Curriculum
Course: Cyber Security
Login

Curriculum

Cyber Security

Text lesson

CS Network Transport

In-Depth Transport and Link Layers

Computer systems often need to communicate with each other, which is achieved by connecting them to the same network. Various technologies facilitate this communication across different types of networks. In this section, we will explore the protocols commonly used in most networks.

The networks we utilize incorporate multiple protocols, some of which are covered in this class. Additionally, there are many other protocols in use, each of which may carry potential security risks.

TCP (“Transmission Control Protocol”)

Similar to how IP addresses are used for addressing in IP, TCP and UDP utilize ports for the same purpose. A port, represented by a number between 0 and 65535, specifies which network service should handle the request.

In the image below, we can see a TCP packet and how it appears to anyone analyzing network traffic.

img_tcp-header

The graphic illustrates that both the source and destination ports are represented by 16 bits, which is also true for UDP. The Sequence and Acknowledgment numbers are utilized in the three-way handshake and ensure reliable data transfer. Additionally, the control bits indicate the type of packet, while the other headers also play significant roles, though they are beyond the scope of this security course.

TCP 3-Way-Handshake

TCP employs a three-way handshake to facilitate communication between two systems. This handshake utilizes 32 bits of Pseudo Random Number Generator (PRNG) numbers to establish the connection, ensuring that both parties are willing to engage in communication.

The following graphic illustrates this process:

TCP 3 way

Here’s how TCP initiates communication:

  1. The client starts by sending a SYN packet, which includes the SYN control bit, a PRNG-generated Sequence number, and the target port. The Network Layer (Layer 3) delivers the packet to the remote system.
  2. The server responds with a SYN/ACK packet, acknowledging the client’s Sequence number by adding 1 to it and setting both the SYN and ACK control bits. The server also includes its own PRNG-generated Sequence number.
  3. The client finalizes the handshake by sending an ACK packet, confirming the server’s Sequence number in the Acknowledgement field.

This process is known as the SYN, SYN/ACK, ACK 3-way handshake, illustrated by two hosts establishing communication.

cyber image 1

The screenshot displays Wireshark capturing packets, including the 3-way handshake. It shows the source and destination, with the Info field highlighting the ports and the SYN, SYN/ACK, and ACK steps.

The next screenshot illustrates data being exchanged between the two parties after the 3-way handshake, with the TCP packet’s data highlighted at the bottom of the image.

cyber image 2