TCP/UDP protocol

Source: Internet
Author: User
Figure 1 shows the interface for setting rules for the firewall software of Rising's Personal Edition. Careful readers will find that the "protocol" column in Figure 1 contains "TCP", "UDP" and other terms. What do they mean? Now let's talk about TCP and UDP. We have learned what is "data packet ". Understanding data packets is of vital significance for network security in network management. For example, the essence of a firewall is to detect packets in the network and determine whether the firewall violates preset rules. If the firewall violates the rules, it will be blocked. Figure 1 shows the interface for setting rules for the firewall software of Rising's Personal Edition. Careful readers will find that the "protocol" column in Figure 1 contains "TCP", "UDP" and other terms. What do they mean? Now let's talk about TCP and UDP.

Connection-oriented TCP

"Connection orientation" means that a connection must be established with the other party before formal communication. For example, if you call someone else, you must wait until the line is connected and the recipient picks up the microphone to talk to each other.

Image Attachment: [1] 1.jpg (, 15.27 K)

TCP (Transport Control Protocol) is a connection-based protocol. That is to say, a reliable connection must be established with the other party before sending and receiving data. A TCP connection can be established only after three "conversations". The process is very complicated. Here we only provide a simple and visual introduction. You only need to understand this process. Let's take a look at the simple process of the three conversations: host a sends a connection request packet to host B: "Can I send data to you ?", This is the first conversation; host B sends a packet to host a that agrees to the connection and requires synchronization (synchronization means that two hosts are sending, receiving, and coordinating): "Yes, when will you send it? ", This is the second conversation. host a sends another packet to confirm that host B's request is synchronized: "I will send it now, let's proceed !", This is the third dialogue. The purpose of the three "dialogs" is to synchronize the transmission and receipt of data packets. After the three "dialogs", host a formally sends data to host B.

The TCP protocol can provide reliable communication connections for applications, so that the byte stream sent by a computer is sent to other computers on the network without error. for data communication systems with high reliability requirements, the TCP protocol is often used to transmit data.

Image Attachment: 2.jpg (, 5.41 K)

We will conduct an experiment to copy a 2000-byte file from computer B on "Network Neighbor" on computer A (with Windows 8,644,608 server installed, the sending and receiving indicators in the lower-right corner of the status bar show that, although data flow is from computer B to computer A, computer a still sends 3,456 data packets, as shown in figure 2. How are these packets generated? Because the TCP/IP protocol is used for file transmission, or connection-oriented TCP protocol is used, when computer A receives data packets, it needs to send back data packets to computer B, therefore, some traffic is generated.

Image Attachment: 3.jpg (, 4.33 K)

If you use the network monitor to monitor network traffic in advance, you will find that the resulting data traffic is 9,478,819 bytes, 10.96% more than the file size (as shown in 3 ), the reason is not only that data packets and frames occupy some space, but also that the TCP connection-oriented Feature leads to the generation of some additional traffic.

Non-connection-oriented UDP protocol

"Non-connection oriented" means that you do not need to establish a connection with the other party before the formal communication, and send the connection directly regardless of the other Party's status. This is very similar to the popular mobile phone text message: when you send a text message, you only need to enter the phone number of the other party and then OK.
 
User Data Protocol (UDP) is the protocol corresponding to TCP. It is a non-connection-oriented protocol. Instead of establishing a connection with the other Party, it directly sends data packets.

Image Attachment: 4.jpg (, 4.7 K)

UDP is applicable to applications that transmit only a small amount of data at a time and do not require high reliability. For example, we often use the "ping" command to test whether the TCP/IP communication between two hosts is normal. In fact, the principle of the "ping" command is to send UDP packets to the other host, then, the host of the other party confirms that the packet is received. If the message indicating whether the packet arrives is returned in time, the network is connected. For example, by default, four data packets (2) are sent during a ping operation ). As you can see, the number of data packets sent is 4 packets, and the number of packets received is also 4 (because the recipient's host will send back a packet to confirm receipt ). This fully demonstrates that UDP is a non-connection-oriented protocol and does not establish a connection. Because the UDP protocol does not have a connection process, its communication performance is high; but also because of this, its reliability is not as high as that of the TCP protocol. Qq uses UDP to send messages, so sometimes messages cannot be received.

Appendix: Differences Between TCP and UDP protocols

Image Attachment: 5.jpg (, 5.37 K)

TCP and UDP have their own strengths and weaknesses, and are suitable for communication environments with different requirements. The differences between the TCP protocol and the UDP protocol are shown in the appendix. 1. Brief Introduction to UDP
UDP is a transport layer protocol, which is in a layer with TCP protocol. However, unlike TCP, UDP does not provide timeout retransmission, error retransmission, and other functions, that is, it is an unreliable protocol.

