The Ethical Hacker Network - A few Questions about TCP data flow

JayOni

Newbie

Offline

Posts: 21

A few Questions about TCP data flow

« on: May 30, 2011, 11:46:00 AM »

Hope im not bugging you guys with my questions yet. But I dont got school because its memorial day and I need some questions answered about the flow of data in TCP. I cant really afford to take a day off from studying.

1) TCP takes place in the network layer of the OSI right? So does that mean it starts at the network layer or does the data flow from TCP still have to start at the physical layer? The book isnt very clear on this point.

2) In the line header length, Reserved, flags, sliding window..... what is the reserved area used for all the book says is its for later use and hardly ever used.

3) In the line Options/Padding is it possible for both of these to be 0 bits at the same time? And if so does this line get skipped completely? Are the special options worth knowing about?

4) Under Data what is meant by "The size of the data field depends on how much data needs to be transmitted(this half i understand its the next half which I don't), the constraints of the TCP segment size imposed by the network type, and the limitation that segment must fit within an IP datagram."


	Logged

eEv63

Newbie

Offline

Posts: 2

Re: A few Questions about TCP data flow

« Reply #1 on: May 30, 2011, 01:38:50 PM »

can you tell me which book are you referring??


	Logged

JayOni

Newbie

Offline

Posts: 21

Re: A few Questions about TCP data flow

« Reply #2 on: May 30, 2011, 02:06:06 PM »

The name of the book is "Network+ Guide to Networks" 5th edition


	Logged

JayOni

Newbie

Offline

Posts: 21

Re: A few Questions about TCP data flow

« Reply #3 on: May 30, 2011, 07:29:15 PM »

since my post hasnt got much attention since its been moved... *bump*


	Logged

lorddicranius

Sr. Member

Offline

Posts: 447

Re: A few Questions about TCP data flow

« Reply #4 on: May 30, 2011, 08:32:58 PM »

Bothering? No way. This is what forums are for: to ask your questions to those who may be able to help

1) The OSI model isn't necessarily a road map of how packets travel (directly from top to bottom or vice versa). To quote the OSI model wikipedia page:

Quote

A layer provides services to its upper layer while receiving services from the layer below.

So while TCP "resides" on the transport layer, it doesn't necessarily travel up from the physical layer, but instead provides/receives services from/to the layers above/below it.

2) I couldn't tell you. Checking the RFC for TCP (RFC 793), it doesn't say what it's going to be used for either.

3) I believe you're correct with this. If there's no options, then the header is already set to allow the data portion to start in the next 32-bit boundary, therefore no need for any padding. Somebody else may need to back me up on this though as I'm not 100%.

4a)

Quote

...the constraints of the TCP segment size imposed by the network type...

I think refers to the ability to configure TCP segment size limits per network and how the segment is fragmented to fit said limitations.

4b)

Quote

...and the limitation that segment must fit within an IP datagram.

I think refers to the size limitations put on by the IP standard (minimum of 20 bytes, maximum of 65,535 bytes).


	Logged

GSEC, eCPPT, Sec+

JayOni

Newbie

Offline

Posts: 21

Re: A few Questions about TCP data flow

« Reply #5 on: May 30, 2011, 10:06:55 PM »

ok so the TCP resides on the transport layer but the accual protocol is a network layer?


	Logged

lorddicranius

Sr. Member

Offline

Posts: 447

Re: A few Questions about TCP data flow

« Reply #6 on: May 31, 2011, 09:15:28 AM »

I'm not sure what you mean when you say "actual protocol," but the TCP protocol is part of the transport layer. Let's take a look at it in terms of the world wide web. Take TCP/IP for example. IP is part of the network layer. IP as a protocol though is connectionless; it doesn't do any transporting. TCP takes care of transporting the data in the IP datagram.

As I said before, the OSI/Internet models aren't maps of how packets travel. It's a model showing how protocols work together to . In this example of the world wide web, TCP provides the transport service for IP.


	Logged

GSEC, eCPPT, Sec+

WCNA

Full Member

Offline

Posts: 187

Re: A few Questions about TCP data flow

« Reply #7 on: May 31, 2011, 09:54:06 AM »

re:"The book isnt very clear on this point."

I'm not sure my answer will be very clear either as I'm not sure exactly what you are asking. You might want to look at some of the OSI tutorials on youtube or securitytube.

