Introduction to Networking - TCP and UDP Connections

#readwise # Introduction to Networking - TCP and UDP Connections ![rw-book-cover](https://readwise-assets.s3.amazonaws.com/static/images/article3.5c705a01b476.png) ## Metadata - Author: [[Hack The Box]] - Full Title: Introduction to Networking - TCP and UDP Connections - URL: https://academy.hackthebox.com/module/34/section/1879 ## Summary TCP and UDP are protocols for data transmission on the Internet. TCP is reliable and ensures all data is received, making it slower, while UDP is faster but less reliable, often used for real-time applications. An IP packet contains a header with important information and a payload with the actual data being transmitted. Network tools like traceroute help trace the path data takes across the network. ## Highlights `TCP` is a connection-oriented protocol that ensures that all data sent from one computer to another is received. It is like a telephone conversation where both parties remain connected until the call is terminated. If an error occurs while sending data, the receiver sends a message back so the sender can resend the missing data. This makes `TCP` reliable and slower than UDP because more time is required for transmission and error recovery. ([View Highlight](https://read.readwise.io/read/01jnv7zx9m26na5d78cw454wyb)) --- `UDP`, on the other hand, is a connectionless protocol. It is used when speed is more important than reliability, such as for video streaming or online gaming. With `UDP`, there is no verification that the received data is complete and error-free. If an error occurs while sending data, the receiver will not receive this missing data, and no message will be sent back to resend it. Some data may be lost with `UDP`, but the overall transmission is faster. ([View Highlight](https://read.readwise.io/read/01jnv80e81nxjmv1zc9tgt0y9y)) --- The header of an IP packet contains several fields that have important information. | Field | Description | | ------------------------ | ------------------------------------------------------------------------------ | | `Version` | Indicates which version of the IP protocol is being used | | `Internet Header Length` | Indicates the size of the header in 32-bit words | | `Class of Service` | Means how important the transmission of the data is | | `Total length` | Specifies the total length of the packet in bytes | | `Identification (ID)` | Is used to identify fragments of the packet when fragmented into smaller parts | | `Flags` | Used to indicate fragmentation | | `Fragment Offset` | Indicates where the current fragment is placed in the packet | | `Time to Live` | Specifies how long the packet may remain on the network | | `Protocol` | Specifies which protocol is used to transmit the data, such as TCP or UDP | | `Checksum` | Is used to detect errors in the header | | `Source/Destination` | Indicate where the packet was sent from and where it is being sent to | | `Options` | Contain optional information for routing | | `Padding` | Pads the packet to a full word length | ([View Highlight](https://read.readwise.io/read/01jnv81gjttnwgcwndtf7kt0db)) --- The `Record-Route field` in the IP header also records the route to a destination device. When the destination device sends back the `ICMP Echo Reply` packet, the IP addresses of all devices that pass through the packet are listed in the `Record-Route field` of the IP header. ([View Highlight](https://read.readwise.io/read/01jnv845bmvpn4eq587bxeex6n)) --- The `traceroute` tool can also be used to trace the route to a destination more accurately, which uses the TCP timeout method to determine when the route has been fully traced. 1. We send a TCP SYN packet to the destination device with a TTL of 1 in the IP header. When the TCP SYN packet with a TTL greater than 1 reaches a router, the value of the TTL is decreased by 1, and the packet is forwarded to the next device. If the TCP SYN packet with a TTL of 1 reaches a router, the packet is dropped, and the router sends an ICMP Time-Exceeded packet back to us. 2. We receive the ICMP Time-Exceeded packet and note the IP address of the router that sent the packet. 3. After that, we send another TCP SYN packet to the destination, increasing the TTL by 1. The process repeats until the TCP SYN packet reaches the destination host and receives a `TCP SYN/ACK` or a `TCP RST` response from the target. Once we receive a response from the destination device, we know that we have traced the route to the destination and ended the traceroute process. ([View Highlight](https://read.readwise.io/read/01jnv86bq4b312wcyrnx7bb0jb)) --- TCP packets, also known as `segments`, are divided into several sections called headers and payloads. The TCP segments are wrapped in the sent IP packet. The header contains several fields that contain important information. The source port indicates the computer from which the packet was sent. The destination port indicates to which computer the packet is sent. The sequence number indicates the order in which the data was sent. The confirmation number is used to confirm that all data was received successfully. The control flags indicate whether the packet marks the end of a message, whether it is an acknowledgment that data has been received, or whether it contains a request to repeat data. The window size indicates how much data the receiver can receive. The checksum is used to detect errors in the header and payload. The Urgent Pointer alerts the receiver that important data is in the payload. The payload is the actual payload of the packet and contains the data that is being transmitted, just like the content of a conversation between two people. ([View Highlight](https://read.readwise.io/read/01jnv88tr8dr9z230ashnfsys3)) --- UDP transfers `datagrams` (small data packets) between two hosts. It is a connectionless protocol, meaning it does `not` need to establish a connection between the sender and the receiver before sending data. Instead, the data is sent directly to the target host without any prior connection. When `traceroute` is used with UDP, we will receive a `Destination Unreachable` and `Port Unreachable` message when the UDP datagram packet reaches the target device. Generally, UDP packets are sent using `traceroute` on Unix hosts. ([View Highlight](https://read.readwise.io/read/01jnv89t10nasvj1wyz4nea4t0)) ---