgment number of 5000. What should PC1 do next? a. Increase its window to 5000 or more segments b. Send the next segment, with sequence number 6000 c. Resend the segment whose sequence number was 5000 d. Resend all four previously sent segments Table 6-1 “Do I Know This Already?” Foundation Topics Section-to-Question Mapping Foundation Topics Section Questions TCP/IP Layer 4 Protocols: TCP and UDP 1–6 TCP/IP Applications 7, 8 Network Security 9, 10 1828xbook.fm Page 129 Thursday, July 26, 2007 3:10 PM 130 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security 2. Which of the following are not features of a protocol that is considered to match OSI Layer 4? a. Error recovery b. Flow control c. Segmenting of application data d. Conversion from binary to ASCII 3. Which of the following header fields identify which TCP/IP application gets data received by the computer? a. Ethernet Type b. SNAP Protocol Type c. IP Protocol Field d. TCP Port Number e. UDP Port Number f. Application ID 4. Which of the following are not typical functions of TCP? a. Windowing b. Error recovery c. Multiplexing using port numbers d. Routing e. Encryption f. Ordered data transfer 5. Which of the following functions is performed by both TCP and UDP? a. Windowing b. Error recovery c. Multiplexing using port numbers d. Routing e. Encryption f. Ordered data transfer 1828xbook.fm Page 130 Thursday, July 26, 2007 3:10 PM “Do I Know This Already?” Quiz 131 6. What do you call data that includes the Layer 4 protocol header, and data given to Layer 4 by the upper layers, not including any headers and trailers from Layers 1 to 3? a. Bits b. Chunk c. Segment d. Packet e. Frame f. L4PDU g. L3PDU 7. In the URL http://www.fredsco.com/name.html, which part identifies the web server? a. http b. www.fredsco.com c. fredsco.com d. http://www.fredsco.com e. The file name.html includes the hostname. 8. When comparing VoIP with an HTTP-based mission-critical business application, which of the following statements are accurate about the quality of service needed from the network? a. VoIP needs better (lower) packet loss. b. HTTP needs less bandwidth. c. HTTP needs better (lower) jitter. d. VoIP needs better (lower) delay. 9. Which of the following is a device or function whose most notable feature is to examine trends over time to recognize different known attacks as compared to a list of common attack signatures? a. VPN b. Firewall c. IDS d. NAC 1828xbook.fm Page 131 Thursday, July 26, 2007 3:10 PM 132 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security 10. Which of the following is a device or function whose most notable feature is to encrypt packets before they pass through the Internet? a. VPN b. Firewall c. IDS d. NAC 1828xbook.fm Page 132 Thursday, July 26, 2007 3:10 PM TCP/IP Layer 4 Protocols: TCP and UDP 133 Foundation Topics This chapter begins by examining the functions of Transmission Control Protocol (TCP), which are many, as compared to the functions of User Datagram Protocol (UDP), of which there are few. The second major section of the chapter examines the TCP/IP application layer, including some discussion of how DNS name resolution works. Finally, the third major section examines the importance and concepts of network security, introducing some of the core concepts, terminology, and functions important for security today. TCP/IP Layer 4 Protocols: TCP and UDP The OSI transport layer (Layer 4) defines several functions, the most important of which are error recovery and flow control. Likewise, the TCP/IP transport layer protocols also implement these same types of features. Note that both the OSI model and TCP/IP model call this layer the transport layer. But as usual, when referring to the TCP/IP model, the layer name and number are based on OSI, so any TCP/IP transport layer protocols are considered Layer 4 protocols. The key difference between TCP and UDP is that TCP provides a wide variety of services to applications, whereas UDP does not. For example, routers discard packets for many reasons, including bit errors, congestion, and instances in which no correct routes are known. As you have read already, most data-link protocols notice errors (a process called error detection) but then discard frames that have errors. TCP provides for retransmission (error recovery) and help to avoid congestion (flow control), whereas UDP does not. As a result, many application protocols choose to use TCP. However, do not let UDP’s lack of services make you think that UDP is worse than TCP. By providing few services, UDP needs fewer bytes in its header compared to TCP, resulting in fewer bytes of overhead in the network. UDP software does not slow down data transfer in cases where TCP may purposefully slow down. Also, some applications, notably today voice over IP (VoIP) and video over IP, do not need error recovery, so they