Module 1

Transport Layer
o The transport layer is a 4th layer from the top.
o The main role of the transport layer is to provide the communication
services directly to the application processes running on different hosts.
o The transport layer provides a logical communication between application
processes running on different hosts. Although the application processes on
different hosts are not physically connected, application processes use the
logical communication provided by the transport layer to send the messages
to each other.
o The transport layer protocols are implemented in the end systems but not in
the network routers.
o A computer network provides more than one protocol to the network
applications. For example, TCP and UDP are two transport layer protocols
that provide a different set of services to the network layer.
o All transport layer protocols provide multiplexing/demultiplexing service. It
also provides other services such as reliable data transfer, bandwidth
guarantees, and delay guarantees.
o Each of the applications in the application layer has the ability to send a
message by using TCP or UDP. The application communicates by using
either of these two protocols. Both TCP and UDP will then communicate
with the internet protocol in the internet layer. The applications can read and
write to the transport layer. Therefore, we can say that communication is a
two-way process.

Network Analysis and Trouble Shooting Page 1

Module 1

Services provided by the Transport Layer

The services provided by the transport layer are similar to those of the data link
layer. The data link layer provides the services within a single network while the
transport layer provides the services across an internetwork made up of many
networks. The data link layer controls the physical layer while the transport layer
controls all the lower layers.

The services provided by the transport layer protocols can be divided into five
categories:

o End-to-end delivery
o Addressing
o Reliable delivery
Network Analysis and Trouble Shooting Page 2
Module 1

o Flow control
o Multiplexing

1. The Process to Process Delivery

 While Data Link Layer requires the MAC address (48 bits address
contained inside the Network Interface Card of every host machine) of
source-destination hosts to correctly deliver a frame and the Network layer
requires the IP address for appropriate routing of packets, in a similar way
Transport Layer requires a Port number to correctly deliver the segments of
data to the correct process amongst the multiple processes running on a
particular host.
 A port number is a 16-bit address used to identify any client-server
program uniquely.

Network Analysis and Trouble Shooting Page 3

Module 1

2. End-to-end Connection between Hosts

o The transport layer is also responsible for creating the end-to-end

Connection between hosts for which it mainly uses TCP and UDP. TCP is
a secure, connection-orientated protocol that uses a handshake protocol to
establish a robust connection between two end hosts. TCP ensures the
reliable delivery of messages and is used in various applications. UDP, on
the other hand, is a stateless and unreliable protocol that ensures best-effort
delivery.
o It is suitable for applications that have little concern with flow or error
control and requires sending the bulk of data like video conferencing. It is
often used in multicasting protocols.

Network Analysis and Trouble Shooting Page 4

Module 1

3. Multiplexing and Demultiplexing

 Multiplexing (many to one) is when data is acquired from several processes
from the sender and merged into one packet along with headers and sent as
a single packet. Multiplexing allows the simultaneous use of different
processes over a network that is running on a host.
 The processes are differentiated by their port numbers. Similarly,
Demultiplexing (one to many is required at the receiver side when the
message is distributed into different processes. Transport receives the
segments of data from the network layer distributes and delivers it to the
appropriate process running on the receiver’s machine.

4. Congestion Control
 Congestion is a situation in which too many sources over a network attempt
to send data and the router buffers start overflowing due to which loss of
packets occurs. As a result, the retransmission of packets from the sources

Network Analysis and Trouble Shooting Page 5

Module 1

increases the congestion further. In this situation, the Transport layer

provides Congestion Control in different ways.
 It uses open-loop congestion control to prevent congestion and closed-loop
congestion control to remove the congestion in a network once it occurred.
TCP provides AIMD – additive increases multiplicative decrease and leaky
bucket technique for congestion control.

5. Data integrity and Error Correction

The transport layer checks for errors in the messages coming from the application
layer by using error detection codes, and computing checksums, it checks
whether the received data is not corrupted and uses the ACK and NACK services
to inform the sender if the data has arrived or not and checks for the integrity of
data.

