Connectionless routing sets up a tcp connection, or virtual circuit between a sender and receiver.

Connectionless Protocols

Connectionless protocols behave in a manner similar to sending a letter in the marl. Let’s say I write you a letter, put it in an envelope, address it, add postage, and drop it in a mailbox. What happens? On a best-effort basis the postal office routes the letter through their system and delivers it to you. However, notice that there is no absolute guarantee of delivery; there is no notification if the letter is lost or mangled in transit. Further, there is no assurance that letters will be delivered in the order in which they were sent. The nice thing about this mode of exchange is that you do not need any pre-established relationships in order to communicate.

Connectionless protocols operate in this manner. One casts a datagram onto the network with the understanding that it will be delivered on a best-effort basis to whomever it is addressed to. In addition, we accept that there is no notification of a failure, nor can we make assumptions about the sequence of delivery. UDP is a great example of this sort of communication.

The IP Packet Structure

☑

IP is a connectionless protocol that acts as the primary transport to move information in a networked environment. Since it is connectionless, IP is easily spoofed. The most common version found today is IPv4, although IPv6 is starting to gain ground.

Many of the fields found in the IP header were designed to provide added functionality, but are not used in most day-to-day activities. This includes IP options, the fragmentation field, and the QOS field. Attackers are able to use these fields to launch specific network layer attacks. Some OSes have established different defaults for these fields, and it is possible to use these settings to determine the version and type of OS running on a specific system.

While IP has the ability to carry additional options, its default length is 20 bytes. One option to be aware of is source routing. Source routing can be used by an attacker to control the route of traffic. This allows the attacker to route traffic in such a way that certain types of man-in-the-middle techniques can be carried out.

UDP Communications

The User Datagram Protocol is a connectionless protocol that is designed to stream data. When a UDP connection occurs, there is no beginning, middle, or end to the conversation. Data simply begins to flow between the two systems. UDP is a very simple protocol and is used when speed is an issue. UDP packet receipt is not verified. An example of a use of the UDP protocol is DNS queries. When you attempt to use your Web browser to access www.syngress.com, it must first resolve the name to an IP address. This would require a DNS query. The query is sent over a single UDP packet. The DNS server would then respond by telling the originating system the IP address of the Web server. Because the UDP response is faster than setting up a TCP session, UDP makes sense in these situations. Another example of using UDP is Voice over IP (VoIP). The downfall, of course, is the lack of reliability, so you may have to employ other methods to guarantee delivery.

IP

Internet Protocol (IP) is a connectionless protocol that manages addressing data from one point to another, and fragments large amounts of data into smaller, transmittable packets. The major components of Internet Protocol datagrams are:

IP Identification (IPID) Used to uniquely identify IP datagrams and for reassembly of fragmented packets.

Protocol Describes the higher-level protocol embedded within the datagram.

Time-to-live (TTL) Attempts to keep datagrams and packets from routing in circles. When TTL reaches 0, the datagram is dropped. The TTL allows traceroute to function, identifying each router in a network by sending out datagrams with successively increasing TTLs, and tracking when those TTLs are exceeded.

Source IP Address The IP address of the host where the datagram was created.

Destination IP Address The destination where the datagram should be sent.

Notes from the Underground …

Layer 4: The Transport Layer

The transport layer provides methods of flow control, ordering of received data, and acknowledgement of correctly received data. It relates to our classroom scenario in that it establishes the way that the instructor presents the lecture. For instance, the instructor might look to the audience for an indication of whether or not they understand the lecture. The instructor could invite questions, look for body language indicating agreement, or perhaps even count sleeping students. The instructor attempts to give each student a chance to be involved in the lecture emulating one-on-one attention. On the other hand, it is also possible that the instructor does not desire feedback and will lecture regardless of audience reactions. This type of presentation could be necessary when there is an excessive amount of information and inadequate time to present the material. These two approaches are both appropriate for certain situations and audiences.You will see this type of communication in the computer world as well.

