On completion of these notes you should be able to...
Describe the capabilities of the transport layer
Describe how TCP sets up an end-to-end connection using the three-way handshake
Describe how reliability of service is achieved through sequencing and acknowledgment of segments
Explain how the flow of data can be controlled through windowing
Explain the differences between TCP and UDP and describe the format of their headers
Identify common well-known TCP and UDP port numbers
The Transport Layer
The transport layer operates at Layer 4 of the OSI model and Layer 3 of the TCP/IP model. The basic role of the transport layer, is to accept data from upper layers, split it up into smaller units if necessary and pass these to the network layer. It also has to ensure that the pieces all arrive correctly at the other end. The indisputable king protocol of the transport layer is TCP - a protocol that adds a connection-oriented reliable service to the whole process of data exchange. Another transport layer protocol is UDP, a connectionless and unreliable service that is convenient to use where reliability and end-to-end connections are not required.
TCP combined with IP are the principle pair of protocols used today for data transfer over the Internet. As a pair, they complement each other, the IP protocol enabling the best route to a destination to be found, with TCP adding features such as reliability of service and flow control.
You may well ask, what does TCP do that IP doesn't - well all the following:-
ensures an end-to-end connection is established, using a communication technique called the three-way handshake. In other words, TCP checks that both ends of a communication link are ready to take part in a conversation.
ensures data is delivered in order using a by sequencing segments. Personally, although IP does a rather neat job of finding a route to get my data from A to B, I would kind of like it to be re-assembled in the correct order at the destination.
guarantees reliable delivery of data through sequencing and acknowledgment. In other words, both ends of a link are always notified when data has been received without corruption or loss.
enforces flow control between sender and receiver using a mechanism called windowing. I guess it's nice to know that my computer will not send too much data for the other end to handle.
allows for multiplexing, where multiple connections can be made to one or many computers, using a feature called port numbers. We would all find it limiting if we had to endure a single end-to-end connection at a time. Can you imagine if we couldn't surf the web, check our emails and stream audio all at the same time?
TCP effectively operates over a "virtual connection" that is established between sender and receiver. A three-way handshake is used to establish a connection session between a sender and a receiver. During the session, sender and receiver engage in a dialog that manages the flow of data to prevent it from overflowing the receiver, confirms the receipt of TCP segments and allows those segments to be reassembled in the correct order. The sections that follow explains how TCP manages all of this.
The Three-Way Handshake
TCP is a connection-orientated protocol, which means that an end-to-end connection is established between communicating entities before data transfer commences. The point to establishing a connection before transmitting data is to ensure that both sides are ready to transmit data, and that both ends know that the other end is ready before transmission actually starts. The mechanism used for establishing a connection is the known as the three-way handshake.
The TCP handshake is called "three-way" because it involves the exchange of 3 messages between two hosts. These three messages are as follows:
A to B SYN: The initiating host A sends a TCP segment with the SYN (synchronize) flag set, indicating it wishes to start a conversation.
B to A SYN-ACK: Host B responds with it's ACK (acknowledge) flag set indicating it received the initial SYN from Host A. It also sets its own SYN flag indicating that it is willing to partake in the conversation.
A to B ACK: Host A responds with it's ACK flag set indicating it is now ready to send data.
Another reason for synchronizing a connection is to allow an initial sequence number (ISN) to be chosen by each party. As you will see in the next section, sequence numbers are used to allow data segments to be re-assembled in the correct order at the destination. Remember, there is no guarantee that IP datagrams will be received in the same order in which they were sent. So, every segment is numbered so that the receiving host knows which segment is which and how they can be put back together. When communication first starts, an initial sequence number is chosen by each end of the link so the other end knows where to start numbering the segments from. Usually the initial sequence number is 0, but this may not always be the case.
Because initial sequence numbers have to be specified at the start of communication, they are included within the three-way handshake packets. Thus, each side of the link can let the other side know the initial number it is going to use. For example:-
A to B SYN: My initial sequence number is going to be X.
B to A SYN-ACK: OK, you are going to start numbering your data from X, so your next sequence number will be X+1, but I am going to use an initial sequence number of Y.
A to B ACK: When Host A responds with it's ACK flag set indicating it is now ready to send data, it sets its sequence number to X+1 and agrees that Host B's next sequence number will be Y+1.
Reliability Through Sequencing and Acknowledgement
Reliability of data transfer guarantees that a stream of data sent from one end is delivered to the other end without corruption or data loss and in such as fashion that the stream can be reassembled in the correct order in which it was transmitted. Sequencing and acknowledgement of segments are one of the means by which reliability is implemented. Positive acknowledgements from the recipient confirm to the sender that segments have been received. Failure to transmit an acknowledgement means the data was lost or corrupted and neede to be resent. The sender also starts a timer when sending a segment and will consider it lost or corrupted if an acknowledgment does not return when the timer expires. Sequence numbers included in segments are used to by the recipient to reassemble the data in the correct order.
