Computer Networking ECPE 177
Popular in Course
Popular in ELECTRICAL AND COMPUTER ENGINEERING
This 54 page Class Notes was uploaded by Stanford Cummings DDS on Monday October 26, 2015. The Class Notes belongs to ECPE 177 at University of the Pacific taught by Staff in Fall. Since its upload, it has received 31 views. For similar materials see /class/229912/ecpe-177-university-of-the-pacific in ELECTRICAL AND COMPUTER ENGINEERING at University of the Pacific.
Reviews for Computer Networking
Report this Material
What is Karma?
Karma is the currency of StudySoup.
Date Created: 10/26/15
Network Management Network management is the collection of tasks performed to maximize availability performance security and control of a network and its resources The International Organization for Standardization ISO Network Management Forum has divided network management into five functional areas 1 Fault Management 2 Configuration Management 3 Performance Management 4 Accounting Management 5 Security Management Each ofthese functional areas has its own set of requirements and an effective network management product should be able to perform in each area 1 Fault Management Fault management is the process of identifying and correcting network problems otherwise known as faults Faults typically manifest themselves as transmission errors or failures in the equipment or interfaces Faults result in unexpected downtime performance degradation and loss of data Generally fault conditions need to be resolved as quickly as possible Comprehensive fault management is the most important task in network management Fault management tools can help increase the reliability of the network by quickly identifying the fault and then help initiate the recovery process The first step is to identify the fault isolate the cause of the fault and then correct the fault In the simplest case an alarm is detected and a maintenance technician is dispatched to locate and resolve the fault at the suspect location Using more advanced tools the network manager may be able to go many steps further to isolate and correct a fault from the manager location and then return the network to normal operation without any users being aware ofthe failure The reporting of faults also falls under fault management Universally recognized colors such as red green and yellow can be used to indicate the status of a device red for device in error green for device with no error and yellow for device with a minor error or possible error Graphical presentations of a network map and front panels of the equipment are also used by the network managerto indicate status and operation of devices in the network 2 Con guration Management Configuration management deals with the initialization modification and shutdown of a network Networks are continually changing as devices are added removed reconfigured and updated These changes may be intentional such as adding a new server to the network or path related such as a fiber cut between two devices resulting in a rerouted path If a network is to be turned off then a graceful shutdown in a prescribed sequence is performed as part of the configuration management process The process of configuration management involves identifying the network components and their connections collecting each device39s configuration information and defining the relationship between network components In order to perform these tasks the network manager needs topological information about the network device configuration information and control of the network components 3 Performance Management Performance management involves measuring the performance of a network in terms of utilization throughput error rates and response times With performance management information a network manager can reduce or prevent network overcrowding and inaccessibility This helps provide a more consistent level of service to users on the network This form of management looks at the percentage of utilization of devices to help in improving and balancing the throughput of traffic in all parts of a network Typically some devices are more highly utilized than others