CHAPTER 3

TRANSPORT LAYER

Prepared by: Eng. Farah Abudabaseh

TRANSPORT LAYER
FUNCTIONS

Prepares the data to be sent over the network layer.

• Uses port number and sequence number to assemble and distinguish between multiple applications
segments received at a device .
• This also allows data to be multiplexed on the line.
TRANSPORT
LAYER

• The transport layer provides two protocols

• TCP – Transmission Control Protocol.

• UDP – User Datagram Protocol.

• The layer PDU is called a Segment.

• The Layer 4 data stream is a:

• Logical connection between the endpoints .

• Provides transport services “Negotiate transfer details

3
before sending data”.
TCP UDP
TCP VS.
UDP

 UDP provides:
• TCP provides:

• Connection establishment.
“Negotiate transport details”
• Reliable , error checked data.
• Flow and congestion control.
• Ordered delivery.
 No connection establishment.
“Does not negotiate details”
 Unreliable , no data error checking.
 No flow or congestion control.
 No ordered delivery.
 Applications :

 DNS (usually) , DHCP

• Applications:  RTP (Real-Time Protocol)
 VoIP , Video
• HTTP , FTP , Telnet , SMTP

4
 HTTP FTP TFTP

Web Server

TCP

TCP
Email and
TCP FTP Server
UDP

TCP
UDP

• A single client might have multiple TCP or UDP connections with multiple servers at the same time.
• As the TCP perform handshaking , it is represented by a two ways arrow.
6
 SEGMENTATION AND REASSEMBLY

• An Ethernet frame has a maximum frame size or Maximum Transmission Unit (MTU) of 1,518 bytes.

• When a larger messages to be sent, data must be segmented .

• The maximum size of the frame determines what should the segment size be.
• Each segment is encapsulated in a frame after being addressed and numbered.
 20 octets 20 octets 1460 octets

TCP MSS =1460

Data = 1460 octets

1500 octets

Note : 2346 bytes for

wireless.

Determining TCP MTU

• Ethernet MTU defines the maximum size of the data segment which is negotiated
with the destination using the maximum segment size (MSS) option field in the TCP SYN packet.

8
Transport Layer

segment segment

• TCP /UDP protocols encapsulate data into segments.

• Segment is encapsulated in to a packet in the network layer. The network layer protocol IP is a best-effort
service “ Not guaranteed or Unreliable service .

• TCP/UDP extend IP’s delivery service between two end systems by it’s offered services. 9
TCP Header UDP Header

Application Header i.e.

(HTTP) header + data
or

10
Some types of data where errors can be tolerated might be send quickly.
PORT NUMBERS: TCP AND UDP
IDENTIFYING THE CONVERSATIONS

IP Packet Header
• At the TCP/IP Internet Layer:

• When a packet is decapsulated at the destination, the protocol code in the IP Packet Header
specifies whether the segment is TCP or UDP.

• Port numbers are used to inform the receiver the proper application by which it should process the
“Data”.” Used to pass information to upper layers”
 The combination of the port number and the host IP address uniquely identifies a particular process
running “socket number” . An HTTP web page with (port 80) running on a host with IP address of
192.168.1.20 would be destined to socket 192.168.1.20:80.

 Port numbers are assigned by the Internet Assigned Numbers Authority (IANA).

 Port numbers are divided in to three main categories (Well known ports , Registered ports , Dynamic or
private ports).

14
PORT ADDRESSING TYPES AND TOOLS
• Well-Known Ports:

• Reserved for common services and applications.

20 – FTP Data 443 – HTTPS

25 – SMTP
21 – FTP Control
69 – TFTP
110 – POP3
23 – Telnet
520 – RIP
194 – IRC
PORT ADDRESSING TYPES AND TOOLS
• Registered Ports:

• Non-common Optional user processes and applications.

• May also be used as dynamic or private port (next).