use UDP. So, UDP also has an important place in TCP/IP networks today. Table 6-1 lists the main features supported by TCP and/or UDP. Note that only the first item listed in the table is supported by UDP, whereas all items in the table are supported by TCP. 1828xbook.fm Page 133 Thursday, July 26, 2007 3:10 PM 134 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security Next, this section describes the features of TCP, followed by a brief comparison to UDP. Transmission Control Protocol Each TCP/IP application typically chooses to use either TCP or UDP based on the application’s requirements. For instance, TCP provides error recovery, but to do so, it consumes more bandwidth and uses more processing cycles. UDP does not perform error recovery, but it takes less bandwidth and uses fewer processing cycles. Regardless of which of the two TCP/IP transport layer protocols the application chooses to use, you should understand the basics of how each of these transport layer protocols works. TCP, as defined in RFC 793, accomplishes the functions listed in Table 6-2 through mechanisms at the endpoint computers. TCP relies on IP for end-to-end delivery of the data, including routing issues. In other words, TCP performs only part of the functions necessary to deliver the data between applications. Also, the role that it plays is directed toward providing services for the applications that sit at the endpoint computers. Regardless of whether two computers are on the same Ethernet or are separated by the entire Internet, TCP performs its functions the same way. Figure 6-1 shows the fields in the TCP header. Although you don’t need to memorize the names of the fields or their locations, the rest of this section refers to several of the fields, so the entire header is included here for reference. Table 6-2 TCP/IP Transport Layer Features Function Description Multiplexing using ports Function that allows receiving hosts to choose the correct application for which the data is destined, based on the port number. Error recovery (reliability) Process of numbering and acknowledging data with Sequence and Acknowledgment header fields. Flow control using windowing Process that uses window sizes to protect buffer space and routing devices. Connection establishment and termination Process used to initialize port numbers and Sequence and Acknowledgment fields. Ordered data transfer and data segmentation Continuous stream of bytes from an upper-layer process that is “segmented” for transmission and delivered to upper-layer processes at the receiving device, with the bytes in the same order. 1828xbook.fm Page 134 Thursday, July 26, 2007 3:10 PM TCP/IP Layer 4 Protocols: TCP and UDP 135 Figure 6-1 TCP Header Fields Multiplexing Using TCP Port Numbers TCP provides a lot of features to applications, at the expense of requiring slightly more processing and overhead, as compared to UDP. However, TCP and UDP both use a concept called multiplexing. Therefore, this section begins with an explanation of multiplexing with TCP and UDP. Afterward, the unique features of TCP are explored. Multiplexing by TCP and UDP involves the process of how a computer thinks when receiving data. The computer might be running many applications, such as a web browser, an e-mail package, or an Internet VoIP application (for example, Skype). TCP and UDP multiplexing enables the receiving computer to know which application to give the data to. Some examples will help make the need for multiplexing obvious. The sample network consists of two PCs, labeled Hannah and Jessie. Hannah uses an application that she wrote to send advertisements that appear on Jessie’s screen. The application sends a new ad to Jessie every 10 seconds. Hannah uses a second application, a wire-transfer application, to send Jessie some money. Finally, Hannah uses a web browser to access the web server that runs on Jessie’s PC. The ad application and wire-transfer application are imaginary, just for this example. The web application works just like it would in real life. Bit 0 Header Length (4) Sequence Number (32) Destination Port (16)Source Port (16) Bit 31Bit 16Bit 15 Reserved (6) Code Bits (6) Window (16) Checksum (16) Urgent (16) Options (0 or 32 If Any) Data (Varies) Acknowledgement Number (32) 20 Bytes 1828xbook.fm Page 135 Thursday, July 26, 2007 3:10 PM 136 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security Figure 6-2 shows the sample network, with Jessie running three applications: ■ A UDP-based ad application ■ A TCP-based wire-transfer application ■ A TCP web server application Figure 6-2 Hannah Sending Packets to Jessie, with Three Applications Jessie needs to know which application to give the data to, but all three packets are from the same Ethernet and IP address. You might think that Jessie could look at whether the packet contains a UDP or TCP