Pages

Friday, August 31, 2012

flash videos link

http://202.207.160.42/webStudy/ZXXX/ccna/en_CCNA1_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccna/en_CCNA2_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccna/en_CCNA3_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccna/en_CCNA4_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccnp/en_CCNP1_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccnp/en_CCNP2_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccnp/en_CCNP3_v30/main.swf

http://202.207.160.42/webStudy/ZXXX/ccnp/en_CCNP4_v30/main.swf

http://www.cisco.com/image/gif/paws/10556/spanning_tree1.swf

http://www.ccna.com.br/flash/vtp/index.swf

http://cisco.chinaitlab.com/UploadFiles_6776/200601/20060105100438450.swf

http://www.techtionary.com/members/slides/b/bgp-protocol.swf

http://www.cisco.com/warp/public/473/spanning_tree1.swf

http://www.cisco.com/warp/public/473/vtp_flash/

http://www.cisco.com/warp/public/473/lan-switch-transparent.swf

http://www.coursehero.com/flashcards/430735/CCNP-SWITCH-642-813-Advanced-Spanning-Tree-Security/

http://www.coursehero.com/flashcards/169198/CCNA-TERMS/

http://www.coursehero.com/flashcards/22469/cisco/

http://www.coursehero.com/flashcards/174902/Cisco-4/

http://www.coursehero.com/flashcards/430634/BGP-RegEx/

http://www.coursehero.com/flashcards/search.php?search=OSPF+&search-submit=Search

http://www.cisco.com/image/gif/paws/6450/nat.swf

http://icon.clnchina.com.cn/attachment/6/6/5/6566_MPLS_VPN.swf

http://www.slideserve.com/presentation/12840/OSPF

http://cmsapps.sea.siemens.com/sitrain/wbt/ether_en/swf/kap_03_3.swf

http://cmsapps.sea.siemens.com/sitrain/wbt/ether_en/swf/kap_03_1.swf

http://www.oxid.it/downloads/apr-intro.swf

http://support.dlink.co.id/STP/Configuration%20Examples%20%20STP-RSTP-MSTP.swf

http://202.207.160.42/webStudy/ZXXX/lab-sem3/eLab_Sem3_v1/flash/activities/acl.swf

http://www.ccontrols.com/flash/tutorial.swf

http://202.207.160.42/webStudy/ZXXX/ccnp/en_CCNP1_v30/flash/ch04/4_1_1.swf

http://202.207.160.42/webStudy/ZXXX/ccnp/en_CCNP3_v30/flash/ch03/3_1_3.swf

http://202.207.160.42/webStudy/ZXXX/lab-sem3/eLab_Sem3_v1/flash/activities/routed_routing_protocols.swf

http://itt.century.edu/Cisco/CCNP/en_CCNP2_v50/flash/ch06/CCNP2_6_1_8_en.swf

http://www.gl.com/Presentations/flash/audiovisual/TC_AudioVisual/sec2.swf

http://itec.hust.edu.cn/comnet_demo/flash/TCP/TCPCongestionControl.swf

http://niatec.info/mediacontent/cisco/media/targets/resources_mod07/7_1_1_IOS_Release12_3.swf

ASA :
Active Active failover :
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM6_ASA_beta/course_skin.html
Active Standby failover:
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM10_ASA_beta/course_skin.html
IPS :
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM5_ASA_beta/course_skin.html
MPF:
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM3_ASA_beta/course_skin.html
ACP:
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM8_ASA_beta/course_skin.html
SSL VPN:
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM13_ASA_beta/course_skin.html
Web VPN
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM11_ASA_beta/course_skin.html
Using Citrix SSL VPN clientless
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM14_ASA_beta/course_skin.html
Clustering
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM7_ASA_beta/course_skin.html











Thursday, August 30, 2012

TCL tips !!


1 Always specify level value for uplevel command.
2 Always specify level value for upvar command.
The uplevel and upvar commands are used to evaluate scripts and link to variables (that is, pass by
reference) in another scope in the call stack. Both commands take an optional level argument, which
can be used to indicate the location in the stack.

1 Use “--” to mark end of $command options.
Tcl commands that take an arbitrary number of hyphenated options before other arguments typically
also accept an optional -- argument indicating the end of the options and the start of other arguments.
These include switch, regexp, and regsub commands.

Commands end with newline or semicolon: \n or ;
In most cases, don’t put more than one command
on a line!
Continuation character is backslash: \
Indent lines that are continued; 4 spaces are recommended
Comment the following string(s) with the pound sign: #

“Glob” special symbols or patterns for matching include:
* 0 or more of any sequence of characters
? any single character
[abc] or [a-c] any one of the characters a, b, or c
{a,b,c} any of the patterns a, b, or c
\x matches the character x

argv—list of arguments passed to interpreter.
puts $argv
argc—argument count.
argv0—name of the script or program that starts the interpreter.