Performance monitoring give qualitative and time relevant information on the health and performance of devices so that underutilized devices are more utilized and overtaxed devices are less utilized In a well balanced network with healthy components the error rates for packets traversing the network are down and response times are shortened It is typical for performance management to work in conjunction with fault and configuration management For example a monitored device interface that exhibits a slowly increasing error rate can be verified by an alarm query and could then be reconfigured and bypassed before the fault affects traffic 4 Accounting Management Accounting management involves tracking each individual user39s use of network resources for the purposes of billing and resource allocation This type of information helps a network manager allocate the right kind of resources to users as well as develop a plan for network growth With the same information the cost of transmitting messages across the network can be computed and billed to the user ifthe traffic was revenue bearing This type of management involves monitoring the login and logoff records and checking the network usage to determine a user39s use of the network In addition access privileges and usage quotas can be established and checked against actual for accounting information 5 Security Management Security management deals with ensuring overall security ofthe network including protecting sensitive information through the control of access points to that information Sensitive information is any data that an organization wants to secure such as research documents payroll data and sales and inventory figures Security management controls access to the network devices and sensitive information through the use of devices such as passwords This management also controls the form of sensitive data using methods such as encryption Of course security management also includes protecting the network from internal and external malicious users Network Management Standards Typical networks are becoming increasingly more complex and are usually built with products provided by many different vendors Managing these networks is increasingly more difficult involving mu t39pe management tools and protocols to support different proprietary devices on the network As a result managers are demanding open systems solutions that use industryaccepted standards to reduce the number of different management systems At the same time vendors that comply with published standards can be assured that their products will interoperate together in a network Standards bodies have recently issued network management standards provide what vendors and network managers both need The Internet Architecture Board IAB which is responsible for networking technology and protocols for the TCPIP internetworking community has created a standard network management protocol These protocols are documented as RFCs Request for Comments The IAB recommends the Simple Network Management Protocol SNMP for use as a common network management protocol with TCPlPbased networks TCPIP networks are the most popular types of network SNMP described by RFC 1157 became a full lnternet Standard in May 1990 and is now in widespread use Virtually every vendor of network equipment such as computers workstations bridges routers and hubs offer SNMP Because of its widespread use as an open systems standard new classes of equipment for example microwave radios also support SNMP Network Management Architecture Because networks that support the TCPIP protocol suite are the most popular types of networks today popular management systems for these networks are designed with the following key elements Management station Management agent Management information base MIB Network management protocol WNT Any network management system for a TCPIP network must have all four of these elements to function effectively A management station provides the interface for a human network manager to interact with the management system This can be a workstation or a PC that executes a set of application programs