6. Flow Control
 The transport layer provides a flow control mechanism between the
adjacent layers of the TCP/IP model. TCP also prevents data loss due to a
fast sender and slow receiver by imposing some flow control techniques.
 It uses the method of sliding window protocol which is accomplished by
the receiver by sending a window back to the sender informing the size of
data it can receive.

What is Transmission Control Protocol (TCP)?

 TCP stands for Transmission Control Protocol. It is a transport layer
protocol that facilitates the transmission of packets from source to
destination.
 It is a connection-oriented protocol that means it establishes the connection
prior to the communication that occurs between the computing devices in a
network.

Network Analysis and Trouble Shooting Page 6

Module 1

 This protocol is used with an IP protocol, so together, they are referred to as

a TCP/IP.
 The main functionality of the TCP is to take the data from the application
layer.
 Then it divides the data into a several packets, provides numbering to these
packets, and finally transmits these packets to the destination. The TCP, on
the other side, will reassemble the packets and transmits them to the
application layer.
 As we know that TCP is a connection-oriented protocol, so the connection
will remain established until the communication is not completed between
the sender and the receiver.

Features of TCP protocol

The following are the features of a TCP protocol:

o Transport Layer Protocol

TCP is a transport layer protocol as it is used in transmitting the data from the
sender to the receiver.

o Reliable

TCP is a reliable protocol as it follows the flow and error control mechanism. It
also supports the acknowledgment mechanism, which checks the state and sound
arrival of the data. In the acknowledgment mechanism, the receiver sends either
positive or negative acknowledgment to the sender so that the sender can get to
know whether the data packet has been received or needs to resend.

o Order of the data is maintained

This protocol ensures that the data reaches the intended receiver in the same order
in which it is sent. It orders and numbers each segment so that the TCP layer on the
destination side can reassemble them based on their ordering.

Network Analysis and Trouble Shooting Page 7

Module 1

o Connection-oriented

It is a connection-oriented service that means the data exchange occurs only after
the connection establishment. When the data transfer is completed, then the
connection will get terminated.

o Full duplex

It is a full-duplex means that the data can transfer in both directions at the same
time.

o Stream-oriented

TCP is a stream-oriented protocol as it allows the sender to send the data in the
form of a stream of bytes and also allows the receiver to accept the data in the form
of a stream of bytes. TCP creates an environment in which both the sender and
receiver are connected by an imaginary tube known as a virtual circuit. This virtual
circuit carries the stream of bytes across the internet.

Need for Transport Control Protocol

 In the layered architecture of a network model, the whole task is divided into
smaller tasks. Each task is assigned to a particular layer that processes the
task. In the TCP/IP model, five layers are application layer, transport
layer, network layer, data link layer, and physical layer.
 The transport layer has a critical role in providing end-to-end
communication to the directly application processes. It creates 65,000 ports
so that the multiple applications can be accessed at the same time. It takes
the data from the upper layer, and it divides the data into smaller packets and
then transmits them to the network layer.

Network Analysis and Trouble Shooting Page 8

Module 1

Network Analysis and Trouble Shooting Page 9

Module 1

TCP Header Format

o Source port: It defines the port of the application, which is sending the data.
So, this field contains the source port address, which is 16 bits.
o Destination port: It defines the port of the application on the receiving side.
So, this field contains the destination port address, which is 16 bits.
o Sequence number: This field contains the sequence number of data bytes in
a particular session.
o Acknowledgment number: When the ACK flag is set, then this contains
the next sequence number of the data byte and works as an acknowledgment
for the previous data received. For example, if the receiver receives the
segment number 'x', then it responds 'x+1' as an acknowledgment number.

