Intro to Tcpip data communication

8/13/2019 Intro to Tcpip data communication

1/13

Network Security

Introduction

Although the term e-commerce is fairly new, many large companies have been conducting a form of

e-commerce for decades, by networking systems together with those of their business partners and

clients. For example the banking industry uses Electronic Funds Transfer EFT! to transfer money

between accounts. "any companies also use Electronic #ata $nterchange E#$! in which business

forms , such as purchase orders and invoices are standardised so that companies can share information

with customers, vendors and business partners electronically. EFT, E#$ and e-mail have been around

for a long time. The $nternet has made it possible for even small businesses to compete because until

recently e-commerce was only feasible for large companies.

The infrastructure for e-commerce is networked computing, which is emerging as the standard

computing environment in business, home and government. %etworked computing connects several

computers and other electronic devices using telecommunications networks. This allows users to

access information stored in several places and to communicate and collaborate with others from a

desktop computer. &omputers connected to a global environment the $nternet! or its counterpart

within an organisation is called an intranet. An intranet is a corporate network that functions with$nternet technologies, such as browsers, using $nternet protocols. Another computer environment is an

extranet ' a network that links the intranets of business partners over the $nternet.

Brief History of Electronic CommerceE-commerce applications first appeared in the early ()*+s with EFT. imited to large corporations

and financial institutions. Then came E#$, which expanded from financial transactions to other

transaction processing, and enabled manufacturers, retailers and services to participate. ther

applications soon followed ' travel reservation systems, AT"s ()/+s!. 0ith commercialisation of

the $nternet in the early ())+s and its rapid growth millions of potential customers!, the term

electronic commerce was coined and E& applications expanded rapidly. ne reason for this rapid

expansion was the development of networks, protocols and software.

Definition

The term commerce is often defined as a transaction conducted between business partners. Electronic

commerce is the process of buying and selling or exchanging products, services and information via

computer networks, including the $nternet.

1ome statistics

/23 of 41 e-businesses do not deliver internationally. 5roblems include6- order tracking7

customs7 different prices need to be charged for deliveries overseas.

)83 of online revenue comes from their own national market

only 93 of E4 countries export outside Europe

within Europe 9+3 of foreign competition comes from the 41

Applications of e-commerce are divided into three categories6-

(. :uying and selling goods and services ' often referred to as electronic markets

9. Facilitating inter- and intra-organisation flow of information, communication and collaboration.

8. 5roviding customer service.

What is E-Commence?Electronic Markets

A market is a network of interactions and relationships where information, products, services andpayments are exchanged. 0hen a marketplace is electronic, the business centre is not a physical

building, but rather a network-based location where business interactions occur. $t is place where


2/13

shoppers and sellers meet. The market handles all the necessary transactions, including the transfer of

money between banks. $n electronic markets, the principle participants ' transaction handlers, buyers,

brokers and sellers are not only at different locations, but seldom know one another. The means of

interconnection varies.

y!es of ransactions found

:usiness to business :9:! ' most E& is of this type. $ncludes $1 and electronic market

transactions.

:usiness to consumer :9&! ' mainly retailing transactions with individual shoppers ' e.g.

Ama;on.com

&onsumer to consumer &9&! ' consumer sells directly to consumers ' e.g. classified ads, selling

cars or property etc www.classified9+++.com!. This also includes e-auctions.

&onsumer to business &9:! ' individuals who sell products or services to organisations.

%onbusiness E& ' nonbusiness organisations include academic institutions, charities, religious

organisations, government agencies etc are using E& to reduce their expenses e.g. improve

purchasing or customer services!

$ntrabusiness organisational! E& ' includes internal organisational activities, usually performed

on intranets that involve exchange of goods, services or information.

Interor"anisational Information Systems

An interorganisational information system is a unified systems encompassing several business

partners. Typically it will include a company and its suppliers and


3/13

The problems of communicating between different computers can be split up into a series of smaller

problems, hence there is a need to define the interfaces between layers. The aim is to use manufacturer

independent specifications so that components from a range of suppliers can be mixed and matched

freely. This allows greater range of choice when extending an installation. $t also avoids organisations

becoming locked into the product range of one manufacturer.

1$ "odel

Each layer adds its own header, before passing it down to the layer below.

Interfaces Between #ayers

The passing of data and network information down through the layers of the sending machine and

back up through the layers of the receiving machine is made possible by an interface between each

pair of ad=acent layers. Each interface defines what information and services a layer must provide for

the layer above. $t also defines the 5#4 protocol data unit! that is passed between layers. After

appending the header the upper layer passes the 5#4 to the layer immediately below.