for fault management data analysis data presentation etc The station is capable of translating the network manager39s requirements into the actual tasks of monitoring and controlling individual network devices In addition it contains the database of information extracted from all the managed entities in the network There are many popular network management platforms on the market HewlettPackard OpenViewTM Cabletron SPECTRUM SunNet Manager IBM NetView Harris Corporation FarScan and Alcatel MCS I I The platforms offered by HP Cabletron and Sun are SNMP managers and can operate with any device that supports SNMP HP OpenView is widely available and supported and considered a de facto standard for management platforms The management agent is the second active element in the management architecture The agent is a software program in the network device that responds to requests for information or actions issued by the management station The agent may also send the station unsolicited information known as a Trap All devices in a network must have a management agent Typically an agent may be embedded or quotnativequot to the device or alternatively be a quotproxyquot agent for other protocols The third part of the architecture is the information that is exchanged between the manager and the agent this is called the management information base or MIB This information is a collection of objects or data values each represents one aspect ofthe managed device For example the location ofthe device and the number of erred seconds in the last hour would be two different data values in the MIB The structure and content of the MIB are standardized across systems of a particular class such as a bridge MIB or DS3 MIB After a MIB is published as a standard various vendors can build the same kind of equipment that complies with the MIB and be assured that they can be managed in a TCPIP network The MIB structure is standardized in SNMP as a hierarchical tree Additions to the tree can be easily implemented and traversing a tree to obtain specific information can be done quickly These are important features because they encourage the use of the MIB in the network management model and the creation of enterprise MIBs for vendors looking to support SNMP with their own products The last element of the model the network management protocol links the station and the agent by specifying the rules for communication The protocol used for the management of TCPIP networks is the Simple Network Management Protocol SNMP SNMP uses three simple commands to communicate GET enables the station to retrieve data from the agent SET enables the station to set a value at the agent and TRAP that enables the agent to notify the station of an important event Other protocols are available such as Internet Control Message Protocol lCMP and Simple Gateway Monitoring Protocol SMGP but they have limited functionality and only support a generic MIB As a result these two protocols are not widely used Introducing Simple Network Management Protocol SNMP SNMP is the protocol for the management of TCPIP networks Two other specifications are necessary to form the foundation of the management system Together they are Secure Communications the Internet WHY USE THE INTERNET The Internet offers Virtually universal worldwide coverage Access to anywhere from anywhere stationary or mobile INTERNATIQNA CONNEC39I39IVIW Velslo G 7 6115197 Ease of use ease of training Cheap access All cotnmunications must be Should be 1 pvergsons ly Sent private no unauth orizge e was orig gi n39al 39 39 2 39 39 3 Message must it 39claims b thze true SrouVrci of that i W All 39 be 39 Whi h 131quot identified re claim to be machine To mm that W I To mm m INTEGRITY of an wear an I MESSAGE DIGES39rS To the mm if data we ma DIGITAL SIGNATURES Tap AWICATE than idan tyr of network 1334 m w DIGITAL CERTIFICATES v 2 quot 39 139 a gt mmglnm mmm mmmaiml gmmm 1 E3 1341 3333 Wm umgamm at wm ca WEE3 ESE mwmguTm wm m e 3 WN 316 mm 31 m Wm mW mWf lk 3 37 quot4 me w fiis ncgm 55 In the 5th rCentury B the Greeks used 39amilitary cryptographic deviee called a 39r39seytalequot Th e scytale