1863 – MSN Messenger 1812 – RADIUS

2000 – Cisco VoIP

8008 – Alternate HTTP

5004 – RTP
8080 – Alternate HTTP

5060 – SIP (VoIP)

PORT ADDRESSING TYPES AND TOOLS

• Dynamic Ports:

• Usually assigned dynamically to client applications initiating a connection.

• Note: Some peer-to-peer file sharing programs use these ports as Register Ports.
 Client Server
Example : Establishing a Telnet session

Telnet
Client TCP Header

1028
23

Telnet Data

 Client sends TCP segment with:

• Destination Port: 23 (Well known port number)
• Source Port: 1028 (Dynamic Port assigned by client)

18
 Client Server
Example : Establishing a Telnet session

Telnet
Server TCP Header

23 1028

Telnet Data

 Server responds with TCP segment with:

• Destination Port: 1028 (Dynamic Port assigned by client)

• Source Port: 23 (Well known port number)
19
 Same client to same server but with two different HTTP
sessions
49888 49890
• Client: Same destination port

• Client: Different source ports to uniquely identify this

web session.

C:\netstat -n
Destination Port Connection State
Active Connections Source Port
TCP Proto Local Address Foreign Address State
or TCP 192.168.1.101:49888 198.133.219.25:80 TIME_WAIT
UDP TCP 192.168.1.101:49890 198.133.219.25:80 TIME_WAIT

Source IP Destination IP
20
CONNECTIONLESS TRANSPORT: UDP
 UDP

0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

16-bit UDP Length 16-bit UDP Checksum

Data (if any)

It is a Connectionless transport protocol.

• No “handshaking” (no connection establishment) as with TCP (coming).

• Unreliable delivery.
• No error checking.
• No flow control.
• No congestion control.
• No ordered delivery.
22
 THE UDP HEADER – A SMALLER HEADER OVERHEAD

• source port -- the number of the calling port. 0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

• destination port -- the number of the called port.
16-bit UDP Length 16-bit UDP Checksum
• UDP length -- Length of the UDP header.
Data
• checksum -- Calculated checksum of the header and data fields.
“Error checking”

• Data -- upper-layer protocol data .

• TCP header has 20 bytes of overhead.

• UDP header has only 8 bytes of overhead

Why would an application developer choose TCP rather than UDP?

 Less control overhead..

• Applications that use UDP can tolerate some data loss:

 Streaming video

 VoIP (Voice over IP)

• TCP will continue to resend segments that are not acknowledged.

• Application decides whether or not to resend entire file: TFTP 23
UDP - NO CONNECTION ESTABLISHMENT

Client Server
0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

16-bit UDP Length 16-bit UDP Checksum

Data (if any) UDP

s eg men t
Time
UDP
s eg me n t
UDP
s eg men t
UDP
s eg me n t

• TCP uses a three-way handshake to establish a connection (coming)

• UDP does not – it just blasts away the data segments to the sender.
• No delay to establish connection.
24
UDP CHECKSUM ..ERROR DETECTION BUT NOT CORRECTION

 If datagrams take multiple paths, they will sometimes arrive in the wrong order. UDP does not sequence
or acknowledge datagrams as TCP does .

 UDP (only detects if there is an error) it does nothing to recover the error.

 Re-sequencing datagrams and handling missing data is up to the application.

 It is up to the application layer protocol (example TFTP) to decide what to do, such as prompt the user
to download/upload the entire file again.

 Using UDP doesn’t mean that the connection is not reliable .

 It means that UDP get the help of the application layer it self to try to arrange data and recover
errors.

25
UDP
• The user uses TFTP to upload a file to a TFTP server.

26
CONNECTION-ORIENTED TRANSPORT:
TCP
 TCP

• TCP provides reliable delivery on top of unreliable IP

• TCP provides:
• Reliable delivery 0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

• Error checking
• Flow control 32-bit Sequence Number

• Congestion control 32 bit Acknowledgement Number

• Ordered delivery 4-bit Header 6-bit U A P R S F

R C S S Y I
Length (Reserved) 16-bit Window Size
G K H T N N
• Connection establishment
16-bit TCP Checksum 16-bit Urgent Pointer

 source port -The calling port .