Strings, Lists, Arrays, and Keyed Lists—The Tcl interpreter supports several mechanisms for
storing and retrieving variable data. Each method provides a different way of viewing the contents
of a string and supports its own list of commands for accessing the string. The access methods for
string data include:
String—A string of characters including ascii and special characters. String manipulation
commands allow you to work with blocks of characters (strings) within a string.
List—A space or quote delimited string of words, numbers, or special characters. The list
manipulation commands let you manipulate and query individual elements within the list.
Array—Stores multiple values accessible through a unique index. Arrays provide quick access
to individual string elements.
Keyed List—The Tcl equivalent of a C “struct.” Keyed lists support the definition of complex
data structures that stores a hierarchical view of string data.

lsearch ?mode? Return the element offset of within . Returns ‘-1’
if matches no element within . The optional mode can take the following values:
If unspecified, the default mode is -glob.
Let’s look at some examples:
expect4.1> lsearch {zero one two three four} two
2
expect4.2> lsearch {zero one two three four} tw*
2
expect4.3> lsearch -exact {zero one two three four} tw*
-1
expect4.4>

Array Operations
Arrays—Arrays allow you to group multiple strings together in a single variable that makes it easy
to identify all strings of a particular type or class. You specify an array by providing a variable name
followed by an index enclosed in parentheses (). You can use any symbolic name for the index, but
in many cases you’ll find it useful to use numeric values.
Let’s see some examples:
expect4.1> set my_array(1) value
value
expect4.2> puts $my_array(1)
value
expect4.3> set my_array(index) {another value}
another value
expect4.4> puts $my_array(index)
another value
expect4.5>
Note that since the index string can contain just about any characters, you can easily simulate
multidimensional arrays as in the following example:
for {set i1 0} {$i1 < 10} {incr i1} {
for {set i2 0} {$i2 < 10} {incr i2} {
set array_variable($i1,$i2) "$i1$i2"
}
}
puts $array_variable(3,3)

Keyed List Operations
Keyed lists use a specific format of a nested list to simulate Cstyle structs.
Each “element” is a ‘key/value’ pair, essentially a 2-element list.
Key/value pairs are called “fields”.
keylset ? …?
Set list elements.
keyldel
Delete a keyed list element.
keylget ?? ? | { }?
Get a keyed list element.
keylkeys ??
List the keys in a keyed list.

break and continue are used for control of while, for, and foreach loops.
Example break statement:
while 1{
if 1 break ;# terminate innermost
}
Example continue statement:
foreach var [info commands] {
if {![string match {p*} $var]} {
continue ;# go to top of loop
}
puts $var
}

catch is used to change the actions produced by errors
Example:
if {[catch {set foobar} errmsg]} {
puts “the message output: $errmsg”
}
May take up to two arguments:
A command block to execute.
An optional variable to store error messages within.
Returns:
1 if an error has been caught.
0 otherwise.

The argument can take any of the following values:
Note that you can’t write to a file opened for reading and can’t read a file opened for writing. The
default is “r” for read access.
r Open for reading; file must already exist. This is the default.
r+ Open for reading and writing; file must already exist. It is truncated if written to.
w Open for writing; file is truncated if it exists, otherwise it is created.
w+ Open for reading and writing; file is truncated if it exists, otherwise it is created.
a Open for writing; data appended to end of the file; file is created if it does not exist.
a+ Open for reading and writing; data appended to end of the file; file is created if it does not exist.

Procedure Definition—Tcl procedures are defined through the use of the proc command. This
command accepts three arguments: the procedure name, an argument list, and the body of the
procedure. The argument list names the variables that will be set with the arguments passed during
procedure invocation. This list defines the number of arguments expected by the procedure and the
names by which the procedure will refer to the argument data. The body of the procedure specifies
the Tcl code that implements the procedure.

A procedure can return a value by using the
return command:
return 1 or return $value
If there is no return command, the procedure will
return the value returned by the last command executed in the body.

Passing Arguments by Reference
When arguments are passed by reference, changes to a variable modify the caller’s name space.
Syntax of the upvar command:
upvar ??
By default, is the caller’s stack level, “1”.
upvar [n] ... References the level stacks down
upvar [#n] ... References level ; the global level is #0
Example:
proc myset {varname} {
upvar $varname localvar; set localvar 2
}
set foo 1
myset foo
puts $foo ;# prints 2

Passing Arguments by Reference
Most programming language implement one of two methods for passing argument data: passing by
reference or passing by value. The FORTRAN language passes argument to routines by reference.
This means that rather than passing the contents of a variable, a pointer to the variable is passed to
the routine. If the routine modifies the variable then the contents of the variable in the caller’s name
space is modified.
The Tcl language, like the C language in which it is implemented, passes arguments by value. This
means that rather than passing a pointer to the variable, a copy of the variable’s contents is made in
the procedures namespace. No modifications made to the variable within the body of the procedure
will affect the contents of the variable in the caller’s namespace. This allows you to implement
procedures like the following:
# Print "Hello World" a specified number of times
proc print_hello {count} {
for {} {$count > 0} {incr count -1} {
puts "Hello World"
}
}
set var 2
print_hello $var
# prints Hello World
puts $var
# prints 2

