TCP/IPv4 Basics

ARP, IP Routing, TCP and NAT

This Is A Book Report

  • Written in 1992
  • Book is so old that the dude who wrote it was born in a country that doesn't exist anymore
  • Amazon told me it was the best book to "learn tcp"
  • Don't ask me hard questions - I've just scratched the surface

Part 1: Overview

What is TCP/IP?

  • A collection of communication protocols
  • Handles most Internet traffic

TCP/IP Layers

HTTP, FTP, SSH, Telnet, DNS

UDP, TCP, OMGWTFBBQ

IP, ICMP, ARP, IPSec

Ethernet, Wi-Fi, Bluetooth (communication within single network link)

Transport
Network
Data Link
Application

Encapsulation

HTTP HEADER

FORM POST

FORM POST

TCP HEADER

IP HEADER

ETH. HEADER

ETH. TRAILER

IP HEADER

TCP HEADER

TCP HEADER

HTTP HEADER

HTTP HEADER

HTTP HEADER

FORM POST

FORM POST

FORM POST

ETHERNET FRAME

IP DATAGRAM

TCP SEGMENT

HTTP REQ.

Why Layers?

  • Separation of concerns!
  • HTTP doesn't need to know about TCP flow control
  • TCP doesn't need to know about IP routing
  • IP doesn't need to know about Ethernet

So Many Protocols

TLS, DNS, HTTP, HTTPS, POP3, SMTP, FTP, NTP, IRC, SSL, ARP, SMPP, SCTP, SPX, FCP, DCCP, IPX/SPX, NAT, HSRP, TCP, VRRP, IP, SPB, MTP, PP2P, NDP, STP, VTP, Ethernet, ATM, BlueTooth, WUR

But Who's Got the Time?

TLS, DNS, HTTP, HTTPS, POP3, SMTP, FTP, NTP, IRC, SSL, ARP, SMPP, SCTP, SPX, FCP, DCCP, IPX/SPX, NAT, HSRP, TCP, VRRP, IP, SPB, MTP, PP2P, NDP, STP, VTP, Ethernet, ATM, BlueTooth, WUR

Part 2: ARP

Address Resolution Protocol (ARP)

  • Translates between MAC addresses and IP addresses
  • Facilitates lookups and caches results
  • Routes lookups outside of network link
[...] a set of hosts is considered to be "on the same link" if:

   -  when any host, A, from that set, sends a packet to any other host,
      B, in that set, using unicast, multicast, or broadcast, the entire
      link-layer packet payload arrives unmodified, and

   -  a broadcast sent over that link by any host from that set of hosts
      can be received by every other host in that set.

Hypothetically...

  • Suppose you're me, at work
  • Suppose your computer has IP 192.168.7.133
  • Suppose you want to make an HTTP request to a Python web service on Rit's computer with IP 192.168.7.1

Hypothetically...

  • Suppose you're me, at work
  • Suppose your computer has IP 192.168.7.133
  • Suppose you want to make an HTTP request to a Python web service on Rit's computer with IP 192.168.7.1
  • You type `curl http://192.168.7.1/foo/bar`

Hypothetically...

  • Suppose you're me, at work
  • Suppose your computer has IP 192.168.7.133
  • Suppose you want to make an HTTP request to a Python web service on Rit's computer with IP 192.168.7.1
  • You type `curl http://192.168.7.1/foo/bar`
  • How does your HTTP request make it from your network card to his?

The HTTP Adventure

HTTP GET to http://192.168.7.1/foo/bar

initialize TCP conn. to 192.168.7.1

resolve 192.168.7.1 to MAC addr.

????

