TCP headers
The TCP headers must be able to perform all of the tasks above. We have already explained when and where some of the headers are used, but there are still other areas that we haven't touched very deeply at. Below you see an image of the complete set of TCP headers. It is formatted in 32 bit words per row, as you can see.
Source port - bit 0 - 15. This is the source port of the packet. The source port was originally bound directly to a process on the sending system. Today, we use a hash between the IP addresses, and both the destination and source ports to achieve this uniqueness that we can bind to a single application or program.
Destination port - bit 16 - 31. This is the destination port of the TCP packet. Just as with the source port, this was originally bound directly to a process on the receiving system. Today, a hash is used instead, which allows us to have more open connections at the same time. When a packet is received, the destination and source ports are reversed in the reply back to the originally sending host, so that destination port is now source port, and source port is destination port.
Sequence Number - bit 32 - 63. The sequence number field is used to set a number on each TCP packet so that the TCP stream can be properly sequenced (e.g., the packets winds up in the correct order). The Sequence number is then returned in the ACK field to ackonowledge that the packet was properly received.
Acknowledgment Number - bit 64 - 95. This field is used when we acknowledge a specific packet a host has received. For example, we receive a packet with one Sequence number set, and if everything is okey with the packet, we reply with an ACK packet with the Acknowledgment number set to the same as the original Sequence number.
Data Offset - bit 96 - 99. This field indicates how long the TCP header is, and where the Data part of the packet actually starts. It is set with 4 bits, and measures the TCP header in 32 bit words. The header should always end at an even 32 bit boundary, even with different options set. This is possible thanks to the Padding field at the very end of the TCP header.
Reserved - bit 100 - 103. These bits are reserved for future usage. In RFC 793 this also included the CWR and ECE bits. According to RFC 793 bit 100-105 (i.e., this and the CWR and ECE fields) must be set to zero to be fully compliant. Later on, when we started introducing ECN, this caused a lot of troubles because a lot of Internet appliances such as firewalls and routers dropped packets with them set. This is still true as of writing this.
CWR - bit 104. This bit was added in RFC 3268 and is used by ECN. CWR stands for Congestion Window Reduced, and is used by the data sending part to inform the receiving part that the congestion window has been reduced. When the congestion window is reduced, we send less data per timeunit, to be able to cope with the total network load.
ECE - bit 105. This bit was also added with RFC 3268 and is used by ECN. ECE stands for ECN Echo. It is used by the TCP/IP stack on the receiver host to let the sending host know that it has received an CE packet. The same thing applies here, as for the CWR bit, it was originally a part of the reserved field and because of this, some networking appliances will simply drop the packet if these fields contain anything else than zeroes. This is actually still true for a lot of appliances unfortunately.
URG - bit 106. This field tells us if we should use the Urgent Pointer field or not. If set to 0, do not use Urgent Pointer, if set to 1, do use Urgent pointer.
ACK - bit 107. This bit is set to a packet to indicate that this is in reply to another packet that we received, and that contained data. An Acknowledgment packet is always sent to indicate that we have actually received a packet, and that it contained no errors. If this bit is set, the original data sender will check the Acknowledgment Number to see which packet is actually acknowledged, and then dump it from the buffers.
PSH - bit 108. The PUSH flag is used to tell the TCP protocol on any intermediate hosts to send the data on to the actual user, including the TCP implementation on the receiving host. This will push all data through, unregardless of where or how much of the TCP Window that has been pushed through yet.
RST - bit 109. The RESET flag is set to tell the other end to tear down the TCP connection. This is done in a couple of different scenarios, the main reasons being that the connection has crashed for some reason, if the connection does not exist, or if the packet is wrong in some way.
SYN - bit 110. The SYN (or Synchronize sequence numbers) is used during the initial establishment of a connection. It is set in two instances of the connection, the initial packet that opens the connection, and the reply SYN/ACK packet. It should never be used outside of those instances.
FIN - bit 111. The FIN bit indicates that the host that sent the FIN bit has no more data to send. When the other end sees the FIN bit, it will reply with a FIN/ACK. Once this is done, the host that originally sent the FIN bit can no longer send any data. However, the other end can continue to send data until it is finished, and will then send a FIN packet back, and wait for the final FIN/ACK, after which the connection is sent to a CLOSED state.