Options (if any)
 destination port -The called port .
 sequence number -A number used to ensure Data (if any)
correct sequencing of the arriving data .
 Acknowledgment number - the next expected
TCP octet.

28
 0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

32-bit Sequence Number

TCP
32 bit Acknowledgement Number

4-bit Header 6-bit U A P R S F

Length (Reserved) R C S S Y I 16-bit Window Size
G K H T N N

16-bit TCP Checksum 16-bit Urgent Pointer

Options (if any)

Data (if any)

 HLEN -the number of 32-bit words in the header .

 code bits -the control functions (e.g. setup and termination of a session).
 window -the number of octets that the sender is willing to accept .
 checksum -the calculated checksum of the header and data fields .
 urgent pointer -indicates the end of the urgent data .
 option -one currently defined: maximum TCP segment size.
 data -upper-layer protocol data .
29
3 WAY HANDSHAKE – ROLE

• The 3 way handshake :

• Verifies that the destination device has an active service and inform it that the source client intends to establish
a communication session on that port number.

• The initial window size is also determined during the three-way handshake.

• Sequence number synchronization is used to track the order of packets to ensure no packets lost in
transmission.
THREE-WAY
HANDSHAKE
Step 1:

Client Web Server

• HTTP Request (GET), is sent by the client.

• A TCP client perform the three-way handshake before

sending data. SYN, SEQ=8563

SYN Received
• The three-way handshake starts by sending a segment
with the SYN (Synchronize Sequence Number) control
flag set, indicating an initial value in the sequence number
field in the header.

• The Initial Sequence Number (ISN) is randomly chosen

and is used to begin tracking the flow of data from the
client to the server for this session. Note: ISNs do not start
a 0 or 1. “security issues” (Beyond the scope of this
presentation.)
 32

• Step 1: Client sends ISN, SEQ=8563 (last four digits)

 Client Web Server
THREE-WAY
HANDSHAKE

SYN, SEQ=8563

SYN Received

SYN, ACK,
SEQ=1678
SYN, ACK Received
ACK=8564

Step 2:

• The TCP server needs to acknowledge the receipt of the SYN segment.
• Server sends a segment back to the client with ACK flag set.

• The value of the acknowledgment number field is equal to the client initial sequence number
plus 1. (Expectational acknowledgement - The next byte this host expects to receive ).

33
• SYN flag is also set with its own random ISN for the Sequence number.
 34

• Step 2: Server responds with ACK=8564, own ISN, SEQ=1678

 Client Web Server

THREE-WAY
HANDSHAKE
SYN, SEQ=8563

SYN Received

SYN, ACK,
SEQ=1678
SYN, ACK Received
ACK=8564
ACK,
SEQ=8564
ACK=1679 ACK Received

HTTP Request
(GET)
Step 3:

• TCP client responds with a segment containing an ACK that is the response to the TCP SYN sent by the server.

• The value in the acknowledgment number field contains one more than the initial sequence number received from the
server.
• After the three way handshaking is completed , The client can now send application data encapsulated in TCP
35
segment.
• HTTP Request (GET)
 36

• Step 3: Client sends ACK=1679

TCP: CONNECTION TERMINATION

0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

32-bit Sequence Number

32 bit Acknowledgement Number

4-bit Header 6-bit U A P R S F

Length (Reserved) R C S S Y I 16-bit Window Size
G K H T N N

16-bit TCP Checksum 16-bit Urgent Pointer

Options (if any)

Data (if any)

1. When the client has no more data to send in the stream, it sends a segment with the FIN flag set.

2. The server sends an ACK to acknowledge the receipt of the FIN to terminate the session from client to
server.

3. The server sends a FIN to the client, to terminate the server to client session.

4. The client responds with an ACK to acknowledge the FIN from the server. 37
 0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

32-bit Sequence Number

FLOW CONTROL AND 32 bit Acknowledgement Number

RELIABILITY 4-bit Header 6-bit U A P R S F

R C S S Y I
Length (Reserved) 16-bit Window Size
G K H T N N

16-bit TCP Checksum 16-bit Urgent Pointer

Options (if any)

Data (if any)

• Reliability

• Guaranteed delivery – by resending data that is not received.