Transport
Network
Data Link
Application

Broadcast Delivery

HTTP Client

TCP

IPv4

ARP

NIC

HTTP Server

TCP

IPv4

ARP

NIC

IPv4

ARP

NIC

Ethernet Hub

  • Notice IP address in same subnet
  • Look in ARP cache for IP:MAC mapping
  • Cache miss
  • Send ARP broadcast to #FF:FF:FF:FF:FF:FF
  • Receive ARP reply
  • Update ARP cache
  • My Computer now knows how to send Ethernet frames to 192.168.1.34

Mike's Computer

192.168.7.33

My Computer

192.168.7.113

Rit's Computer

192.168.7.1

ARP Request

TCP

IPv4

ARP

NIC

My Computer

192.168.7.113

TCP

IPv4

ARP

NIC

Rit's Computer

192.168.7.1

IPv4

ARP

NIC

Mike's Computer

192.168.7.33

  • Notice IP address in same subnet
  • Look in ARP cache for IP:MAC mapping
  • Cache miss
  • Send ARP broadcast to #FF:FF:FF:FF:FF:FF
  • Receive ARP reply
  • Update ARP cache
  • My Computer now knows how to send Ethernet frames to 192.168.1.34

HTTP Client

HTTP Server

Ethernet Hub

ARP Reply

TCP

IPv4

ARP

NIC

TCP

IPv4

ARP

NIC

IPv4

ARP

NIC

  • Notice IP address in same subnet
  • Look in ARP cache for IP:MAC mapping
  • Cache miss
  • Send ARP broadcast to FF:FF:FF:FF:FF:FF
  • Receive ARP reply
  • Update cache
  • My Computer now knows how to send Ethernet frames to 192.168.1.34

Mike's Computer

192.168.7.33

My Computer

192.168.7.113

Rit's Computer

192.168.7.1

HTTP Client

HTTP Server

Ethernet Hub

Direct Delivery

TCP

IPv4

ARP

NIC

TCP

IPv4

ARP

NIC

IPv4

ARP

NIC

  • Notice IP address in same subnet
  • Look in ARP cache for IP:MAC mapping
  • Cache miss
  • Send ARP broadcast to FF:FF:FF:FF:FF:FF
  • Receive ARP reply
  • Update cache
  • My Computer now knows how to send Ethernet frames to 192.168.7.1

Mike's Computer

192.168.7.33

My Computer

192.168.7.113

Rit's Computer

192.168.7.1

HTTP Client

HTTP Server

Ethernet Hub

SSH Client

TCP

IPv4

ARP

NIC

My Computer

192.168.1.11

255.255.255.0

SSH Server

TCP

IPv4

ARP

NIC

Rit's Computer

192.168.1.34

IPv4

ARP

NIC

Mike's Computer

192.168.1.33

  • Notice IP address in same subnet
  • Look in ARP cache for IP:MAC mapping
  • Cache miss
  • Send ARP broadcast to FF:FF:FF:FF:FF:FF
  • Receive ARP reply
  • Update cache
  • My Computer now knows how to send Ethernet frames to 192.168.1.34
No response from devices that don't own requested MAC address.

Ethernet Hub

Direct Delivery

Part 3: IPv4 Routing [and a little ICMP]

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

Example Topology

R3

The Cloud

Corporate Network

Four Hosts

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

Corporate Network

On Three Networks

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

Corporate Network

Three Routers

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

Corporate Network

R3 Acting as Edge Router

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

192.16.7.35

111.25.19.0/24

D

192.168.100.12

The Journey from A to C

R3

The Cloud

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

192.16.7.35

111.25.19.0/24

D

192.168.100.12

Sends to Default Gateway

R3

The Cloud

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

192.16.7.35

111.25.19.0/24

D

192.168.100.12

Routes to Next Hop

R3

The Cloud

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

192.16.7.35

111.25.19.0/24

D

192.168.100.12

Direct Delivery to Host

R3

The Cloud

R1 Receives Frame from A

​80 00 20 3F 7A 3E
Source MAC Address
​80 00 20 3F 7A 3E
Dest. MAC Address
​80 00
Eth. Type
IP Datagram / ARP Req.
Body
​80 00 20 3F
CRC Checksum
​MAC Header (14B)

