User Datagram Protocol (UDP)
IP Packet
UDP Datagram IP UDP UDP Header Header Data 20 bytes 8 bytes UDP Header
16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt)
Data (if any) UDP Length
16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt)
Data (if any)
IP UDP UDP Header Header Data UDP Checksum
16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt)
Data (if any)
IP UDP UDP Header Header Data IP Pesudo-Header IP Pseudo-Header
32-bit Source IP address 32-bit Destination IP address MBZ Protocol 16-bit UDP Length
16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt)
Data (if any)
Possible odd byte PAD UDP Checksum
Checksum calculated like IP checksum, but use pseudo- IP header to insure packet arrived at proper host
If transmitted checksum field is zero, it means sender didn’t compute the checksum.
If the computed checksum would be zero, it’s represented as 65535
Packets with checksum errors are not reported IP Fragmentation
When a router transits a packet that is too large for the MTU of the outgoing link, the packet is fragmented
Fragmented packets are not reassembled until they reach their final destination
Fragments may also be fragmented
Fragments are identified using packet ID and fragment offset
Typically, if any fragment is lost, a router will discard all fragments. Routers usually only discover fragment loss if they drop the fragment themselves.
The endpoint assumes fragments are lost after 30-60 seconds Packets vs. Datagrams
An IP datagram is the unit of end-to-end transmission at the IP layer (before fragmentation & after reassembly)
A packet is the unit of data passed between the IP layer and the link layer.
A packet can be a complete IP datagram or a fragment IP Fragmentation
IP Payload Header
IP Payload Header
IP Payload More Fragements Header is Set IP Payload Header
More Fragements is NOT Set IP Fragmentation – Identifying Fields
IP Payload Header
IP Payload Header
Ver HdrLth Type of Svc Total length (in bytes) 16-bit Packet Identification Flags Fragment Offset Time To Live Protocol Header Checksum Source IP Address Destination IP Address
... (options, if any)... IP Fragmentation
IP Payload Header
IP Payload Header
Ver HdrLth Type of Svc Total length (in bytes) 16-bit Packet Identification Flags Fragment Offset Time To Live Protocol Header Checksum Source IP Address Destination IP Address
... (options, if any)... Don’t Fragment
One of the IPv4 header flags specifies that this packet should not be fragmented
Ver HdrLth Type of Svc Total length (in bytes) Flags 16-bit Packet Identification Fragment Offset (13-bits) (3-bits) Time To Live Protocol Header Checksum
Source IP Address
D M Destination IP Address R F F ... (options, if any)... Reserved
Don’t More Fragment Fragments ICMP Unreachable Error
Attempting to fragment a fragment with don’t fragment flag set generates an ICMP error packet ICMP type “destination unreachable” (type 3) code “fragmentation required but don’t fragment set” (code 4)
Type (3) Code (4) Checksum MBZ MTU of next network hop
IP Header (including options) and first 8 bytes of original IP datagram data MTU Discovery Using Don’t Fragment Packets
N1 N2 N3 MTU = 1500 MTU = 875 MTU = 770
A D B C
Packet Size = 770 Packet Size = 1500 ICMP Next = 875 Packet Size = 875 ICMP Next = 770 ICMP Source Quench
If a router / host discards datagrams due to buffer overflows, it may send a ICMP source quench message
Can be used to slow down transmission rate UDP Ports
UDP port and TCP ports are separate name spaces UDP port 80 doesn’t mean the same thing as TCP port 80
UDP ports are unique to a specific interface port 80 on loopback is not the same as port 80 on eth0
Most POSIX/UNIX systems let you specify “wildcards” IPADDR_ANY is a special address (0.0.0.0) that is a wild card interface address Using netstat to see ports $ netstat -a –n
Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:7 0.0.0.0:0 LISTENING TCP 0.0.0.0:9 0.0.0.0:0 LISTENING TCP 0.0.0.0:13 0.0.0.0:0 LISTENING TCP 0.0.0.0:17 0.0.0.0:0 LISTENING TCP 0.0.0.0:19 0.0.0.0:0 LISTENING TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:23 0.0.0.0:0 LISTENING TCP 0.0.0.0:25 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 127.0.0.1:1169 0.0.0.0:0 LISTENING TCP 141.218.143.76:1167 141.210.180.18:80 CLOSE_WAIT TCP 141.218.143.76:1328 141.218.143.215:22 ESTABLISHED TCP 141.218.143.76:1331 64.233.167.99:80 ESTABLISHED TCP [::]:2107 [::]:0 LISTENING UDP 0.0.0.0:7 *:* UDP 0.0.0.0:9 *:* UDP 0.0.0.0:13 *:* UDP 0.0.0.0:17 *:* UDP 0.0.0.0:19 *:* UDP 0.0.0.0:161 *:* UDP 0.0.0.0:162 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3456 *:* UDP [::]:19 *:* Using netstat to see interfaces
bash-2.05$ netstat –in Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis lo0 8232 127.0.0.0 127.0.0.1 2888944 0 2888944 0 0 hme0 1500 141.218.143.0 141.218.143.215 148045535 33690 14290468 0 0 References
Cisco Networking Academy Program (CCNA), Cisco Press.
CSCI-5273 : Computer Networks, Dirk Grunwald, University of Colorado-Boulder
CSCI-4220: Network Programming, Dave Hollinger, Rensselaer Polytechnic Institute.
TCP/IP Illustrated, Volume 1, Stevens.
Java Network Programming and Distributed Computing, Reilly & Reilly.
Computer Networks: A Systems Approach, Peterson & Davie.
http://www.firewall.cx
http://www.javasoft.com