Overview and Functionality

(1)

/ The Transport Layer / The Transport Layer Summary



The Transport Layer Summary

9.4.1

What Did I Learn in this Module?

Transport Layer Characteristics

The transport layer is the link between the application layer and the lower layers of the OSI model that are responsible for network transmission. The transport layer is responsible for logical communications between applications running on dierent hosts. The transport layer includes TCP and UDP. Transport layer protocols specify how to transfer messages between hosts and is responsible for managing reliability requirements of a conversation. The transport layer is responsible for tracking conversations (sessions), segmenting data and reassembling segments, adding segment header information,

identifying applications, and conversation multiplexing. TCP is stateful and reliable. It acknowledges data, resends lost data, and delivers data in sequenced order. TCP is used for email and the web. UDP is stateless and fast. It has low overhead, does not requires acknowledgments, does not resend lost data, and processes data in the order in which it arrives. UDP is used for VoIP and DNS.

The TCP and UDP transport layer protocols use port numbers to manage multiple simultaneous

conversations. This is why the TCP and UDP header elds identify a source and destination application port number. The source and destination ports are placed within the segment. The segments are then encapsulated within an IP packet. The combination of the source IP address and source port number, or the destination IP address and destination port number are known as a sockets. The socket is used to identify the server and service being requested by the client and the host and application on the host that should handle the returning data. The range of port numbers is from 0 through 65535.

Transport Layer Session Establishment

The three-way handshake establishes that the destination device is present on the network. It veries that the destination device has an active service that is accepting requests on the destination port

number that the initiating client intends to use. It also informs the destination device that the source client intends to establish a communication session on that port number. The six control bits ags are: URG, ACK, PSH, RST, SYN, and FIN and are used to identify the function of TCP messages that are sent. A client or server can terminate a single conversation supported by TCP by sending a sequence of TCP messages.

Transport Layer Reliability

For the original message to be understood by the recipient, all the data must be received and the data in these segments must be reassembled into the original order. Sequence numbers are assigned in the header of each packet. No matter how well designed a network is, data loss occasionally occurs. TCP provides ways to manage segment losses. There is a mechanism to retransmit segments for

unacknowledged data. Host operating systems today typically employ an optional TCP feature called selective acknowledgment (SACK), which is negotiated during the three-way handshake. If both hosts support SACK, the receiver can explicitly acknowledge which segments (bytes) were received including any discontinuous segments. The sending host would therefore only need to retransmit the missing data.

Flow control helps maintain the reliability of TCP transmission by adjusting the rate of data ow between source and destination. To accomplish this, the TCP header includes a 16-bit eld called the window size. The process of the destination sending acknowledgments as it processes bytes received and the continual adjustment of the source’s send window is known as sliding windows. A source might be transmitting 1,460 bytes of data within each TCP segment. This is the typical maximum segment size (MSS) that a destination device can receive. To avoid and control congestion, TCP employs several congestion handling mechanisms.

9.4.2

Module 9: The Transport Layer Quiz



 9.3 Transport Layer Reliability 

9.4 The Transport Layer

Summary 

9.4.1 What Did I Learn in this Module?

9.4.2 Module 9: The Transport Layer Quiz

9

The Transport Layer 

10

Network Services 

11

Network Communication

Devices 

12

Network Security

Infrastructure 

13

Attackers and Their Tools 

14

Common Threats and

Attacks 

15

Network Monitoring and

Tools 

16

Attacking the Foundation 

17

Attacking What We Do 

18

Understanding Defense 

19

Access Control 

20

Threat Intelligence 

21

Cryptography 

22

Endpoint Protection 

23

Endpoint Vulnerability

Assessment 

24

Technologies and Protocols 

25

Network Security Data 

26

Evaluating Alerts 

27

Working with Network

Security Data 

(2)

1.

2.

3.

4.

What are two roles of the transport layer in data communication on a network? (Choose two.)

 Topic 9.1.0 - The transport layer has several responsibilities. The primary responsibilities include the following:

Tracking the individual communication streams between applications on the source and

destination hosts

Segmenting data at the source and reassembling the data at the destination

Identifying the proper application for each communication stream through the use of port numbers

 tracking the individual communication between applications on the source and destination hosts

performing a cyclic redundancy check on the frame for errors

providing frame delimiting to identify bits making up a frame providing the interface between applications and the

underlying network over which messages are transmitted

 identifying the proper application for each communication stream

During a TCP session, a destination device sends an

acknowledgment number to the source device. What does the acknowledgment number represent?

 Topic 9.1.0 - The window size determines the number of bytes that will be sent before expecting an acknowledgement. The acknowledgement number is the number of the next expected byte. For example, if a host has received 3140 bytes, the host would respond with an acknowledgement number of 3141.

the total number of bytes that have been received one number more than the sequence number the next byte that the destination expects to receive the last sequence number that was sent by the source

Which two services or protocols use the preferred UDP protocol for fast transmission and low overhead? (Choose two)

 Topic 9.1.0 - Both DNS and VoIP use UDP to provide low overhead services within a network implementation.

