Computer Networks Lecture 24: The TCP and UDP Headers

00:00

hello my name is jeff messier i'm a

00:01

professor in electrical and computer

00:03

engineering in the schulich school of

00:05

engineering

00:06

and this is module 24 in my computer

00:08

networks lecture series

00:10

where i talk about tcp and udp

00:13

headers now you'll have noticed and i

00:16

have discussed

00:17

um in the past during this lecture

00:20

series that

00:21

you know i don't tend to go into any one

00:24

protocol in a huge amount of detail so

00:26

if you do find yourself making a living

00:29

in

00:30

network operation or network design at

00:33

some point you will

00:34

have to become very sort of intimately

00:37

familiar with a particular communication

00:39

standard maybe

00:41

you're provisioning ip networks and you

00:43

need to sink yourself into what ip is

00:46

all about

00:47

maybe you have a job with a cellular

00:50

provider and you need to learn a

00:52

particular cellular standard

00:55

regardless of what it is at some point

00:56

you're going to have to you're going to

00:58

find yourselves

00:59

being

01:02

having the opportunity to read a

01:05

standards document and standards

01:07

documents tend to be very long

01:09

very detailed and very full of

01:12

things like header specifications

01:15

packet formats all that kind of stuff

01:19

and

01:19

i try not to get into that level of

01:22

detail too much

01:23

in this lecture series because instead i

01:25

want to focus on kind of the

01:27

fundamental problems and challenges

01:30

that network design has to contend with

01:34

regardless of whether we're looking at

01:36

our specific wireless standard or

01:38

particular wired

01:40

standard and so my hope is that what

01:43

you're going to get out of this lecture

01:44

series

01:45

is sort of kind of the enduring

01:48

understanding of how

01:49

networks behave and operate regardless

01:52

of

01:52

the particular protocol standard that

01:54

you're working with

01:56

that being said every once in a while

01:58

there is value to diving down into the

02:00

details and that's what i'm going to do

02:02

here

02:02

so this lecture module is kind of a

02:06

little bit of a

02:07

intro or companion module to module 25

02:11

which is where we look at a

02:12

tcp session in detail so we're going to

02:15

look

02:15

at all of the control packets that get

02:18

sent back and forth when

02:20

setting up and tearing down a tcp

02:22

session between two nodes

02:24

and in order to understand all of the

02:27

detail that we're going to be looking at

02:29

we do

02:29

need to examine specifically

02:33

the different fields that you find in a

02:35

tcp

02:36

header and what they all mean a lot of

02:39

it is going to be

02:41

kind of just showing you

02:45

where certain things are implemented

02:46

that you already understand so things

02:48

like port numbers for example

02:50

we've talked about what port numbers are

02:53

you'll just see where they fit into the

02:55

the tcp header

02:56

and tacked on to the end of this

02:59

discussion i'm also going to introduce

03:01

very briefly the udp standard

03:03

talk about how it differs from tcp and

03:06

what its header looks like as well

03:09

okay so let's dive right in so to start

03:12

off

03:13

the first four

03:17

fields in the tcp header the fir the

03:19

first are given in the slide the first

03:21

two

03:22

are the port numbers so we have a source

03:25

port number

03:26

and a destination port number

03:29

port numbers are 16 bits as we've

03:32

already discussed

03:33

and the difference between these two

03:35

values is

03:37

the source port is the port number on

03:40

the machine where the packet is being

03:42

generated

03:43

the destination port is the port number

03:45

we want to connect to on our destination

03:47

machine so for example if our computer

03:50

was connecting to a web server the

03:53

destination port

03:54

would be port 80 and the source port

03:58

would be whatever randomly generated

04:00

port number

04:01

our operating system decided to assign

04:04

to this particular tcp connection

04:07

the next field we have is the 32-bit

04:10

sequence number

04:11

and as we've talked about the sequence

04:13

number is basically the

04:15

byte index of the first byte carried in

04:18

the payload of

04:19

our tcp packet and

04:22

we initialize the sequence number to the

04:25

initial sequence number or isn't

04:28

the isn can be basically anything

04:32

but quite often we

04:34

[Music]

