Network Security

Fundamentals
By the end of this topic you should be able to:
▪ Understand security fundamentals and security threats
Topics Covered

Enhancing
Network
Introduction Network Security of
Security Network
to Network CIA Triad Security Wired and
Devices and Security
Security Responsibility Wireless
Tools
Networks
Introduction to Network Security

What is Network Security?

• Network security is the practice of

protecting computer networks and devices
from unauthorized access, attacks, or
damage.
• It is important because it helps to protect
sensitive data, such as financial
information, customer records, and trade
secrets.
• Additionally, network security can help to
prevent disruptions to business operations
and damage to reputation.

3
 Basic Terminology in Network Security

1. Network

• A network is a connection between two or more

computers so that they can communicate with
each other.
• For example:

4
Basic Terminology in Network Security
2. Internet
• Internet is a means of connecting a computer to any other computer anywhere in
the world via dedicated routers and servers.

3. Internet Protocols
• The data that is transferred or received can only follow specific path.
• There are a set of rules that are followed to control the flow of the data.
• These rules are called internet protocol.

4. IP Address
• An Internet Protocol address (IP address) is an address assigned to all devices that
connect to a computer network and uses the Internet Protocol for communication.
• An IP address looks like this: 168.192.10.3

5
Basic Terminology in Network Security
5. MAC Address
• This is a unique identification number that every device has that connects to the internet.
• Traditional MAC addresses are 12-digit hexadecimal numbers. MAC address looks like this: D8-
FC-93-C5-A5-EO.

6. Domain Name Server(DNS)

• Consider DNS as the phonebook of the internet.
• All the IP addresses and the name of the links are saved in it.
• For example, you want to go to google.com. You type this on your web application.
• Then, this name goes to the DNS server, and the DNS server finds the IP address of
google.com.
• Then, the DNS server returns it to your computer with the IP address.

6
Basic Terminology in Network Security
7. DHCP
• Dynamic host configuration protocol is a protocol that assigns an IP address to any device
that wants to connect to the internet.

8. Router
• This is a device that routes the data that comes to it and then sends that data to the
destination to ensure that it is on the appropriate path.

9. Bots
• Bots are computer programs that control your computer without your knowledge.
• They automatically send emails, retrieve web pages, and change computer settings.

7
3. CIA Triad

The CIA triad is a model that outlines the three main goals of cybersecurity:
confidentiality, integrity, and availability.

8
CIA triad, cont.

Confidentiality: The principles of confidentiality assert that only authorized

parties can access sensitive information and functions

Integrity: The principles of integrity assert that only authorized people and
means can alter, add, or remove sensitive information and functions

Availability: The principles of availability assert that systems, functions, and data
must be available on-demand according to agreed-upon parameters based on
levels of service
Basic Questions in 10
Network Security?

 What - what caused the attack?

 When - when did the attack happen?
 Who - who caused the attack?
 Why - why did an attack happen?
 How - how did an attack happen?
Enhancing Security of Wired and Wireless Networks
• Perform auditing and mapping
• Keep the network up-to-date
• Physically secure the network
• Consider MAC address filtering
• Implement VLANs to segregate traffic
• Use 802.1X for authentication
• Use VPNs to encrypt select PCs or servers
• Encrypt the entire network
• Change default passwords
• Restrict access
• Encrypt the data on your network
• Protect your Service Set Identifier (SSID):
• Install a firewall
• Maintain antivirus software
• Use file sharing with caution
• Keep your access point software patched and up to date:
• Connect using a Virtual Private Network (VPN):

11
Network security devices and tools

There are many different networking security tools that can be used to protect networks
from cyberattacks. Some of the most common tools include:

• Access control:
• Antivirus and anti-malware software:
• Application security:
• Behavioral analytics:
• Data loss prevention:
• Distributed denial of service prevention:

12
Mitigating Network Security
Threats
By the end of this topic you should be able to:
▪ Understand security fundamentals and security threats
Topics Covered

The Hacking Common IT Types of

Introduction Tools Used in
Process in The Infrastructure Attacks Used Activity
to Hacking Hacking
Modern Day Threats By Hackers
2. - Introduction to Hacking

Hacking is an attempt to exploit a computer system or a private network. Simply put,

it is the unauthorised access to or control over computer network security systems
for some illicit purpose.