• Flow Control

• Each host has a receive buffer for the TCP connection.

• Flow control makes sure these buffers do not receive more data than the connection can
handle.
38
 0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number

Client W
indow
Size=5,
32-bit Sequence Number 000

er W indow
Serv 0
32 bit Acknowledgement Number
10,00
Size=
4-bit Header 6-bit U A P R S F
Length (Reserved) R C S S Y I 16-bit Window Size
G K H T N N

16-bit TCP Checksum 16-bit Urgent Pointer

Options (if any)

Data (if any)

Flow Control and Reliability

• The receiving host's TCP layer reports a window size to the sending host's TCP layer. “The
maximum number of received data (bytes) that can be buffered by this host, before an
acknowledgment from this (the receiver host ) will be sent.
• TCP is a full duplex service, client and server specify their own window sizes. 39
 Client Win
dow
Size=5,000
My Receive My Receive Window:
Window: 5,000 dow 10,000
erver Win
S 0
10,00
Size=

“I can send 10,000 bytes “I can send 5,000 bytes

without hearing an ACK, without hearing an ACK,
and I can only receive and I can only receive
5,000 bytes at a time.” 10,000 bytes at a time.”

Client Example

• Receive Window Size=5,000 bytes – Server can only send 5,000 bytes before it receives an acknowledgement.

• Send Window Size = 10,000 bytes – Server told the client that client can send the server 10,000 bytes before
receiving an acknowledgment.
40
FLOW CONTROL AND RELIABILITY

Application Data (100,000 bytes)

1-1000 1001-2000 2001-3000 3001-4000 4001-5000 …

TCP 1-1000 TCP Segment

 When TCP has a large file (such an image) it breaks it into equal segments, with the last segment
typically smaller.

 In the past example: server window Size of 10,000 bytes.

 For example, starting with a sequence number of 2000, if 10 segments of 1000 bytes each were received
by the server, an acknowledgement number of 12001 would be returned to the source.

41
 MSS of 1,000 bytes
Client Web
Client Wind Server
ow
Size=5,000
bytes Send Window=5,000
SEQ=1 (to 1,000)
• This is known as a Stop-and-Wait indow
Server W 0bytes …
,00 SEQ=1,001 (to 2,000)
windowing protocol. Size=10
SEQ=2,001 (to 3,000)
• Server must wait for SEQ=3,001 (to 4,000)
acknowledgment before SEQ=4,001 (to 5,000)
continuing to send data.
Send Window: Byte 10,000
ACK=5,0
0 1 (With Sliding windows)

SEQ=5,001 (to 6,000)

… SEQ=6,001 (to 7,000)
SEQ=7,001 (to 8,000)
SEQ=8,001 (to 9,000)
SEQ=9,001 (to 10,000)

Send Window: Byte 15,000

ACK=1
0 ,001
42
SEQ=10,001 (to 11,000)
….
TCP RETRANSMISSION

• A destination host service using TCP usually only acknowledges data for contiguous sequence bytes.

• If one or more segments are missing, only the data in the segments that complete the stream are
acknowledged.
SLIDING WINDOWS

A better method is Sliding Windows

• Sliding window algorithms are methods of flow control used by the receiver to control data transfer
( flow) using the receivers Window size.

• If more data can be handled, acceptable window size increases.

• Over time, this sliding window size increases as the receiver acknowledges data.

44
 THE TCP RETRANSMISSION
TIMER

• TCP uses a single retransmission timer for all of it’s unacknowledged segment sent within a TCP
connection.

• We will use three simple examples to explain how this works.