CO nSisted Of a staff around Which a strip leather or The message written the strip columns The staff the carried to the v 10 o o v 99 i mgm 3111 Wm mm wmmmgfma 33 m m mm 3109 Cng a Gitmajoi njama g 3331mm The National Securily Agency chose a W Wk Wh q jib quot 5 39 5 mb em m1 123 a 1 e a W ammo 4 1quot it lhcg 4A Lg l quot 11g 31 WLL 8 l 723133151 1171ng I 1 Eb 7m TMEA T EI HEZQQ Eam ryg ca 1 lm mg aicgsm The National Security Agency chase cipher disk for ils eanblem TEE mug m eaz mammm 3353 39I I Icw It K VVorks Modern l key cryptographic schemes rely on 3 main con epts M7 1H 9 Ziiii39vr 7 shuf ing of characters r39139Zquot39e Z39Zuc v 39 39 quot quot ENCRYPTIOH DECRYPTION PLAIMTExT PLAINTEXT CIPHEFITEIIZT CIPHEFITEXT I Iew It Works Good schemes use a 128 bit key giving V SECRET KEY SECRET KEV 39d 33 m E EHCH V PTIDH CR I39F39TIOH 39 I 39 397 F39LJEIIJ HTE JCT CIPHERTE KT PLAI HTE KT DES Data Encryption Standard Private key Encrypts arseries of substitutions and transpo sitio nxs With a 56 bit key orldwide standard for m orre th an years I Iyas a history of ControVeISy Designed by with late N o lor39lger considered secure for highly sensitive Federal has proposed Algorithmic Standrard as a replercement Ha mwyi Hum 15 pn mn mnli L1 af rm aum n I ul iwu 32 u ins Li I E Humanich parim a n hgtrl E Ialwlel 4s 1teration 72 s bills r Left 5 hi rts 1 72 s uni14 I vel t shifts 1 Pernlutltiomcuntract 1 Paarmuted Chnice 2 Other Popular Symmetric Encryption Schemes BDES ID39EA Blow sh IPSec quot ri 7 In the seacalled quotm tima it key schema ma Whyiauatrinsufmdombitsttmtismcmsima ia the message To Wt the plainth message we merely XOR it rim thn key To decrypt ma ciphmxt we merely XOR it again with the key XOR 111 132 I 0 1 1 Plaintext l l l l ll llll 01100101 11 Joe in ASCII binary Kc 39 3910101101 01011010 11111001 lt a string of ralulcnn bits IEil I t itsi liii l li 901 i 39 i l i l 71 ilt f i X RIif39ftzl tgitfv 5139s mt9ipquot gi39 tpi hl Rimm em 111nm iii mrji jmij393 1EEE iZEEdfi39f i l f f d39 igammaEilihye lI iey 10101101 01011010 10110010 lt hand carried to ue receiver iPlaintext I l l l 01101111 01100101 lt3 quotJoequot in ASCII binary ALL WW WE m iii m ag u mE mfg 2m m 923 m3 mg m m W mmamp Jsxa mlm 12G E ei m 1913 33 Wm aims WW mg m 3122 m 103 mm 6mm gqlaggmc l ma g i m p mg E W 6m asz g1 66mm am M m Ing m a 33 pm GEE JL 6T9E ET W 611 61mm 1153 6Q ESI W W C6321 WW mm egg m m WE glgmcc W 21 m E 6mm gw g g meg Wvg m m q mjm m Em mqx m mm m t l imaging 2 53 iwj 3213 W fgs mg m Wm 3353 SE mm i r Jimiqq IILJSV 139 901 gt 101110110 TTtTDtTO 01010010 JKJJIIIBIJ Ja KFa39aaI 91F J llaPiIua l1n1l gt OTOOIIBT OTDttD IO IDI ID IDI 3491 321qu st alums Ialzrlms 911 11101 JaApan gt Iflgfgff Iar IIa Iff lll J WLIBIIQIED j YajnmliIII ED A A Eii ziiialn 0 Jugs o zlinp 0 EAOXASIAIIA4 11119ng Iararroa IrraaIII Saul utopumt Jo Stalls u gt GIOOIIDI OIOIIOIO tattotot 931 Aharun 113111 It Moor gt totocnto IIITOIIO oIOtoOto Jxanrpsta 1 2 Ti LJL I IOW It Worlgs 1 BOB39S computer generates a public key pair Wh en one k ey it dO eSn39t matter which 0116 is used to encrypt a In eswsagez other key can decrypt the quotmessaged 2 gives a Opy if Of 39his Keys the j 7 g quot to keejps other key called th 3941 sends Qg emails 2395quot st39 i 7 39 herquot cih e teXt t0lt 3 encrypts v P ain teX t with j T 2 ciphertext E39Si ig 3135 5 deTCI39yptsjt13 O i 7 Rivest Shamir Adl eman is the In39ost pVO pular pquil ic key algorithma j r Diffi e Hellman allloW S39 to session o i 19 Digital S ignature is tht e US key algggofriztxh39ma 7 The PRtJBLiEM 3 39i quot i j is the necessary The With 2 j3911 quot 13 f 39 L9 7 r Inathematical relationship between the 2 7 7 r r quot jf T 1 f i 39fquot This relationship us from usin g just any 01 random key which we can d0 With ed by Va 391 Vr t lt symm etrie privette cryptography 39TherefOrie to get of seenrity provi39 i f 1 key siiz e must use a 11 1390 tim es longer using p ublie cryptography 39Sqo e39Ven though there are A keys the cryptanalyst need try only about 1 39 Public Key 2 key Cryptography Tile OK there are 21 24 possible keys but the cryptanalyst need try only about 