History of Hacking/hackers
• https://mylms.vossie.net/mod/book/view.php?id=316255&chapterid=564488
Types of • White Hat Hackers
Hacking/Hackers • Black Hat Hackers
• Grey Hat Hackers
3. – The Hacking Process in The Modern Day
Reconnaissance / Information Gathering

• Reconnaissance is the initiation of the process of hacking. It means the act of inspecting or
exploring and can also be called foot-printing, discovery, research, and information
gathering.
• This is the first phase in which hackers learn as much as possible about a target before
attempting the first actual attacks.
• Reconnaissance consists of collecting data about the target from all possible sources online
and offline. The hacker is careful to avoid alerting the target that it has probed the network
for information.

Note: The attacker is most interested on the technologies of its target:

• How many networks they have if it was a company
• The software and operating systems running on their machines
• If website or webpage, how it was built (which programming language it has – JS or PHP, etc.)
Reconnaissance / Information Gathering, cont.

Modern day techniques:

Social engineering:
• This is a technique where the hacker tricks the victim into giving up sensitive
information, such as their passwords or credit card numbers. This can be done
through phishing emails, phone calls, or even in-person interactions.

Malware:
• This is software that is designed to harm a computer system. Malware can be used
to steal data, install backdoors, or even take control of a computer system.
Scanning

Once the hacker has gathered enough information, they will move on to the scanning phase.
This is where the hacker scans the target's network for vulnerabilities. This can be done using
a variety of tools, such as port scanners and vulnerability scanners (Nessus, Whatweb,
Netdiscover, Nmap –SV -P- -0 192.168.0.2).

Modern day techniques:

Zero-day attacks:
These are attacks that exploit vulnerabilities that are not yet known to the public. Zero-day
attacks are often very difficult to defend against because there is no patch available to fix the
vulnerability.
DDoS attacks:
These are attacks that flood a target's network with traffic, making it unavailable to legitimate
users. DDoS attacks can be used to bring down a website or even an entire network.
Scanning, cont.

What is the goal of scanning:

• Looking for virtual open ports used to host software and communicate with other
machines over the internet (e.g., of a website using port 80 or 443).
• There are a lot of ports you can scan to find vulnerability ports – every machine has
65535 ports for both TCP and UDP.

Note: The high secured machine is the one that has all unused ports closed.
Gaining Access

Once the hacker has found a vulnerability, they will attempt to gain access to the target's
system. This can be done through a variety of techniques, such as exploiting the vulnerability,
using stolen credentials, or social engineering.

Modern day techniques:

Ransomware:
This is malware that encrypts a victim's files and demands a ransom payment in order to
decrypt them. Ransomware attacks are becoming increasingly common, and they can be very
costly for victims.
Supply chain attacks:
These are attacks that target the supply chain of a target organization. This can involve
attacking the suppliers of the target organization, or even the suppliers of the suppliers.
Supply chain attacks can be very difficult to defend against because they can be very stealthy.
Maintaining Access

Once the hacker has gained access to the target's system, they will attempt to maintain
access. This can be done by installing backdoors, creating new accounts, or even stealing
credentials. Maintaining access allows the hacker to continue to access the target's system
and to launch further attacks.

Modern day techniques:

Botnets: These are networks of infected computers that are controlled by a hacker. Botnets
can be used to launch DDoS attacks, send spam, or even steal data.
IoT attacks: These are attacks that target internet-connected devices, such as smart TVs,
security cameras, and even light bulbs. IoT attacks are becoming increasingly common, and
they can be very difficult to defend against because IoT devices are often not well-protected.
 Covering Tracks / Removing Evidence

Once the hacker has finished their attack, they will attempt to cover their tracks. This can be done by
deleting logs, uninstalling malware, or even changing passwords. Covering tracks makes it more
difficult for the victim to track down the hacker and to prevent future attacks.

Modern day techniques:

Cyber hygiene:
This is the practice of following security best practices, such as using strong passwords, keeping
software up to date, and being careful about what links you click on. Cyber hygiene can help to
protect you from a variety of attacks, including those that are used to cover tracks.
Incident response:
This is the process of responding to a security incident. Incident response plans should include steps
to identify the attack, contain the damage, and recover from the attack. Incident response plans can
help to minimize the impact of an attack and to protect your organization from future attacks.
4. – Common IT Infrastructure Threats

URL:
• https://mylms.vossie.net/mod/book/view.php?id=316255&chapterid=564490
 5. – Types of Attacks Used by Hackers

Active Attacks
 5. – Types of Attacks Used by Hackers, cont.