The transport layer can be categorized into connection-oriented and connectionless protocols. An example of a connection-oriented protocol is TCP. The term connection-oriented refers to communications that establish an interaction between the two ends of the connection; they shake hands and agree upon some basic conventions, and then pass along service information about the ongoing communication. It implies a level of reliability and a guarantee of delivery of services, much like the first method of presentation in the classroom. The processes involved in the protocol function to provide a virtual one-on-one appearance. Connectionless protocols, like UDP, do not provide these measures of reliability. In a connectionless communication, information is simply dropped on the wire and a “best effort” delivery is assumed to get the information to its recipient. This method is analogous to the second method in our classroom example, in which the instructor continues to lecture whether the students hear and understand everything or not. Generally speaking, what is lost in reliability is gained in efficiency; connectionless protocols are generally chosen when high throughput is necessary and some information loss is acceptable.

Designing & Planning…

Note

Don't assume that because a TCP session has been successfully established, the end IP addresses are valid. Enforce IP address antispoofing techniques whenever possible to prevent rogue packets from coming onto your network.

Transport Layer

The transport layer takes the data from the session layer and splits it up into smaller pieces of information that are the right size for network transmission. Before sending the data out, this layer makes a checklist of how to ensure that the other side has received all the data and that it is not damaged in any way. It does this by doing a handshaking process prior to sending the data. That handshaking process determines the amount of data to be sent, how to judge if some of the data was lost in the transmission, and how to verify the data was not corrupted. The process that's performed in this layer is often confused with the session layer. The difference between them is that the transport layer is building sessions between the end devices, whereas the session layer is building sessions between the applications.

There are three protocols that work at this layer: TCP, User Datagram Protocol (UDP), and SPX.

TCP is a connection-oriented protocol, which means it will set up a reliable connection between hosts before sending any data. There are actually three phases used by TCP: connection setup, data transfer, and connection tear-down. In the connection setup phase, transmission parameters are negotiated among the endpoints. TCP uses the SYN, SYN/ACK, and ACK flags to let both sides participate in the negotiation of how much data should be sent at a time, along with flow control, and how to detect errors while recovering from them. Once the agreement is made between the hosts, the data can be sent. If one of the hosts detects a problem with the received traffic, it will request the segment to be retransmitted. This ensures that the data is error free and completely received by the destination. TCP uses acknowledgements (ACKs) to tell the sending computer that it has received the expected amount of data and that the integrity of it is good. Any data not acknowledged is re-sent to the destination, as it is assumed lost. Finally, when the conversation is done, the transport layer closes the conversation between hosts by sending an acknowledged finish (ACK/FIN) packet. The opposite end responds back with an ACK that it received the ACK/FIN. Once both sides agree to end the session through the use of ACK, the conversation can close.

A connectionless protocol such as UDP doesn't have the three-phase approach like TCP. It just sends the data as soon as it's ready and assumes the endpoint receives it all. UDP expects the application to put the data back together instead of the protocol used in this layer.

Head of the Class…

Capturing and Analyzing User Datagram Protocol

UDP is another popular Layer 4 protocol. DNS, TFTP, and many other protocols rely on UDP for their data transmission.

UDP is a connectionless protocol. No connection needs to be established between the source and destination before you transmit data.

UDP does not have a mechanism to make sure that the payload is not corrupted. As a result, the application must take care of data integrity all by itself.

The UDP header is pretty straightforward. It includes only source and destination port numbers, length of the frame, and a UDP message checksum.

User Datagram Protocol (UDP)

User Datagram Protocol (UDP) is a layer 4 protocol used to deliver datagrams not requiring or not being able to use some of the features of TCP, discussed shortly. UDP is a simple, connectionless protocol that is the layer 4 protocol of choice for such applications as streaming audio and video and VoIP (voice on Internet Protocol — see Chapter 6) packet delivery. Applications using UDP are frequently characterized by the need for rapid (low-latency) delivery, where it is not feasible to correct for transmission errors. UDP is also used where a transmission is bound for more than one receiver, making acknowledgment moot.

