IP (Internet Protocol)
The defacto standard does not fully comply to the OSI model
IP package | |||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Version | Header length | Type of Service | Total length | Identification | Flags | Fragment offset | Time To Live (TTL) | Protocol | Header checksum | Destination IP | Source IP | Options | Data |
4 bits | 4 bits | 8 bits | 16 bits | 16 bits | 3 bits | 13 bits | 8 bits | 8 bits | 16 bits | 4 bytes | 4 bytes | ||
TCP, UDP, ICMP |
TCP (Transmission Control Protocol) is connection oriented. First a connection is established and then a transmission session is started. For each packet the correct arrival is checked and, if needed it is retransmitted. A sessions starts by sending a SYN packet, the destination replies with a SYN/ACK with is confirmed by the source with a ACK
TCP package | |||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Source Port | Destination Port | Seq. No | Ack. No | Header length | Reserved |
|
Window size | Checksum | Urgent pointer | Options | Data | ||||||
2 bytes | 2 bytes | 4 bytes | 4 bytes | 4 bits | 6 bits | 6 bits | 2 bytes | 2 bytes | 2 bytes | MSS (Maximum Segment Size) < MTU | |||||||
Session | Application |
A TCP connection is established using a three-way handshake.
- Requester sends SYN
- The target sends SYN-ACK
- The requestor sends ACK
A TCP Connection is stopped using a (max) 4 way handshake. Each endpoint of the connection sends a FIN and a ACK message.
You can find TCP sockets in one of these 11 states
- LISTEN (server is listen for incomming connection request on a specific port (and sometimes a specific address)
- SYN-SENT (I’ve send a SYN)
- SYN-RECEIVED (I’ve received a SYN, but no ACK yet)
- ESTABLISHED (Connection is established, data can flow)
- FIN-WAIT-1
- FIN-WAIT-2
- CLOSE-WAIT (Waiting for the application to acknoledge the connection can be closed) if the sockets stays here you need to restart the application.
- CLOSING
- LAST-ACK
- TIME-WAIT (max four minutes wait time to make sure the other side received the FIN)
- CLOSED
UDP (User Datagram Protocol) is connectionless, the source just sends packets assuming they do arrive. This reduces overhead and is used in applications were occasional data loss is not a big problem (e.g. streaming). DNS uses UDP too, if an answer is not received the client just sends the request again.
UDP package | ||||
---|---|---|---|---|
Source Port | Destination Port | Length | Checksum | Data |
2 bytes | 2 bytes | 2 bytes | 2 bytes | |
Session | Application |