# Home work

January 30, 2016

Home work

It’s dear old Aunt Martha’s birthday and we want to send her an email message. Use the information given below to answer the following questions about what happens behind the scenes to our email message.

Our assigned port number: 1146
Aunt Martha’s IP address: 203.234.98.23 (IPv4)
Aunt Martha’s port number: 25
Size of our email message in bytes: 5732
Size of data portion of our TCP packet: 512
Size of window: 5 packets

1) Describe what happens at each layer of the OSI on our computer when the e-mail message is sent to Aunt Martha.
2) Describe what happens on each layer of the OSI on Aunt Martha’’s when the e-mail message reaches Aunt Martha.
3) What protocols might be used on each level of the OSI to send our email message? What is each of those protocols responsible for?
4) How many packets will it take send our e-mail message? Be sure to include the packets needed to establish the connection that will be used to send our email, to break down the connection, and those sent by Aunt Martha’s computer back to our computer that acknowledge our packets.
5) It looks like packet #4 never made it to Aunt Martha’s computer. What most likely happened to the packet? How does our computer know that the packet never arrived? How many packets will we know end up sending to aunt Martha?

Sending an e-mail

Let’s follow what happens when we send an email to Aunt Martha to wish her happy birthday

The image above shows the connection between between our computer and Aunt Martha’s computer. The backbone is the Internet backbone line. The circles with X’s represent the routers (hops) our packets will pass through. The thickness of the lines connecting the hops indicate the amount to bandwidth. The thicker the line, the faster our data will move. The backbone is the faster connection between us and Aunt Martha. We are assuming for simplicity’s sake that both our computer and Aunt Martha’s computer are running their own email servers.

Steps to sending the e-mail

We use our email program program to compose our happy birthday message to Aunt Martha. We include Aunt Martha’s e-mail address in our e-mail message – AuntMartha@kindoldaunts.com

The application program we used to write our email contacts our operating system(OS) telling it that we have an e-mail to send. We are on layer 7 of the OSI and we are using SMTP (Simple Mail Transfer protocol) to aid the sending of our e-mail. On layer 7, our message is next encoded using MIME(Multi-purpose Internet Mail Extensions). This protocol allows different types of data files, text, images, audio, etc., to all be sent the same way.

Lucky for us, our DNS server happened to know that the IPv4 address for kindoldaunts.com is 203.234.98.23

Layer 4 – Transport Layer
Since we are not encrypting (layer 6 presentation) or using file sharing(layer 5 session), our file now goes to layer 4 of the OSI, the transport layer. The operating system on our computer will do the jobs required on this layer.

At this layer, the file that contains our email message will be divided up into segments (packets) and encapsulation of our data begins. For sending email, and many other types of connection such http for web pages or ftp for file transfer, we use Transmission Control Protocol (TCP) protocol. TCP requires that we establish a connection between the source (us) and destination (Aunt Martha) before any data is sent to be sure Aunt Martha’s computer is able to accept our email. TCP also makes sure that all of the individual pieces of our email makes it to the destination.

At this point, the transport layer has Aunt Martha’s IP address, and knows the port number that will be used direct the packets to the correct program (service) on Aunt Martha’s computer (port 25 for SMTP). While our computer has a unique IP address on our LAN, we will be hiding behind the publicly known IP address of our router on the Internet. The router will assign an unused port number to our packets for sending just this specific email. By having different port numbers for different connections, we can be sending this email and downloading a web page at the same time and the packets for both wll not get mixed up.

Before we can begin the send the email, we have to make sure that Aunt Martha’s computer is available to receive the email. This is called establishing a connection. The TCP protocol will send a packet called a Synchronization request, or SYN, to Aunt Martha’s computer. This packet will got down through the OSI layers on on computer (4-1) and will be transmitted to our router. There, the SYN packet will be directed on its way through all of the routers (called hops) along the way that connect our computer to Aunt Martha’s computer. While the diagram shows a set path from our computer to Aunt Martha’s (our router to router A, router A to router B, and so on), in reality, the path may be different for each piece of our file that is sent. We are just using a simplified path for illustration purposes.