2128 of them So then as With l key cryptography he is still left With 340000000000000000000000000000000000000 possible keys However use of such a large key 1024 bits slows the requisite number crunching and makes 2 key cryptography Therefore public key cryptography is generally used only to send the secret session key in l key private key cryptography Pretty Good Privacy PGP gives you secure pseudo anonymous message service via your usual email service Alice creates a public key pair and gives Bob her public key Bob creates a random session key and l key encrypts his email With it Bob 2 key encrypts the session key With Alice s public key Bob sends to Alice both the encrypted email and the encrypted session key Alice receives Bob s email and reverses the process retrieving the original text WE E CNSlad T W 3011 Sent 9 H Enclypted Ecryn lad Text amp T Segion Key g ALICE39S PUBLIC KEY Encrypted Text Clear Text Em g g Session Key 3 lt 0 ALIcE39 s FRIVA39I E KEY Encrypted ion Key Real World Use of 1 Key2 Key Cryptography Again 2 key cryptography is used primarily to distribute secret Session keys that rare then used With standard old fashiognced y it could be 39a military This is the E cornmer39ce but also gdaeal With is Sue authfenticati39on which ha4ve ignored here NW1 6 3 4 if f I A r 7 gt y A A 333 a 56233 m 739 i D 7 V Wmm aii Halibut a Nm tggg DES kg II 323 mam Difqu m mtg y m m m quotmwma mwm of ipr mg 3amp3 Lama We a i g m wrw x x T 4 V V 1 Application 7 D 3 with I 39 wants u pubElie key Ana h w m mm kneaw mamg Q 7 y m r gamma immgal l lg 54E The Man in the Middle attack works like this I NTE RN ET I NTE RN ET The Man in the Middle attack works like this ALICE encrypts her messages using public key then sends t0 I NTE RN ET I NTE RN ET Neither nor is any the mmhaauhg HABHHmvnAH I aid 95 In 2 93303 is hauu i Gina u nUHHzmHHgg 6H wap gmvnw gymUna I 33 g gaging 393 Una 6H whhm vmn meg g I g on it HA Ewing s 25 Aral I Emums using both Ikey and gaze cwpmgrqphy Ensures data integrity using massages digests Authenticatas message seam using digital Signamms Authenticatas swank user semi identitiea using digital canificatas For any given message text graphic etc a zomputer progl39am 11 Camutes the i711 and 2 I appends it t0 the end of the message receiv s the message from his saffwarie alsp camp ut e s an 39 1 ages a quothashquot39 7of message B B139s S Q39ftware then chareS its E CQmPuted W i A Verifies thrat message is authentic r it has not changed since quotits greati39ot n Yes a man the mi ddle 39 the Inessage create Ha 391 hand l e that MESSAGE ENCRYPTED SIGNED DIGEST I39u39ID MESSAGE 1 S foftwr are computes Va message fligesft of quots message software then encrypts using quot39s I 7 j 1 quot 7 3 this encrypted has been appender to the original message the mesys atgje is considered 7 signaled U sinig ALICE s r g 5 f 3quot J 39s dechypts the a f 1f 39 3quot quot f 39 2115 retrieviIng the of ALICETs mesisa39ge TheII BbB39s softwamr e complltegs its of the 33 If BOB39S is id39entical to MESSAGE Encn rFTED SIGNED thin g S DIGEST MD MESSAGE 1 has not e39evn quotaltered 1 5391 5quot 1 11 5 31 i 2 Sent the l 39i r 64 f z 4 4 A Furthermore caning later 1 4 Alice gains send the message 1532 4 7 Privacy 39N U thait ml cdl have az sza mcryptea ZEDair sigmaed messag 11quot i V quot 39 11 d crm57p ttlhlqe mcessajsgjce mg mg his jg 7 E 775 1772 s them prrcmrccecea as D112 q j amEHEQEDQ Q a jmg Eme megga gcek 34 To AUTHENTICATE the identity of network users we use DIGITAL CERTIFICATES Most servers consider a c orrect 3931 a and fl that the client is she clairn s39 to be th e client bVe sure thltat the server is who it claims to b e39 39client applications e g browsers use 553923 j m a t T if if 3 2 239 L 2 to Fauthentic ate Servelr before passin g 011 to it sensitive information such as credit car number39s Note however that Digital Certificates c an just as 39easily be to authenticVate a client to a server H To AUTHENTICATE the identity of network users we use DIGITAL CERTIFICATES a is lik39e a driver39s license It identifies its e in clear text A 2Cgtertifireate Authority CA issues certificate