Tcl allows you to pass arguments by reference through the use of the upvar command. The format
of the upvar command is as follows:
upvar ?? ? ...?
The is the name of the variable outside the local scope while is the variable
name that will be used to refer to that variable locally. can be a variable, an array, or an
array element.
Note You will need to use passing by reference to pass array information to a procedure. Array
values can not be passed as procedure arguments. Keyed lists should also be passed by reference.
For example:
# Set a variable in the caller's scope
proc myset {varname} {
upvar 1 $varname localvar
set localvar 2
}
expect4.2> info exists myvar
0
expect4.3> myset myvar
2
expect4.4> info exists myvar
1
expect4.5> puts $myvar
2
Notice that rather than passing the contents of variable “myvar” to “myset”, the name of the variable
is passed. The “myset” procedure then uses the upvar command to map a local variable name,
localvar, to myvar in the callers stack.
The option allows you to specify the level at which the variable exists that you are
referencing. By default, upvar references the callers stack level. You can modify the referenced
levels using two formats:
You’ll typically allow the to default to “1”. The following example produces similar effects
to the global command:
upvar #0 global_var myvar
This maps the local variable “myvar” to the variable “global_var” at global level.
Essentially, upvar aliases a variable in a different scope to a local variable.
Note It’s recommended that you always specify the level, as it can run into problems if the variable
name begins with a digit or # sign. It’s also recommended to use the same variable names for
otherVar and myVar, except that otherVar has underscore before it. This makes it easier to associate
the two variables

Using the “uplevel” command
The uplevel command is used to execute code outside
the scope of a procedure.
Syntax:
uplevel ?? \
?? ...
By default, is the caller’s stack level, “1”.
uplevel [n] ... References the level stacks down
uplevel [#n] ... References level
Returns the result of executing the command.
Examples:
uplevel info vars
uplevel #0 info vars
– Results in an error when executed at the command prompt.

Using the “uplevel” Command
Executing Code Outside Your Scope—The uplevel command can be used to execute code outside
the scope of a procedure. This command accepts a variable number of arguments: an optional level
at which to execute the code and the command to execute with its arguments. uplevel returns the
result from executing the command. For example:
# Show the variable in the caller's stack
uplevel info vars
# Show the variables at global level
uplevel #0 info vars
The “test_config” procedure used to organize test scripts uses the uplevel command to remove its
own stack level as in:
proc test_config {args} {
uplevel eval $args
}

Thursday, August 16, 2012

FTP

FTP stands for File Transfer Protocol. It is a standard network protocol used for transferring files between a client and a server on a computer network. FTP operates on the client-server model, where one device acts as the client requesting files, and another device acts as the server providing access to files.

Here are some common use cases of FTP:

1. **File Sharing**: FTP is commonly used for sharing files between users or groups of users over a network. Users can upload files to an FTP server, making them accessible to authorized users for download.

2. **Website Hosting**: Many website hosting providers use FTP to allow users to upload website files (such as HTML, CSS, and image files) to their web servers. Web developers and administrators use FTP clients to upload, update, and manage website content on the server.

3. **Software Distribution**: FTP is often used for distributing software packages, updates, patches, and other large files over the internet. Software developers and vendors can host files on FTP servers, allowing users to download them from anywhere with an internet connection.

4. **Backup and Archiving**: FTP can be used for backing up files and data to remote servers. Organizations may use FTP to transfer backups of critical data to off-site locations for disaster recovery purposes.

5. **Media Streaming**: FTP can be used for transferring media files, such as audio or video files, over a network. While not as efficient as dedicated streaming protocols, FTP can still be used to distribute media content to users who prefer to download files for offline playback.

6. **Remote File Access**: FTP can provide remote access to files stored on a server. Users can connect to an FTP server from any location with internet access, allowing them to access, download, and upload files stored on the server.

7. **Automated File Transfers**: FTP can be integrated into automated workflows and scripts to facilitate scheduled or batch file transfers between systems. Automated FTP transfers are commonly used for tasks such as synchronizing files between servers, updating databases, or processing data feeds.

Overall, FTP is a versatile protocol that facilitates the secure and efficient transfer of files over networks, making it a valuable tool for various use cases in both personal and business environments.

1. What is FTP Used for?
FTP is used to transfer files over a network.

2. Does FTP use TCP or UDP as it’s transport layer protocol?
TCP

3. Which is one FTP Server you have installed?
Window 2003 /Windows XP/ Ubuntu

4. Which FTP command is used to upload and download files from the client to the server?
PUT and GET

5. How many TCP 3 way connections  are established between the FTP client and the server before data can be exchanged
a) 1
b) 2
c) 3
d) 4

Which command can the FTP client use to download a file from the FTP server
a) get
b) put
c) mkdir
d) None of these

In Active FTP, which of the devices would send the PORT command
a) FTP client
b) FTP Server
c) Switch
d) PORT command is used only on the internet

Where should the type of FTP (Active or Passive) be configured
a) FTP Server
b) FTP Client
c) FTP Client and FTP Server
d) None of the above

If the client and the server is configured for passive FTP,  which device would initiate the TCP data connection
a) FTP Client
b) FTP Server
c) Switch
d) None of the above

What information is not available in the PORT command
a) Port number to which the TCP connection is to be initiated
b) IP address to which the TCP connection is to be initiated
c) IP address of the switch
d) None of the above

What would be the TCP source port number which would be used by the FTP client to initiate the control connection
a) dynamic port number
b) 21
c) 20
d) A registered port number

When is the FTP PORT command sent?
a) After the control connection is established
b) After the data connection is established
c) After the data is exchanged
d) Before the control connection is established

If the FTP Server is configured for anonymous access, which TCP connections for establishing the FTP connection can be avoided.
a) FTP Control connection
b) FTP Data connection
c) Both control and data connection would be used irrespective of the access type
d) FTP anonymous connection









Internet Troubleshooting


Problem: The user on PC1 is unable to access an internet.