​Data (14B-1.5KB)

Checksum (4B)

R1

A

B

192.168.100.0/24

192.168.100.12

192.168.100.1

R1 Extracts IP Datagram

​80 00 20 3F 7A 3E
Source MAC Address
​80 00 20 3F 7A 3E
Dest. MAC Address
​80 00
Eth. Type
IP Datagram / ARP Req.
Body
​80 00 20 3F
CRC Checksum
​Data (14B-1.5KB)

​80 00 20 3F 7A 3E
Source MAC Address
​80 00 20 3F 7A 3E
Dest. MAC Address
​80 00
Eth. Type
IP Datagram / ARP Req.
Body
​80 00 20 3F
CRC Checksum
​Version
​IHL
​DSCP
​ECN
​Total Length
Identification
Flags
Fragment Offset
TTL=128
Protocol
Header Checksum
Destination Address = 192.16.7.35
IP Options
Body
Octet 0 (1B)

Octet 1

Octet 2

Octet 3

Octet 0 (1B)

4

8

12
16
20-35
36-256

R1 Extracts IP Datagram

Source Address = 192.168.100.12

Extracts Dest. IP Addr.

​80 00 20 3F 7A 3E
Source MAC Address
​80 00 20 3F 7A 3E
Dest. MAC Address
​80 00
Eth. Type
IP Datagram / ARP Req.
Body
​80 00 20 3F
CRC Checksum
​Version
​IHL
​DSCP
​ECN
​Total Length
Identification
Flags
Fragment Offset
TTL=128
Protocol
Header Checksum
IP Options
Body
Octet 0 (1B)

Octet 1

Octet 2

Octet 3

Octet 0 (1B)

4

8

12
16
20-35
36-256
Destination Address = 192.16.7.35
Source Address = 192.168.100.12

Consults Routing Table

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35

Convert Dest. to Binary

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
​11000000.00010000.00000111.00100011
​     192.     168.       7.      35

Convert Mask to Binary

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
​11000000.00010000.00000111.00100011
​11111111.11111111.11111111.00000000
​     255.     255.     255.       0
​     192.     168.       7.      35

Bitwise AND

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
​11000000.00010000.00000111.00100011
​11111111.11111111.11111111.00000000
&
​11000000.00010000.00000111.00000000

Compare w/Dest.

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
​11000000.00010000.00000111.00100011
​11111111.11111111.11111111.00000000
11000000.10101000.01100100.00000000

​     192.     168.     100.       0
&
​11000000.00010000.00000111.00000000

No Match; Next Entry

Destination Address = 192.16.7.35
11000000.10101000.01100100.00000000

​11000000.00010000.00000111.00000000
not equal
Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3

Nope

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
01101111.00011001.00010011.00000000

​11000000.00010000.00000111.00000000

Nada

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
11000000.00010000.00000111.00001101

​11000000.00010000.00000111.00000000

A Match!

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35
11000000.00010000.00000111.00000000

​11000000.00010000.00000111.00000000
totes equal

Forward to R2

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

R3

The Cloud

Fall-through to Default

Mask Dest. Next Hop Flags Note
255.255.255.0 192.168.100.0 N/A U direct delivery
255.255.255.0 111.25.19.0 N/A U direct delivery
255.255.255.255 192.16.7.13 111.25.19.14 UG forward to R2
255.255.255.0 192.16.7.0 111.25.19.14 UG forward to R2
0.0.0.0 0.0.0.0 111.25.19.21 UG default; fwd. to R3 
Destination Address = 192.16.7.35

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

R3

The Cloud

R1 Decrements IP TTL

​80 00 20 3F 7A 3E
Source MAC Address
​80 00 20 3F 7A 3E
Dest. MAC Address
​80 00
Eth. Type
IP Datagram
Body
​80 00 20 3F
CRC Checksum