Passive Attacks

https://mylms.vossie.net/mod/book/view.php?id=233340&chapterid=545242
4. – Introduction to TCP/IP
Topics Covered

OSI Layers of
TCP/IP
Reference The OSI UDP IPv6 Activity
Model
Model Model
Introduction to TCP/IP
This scope will cover:
⚫ OSI Reference Model

⚫ Sub-Protocols

⚫ Headers and Payloads, and

⚫ Filtering on Addresses.

30
Overview of TCP/IP

1. OSI Reference Model:

Definition:
⚫ The OSI (Open Systems Interconnection) Reference Model is a conceptual
framework used to understand and standardize how different networking
protocols and technologies interact within a network.

Layers:
⚫ The OSI model consists of seven layers, each with a specific function.

Purpose:
⚫ The OSI model serves as a reference point for understanding how network
protocols and technologies work together, aiding in troubleshooting and
designing networks.

31
OSI Reference Model Layers
⚫ Physical Layer: Deals with the physical transmission of data.

⚫ Data Link Layer: Responsible for data framing, error detection, and MAC
addressing.

⚫ Network Layer: Manages routing, addressing, and logical addressing (e.g., IP

addresses).

⚫ Transport Layer: Ensures end-to-end data transfer and error recovery (e.g.,
TCP/UDP).

⚫ Session Layer: Establishes, maintains, and terminates connections.

⚫ Presentation Layer: Handles data translation, encryption, and compression.

⚫ Application Layer: Provides network services directly to end-users or

applications. 32
Overview of TCP/IP
2. Sub-Protocols:

Definition:
⚫ Sub-protocols are specialized protocols that operate within a specific layer
of the OSI model to perform specific tasks.

Examples:
⚫ In the Network Layer, Internet Protocol (IP) is a sub-protocol responsible for
logical addressing.
⚫ In the Transport Layer, Transmission Control Protocol (TCP) and User
Datagram Protocol (UDP) are sub-protocols used for reliable and unreliable
data transfer, respectively.

Purpose:
⚫ Sub-protocols enable the OSI model to handle a wide range of functions
efficiently by breaking down complex networking tasks into smaller,
manageable components. 33
Overview of TCP/IP
3. Headers and Payloads:

Headers:
⚫ Headers are metadata added to the beginning of a data packet at each layer
of the OSI model. They contain control information, such as source and
destination addresses, protocol information, and error-checking data.

Payload:
⚫ The payload is the actual data being transmitted within a packet. It follows the
header and contains the information relevant to the specific layer's function.

Example:
⚫ In the case of an IP packet, the header contains the source and destination IP
addresses, while the payload includes the data to be delivered.

⚫ Purpose:
Headers provide necessary information for routing and processing data, while
payloads carry the actual data to be communicated.
34
Overview of TCP/IP
4. Filtering on Addresses:

Definition:
⚫ Filtering on addresses, often seen in network security and routing, involves the
examination of addresses (e.g., MAC addresses, IP addresses) to make decisions
about forwarding or blocking data packets.

MAC Address Filtering:

⚫ At the Data Link Layer, routers and switches can use MAC addresses to filter or
control traffic by allowing or denying access based on the source or destination MAC
address.

IP Address Filtering:
⚫ In network security, firewalls and routers can filter traffic based on source and
destination IP addresses to implement access control policies.

Purpose:
⚫ Address filtering is used for security (e.g., restricting access to authorized devices),
network segmentation, and routing decisions, helping to control the flow of data in a
network.
35
The OSI model and the TCP/IP stack

⚫ International bodies involved in standardization were making efforts to

evolve an open common framework, which could be used by all devices that
needed to communicate with each other.

⚫ These efforts led to the development of a framework called the Basic

Reference Model for Open Systems Interconnections (OSI) reference
model.

⚫ This was jointly developed by the International Organization for

Standardization (ISO) and International Telegraph and Telephone
Consultative Committee (CCITT), which later became the ITU-T.

36
2.2. The OSI model and the TCP/IP stack
⚫ The OSI (Open Systems Interconnection) Reference Model is a conceptual
framework that standardizes the functions of a telecommunication or computing
system into seven distinct layers.

⚫ Each layer serves a specific purpose, allowing interoperability between different

network devices and systems.