For example, suppose you are handling a VoIP voice transmission. If a packet is received in error, there is not much you can do about it anyway. You could ask for retransmission, but by the time the request goes to the sending machine and it retransmits the packet, it is much too late to use that packet. So you do the best you can with the packet received in error. This might mean that you discard it and replace it with the previously received good packet. Similarly, you don't have the luxury of reordering packets received out of order, because this will require time, and time is of the essence in handling audio packets. Two other protocols often used with UDP are the Real-Time Protocol (RTP) and Real-Time Control Protocol (RTCP), both described in Chapter 6.

UDP headers and data reside in the datagram payload of Figure 5.14. The UDP header is simple, consisting of just four parts: the source port, destination port, datagram length, and checksum. Following the header is the application data, the desired information to be transmitted.

Layer 4: Transport

Layer 4 is the Transport layer. As the name implies, it is responsible for transporting the data from one node to another. It provides transparent data transfer between nodes and manages the end-to-end flow control, error detection, and error recovery.

The Transport layer protocols initiate contact between host computers and set up a virtual circuit. The transport protocols on each host computer verify that the application sending the data is authorized to access the network and that both ends are ready to initiate the data transfer. When this synchronization is complete, the data can be sent. As the data is being transmitted, the transport protocol on each host monitors the data flow and watches for transport errors. If transport errors are detected, the transport protocol can provide error recovery.

The functions performed by the Transport layer are very important to network communication. Just as the data link layer provides lower level reliability and connection-oriented or connectionless communications, the Transport layer does the same thing at a higher level. In fact, the two protocols most commonly associated with the Transport layer are defined by their connection state: The Transmission Control Protocol (TCP) is connection-oriented, whereas the User Datagram Protocol (UDP) is connectionless.

Head of the class…

What else does the Transport layer do? It handles another aspect of logical addressing: ports. If you think of a computer’s IP address as analogous to the street address of a building, you can think of a port as a suite number or apartment number within that building. It further defines exactly where the data should go.

A computer might have several network applications running at the same time: a Web browser sending a request to a Web server for a Web page, an e-mail client sending and receiving mail, and a file transfer program uploading or downloading information to and from an FTP server. There must be some mechanism to determine which incoming data packets belong to which application, and that’s the function of port numbers. The FTP protocol used by that program is assigned a particular port, whereas the Web browser and e-mail clients use different protocols (HTTP and POP3 or IMAP) that have their own assigned ports. Thus the information that is intended for the Web browser doesn’t go to the e-mail program by mistake. Port numbers are used by the Transport layer protocols (TCP and UDP).

Finally, the Transport layer deals with name resolution. Because human beings prefer to identify computers by names instead of IP addresses (after all, it’s easier to remember “www.microsoft.com” for Microsoft’s Web server than 207.46.249.222), but computers know only how to interpret numbers (and binary numbers, at that), there must be a way for names to be matched with numerical addresses so that people and computers don’t drive one another crazy. Name resolution methods such as the Domain Name System (DNS) solve this problem, and they generally operate at the Transport layer.

Transfer Control Protocol

TCP is not the best choice for any digital video stream, especially live footage, since it requires a connection-based transmission channel. A constant connection must be acknowledged before data transfer occurs. When you are streaming live video the demands on the network increase, causing the bandwidth to close up and the acknowledgment packets to be lost, which then causes obvious network latency issues. TCP handles the process of transmission by breaking down large segments of data into smaller packets based on the physical network used, thus ensuring that data is received at the other end before transmitting. UDP, on the other hand, is a connectionless protocol and does not guarantee the delivery of data sent, thus leaving the whole control mechanism and error-checking functions to the application itself.

In general, TCP is used when reliable communication is preferred. Many PTZ IP cameras allow TCP for the pan-tilt-zoom controls, whereas video is sent via UDP. TCP’s reliability through retransmission may introduce significant delays, but it doesn’t fail. When we’re attempting to reach a Website or retrieve email, it’s not the TCP that fails, it’s usually the application or hardware. When TCP packets do arrive, they arrive without errors because the sender keeps an extra copy and waits for an acknowledgment of receipt. Once receipt is acknowledged, the extra copy is discarded. If delivery fails, the packets are resent until they get through to their final destination. TCP is a synchronous transmission method. If it cannot sense a connection, it will continue to resend the data until it synchronizes.