Skip to main content
Version: 1.0.2

TCP/IP

TCP connection

Three-way handshake

  • Also known as • 3-way handshakethree-way handshake3 way handshakethree way handshake
  • Establishes a TCP connection
  • 📝 Sender: SYN → Receiver: SYN ACK → Sender: ACK
    • Three Way Handshake (TCP)
  • ACK is then set in every packet sent after the handshake

Termination

  • 📝 Sender: FIN → Receiver: ACK FIN → Sender: ACK

IPv4

  • IPv4 loopback address (localhost of your own machine) is 127.0.0.1

IPv4 address types

  1. Unicast
    • Acted on by a single recipient
  2. Multicast
    • Acted on only by members of a specific group
  3. Broadcast
    • Acted on by everyone in the network
    • Two types:
      • Limited broadcast
        • Delivered to every system inside a domain using:
          • IP: 255.255.255.255
          • MAC: FF:FF:FF:FF:FF:FF
        • Ignored by routers
      • Directed broadcasts
        • Sent to all devices on subnet
        • Use subnets broadcast address
          • E.g. if subnet is 192.168.17.0/24 then it uses 192.168.17.255
        • Routers may take action on the packets.

IPv6

  • IPv6 uses a 128-bit address instead of the 32-bit IPv4 version
  • Represented as eight groups of four hexadecimal digits separated by colons
    • E.g. 2001:0db8:85a3:0000:0000:8a2e:0370:7334
  • Leading zeros can be removed e.g.
    • Original: 2001:0001:0002:0003:0004:0005:0006:0007
    • Short: 2001:1:2:3:4:5:6:7
  • The loopback address is ::1
    • Shortened version of 0000:0000:0000:0000:0000:0000:0000:0001

CIDR

  • Method of the representing IP addresses

  • 📝 Easy way to find out CIDR ranges, remember: /24 255.255.255.0 256

    • So /24 gives 256 IP addresses, /25 gives 128, /26 gives 64 and so on.

  • IPv4 Notation

    CIDR Range Total IP Addresses Subnet mask
     /320255.255
    /304.225.252
    /2816.255.240
    /2664.255.192
    /24256.255.0
    /221024.248.0
    /204096.240.0

TCP flags

  • Used to indicate a particular connection state or provide additional information
  • Size of each flag is 1 bit being either 0 or 1
  • 📝 Flag types
    • Synchronization (SYN)
      • Also known as synchronization flag.
      • Synchronize sequence numbers
      • First step of connection establishment (3-way handshake)
      • ❗ Only the first packet sent from each end should have this flag set
    • Acknowledgement (ACK)
      • Confirms successful packet retrieval
    • Push (PSH)
      • Tells receiver to process packets instead of buffering them
    • Urgent (URG)
      • Process packets directly before others, even if they're not complete
    • Finish (FIN):
      • 1 indicate connection termination requests
      • Used in the last packet sent from the sender.
    • Reset (RST)
      • 1 aborts the connection in response
      • Sent from the receiver to the sender when a packet is sent to a particular host that was not expecting it.
      • Also used as

Finish (FIN) vs Reset (RST)

FIN RST
Gracefully terminationSudden termination
Only one side of conversation is stoppedWhole conversation is stopped
No data loss Data is discarded
Receiver of FIN can choose to continue communicatingReceiver has to stop communication

Push (PSH) vs Urgent (URG)

PSHURG
All data in buffer are pushedOnly urgent data is pushed immediately
Data is delivered in sequence Data is delivered out of sequence

TCP/IP sessions

  • TCP uses stateful sessions
  • Connection establishment must be done before data transfer
  • Session initiation
    1. Source sends SYN packet
    2. Destination responds with SYN/ACK packet
    3. Source sends ACK packet
    • Connection stays open until closed with FIN or RST packets.
  • Session termination

OSI model

  • Conceptual model that characterizes and standardizes the communication functions
  • 📝 Uses seven abstraction layers:
    1. Physical (bits)
      • Media, signal & binary transmission
      • E.g. • Cables (fiber) • Fiber • Wireless • Hubs • Repeaters
    2. Data link (frames)
      • Physical addressing: MAC & LLC
      • E.g. • Ethernet • PPP • Switch • Bridge
    3. Network (packets)
      • Path determination & IP
      • E.g. • IP • ICMPIPSec • IGMP
    4. Transport (segments)
      • End-to-end connections and reliability
      • E.g. • TCP • UDP
    5. Session (data)
      • Sync & send to ports, inter-host communication
      • E.g. • API's • Sockets • WinSock
    6. Presentation (data)
      • Syntax layer
      • Encrypts/decrypts if needed
      • E.g. • SSL/TLS (not entirely) • SSH • IMAP • FTP • MPEG • JPEG
    7. Application (data)
      • End User Layer: network process to application
      • E.g. • HTTP • FTP • IRC • SSHDNSSMTP
  • See also • Firewall types per OSI Layer | Firewall • Vulnerability stack | Hacking web applications • Encryption types per OSI layer | Encryption algorithms

TCP/IP model

  • TCP/IP model defines four levels:
    1. Link layer: • ARPPPPMAC
    2. Internet layer: • TCP • UDP • DCCP • SCTP ...
    3. Transport layer: • IP • ICMP • ECN • IPSec ...
    4. Application layer: • DNS • HTTP • HTTPS • FTPSSH) • SMTP ...
  • ❗ OSI model does not match well TCP/IP
  • ❗ E.g. SSL/TLS does not fit in any of OSI or TCP/IP layers
    • In OSI it's in layer 6 or 7, and, at the same time, in layer 4 or below.
    • In TCP/IP it's in between the transport and the application layers.

TCP/IP vs OSI model

 TCP/IPProtocols and services OSI model
 Application• HTTP • FTP • Telnet • NTP • DHCP • PING • Application • Presentation • Session
Transport • TCP • UDP Transport
Network • IP • ARPICMP • IGMP Network
Network interface • Ethernet • PPTP • Data Link • Physical