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

R1 Updates Source MAC

7A 42 66 00 11 1E
Source MAC Address
IP Datagram
Body
​80 00 20 3F
CRC Checksum

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

​80 00 20 3F 7A 3E
Dest. MAC Address
​80 00
Eth. Type

R1 Updates Dest. MAC

​3E 3E 3E 11 11 11
Dest. MAC Address
​80 00
Eth. Type
IP Datagram
Body
​80 00 20 3F
CRC Checksum

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

7A 42 66 00 11 1E
Source MAC Address

Updates CRC Checksum

​80 00
Eth. Type
IP Datagram
Body
40 00 FF FF
CRC Checksum

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

​3E 3E 3E 11 11 11
Dest. MAC Address
7A 42 66 00 11 1E
Source MAC Address

Direct Delivery from R2 -> C

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

​80 00
Eth. Type
IP Datagram
Body
40 00 FF FF
CRC Checksum
​11 11 11 11 11 00
Dest. MAC Address
42 42 42 42 FF 00
Source MAC Address
no need to decrement TTL

Unroutable IP Datagrams

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

A wants to send IP datagram to C

Unroutable IP Datagrams

A -> R1

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

Unroutable IP Datagrams

R1 -> R2

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

Unroutable IP Datagrams

R2 -> C

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

R2 lost conn. to C

R1

R2

A

B

C

192.168.100.0/24

192.16.7.0/24

111.25.19.0/24

D

R3

The Cloud

Unroutable IP Datagrams

Unroutable IP Datagrams

R1

R2

A

B

C

D

R3

The Cloud

R2 sends ICMP Destination Unreachable to A

Part 4: UDP and TCP

User Datagram Protocol

  • UDP is connectionless, like IP
  • Data flows in one direction
  • UDP adds a port number to an IP datagram
  • Port number allows multiple services same host

IP and UDP: Reliability

D

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

My name is Arthur Gordon Pym. My 
father was a respectable trader 
in sea-stores at Nantucket, where 
I was born.
HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
HA: [My name is Arthur Gordon Pym. My ] 
HX: [fbther wbs b respectbble trbder  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]

IP and UDP: Reliability

can detect errors but not fix them
UDP datagrams sent from B -> C
UDP datagrams received B <- A

D

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
HC: [in sea-stores at Nantucket, where] 
HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HD: [I was born.                      ]

IP and UDP: Reliability

does not guarantee order of delivery
UDP datagrams sent from B -> C
UDP datagrams received B <- A

D

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
HA: [My name is Arthur Gordon Pym. My ] 

HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]

IP and UDP: Reliability

cannot detect dropped datagrams
UDP datagrams sent from B -> C
UDP datagrams received B <- A

D

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
UDP datagrams sent from B -> C
HA: [My name is Arthur Gordon Pym. My ] 

HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
UDP datagrams received B <- A
B needs to tell C what it's sending

D

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

If We Want Reliability...

HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
UDP datagrams sent from B -> C
HA: [My name is Arthur Gordon Pym. My ] 

HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
UDP datagrams received B <- A

D

C needs to tell B what it's received (bi-directional comm.)

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

If We Want Reliability...

HA: [My name is Arthur Gordon Pym. My ] 
HB: [father was a respectable trader  ]
HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
UDP datagrams sent from B -> C
HA: [My name is Arthur Gordon Pym. My ] 

HC: [in sea-stores at Nantucket, where] 
HD: [I was born.                      ]
UDP datagrams received B <- A

D

C needs to tell B what it's received

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

If We Want Reliability...