header, but, as you see in the figure, two applications (wire transfer and web) are using TCP. TCP and UDP solve this problem by using a port number field in the TCP or UDP header, respectively. Each of Hannah’s TCP and UDP segments uses a different destination port number so that Jessie knows which application to give the data to. Figure 6-3 shows an example. Multiplexing relies on a concept called a socket. A socket consists of three things: ■ An IP address ■ A transport protocol ■ A port number Hannah Jessie Eth IP UDP Eth Eth IP TCP Eth Web Server Ad Application Wire Application I Received Three Packets, Each from the Same MAC and IP Address. What Application Should Get the Data in Each Packet? Ad Data Wire Transfer Data Eth IP TCP Eth Web Page Data 1828xbook.fm Page 136 Thursday, July 26, 2007 3:10 PM TCP/IP Layer 4 Protocols: TCP and UDP 137 Figure 6-3 Hannah Sending Packets to Jessie, with Three Applications Using Port Numbers to Multiplex So, for a web server application on Jessie, the socket would be (10.1.1.2, TCP, port 80) because, by default, web servers use the well-known port 80. When Hannah’s web browser connects to the web server, Hannah uses a socket as well—possibly one like this: (10.1.1.1, TCP, 1030). Why 1030? Well, Hannah just needs a port number that is unique on Hannah, so Hannah sees that port 1030 is available and uses it. In fact, hosts typically allocate dynamic port numbers starting at 1024 because the ports below 1024 are reserved for well- known applications, such as web services. In Figure 6-3, Hannah and Jessie use three applications at the same time—hence, three socket connections are open. Because a socket on a single computer should be unique, a connection between two sockets should identify a unique connection between two computers. This uniqueness means that you can use multiple applications at the same time, talking to applications running on the same or different computers. Multiplexing, based on sockets, ensures that the data is delivered to the correct applications. Figure 6-4 shows the three socket connections between Hannah and Jessie. Port numbers are a vital part of the socket concept. Well-known port numbers are used by servers; other port numbers are used by clients. Applications that provide a service, such as FTP, Telnet, and web servers, open a socket using a well-known port and listen for connection requests. Because these connection requests from clients are required to include both the source and destination port numbers, the port numbers used by the servers must be Hannah Jessie Eth IP UDP Eth Eth IP TCP Eth I’ll Look in the UDP or TCP Destination Port to Identify the Application! Ad Data Wire Transfer Data Eth IP TCP Eth Web Page Data Port 80 Web Server Port 800 Ad Server Port 20,100 Wire Application Destination Port 800 Destination Port 20,100 Destination Port 80 1828xbook.fm Page 137 Thursday, July 26, 2007 3:10 PM 138 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security well-known. Therefore, each server has a hard-coded, well-known port number. The well- known ports are listed at http://www.iana.org/assignments/port-numbers. Figure 6-4 Connections Between Sockets On client machines, where the requests originate, any unused port number can be allocated. The result is that each client on the same host uses a different port number, but a server uses the same port number for all connections. For example, 100 web browsers on the same host computer could each connect to a web server, but the web server with 100 clients connected to it would have only one socket and, therefore, only one port number (port 80 in this case). The server can tell which packets are sent from which of the 100 clients by looking at the source port of received TCP segments. The server can send data to the correct web client (browser) by sending data to that same port number listed as a destination port. The combination of source and destination sockets allows all participating hosts to distinguish between the data’s source and destination. Although the example explains the concept using 100 TCP connections, the same port numbering concept applies to UDP sessions in the same way. Popular TCP/IP Applications Throughout your preparation for the CCNA exams, you will come across a variety of TCP/ IP applications. You should at least be aware of some of the applications that can be used to help manage and control a network. NOTE You can find all RFCs online at http://www.isi.edu/in-notes/rfcxxxx.txt, where xxxx is the number of the RFC. If you do not know the number of the RFC, you can try searching by topic at http://www.rfc-editor.org/rfcsearch.html. Hannah Jessie Ad Application Port 1025 Wire Application Port 1028 Web Browser Port 1030 UDP TCP IP Address 10.1.1.1 Ad Application Port 800 Wire Application Port 20,100 Web Server Port 80 UDP TCP IP Address 10.1.1.2 (10.1.1.1, TCP, 1030) (10.1.1.2, TCP, 80) (10.1.1.1, TCP, 1028) (10.1.1.2, TCP, 20100) (10.1.1.1, UDP, 1025) (10.1.1.2, UDP, 800) 1828xbook.fm Page 138 Thursday, July 26, 2007 3:10 PM [...]