When our SYN packet arrives at Aunt Martha’s computer, her OS will decide if it can accept the request for a connection. If it can, her computer will send a Synchronization-Acknowledgement packet, or SYN-ACK, back to our computer. This packet also will tell our computer the size of the window on Aunt Martha’s computer. The window will tell our computer how much data (how many packets) Aunt Martha’s computer can receive at this time. When our computer receives the SYN-ACK from Aunt Martha’s computer, our computer will send a SYN-ACK, with the window size of our computer, back to Aunt Martha’s computer. We have now established a connection between the source, us, and the destination, Aunt Martha, and we can finally begin sending our email message. The process of exchange these three packets is called a 3-way handshake and is an important part of the TCP process. We will learn later how attackers can exploit the 3-way handshake as part of an attack.

At this point, our e-mail has moved to the layer 4, the transport layer where we will be using Transmission Control Protocol (TCP) to send the e-mail. The OS will begin dividing the data of our e-mail into packets with each packet having a header attached. Shown to the right is the format for the header that will be attached to each part of email message. The Source Port for all of the packets we will send in this email message will contain our IP number immediately followed by the port number that has been assigned to this particular connection. The Destination Port is Aunt Martha’s IP number immediately followed by 25 as that is the port number used by SMTP for email. TCP guarantees delivery of all the parts of our email by assigning a number to each packet that is sent beginning with 1 and increasing by 1 for each packet. The Sequence Number identifies which packet this is. To be sure that every packet we send actually makes it to Aunt Martha, her computer will send us back a packet acknowledging that her computer has received say, packet 4. So our computer will not only be sending packets to Aunt Martha’s computer, it will also be receiving packets back from her computer acknowledging the packets that have been received. So in the acknowledgement packets, Acknowledgement Number will contain the number of the packet that has been received by Aunt Martha’s computer.

Windowing. Since it really isn’t too efficient and it really increases the bandwidth being used, packets are not sent and acknowledged individually. This is where the size of the window that our computer received as part of the 3-way handshake to Aunt Martha’s computer comes into play. To make things easy, let’s say Aunt Martha’s computer told our computer that her machine has a window size of five packets. While there are several methods of windowing, we’ll assume our OS uses the easiest one called Stop and Wait. Since Aunt Martha’s window size is five, our computer will send five packets, then wait for an acknowledgement from Aunt Martha’s computer. Her computer will wait until it receives five packets from our computer then her computer will send an acknowledgement packet back to our computer. The Acknowledgement Number is the number of the last packet Aunt Martha’s computer has received, So our computer will send packets 1 to 5 and wait. When Aunt Martha’s computer has received those five packets, her machine will send back a packet with an acknowledgement number of 5. We will then send packets 6 to 10 and wait. Her machine will send an acknowledgement of 10 and so on. A bit later, we will look at what happens if a packet gets lost or damaged and needs to be replaced.

Flow control. As mentioned earlier, the window portion of the TCP header tells our computer just how much data Aunt Martha’s computer can receive at this time. We also send our window size to Aunt Martha’s computer because we may not be able to send as much data as Aunt Martha’s machine can receive. For example, our computer can only send five packets at a time, but Aunt Martha’s computer can receive ten. In this case, Aunt Martha’s machine would have to adjust to the smaller size of our window. Finally, if while Aunt Martha is receiving our email she also begins downloading the Ramones Tribute Retrospective, the size of her window may change in the middle of our email connection. So all of the packets we exchange with Aunt Martha’s computer will have the current window size which allows us to adjust the number of packets we are sending at one time up or down if needed

One last thing that happens at the transport layer when we are using TCP, a timer is set for every packet being sent. If the timer goes off before an acknowledgement has been received, the packet will be resent. More on this later.

