User Datagram Protocol (UDP) IP Packet UDP Datagram IP UDP UDP Header Header Data 20 bytes 8 bytes UDP Header 16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt) Data (if any) UDP Length 16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt) Data (if any) IP UDP UDP Header Header Data UDP Checksum 16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt) Data (if any) IP UDP UDP Header Header Data IP Pesudo-Header IP Pseudo-Header 32-bit Source IP address 32-bit Destination IP address MBZ Protocol 16-bit UDP Length 16-bit Source Port # 16-bit Destination Port # 16-bit UDP Length 16-bit UDP Checksum (opt) Data (if any) Possible odd byte PAD UDP Checksum Checksum calculated like IP checksum, but use pseudo- IP header to insure packet arrived at proper host If transmitted checksum field is zero, it means sender didn’t compute the checksum. If the computed checksum would be zero, it’s represented as 65535 Packets with checksum errors are not reported IP Fragmentation When a router transits a packet that is too large for the MTU of the outgoing link, the packet is fragmented Fragmented packets are not reassembled until they reach their final destination Fragments may also be fragmented Fragments are identified using packet ID and fragment offset Typically, if any fragment is lost, a router will discard all fragments. Routers usually only discover fragment loss if they drop the fragment themselves. The endpoint assumes fragments are lost after 30-60 seconds Packets vs. Datagrams An IP datagram is the unit of end-to-end transmission at the IP layer (before fragmentation & after reassembly) A packet is the unit of data passed between the IP layer and the link layer. A packet can be a complete IP datagram or a fragment IP Fragmentation IP Payload Header IP Payload Header IP Payload More Fragements Header is Set IP Payload Header More Fragements is NOT Set IP Fragmentation – Identifying Fields IP Payload Header IP Payload Header Ver HdrLth Type of Svc Total length (in bytes) 16-bit Packet Identification Flags Fragment Offset Time To Live Protocol Header Checksum Source IP Address Destination IP Address ... (options, if any)... IP Fragmentation IP Payload Header IP Payload Header Ver HdrLth Type of Svc Total length (in bytes) 16-bit Packet Identification Flags Fragment Offset Time To Live Protocol Header Checksum Source IP Address Destination IP Address ... (options, if any)... Don’t Fragment One of the IPv4 header flags specifies that this packet should not be fragmented Ver HdrLth Type of Svc Total length (in bytes) Flags 16-bit Packet Identification Fragment Offset (13-bits) (3-bits) Time To Live Protocol Header Checksum Source IP Address D M Destination IP Address R F F ... (options, if any)... Reserved Don’t More Fragment Fragments ICMP Unreachable Error Attempting to fragment a fragment with don’t fragment flag set generates an ICMP error packet ICMP type “destination unreachable” (type 3) code “fragmentation required but don’t fragment set” (code 4) Type (3) Code (4) Checksum MBZ MTU of next network hop IP Header (including options) and first 8 bytes of original IP datagram data MTU Discovery Using Don’t Fragment Packets N1 N2 N3 MTU = 1500 MTU = 875 MTU = 770 A D B C Packet Size = 770 Packet Size = 1500 ICMP Next = 875 Packet Size = 875 ICMP Next = 770 ICMP Source Quench If a router / host discards datagrams due to buffer overflows, it may send a ICMP source quench message Can be used to slow down transmission rate UDP Ports UDP port and TCP ports are separate name spaces UDP port 80 doesn’t mean the same thing as TCP port 80 UDP ports are unique to a specific interface port 80 on loopback is not the same as port 80 on eth0 Most POSIX/UNIX systems let you specify “wildcards” IPADDR_ANY is a special address (0.0.0.0) that is a wild card interface address Using netstat to see ports $ netstat -a –n Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:7 0.0.0.0:0 LISTENING TCP 0.0.0.0:9 0.0.0.0:0 LISTENING TCP 0.0.0.0:13 0.0.0.0:0 LISTENING TCP 0.0.0.0:17 0.0.0.0:0 LISTENING TCP 0.0.0.0:19 0.0.0.0:0 LISTENING TCP 0.0.0.0:21 0.0.0.0:0 LISTENING TCP 0.0.0.0:23 0.0.0.0:0 LISTENING TCP 0.0.0.0:25 0.0.0.0:0 LISTENING TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 127.0.0.1:1169 0.0.0.0:0 LISTENING TCP 141.218.143.76:1167 141.210.180.18:80 CLOSE_WAIT TCP 141.218.143.76:1328 141.218.143.215:22 ESTABLISHED TCP 141.218.143.76:1331 64.233.167.99:80 ESTABLISHED TCP [::]:2107 [::]:0 LISTENING UDP 0.0.0.0:7 *:* UDP 0.0.0.0:9 *:* UDP 0.0.0.0:13 *:* UDP 0.0.0.0:17 *:* UDP 0.0.0.0:19 *:* UDP 0.0.0.0:161 *:* UDP 0.0.0.0:162 *:* UDP 0.0.0.0:445 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3456 *:* UDP [::]:19 *:* Using netstat to see interfaces bash-2.05$ netstat –in Name Mtu Net/Dest Address Ipkts Ierrs Opkts Oerrs Collis lo0 8232 127.0.0.0 127.0.0.1 2888944 0 2888944 0 0 hme0 1500 141.218.143.0 141.218.143.215 148045535 33690 14290468 0 0 References Cisco Networking Academy Program (CCNA), Cisco Press. CSCI-5273 : Computer Networks, Dirk Grunwald, University of Colorado-Boulder CSCI-4220: Network Programming, Dave Hollinger, Rensselaer Polytechnic Institute. TCP/IP Illustrated, Volume 1, Stevens. Java Network Programming and Distributed Computing, Reilly & Reilly. Computer Networks: A Systems Approach, Peterson & Davie. http://www.firewall.cx http://www.javasoft.com.