The transport layer serves as the crucial link between the application layer and the lower layers responsible for network transmission. It is a vital component of the TCP/IP model, ensuring reliable data delivery, segmenting and reassembling messages, and identifying network applications sending and receiving data.
Key Responsibilities of the Transport Layer
- Reliability Mechanisms: Ensures that the entire message is received accurately.
- Segmentation and Reassembly: Divides application data into appropriately sized blocks for transmission and reassembles them upon receipt.
- Application Identification: Identifies which network applications are sending and receiving data.
The transport layer employs two primary protocols to achieve these functions:
- Transmission Control Protocol (TCP)
- User Datagram Protocol (UDP)
Transmission Control Protocol (TCP)
TCP breaks down messages into small pieces known as segments, keeping track of the number of segments sent to a specific host from a specific application.
If an acknowledgment is not received within a certain period, TCP assumes the segments were lost and retransmits them. The TCP sequence number and acknowledgment number fields help the receiver inform the sender about the bytes of data received.
Key Features of TCP:
- Connection-Oriented Protocol: TCP must first establish a connection between the sender and receiver. This involves negotiating the amount of traffic that can be forwarded at a given time.
- Session Management: TCP tracks the state of a session, recording which information has been sent and acknowledged. The session begins with establishment and ends with termination.
- Reliable Data Transfer: TCP ensures that all data sent arrives at the destination in its original condition. This is crucial for applications such as databases, web browsers, and email clients.
A TCP segment includes 10 fields in a 20-byte header when encapsulating application layer data.
TCP Header Fields
| TCP Header Field | Description | |
| 1 | Source Port | A 16-bit field used to identify the source application by port number. |
| 2 | Destination Port | A 16-bit field used to identify the destination application by port number. |
| 3 | Sequence Number | 32-bit field used for data reassembly purposes. |
| 4 | Acknowledgment Number | A 32-bit field used to indicate that data has been received and the next byte expected from the source. |
| 5 | Header Length | A 4-bit field known as "data offset" that indicates the length of the TCP segment header. |
| 6 | Reserved | A 6-bit field that is reserved for future use. |
| 7 | Control bits | A 6-bit field that includes bit codes, or flags, which indicate the purpose and function of the TCP segment. |
| 8 | Window size | A 16-bit field used to indicate the number of bytes that can be accepted at one time. |
| 9 | Checksum | A 16-bit field used for error checking of the segment header and data. |
| 10 | Urgent | A 16-bit field used to indicate if the contained data is urgent. |
Transport Layer Ports
Ports are critical for identifying protocols and services requested by network applications. Each message contains both a source and destination port, which are 16-bit numeric identifiers used to track specific conversations between a client and server. The Internet Corporation for Assigned Names and Numbers (ICANN) assigns and manages these ports.
The source port number is associated with the originating application on the local host whereas the destination port number is associated with the destination application on the remote host. For each host request the source port number is dynamically generated to uniquely identify the conversation. This allows multiple conversations to occur simultaneously.
Clients are preconfigured to use a destination port that is registered on the internet for each service. For example, when a client specifies port 80 in the destination port, the server that receives the message knows that web services are being requested.
Categories of Ports:
- Well-Known Ports: Range from 1 to 1023, associated with common network applications.
- Registered Ports: Range from 1024 to 49151, used by organizations to register specific applications.
- Private Ports: Range from 49152 to 65535, often used as source ports and can be used by any application.
The combination of source IP address and source port number, or destination IP address and destination port number, forms a socket (example: 192.168.0.13:80). Two sockets combine to form a socket pair. Sockets enable multiple processes to distinguish themselves from each other.
The source and destination ports are placed within the segment. The segments are then encapsulated within an IP packet.
TCP Communication Process
Establishing a TCP Connection
TCP is a full-duplex protocol, where each connection represents two one-way communication sessions. To establish the connection, the hosts perform a three-way handshake:
- SYN: The initiating client requests a client-to-server communication session with the server.
- ACK and SYN: The server acknowledges the client-to-server communication session and requests a server-to-client communication session.
- ACK: The initiating client acknowledges the server-to-client communication session.
Terminating a TCP Connection
Terminating a TCP session involves four exchanges, and either the client or the server can initiate the termination:
- FIN: The client sends a segment with the FIN flag set to 1.
- ACK: The server acknowledges the receipt of the FIN.
- FIN: The server sends a FIN to the client.
- ACK: The client acknowledges the FIN from the server.
Therefore, to end each one-way TCP session, a two-way handshake, consisting of a FIN segment and an Acknowledgment (ACK) segment, is used.
The six bits in the Control Bits field or Flag of the TCP segment header are bits that is set to either on or off. Flags indicate a particular connection state, provide some additional helpful information for troubleshooting purposes, or handle control of a specific connection.
