Transport (TCP) level.
Two general purpose message protocols (TCP and UDP),
and a number of special purpose TCP level protocols.
TCP - Transmission Control Protocol packet
Generated at TCP transport level.
Used to transmit multiple packet transaction reliably.
Uses Source and destination ports numbers to distinguish which application
or service is being communicated with on a particular machine.
* A network socket is a combination of the IP and port that identifies
each endpoint of a transaction. (x2)
Sequence number - offset from beginning of whole transaction. Used to
rebuild the whole block of data being transferred.
A variety of control/condition flags.
Data being transmitted.
Check sum - Usually CRC. Was packet delivered uncorrupted.
Additional Error checking - has all the data for the transaction or
activity been delivered, is it re-assembled in the right order,
and there is no duplication of packets.
State based connection
Source and target systems negotiate a "connection" before actual
transmission of data begins using handshaking.
Initiator(client) sends SYN. Targets node(IP) and service(port).
Responder(service) sends an ACK-SYN.
Confirms target node has service listening on target port.
And sets up a socket and storage buffers.
Initiator locks connection with an ACK.
After this, many packets may be sent between initiator and responder.
Depending on situation, either initiator or responder will send a final
ACK to close the session.
UDP - User Datagram Protocol packet
A simpler version of a TCP packet - single unit of communication. Used
for communicating session level control information or quick short
request or response, such as time.
Source and destination ports, size, check-sum and data.
Classified as stateless. The packet is simply sent. If sender does not
receive response in timely manor, sender assumes packet lost and may
ask again. Possible either request or response lost.
May be used where time sensitive communication occurs. Better to lose one
of number of sequential packets then to delay data stream attempting to
recover a lost packet. Streaming audio/video will often use UDP.
Uses :
DNS (domain name service), name <-> IP
DHCP (Dynamic Host Configuration Protocol), MAC@ <-> IP
SNMP (Simple Network Management Protocol),
RIP (Routing Information Protocol) obsolete(?)
Time services.
Many streaming audio/video situations.
Communications where request and response are fairly simple and short.
ICMP - Internet Control Message Protocol.
ICMP is transmitted in an IPv4 packet but uses an alternative TCP level
packet structure.
It is primarily used for message and error communication
between nodes, so there is no port info.
Consists of a set of predefined flags and some additional data.
Classified as stateless - sender does not look for confirmation.
Not sent by application*, but used by the OS or router node, i.e
processes handling TCP/IP. OS responsible for delivering error to
application.
* Used by ping, traceroute, and other network diagnostic tools.
Fields :
Type 8-bit
Code 8-bit
Type and code used together to specify what is being done.
Could be an error
Could be a request for a service.
Could be ping
Could be a probe to find if a route is available.
Could be an 'advertisement' indicating a route is available.
(used by new device on network to id the Gateway).
Checksum 16-bit
Rest of header 24-bit.
Additional info depending on Type/Code fields.
Data - ICMP includes a data sector that may contain the entire header
of the IPv4 packet that triggered the error and 1st 8 bytes of its
data section.
Other TCP level protocols.
DCCP - data congestion control protocol. Favors getting the packets of a
message to recipient in a timely manor over delivering them in order.
Also used by IPV6 to find maximum packet size(?)
SCTP - stream control transmission protocol. Cross between TCP and UDP.
Small message units like UDP but with some of the acknowledgment like TCP.
Also supports multi-stream transfers (sending web page text and embedded
images at same time).
RSVP - resource reservation protocol. TCP style control packet similar to
ICMP. Commonly used to "reserve" resources for a request to stream data
such as live video or audio. (at session level?)
The packet type (IP protocol) was defined in the IP packet.
The field allows 256 values of which 141 are assigned.
wikipedia : https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers
****************
* Transport packet configuration.
TCP is interested in completing all activity of a transaction and may move
many packets in the process.
Source and destination port Ids.
Not of interest at the IP routing level, only of interest to the
source and destination machines.
Used by most transport packets except ICMP.
Port range of 2^16 - 655356
Each IP:Port pair is referred to as a socket and identifies an end
point on either the client host or the server host for a transport
level connection.
Port Id of application (client) requesting service. Usually > 49152.
Unique for each TCP/IP session. Each web page, ssh session, ftp
connection has a unique port Id on the requesting client's side.
Port of specific service (known port of server to process request).
Most commonly an well known port (0-1023),
or a registered port (1024-49151).
Although ephemeral ports (49152 and up) can be used for a service.
A single service port may be used by many transport connections.
The 4 part s-IP,s-Port,d-IP,d-port set uniquely identifies the
two sockets that constitute a unique connection between a client
and a service.
Most systems can do a variety of communication tasks.
1st 1024, 0-1023, port ids reserve for system functions.
"Well known ports".
Web server, FTP server, mail server, ssh daemon, etc.
Use of listening port by a service in this range usually requires
admin permission. And the answer is usually no.
1024-49151 Registered ports.
It is possible that more than one application may choose same port.
So, they usually can be changed.
Certain ports have been claimed and Registered with IANA.
Usually, most services are designed to allow a different port
to be used, but require the clients to be aware of deviation.
49152 and up : Ephemeral ports (IANA)
It is possible to use ports above 1023 and below 49151 as ephemeral,
but it could cause conflicts.
Some OSes use ports from the registered port range.
Linux ~ 32768-61000
Windows ~ 1025-5000 (legacy) # now uses the IANA 49152 and up
see :
https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Sequence number - used to put packetized data back together in the correct
sequence, mainly TCP packets. Mostly(?) used by real TCP packets.
Control - sequence information (if TCP) and error checking.
Data - information being transferred.
TCP level packets are encapsulated in IP packets which in turn are
encapulated in the network frame.
As packet moves from network to network, frame stripped and IP packet
encapulated in a new frame appropriate to network hop.
What an Ethernet frame might look like
See wikipedia.org for topics : "TCP frame", "UDP", "ICMP"