The diagram below illustrates sequencing and acknowledgement. Host A send a segment to Host B with the sequence field set to 10. This indicates that the octet numbered 10 is the starting octet contained in the segment. Host A acknowledges the receipt of octet 10 by sending a response with the acknowledgement field set to 11. Host B is implicitly saying that all octets up to 10 have been successfully received - so now send octet 11. Host A obliges by sending octet 11 and so it's sequence field is now set to 11.
Now, you should remember that TCP connections allow two-way conversations. Suppose I wish to transfer a file from a server, I need to send information to the server indicating which file I wish to copy and the server needs to respond by sending the file to me. Thus, sequence and acknowledgement field pairs are set in segments going in both directions.
To see this, Host A in the diagram below has already sent 9 octets to Host B and so if it sends another octet it will be numbered 10. Host B has already sent 3 octets to Host A and so if it sends another octet it will number it 4. When Host A sends the octet numbered 10, it will expect the next segment from Host B to contain an acknowledgment of 11, confirming delivery of octet 10. When Host B responds, it numbers it's own octet as 4 and expects an acknowledgment of 5 from Host A. You can imagine this a similar to a tit-for- tat game.
As long as every sequence number is acknowledged by a recipient, then a sender can be happy in the knowledge that the data has been correctly delivered and can be correctly re-assembled.
~~Activity~~
Activity A
Click the link to see changing sequence numbers in segments sent from host 10.0.0.5.
Are you wondering why the sequence numbers are not contiguous, i.e. 1, 2, 3 and so on? This is explained in the next section.
Flow Control Through Windowing
Although the reliability of data transfer can be assessed continuously, through sequencing and acknowledgement of data segments and retransmitting should a segment become damaged or lost, waiting for an acknowledgment for every single segment sent would be slow indeed. So, to speed up the rate of data transfer and still keep the means for assessing reliability, a mechanism called windowing is provided that allows for more than one segment to be sent before receiving an acknowledgement from the recipient.
When data is received from the network it is stored in the recipients buffer, ready to be processed by upper layer applications. As the data in the buffer is transferred to an application process, buffer space is freed up and more data can be accepted from the network. The window is the amount of room that is left in the buffer that can be used to store network data.
During the SYN-ACK three-way handshake and inside every additional segment, a window field is used by both sides of a communication link to inform the partner how much data can be buffered - the window size. The diagram below shows the situation for a window size of 1, indicating the recipient is only willing to receive 1 octet at a time. The sender, Host A sends a segment containing octet 10 to Host B and then waits for an ACK to be sent back. When this is received, the next segment containing octet 11 can be sent. This of course is the slow one-to-one 'send one segment - wait for an acknowledge' scenario again.
A typical window size is much larger than 1 octet and can be anything up to 65536 octets. The window size chosen depends on various factors such as network congestion and how busy the recipient is. Whatever the window size, the number of segments a sender is allowed to transmit before receiving an acknowledgement must be less than or equal to the window size.
In the diagram, a window size of 3 has been advertised by the recipient. This means a sender can transmit up to 3 octets before being obliged to wait for an acknowledgement.
Once the acknowledgment has been received, the window can be moved along to the next set of octets. Once these have been transmitted, yet another acknowledgment must be received before sliding the window along again.
The example in the diagram below also illustrates data transfer with a window size of 3. Host A sends a segment containing octets 10 and 11 to the recipient. It is allowed to send another octet but Host B is quick of the mark and sends an acknowledgement of those two octets, which is implicit in the demand for octet 12 to be sent. Host A can now slide the window along to octet 12 and transmit up to 3 more octets, which it obligingly does. Now it has to wait for another acknowledgment since it has transmitted the full window size of 3 octets.
We can see from this scenario that sometimes an acknowledgement can be received before the full window size is sent. You should also note both ends of a communication link will be sending data to the other end and so each will specify it's own window size and they may not necessarily be the same as each other. As an example, suppose one end of a link advertised a window of 1000 and the other end advertised a window of 2000. All this would mean is that each end can send a different amount of data to the other end before waiting for an acknowledgment.