37
Basic OSI reference model

Figure 1: The OSI reference model

38
Basic OSI reference model
1. Physical Layer:

⚫ Description: The Physical Layer deals with the physical transmission of data
bits over a communication channel. It defines the electrical, mechanical,
and procedural aspects of communication.

⚫ Examples of Protocols: Ethernet, USB, HDMI, Bluetooth, RS-232.

39
Basic OSI reference model
2. Data Link Layer:

⚫ Description: The Data Link Layer establishes, maintains, and terminates connections
between devices. It ensures error-free transmission of data frames over the physical
layer.

⚫ Examples of Protocols: Ethernet (IEEE 802.3), Wi-Fi (IEEE 802.11), Point-to-Point

Protocol (PPP), High-Level Data Link Control (HDLC).

40
Basic OSI reference model
3. Network Layer:

⚫ Description: The Network Layer is responsible for routing packets across multiple
networks. It determines the best path for data transmission and handles logical
addressing.

⚫ Examples of Protocols: Internet Protocol (IP), Internet Control Message Protocol

(ICMP), Internet Group Management Protocol (IGMP).

41
Basic OSI reference model
4. Transport Layer:

⚫ Description: The Transport Layer ensures reliable delivery of data between endpoints.
It provides mechanisms for error recovery, flow control, and congestion control.

⚫ Examples of Protocols: Transmission Control Protocol (TCP), User Datagram Protocol

(UDP), Stream Control Transmission Protocol (SCTP).

42
Basic OSI reference model
5. Session Layer:

⚫ Description: The Session Layer establishes, maintains, and terminates connections

between applications. It manages session synchronization and supports functions like
authentication and authorization.

⚫ Examples of Protocols: Remote Procedure Call (RPC), Session Initiation Protocol

(SIP), NetBIOS, AppleTalk Session Protocol (ASP).

43
Basic OSI reference model
6. Presentation Layer:

⚫ Description: The Presentation Layer translates data between the application

layer and the network format. It handles data compression, encryption, and
decryption.

⚫ Examples of Protocols: Secure Sockets Layer (SSL), Transport Layer

Security (TLS), ASCII, JPEG, MPEG.

44
Basic OSI reference model
7. Application Layer:

⚫ Description: The Application Layer provides network services directly to end-users and
applications. It facilitates communication between different applications and supports
various user interfaces.

⚫ Examples of Protocols: Hypertext Transfer Protocol (HTTP), File Transfer Protocol

(FTP), Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), Domain
Name System (DNS).

45
 Layers of The
OSI Model.

Purpose: The OSI model serves as a reference point for understanding how network protocols and technologies
work together, aiding in troubleshooting and designing networks.

• URL:
https://www.techtarget.com/searchnetworking/feature/12-common-network-protocols-and-their-functions-
explained
2.3. The TCP/IP model

Figure 2: Comparing the OSI model with TCP/IP

model 47
Layers of The
OSI Model.
2.3. The TCP/IP model
Some of the major differences between the two models are as follows:
⚫ The functions of the application layer in the TCP/IP model include the functions of the
application, presentation and session layer of the OSI model.
⚫ The OSI session layer function of graceful close/end-to-end connection setup,
management, and release is taken over by the TCP/IP transport layer (Transmission
Control Protocol)
⚫ The network access layer combines the functions of the OSI data link and the physical
layers.
⚫ The network layer in the OSI mode can be connection oriented or connectionless,
while the Internet Protocol (IP) is a connectionless protocol.
⚫ The transport layer in the OSI model is connection oriented, whereas, different
protocols at the transport layer in the TCP/IP model provide different types of services;
for example, TCP provides a connection oriented service, while UDP provides a
connectionless service

49
User Datagram Protocol (UDP) / IPv6

• UDP is a protocol that provides connectionless service to the application, and sends data to
the application layer as received, without worrying about lost parts of the application data
stream or some parts being received out of order.

