Transport Layer: TCP and UDP
CS 161 Fall 2022 - Lecture 18
Computer Science 161
Last Time: Low-Level Network Attacks
2
Computer Science 161
Last Time: Low-Level Network Attacks
3
Computer Science 161
Last Time: BGP
4
Computer Science 161
Today: Transport Layer Protocols
5
Computer Science 161
Transmission Control Protocol (TCP)
6
Textbook Chapter 30
Computer Science 161
Review: IP Reliability
7
Computer Science 161
Scratchpad: Let’s Design It Together
8
Computer Science 161
Transmission Control Protocol (TCP)
9
Computer Science 161
Ports: An Analogy
10
Computer Science 161
Ports
11
IP Header: send to: 1.2.3.4
TCP Header: send to: port 80
I am hungry.
Computer Science 161
Establishing Sequence Numbers
12
H | e | l | l | o | | s | e | r | v | e | r |
50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 |
H | e | l | l | o | | c | l | i | e | n | t |
25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 |
Messages from the client are numbered starting at 50.
Messages from the server are numbered starting at 25.
Computer Science 161
TCP: 3-Way Handshake
13
Client
Server
SYN. Seq = x
SYN-ACK. Seq = y, Ack = x+1
ACK. Seq = x+1, Ack = y+1
Data
Computer Science 161
TCP: Sending and Receiving Data
14
Computer Science 161
TCP: Sending and Receiving Data
15
Computer Science 161
TCP: Sending and Receiving Data
16
Client
Server
ACK. Seq = x+1, Ack = y+1. Data, length A
ACK. Seq = y+1, Ack = x+1+A. Data, length B
ACK. Seq = x+1+A, Ack = y+1+B. Data, length C
ACK. Seq = y+1+B, Ack = x+1+A+C. Data, length D
Computer Science 161
TCP: Retransmission
17
Computer Science 161
TCP: Ending/Aborting a Connection
18
Computer Science 161
TCP Flags
19
Computer Science 161
TCP Packet Structure
TCP segment header
20
Source Port (16 bits) | Destination Port (16 bits) | ||||||
Sequence Number (32 bits) | |||||||
Acknowledgement Number (32 bits) | |||||||
Data Offset (4 bits) | Flags (12 bits) | Window Size (16 bits) | |||||
Checksum (16 bits) | Urgent Pointer (16 bits) | ||||||
Options (variable length) | |||||||
Data (variable length) |
Computer Science 161
TCP Attacks
21
Computer Science 161
TCP Data Injection
22
Client
Server
ACK. Seq = x+1, Ack = y+1. Data, length A
ACK. Seq = y+1, Ack = x+1+A. Real data, length B
This packet will be ignored by the client since the client already processed the malicious packet!
Seq = y+1. Evil data, length B
Computer Science 161
TCP Attacks
23
Computer Science 161
TCP Spoofing
24
Client
Server
RST. Seq = x+1
SYN-ACK. Seq = y, Ack = x+1
SYN. Seq = x
ACK. Seq = x+1, Ack = y+1. Evil data
An on-path attacker must send the evil data before the server receives the real client’s RST!
A MITM attack could just drop the client’s packets, however
Computer Science 161
TCP Attacks
25
Computer Science 161
User Datagram Protocol (UDP)
26
Textbook Chapter 30
Computer Science 161
User Datagram Protocol (UDP)
27
Computer Science 161
UDP Attacks
28
Computer Science 161
UDP Packet Structure
UDP datagram header
29
Source Port (16 bits) | Destination Port (16 bits) |
Length (16 bits) | Checksum (16 bits) |
Data (variable length) |
Computer Science 161
Summary
30
Computer Science 161