0ell-defined interfaces and layer functions provide modularity to a network. As long as a layer

provides the expected services to the layer above it, the specific implementation of its functions can be

modified or replaced without re>uiring changes to the surrounding layers.

&ommunications between two different devices at the same level involves a logical peer-to-peer

relationship. Application messages are only sent to the other application layer, although the actual

route is through all the other layers. The higher layers are concerned with end-to-end communication.

$n a communication that involves a source node, an intermediate node and a destination node, all

?eaders added at each

layer


4/13

seven layers are used at the source and destination nodes. At the intermediate nodes only the bottom

three layers physicaluires handling these and other incompatibilities. $t also identifies the addresses

re>uired, for example if you want to access a package on a computer in &alifornia, or log onto the

000.

'resentation #ayer' ensures interoperability between communicating devices. @esolves differences

in formats among the various computers, terminals, databases and languages used in a network. Thefunctions of this layer make it possible for two computers to communicate even if their internal

representations of data differ e.g. when one device uses one type of code and the other uses another!.

$t provides code conversion as well as data formatting, data compression and encryption. &onverts

from the representation used inside the computer to the network standard representation and back.

This layer is not concerned with the informational content of the data.

Session #ayer ' establishes connections between users. 5rovides the means for co-operating

presentation entities to organise and synchronise their dialogue and manage their data exchange. ne

of the services is to handle dialogue control. $t co-ordinates the interaction between the end-user and

the application program. ?andles recovery from a communications problem without losing data, as

well as procedures needed to start and stop a task. For example a session may be created to transfer afile or allow a user to log onto a remote time-sharing service.

rans!ort #ayer- provides for the transfer of messages between users. This means that the users

need not be concerned with the manner in which reliable and cost-effective data transfers are achieved.

$solates the upper layers from changes in the hardware technology. $t provides for end-to-end integrity

and >uality of data.

Network #ayer' responsible for source to destination delivery of a packet. 0hile the data link layer

oversees node-to-node delivery, the network layer ensures that each packet gets from its point of

origin to its final destination successfully and efficiently. $t also breaks the messages from the higher

layers into packets, to pass to the data link layer, and reassembles the packets received from the datalink layer.

1witches and routes information between nodes on the network. $t is the highest layer involved in

point-to-point communications between ad=acent nodes. $t sets up routes for messages to travel, based

on the networks current status. @outes can be based on static tables that rarely change or they can be

highly dynamic, and reflect the current network load. The network layer sends control messages to the

other nodes on the network to maintain a knowledge of the status of the rest of the network. $t also

informs the network of its own status.

%etwork addresses are matched to the actual devices accessed by the end-users. $t also handles end-to-

end error detection and recovery. The transport layer creates a distinct network connection for each

transport connection re>uired by the session layer. The most popular type of transport connection is an

error-free point-to-point channel that delivers messages in the order in which they are sent. $t is a true


5/13

end-to-end layer, from source to destination. $n the lower layers the protocols are between each

machine and its immediate neighbours. The source and destination may be separated by many routers.

Data #ink #ayer- The unit of transport here is a frame and the function is to control the manipulation

of data frames. $t handles addressing of outgoing frames "A& address! and the decoding of incoming

frames. arge packets received from the %etwork ayer are broken into a number of frames and sent

out. 5roduces acknowledgement frames that tell the sender that it has arrived correctly.

5rovides error control and detection for data which has been corrupted. %oise on a line can destroy a

packet completely. Also deals with errors resulting from lost frames, duplication or loss of se>uencing.

&ontrols the rate of flow of data frames between nodes. 1tops a fast transmitter from drowning a slow

receiver, called flow control. A header and a trailer is added to each frame sent, which includes the

physical address of the destination node, called addressing.

Access control is re>uired when two or more devices are connected to the same link. The data link

layer protocol is used to determine which device has control over the line at any given moment.

'hysical #ayer ( co-ordinates the functions re>uired to transmit a bit stream over a physical medium.

#eals with the mechanical and electrical specifications of the connections, i.e. cables, connectors andsignalling options that physically link two nodes. $t is also the actual physical link between two

locations. &oncerned with transmitting raw bits over a communications channel - making sure that

when one side sends a ( bit, the other side receives a ( bit.

C')I'The $nternet is a collection of networks running the T&5uely identify a destination.

@outing ' the capacity to efficiently determine the path a particular packet is to traverse to reach

the destination.

