MODULE 13: ICMP • When the Time to Live (TTL) field in a packet

13.1 ICMP MESSAGES is decremented to 0, an ICMPv4 Time

ICMPv4 AND ICMPv6 MESSAGES Exceeded message will be sent to the source
• Internet Control Message Protocol (ICMP) host.
provides feedback about issues related to • ICMPv6 also sends a Time Exceeded
the processing of IP packets under certain message. Instead of the IPv4 TTL field,
conditions. ICMPv6 uses the IPv6 Hop Limit field to
• ICMPv4 is the messaging protocol for IPv4. determine if the packet has expired.
ICMPv6 is the messaging protocol for IPv6
and includes additional functionality.
• The ICMP messages common to both
ICMPv4 and ICMPv6 include:
o Host reachability
o Destination or Service Unreachable
o Time exceeded Note: Time Exceeded messages are used by
Note: ICMPv4 messages are not required and are the traceroute tool.
often not allowed within a network for security ICMPv6 MESSAGES
reasons. ICMPv6 has new features and improved
HOST REACHABILITY functionality not found in ICMPv4, including four
ICMP Echo Message can be used to test the new protocols as part of the Neighbor Discovery
reachability of a host on an IP network. Protocol (ND or NDP).
In the example: • Messaging between an IPv6 router and an
• The local host sends an ICMP Echo Request IPv6 device, including dynamic address
to a host. allocation are as follows:
• If the host is available, the destination host o Router Solicitation (RS) message
responds with an Echo Reply. o Router Advertisement (RA) message
DESTINATION OR SERVICE UNREACHABLE • Messaging between IPv6 devices, including
• An ICMP Destination Unreachable message duplicate address detection and address
can be used to notify the source that a resolution are as follows:
destination or service is unreachable. o Neighbor Solicitation (NS) message
o Neighbor Advertisement (NA)
• The ICMP message will include a code
indicating why the packet could not be message
Note: ICMPv6 ND also includes the redirect
delivered.
message, which has a similar function to the
• A few Destination Unreachable codes for
redirect message used in ICMPv4.
ICMPv4 are as follows:
o 0 - Net unreachable • RA messages are sent by IPv6-enabled
o 1 - Host unreachable routers every 200 seconds to provide
addressing information to IPv6-enabled
o 2 - Protocol unreachable
o 3 - Port unreachable hosts.
• RA message can include addressing
• A few Destination Unreachable codes for
information for the host such as the prefix,
ICMPv6 are as follows:
o 0 - No route to destination prefix length, DNS address, and domain
name.
o 1 - Communication with the
destination is administratively • A host using Stateless Address
prohibited (e.g., firewall) Autoconfiguration (SLAAC) will set its default
o 2 – Beyond scope of the source gateway to the link-local address of the
address router that sent the RA.
o 3 - Address unreachable
o 4 - Port unreachable
Note: ICMPv6 has similar but slightly different
codes for Destination Unreachable messages.
TIME EXCEDED
 • An IPv6-enabled router will also send out an • To determine the MAC address for the
RA message in response to an RS message. destination, the device will send an NS
• In the figure, PC1 sends a RS message to message to the solicited node address.
determine how to receive its IPv6 address • The message will include the known
information dynamically. (targeted) IPv6 address. The device that has
o R1 replies to the RS with an RA the targeted IPv6 address will respond with
message. an NA message containing its Ethernet MAC
o PC1 sends an RS message, “Hi, I just address.
booted up. Is there an IPv6 router on • In the figure, R1 sends a NS message to
the network? I need to know how to 2001:db8:acad:1::10 asking for its MAC
get my IPv6 address information address.
dynamically.”
o R1 replies with an RA message. “Hi
all IPv6-enabled devices. I’m R1 and
you can use SLAAC to create an IPv6
global unicast address. The prefix is
2001:db8:acad:1::/64. By the way,
use my link-local address fe80::1 as
your default gateway."
13.2 PING AND TRACEROUTE TESTS
PING – TEST CONNECTIVITY
• The ping command is an IPv4 and IPv6
testing utility that uses ICMP echo request
and echo reply messages to test
connectivity between hosts and provides a
summary that includes the success rate and
average round-trip time to the destination.
• If a reply is not received within the timeout,
ping provides a message indicating that a
• A device assigned a global IPv6 unicast or
response was not received.
link-local unicast address, may perform
• It is common for the first ping to timeout if
duplicate address detection (DAD) to ensure
address resolution (ARP or ND) needs to be
that the IPv6 address is unique.
performed before sending the ICMP Echo
• To check the uniqueness of an address, the
Request.
device will send an NS message with its own
IPv6 address as the targeted IPv6 address.
• If another device on the network has this
address, it will respond with an NA message
notifying to the sending device that the
address is in use.