Maybe this will help but it may not be what you are looking for. Let's say you open an application like a web browser (layer 7). As it heads down the OSI model on its way to the internet, it will pick up different headers and change names. Layers 7-5 it's called a PDU, layer 4 it becomes a segment, layer 3 a datagram and then at layer 2 when ethernet adds its header it becomes a frame. From there it heads out to the internet. As it hits various routers and switches it will climb the OSI model up to layer 2 or 3 (or higher) and then back down again over and over until it reaches its destination, where it will climb back up to layer 7, the application at the other end.

Take a look here for more info- http://www.tcpipguide.com/free/t_DataEncapsulationProtocolDataUnitsPDUsandServiceDa-2.htm

Is question 4 about window sizes? If so, this should help- http://www.youtube.com/watch?v=XpUNXDkfkQg
As Laura explains, if an application doesn't pick up data from the buffer quick enough, it will let the server know to stop sending so much data as the client is unable to process it all that quickly. It may even reach a window zero condition where it will stop sending traffic altogether. Other things you will want to understand are fragments and scaling. They change sizes also.


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

JayOni

Newbie

Offline

Posts: 21

Re: A few Questions about TCP data flow

« Reply #8 on: May 31, 2011, 06:46:53 PM »

well i looked back in the book and it clearly DOES say transport layer for the TCP (even though i could of sworn up an down the book said network layer) I probally just got it mixed up with what it said about the IP or something thats what happens when you only get 5 weeks to learn networking..... so much info so little time. I have it drilled into my mind now after seeing you guys say it so many times so I wont forget.


	Logged

WCNA

Full Member

Offline

Posts: 187

Re: A few Questions about TCP data flow

« Reply #9 on: May 31, 2011, 09:36:17 PM »

Wikipedia has some good examples and pics

http://en.wikipedia.org/wiki/TCP/IP_model


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

lorddicranius

Sr. Member

Offline

Posts: 447

Re: A few Questions about TCP data flow

« Reply #10 on: May 31, 2011, 10:28:45 PM »

Good links, WCNA - thanks.

Also, a quick question (for anybody). While the IP model was acknowledged when I was studying for Network+ etc, the OSI model was mostly taught/referenced. Is the IP model being taught more these days?


	Logged

GSEC, eCPPT, Sec+

JayOni

Newbie

Offline

Posts: 21

Re: A few Questions about TCP data flow

« Reply #11 on: May 31, 2011, 10:48:09 PM »

I didnt get a chance to look at it in detail really im studying like 16-18 hours a day (counting the time im spending at school) but this is one of the certs i want to get actually so i'll be sure take make the time to look it over good. Thanks.


	Logged

tturner

Sr. Member

Offline

Posts: 432

Re: A few Questions about TCP data flow

« Reply #12 on: June 01, 2011, 06:13:13 AM »

Question 2 - The reserved area is used for fuzzing Cheesy

Mike Poor calls that the evil bit. If it's set, then the packet is likely Eeeeeeeeeevill!

Some network stacks (and some IDS's) don't know what to do with the packet when the evil bit is set and hilarity can ensue. Or not.


	Logged

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, OPSE, CSWAE, CSTP, VCP

WIP: OSWP, GSSP-JAVA, GXPN

Udacity on hold, again. I suck.

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org

WCNA

Full Member

Offline

Posts: 187

Re: A few Questions about TCP data flow

« Reply #13 on: June 01, 2011, 01:34:12 PM »

lorddicranius said "Is the IP model being taught more these days?"

Not to my knowledge. It seems like everyone uses the OSI model....although the TCP/IP model is a potential question on the CISSP exam.


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

yatz

Full Member

Offline

Posts: 222

Re: A few Questions about TCP data flow

« Reply #14 on: June 01, 2011, 01:47:29 PM »

Quote from: WCNA on June 01, 2011, 01:34:12 PM

I got a thorough run through of both TCP/IP and OSI models during my recent Cisco studies, though I can't recall if both were on the exam. Also, I made it through an associates in Computer Networking without touching on the TCP/IP model at all, but the OSI model was taught at length. In general, as WCNA said, OSI model is the norm.


	Logged

"Live as though you would die tomorrow, learn as though you would live forever."

CCNA, MCSA, MCTS, Sec+, Net+, Linux+, CEH

Pages: [1] Go Up

« previous next »