The T&5


6/13

he rans!ort layer is responsible for providing services to the application layer as follows6-

(. &onnection-oriented or connectionless transport. For connection-oriented, once a connection is

established between two applications, the connection remains until one of the applications

terminates it. $n connectionless each packet contains the destination address.

9. @eliable or unreliable transport. $n reliable transport, the transport layer is responsible for ensuring

lost packets are retransmitted, i.e. guarantees reliable delivery. $n an unreliable connection, the

transport layer is not involved and it is up to the applications to handle packets lost or dropped by

the network.

8. 1ecurity. This is a relatively new service offered by the transport layer. 1ervices such as

authenticity, integrity and confidentiality are not widely supported, but will be in the future as part

of the protocol stack.

An application has to select the services it wants from the transport layer. 1ome combinations are not

allowed, e.g. connectionless and reliable transport are not available together. The protocols used here

are T&5 and 4#5.

T&5 Transmission &ontrol 5rotocol! provides the connection-oriented reliable data delivery service

with end-to-end error detection and correction. A logical end-to-end connection is established by

means of a three-way handshake, between the two endpoints. Also re>uires a three way handshake to

disconnect.

4#5 4ser #atagram 5rotocol! provides a low overhead, unreliable, connectionless datagram delivery

service. There is no error-correction, retransmission, or lost, duplicate or re-ordered packet detection

and error detection is optional.

Internet #ayer concerned with routing data from source to destination. 4ses the $nternet 5rotocol

$5!, which provides the basic packet delivery service on which T&5


7/13

C' In Detail

T&5 is connection oriented, which means it establishes an end-to-end connection between the two

communicating hosts. &ontrol information is exchanged between the two end points using a three-

way-handshake, to establish a dialogue before data is transmitted. After the data transfer, another

three-way handshake is re>uired to close the connection.

The data unit transmitted with a T&5 header! is called a segment. %ormally T&5 decides when a new

segment is transmitted. At the destination, the receiving T&5 buffers the data in a segment in a

memory buffer associated with the application and delivers it when the buffer is full. A segment may

consist of multiple user messages if short message units are being exchanged, or part of a single larger

message. The max. length of each segment is a function of T&5 which simply endeavours to ensure

that the total submitted octet stream associated with each direction is delivered to the other side in a

reliable way.

T&5 ?eader

The T&5 segment structure is shown above ' @ef Fig 8.9) from Gurose H @oss, p98(

1ource and destination ports - 9 octets each - indicate the end points of the logical connection

1e>uence number - I octets

?eader length field - I bits - number of 89-bit words used can change because of the options!

@eserved - for future use

&ode bits - J bits - set bits to indicate the validity of selected fields 4@K, A&G, 51?, @1T, 1L%,F$%!

0indow - sliding window flow control - number of octets relative to the current number that the

source is willing to accept relates to buffer space at destination!

&hecksum - verifies complete segment

4rgent pointer - indicates the amount of expedited data in the segment

ptions - max. number of octets in the user data field it is prepared to accept

4ser data - default max. is 28J - chosen on the assumption that 0A% will be in the route. $f a

A% only is used then a larger segment si;e can be used see ptions field!

C' Connection Esta*lishment

A connection starts in the &1E# state, and goes to either a passive open $1TE%! or an active

open &%%E&T!. $f a connection is established then both ends will become E1TA:$1?E#.


8/13

A client initiates a connection using the three-way handshake. A segment is sent with the Msynchronise

se>uence numbersM 1L%! bit set. This tells the receiving host that there is an incoming connection

and the se>uence number N! that will be used as the starting number of the segments. 1tarting

se>uence numbers are a random number between + and 989- ( and are used to maintain the data in the

correct order.

The receiver responds with a segment that has the AckN B (! and 1L% bits set and contains the

se>uence number L!, which is a different random number, that will be used by the destination host.

The sender acknowledges the receipt of the receivers segment AckL B (! and begins to transfer the

data.

C' Connection %elease

This can be initiated by either side, and both return to the &1E# state. This is caused by an

application executing a &1E primitive, which causes the local T&5 entity to send a T&5 segmentwith the F$% bit set and wait for an acknowledgement. 0hen the acknowledgement arrives a transition

is made to the F$% 0A$T 9 state and one direction of the connection is now closed. 0hen the other

side closes a F$% is also sent, which must be acknowledged. :oth sides are now closed, but T&5 waits

a time e>ual to the max. packet lifetime to guarantee that all packets from the connection have died

off. 0hen the timer expires T&5 deletes the connection record.