Network Troubleshooting tips:
1. Verify the link and cable with PC1 and the switch.
2. Verify that the configured IP address on PC1 is valid.
2. Test connectivity with PC2, issue  a ping
3. Test the connectivity with the router from PC1, which is the default gateway, issue a ping.
4. Ensure that the default gateway and DNS server IP address is configured on PC1.
5. Ensure that the DNS server IP address configured on PC1 is reachable. Issue a ping to the DNS server from PC1
6. Verify that the internet link of the router is up.
7. Ensure that the router has received a public IP address from the ISP.
8. Ensure that the default gateway IP address of the router is reachable from the router, Issue a ping from the router's console.
9. Verify NAT (Network address translation) configuration on the router.

Remote Connectivity.



Refer the exhibit above:
PC2 is located in UK and has a public IP address assigned by the respective ISP. The ADSL router in India also has a public IP address from the respective ISP in India.  The ADSL router is configured for PAT (Port address translation). PC1 has a private IP address and has a Web Server enabled.
Questions
1. What should be done in the above configuration so that the web server on PC1 is accessible to PC2.
2. What would be the source IP address of an IP packet which sends data from PC1 to PC2 when it reaches PC2.
3.  Should PC1 have a public IP address for it to be accessible by PC2.
4. How does an IP packet initiated from PC1 reach PC2.
5. How does PC2 know the IP address to reach PC1
Answers
1. The router should be configured for port-forwarding feature. The internal IP address of PC1 should be mapped to correct port; In this case, the web server port which is TCP port 80
2. The source IP address of the IP packet would be the routers public IP address. This is because the private IP address of PC1 would be translated at the router's interface before it exits the router.
3. It is not necessary for PC1 to have a public IP address. Port forwarding can be configured for the internal private IP address.
4. The IP packet initiated from PC1 to PC2 would be send to the router. On the router, PAT would be applied on the IP packet, which would translate the source IP address in the IP packet. After this process, the default route on the router would forward the packet to it's default gateway, which would then forward to it’s gateway and ultimately the packet would reach the destination. (PC2)
5. In the above scenario, PC1 has a private IP address. So PC2 would need to know the IP address of the ADSL router which would then forward the packet to PC1 since port forwarding is configured on it.

What is the difference between NAT and Proxy Server


Take a scenario where there are two organizations. Organization 1 has an internet connection, which is shared by the users of the organization with a NAT device. Organization 2 has an internet connection, which is shared by the users of the organization by a proxy server. Let’s understand what happens in both the scenarios.
Assume that the default gateway address of the TCP/IP adapter setting of the users PC is configured with the IP address of the NAT device. At organization 1, when a user attempts to access a device on the internet through any protocol like HTTP, FTP, Ping, Telnet etc, the IP packet carrying the traffic would be sent to the default gateway and NAT applied on the packet. When NAT is applied, the source IP address of the IP packet generated by the user would be re-written with the IP address of the NAT device irrespective of the type of protocol. So all IP packets would be translated and most types of IP traffic can flow through NAT.
At organization 2, the default gateway configured on the TCP/IP adapter settings of the Users PC is the Proxy Servers IP address. Additionally, the browser is also configured with the Proxy Servers IP address. When a user initiates HTTP traffic ( Typing a URL on the browser ), the request would be sent to the Proxy server and the source IP address of the IP packet would be re-written with the Proxy Servers IP address. What would happen if the user tries to FTP or Ping a device which is on the internet? The request goes to the proxy server because the default gateway is the proxy servers IP address. But when the packet reaches the Server, it does not have the capacity to re-write the source, because the proxy server supports only packets carrying HTTP traffic. This is why also other packets apart from HTTP are dropped.

What happens when you ping a website

Take a scenario, where a user pings the website www.tcpipguru.com from a PC. On the PC screen from where the ping is issued, the reply is from an IP address and not from the website name www.tcpipguru.com. Network communications are based on IP addresses and not domain names. When the command ping www.tcpipguru.com is typed, a DNS query is sent by the PC to the DNS server IP address which is configured on the TCP/IP adapter settings of the PC, to retrieve the IP address of www.tcpipguru.com. After the IP address is received, the ICMP request (Ping request) is sent to the IP address of the website to which the server sends a reply.

How does an IP Packet prevent looping!

IP Packet contains a field called TTL – (Time To Live) in the header. Assume that computer 1 on a network pings computer 2 on another network. The networks are separated by a router. When the pings packet exits computer 1, the default TTL value is set by the operating system (128, 64 etc). When the IP Packet crosses the router, the router would decrement the TTL value by 1 and forward it to computer 2. Routers or Layer 3 devices would decrement the value of TTL by 1 every time an IP Packet passes through it, and ultimately when the TTL value reaches 0, the router which is in possession of the packet would drop it.

Duplicate IP addresses detection.

Many times, we see that computers trigger a message when duplicate IP addresses are detected. When a user configures a computer with an IP address, the operating system sends out a gratuitous ARP request on the network. Gratuitous ARP is a layer 1 protocol in the tcp ip model. The gratuitous ARP contains the sender and the target IP address in the ARP Packet as the same value (The IP address which is configured on the computer). The target mac-address is FF-FF-FF-FF-FF-FF (broadcast). If a computer on the network, has the IP address as the same value in the Gratuitous ARP packet, it would send a reply. When the initiator receives the reply, it would signal a duplicate IP address detection on the GUI of the operating system.