Network Analysis and Trouble Shooting Page 10

Module 1

o HLEN: It specifies the length of the header indicated by the 4-byte words in
the header. The size of the header lies between 20 and 60 bytes. Therefore,
the value of this field would lie between 5 and 15.
o Reserved: It is a 4-bit field reserved for future use, and by default, all are set
to zero.
o Flags
There are six control bits or flags:
1. URG: It represents an urgent pointer. If it is set, then the data is
processed urgently.
2. ACK: If the ACK is set to 0, then it means that the data packet does
90not contain an acknowledgment.
3. PSH: If this field is set, then it requests the receiving device to push
the data to the receiving application without buffering it.
4. RST: If it is set, then it requests to restart a connection.
5. SYN: It is used to establish a connection between the hosts.
6. FIN: It is used to release a connection, and no further data exchange
will happen.

 Window size
It is a 16-bit field. It contains the size of data that the receiver can accept.
This field is used for the flow control between the sender and receiver and
also determines the amount of buffer allocated by the receiver for a segment.
The value of this field is determined by the receiver.
 Checksum
It is a 16-bit field. This field is optional in UDP, but in the case of TCP/IP,
this field is mandatory.

Network Analysis and Trouble Shooting Page 11

Module 1

 Urgent pointer
It is a pointer that points to the urgent data byte if the URG flag is set to 1. It
defines a value that will be added to the sequence number to get the
sequence number of the last urgent byte.
 Options
It provides additional options. The optional field is represented in 32-bits. If
this field contains the data less than 32-bit, then padding is required to obtain
the remaining bits.

TCP 3-way Handshake Process

TCP 3-way handshake process is used for establishing and terminating the
connection between the client and server.

Steps of a 3-Way Handshake for Establishing the Connection

The three steps involved in establishing a connection using the 3-way handshake
process in TCP are as follows:

1. The client sends the SYN (synchronize) message to the server: When a
client requests to connect to a server, it sends the message to the server with
the SYN flag set to 1. The message also includes:
o The sequence number (any random 32-bit number).
o The ACK (which is set to 0 in this case).
o The window size.
o The maximum segment size. For example, if the window size is 3000
bits and the maximum segment size is 300 bits, the connection can
send a maximum of 10 data segments (3000/300 = 10).

Network Analysis and Trouble Shooting Page 12

Module 1

2.

 The server responds with the SYN and the ACK (synchronize-
acknowledge) message to the client: After receiving the
synchronization request, the server sends the client an
acknowledgment by changing the ACK flag to '1'.
 The ACK's acknowledgment number is one higher than the sequence
number received. If the client sends an SYN with a sequence number
of 2000, the server will send the ACK using acknowledgment number
= 20001.
 If the server wants to create the connection, it sets the SYN flag to '1'
and transmits it to the client.
 The SYN sequence number used here will be different from
the SYN used by the client. The server also informs the client of its
window size and maximum segment size. After this step is completed,
the connection is established from the client to the server.

3. The client sends the ACK (acknowledge) message to the server: The client
will set the ACK flag to '1' after receiving the SYN from the server and
transmits it with an acknowledgment number 1 greater than the
server's SYN sequence number. The SYN flag has been set to '0' in this case.
The connection between the server and the client is now formed after this
phase is completed.

Refer to the diagram below that explains the connection establishment process
using the 3-way handshake.

Network Analysis and Trouble Shooting Page 13

Module 1

Steps of a 3-Way Handshake for Terminating the Connection

Most implementations today allow three-way and four-way handshaking with a

half-close option for connection termination. Here we only mentioned the steps of
three-way handshaking for connection termination. The three steps involved in
terminating a connection using the 3-way handshake process in TCP are as
follows:

1. The client sends the FIN (finish) message to the server: When the client
decides to disconnect from the network, it transmits the message to the
server with a random sequence number and sets the FIN flag to '1'. ACK is
set to 0 in this case.

2. The server responds with the FIN and the ACK (finish-acknowledge)
message to the client: After receiving the request, the server acknowledges
the client's termination request by changing the ACK flag to '1'.

The ACK's acknowledgment number is one higher than the sequence

number received.
Network Analysis and Trouble Shooting Page 14
Module 1

If the client sends a FIN with a sequence number of 2000, the server will
send the ACK using acknowledgment number = 20001.