• IPv6 is a new version of the IP protocol. The current version IPv4 had a limited number of IP
addresses (2^32 addresses), and there was a need to connect more hosts. Hence IPv6 allows
for a 128-bit address field compared to a 32-bit address field in IPv4. Hence, IPv6 can have
2^128 unique IP addresses. IPv6 also provides some new features and does away with some
features of the IPv4 packet such as fragmentation and Header checksum.
2.3. The TCP/IP model

Figure 3: Data flow across the TCP/IP layers

51
2.3. The TCP/IP model
• Let's explore what happens when data moves from one layer to another in the TCP/IP model
taking Figure 3 as an example.
• When data is given to the software application, for example, a web browser, the browser sends
this data to the application layer, which adds a HTTP header to the data.
• This is known as application data.
• This application data is then passed on to the TCP layer, which adds a TCP header to it, thus
creating a TCP segment.
• This segment is then passed on to the network layer (IP layer) where the IP header is added to
the segment creating an IP packet or IP datagram.
• This IP header is then encapsulated by the data link adding a data link header and trailer,
creating a Frame.
• This frame is then transmitted onto the transmission medium as a bit stream in the form of
electrical/optical/radio signals depending upon the physical media used for communication:

52
 Internet Protocol (IP)

⚫ Figure 5 shows the structure and fields of an IPv4 header. The IPv4 header is defined
in the IETF standard, RFC 791.
⚫ The header is appended by the network layer to the TCP/UDP segments handed to
the network layer. The length of the header is always a multiple of 4 bytes.
⚫ The section consists of multiple fields that are outlined in the following figure.

• The length of each part of

the IPv4 header in bits is
highlighted in Figure 5
within parenthesis after
the name of the field:

53
Figure 5: IPv4 packet format
Internet Protocol (IP)
• Version (4): This is a 4-bit field and is used to decode the IP address version being used by the IP
system. The version for the header depicted in Figure 5 is version 4. There is a newer version of IP
called IP version 6 or IPv6, which has a different header format and is discussed later.

• Header Length: This is again a 4-bit field, and encodes the length of the IP header in 4-byte words.
This means that if the IPv4 header has no options, the header would be 20 bytes long, and hence
would consist of five 4-byte words. Hence, the value of the header length field in the IP header
would be 5. This field cannot have a value less than 5 as the fields in the first 20 bytes of the IPv4
header are mandatory.

• DSCP: Differentiated Services Code Point (DSCP) is a 6-bit field in the IPv4 header and is used to
encode the Quality of Service (QoS) required by the IP datagram on the network. This field will
define if the packet will be treated as a priority packet on the network, or should be discarded if there
is congestion on the network.

54
Internet Protocol (IP)

• ECN: Explicit Congestion Notification (ECN) is a 2-bit field and it is used to explicitly
notify the end hosts if the intermediate devices have encountered congestion so that the
end devices can slow down the traffic being sent on the network, by lowering the TCP
window.
• This helps in managing congestion on the network even before the intermediate devices
start to drop packets due to queue overruns.

• Total Length: This is a 16-bit field that encodes the total length of the IP datagram in
bytes. The total length of the IP datagram is the length of the TCP segment plus the
length of the IP header. Since this is a 16-bit field, the total length of a single IP datagram
can be 65535 bytes (216-1).

55
Internet Protocol (IP)

• Identification (ID): This 16-bit value uniquely identifies an IP datagram for a given
source address, destination address, and protocol, such that it does not repeat within the
maximum datagram lifetime.

• Flags: These are three different flags in the IPv4 header as shown in Figure 6. Each flag
is one bit in length. The flags are used when the IP layer needs to send a datagram of a
length that cannot be handled by the underlying data link layer. In this case, the
intermediate nodes can fragment the datagram into smaller ones, which are
reassembled by the IP layer at the receiving node, before passing on to the TCP layer.
The flags are meant to control the fragmentation behavior:

56
Internet Protocol (IP)

• Identification (ID): This 16-bit value uniquely identifies an IP datagram for a given
source address, destination address, and protocol, such that it does not repeat within the
maximum datagram lifetime, which is set to 2 minutes by the TCP specification (RFC
793). RFC 6864 has made some changes to the original fields that are relevant only at
high data rates, and in networks that undergo fragmentation. These issues will be
discussed in the later chapters.