afterr verifying th e inforrriatioh C0htained in it 39Th e signs apends a digital signature to the certificate 39efo39re issuinjg it to its Oanerg norm ally server pierson quotOr est of 39the The digital signature is encirypte m quotesis age dig certificate the being one using ithe lt y time A Intended purpose All Intermediate Certification Authorities t rL u cLu I Authorities Trusted Publ 4 Issued To 3 Expiretio Friendly Name A Thewte Server cp EELJTN USERFirst obj g 39 m a VeriSigl I Corn erc39 1x7I2004 Import Euil Certi cate intended purposes Here is erisign s certificate It was signed by Verisign becaiuse there is no higher 39 uth39ority than it I General Details Certi cation Path Show ltAllgt VJ Field 0 Value ESerial number 1F 42 29 5F 3 93 OF Se 3 99 Signature algorithm sha1RSA Issuer Verisign Trust Network c 19 Valid From Elvalid ta Esubject 3C 81 89 92 81 81 DD 5 ES DEL 21 74 2 S7 A la I33 ED 98 a 97 3c Elf 21 I39 fl 9 db 939 939 e9 93 ft 2 04 us 13 he Sf 52 9 CI 1e 21 12 56 2 138 DJ 69 2 CI 99 1f ad 130 96 an 79 04 f2 13 39 C1 7 98 13a US 2 38 22 84 13 213 aa 69 39 99 f 4 C7 a9 U2 a4 42 E2 23 4f 4a 18 EU DE a2 fb 31 6C 29 56 6f 99 27 Clquot 125 I56 4 4 79 9e 61 ieb 46 BE Ea b9 36 19 54 f2 132 C4 Elf d4 46 1 5a 9 15 30 ff xi Edit Properties Copy to File DIGITAL CERTIFICATES Authenticating the Machines Servers Certificate Owner Wamaz ncom Seatt e WA USA Certificate Issuer RSA Data Security Dirac Valid From Tuesday March 119 2609036 8 PM Valid To Thursday March 20 2307 75959 PM Public Key Algorithm RSA 11024413519 Server s Public Key 30 81 87 02 81 81 D0 08 1b 8b a 410 03 5b 10324 bits Signature Algorithm MD 128 bit CA s Signature 62 89 a8 52 CG 96 8O 1H0 5T 74 3a 43 413 f0 06 Ge to 83m 1m 1 Qtaiax e 193 113ch 7 39 19 gmj iihm Q SEES 1 quot mm we 133 e y Digital Certific ate Certificate x rCertific ate Gen af Detal s tierti catici nii eth Show enquot v beteilsi QertiFicetion Path Certi cate Information This Le is i J 39 for the P Ensures the identity 0F a remote computer Double click on the ellow lock to get this ReFer to the certi cation authority s statement For details Secure Server Certification Au Tuesday September US 2005 Thursday September 35 2cquot www5chwah CornJ STech Ch t Subject Ty e p End Entity Pat Digital Signature Key Encipher Y Issued to www5chwabcom 7 3c 91 99 32 81 91 00 b9 b0 49 21 94 Sci 33 a V V 0a 7c1 e0 45 Scl I39 25 f4 26 79 39 ad 01 b3 Issued by Secure Server CertlFlcetan Authnrlty 6 E 3939 63 2a 1 9 7 1 f S 134 6 6 8 5 DE dc Elf 4E 97 b3 57 25 ecl fl 4 ea Elf c14 03 91 f0 c1c1 13 58 d3 6e I34 131 15 e2 41 83 16 e2 88 S2 Vald from 9592006 to 9I6IZDD7 a3 ee 94 at 56 3e e4 1c1 2e a 16 S9 16 e9 18 5a 29 SE 5 321 4 99 re 16 2e 73 2a Ed de 14 b9 e4 e2 54 3D 23 13 10 49 39 c12 27 21 b4 eEI fe 36 6 3 SD 97 26 9e 22 15 e6 install Certi cate Is ger Statement an 4Lquot 0 m gs 313 mm da v 33m e 311mm Mf cmmo 1 gg a 237 95 Lo v o 8 quot m A A nea m v 9 my Wmu z V g fgj vi 1315 81me m 839 1E NW 39 amma o mm 9 311 mm m 1901110quot 3 1 82113 o v G WA m3 mggmm mwm Damw WPTL W 7 H WE will wcg G313 ammmf m w m fm ma quot9 ALICE goes to Amazon giving it her uSername and password browseri the Certifieatje Authpriity listed in certificate Channel Jr ser thraft 4 SSL Encrypted I AMAZONC 0M a encrypt d certificra in 5 private key ALICE S browser compares the MD With its own MD of the certificate If the certificate is woka y quotthe as the Sefv ef using the server s iipu39licwkey SSLCEIZ me 39I 1701111 in its certificate quot FHA 7H 7w u AMAZONCOM l key cryptography A closed 7 ailiy lock appears to let know an SSL Seenre Sockets Layer 2b is up 55L Encrypted l Channel key is a secret key that is use Von1 d1ges 1 ikgy cryt grahic com Wm session ts all digital signraturieis di39igi t a l certi quotca tffes Secure Communications Over the Internet It r39 39 orks39 Pull lplil rill I I I I I I I I I I I I I I I E The Data Encryption Standard a block cipher With 64 bit blocks and a 56 bit key ES has been a US government Probably the most Widely used metric cipher ever devised D standard for use on unclassi ed data since the late 7039s It is seriously unsecure against current