Layer 3 – Network Layer
Now that our email has been converted to packet, we can look at how the rest of the OSI works to actually move the packets from our machine to Aunt Martha’s. The network layer is responsible for finding the pathway, or route, that the packet takes from source (us) to destination (Aunt Martha) and uses Internet Protocol (IP) to do this job. Since the combination of TCP and IP is so common, we often refer to them together as TCP/IP. This is the last layer that our OS will take care of. For our example, we will assume we are using IPv4 which means that our IP addresses take what is called a dotted octet format and look like 203.234.98.23.

At this layer, the OS will look at the header attached to our e-mail packet at the transport layer to get the source and destination addresses for each packet. The data itself is never looked until the the packet reaches its destination. This is part of encapsulation. This layer will attach its own header to the packet as shown to the right. Version is the IP version being used for this packet, in our case, IPv4. Header Length is the size in bytes of the header the network layer is adding to the packet. Total Length is the total size of the packet at this point which includes the portion of the e-mail data, the TCP header, and the IP header. TTL stands for Time To Live. When we originally send out a packet, this number is set to 50. Once the packet leaves our machine, we lose all control over it. If a packet cannot reach its destination for some reason, we don’t want it bouncing around between routers on the Internet forever. So, as the packet goes through the various routers (hops) on its journey, this TTL number is decremented by one at each hop. If the TTL reaches zero before the packet gets to its destination, the packet is “dropped” meaning it goes no further and a message is sent back to the source address stating the destination is unreachable.

The Protocol is the type of protocol of the data the packet contains. It our case, this would be 25 for SMTP. The Header Checksum is used to check that the header information received by the next hop is correct. This does not check the data to see if something happened to the data itself. It just checks the header added at this layer. If the checksum size of the header received does not match the number in the Header Checksum, the packet will be dropped. Damaged packets are never sent on any further, they are discarded.

The Source IP Address of the IP header is always the IP address of the current machine the packet is on. For the first hop for our packets, that address will be the internal IP addressed used for our computer by our LAN. At all future hops our packet go through, this address will be changed to the IP address of the router which currenlty holds our packet.

Our packet now moves from our operating systems control to the network interface card (NIC) on our computer.

Layer 2 – Data Link Layer
The data link layer is very closely associated with Layer 1, the physical layer and the jobs performed on the final two layers of the OSI are performed on the network interface card card (NIC) of our computer or on the NIC of the device where our packet has been sent. The data link layer is less defined that the other layers of the OSI as there are a number of different protocols that can be used. The protocol that will be used depends upon the actual physical medium that is connecting the current device to the next adjacent hop as dictated by the network layer.

There are two sublayers on the data link layer, the logical link control and the media access control. The logical link control will take our packet (now called a frame) and will prepare it for medium on which it will be sent. This includes adding a header indicating the start of the frame, as well as information, called a checksum, that will be used when the frame is received by the next hop to check that the frame was not damaged during transmission. The logical link control also adds a trailer to the frame to indicate the end of the frame has been reached. So our first packet is now a frame and is finally ready to start on its journey to Aunt Martha.

The media access control sublayer listens to the medium our packet is about to be sent out on and when there is nothing else being sent, our packet moves to the physical layer and off it goes.

Layer 1 – Physical Layer
The lowest layer of the OSI does one job. It moves our packet(frame technically) from one device to another. And that’s all it does. Our packet may be sent on a wire, a DSL line, a fiber optic cable, via radio waves, by satellite, or through any combination of these as it goes from device to device from our computer to Aunt Martha’s.