Another thing to note is that window size can be adjusted dynamically throughout the communication session. In other words, a window size is not fixed at one value. For example, suppose a recipient starts to become overloaded and wants the sender to slow down, this can be indicated by sending a reduced window size in any acknowledgment segment sent back. If the recipient becomes completely saturated, it can even drop the window size to zero, indicating to the sender to stop sending data. After some network data has been processed and removed from it's buffer, the recipient can increase the window size and the sender can start transmitting again. So we can see that windowing is a very useful mechanism for adjusting the flow of data, although network congestion is another factor and the rate at which packets are received can be calculated and used to adjust the rate of data transmission too.
Now try the activity below to see the SYN-ACK three-way handshake, how the sequence and acknowledge fields are used and how both the sender and receiver can change their respective window sizes.
~~Activity~~
Activity B
The listbox below contains a sequence of frames between two hosts conducting a Telnet session. Select an item in the list and details of the encapsulated segment will be displayed in the picture below.
Questions
How many handshaking segments are exchanged between the two host before frames containing Telnet data are sent?
Ans:
After the ACK of Frame 3 how many data segment bytes are sent to 10.0.0.12 before it sends an ACK response back?
Ans:
The host 10.0.0.12 sends an ACK back to 10.0.0.5 way before it's window size has been reached. What is it's window size?
Ans:
TCP
Transport Control Protocol (TCP), is one of the most widely used protocols on the Internet. TCP and IP are the twin pillars of TCP/IP, but whereas IP is an unreliable protocol, TCP makes up for IP's deficiencies by providing reliable, connection-oriented data transfer that hides most of IP's shortcomings. It establishes an end-to-end connection before data transfer begins, provides a mechanism for reliability, controls and acknowledges the flow of data and retransmits if necessary.
The format of a TCP segment is as follows:-
Source Port(16)
Destination Port (16)
Sequence Number (32)
Acknowledgement Number (32)
Header Length (4)
Reserved (6)
Code (6)
Window (16)
Checksum (16)
Urgent (16)
Options (0 or 32)
Data (varies)
These fields are described in more detail below:-
TCP Segment Fields
Description
Source port number
Sender's port number
Destination port number
Receiver's port number
Sequence number
The first octet number of the octet stream contained in the segment
Acknowledgement number
The expected next octet number
Header length
The length of the header in 32-bit words
Reserved
Set to 0
Flag Bits
Controls bits... URG - The urgent pointer is valid.
ACK - Makes the acknowledgement number valid.
PSH - High priority data for the application.
RST - Reset the connection.
SYN - Set when initially synchronizing
FIN - The sender is done sending data.
Window size
The maximum number of octets the sender of this will accept
Checksum
The calculated checksum of the header and data fields
Urgent Pointer
Specifies where the end of any urgent data is
Options
Maximum segment size
Data
Data from an upper layer protocol
Many of the TCP fields above are necessary for reliability and flow control. TCP takes messages from an upper layer application, segments the data, adds sequencing information and then passes the resulting segment to the IP network layer to be sent over the network. We know that the network layer does not guarantee delivery or worry about the order in which segments are delivered. It is TCP's sequencing and acknowledgment fields that allow segments to be rebuilt in the correct order, with guaranteed delivery of all the data.
Examples of upper layer protocols that use TCP are:-
HTTP: - Hypertext Transfer Protocol
FTP: - File Transfer Protocol
SMTP: - used when you send email to a server
POP3:- used when you retrieve email from a server
Telnet: - used for terminal connections to a host
DNS: - used by DNS servers
So, when you use your browser to display a web page or upload or download a file you are using TCP, when you send and receive email you are using TCP, when you connect to a host using terminal emulation software you are using TCP.
User Datagram Protocol (UDP), is a connectionless protocol where delivery is not guaranteed and there is no acknowledge of segments received. UDP takes messages from an upper layer application, attaches source and destination port number fields, adds a couple of other fields and then passes the resulting segment to the network layer. The network layer encapsulates the segment into an IP datagram and then makes a best-effort attempt to deliver the segment to the receiving host.
If the segment arrives at the receiving host, UDP uses the IP source and destination addresses to deliver the data to the correct destination and then the port numbers are used to send the segment to the correct application process. If the segment doesn't arrive at it's destination, there is no acknowledgment of this from the destination host. The application process must realise the segment has been lost and initiate a resend of the message. It is important to understand that with UDP there is no handshaking between the sending and receiving transport layers before sending a segment. For this reason, UDP is said to be connectionless.
The format of a UDP segment is shown below:-
Source Port(16)
Destination Port (16)
Length(16)
Checksum(16)
Data (possibly)
These fields are described in more detail below:-
UDP Segment Fields
Description
Source port number
Sender's port number
Destination port number
Receiver's port number
Length
The number of octets including the header and data fields
Checksum
The calculated checksum of the header and data fields
Data
Data from an upper layer protocol
We can see the number of fields is far less for UDP compared to TCP. Since UDP segments do not contain sequence, acknowledgment or window fields, UDP cannot provide flow control or reliability of connection. Upper layer protocols such as the application layer must manage such details. UDP is designed for applications that do not require that sequencing of segments.