04:37

will see zero used as the isn

04:40

and the sequence number wraps around so

04:43

it wraps to zero after it reaches

04:45

um two to the 32 minus one

04:48

and that's no problem because we use

04:51

windows

04:52

and so we're never going to have more

04:53

packets outstanding than 2 to the 32 and

04:56

so the wrap around doesn't cause us any

04:58

problems

05:00

the next field is the acknowledgement

05:02

number and the way tcp works

05:04

is we

05:08

don't have like a special dedicated

05:10

header

05:11

or packet type for acknowledgements

05:14

instead the acknowledgement information

05:16

is just embedded in the standard tcp

05:20

packet header and that's so to allow

05:24

us to kind of piggyback acknowledgement

05:26

information on a data frame that's going

05:28

in the opposite direction so typically

05:30

data frames are being sent back and

05:31

forth between the two nodes

05:32

this just allows us to piggyback

05:34

acknowledgments

05:36

sometimes however frames will be sent

05:38

with

05:39

no data payload and with just

05:41

acknowledgement information

05:42

in the frame as we're gonna see and of

05:45

course

05:46

as we've seen in our our previous

05:47

modules the

05:49

um the value of the act number is

05:53

basically the index

05:54

of the byte that the receiver is

05:56

expecting to

05:57

receive next and so that means

06:00

everything

06:01

up to and including one minus the

06:03

acknowledgement value has been

06:05

received successfully in order by the

06:07

receiver

06:09

the next field we have is header length

06:12

the reason why we have a header length

06:16

field is because the tcp header does

06:19

support

06:20

optional sort of control information

06:23

that might be present in the header or

06:25

it might not and as a result we can have

06:26

a variable sized header

06:29

so

06:33

following the header length we have

06:37

six reserved bits that are used for

06:39

nothing

06:40

and you know it's it's fine to have

06:43

reserved bits i i guess

06:44

on on some levels but as we're going to

06:47

see this is this can be kind of a

06:48

dangerous thing from a security point of

06:50

view because when we

06:51

when we talk about security we'll see

06:54

that you know sometimes

06:56

malware traffic that that's trying to um

07:00

you know covertly or secretly exchange

07:02

information

07:03

will sometimes intentionally set things

07:05

like these reserved bits to particular

07:07

values

07:08

so that other malware programs can

07:10

recognize

07:12

malware traffic following the reserve

07:15

bits we have

07:16

nine flag bits the first

07:20

three non-cdwr and ecn echo we're not

07:24

really going to talk about very much

07:26

they're used for congestion control

07:29

the next

07:32

flag is the urg or urgent

07:36

flag when this is set the urgent pointer

07:39

is

07:40

valid and we'll talk about the urgent

07:42

pointer in a second this is

07:44

basically meant to

07:45

[Music]