• Flags: These are three different flags in the IPv4 header as shown in Figure 6. Each flag
is one bit in length. The flags are used when the IP layer needs to send a datagram of a
length that cannot be handled by the underlying data link layer. In this case, the
intermediate nodes can fragment the datagram into smaller ones, which are
reassembled by the IP layer at the receiving node, before passing on to the TCP layer.
The flags are meant to control the fragmentation behavior:

57
 Internet Protocol (IP)
• Fragment Offset: This field is 13 bits long and is used only by the fragmented packets to
denote where in the original datagram the fragment belongs. The first fragment will have
the offset as 0 and the subsequent fragments will have the fragment offset value that
defines the length of all fragments before this fragment in the original datagram as a
number, where each number is 8 bytes.
• Time To Live/TTL: This 8-bit field is used to denote the maximum number of intermediate
nodes that can process the packet at the IP layer. Each intermediate node decrements the
value by 1 to ensure that the IP packet does not get caught in an infinite routing loop and
keeps on going back and forth between nodes. The packet is discarded when the field
reaches a zero value, and is discarded by the node, and an error message sent to the
source of the datagram as an ICMP message.
• Protocol: This 8-bit field is used to denote what upper layer protocol is being
encapsulated in the IP packet. Since the IP layer multiplexes multiple transport layers, for
example, UDP, TCP, OSPF, ICMP, IGMP, and so on, this field acts as a demultiplexing
identifier to identify which upper layer should the payload be handed to at the receiving
node. The values for this field were originally defined in RFC 1700, which is now obsolete,
and is replaced by an online database.

58
Internet Protocol (IP)

• Header Checksum: This 16-byte field is used for checking the integrity of the received IP
datagram. This value is calculated using an algorithm covering all the fields in the header
(assuming this field to be zero for the purposes of calculating the header checksum).
• This value is calculated and stored in the header when the IP datagram is sent from source to
destination and at the destination side this checksum is again calculated and verified against the
checksum present in header. If the value is the same, then the datagram was not corrupted, else
it's assumed that datagram was received corrupted.

• Source IP address and Destination IP address: These 32-bit fields contain the source and
destination IP addresses respectively. Since the length of an IPv4 address is 32 bits, this field
length was set to 32 bits. With the introduction of IPv6, which has a 128-bit address, this cannot
fit in this format, and there is a different format for an IPv6 header.

59
Internet Protocol (IP)

• Options: This optional, variable-length field contains certain options that can be used by IP
protocol. Some of these options can be used for Strict Source routing, Loose Source routing,
Record route options, and so on that are used for troubleshooting and other protocols.

• Padding: This is a field that is used to pad the IP header to make the IPv4 header length a
multiple of 4 bytes, as the definition of the Header Length field mandates that the IPv4 header
length is a multiple of 4 bytes.

• Data: This variable length field contains the actual payload that is encapsulated at the IP layer,
and consists of the data that is passed onto the upper layer transport protocols to the IP layer.
The upper layer protocols attach their own headers as the data traverses down the protocol
stack, as we saw in Figure 3: Data flow across the TCP/IP layers.

60
2.5. Transmission Control Protocol (TCP)
• Further, if there are multiple paths on the network to reach the destination from the
source, it is possible that packets will take different paths to reach the destination,
depending upon the routing topology at a given time. This implies that packets can
reach the receiving node out of sequence with respect to the sequence in which they
were transmitted.

• The TCP layer ensures that whatever was transmitted is correctly received. The
purpose of the TCP layer is to ensure that the receiving host application layer sees a
continuous stream of data as was transmitted by the transmitting node as though the
two were connected through a direct wire. Since TCP provides that service to the
application layer using the underlying services of the IP layer, TCP is called a
connection-oriented protocol.

61
2.5. Transmission Control Protocol (TCP)

Figure 8: Transmission Control Protocol (TCP) segment structure

62
2.5. Transmission Control Protocol (TCP)

• Some of the common TCP port numbers are shown in the following figure:

Figure 9: Common TCP Port Numbers

63
Transmission Control Protocol (TCP)
• Sequence Number: This 16-bit field is used to number the starting byte of the payload data in
this TCP segment with relation to the overall data stream that is being transmitted as a part of
the TCP session.
• Acknowledgement Number: This 16-bit field is a part of the feedback mechanism to the sender
and is used to acknowledge to the sender how many bytes of the stream have been received
successfully, and in sequence. The acknowledgement number identifies the next byte that the
receiving node is expecting on this TCP session.
• Data Offset: This 4-bit field is used to convey how far from the start of the TCP header the actual
message starts. Hence, this value indicates the length of the TCP header in multiples of 32-bit
words. The minimum value of this field is 5.
• Reserved: These are bits that are not to be used, and will be reserved for future use.
• Control flags: There are 9 bits reserved in the TCP header for control flags and there are 9 one-bit
flags as shown in Figure 10. Although these flags are carried from left to right, we will describe
them in the random order for ease of understanding