TCP to the rescue

Key Features of TCP

  • Error detection and correction
    • Any cumulative stream not acknowledged is retransmitted
  • Ordered data transfer
    • Destination host rearranges according to sequence number
  • Flow control
    • Limits the rate a sender transfers data to guarantee reliable delivery

TCP Connection

  • A TCP connection is identified by a 4-tuple of:
    • Receiver IP and port
    • Sender IP and port
  • The connection is stateful, and keeps track of things like:
    • Which bytes that were sent were received
    • The rate at which the receiver can accept bytes
  • The connection is bidirectional and full-duplex

Three-way Handshake

client IP   = 192.168.0.42
client port = 55551

server IP   = 192.168.0.99
server port = 6666
  • Server performs a "passive open," binding a port
  • Client binds to a port (to receive data on) and performs an "active open" to server port

Three-way Handshake

Client
Server
SYN, SEQ=ISN(c)

Three-way Handshake

Client
Server
SYN, SEQ=ISN(c)
SYN+ACK, SEQ=ISN(s), ACK=ISN(c)+1

Three-way Handshake

Client
Server
SYN, SEQ=ISN(c)
ACK, SEQ=ISN(c)+1, ACK=ISN(s)+1
SYN+ACK, SEQ=ISN(s), ACK=ISN(c)+1

Three-way Handshake

Client
Server
SYN, SEQ=ISN(c), WIN=1024B
ACK, SEQ=ISN(c)+1, ACK=ISN(s)+1, WIN=1024B
SYN+ACK, SEQ=ISN(s), ACK=ISN(c)+1, WIN=512B

Sending Data

Client
Server
SEQ=92, DATA=8B

Sending Data

Client
Server
SEQ=92, DATA=8B
ACK=100, WIN=512B

Sending Data

Client
Server
SEQ=92, DATA=8B
SEQ=100, DATA=20B
ACK=100, WIN=512B

Sending Data

Client
Server
SEQ=92, DATA=8B
SEQ=100, DATA=20B
ACK=100, WIN=512B
ACK=120, WIN=512B

Segment Retransmission

Client
Server
SEQ=10, DATA=20B

Segment Retransmission

Client
Server
SEQ=10, DATA=20B
SEQ=10, DATA=20B
RTT expired

Segment Retransmission

Client
Server
SEQ=10, DATA=20B
ACK=30
SEQ=10, DATA=20B
RTT expired

Out of Order Delivery

Client
Server
SEQ=10, DATA=20B

Out of Order Delivery

Client
Server
SEQ=10, DATA=20B
SEQ=30, DATA=15B

Out of Order Delivery

Client
Server
SEQ=10, DATA=20B
SEQ=30, DATA=15B
get
buffered

Out of Order Delivery

Client
Server
SEQ=10, DATA=20B
SEQ=30, DATA=15B
SEQ=10, DATA=20B
RTT expired

Out of Order Delivery

Client
Server
SEQ=10, DATA=20B
ACK=30
SEQ=30, DATA=15B
SEQ=10, DATA=20B
ACK=45
RTT expired

Flow Control

Client
Server
SEQ=92, DATA=8B

Flow Control

Client
Server
SEQ=92, DATA=8B
ACK=100, WIN=512

Flow Control

Client
Server
SEQ=92, DATA=8B
ACK=100, WIN=512
Server stopped processing Client data

Flow Control

Client
Server
SEQ=92, DATA=8B
SEQ=100, DATA=20B
ACK=100, WIN=512
SEQ=120, DATA=360B
Server stopped processing Client data

Flow Control

Client
Server
SEQ=92, DATA=8B
SEQ=100, DATA=20B
ACK=100, WIN=512
ACK=120, WIN=492
SEQ=120, DATA=360B
Server stopped processing Client data

Flow Control

Client
Server
SEQ=92, DATA=8B
SEQ=100, DATA=20B
ACK=100, WIN=512
ACK=120, WIN=492
SEQ=120, DATA=360B
ACK=480, WIN=52
Server stopped processing Client data

So... Why Use UDP?