PING THE LOOPBACK

Ping can be used to test the internal configuration of
IPv4 or IPv6 on the local host. To do this, ping the
local loopback address of 127.0.0.1 for IPv4 (::1 for
IPv6).
• A response from 127.0.0.1 for IPv4, or ::1 for
Note: DAD is not required, but RFC 4861 IPv6, indicates that IP is properly installed on
recommends that DAD is performed on unicast the host.
addresses. • An error message indicates that TCP/IP is not
operational on the host.
 TRACEROUTE – TEST THE PATH
• Traceroute (tracert) is a utility that is used to
test the path between two hosts and provide
a list of hops that were successfully reached
along that path.
• Traceroute provides round-trip time for each
hop along the path and indicates if a hop
fails to respond. An asterisk (*) is used to
indicate a lost or unreplied packet.
• This information can be used to locate a
PING THE DEFAULT GATEWAY
problematic router in the path or may
The ping command can be used to test the ability of
indicate that the router is configured not to
a host to communicate on the local network.
reply.
The default gateway address is most often used
because the router is normally always operational.
• A successful ping to the default gateway
indicates that the host and the router
interface serving as the default gateway are
both operational on the local network.
Note: Traceroute makes use of a function of the TTL
• If the default gateway address does not
field in IPv4 and the Hop Limit field in IPv6 in the
respond, a ping can be sent to the IP
Layer 3 headers, along with the ICMP Time Exceeded
address of another host on the local network
message.
that is known to be operational.
• The first message sent from traceroute will
have a TTL field value of 1. This causes the
TTL to time out at the first router. This router
then responds with a ICMPv4 Time
Exceeded message.
• Traceroute then progressively increments
the TTL field (2, 3, 4...) for each sequence of
messages. This provides the trace with the
address of each hop as the packets time out
further down the path.
• The TTL field continues to be increased until
the destination is reached, or it is
PING A REMOTE HOST incremented to a predefined maximum.
Ping can also be used to test the ability of a local
host to communicate across an internetwork.
A local host can ping a host on a remote network. A
successful ping across the internetwork confirms
communication on the local network.
Note: Many network administrators limit or prohibit
the entry of ICMP messages therefore, the lack of
a ping response could be due to security
restrictions. WHAT I DID LEARN IN THIS MODULE?
• The purpose of ICMP messages is to provide
feedback about issues related to the
processing of IP packets under certain
conditions.
• The ICMP messages common to both
ICMPv4 and ICMPv6 are: Host reachability,
Destination or Service Unreachable, and
Time exceeded.
 • The messages between an IPv6 router and TRANSPORT LAYER PROTOCOLS
an IPv6 device including dynamic address • IP does not specify how the delivery or
allocation include RS and RA. The messages transportation of the packets takes place.
between IPv6 devices include the redirect • Transport layer protocols specify how to
(similar to IPv4), NS and NA. transfer messages between hosts, and are
• Ping (used by IPv4 and IPv6) uses ICMP echo responsible for managing reliability
request and echo reply messages to test requirements of a conversation.
connectivity between hosts • The transport layer includes the TCP and
• Ping can be used to test the internal UDP protocols.
configuration of IPv4 or IPv6 on the local
host.
• Traceroute (tracert) generates a list of hops
that were successfully reached along the
path.
MODULE 14: TRANSPORT LAYER
14.1 TRANSPORTATION OF DATA
ROLE OF THE TRANSPORT LAYER
The transport layer is:
• responsible for logical communications
between applications running on different
hosts.
TRANSPORT CONTROL PROTOCOL
• The link between the application layer and
TCP provides reliability and flow control. TCP basic
the lower layers that are responsible for
operations:
network transmission.
• Number and track data segments
transmitted to a specific host from a specific
application
• Acknowledge received data
• Retransmit any unacknowledged data after
a certain amount of time
• Sequence data that might arrive in wrong
order
• Send data at an efficient rate that is
acceptable by the receiver
TRANSPORT LAYER RESPONSIBILITIES
The transport layer has the following
responsibilities:
• Tracking individual conversations
• Segmenting data and reassembling
segments
• Adds header information
• Identify, separate, and manage multiple
conversations USER DIAGRAM PROTOCOL (UDP)
• Uses segmentation and multiplexing to UDP provides the basic functions for delivering
enable different communication datagrams between the appropriate applications,
conversations to be interleaved on the same with very little overhead and data checking.
network • UDP is a connectionless protocol.
• UDP is known as a best-effort delivery
protocol because there is no
acknowledgment that the data is received at
the destination.
 TCP HEADER
TCP is a stateful protocol which means it keeps
track of the state of the communication session.
TCP records which information it has sent, and
which information has been acknowledged.