45
Scenario 1: Loss of an ACK
Client Web
Server

• Web Server sends data. data

, 8 bytes
SEQ=92
• Starts TCP retransmission timer.
ACK
• Client: =1 00
• Segment received Timeout
• Sends ACK X
(TCP
• But ACK from Client gets lost (dropped somewhere) (loss) Retransmission
Timer)
• Web Server ata
Q=92 , 8 bytes d
SE
• Waiting for ACK.
• TCP Retransmission Timer expires.
ACK
=1 00
• Retransmits segment.

• Client
• Receives segment but discards it.
• Resends ACK

• Web Server
• Receives ACK
46
Scenario 2: ACK arrives after timer expires Web Server

Client
• Web Server:

ata
• Sends 2 segments Q=92 , 8 bytes d
SE seq 92
• Starts timer for oldest segment, SEQ=92 s data Timeout
Q=10 0, 20 byte
• Waits for ACK SE

AC (TCP
AC K= Retransmission
• Client: K
10
0 Timer)
=1
• Receives both segments 2 0
• Sends 2 separate ACKs , 8 bytes data
S EQ=92
seq 92
Timeout
• Web Server: AC
K=
• Neither ACK has arrived yet 12
0
• Timer for SEQ=92 expires
• Resends segment SEQ=92
• Restarts timer for SEQ=92 This ACK tells
the Web Server
• Client: that both
segments have
• Receives retransmitted SEQ=92 segment. been received.
• Discards segment
47
• Re-sends ACK=120 for next byte needed
 Client Web Server
Scenario 3: Loss of first ACK

• Web Server: data

, 8 bytes
SEQ=92 seq 92
• Sends 2 segments s data Timeout
Q= 10 0, 20 byte
SE
• Starts timer for oldest segment, SEQ=92
ACK
=10 (TCP
• Waits for ACK 0
ACK Retransmission
=12
• Client:
0 X Timer)
(loss)
• Receives both segments
• Sends 2 separate ACKs
• ACK for first segment, ACK=100, is lost

• Web Server:
• Before timer expires for SEQ=92 ACK
(ACK=100), receives ACK=120
• Web Server knows that Client has received
everything up to byte 119.
• Does not need to resend either of the two
segments. 48
 A FEW MORE NOTES ON WINDOW SIZE, TIMERS, ETC.
0 15 16 31 0 15 16 31

16-bit Source Port Number 16-bit Destination Port Number 16-bit Source Port Number 16-bit Destination Port Number

32-bit Sequence Number 32-bit Sequence Number

32 bit Acknowledgement Number 32 bit Acknowledgement Number

4-bit Header 6-bit U A P R S F 4-bit Header 6-bit U A P R S F

Length (Reserved) R C S S Y I 16-bit Window Size R C S S Y I
G K H T N N
Length (Reserved) 16-bit Window Size
G K H T N N

16-bit TCP Checksum 16-bit Urgent Pointer 16-bit TCP Checksum 16-bit Urgent Pointer

Options (if any) Options (if any)

Data (if any) Data (if any)

• The host may reduce it’s Window Size if:

• ACKs not arriving before retransmission timer expires or not arriving at all.
• This may also cause the host to increase it’s retransmission timer interval.
• Receive buffers are decreasing, filling up.

• The host may increase it’s Window Size if:

• ACKs are received before retransmission timer expires
• Receive buffers are increasing, less bits to process.
49
TCP/IP APPLICATION LAYER PROTOCOLS

Application
Layer
FTP HTTP SMTP Telnet TFTP SNMP DHCP DNS

20 & 21 80 25 23 69 161 67 & 68 53

Transport
Layer
TCP UDP

Internet

IP
Layer

Network
Access
Layer LAN / WAN
50
SUMMARY: PORT NUMBERS

Port Layer 4
Application Description
Number Protocol
20 FTP TCP File Transfer Protocol – Data

21 FTP TCP File Transfer Protocol – Control Commands

23 TELNET TCP Terminal connection

25 SMTP TCP Simple Mail Transfer Protocol - Email

53 DNS UDP Domain Name System

67,68 DHCP UDP Dynamic Host Configuration Protocol

69 TFTP UDP Trivial File Transfer Protocol

80 HTTP TCP Hypertext Transfer Protocol