The six control bits flags are as follows:
- URG - Urgent pointer field significant
- ACK - Acknowledgment flag used in connection establishment and session termination
- PSH - Push function
- RST - Reset the connection when an error or timeout occurs
- SYN - Synchronize sequence numbers used in connection establishment
- FIN - No more data from sender and used in session termination
Example of Six bits in the Control Bits field or Flag: 010000
Each of the six places corresponds to a flag. The presence of a “1” in any place indicates that the flag is set. More than one flag can be set at a time.
| Flag Place | 6 | 5 | 4 | 3 | 2 | 1 |
| Value | URG | ACK | PSH | RST | SYN | FIN |
TCP Reliability: Ensuring Data Integrity
Ordered Delivery Mechanisms in TCP
TCP ensures reliable and sequential data transfer by employing sequence numbers within packet headers to preserve the original message sequence. The session starts with the allocation of an initial sequence number (ISN), which increases as the session progresses, facilitating the unique identification and confirmation of each data segment.
Randomizing the ISN also helps safeguard against security threats.
Handling Data Loss and Retransmission in TCP
The sequence (SEQ) number and acknowledgement (ACK) number are used together to confirm receipt of the bytes of data contained in the transmitted segments.
SEQ number - the first byte of data in the segment being transmitted.
ACK number sent back to the source to indicate the next byte that the receiver expects to receive. This is called expectational acknowledgement.
Selective acknowledgment (SACK) - an optional TCP feature, negotiated during the three-way handshake. If both hosts support SACK, the receiver can explicitly acknowledge which segments (bytes) were received including any discontinuous segments. The sending host would therefore only need to retransmit the missing data.
TCP typically sends ACKs for every other packet and uses timers to know how long to wait before resending a segment.
Flow Control in TCP: Window Size and Acknowledgments
Flow control ensures reliable TCP transmission by adjusting the rate of data flow between source and destination. The TCP header includes a 16-bit field called the window size, indicating the number of bytes that can be sent before expecting an acknowledgment. The window size is agreed upon during session establishment and can be modified by the destination based on buffer availability.
The number of segments received before being acknowledged may vary. Devices today use the sliding windows protocol. The advantage of sliding windows is that it allows the sender to continuously transmit segments, as long as the receiver is acknowledging previous segments.
Maximum Segment Size (MSS) in TCP
The Maximum Segment Size (MSS) is the largest amount of data, in bytes, that the destination device can receive within each TCP segment. It is part of the options field in the TCP header and is typically included during the three-way handshake. A common MSS is 1,460 bytes when using IPv4. A host determines the value of its MSS field by subtracting the IP and TCP headers from the Ethernet maximum transmission unit (MTU).
Congestion Avoidance Techniques in TCP
To avoid and control congestion, TCP employs various mechanisms, timers, and algorithms. By determining the rate at which TCP segments are sent but not acknowledged, the source can assume a certain level of network congestion and adjust the number of bytes it sends before receiving an acknowledgment.
User Datagram Protocol (UDP)
UDP is a 'best effort' delivery system that does not require acknowledgment of receipt.
It is preferable for applications like streaming audio and VoIP, where acknowledgments would slow down delivery, and retransmissions are undesirable.
UDP is also used by request-and-reply applications where the data is minimal, and retransmission can be done quickly (e.g., DNS and DHCP). UDP is known as a stateless protocol because it does not track information sent or received between the client and server. UDP simply reassembles the data in the order that it was received and forwards it to the application.
If reliability is required when using UDP as the transport protocol, it must be handled by the application (Examples: SNMP and TFTP).
Simple Network Management Protocol (SNMP) - an internet standard protocol used to monitor and manage network devices connected over an IP.
Trivial File Transfer Protocol (TFTP) - a simple protocol that provides basic file transfer function with no user authentication.
Features of UDP:
- Data is reconstructed in the order received.
- Lost segments are not resent.
- No session establishment.
- The sender is not informed about resource availability.
The UDP header has four fields and requires 8 bytes.
UDP Header Fields
| UDP Header Field | Description | |
| 1 | Source Port | A 16-bit field used to identify the source application by port number. |
| 2 | Destination Port | A 16-bit field used to identify the destination application by port number. |
| 3 | Length | A 16-bit field that indicates the length of the UDP datagram header. |
| 4 | Checksum | A 16-bit field used for error checking of the datagram header and data. |
Netstat is a network utility used to list the protocols in use, the local address and port numbers, the foreign address and port numbers, and the connection state.
For example, netstat -o 5 displays active TCP connections and the process IDs every 5 seconds.
Key Takeaways:
- The transport layer bridges application and network layers, ensuring data reliability and integrity.
- TCP provides reliable, ordered delivery through connection-oriented communication.
- UDP offers fast, connectionless service suitable for real-time applications.
- Port numbers and sockets are crucial for identifying and managing network services.
- Flow control and congestion avoidance are essential for maintaining TCP performance.