POP3

 VoIP FTP

 DNS HTTP

Which transport layer feature is used to guarantee session establishment?

 Topic 9.2.0 - TCP uses the 3-way

handshake. UDP does not use this feature. The 3- way handshake ensures there is connectivity

between the source and destination devices before transmission occurs.

UDP ACK ag

UDP sequence number 9.3 Transport Layer Reliability 

Summary 

9

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

23

Assessment 

24

25

26

27

y

28

Digital Forensics and Incident Analysis and Response



(3)

5.

6.

7.

TCP port number TCP 3-way handshake

Data is being sent from a source PC to a destination server.

Which three statements correctly describe the function of TCP or UDP in this situation? (Choose three.)

 Topic 9.2.0 - Layer 4 port numbers identify the application or service which will handle the data. The source port number is added by the sending device and will be the destination port number when the requested information is returned. Layer 4 segments are encapsulated within IP packets. UDP, not TCP, is used when low overhead is needed. A source IP address, not a TCP source port number, identies the sending host on the network. Destination port

numbers are specic ports that a server application or service monitors for requests.

The TCP source port number identies the sending host on the network.

 The source port eld identies the running application or service that will handle data returning to the PC.

 The UDP destination port number identies the application or service on the server which will handle the data.

 UDP segments are encapsulated within IP packets for transport across the network.

The TCP process running on the PC randomly selects the destination port when establishing a session with the server.

TCP is the preferred protocol when a function requires lower network overhead.

What is the purpose of the TCP sliding window?

 Topic 9.3.0 - The TCP sliding window allows a destination device to inform a source to slow down the rate of transmission. To do this, the destination device reduces the value contained in the window

eld of the segment. It is acknowledgment numbers that are used to specify retransmission from a

specic point forward. It is sequence numbers that are used to ensure segments arrive in order. Finally, it is a FIN control bit that is used to end a

communication session.

to inform a source to retransmit data from a specic point forward

to ensure that segments arrive in order at the destination to request that a source decrease the rate at which it transmits data

to end communication when data transmission is complete

What happens if part of an FTP message is not delivered to the destination?

 Topic 9.3.0 - Because FTP uses TCP as its transport layer protocol, sequence and

acknowledgment numbers will identify the missing segments, which will be re-sent to complete the message.

The message is lost because FTP does not use a reliable delivery method.

The entire FTP message is re-sent.

The FTP source host sends a query to the destination host.

The part of the FTP message that was lost is re-sent.

9.3 Transport Layer Reliability 

Summary 

9

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

23

Assessment 

24

25

26

27

y

Security Data 

28



  CyberOps Associate

^v1.0

    

(4)

8.

9.

10.

11.

Which two ags in the TCP header are used in a TCP three-way handshake to establish connectivity between two network devices? (Choose two.)

 Topic 9.2.0 - TCP uses the SYN and ACK ags in order to establish connectivity between two network devices.

FIN RST PSH

 SYN

 ACK URG

Which tool is used to provide a list of open ports on network devices?

 Topic 9.3.0 - The Nmap tool is a port scanner that is used to determine which ports are open on a

particular network device. A port scanner is used before launching an attack.

Whois Tracert Ping Nmap

Which two elds are included in the TCP header but not in the UDP header? (Choose two.)

 Topic 9.1.0 - The sequence number and window

elds are included in the TCP header but not in the UDP header.

 sequence number destination port source port

 window checksum

Refer to the exhibit. Which three lines represent the TCP three- way handshake?

 Topic 9.3.0 - A three-way handshake is

recognizable by the SYN ag being set rst, then the SYN, ACK response, followed by the nal ACK ag being sent in a packet.

lines 6, 7, and 8 lines 4, 5, and 6 lines 1, 2, and 3 lines 2, 3, and 4 9.3 Transport Layer Reliability 

Summary 

9

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

23

Assessment 

24

25

26

27

y

28



(5)

12.

lines 2, 8, and 9

What is a characteristic of a TCP server process?

 Topic 9.1.0 - Each application process running on the server is congured to use a port number, either by default or manually, by a system administrator. An individual server cannot have two services assigned to the same port number within the same transport layer services. A host running a web server

application and a le transfer application cannot have both congured to use the same server port. There can be many ports open simultaneously on a server, one for each active server application.

Every application process running on the server has to be congured to use a dynamic port number.

An individual server can have two services assigned to the same port number within the same transport layer services.

A host running two dierent applications can have both congured to use the same server port.

There can be many ports open simultaneously on a server,

one for each active server application. Reset

Check Show Me

Transport Layer Reliability



^9.3 Introduction

10.0



9.3 Transport Layer Reliability 

Summary 

9

10

11

Devices 

12

Network Security

Infrastructure 

13

14

Common Threats and

Attacks 

15

Tools 

16

17

18

19

Access Control 

20

21

Cryptography 

22

23

Assessment 

24

25

26

27

y

Security Data 

28