attacks 39 7 V 2 DES u sing tl39iree DES encryptions on a single block With at least tWo different three differerit keys are used 3DES is considered a 68 bit key algorithm Vest Cipher four designed R911 Rives of Rive slt Shamir Adelrrlan and Widely 391 quot 3th key ae3g 128 bits 39j Data Encryptiva Algqritihm develQPes Tl 39Eurepe as alternative to i 39 u 39c antions sys 1 I 39 l g54 bit 13 l I l dafa hronghput foruse rs V w Inte39rnet uses three different keys 39 built into Microgts oft Point to Po int Eliciyl s not rall thia N 2 r un ds Of Proic39essin39g uses a a L r H a w 47 The Three way Handshake Everything You Ever Wanted to Know Establishing a TCP Connection The following sequence shows the process of a TCP connection being established Frame 1 As you see in the rst frame the client NTW3 sends a SYN segment TCP S This is a request to the server to synchronize the sequence numbers It speci es its initial sequence number ISN which is incremented by l 8221821l8221822 and that is sent to the server To initialize a connection the client and server must synchronize each other s sequence numbers There is also an option for the Maximum Segment Size MSS to be set which is de ned by the length len 4 This option communicates the maximum segment size the sender wants to receive The Acknowledgement eld ack 0 is set to zero because this is the rst part of the threeway handshake 1 20785 NTW3 gt BDC3 TCP S len 4 seq 8221822 8221825 ack 0 win 8192 src 1037 dst 139 NET Session NTW3 gt BDC3 IP TCP S len 4 seq 8221822 8221825 ack 0 win 8192 src 1037 dst 139 NET Session TCP Source Port 0x040D TCP Destination Port NETBIOS Session Service TCP Sequence Number 8221822 OX7D747E TCP Acknowledgement Number 0 0x0 TCP Data Offset 24 0x1m TCP Reserved 0 0x0000 TCP Flags 0x02 S TOP 0 No urgent data TOP 0 Acknowledgement field not significant TOP 0 No Push function TOP 0 No Reset TCP 1 Synchronize sequence numbers TCP 0 No Fin TCP Window 8192 0x2000 TCP Checksum 0xF213 TCP Urgent Pointer 0 0x0 TCP Options TCP Option Kind Maximum Segment Size 2 0x2 TCP Option Length 4 0x4 TCP Option Value 1460 0x5B4 TCP Frame Padding 00000 02 60 8C 9E 18 8B 02 60 8C 3B 85 00010 00 2C 0D 01 40 00 80 06 E1 4B 83 6B 02 D6 83 6B 00020 02 D3 04 0D 00 8B 00 7D 74 7E 00 00 00 00 60 02 00030 20 00 F2 13 00 00 02 04 05 B4 20 20 C1 08 00 45 00 Frame 2 In the second frame the server BDC3 sends an ACK and a SYN on this segment TCP AS In this segment the server is acknowledging the request of the client for synchronization At the same time the server is also sending its request to the client for synchronization of its sequence numbers There is one major difference in this segment The server transmits an acknowledgement number 8221823 to the client The acknowledgement is just proof to the client that the ACK is speci c to the SYN the client initiated The process of acknowledging the client s request allows the server to increment the client s sequence number by one and uses it as its acknowledgement number 2 20786 BDO3 gt NTW3 TOP AS len 4 seq 1109645 1109648 8221823 win 8760 ack src 139 NBT Session dst 1037 BDO3 gt NTW3 1P TOP AS seq 1109645 1109648 ack 8221823 win 8760 src 139 NBT Session dst 1037 TOP Source Port NETBIOS Session Service TOP Destination Port 0x040D TOP Sequence Number 1109645 0x10EE8D TOP Acknowledgement Number 8221823 OX7D747F TOP Data Offset 24 0x1m TOP Reserved 0 0x0000 TOP Flags 0x12 AS TOP No ur ent data TOP Acknowledgement field significant TOP No Push function TOP 0 No Reset TOP 1 Synchronize sequence numbers TOP 0 No Fin TOP Window 7 8760 0x2238 TOP Ohecksum 0x012D TOP Urgent Pointer TOP Options 0 0x0 TOP Option Kind Maximum Segment Size TOP Option Length 4 0x4 TOP Option Value 1460 0x5B4 7 2 0x2 TOP Frame Padding 00000 02 60 8O 3B 85 O1 02 60 8O 9E 18 8B 08 00 45 00 E 00010 00 2O 5B 00 40 00 80 06 93 4O 83 6B 02 D3 83 6B 00020 02 D6 00 8B 04 0D 00 10 EE 8D 00 7D 74 7F 60 12 00030 22 38 01 2D 00 00 02 04 05 B4 20 20 Frame 3 In the third frame the client sends an ACK on this segment TOP A In this segment the client is acknowledging the request from the server for synchronization The client uses the same algorithm