If the server also decides to terminate the connection, it sets the FIN flag to
'1' and transmits it to the client.

The FIN sequence number used here will be different from the FIN used by
the client. After this step is completed, the connection between the client to
the server is disconnected.

3. The client sends the ACK (acknowledge) message to the server: The client
will set the ACK flag to '1' after receiving the FIN from the server and
transmits it with an acknowledgment number 1 greater than the
server's FIN sequence number. The FIN flag is set to '0' in this case. After
this step is completed, the connection is also disconnected from the server to
the client.

Refer to the diagram below that explains the connection termination process using
the 3-way handshake.

Network Analysis and Trouble Shooting Page 15

Module 1

What is TCP Flow Control?

 TCP Flow Control was created to control the data flow between the user and
the server. Flow control mainly refers to TCP's ability to prevent a sender
from delivering a receiver too many packets at once. It ensures that a certain
amount of bandwidth is available for sending and receiving data so that
operations can proceed without encountering serious problems.

 The concept is that a node receiving data will communicate in some way
with the node sending the data to inform it of its current state.

How does TCP Flow Control Work?

This generally happens when we need to transmit data packets over a network.

Network Analysis and Trouble Shooting Page 16

Module 1

 The sender(suppose application A) sends data to application B, a TCP

socket. One endpoint of a networked two-way communication relationship
between two programmes is a socket.
 The transport layer(TCP) will bundle this data in a segment. The segment is
given to the network layer (such as IP), which will then find a way to route
the packet to the receiving node.

 Application -> TCP socket -> Segmentation -> Network layer

 On the receiver’s side, the network layer transfers the exact copy of the data
packet to the transport layer.

 Note: TCP won't deliver data packets out of order and will wait for
retransmission if it detects any message gap or lost packet.

 A buffer at the TCP layer will store the data to a fixed limit and then bundle
them into segments. Data is retrieved from the receiver buffer after the
application is ready.
 Flow control mostly refers to TCP's ability to simultaneously stop a sender
from sending too many packets to a receiver. From here receiver’s
window(buffer) comes into existence.
 To prevent the loss of data packets, TCP uses the acknowledgement process.

Network Analysis and Trouble Shooting Page 17

Module 1

 Every time receiver receives a packet, it must acknowledge by sending an

ack message to the sender. This ack message also includes the current
receiver buffer size (window) length, letting the sender know whether it can
still send data.

 Till now, we have run through the working of TCP flow control. Now, we
will see the protocol that is used for TCP flow control. This protocol is
known as SLINDING WINDOW PROTOCOL.

Sliding Window Protocol

 A method for sending multiple data packets at once is the sliding window.
The sliding window protocol uses a window to control the data transmission
flow.
 This protocol uses a sequence number for data transmission. Hence we can
find the receiver end's missing data packet. The sliding window technique
uses the sequence number to prevent duplicate data.

The TCP sliding window sets the maximum amount of data bytes (d) that one
system can send to another. The values of d depend on two factors:

Network Analysis and Trouble Shooting Page 18

Module 1

 The size of the sender window ( sender's buffer).

 The available size and capacity of the receiver window.

The amount of space in the receive buffer depends on how rapidly the receiving
application reads data from the buffer, i.e., data processing time. The system stores
the data in the buffer until the receiving application reads the data from the receive
buffer. Every time the sending system is informed of the buffer's available space.

Window Size

In Sliding window protocols, the sending window for the sender and the receiving
window for the receiver are separate buffers with predetermined sizes.
The size of the sending window determines the sequence number of the outgoing
packets.
Range of sequence number: 0 to 2n-1, where n is the number of bits of one data
packet.
Sender’s window size: The size of the sending window is 2𝑛−1.
Receivers’ window size: The maximum number of frames a receiver can accept at
once is determined by the size of the receiving window.
Some of the important terms of the Receiver Window are as follows:
 ReceiveBuffer: It is the buffer size used to store the data. It contains both the
available space as well as filled space.