07:47

sort of expedite or prioritize

07:50

this packet being delivered to

07:55

the the higher layers of of the protocol

07:57

stack but it

07:58

it's not really used anymore either

08:02

the ack flag is definitely used so when

08:06

the act flag is set that means

08:07

that the header contains valid ack

08:10

information

08:11

if the act flag is zero then the header

08:14

still contains an

08:15

ack number but that act number is not

08:18

not considered valid there's psh

08:22

or the push flag the push flag if this

08:25

is set

08:26

then it means that the data packet

08:28

should be immediately

08:29

pushed up to the application layer

08:31

sometimes different tcp implementations

08:33

will buffer several packets together

08:36

before sending them up to the

08:38

application layer but the

08:39

the push flag forces that applicator or

08:42

forces the

08:43

the um the frame to get pushed up to the

08:46

application

08:48

the reset flag

08:52

is if this is set um we abort the

08:55

connection due to some sort of abnormal

08:57

conditions that may have occurred

08:59

and the sin and the fin flags as we're

09:02

going to see

09:03

are used for connection setup and

09:06

connection termination and we're going

09:07

to see those featured very prominently

09:09

in the next module where we go through

09:11

our tcp session example

09:13

finally we have our window size

09:16

and we've talked about that already as

09:18

well this is the number of bytes

09:21

the center of the package is willing to

09:22

accept before

09:25

a an acknowledgment needs to be sent so

09:27

this is the sliding window act field

09:31

the checksum field

09:34

holds the internet checksum that we've

09:38

studied when back when we were looking

09:40

at error detection

09:41

and then following the checksum we have

09:44

the urgent pointer

09:45

and if the urgent or urg flag is set

09:48

then this urgent pointer value was meant

09:52

to be used to send the

09:56

the data in this tcp packet quickly up

09:59

to the application

10:01

using kind of a side channel provided by

10:03

the operating system

10:05

rather than just going through the

10:06

regular sort of protocol stack

10:08

socket interface and

10:12

this isn't really used anymore because

10:14

it's not really super compatible across

10:16

multiple operating systems

10:18

and as a result this is another bit of a

10:21

security concern in tcp

10:22

so whenever you have a field that isn't

10:25

used again as i was saying malware can

10:28

use this use these unused fields to

10:31

store

10:34

to store values

10:38

there are going to be a few of the

10:41

optional

10:42

tcp header fields that we're gonna see

10:47

options can be contained

10:51

or the the options field can stretch

10:52

from zero all the way up to 352 bits

10:55

and there's a whole bunch of different

10:56

purposes but the more common ones

10:59

will be is related first of all

11:04

to the maximum segment size

11:08

or packet size that the sender will

11:10

accept

11:12

there is um a field

11:16

that indicates whether or not selective

11:18

arq

11:19

is allowed this window scale

11:24

is a very common field so if we go back

11:26

we can see that the window

11:29

size is only a 16 bit number

11:34

and that's often too small sometimes

11:37

especially for like really sort of

11:38

high data rate high throughput

11:40

applications

11:42

an application will want a larger tcp

11:44

window than what can be contained in 16

11:46

bits

11:47

and so this windows scale field scales

11:50

up the window by a factor of two

11:52

raised to the exponent of whatever is in

11:54

the windows scale

11:56

we then also have some timestamp

12:00

values that are used

12:04

as well that sometimes show up

12:08

the user datagram protocol or udp

12:11

you can think of as a super super

12:13

stripped down version of tcp

12:16

so tcp provides all this functionality

12:19

the

12:20

the acknowledgements the

12:23

sequence numbers

12:26

all kinds of things to make sure that

12:28

the connection

12:29

is very reliable

12:32

and looking from the user perspective

12:34

however

12:36

all of this overhead and this

12:37

calculation does tend to slow the

12:39

connection down a little bit and

12:41

sometimes

12:41

applications just want very simple

12:45

very raw communication and

12:48

when that's the case they tend to opt

12:51

for udp

12:52

udp tends to be used for

12:56

things that send very simple

13:00

communication packets and

13:04

things that tend to not want

13:07

very out of date information so

13:10

one thing about you know the selective

13:13

repeat

13:14

arq is that you know packets can get

13:17

buffered

13:18

and they are delivered reliably but at

13:20

the cost of increased delay so for an

13:22

application like a

13:23

an internet time server for example you

13:26

just want to get that packet out there

13:29

and if it gets sort of um

13:32

caught up in a on a congested link you

13:35

don't really want

13:35

re-transmission of old-time information

13:38

you would just prefer that

13:39

packet gets lost and then you know have

13:43

a more up-to-date packet filter through

13:44

again

13:45

at some point many games many network

13:48

games will also use

13:49

udp because you want that real-time game

13:52

game information

13:54

you know if you um

13:57

you know if a packet is delivered

13:58

reliably but late

14:00

then you start to get some lag in your

14:02

gameplay and that's

14:04

generally seen as unacceptable for a lot

14:06

of game players and so udp

14:08

is basically just a super super simple

14:10

thing that gets bolted on top

14:12

of an ip packet that essentially

14:16

provides port numbers and not much

14:19

else so if we look at the udp

14:23

header it's super simple we've got our

14:27

source port number

14:28

our destination port number

14:32

the total length of the udp

14:35

packet and the internet checksum is

14:38

included as well

14:39

and that's it so again no

14:41

acknowledgments nothing like that

14:43

so it's important to be aware of udp

14:45

because many of you if you develop

14:46

application software will be

14:48

using udp again particularly for sort of

14:52

gaming and kind of real time

14:54

type applications however from a

14:57

protocol perspective

14:58

and a session management perspective

15:00

there's really not much to it