As we discussed earlier in this chapter in the Transport layer section, TCP and UDP are the main protocols that are used to transfer data across a network. The delivery mechanisms that they have are different from each other. TCP has acknowledgments, sequence numbers, and flow control in transferring data process to provide a guaranteed delivery, whereas UDP does not provide a guaranteed delivery but provides a delivery with best efforts.
TCP performs a three-way handshaking process before the protocol establishes the session. This is done in order to provide a guaranteed delivery. Refer to the following figure to understand the three-way handshaking process:
From the preceding image, imagine that Carol's device wants to transfer data to Bryan's device and that they need to perform a three-way handshaking process. First, Carol's device sends a packet to Bryan's device with the synchronize (SYN) flag enabled. Once Bryan's device receives the packet, it replies with sending another packet that has both the SYN and acknowledge (ACK) flags enabled. Lastly, Carol's device completes the handshaking process by sending a third packet with the ACK flag enabled. Now, both devices have an established session and an assurance that the other device is working. The data transmission is then ready to take place after the session is established.
Tip
In the security area, we know the term "SYN-Flood", which is a denial-of-service attack, where an attacker sends a succession of SYN requests to a target's system in an attempt to consume enough server resources to make the system unresponsive to legitimate traffic. The attacker just sends SYN without sending the expected ACK, causing the server to send the SYN-ACK to a falsified IP address—which will not send an ACK because it "knows" that it never sent the SYN.
TCP also splits up the data into smaller segments and uses sequence numbers to track these segments. Each separated segment is assigned different sequence numbers, such as 1 to 20. The destination device then receives each segment and uses the sequence numbers to reassemble the file based on the order of the sequence.
For instance, consider that Carol wants to download a JPEG image file from Bryan's device. After establishing the session in a three-way handshaking process, the two devices determine how big the single segment is and how many segments need to be sent between acknowledgments. The total number of segments that can be sent at a time is known as the TCP sliding window. The data in the segment is not valid anymore if a single bit is broken or lost in transmission. TCP uses Cyclical Redundancy Check (CRC) to identify the broken or lost data by verifying that the data is intact in each segment. If there is any corrupt or missing segment in transmission, Carol's device will send a negative acknowledge (NACK) packet and then will request the corrupt or missing segment; otherwise, Carol's device will send an ACK packet and request the next segment.
UDP does not perform any handshaking process before sending data. It just sends the data directly to the destination device; however, it puts in its best effort to forward the messages. Imagine that we are waiting to receive a message from our friend. We call his/her phone to receive our message. If our call is not answered, we can send the e-mail or text message to inform our friend. If our friend does not reply to our e-mail or text messages, we can send regular e-mails. However, all techniques that we talked about do not give any assurance that our message was received. But still, we make our best efforts to forward the message until this works. This our best effort in analogy of sending e-mails is similar with best-effort term for UDP. It will give its best effort to ensure that the data is received by the receiver, even though there is no assurance that the data was received.
So, why is UDP used even though it is not reliable? Sometimes we need a communication which has fast speed data transfer even though has a little bit data corruption. For instance, streaming audio, streaming video, and Voice over IP (VoIP) use UDP to make sure that they have fast speed data transfer. Although the UDP must have had lost packets, we are still able to get all the messages clearly.
However, although UDP does not check the connection before transmitting data, it actually uses a checksum to validate the data. The checksum can check whether the received data is altered or not by comparing the checksum value.
In computer networking, a port is an endpoint to send or receive data. A port is recognized by its port number, which contains a 16-bit number. The logical port number is used by both TCP and UDP to trace the contents of a packet and helps TCP/IP obtain the packet of the application or service that will process the data when it is received by the device.
There are a total of 65536 TCP ports and 65536 UDP ports. We can divide the TCP ports into three port ranges, which are:
- Well-known ports from
0to1023are ports that have been registered by the Internet Assigned Numbers Authority (IANA) to associate with specific protocols or applications. - Registered ports from
1024to49151are ports that have been registered by IANA for a specific protocol, but unused ports in this range can be assigned by computer applications. - Dynamic ports from
49152to65535are unregistered ports and can be assigned for any purpose.
Note
To get more details about all the ports in TCP and UDP, we can go to en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers. Also, to know about all the assigned ports that have been registered by IANA, go to www.iana.org/assignments/port-numbers.
To understand the port concept, consider that we have an e-mail client installed in our computer, such as Thunderbird or Microsoft Outlook. Now, we want to send an e-mail to the Gmail server and then grab all the incoming e-mails from the server to save them on our local computer. The steps to send an e-mail are as follows:
- Our computer assigns a random unused port number, such as
48127, to send the e-mail to the Gmail SMTP server to the port25. - When the e-mail arrives at the SMTP server, it recognizes that the data has come from the port
25and then forwards the data to the SMTP, which handles the service. - Once the e-mail is received, the server sends the acknowledgement to the port
48127in our computer to inform the computer that the e-mail has been received. - After our computer completely receives the acknowledgement from the port
48127, it sends an e-mail to the e-mail client, and the e-mail client then moves the e-mail from Outbox to the Sent folder.
Similar to the steps for sending an e-mail, to receive an e-mail, we have to deal with a port. The steps for which are as follows:
- Our computer assigns a random unused port number, such as
48128, to send a request to the Gmail POP3 server to the port110. - When the e-mail arrives at the POP3 server, it recognizes that the data has come from the port
110and then forwards the data to POP3, which handles the service. - The POP3 server then sends an e-mail to our computer on the port
48128. - After our computer receives the e-mail from the port
48128, it sends the e-mail to our e-mail client and then moves it to the Inbox folder. It also automatically saves the mail to the local computer.