Window - bit 112 - 127. The Window field is used by the receiving host to tell the sender how much data the receiver permits at the moment. This is done by sending an ACK back, which contains the Sequence number that we want to acknowledge, and the Window field then contains the maximum accepted sequence numbers that the sending host can use before he receives the next ACK packet. The next ACK packet will update accepted Window which the sender may use.
Checksum - bit 128 - 143. This field contains the checksum of the whole TCP header. It is a one's complement of the one's complement sum of each 16 bit word in the header. If the header does not end on a 16 bit boundary, the additional bits are set to zero. While the checksum is calculated, the checksum field is set to zero. The checksum also covers a 96 bit pseudoheader containing the Destination-, Source-address, protocol, and TCP length. This is for extra security.
Urgent Pointer - bit 144 - 159. This is a pointer that points to the end of the data which is considered urgent. If the connection has important data that should be processed as soon as possible by the receiving end, the sender can set the URG flag and set the Urgent pointer to indicate where the urgent data ends.
Options - bit 160 - **. The Options field is a variable length field and contains optional headers that we may want to use. Basically, this field contains 3 subfields at all times. An initial field tells us the length of the Options field, a second field tells us which options are used, and then we have the actual options. A complete listing of all the TCP Options can be found in TCP options, below.
Padding - bit **. The padding field pads the TCP header until the whole header ends at a 32-bit boundary. This ensures that the data part of the packet begins on a 32-bit boundary, and no data is lost in the packet. The padding always consists of only zeros.
TCP Options
| Copy | Class | Number | Value | Name | Reference |
|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | EOOL - End of Options List | [RFC791, JBP] |
| 0 | 0 | 1 | 1 | NOP - No Operation | [RFC791, JBP] |
| 1 | 0 | 2 | 130 | SEC - Security | [RFC1108] |
| 1 | 0 | 3 | 131 | LSR - Loose Source Route | [RFC791, JBP] |
| 0 | 2 | 4 | 68 | TS - Time Stamp | [RFC791, JBP] |
| 1 | 0 | 5 | 133 | E-SEC - Extended Security | [RFC1108] |
| 1 | 0 | 6 | 134 | CIPSO - Commercial Security | [???] |
| 0 | 0 | 7 | 7 | RR - Record Route | [RFC791, JBP] |
| 1 | 0 | 8 | 136 | SID - Stream ID | [RFC791, JBP] |
| 1 | 0 | 9 | 137 | SSR - Strict Source Route | [RFC791, JBP] |
| 0 | 0 | 10 | 10 | ZSU - Experimental Measurement | [ZSu] |
| 0 | 0 | 11 | 11 | MTUP - MTU Probe | [RFC1191]* |
| 0 | 0 | 12 | 12 | MTUR - MTU Reply | [RFC1191]* |
| 1 | 2 | 13 | 205 | FINN - Experimental Flow Control | [Finn] |
| 1 | 0 | 14 | 142 | VISA - Experimental Access Control | [Estrin] |
| 0 | 0 | 15 | 15 | ENCODE - ??? | [VerSteeg] |
| 1 | 0 | 16 | 144 | IMITD - IMI Traffic Descriptor | [Lee] |
| 1 | 0 | 17 | 145 | EIP - Extended Internet Protocol | [RFC1385] |
| 0 | 2 | 18 | 82 | TR - Traceroute | [RFC1393] |
| 1 | 0 | 19 | 147 | ADDEXT - Address Extension | [Ullmann IPv7] |
| 1 | 0 | 20 | 148 | RTRALT - Router Alert | [RFC2113] |
| 1 | 0 | 21 | 149 | SDB - Selective Directed Broadcast | [Graff] |
| 1 | 0 | 22 | 150 | NSAPA - NSAP Addresses | [Carpenter] |
| 1 | 0 | 23 | 151 | DPS - Dynamic Packet State | [Malis] |
| 1 | 0 | 24 | 152 | UMP - Upstream Multicast Pkt. | [Farinacci] |
Network Bulls
Best Institute for CCNA CCNP CCSP CCIP CCIE R&S, CCIE Security Training in India
www.networkbulls.com
M-44, Old Dlf, Sector-14
Gurgaon, Haryana, india
Best Institute for CCNA CCNP CCSP CCIP CCIE R&S, CCIE Security Training in India
www.networkbulls.com
M-44, Old Dlf, Sector-14
Gurgaon, Haryana, india
0 comments:
Post a Comment