 ReceiverWindow: It is the available space in the receive buffer.

 LastByteRead: The last byte of data that is being processed.

 LastByteReceived: The last byte of data that is received in the receive Buffer.

Network Analysis and Trouble Shooting Page 19

Module 1

S, the formula for the Receiver window is as follows:

Receiver window = Receiver Buffer - (last bit received - last bit read).

Generally, the message bytes are represented in bytes. So, in that case, the formula
will be
Receiver window = Receiver Buffer - (last byte received - last byte read).

The Persist Timer

 Consider a situation where the receiver sends the ack of the previous packet
and waits for the next data packet, but the ack is lost mid-way, and the
sender is waiting for the ack.

 In this case, there is a possibility of deadlock since both the sender and the
receiver are waiting for a message to start sending data.

 The TCP starts a persist timer whenever it receives an empty window

message to address this issue by periodically sending tiny packets to the
receiver. WindowProbe is another name for this timer.

Network Analysis and Trouble Shooting Page 20

Module 1

What are the benefit of TCP flow control?

 Reliability: Ensures reliable data delivery by matching sender and receiver

speeds.

 Error Recovery: Helps in retransmitting lost or corrupted packets for error

recovery.

 Efficiency: Optimizes network bandwidth usage by avoiding overloading the

network with data.

 Fairness: Ensures fair resource sharing among multiple users or applications.

 Stability: Maintains network stability by preventing buffer overflow at the

receiver.

 Scalability: Supports effective data transfer in networks of varying sizes and

capacities.

TCP Retransmission
The TCP retransmission means resending the packets over the network that have
been either lost or damaged. Here, retransmission is a mechanism used by
protocols such as TCP to provide reliable communication. Here, reliable
communication means that the protocol guarantees packet's delivery even if the
data packet has been lost or damaged.

The networks are unreliable and do not guarantee the delay or the retransmission of
the lost or damaged packets. The network which uses a combination of
acknowledgment and retransmission of damaged or lost packets offers reliability.

Network Analysis and Trouble Shooting Page 21

Module 1

Retransmission mechanism
Here, retransmission means the data packets have been lost, which leads to a lack
of acknowledgment. This lack of acknowledgment triggers a timer to timeout,
which leads to the retransmission of data packets. Here, the timer means that if no
acknowledgment is received before the timer expires, the data packet is
retransmitted.

Let's consider the following scenarios of retransmission.

Scenario 1: When the data packet is lost or erroneous.

In this scenario, the packet is sent to the receiver, but no acknowledgment is

received within that timeout period. When the timeout period expires, then the
packet is resent again. When the packet is retransmitted, the acknowledgment is
received. Once the acknowledgment is received, retransmission will not occur
again.
Network Analysis and Trouble Shooting Page 22
Module 1

Scenario 2: When the packet is received but the acknowledgment is lost.

In this scenario, the packet is received on the other side, but the acknowledgment is
lost, i.e., the ACK is not received on the sender side. Once the timeout period
expires, the packet is resent. There are two copies of the packets on the other side;
though the packet is received correctly, the acknowledgment is not received, so the
sender retransmits the packet. In this case, the retransmission could have been
avoided, but due to the loss of the ACK, the packet is retransmitted.

Network Analysis and Trouble Shooting Page 23

Module 1

Scenario 3: When the early timeout occurs.

How long should the sender wait?

The sender sets the timeout period for an ACK. The timeout period can be of
two types:

o Too short: If the timeout period is too short, then the retransmissions will be
wasted.
o Too long: If the timeout period is too long, then there will be an excessive
delay when the packet is lost.

In order to overcome the above two situations, TCP sets the timeout as a function
of the RTT (round trip time) where round trip time is the time required for the
packet to travel from the source to the destination and then come back again.

Network Analysis and Trouble Shooting Page 24

Module 1

How can we obtain the RTT?