2. UDP Header
2.1.udp port number
Because many software applications require the UDP protocol, the UDP protocol must use a flag to distinguish the data packets required by different programs. This is the function of the port number. For example, if a UDP program A registers port 3000 in the system, the UDP packet sent from the outside with the destination port 3000 will be handed over to the program. Theoretically, there can be so many port numbers as 2 ^ 16. Because it is 16 bits in length

2.2.udp test and
This is an optional option. Not all systems verify UDP data packets (which is a must of the TCP protocol). However, according to the standard requirements in RFC, the sending end should calculate the verification.

UDP checks and overwrites the UDP protocol header and data, which is different from the IP address test. The IP protocol test only overwrites the IP address data header and does not overwrite all the data. Both UDP and TCP contain a pseudo header, which is produced for calculation test and. The pseudo-header even contains information in the IP protocol such as the IP address, so that UDP checks whether the data has arrived at the destination correctly twice. If the check and option are not enabled on the sender, And the acceptor calculates the check and has errors, the UDP data will be quietly lost (not guaranteed delivery) without generating any error packets.

2.3.udp Length
UDP can be long and long, and can be 65535 bytes long. However, when the network is transmitting data, a protocol that generally fails to transmit that long (involving MTU issues) will have to be split into data. Of course, these are transparent to UDP and other upper-level protocols. UDP does not need to care about how the IP protocol layer partitions data. The next chapter will discuss some sharding policies.

3. IP sharding
After the IP address receives data from the upper layer, it determines from which interface the data is sent (by selecting routes) based on the IP address and performs MTU query. If the data size exceeds the MTU, data is split. Data fragments are transparent to the upper and lower layers, and the data will be re-assembled when it reaches the destination. However, you don't have to worry. The IP layer provides enough information for data re-assembly.

In the IP header, the 16bit identification number uniquely records the ID of an IP package. IP segments with the same ID will be reassembled; the 13-bit slice offset records the position of an IP slice relative to the entire package, and the 3-bit sign in the middle indicates whether there are new slice after the slice. The three tags constitute all the information of the IP segment, and the receiver can use this information to re-organize the IP data (even if the subsequent parts are first served than the previous parts, this information is sufficient ).

Due to the frequent use of the sharding technology on the network, software and people who forge IP sharding packets for rogue attacks are also emerging.

You can use the trancdroute program to perform simple MTU detection. Please refer to the teaching materials.

3. interactive use between UDP and ARP
This is a detail that is not often noticed. It is intended for some system implementations. When the ARP cache is still empty. Before sending a UDP packet, you must send an ARP request to obtain the MAC address of the target host. If the UDP packet is large enough, it must be split to the IP layer, imagine that the first shard of the UDP packet will send an ARP query request, and all the shards will be sent after the query is complete. Is that actually true?

As a result, some systems send an ARP query for each shard. All shards are waiting, but when the first response is received, the host only sends the last data piece and discards others. This is incredible. In this way, because the fragmented data cannot be assembled in time, the accept host will discard IP data packets that will never be assembled within a period of time, and send the assembled timeout ICMP packet (in fact, many systems do not produce this error), to ensure that the receiving host's own acceptor cache is not filled with fragments that will never be assembled.

4. ICMP Origin Site suppression Error
When the processing speed of the target host cannot keep up with the data receiving speed, the host sends an ICMP message "I cannot stand" because the IP layer cache of the host is full.

5. UDP Server Design
Some features of UDP will affect the design of our server program, which is summarized as follows:

About the customer IP address and address: the server must be able to determine whether the data packet is valid based on the customer IP address and port number (this seems to require every server to have)
Target address: the server must be able to filter broadcast addresses.
About data input: Generally, every port number in the server system corresponds to an input buffer. Incoming input is waiting for processing by the server based on the principle of first-in-last-in. Therefore, the buffer overflow is inevitable, in this case, UDP packets may be discarded, but the application server itself does not know this problem.
The server should restrict the local IP address, that is, it should be able to bind itself to a port of a network interface. TCP and UDP are on the same layer-transport layer, but the most difference between TCP and UDP is that TCP provides a reliable data transmission service, which is connection-oriented, that is, the two hosts that use TCP communication first need to go through a "call" process, wait until the communication preparation is complete before data transmission and end the call. Therefore, TCP is much more reliable than UDP. UDP sends data directly, and no matter whether the recipient is receiving the message, even if UDP cannot be delivered, it will not generate ICMP error packets, this was reiterated many times.

The same as the UDP header, the TCP Header has the sending port number and the receiving port number. However, the TCP header information is obviously more than that of UDP. As you can see, TCP provides all the necessary information required for sending and confirming.

Establish connection between the two parties
The sender sends the TCP datagram to the receiver and waits for the Peer to confirm the TCP datagram. If no, the sender resends the datagram. If yes, the sender sends the next datagram.
The receiver waits for the sender's datagram. If the received datagram is correct and verified, the receiver sends an ACK (confirmed) datagram and waits for the next TCP datagram to arrive. Wait until fin is received (send complete datagram)
Abort connection
To establish a TCP connection, the system may establish a new process (the worst is also a thread) for data transmission.

 

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.