For example, applications that can do all their work in a single packet needn't worry about sequencing. DNS and DHCP are good examples of messages that can be sent in a single packet. Another place where UDP is appropriate is streaming audio and video. I'd bet you'd rather listen to streamed music, warts and all, than have your player constantly pause while it waits for dropped packets to be resent. UDP allows dropped packets to be ignored. Of course, if you wanted a high quality version of a music track, you wouldn't stream it using UDP, you would download it using TCP. Then you would be guaranteed delivery of every single packet.
Examples of upper layer protocols that use UDP are:-
DNS: - Domain Name System
TFTP: - Trivial File Transfer Protocol
SNMP: - Simple Network Management Protocol
DHCP:- Dynamic Host Configuration Protocol
So, when you use need to resolve a name to an IP address (DNS), you are using UDP, when you connect to a router using TFTP you are using UDP, when you view and manage resources on your network (SNMP), you are using UDP and when your TCP/IP settings are dynamically configured by a server (DHCP), you are using UDP.
TCP and UDP Ports
Although source and destination addresses are used to set up TCP/IP communication between the pairs of communicating partners, TCP also includes port numbers as part of a connection session. To understand the reason for this, suppose you decided you wanted to view a web page, send your mail and transfer a file all at the same time, from the same internet site! How do you ensure your applications - web browser, email client software and file transfer software - don't mix up the data, since all the packets are coming from the same IP address?.
Well, TCP uses port numbers to keep track of upper layer applications and the data they have requested. It has been agreed upon that specific server applications should use well known port numbers. The well-known ports are assigned by the IANA and on most systems can
only be used by system (or root) processes or by programs executed by
privileged users.
For example, a web server typically listens at TCP port 80. You don't have to type in that port number on the URL bar of your browser because your web browser assumes that it is sending information to port 80 on the web server. This is not always the case, some sites may use a different port number, such as port 8080 and to go to that site you would have to type in the port number as well as the URL.
Other server applications, listen on other well-known ports. FTP listens on port 21, Telnet listens on port 23 and SMTP (email) uses port 25. This is only a few of the well-known ports. Port numbers up to 1023 are reserved for well-known ports although not all of those ports are in use. Luckily, most client software knows which standard port to use as the destination port.
The diagram shows a server listening to many different ports, including Telnet, HTTP and DNS.
An incoming client could establish a connection to one or more of these ports, although basic authentication would be required in the case of Telnet - and no, I'm not telling you the password.
You might well ask how many port number there are altogether. The total range of port numbers is 0 - 65535. Since the well-known ports up to 1023 are reserved for use by server applications, when a client connects to a server application, it chooses a port number for itself above the 1023 range. A few of the most commonly used well-known ports used by server applications are listed below.
Common TCP Ports
Description
Port Number
FTP Data
File Transfer Protocol data
20
FTP Data
File Transfer Protocol control
21
Telnet
Terminal connection
23
SMTP
Simple Mail Transfer Protocol
25
HTTP
Hypertext Transfer Protocol
80
So, to get back to the original scenario - you have decided you wanted to view a web page, send your mail and transfer a file, all at the same time, from the same Internet site and you need to be able to tell all the traffic apart. Well, TCP segments containing source port 80 would be from the web server application, TCP segments containing source port 25 would be from the mail server application and TCP segments containing source port 20 and 21 would be from the FTP server application.
A combination of IP address and port is actually called a socket.
The example in the diagram shows four connections from Client A to Server B and one connection to Server C. Thus, five sockets are in use. Notice how random high port numbers are assigned to the client ports.
Well-known port numbers are also used by UDP. For example, if you type a web URL into your browser bar then your browser needs to find the IP address for that URL. So a UDP message is sent to the local DNS server, requesting the resolution of the URL to an IP address. The destination port number specified in the segment will be 53, since DNS servers listen on this port. A few of the most commonly used UDP ports are listed below.
Common UDP Ports
Description
Port Number
DNS
Domain Name Service
53
BOOTPS
DHCP server port
67
BOOTPC
DHCP client port
68
TFTP
Trivial File Transfer Protocol
69
SNMP
Simple Network Management Protocol
161
Summary
On completing these notes you should have learned about the role of the transport layer, in particular the difference between the connection-orientated and reliable TCP and the connectionless unreliable UDP, how a TCP connection is managed through sequencing, acknowledgment and windowing and how connection multiplexing is possible through the use of port numbers.
Internetworking Basics 
Chapter 11 