'ort &ddresses

A remote computer may be running several server programs at the same time. 1imilarly, a local

computer may have one or more client programs running. For a communication we must define6-

local host local $5 address!

local client program local port number!

remote host remote $5 address!

remote client program remote port number!

The local host and client are defined using $5 addresses. The client programs need an identifier called

a port number. $n T&5


9/13

98 Telnet Terminal %etwork

92 1"T5 e-mail

28 #%1 #omain %ame 1erver

/+ ?TT5 ?ypertext Transfer 5rotocol

II8 ?TT51 1ecure ?TT5

Internet #ayer$5 is the protocol that provides the basic packet delivery service on which T&5


10/13

Three bits - first is unused - second is #F dont fragment! - third is "F more fragments!

Fragment offset - where in the current datagram this fragment belongs. All fragments except the

last, must be a multiple of / bytes. 1ince (8 bits are provided there is a max of /()9 bytes per

datagram - giving a max datagram length of J2,28J bytes one more than the total length!

Time to live - counter used to limit packet lifetimes %o. of hops!

5rotocol field - tells $5 which transport process to give it to - e.g. T&5 ?eader checksum - verifies the header only

1ource and destination address - network number and host number

ptions - currently five defined security, strict source routing, loose source routing, record route,

timestamp!

I' &ddress Classes

riginally, the $5 address space was divided up into a few fixed-length address classes class A, class

: and class &!. :y examining the first few bits of an address, the class can easily be determined and

hence the structure of the address.

I' &ddresses

%outin"

To deliver data between any two $nternet hosts it is necessary to move the data across the network to

the correct host, and then within that host to the correct user or process. Kateways route data between

networks. Eventually the datagram finds its way to your local gateway.

4ser A 4ser :

Application Application

Transport Transport

%etwork %etwork %etwork %etwork

#atalink #atalink #atalink #atalink

5hysical 5hysical 5hysical 5hysical

Source node Intermediate node Destination node

1ource, $ntermediate and #estination nodes@ef6 &onverged %etwork Architectures - .&. $be

The $nternet ayer makes routing decisions based on the network portion of the address. This is done


11/13

by applying a network mask to the address. $f the destination network is the local network, then the

data is delivered to the local destination host. $f it is not local, the $5 module looks up the network in

the local routing table. All of the gateways that appear in the routing table are on networks directly

connected to the local system.

A host is typically connected to a router - the default router - which is the first hop in the path across

the network. The routing algorithm within a router will determine the next hop for a particular

source


12/13

&ddress %esolution

The $5 address and the routing table direct the datagram to a specific physical network, but when data

travels across the network, it must obey the physical layer protocols used by that network. An $5

address can not be used to transport T&5uest to translate an $5 address, it checks the table. $f the address

is found then it returns the "A& address. $f the address is not found then A@5 broadcasts a packet,

which contains the $5 address which needs a "A& address, to every host on the A%. A host will

identify the $5 address as its own and returns its "A& address. The response is then cached in the

A@5 table.

&omparison of 1$

and T&5


13/13

How does a com!uter send a re.uest to a We* ser+er on the other side of the world?

The user is located on a 5& connected to a A%, or a telephone line via a modem, while the web

server is located on the other side of the world on a completely different A%. 0hen the user clicks

on an icon or some text that points to a page located at a 4@ the steps that occur are as follows6-

(. The browser verifies that the 4@ typed by the user! is syntactically correct

9. :rowser makes a re>uest to the #%1 for the $5 address that corresponds to the 4@

8. #%1 replies with an $5 address or an error message

I. :rowser ?TT5 client! makes the T&5 connection to port /+ at the destination $5 address

2. The ?TT5 client sends a ?TT5 re>uest e.g. KET uest message via the socket associated with the connection,

retrieves the ?T" page, encapsulates it in a ?TT5 response message and sends the re>uestedfile index.html! via the socket

*. The ?TT5 server tells T&5 to close the T&5 connection T&5 does not close the connection

until it is sure that the client has received the message correctly!.

/. The ?TT5 client the browser! receives the response message and displays the page. T&5 now

terminates the connection.

). The browser then fetches and displays all the images in the ?T" page, by establishing a new

connection for each image ?TT5 (.+!

user

(! 9!

8!

I! 2! J!

J!

/! *!

)!

()8.J+.(98.*/

&lient

browser

running

on 5&

#%1

server

local

server

port

/+

0eb

server

$nternet

Intro to Tcpip data communication

Documents

Transcript of Intro to Tcpip data communication