At the hop

At Aunt Martha’s computer (the destination)
Our first packet has finally reached Aunt Martha’s computer. The NIC on her computer checks the data link layer information and the packet wasn’t damaged. The OS on Aunt Martha’s computer takes over and the network header added at the last hop (in this case, that would be Aunt Martha’s router) is stripped from the packet. Aunt Martha’s OS now examines the TCP header that was added on our computer. Remember, Aunt Martha’s computer has been waiting for our packets to start arriving since our computers completed the 3-way handshake. Also remember there’s the window on the transport layer of her computer waiting for packets number 1 to 5 to arrive. The newly arrived packet is checked, and if the sequence number is within the ones for the current window, the packet is saved. If the sequence number is outside of the current window, or if the packet is a duplicate of a packet already in the window, the packet will be dropped.

While packet 1 was making its journey, our computer keep sending packets 2 to 5. Eventually, all of those packets make their way to Aunt Martha’s computer. When all of packets in the window have arrived, the OS on Aunt Martha’s computer will send a TCP packet back to our computer with an acknowledgement of the last packet number received. In this case, packet 5 will be acknowledge. The ACK packet will also contain the current window size on Aunt Martha’s computer in case we need to adjust the number of packets we are sending at one time. That packet will go through the same process all of our packets have gone through, travelling from hop to hop, having its lower layer headers added and removed, until it reaches our computer and makes it up to the transport layer. When our OS receives this packet at the transport layer, it checks the acknowledgement number to what was the last packet that Aunt Martha’s computer received. The window size is also check and the size of the window on our computer is adjusted accordingly. Then our computer begins to send out more packets from our e-mail.

As the packets that make up our e-mail arrive at Aunt Martha’s computer, they will be reassembled on the transport layer and the OS on Aunt Martha’s computer will move them up to the application layer and into Aunt Martha’s e-mail program. Once all the packets have arrived, Aunt Martha can read our email wishing her a happy birthday.

Tear-down. Eventually, all of the packets for our e-mail have arrived and Aunt Martha’s computer and we have received an acknowledgement. The final step to sending information using the TCP protocol it to tear-down the connection that was established to send this e-mail. To do this, the transport layer on our computer will send a FIN (Finished) packet to Aunt Martha’s computer. When this packet arrives at Aunt Martha’s computer, the transport layer on her computer will send out an ACK packet acknowledging our FIN packet. Her machine will then send a FIN packet to our machine and when our computer receives it, our computer will send an ACK back to aunt Martha’s computer. Once these steps are complete, the connection that was established to send out email to Aunt Martha is gone and the port number that our router used for this communication is free to be used for another connection.

What if something goes wrong.

Suppose packet 4 of our email gets damaged and gets dropped along the way. Two things are going to happen. When our computer sends out a packet, the OS sets a timer. If an acknowledgement is not received by the time the timer goes off, the packet will be resent. Aunt Martha’s computer also sets a timer when the 3-way handshake is completed and when the computer sends out and ACK. If all of the expected packets for the current window have not arrived by the time the timer goes off, Aunt Martha’s computer will send an acknowledgement using the number of the most recently received packet. In our example, this would be a 3. When our computer receives this acknowledgement, our computer will resend any packets in our current window, in this case, packet 4 and packet 5.

Aunt Martha’s Acknowledgement packet could also get dropped on its journey to our machine. Since our computer will be resending packets Aunt Martha’s computer already has, when the timer goes off on Aunt Martha’s computer, another ACK will be sent with the same packet number as the packet that was lost. It should be apparent that it is possible that a number of duplicate packets could be sent. Both our computer and aunt Martha’s computer will ignore any duplicate packets they receive.

So, that’s all the steps it takes to send an email to Aunt Martha. The same process is used for all of the application layer protocols that use TCP/IP to guarantee that the entire file will arrive at the destination. Some of these protocols are HTTP for web pages, FTP for file transfer, and. of course, SMTP for email. Throughout the rest of the course, we will look at how attackers can exploit this process and the steps we can take to protect our data a the different OSI layers.

Get a 30 % discount on an order above \$ 50
Use the following coupon code:
COCONUT
Positive SSL