-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy pathTCP.protocol.txt
85 lines (74 loc) · 4.8 KB
/
TCP.protocol.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
┏━━━━━━━━━┓
┃ TCP ┃
┗━━━━━━━━━┛
FEATURES ==> #Transport layer, i.e. add features over IP
#Re-order out-of-order IP requests
#Reliability, data corruption: error correction
#Packet loss, duplicate packets???
#Session: arbitrary large TCP request, despite being broken in multiple fixed-size IP requests
PACKET STRUCTURE ==> #In bytes
#0-1: source port
#2-3: destination port
#4-7: SEQ number
#8-11: ACK number
#12 (first 4 bits) (data offset): header size (including Options), divided by 4
#12 (last 4 bits): reserved
#13 (flags): CWR, ECE, URG, ACK, PSH, RST, SYN, FIN
#14-15: window size
#16-17: checksum
#18-19: URG
#20[-480]: Options
PORT ==> #Identifies the application layer protocol
#Ranges:
# - 0-1023: standard
# - 1024-49151: registered, for custom protocol
# - 49152-65535: ephemeral, for applications
STANDARD PORTS ==> #Among:
# - 21 (FTP)
# - 22 (SSH)
# - 23 (Telnet)
# - 25 (SMTP)
# - 53 (DNS)
# - 80 (HTTP)
# - 110 (POP3)
# - 143 (IMAP2)
# - 194 (IRC)
# - 443 (HTTPS)
PORT SCANNING ==> #Test each port on a host to know which is available
PORT SWEEPING ==> #Test a specific port on multiple hosts
SOCKET ==> #IP address (or host) + transport layer + application layer
#Written [PROTOCOL://]IP|HOST[:PORT]
THREE-TIME HANDSHAKE ==> #A -> B: SYN, SEQ1
#A <- B: SYN, SEQ2, ACK1 (SEQ1 + 1)
#A -> B: SEQ3 (ACK1), ACK2 (SEQ2 + 1)
DATA TRANSMISSION ==> #No SYN|ACK flag
#SEQ number:
# - last ACK number
# - i.e. number of bytes sent
#ACK number:
# - last SEQ number + current packet size
# - i.e. number of bytes received
DISCONNECT ==> #A -> B: FIN
#A <- B: ACK, FIN
#A -> B: ACK
KEEPALIVE ==> #Poll the other socket with empty packet.
#If no response, close connection.
#Parameters:
# - interval NUM: poll frequency (e.g. 1s)
# - time NUM: max time to poll (e.g. 2h)
# - retry NUM: max times to retry on failure
#Completely unrelated to HTTP keepalive
NAGLE'S ALGORITHM ==> #Inverse is called "no-delay"
#Increase packet size by buffering outgoing requests
# - until receiver acknowledges previous requests
#Same pros|cons as MTU size (see its doc)
#Even without it, underlying IOSTREAM still use buffer to keep up with high demand
SPOOFING ==> #Guessing SEQ numbers to steal session
DOS #Denial Of Service
#Limit server availability by sending lot of requests
DDOS ==> #Distributed DOS, using a botnet
SYN FLOOD ==> #DOS using SYN requests with different SEQ numbers but no following ACK request
#This makes server keep one new connexion for each request
telnet HOST PORT #CLI TCP client
BROWSER DEBUGGING ==> # - about:net-internals#sockets (Chrome)
# - about:networking#sockets (Firefox)