What port does ping use !!




The article explains the reason as to why there are not ports associated with a ping.
In the above diagram, there are two PC ’s, PC1 and PC2. When PC1 initiates a ping to PC2, the ping packet is constructed on PC1. The source IP address of the IP header carrying the ping packet would be PC1′s IP address and destination IP address is that of PC2.
Ping uses ICMP at the network layer for communication. Ping does not use any transport layer protocols like TCP or UDP. It is a protocol which does not have a TCP or UDP header. ICMP does not use any port numbers, unlike applications which use TCP or UDP. ICMP uses sequence numbers for tracking ICMP packets.
When PC1 pings PC2, the ICMP header generated by PC1 would contain a sequence number, which would be used to track the packet. So when PC2 generates the response, the sequence number would be used and not port numbers.


Timestamp

Timestamp is used for time synchronization. The originating timestamp is set to the time (in milliseconds since midnight) the sender last touched the packet. The receive and transmit timestamps are not used.
Timestamp message
0001020304050607080910111213141516171819202122232425262728293031
Type = 13Code = 0Header checksum
IdentifierSequence number
Originate timestamp
Receive timestamp
Transmit timestamp
Where:
Type must be set to 13
Code must be set to 0
Identifier and Sequence Number can be used by the client to match the timestamp reply with the timestamp request.
Originate timestamp is the number of milliseconds since midnight Universal Time (UT). If a UT reference is not available the most-significant bit can be set to indicate a non-standard time value.

Tuesday, August 7, 2012

TCP (Transmission Control Protocol)

TCP is a transport layer protocol used by applications that require guaranteed delivery. It is a sliding window protocol that provides handling for both timeouts and retransmissions.
TCP establishes a full duplex virtual connection between two endpoints. Each endpoint is defined by an IP address and a TCP port number. The operation of TCP is implemented as a finite state machine.
The byte stream is transferred in segments. The window size determines the number of bytes of data that can be sent before an acknowledgment from the receiver is necessary.

MAC headerIP headerTCP headerData :::

TCP header:

0001020304050607080910111213141516171819202122232425262728293031
Source PortDestination Port
Sequence Number
Acknowledgment Number
Data OffsetreservedECNControl BitsWindow
ChecksumUrgent Pointer
Options and padding :::
Data :::

Source Port. 16 bits.

Destination Port. 16 bits.

Sequence Number. 32 bits.
The sequence number of the first data byte in this segment. If the SYN bit is set, the sequence number is the initial sequence number and the first data byte is initial sequence number + 1.

Acknowledgment Number. 32 bits.
If the ACK bit is set, this field contains the value of the next sequence number the sender of the segment is expecting to receive. Once a connection is established this is always sent.

Data Offset. 4 bits.
The number of 32-bit words in the TCP header. This indicates where the data begins. The length of the TCP header is always a multiple of 32 bits.

reserved. 3 bits.
Must be cleared to zero.

ECN, Explicit Congestion Notification. 3 bits.
Added in RFC 3168.
000102
NCE
N, NS, Nonce Sum. 1 bit.
Added in RFC 3540. This is an optional field added to ECN intended to protect against accidental or malicious concealment of marked packets from the TCP sender.
C, CWR. 1 bit.
E, ECE, ECN-Echo. 1 bit.
Control Bits. 6 bits.
000102030405
UAPRSF
U, URG. 1 bit.
Urgent pointer valid flag.
A, ACK. 1 bit.
Acknowledgment number valid flag.
P, PSH. 1 bit.
Push flag.
R, RST. 1 bit.
Reset connection flag.
S, SYN. 1 bit.
Synchronize sequence numbers flag.
F, FIN. 1 bit.
End of data flag.
Window. 16 bits, unsigned.
The number of data bytes beginning with the one indicated in the acknowledgment field which the sender of this segment is willing to accept.

Checksum. 16 bits.
This is computed as the 16-bit one's complement of the one's complement sum of a pseudo header of information from the IP header, the TCP header, and the data, padded as needed with zero bytes at the end to make a multiple of two bytes. The pseudo header contains the following fields:

0001020304050607080910111213141516171819202122232425262728293031
Source IP address
Destination IP address
0IP ProtocolTotal length

Urgent Pointer. 16 bits, unsigned.
If the URG bit is set, this field points to the sequence number of the last byte in a sequence of urgent data.

Options. 0 to 40 bytes.
Options occupy space at the end of the TCP header. All options are included in the checksum. An option may begin on any byte boundary. The TCP header must be padded with zeros to make the header length a multiple of 32 bits.

KindLengthDescriptionReferences
01End of option list.RFC 793
11No operation.RFC 793
24MSS, Maximum Segment Size.RFC 793
33WSOPT, Window scale factor.RFC 1323
42SACK permitted.RFC 2018
5Variable.SACK.RFC 2018RFC 2883
66Echo. (obsolete).RFC 1072
76Echo reply. (obsolete).RFC 1072
810TSOPT, Timestamp.RFC 1323
92Partial Order Connection permitted.RFC 1693
103Partial Order service profile.RFC 1693
116CC, Connection Count.RFC 1644
126CC.NEWRFC 1644
136CC.ECHORFC 1644
143Alternate checksum request.RFC 1146
15Variable.Alternate checksum data.RFC 1146
16Skeeter.
17Bubba.
183Trailer Checksum Option.
1918MD5 signature.RFC 2385
20SCPS Capabilities.
21Selective Negative Acknowledgements.
22Record Boundaries.
23Corruption experienced.
24SNAP.
25
26TCP Compression Filter.
278Quick-Start Response.RFC 4782
284User Timeout.RFC 5482
29TCP-AO, TCP Authentication Option.RFC 5925
30MPTCP
31
-
252
253RFC3692-style Experiment 1.RFC 4727
254RFC3692-style Experiment 2.RFC 4727
255

Data. Variable length.