  • TCP provides reliable transmission of a stream of bytes between hosts across a network
  • TCP requires back-and-forth communication between hosts in order to synchronize connection state
  • TCP connection is between exactly two hosts - no multicast or broadcast possible

D

C

A

B

R1

R2

R3

192.168.100.0/24

111.25.19.0/24

The Cloud

192.16.7.0/24

Part 5: NAT

Why NAT?

  • NAT exists because the Internet was going to run out of IPv4 addresses*
  • NAT allows hosts on a private network to connect to the Internet w/out having a Internet-routable IP addresses
  • A NAT gateway with a single IP address can hide a really freaking big internal network
  • ...but it also makes internal hosts very difficult to dial from the outside

* this is not technically true

Some Setup

  • When client is behind NAT, receiver IP address is that of the NAT's external interface
  • TCP server wants to send segments to the client... so how does this work?

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

172.18.128.5

192.168.100.1

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

172.18.128.5

$ nc -l 6666
Server
$ nc -p 55551 172.18.128.5 6666
Client
client IP   = 192.168.0.42
client port = 55551

server IP   = 172.18.128.5
server port = 6666

192.168.100.1

  • A performs active connect to C
NAT

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

172.18.128.5

$ nc -l 6666
Server
$ nc -p 55551 172.18.128.5 6666
Client
client IP   = 216.9.9.76
client port = 55551

server IP   = 172.18.128.5
server port = 6666

192.168.100.1

  • A performs active connect to C
  • NAT intercepts IP datagram
  • NAT rewrites IP header
NAT

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

172.18.128.5

$ nc -l 6666
Server
$ nc -p 55551 172.18.128.5 6666
Client
client IP   = 216.9.9.76
client port = 4567

server IP   = 172.18.128.5
server port = 6666

192.168.100.1

  • A performs active connect to C
  • NAT intercepts IP datagram
  • NAT rewrites IP header
  • NAT rewrites TCP header
NAT

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

$ nc -l 6666
Server
$ nc -p 55551 172.18.128.5 6666
Client
client IP   = 216.9.9.76
client port = 4567

server IP   = 172.18.128.5
server port = 6666

192.168.100.1

NAT
  • A performs active connect to C
  • NAT intercepts IP datagram
  • NAT rewrites IP header
  • NAT rewrites TCP header
  • NAT stores mapping of internal IP and port to externalized IP and port

172.18.128.5

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

$ nc -l 6666
Server
$ nc -p 55551 172.18.128.5 6666
Client
client IP   = 216.9.9.76
client port = 4567

server IP   = 172.18.128.5
server port = 6666

192.168.100.1

NAT
  • A performs active connect to C
  • NAT intercepts IP datagram
  • NAT rewrites IP header
  • NAT rewrites TCP header
  • NAT stores mapping of internal IP and port to externalized IP and port
  • C receives active connect from N

172.18.128.5

N

A

B

192.168.100.0/24

The Cloud

192.168.100.12

Basic NAT Setup

216.9.9.76

C

$ nc -l 6666
Server
$ nc -p 55551 172.18.128.5 6666
Client
client IP   = 216.9.9.76
client port = 4567

server IP   = 172.18.128.5
server port = 6666

192.168.100.1

NAT

172.18.128.5

remember: TCP conn = 
(src IP/port, dst IP/port)
  • A performs active connect to C
  • NAT intercepts IP datagram
  • NAT rewrites IP header
  • NAT rewrites TCP header
  • NAT stores mapping of internal IP and port to externalized IP and port
  • C receives active connect from N

The Cloud

Z

P1

N1

P2

N2

NAT Hole Punching

The Cloud

Z

N1

N2

NAT Hole Punching

P1

P2

The Cloud

Z

N1

N2

NAT Hole Punching

P1

P2

The Cloud

Z

N1

N2

NAT Hole Punching

P1

P2

The Cloud

N1

N2

Z

???

