TCP/UDP A brief overview
TCP/UDP A brief overview
There is already an article on here regarding IP so I thought I'd do something about it's brother and sister; The Transport Control Protocol and the User Datagram Protocol.
Along with IP, TCP forms the backbone of the internet and together they provide a means of addressing (IP) and data transportation (TCP) between different computers.
TCP has been in operation since 1974 and is yet to be replaced by anything better! It provides reliability, flow control and error correction within the transport layer (of the OSI model). What's flow control I here you say? Well, TCP uses a 'sliding windows mechanism' to control the flow of data between computers. This mechanism ensures that the data is sent reliably and efficiently without either computer sending data faster than the other can receive it. This is an important factor of TCP.
A TCP segment is made of the following parts:
-
Source port (port where the segment originated)
-
Destination port (segment's destination port)
-
Sequence number (explained shortly)
-
ACK number (explained shortly)
-
Data offset (number of bytes in header)
-
Reserved (reserved for future use)
-
Urgent (when ==1 priority transfer will be used)
-
ACK (explained shortly)
-
Push (when ==1, data should be sent immediately to application on other computer)
-
Reset (when==1, the computer who set flag wants to reset the connection)
-
SYN (used when starting a connection, explained shortly)
-
Fin (when ==1, connection should get closed)
-
Window (number of bytes destination computer can receive )
-
Checksum (checks integrity of segment)
-
Options (various options can be set such as timestamp)
-
Urgent pointer (when ==1, this segment must get to the receiver immediately)
The final part of the segment is the actual data itself.
When two computers wish to communicate using TCP, they must do so using a '3 way handshake'. This works in the following way:
-
Computer A sends synchronize request (SYN) to Computer B. The segments sequence number is set to a random value.
-
Computer B replies with a SYN-ACK. The ACK number is set to the sequence number + 1. The sequence number is then set to a random value.
-
Computer A sends an ACK back to Computer B. The sequence number is set to the ACK value and the ACK number is set to the received sequence number + 1.
Now this may sound complicated, but it is actually a fairly simple way of establishing a reliable connection. This type of data transfer is known as connection-orientated. The other type of transfer is known as connectionless, and this is where UDP (User Datagram Protocol ) comes into play. UDP is similar to TCP, however it's segments are much smaller as they don't contain any of the connection based flags and information that TCP segments do. This makes transferring UDP segments much faster but the data sent will not have the same integrity of that which is sent using TCP. TCP is used for things such as FTP while UDP will usually be used when streaming music etc.
A UDP segment only contains a source port number and a destination port number just like a TCP segment. It also has an optional checksum field and a length field which contains the length of the segment header and data.
I hope this article has given you a brief overview of how TCP and UDP works, you should now be able to go look at the finer details of each protocol and use this information to gain a greater understanding of how data is sent on a network.
ghost 15 years ago
Good article on the basics and structure of TCP and UDP packets, and also decent coverage of the other flags (RST, FIN, etc.). Only two points of interest here: (1) The section on UDP didn't have the same layout as the section on TCP, which seemed inconsistent and almost made UDP a footnote in the article, (2) Noting that UDP "doesn't have the same integrity" as TCP is a bit less clear than saying exactly what that means in lost or mis-sequenced packets, or any other such thing. As a final note, the three-way handshake could've taken on a more down-to-earth explanation; explaining about sychronize requests and sequence numbers is all good and well, but it boils down to "I ask you for a connection, you say I can have a connection, I say okay and connect". :-)
ynori7 15 years ago
Not bad. It's a bit short though. I'd like to see it paired with a bit on TCP/UDP programming.
ghost 15 years ago
I think lists are easier to understand when it comes to explaining something that is to be broken down into different parts. I'll write part 2 soon, which will look at TCP/UDP-based attacks. I'll aim to make that a more content rich article.
stealth- 15 years ago
Not really that great, more of a reference paper, to me. It basically explains the easy to understand part in a hard to understand manner, and gives a list that could really only be used for reference.
ghost 15 years ago
I like this article because he basically teaches how to do a SYN-Flood attack but I don't even think the writer knows this :)