THE RIGHT TRANSPORT LAYER PROTOCOL FOR

THE RIGHT APPLICATION
UDP is also used by request-and-reply applications
where the data is minimal, and retransmission can
be done quickly.
If it is important that all the data arrives and that it
TCP HEADER FIELDS
can be processed in its proper sequence, TCP is
used as the transport protocol.

APPLICATIONS THAT USE TCP

TCP handles all tasks associated with dividing the
data stream into segments, providing reliability,
controlling data flow, and reordering segments.
14.2 TCP OVERVIEW
TCP FEATURES
• Establishes a Session - TCP is a
connection-oriented protocol that
negotiates and establishes a permanent
connection (or session) between source and
destination devices prior to forwarding any
traffic.
• Ensures Reliable Delivery - For many
reasons, it is possible for a segment to
become corrupted or lost completely, as it is
transmitted over the network. TCP ensures 14.3 UDP OVERVIEW
that each segment that is sent by the source UDP FEATURES
arrives at the destination. UDP features include the following:
• Provides Same-Order Delivery - Because • Data is reconstructed in the order that it is
networks may provide multiple routes that received.
can have different transmission rates, data • Any segments that are lost are not resent.
can arrive in the wrong order. • There is no session establishment.
• Supports Flow Control - Network hosts • The sending is not informed about resource
have limited resources (i.e., memory and availability.
processing power). When TCP is aware that UDP HEADER
these resources are overtaxed, it can The UDP header is far simpler than the TCP header
request that the sending application reduce because it only has four fields and requires 8 bytes
the rate of data flow. (i.e. 64 bits).
 SOCKET PAIRS
• The source and destination ports are placed
within the segment.
• The segments are then encapsulated within
an IP packet.
UDP HEADER FIELDS • The combination of the source IP address
The table identifies and describes the four fields in a and source port number, or the destination
UDP header. IP address and destination port number is
known as a socket.
• Sockets enable multiple processes, running
on a client, to distinguish themselves from
each other, and multiple connections to a
server process to be distinguished from
APPLICATIONS THAT USE UDP each other.
• Live video and multimedia applications -
These applications can tolerate some data
loss but require little or no delay. Examples
include VoIP and live streaming video.
• Simple request and reply applications -
Applications with simple transactions where
a host sends a request and may or may not
receive a reply. Examples include DNS and
DHCP.
• Applications that handle reliability
themselves - Unidirectional PORT NUMBER GROUPS
communications where flow control, error
detection, acknowledgments, and error
recovery is not required, or can be handled
by the application. Examples include SNMP
and TFTP.

14.4 PORT NUMBERS

MULTIPLE SEPARATE COMMUNICATIONS
TCP and UDP transport layer protocols use port
numbers to manage multiple, simultaneous
conversations.
THE NETSTAT COMMAND
The source port number is associated with the
Unexplained TCP connections can pose a major
originating application on the local host whereas the security threat. Netstat is an important tool to verify
destination port number is associated with the
connections.
destination application on the remote host.
 14.5 TCP COMMUNICATION PROCESS
TCP SERVER PROCESSES
Each application process running on a server is
configured to use a port number.
• An individual server cannot have two
services assigned to the same port number
within the same transport layer services.
• An active server application assigned to a
specific port is considered open, which
means that the transport layer accepts, and
processes segments addressed to that port. TCP THREE-WAY HANDSHAKE ANALYSIS
• Any incoming client request addressed to Functions of the Three-Way Handshake:
the correct socket is accepted, and the data • It establishes that the destination device is
is passed to the server application. present on the network.
• It verifies that the destination device has an
active service and is accepting requests on
the destination port number that the
initiating client intends to use.
• It informs the destination device that the
source client intends to establish a
communication session on that port
number.
After the communication is completed the sessions
are closed, and the connection is terminated. The
TCP CONNECTION ESTABLISHMENT
connection and session mechanisms enable TCP
Step 1: The initiating client requests a client-to-
reliability function.
server communication session with the server.
The six control bit flags are as follows:
Step 2: The server acknowledges the client-to-
server communication session and requests a • URG - Urgent pointer field significant
server-to-client communication session. • ACK - Acknowledgment flag used in
Step 3: The initiating client acknowledges the server- connection establishment and session
to-client communication session. termination
• PSH - Push function
• RST - Reset the connection when an error or
timeout occurs
• SYN - Synchronize sequence numbers used
in connection establishment
• FIN - No more data from sender and used in
session termination

