Encapsulation of Upper-Layer Data
The two transport protocols most commonly used by TCP/IP are Transmission Control
Protocol (TCP) and User Datagram Protocol (UDP). These protocols are very different. Each
has its strengths and weaknesses. For this reason, they are used in different ways to play on
their strengths:
■ TCP—A connection-oriented transport protocol that is responsible for reliability and
efficiency of communication between nodes. TCP completes these tasks by creating
connections as virtual circuits that act as two-way communications between the source
and destination. TCP is very reliable and guarantees the delivery of data between nodes.
TCP also can dynamically modify a connection’s transmission variables based on
changing network conditions. TCP sequence numbers and TCP acknowledgment
numbers are included in the TCP header. These features allow the source and destination
to verify the correct, orderly delivery of data. Unfortunately, the overhead required for
TCP can make it slow and keeps it from being the optimum transport protocol for some
connections.
■ UDP—A connectionless transport protocol that is used to get the data to the
destination. UDP provides no error checking, no error correction, and no verification
of delivery. UDP defers the reliability issues to the upper-layer protocols and simply
sends the data without verifying delivery. UDP is a very simple and very fast protocol.
The upper layers determine which of the transport protocols is used when data is
encapsulated at the source node.
Application Data
Data
Data
Data Transport Header
Transport Header Logical
Data Addressing
Transport Header Logical
Addressing
Physical Addressing
Data Error Checking
Transport Header Logical
Addressing
Physical Addressing
Data Error Checking
Figure 5-2 illustrates the TCP communication between nodes that do not have a firewall
between them. The TCP “three-way handshake” is a four-step process that requires three
different transmissions to negotiate the connection:
1. The source sends a segment to the destination, asking to open a TCP session. A TCP flag
is set to SYN, indicating that the source wants to initiate synchronization or a
handshake. The source generates a random TCP sequence number. In this example, we
will use 125.
2. The destination receives the request and sends back a reply with the TCP flags ACK and
SYN set, indicating an acknowledgment of the SYN bit (receive flow) and initiation of
the transmit flow. It generates and sends its own random TCP sequence number,
388, and replies to the original TCP sequence number by adding 1, sending back a
sequence number of 126. The source receives the SYN/ACK and sends back an ACK
to indicate the acknowledgment of the SYN for the setup of the receive flow. It adds 1 to
the value of the TCP sequence number generated by the destination and sends back the
number 389.
3. The acknowledgment is received, the handshake is complete, and the connection is
established. Note in Figure 5-2 that the source begins to send data to the destination as
soon as the connection is established.
Figure 5-2 TCP Communication Between Nodes Without a PIX Firewall