64
Transmission Control Protocol (TCP)
• Window Size: This 16-bit field indicates the number of data octets beginning with the
one indicated in the acknowledgment field, which the sender of this segment is willing
to accept. This is used to prevent the buffer overruns at the receiving node.
• Checksum: This 16-byte field is used for checking the integrity of the received TCP
segment.
• Urgent Pointer: The urgent pointer field is often set to zero and ignored, but in
conjunction with the URG control flags, it can be used as a data offset to identify a
subset of a message that requires priority processing.
• Options: These are used to carry additional TCP options such as Maximum Segment
Size (MSS) that the sender of the segment is willing to accept.
• Padding: This is a field that is used to pad the TCP header to make the header length
a multiple of 4 bytes, as the definition of the data offset field mandates that the TCP
header length be a multiple of 4 bytes.
• Data: This is the data that is being carried in the TCP segment and includes the
application layer headers.

65
Transmission Control Protocol (TCP)
• Most of the traffic that we see on the internet
today is TCP traffic. TCP ensures that application
data is sent from the source to the destination in
the sequence that it was transmitted, thus
providing a connection-oriented service to the
application.
• To this end, TCP uses acknowledgement and
congestion control mechanisms using the various
header fields described earlier. At a very high
level, if the segments are received at the receiver
TCP layer that are out of sequence, the TCP layer
buffers these segments and waits for the missing
segments, asking the source to resend the data if TCP 3-Way Handshake
required.
• This buffering, and the need to sequence
datagrams, needs processing resources, and also
causes unnecessary delay for the receiver.

66
 Transmission Control Protocol (TCP)

• We live in a world where data/information is time sensitive and loses value if delivered later in time.
Consider seeing the previous day's newspaper at your doorstep one morning. Similarly, there are
certain types of traffic that lose their value if the traffic is delayed.
• This type of traffic is usually voice and video traffic when encapsulated in IP. Such traffic is time
sensitive and there is no point in providing acknowledgements and adding to delays. Hence, this type
of traffic is carried in a User Datagram Protocol (UDP) that is a connectionless protocol and does
not use any retransmission mechanism.

67
 User Datagram Protocol (UDP) / IPv6
• UDP is a protocol that provides connectionless service to the application, and sends data to
the application layer as received, without worrying about lost parts of the application data
stream or some parts being received out of order.

• IPv6 is a new version of the IP protocol. The current version IPv4 had a limited number of IP
addresses (2^32 addresses), and there was a need to connect more hosts. Hence IPv6 allows
for a 128-bit address field compared to a 32-bit address field in IPv4. Hence, IPv6 can have
2^128 unique IP addresses. IPv6 also provides some new features and does away with some
features of the IPv4 packet such as fragmentation and Header checksum.
User Datagram Protocol (UDP)

• UDP is a protocol that provides connectionless service to the application, and sends
data to the application layer as received, without worrying about lost parts of the
application data stream or some parts being received out of order.

Figure 11: UDP packet structure

69
Transmission Control Protocol (TCP)

• Since UDP provides lesser services compared to TCP, the packet has fewer fields and is much
simpler. The UDP datagram can be of any length as can be encapsulated in the IP packets as
follows, and has a header that is of fixed 8-byte length. The different fields in the UDP packet are
discussed as follows:

• Source Port/Destination Port: Like TCP, UDP also serves multiple applications and hence has to
provide the multiplexing function to cater to multiple applications that might want to use the services
of the UDP layer. The source port/destination port fields are 16-bit identifiers that are used to
distinguish the upper layer protocols. Some of the common UDP port numbers are shown in the
following figure:
• Length: This 16-bit field represents the total size of each UDP datagram, including both header and
data. The values range from a minimum of 8 bytes (the required header size) to sizes above 65,000
bytes.
• Checksum: Similar to TCP, this 16-bit field is used for checking the integrity of the received UDP
datagram.
• Data: This is the data that is being carried in the UDP packet and includes the application layer
headers.

70
IP version 6
• IPv6 is a new version of the IP protocol. The IPv4 had a limited number of IP addresses
(232 addresses), and there was a need to connect more hosts.
• Hence IPv6 allows for a 128-bit address field compared to a 32-bit address field in IPv4.
• Hence, IPv6 can have 2128 unique IP addresses. IPv6 also provides some new features
and does away with some features of the IPv4 packet such as fragmentation and
Header checksum.

71
 Week 1.

End of Week 1. Do Your Activity ASAP. Any Questions?.