Transport (TCP) level. Two general purpose message protocols (TCP and UDP), and a number of special purpose TCP level protocols. TCP - Transmission Control Protocol packet Generated at TCP transport level. Used to transmit multiple packet transaction reliably. Uses Source and destination ports numbers to distinguish which application or service is being communicated with on a particular machine. * A network socket is a combination of the IP and port that identifies each endpoint of a transaction. (x2) Sequence number - offset from beginning of whole transaction. Used to rebuild the whole block of data being transferred. A variety of control/condition flags. Data being transmitted. Check sum - Usually CRC. Was packet delivered uncorrupted. Additional Error checking - has all the data for the transaction or activity been delivered, is it re-assembled in the right order, and there is no duplication of packets. State based connection Source and target systems negotiate a "connection" before actual transmission of data begins using handshaking. Initiator(client) sends SYN. Targets node(IP) and service(port). Responder(service) sends an ACK-SYN. Confirms target node has service listening on target port. And sets up a socket and storage buffers. Initiator locks connection with an ACK. After this, many packets may be sent between initiator and responder. Depending on situation, either initiator or responder will send a final ACK to close the session. UDP - User Datagram Protocol packet A simpler version of a TCP packet - single unit of communication. Used for communicating session level control information or quick short request or response, such as time. Source and destination ports, size, check-sum and data. Classified as stateless. The packet is simply sent. If sender does not receive response in timely manor, sender assumes packet lost and may ask again. Possible either request or response lost. May be used where time sensitive communication occurs. Better to lose one of number of sequential packets then to delay data stream attempting to recover a lost packet. Streaming audio/video will often use UDP. Uses : DNS (domain name service), name <-> IP DHCP (Dynamic Host Configuration Protocol), MAC@ <-> IP SNMP (Simple Network Management Protocol), RIP (Routing Information Protocol) obsolete(?) Time services. Many streaming audio/video situations. Communications where request and response are fairly simple and short. ICMP - Internet Control Message Protocol. ICMP is transmitted in an IPv4 packet but uses an alternative TCP level packet structure. It is primarily used for message and error communication between nodes, so there is no port info. Consists of a set of predefined flags and some additional data. Classified as stateless - sender does not look for confirmation. Not sent by application*, but used by the OS or router node, i.e processes handling TCP/IP. OS responsible for delivering error to application. * Used by ping, traceroute, and other network diagnostic tools. Fields : Type 8-bit Code 8-bit Type and code used together to specify what is being done. Could be an error Could be a request for a service. Could be ping Could be a probe to find if a route is available. Could be an 'advertisement' indicating a route is available. (used by new device on network to id the Gateway). Checksum 16-bit Rest of header 24-bit. Additional info depending on Type/Code fields. Data - ICMP includes a data sector that may contain the entire header of the IPv4 packet that triggered the error and 1st 8 bytes of its data section. Other TCP level protocols. DCCP - data congestion control protocol. Favors getting the packets of a message to recipient in a timely manor over delivering them in order. Also used by IPV6 to find maximum packet size(?) SCTP - stream control transmission protocol. Cross between TCP and UDP. Small message units like UDP but with some of the acknowledgment like TCP. Also supports multi-stream transfers (sending web page text and embedded images at same time). RSVP - resource reservation protocol. TCP style control packet similar to ICMP. Commonly used to "reserve" resources for a request to stream data such as live video or audio. (at session level?) The packet type (IP protocol) was defined in the IP packet. The field allows 256 values of which 141 are assigned. wikipedia : https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers **************** * Transport packet configuration. TCP is interested in completing all activity of a transaction and may move many packets in the process. Source and destination port Ids. Not of interest at the IP routing level, only of interest to the source and destination machines. Used by most transport packets except ICMP. Port range of 2^16 - 655356 Each IP:Port pair is referred to as a socket and identifies an end point on either the client host or the server host for a transport level connection. Port Id of application (client) requesting service. Usually > 49152. Unique for each TCP/IP session. Each web page, ssh session, ftp connection has a unique port Id on the requesting client's side. Port of specific service (known port of server to process request). Most commonly an well known port (0-1023), or a registered port (1024-49151). Although ephemeral ports (49152 and up) can be used for a service. A single service port may be used by many transport connections. The 4 part s-IP,s-Port,d-IP,d-port set uniquely identifies the two sockets that constitute a unique connection between a client and a service. Most systems can do a variety of communication tasks. 1st 1024, 0-1023, port ids reserve for system functions. "Well known ports". Web server, FTP server, mail server, ssh daemon, etc. Use of listening port by a service in this range usually requires admin permission. And the answer is usually no. 1024-49151 Registered ports. It is possible that more than one application may choose same port. So, they usually can be changed. Certain ports have been claimed and Registered with IANA. Usually, most services are designed to allow a different port to be used, but require the clients to be aware of deviation. 49152 and up : Ephemeral ports (IANA) It is possible to use ports above 1023 and below 49151 as ephemeral, but it could cause conflicts. Some OSes use ports from the registered port range. Linux ~ 32768-61000 Windows ~ 1025-5000 (legacy) # now uses the IANA 49152 and up see : https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml Sequence number - used to put packetized data back together in the correct sequence, mainly TCP packets. Mostly(?) used by real TCP packets. Control - sequence information (if TCP) and error checking. Data - information being transferred.
TCP level packets are encapsulated in IP packets which in turn are encapulated in the network frame. As packet moves from network to network, frame stripped and IP packet encapulated in a new frame appropriate to network hop. What an Ethernet frame might look like See wikipedia.org for topics : "TCP frame", "UDP", "ICMP"