SESSION TERMINATION
Step 1: When the client has no more data to send in
the stream, it sends a segment with the FIN flag set.
Step 2: The server sends an ACK to acknowledge the
receipt of the FIN to terminate the session from
client to server.
Step 3: The server sends a FIN to the client to
terminate the server-to-client session. 14.6 RELIABILITY AND FLOW CONTROL
Step 4: The client responds with an ACK to TCP RELIABILTIY – GUARANTEED AND ORDERED
acknowledge the FIN from the server. DELIVERY
• TCP can also help maintain the flow of
packets so that devices do not become
overloaded.
 • There may be times when TCP segments do TCP FLOW CONTROL – WINDOW SIZE AND
not arrive at their destination or arrive out of ACKNOWLEDGEMENTS
order. TCP also provides mechanisms for flow control as
• All the data must be received and the data in follows:
these segments must be reassembled into • Flow control is the amount of data that the
the original order. destination can receive and process reliably.
• Sequence numbers are assigned in the • Flow control helps maintain the reliability of
header of each packet to achieve this goal. TCP transmission by adjusting the rate of
data flow between source and destination
for a given session.

TCP RELIABILITY – DATA LOSS RETRANSMISSION

No matter how well designed a network is, data loss
occasionally occurs.
TCP provides methods of managing these segment
TCP FLOW CONTROL – MAXIMUM SEGMENT SIZE
losses. Among these is a mechanism to retransmit
Maximum Segment Size (MSS) is the maximum
segments for unacknowledged data.
amount of data that the destination device can
receive.
• A common MSS is 1,460 bytes when using
IPv4.
• A host determines the value of its MSS field
by subtracting the IP and TCP headers from
the Ethernet maximum transmission unit
(MTU), which is 1500 bytes be default.
• 1500 minus 40 (20 bytes for the IPv4 header
and 20 bytes for the TCP header) leaves 1460
bytes.

Host operating systems today typically employ an

optional TCP feature called selective
acknowledgment (SACK), negotiated during the
three-way handshake.
If both hosts support SACK, the receiver can
explicitly acknowledge which segments (bytes) were
received including any discontinuous segments.
TCP FLOW CONTROL – CONGESTION AVOIDANCE UDP SERVER PROCESSES AND REQUESTS
When congestion occurs on a network, it results in UDP-based server applications are assigned well-
packets being discarded by the overloaded router. known or registered port numbers.
To avoid and control congestion, TCP employs UDP receives a datagram destined for one of these
several congestion handling mechanisms, timers, ports, it forwards the application data to the
and algorithms. appropriate application based on its port number.

14.7 UDP COMMUNICATION UDP CLIENT PROCESSES

UDP LOW OVERHEAD VERSUS RELIABILITY • The UDP client process dynamically selects
UDP does not establish a connection. UDP provides a port number from the range of port
low overhead data transport because it has a small numbers and uses this as the source port for
datagram header and no network management the conversation.
traffic. • The destination port is usually the well-
known or registered port number assigned to
the server process.
• After a client has selected the source and
destination ports, the same pair of ports are
used in the header of all datagrams in the
transaction.

UDP DATAGRAM REASSEMBLY

• UDP does not track sequence numbers the
way TCP does.
• UDP has no way to reorder the datagrams
into their transmission order.
• UDP simply reassembles the data in the
order that it was received and forwards it to
the application.
WHAT DID I LEARN IN THIS MODULE?
• The transport layer is the link between the
application layer and the lower layers that
are responsible for network transmission.
• The transport layer includes TCP and UDP.
• TCP establishes sessions, ensures
reliability, provides same-order delivery, and
supports flow control.
• UDP is a simple protocol that provides the
basic transport layer functions.
• UDP reconstructs data in the order it is
received, lost segments are not resent, no
 session establishment, and UPD does not
inform the sender of resource availability.
• The TCP and UDP transport layer protocols
use port numbers to manage multiple
simultaneous conversations.
• Each application process running on a
server is configured to use a port number.
• The port number is either automatically
assigned or configured manually by a
system administrator.
• For the original message to be understood by
the recipient, all the data must be received
and the data in these segments must be
reassembled into the original order.
• Sequence numbers are assigned in the
header of each packet.
• Flow control helps maintain the reliability of
TCP transmission by adjusting the rate of
data flow between source and destination.
• A source might be transmitting 1,460 bytes
of data within each TCP segment. This is the
typical MSS that a destination device can
receive.
• The process of the destination sending
acknowledgments as it processes bytes
received and the continual adjustment of
the source’s send window is known as
sliding windows.
• To avoid and control congestion, TCP
employs several congestion handling
mechanisms.

GOODLUCK!!