... of Key Terms Exam Preparation Tasks Review All the Key Topics Review the most important topics from this chapter, noted with the key topics icon Table 6- 5 lists these key topics and where each is discussed Table 6- 5 Key Topics for Chapter 6 Key Topic Element Description Page Number Table 6- 2 Functions of TCP and UDP 134 Table 6- 3 Well-known TCP and UDP port numbers 13 9-1 40 Figure 6- 6 Example of TCP... may be an older still-installed PIX firewall or a newer ASA (Figure 6- 1 6 shows the ASA icon at the bottom.) 159 1828xbook.fm Page 160 Thursday, July 26, 2007 3:10 PM 160 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security Anti-x A comprehensive security plan requires several functions that prevent different known types of problems For example, host-based anti-virus software helps... error recovery using forward acknowledgments 141 Figure 6- 7 Example of TCP sliding windows 142 Figure 6- 8 Example of TCP connection establishment 143 List Definitions of connection-oriented and connectionless 144 List QoS requirements for VoIP 148 List Three types of attacks 155 Figure 6- 1 5 Examples of common security exposures in an Enterprise 1 56 Complete the Tables and Lists from Memory Print a copy... Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security Table 6- 3 Popular Applications and Their Well-Known Port Numbers (Continued) Port Number Protocol Application 23 TCP Telnet 25 TCP SMTP 53 UDP, TCP DNS 67 , 68 UDP DHCP 69 UDP TFTP 80 TCP HTTP (WWW) 110 TCP POP3 161 UDP SNMP 443 TCP SSL 16, 384–32, 767 UDP RTP-based Voice (VoIP) and Video Error Recovery (Reliability) TCP provides for... applications use a well-known port number so that clients know which port to attempt to connect to Table 6- 3 lists several popular applications and their well-known port numbers Table 6- 3 Popular Applications and Their Well-Known Port Numbers Port Number Protocol Application 20 TCP FTP data 21 TCP FTP control 22 TCP SSH continues 139 1828xbook.fm Page 140 Thursday, July 26, 2007 3:10 PM 140 Chapter 6: Fundamentals... done for all devices using different kinds of hardware, including routers, firewalls, 161 1828xbook.fm Page 162 Thursday, July 26, 2007 3:10 PM 162 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security purpose-built VPN concentrator hardware, or ASAs, as shown in the main site of the Enterprise Figure 6- 1 7 Sample VPNs Enterprise Central Site Unencrypted Packets Encrypted Packets Unencrypted... that already has a quality perimeter firewall, consider Figure 6- 1 5 The list following the figure explains three ways in which the Enterprise network is exposed to the possibility of an attack from within 155 1828xbook.fm Page 1 56 Thursday, July 26, 2007 3:10 PM 1 56 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security Figure 6- 1 5 Common Security Issues in an Enterprise Enterprise IP Network... UDP applications 145 1828xbook.fm Page 1 46 Thursday, July 26, 2007 3:10 PM 1 46 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security are not artificially slowed by the acknowledgment process, and memory is freed more quickly Figure 6- 1 0 2 2 Source Port TCP and UDP Headers Dest Port 4 4 4 bits Sequence Ack Offset Number Number 6 bits Reserved 6 bits 2 Window Flags Size 2 Checksum 2 3... PC2 Figure 6- 1 7 shows how VPNs can use end-to-end encryption, in which the data remains encrypted while being forwarded through one or more routers Additionally, link encryption can be used to encrypt data at the data link layer, so the data is encrypted only as it passes over one data link Chapter 11, “Wireless LANs,” shows an example of link encryption 1828xbook.fm Page 163 Thursday, July 26, 2007... through the Internet, he or she cannot read the data Figure 1 6- 1 7 shows the general idea, with an intranet VPN and an access VPN The figure shows an example of two types of VPNs: an access VPN and a site-to-site intranet VPN An access VPN supports a home or small-office user, with the remote office’s PC typically encrypting the packets A site-to-site intranet VPN typically connects two sites of the same . TCP DNS 67 , 68 UDP DHCP 69 UDP TFTP 80 TCP HTTP (WWW) 110 TCP POP3 161 UDP SNMP 443 TCP SSL 16, 384–32, 767 UDP RTP-based Voice (VoIP) and Video Table 6- 3 Popular Applications and Their Well-Known. Bits (6) Window ( 16) Checksum ( 16) Urgent ( 16) Options (0 or 32 If Any) Data (Varies) Acknowledgement Number (32) 20 Bytes 1828xbook.fm Page 135 Thursday, July 26, 2007 3:10 PM 1 36 Chapter 6: Fundamentals. Thursday, July 26, 2007 3:10 PM 138 Chapter 6: Fundamentals of TCP/IP Transport, Applications, and Security well-known. Therefore, each server has a hard-coded, well-known port number. The well- known