More TCP/IP questions 1

[Accessdabbler]

Thanks to those of you helping me with my understanding of TCP/IP! Here's some more questions:

1. The port number allows the transport layer to know which application to send the packet to. However, if I have 2 or more instances of IE open, how does the session layer know which IE window requested the data? I assume there is a protocol responsible...

2. One of my texts shows a listing of common TCP ports (and also suggests the list is for UDP ports). However, none of the ports are identified as UDP. Can ANY port be either TCP or UDP?

3. I've read that a security breach can occur if a port is open to TCP traffic but not set to block UDP traffic. How can UDP data slip into an open TCP port?

4. If UDP is connectionless, how does TFTP work? How can you send a file in pieces without knowing if the pieces were properly received? Does it rely on the receiving system to request a re-send of specific packets until the complete file is received?

5. Finally, does can anyone suggest a good website that shows some examples of TCP/IP packets and explains the various parts of the header?

 

[svermill]

1. When you launch IE and your home page opens, a unique source port will be chosen. The webserver responds to the unique source port. Check it out with your protocol analyzer.

2. Not sure I fully understand the question. TCP and UDP port numbers are independant. Having said that, some protocols that use both TCP and UDP use the same port number.

3. Not sure. UDP wouldn't slip into a TCP session. But a DoS attack might be what they're talking about. A processor interupt occurs whenever traffic arrives for a host. Since UDP is connectionless, the machine can't just ignore the traffic on the basis that an active connection hasn't been established. TCP is a little safer. You can configure a firewall not to allow in any TCP where the SYN comes from outside. Only inside hosts can send a SYN and then the ensuing ACK, etc. are allowed to pass. I don't claim to be a security expert though...

4. TFTP uses UDP, which is connectionless. However, TFTP has its own header inside the UDP datagram. TFTP sends one 512 byte block of data and waits for an acknowledgement. So TFTP isn't connectionless, it just uses a L4 transport protocol that is.

5. You need to read the relevant RFCs to ever fully understand. You may also want to read some of the more recent "extension" RFCs on TCP (there's a bunch), but this is a good start: ftp://ftp.isi.edu/in-notes/rfc793.txt

 

[audiopimp]

nice reply buddy keep it up!

 

[Accessdabbler]

I'm still pondering over your answer to Question 4. Maybe I don't understand the difference between connection-orientated and connectionless.

Here's how I see it:

Using TFTP, the receiving computer (computer A) requests a file from the sending computer (computer B). B sends the file out using TFTP in 20 packets. A receives all the packets except number 3 and 14.

Does A request that packets 3 and 14 get sent again or does it request the entire set of 20 packets to be resent?

 

[Laopang]

1.A TCP connection is defined based on four elements:

Source IP address, source port
Destination IP address, destination port!

 

[Laopang]

5. I suggest that you may find a tool, such as 'sniffer','snort', running it in you LAN, and catch the packets ,analysing the whole ethernet frame. Then you can have a deep knowledge about TCP/IP.