TCP State machine:
StateDescription
CLOSE-WAITWaits for a connection termination request from the remote host.
CLOSEDRepresents no connection state at all.
CLOSINGWaits for a connection termination request acknowledgment from the remote host.
ESTABLISHEDRepresents an open connection, data received can be delivered to the user. The normal state for the data transfer phase of the connection.
FIN-WAIT-1
FIN-WAIT-2Waits for a connection termination request from the remote host.
LAST-ACKWaits for an acknowledgment of the connection termination request previously sent to the remote host (which includes an acknowledgment of its connection termination request).
LISTENWaits for a connection request from any remote TCP and port.
SYN-RECEIVEDWaits for a confirming connection request acknowledgment after having both received and sent a connection request.
SYN-SENTWaits for a matching connection request after having sent a connection request.
TIME-WAITWaits for enough time to pass to be sure the remote host received the acknowledgment of its connection termination request.


The CLOSED state is the entry point to the TCP state machine.

Connection establishment

To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:
  1. SYN: The active open is performed by the client sending an SYN to the server. The client sets the segment's sequence number to a random value A.
  2. SYN-ACK: In response, the server replies with an SYN-ACK. The acknowledgment number is set to one more than the received sequence number (A + 1), and the sequence number that the server chooses for the packet is another random number, B.
  3. ACK: Finally, the client sends an ACK back to the server. The sequence number is set to the received acknowledgment value i.e. A + 1, and the acknowledgment number is set to one more than the received sequence number i.e. B + 1.
At this point, both the client and server have received an acknowledgment of the connection.

[edit]Connection termination


Connection termination
The connection termination phase uses, at most, a four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint. After both FIN/ACK exchanges are concluded, the terminating side waits for a timeout before finally closing the connection, during which time the local port is unavailable for new connections; this prevents confusion due to delayed packets being delivered during subsequent connections.
A connection can be "half-open", in which case one side has terminated its end, but the other has not. The side that has terminated can no longer send any data into the connection, but the other side can. The terminating side should continue reading the data until the other side terminates as well.
It is also possible to terminate the connection by a 3-way handshake, when host A sends a FIN and host B replies with a FIN &; ACK (merely combines 2 steps into one) and host A replies with an ACK. This is perhaps the most common method.
It is possible for both hosts to send FINs simultaneously then both just have to ACK. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions.
Some host TCP stacks may implement a half-duplex close sequence, as Linux or HP-UX do. If such a host actively closes a connection but still has not read all the incoming data the stack already received from the link, this host sends a RST instead of a FIN (Section 4.2.2.13 in RFC 1122). This allows a TCP application to be sure the remote application has read all the data the former sent—waiting the FIN from the remote side, when it actively closes the connection. However, the remote TCP stack cannot distinguish between connection Aborting RST and this Data Loss RST. Both cause the remote stack to throw away all the data it received, but that the application still didn't read

Glossary:

ABC, Appropriate Byte Counting.
Congestion control algorithm. A modification to the algorithm for increasing TCP's congestion window (cwnd) that improves both performance and security. Rather than increasing a TCP's congestion window based on the number of acknowledgments (ACKs) that arrive at the data sender, the congestion window is increased based on the number of bytes acknowledged by the arriving ACKs. The algorithm improves performance by mitigating the impact of delayed ACKs on the growth of cwnd. At the same time, the algorithm provides cwnd growth in direct relation to the probed capacity of a network path, therefore providing a more measured response to ACKs that cover only small amounts of data (less than a full segment size) than ACK counting. This more appropriate cwnd growth can improve both performance and can prevent inappropriate cwnd growth in response to a misbehaving receiver. On the other hand, in some cases the modified cwnd growth algorithm causes larger bursts of segments to be sent into the network. In some cases this can lead to a non-negligible increase in the drop rate and reduced performance.
active open.

AIMD, Additive Increase, Multiplicative Decrease.
Congestion control algorithm. (RFC 2914) In the absence of congestion, the TCP sender increases its congestion window by at most one packet per roundtrip time. In response to a congestion indication, the TCP sender decreases its congestion window by half. More precisely, the new congestion window is half of the minimum of the congestion window and the receiver's advertised window.

Congestion Avoidance.
Congestion control algorithm.

Connection.
A logical communication path identified by a pair of endpoints.

cwnd, congestion window.
TCP state variable. This variable limits the amount of data a TCP can send. At any given time, a TCP MUST NOT send data with a sequence number higher than the sum of the highest acknowledged sequence number and the minimum of cwnd and rwnd.
TCP uses two algorithms for increasing the congestion window. During steady-state, TCP uses the Congestion Avoidance algorithm to linearly increase the value of cwnd. At the beginning of a transfer, after a retransmission timeout or after a long idle period (in some implementations), TCP uses the Slow Start algorithm to increase cwnd exponentially. Slow Start bases the cwnd increase on the number of incoming acknowledgments. During congestion avoidance RFC 2581 allows more latitude in increasing cwnd, but traditionally implementations have based the increase on the number of arriving ACKs.