the server implemented in providing an acknowledgement number The client s acknowledgment of the server s request for synchronization completes the process of establishing a reliable connection thus the threeway handshake 3 2787 NTW3 gt BDO3 TOP A ack 1109646 win 8760 len 0 seq 8221823 8221823 NBT Session NTW3 gt BDO3 1P src 1037 dst 139 TOP A seq 8221823 8221823 ack n 0 1109646 win 8760 src 1037 dst 139 NBT Session TOP Source Port 0x040D TOP Destination Port NETBIOS Session Service TOP Sequence Number 8221823 OX7D747F Acknowledgement Number 1109646 0x10EE8E TCP Data Offset 20 0X1M TCP Reserved 0 0x0000 TCP Flags 0x10 A TCP No urgent data TCP Acknowledgement field significant TCP No Push function TCP No Reset TCP 0 No Synchronize TCP 0 No Fin TCP Window 8760 0x2238 TCP Checksum 0x18EA TCP Urgent Pointer 0 0x0 TCP Frame Padding 00000 02 60 8C 9E 18 8B 02 60 8C 3B 85 00010 00 28 0E 01 40 00 80 06 E0 4F 83 6B 02 D6 83 6B 00020 02 D3 04 0D 00 8B 00 7D 74 7F 00 10 FE 8E 50 10 00030 22 38 18 FA 00 00 20 20 20 20 20 20 C1 08 00 45 00 Terminating a Connection Although the threeway handshake only requires three packets to be transmitted over our networked media the termination of this reliable connection will necessitate the transmission of four packets Because a TCP connection is full duplex that is data can be owing in each direction independent of the other each direction must be terminated independently Frame 4 In this session of frames you see the client sending a FIN that is accompanied by an ACK TCP AF This segment has two basic functions First when the FIN parameter is set it will inform the server that it has no more data to send Second the ACK is essential in identifying the speci c connection they have established 4 160279 NTW3 gt BDC3 TCP AF len 0 seq 8221823 8221823 ack3462835714 win 8760 src 2337 dst 139 NET Session NTW3 gt BDC3 1P TCP AF len 0 seq 8221823 8221823 ack 1109646 win 8760 src 1037 dst 139 NET Session TCP Source Port 0x040D TCP Destination Port NETBIOS Session Service TCP Sequence Number 8221823 0X7D747F TCP Acknowledgement Number 1109646 0x10EE8E TCP Data Offset 20 0X1M TCP Reserved 0 0x0000 TCP Flags 0x11 AF No urgent data 7 Acknowledgement field significant TCP No Push function TCP No Reset TCP 0 No Synchronize TCP 1 No more data from sender TCP Window 8760 0x2238 TCP Checksum 0x236C TCP Urgent Pointer 0 0x0 00000 00 20 AF 47 93 58 00 A0 C9 22 F5 39 08 00 45 00 quot 9E 00010 00 28 9B F5 40 00 80 06 21 4A C0 5E DE 7B C0 5E JAA 00020 DE 57 09 21 05 48 0B 20 96 AC CE 66 AE 02 50 11 f P 00030 22 38 23 6C 00 00 Frame 5 In this frame you do not see anything special except for the server acknowledging the FIN that was transmitted from the client 5 160281 BDC3 gt NTW3 TCP A n 0 seq 1109646 1109646 ack 8221824 win28672 src 139 dst 2337 NET Session BDC3 gt NTW3 1P TCP en 0 seq 1109646 1109646 ack 8221824 win28672 src 139 dst 2337 NET Session TCP Source Port 0x040D TCP Destination Port NETBIOS Session Service TCP Sequence Number 1109646 0x10EE8E TCP Acknowledgement Number 8221824 OX7D7480 TCP Data Offset 20 0X1M TCP Reserved 0 0x0000 TCP Flags 0x10 A TCP 0 No urgent data TCP Acknowledgement field significant TCP No Push function TCP No Reset TCP No Synchronize TCP No Fin TCP Window 28672 0x700m TCP Checksum 0XD5A3 TCP Urgent Pointer 0 0x0 TCP Frame Padding 00000 00 A0 C9 22 F5 39 08 00 02 03 BA 84 08 00 45 00 quot9 E 00010 00 28 D2 82 00 00 3F 06 6B BD CO 5E DE 57 CO 5E k NWA 00020 DE 7B 05 48 09 21 CE 66 AE 02 0B 20 96 AD 50 10 H lf P 00030 70 00 D5 A3 00 00 90 00 01 00 86 00 Frame 6 After receiving the FIN from the client computer the server will ACK Even though TCP has established connections between the two computers the connections are still independent of one another Therefore the server must also transmit a FIN TCP AF to the client 6 170085 BDC3 gt NTW3 TCP AF len 0 seq 11096461109646 ack 8221824 win28672 src 139 dst 2337 NET Session BDC3 gt NTW3 1P TCP AF len 0 seq 1109646 1109646 ack 8221824 win28672 src 139 dst 2337 NET Session TCP Source Port 7 0x0548 TCP Destination Port 0x0921 TCP Sequence Number 1109646 0x10EE8E TCP Acknowledgement Number 8221824 OX7D7480