NAT Hole Punching

P1

P2

P1

The Cloud

N1

P2

N2

Z

Step One: Port Prediction

Z
SYN from port 5555
N2

SYN from port 50000
P2

The Cloud

N1

N2

Z

Step One: Port Prediction

Z
SYN from port 5555
SYN+ACK, data=5555
N2

SYN from port 50000
SYN+ACK, data=5555

P1

P2

P2

The Cloud

N1

N2

Z

Step One: Port Prediction

Z
SYN from port 5555
SYN+ACK, data=5555
N2

SYN from port 50000
SYN+ACK, data=5555
SYN from port 5556
SYN from port 50000

P1

P2

P2

The Cloud

N1

N2

Z

Step One: Port Prediction

Z
SYN from port 5555
SYN+ACK, data=5555
N2

P2

SYN from port 50000
SYN+ACK, data=5555
SYN from port 5556
SYN+ACK, data=5556
SYN from port 50000
SYN+ACK, data=5556

P1

P2

The Cloud

N1

N2

Z

Step One: Port Prediction

Conn. # S port N2 port
1 50000 5555
2 50000 5556
3 ... 5557
4 ... 5558
5 ... 5559 
external N2 port can be predicted!

P1

P2

The Cloud

N1

N2

Z

Step Two: Share w/Rendezvous

Conn. # S port N2 port
1 50000 5555
2 50000 5556
3 ... 5557
4 ... 5558
5 ... 5559

P1

P2

P1

The Cloud

N1

P2

N2

Z

P1 Does This Too

Conn. # P1 port N1 port
1 60000 6666
2 60000 6667
3 ... 6668
4 ... 6669
5 ... 6670

The Cloud

N1

N2

Z

N1
P1

P1

P2

Step Three: Simultaneous SYN

N2

P2

SYN
src.port=60000
dst.port=5557

SYN
src.port=50000
dst.port=6668

The Cloud

N1

N2

Z

N1
P1

P1

P2

Step Three: Simultaneous SYN

N2

P2

SYN
src.port=60000
dst.port=5557

SYN
src.port=6668
dst.port=5557

SYN
src.port=50000
dst.port=6668

SYN
src.port=5557
dst.port=6668

The Cloud

N1

N2

Z

N1
P1

P1

P2

Step Three: Simultaneous SYN

N2

P2

SYN
src.port=60000
dst.port=5557

SYN
src.port=6668
dst.port=5557

SYN
src.port=50000
dst.port=6668

SYN
src.port=5557
dst.port=6668

SYN
src.port=5557
dst.port=6668

The Cloud

N1

N2

Z

N1
P1

P1

P2

Step Three: Simultaneous SYN

N2

P2

SYN
src.port=60000
dst.port=5557

SYN
src.port=6668
dst.port=5557

SYN
src.port=50000
dst.port=6668

SYN
src.port=5557
dst.port=6668

SYN
src.port=5557
dst.port=6668

SYN + ACK
src.port=77777
dst.port=5557

SYN + ACK
src.port=77777
dst.port=5557

SYN + ACK
src.port=77777
dst.port=5557

TCP connections are full-duplex and bidirectional!
  • TCP/IP stack divided up into layers
  • Each layer has a separate set of concerns
  • ARP maps IP addresses to MAC addresses
  • IP relays information across network boundaries
  • TCP provides applications with reliable byte stream abstraction
  • NAT expands effective size of the Internet at the cost of dialability

Recap

Buy This Book

  • Lots of stuff to learn in networking land
  • Sometimes our abstractions leak, so it's useful to know how the underlying stuff works
  • Thanks for listening to my book report

2019 C5 Summit: TCP/IP Basics

By laser

Made with Slides.com

2019 C5 Summit: TCP/IP Basics

  • 29

More from laser

  • CIS 194: Intro. to Haskell (May 5, 2022)
    laser
    12
  • CIS 194: Intro. to Haskell (July 10, 2018)
    laser
    9
  • Blue/Green Rails - LA Ruby on Rails - Feb. 8, 2018
    laser
    23