CWV, Congestion Window Validation. Algorithm.
This algorithm limits the amount of unused cwnd a TCP connection can accumulate. ABC can be used in conjunction with CWV to obtain an accurate measure of the network path.
Eifel. Algorithm.
(RFC 3522) This algorithm allows a TCP sender to detect a posteriori whether it has entered loss recovery unnecessarily. It requires that the TCP Timestamp option is enabled for a connection. Eifel makes use of the fact that the TCP Timestamp option eliminates the retransmission ambiguity in TCP. Based on the timestamp of the first acceptable ACK that arrives during loss recovery, it decides whether loss recovery was entered unnecessarily. The Eifel detection algorithm provides a basis for future TCP enhancements. This includes response algorithms to back out of loss recovery by restoring a TCP sender's congestion control state.

Fast Recovery. Congestion control algorithm.
A sender invokes the Fast Recovery after Fast Retransmit. This algorithm allows the sender to transmit at half its previous rate (regulating the growth of its window based on congestion avoidance), rather than having to begin a Slow Start. This also saves time.

Fast Retransmit. Congestion control algorithm.
(RFC 2757) When a TCP sender receives several duplicate ACKs, fast retransmit allows it to infer that a segment was lost. The sender retransmits what it considers to be this lost segment without waiting for the full timeout, thus saving time.

flight size.
The amount of data that has been sent but not yet acknowledged.

full sized segment.
A segment that contains the maximum number of data bytes permitted.

IW, Initial Window.
The size of the sender's congestion window after the three-way handshake is completed.

LFN, Long Fat Network.
A communications path with a large bandwidth * delay product.

LW, Loss Window.
The size of the congestion window after a TCP sender detects loss using its retransmission timer.

MSL, Maximum Segment Lifetime.
The maximum time in seconds that a segment may be held before being discarded.

MSS, Maximum Segment Size.
When IPv4 is used as the network protocol, the MSS is calculated as the maximum size of an IPv4 datagram minus 40 bytes.
When IPv6 is used as the network protcol, the MSS is calculated as the maximum packet size minus 60 bytes. An MSS of 65535 should be interpreted as infinity.

passive open.
PAWS, Protect Against Wrapped Sequences.
A mechanism to reject old duplicate segments that might corrupt an open TCP connection. PAWS uses the same TCP timestamp option as the RTTM mechanism and assumes that every received TCP segment (including data and ACK segments) contains a timestamp whose values are monotone non-decreasing in time. The basic idea is that a segment can be discarded as an old duplicate if it is received with a timestamp less than some timestamp recently received on this connection.

RMSS, Receiver Maximum Segment Size.
The size of the largest segment the receiver is willing to accept. This is the value specified in the MSS option sent by the receiver during connection startup. Or, if the MSS option is not used, 536 bytes. The size does not include the TCP headers and options.

RTT, Round trip time.
RTTM, Round-Trip Time Measurement.
A technique for measuring the RTT by use of timestamps. The data segments are timestamped using the TSOPT option. The resulting ACK packets contain timestamps from the receiver. The resulting RTT can then be determined by the difference in the timestamps.

RW, Restart Window.
The size of the congestion window after a TCP restarts transmission after an idle period.

rwmd, Receiver Window. TCP state variable.
The most recently advertised receiver window.

SACK, Selective Acknowledgement. Algorithm.
This technique allows the data receiver to inform the sender about all segments that have arrived successfully, so the sender need retransmit only the segments that have actually been lost. This extension uses two TCP options. The first is an enabling option, SACK permitted, which may be sent in a SYN segment to indicate that the SACK option can be used once the connection is established. The other is the SACK option itself, which may be sent over an established connection once permission has been given.

segment.
A TCP data or acknowledgment packet.

Slow Start. Congestion control algorithm.
This algorithm is used to gradually increase the size of the TCP congestion window. It operates by observing that the rate at which new packets should be injected into the network is the rate at which the acknowledgments are returned by the other end.

SMSS, Sender Maximum Segment Size.
The size of the largest segment that the sender can transmit. This value can be based on the maximum transmission unit of the network, the path MTU discovery algorithm, RMSS, or other factors. The size does not include the TCP headers and options.

SWS, Silly Window Syndrome.
TFRC, TCP Friendly Rate Control. Algorithm.
A congestion control mechanism for unicast flows operating in a best effort Internet environment. It is reasonably fair when competing for bandwidth with TCP flows, but has a much lower variation of throughput over time compared with TCP, making it more suitable for applications such as telephony or streaming media where a relatively smooth sending rate is of importance. TFRC is designed for applications that use a fixed packet size and vary their sending rate in packets per second in response to congestion.

Congestion window

In Transmission Control Protocol (TCP), the congestion window is one of the factors that determines the number of bytes that can be outstanding at any time. This is not to be confused with the TCP window size which is maintained by the receiver. This is a means of stopping the link between two places from getting overloaded with too much traffic. The size of this window is calculated by estimating how much congestion there is between the two places. The sender maintains the congestion window.
When a connection is set up, the congestion window is set to the maximum segment size (MSS) allowed on that connection. Further variance in the congestion window is dictated by an Additive Increase/Multiplicative Decrease approach.
This means that if all segments are received and the acknowledgments reach the sender on time, some constant is added to the window size. The window keeps growing exponentially until a timeout occurs or the receiver reaches its limit (a threshold value "ssthresh"). After this, the congestion window increases linearly at the rate of 1/(congestion window)packets on each new acknowledgment received.
On timeout:
  1. Congestion window is reset to 1 MSS
  2. "ssthresh" is set to half the window size before packet loss started
  3. "slow start" is initiated.

system administrator may adjust the maximum window size limit, or adjust the constant added during additive increase, as part of TCP tuning.
The flow of data over a TCP connection is also controlled by the use of the receiver advertised TCP Receive Window. By comparing its own congestion window with the receive window of the receiver, a sender can determine how much data it may send at any given time.

Maximum segment size

The maximum segment size (MSS) is a parameter of the TCP protocol that specifies the largest amount of data, specified in octets, that a computer or communications device can receive in a single TCP segment, and therefore in a single IP datagram. It does not count the TCP header or the IP header. The IP datagram containing a TCP segment may be self-contained within a single packet, or it may be reconstructed from several fragmented pieces; either way, the MSS limit applies to the total amount of data contained within the final reconstructed TCP segment.

Therefore: Headers + MSS ≤ MTU

The Minimum MSS = Largest datagram size that any host is required to be able to reassemble - IP header size - TCP header size
So every IPv4 host is required to be able to handle an MSS of at least 536 octets (= 576 - 20 - 20)
and every IPv6 host is required to be able to handle an MSS of at least 1220 octets (= 1280 - 40 - 20).[2]

For most computer users, the MSS option is established by operating system on the SYN packet during the TCP handshake. Each direction of data flow can use a different MSS.

Slow-start

Slow-start is one of the algorithms that TCP uses to control congestion inside the network. It is also known as the exponential growth phase.
During the exponential growth phase, slow-start works by increasing the TCP congestion window each time the acknowledgment is received. It increases the window size by the number of segments acknowledged. This happens until either an acknowledgment is not received for some segment or a predetermined threshold value is reached. If a loss event occurs, TCP assumes that it is due to network congestion and takes steps to reduce the offered load on the network. Once a loss event has occurred or the threshold has been reached, TCP enters the linear growth (congestion avoidance) phase. At this point, the window is increased by 1 segment for each RTT. This happens until a loss event occurs.

Although the strategy is referred to as "slow-start", its congestion window growth is quite aggressive, more aggressive than the congestion avoidance phase (Jacobson, 1988). Before "slow start" was introduced in TCP, the initial pre-congestion avoidance phase was even faster.
The TCP congestion avoidance algorithm is the primary basis for congestion control in the Internet
To avoid congestion collapse, TCP uses a multi-faceted congestion control strategy. For each connection, TCP maintains a congestion window, limiting the total number of unacknowledged packets that may be in transit end-to-end. This is somewhat analogous to TCP's sliding window used for flow control. TCP uses a mechanism called slow start[7]to increase the congestion window after a connection is initialized and after a timeout. It starts with a window of two times the maximum segment size (MSS). Although the initial rate is low, the rate of increase is very rapid: for every packet acknowledged, the congestion window increases by 1 MSS so that the congestion window effectively doubles for every round trip time (RTT). When the congestion window exceeds a threshold ssthresh the algorithm enters a new state, called congestion avoidance. In some implementations (e.g., Linux), the initial ssthresh is large, and so the first slow start usually ends after a loss. However, ssthresh is updated at the end of each slow start, and will often affect subsequent slow starts triggered by timeouts.
Congestion avoidance: As long as non-duplicate ACKs are received, the congestion window is additively increased by one MSS every round trip time. When a packet is lost, the likelihood of duplicate ACKs being received is very high (it's possible though unlikely that the stream just underwent extreme packet reordering, which would also prompt duplicate ACKs). The behavior of Tahoe and Reno differ in how they detect and react to packet loss:
  • Tahoe: Triple duplicate ACKS are treated the same as a timeout. Tahoe will perform "fast retransmit", reduce congestion window to 1 MSS, and reset to slow-start state.
  • Reno: If three duplicate ACKs are received (i.e., four ACKs acknowledging the same packet, which are not piggybacked on data, and do not change the receiver's advertised window), Reno will halve the congestion window, perform a fast retransmit, and enter a phase called Fast Recovery. If an ACK times out, slow start is used as it is with Tahoe.
Fast Recovery. (Reno Only) In this state, TCP retransmits the missing packet that was signaled by three duplicate ACKs, and waits for an acknowledgment of the entire transmit window before returning to congestion avoidance. If there is no acknowledgment, TCP Reno experiences a timeout and enters the slow-start state.
Both algorithms reduce congestion window to 1 MSS on a timeout event.

How does TCP try to avoid network meltdown?
TCP includes several mechanisms that attempt to sustain good data transfer rates while avoiding placing excessive load on the network. TCP's "Slow Start", "Congestion Avoidance", "Fast Retransmit" and "Fast Recovery" algorithms are summarised in RFC 2001. TCP also mandates an algorithm that avoids "Silly Window Syndrome" (SWS), an undesirable condition that results in very small chunks of data being transferred between sender and receiver. SWS Avoidance is discussed in RFC 813. The "Nagle Algorithm", which prevents the sending side of TCP from flooding the network with a train of small frames, is described in RFC 896.