The RTT can vary depending upon the network's characteristics, i.e., if the network
is congested, it means that the RTT is very high. We can estimate the RTT by
simply watching the ACKs.

Let's see how we can measure the RTT.

We will use the original algorithm to measure the RTT.

Step 1: First, we measure the SampleRTT for each segment or ACK pair. When
the sender sends the packet, then we know the timer at which the packet is sent,
and also, we know the timer at which acknowledgment is received. Calculate the
time between these two, and that becomes the SampleRTT.

Step 2: We will not take only one sample. We will keep on taking different
samples and calculate the weighted average of these samples, and this becomes the
EstRTT (Estimated RTT).

where, α+ β = 1

α lies between 0.8 and 0.9

β lies between 0.1 and 0.2

Step 3: The timeout is set based on EstRTT.

timeout = 2 * EstRTT.

The timeout is set to be twice the estimated RTT. This is how the actual timeout
factor is calculated.

A Flaw in this approach

There is a flaw in the original algorithm. Let's consider two scenarios.

Network Analysis and Trouble Shooting Page 25

Module 1

The above diagram shows that the sender sends the data, which is said to be an
original transmission. Within the timeout period, no acknowledgment is received.
So, the sender retransmits the data. After retransmitting the data, the
acknowledgment is received. Let's assume that acknowledgment is received for the
original transmission, not for the retransmission. Since we get the acknowledgment
of the original transmission, so SampleRTT is calculated between the time of the
original transmission and the time at which the acknowledgment is received. But
actually, the SampleRTT should have been between the time of the retransmission
and time of the acknowledgment.

Network Analysis and Trouble Shooting Page 26

Module 1

The above diagram shows that the sender sends the original data packet for which
we get the acknowledgment also. But the acknowledgment is received after
retransmitting the data. If we assume that acknowledgment belongs to the
retransmission, then SampleRTT is calculated between the time of the
retransmission and the time of the acknowledgment.

In the above both the scenarios, there is an ambiguity of not knowing whether the
acknowledgment is for the original transmission or for the retransmission.

Conclusion of the above algorithm.

o Here, ACK does not mean to acknowledge a transmission, but actually, it

acknowledges a receipt of the data.

Network Analysis and Trouble Shooting Page 27

Module 1

o If we consider the first scenario, the retransmission is done for the lost
packet. In this case, we are assuming that ACK belongs to the original
transmission due to which the SampleRTT is coming out to be very large.
o If we consider the second scenario, two same packets are sent so duplicity
occurs in this case. In this case, we are assuming that ACK belongs to the
retransmission due to which the SampleRTT is coming to be very small.

To overcome the above problems, a simple solution is given by the Karn/Partridge

algorithm. This algorithm gave a simple solution that collects the samples sent at
one time and does not consider the samples at the retransmission time for
calculating the estimated RTT.

Karn/Partridge Algorithm

In the above two scenarios, retransmission occurs, and we have considered the
Sample RTT. But this algorithm does not consider the Sample RTT when
retransmitting. Since the retransmission has occurred, which means that something
happens in this round-trip time or some congestion may occur in a network. To
overcome this problem, this algorithm doubles the timeout after each
retransmission. This algorithm is implemented in the TCP network.

Limitation

It does not consider the variance in RTT.

o If the variance is small, the EstimatedRTT comes out to be accurate. If

the variance is large, the EstimatedRTT is not accurate.

To overcome the above limitation, the Jacobson/Karels algorithm was developed

that introduces the variance factor in RTT.

Jacobson/Karels Algorithm

Network Analysis and Trouble Shooting Page 28

Module 1

This algorithm was developed to overcome the limitation of

the Karn/Partridge algorithm. It computes the difference between the
SampleRTT and EstimatedRTT, and boost the RTT based on the difference.

Calculations for average RTT

o First, we calculate the difference factor.

Diff = SampleRTT - EstimatedRTT

o Now, we calculate the EstimatedRTT, which will be calculated in the same

way as we did above.

EstRTT = EstRTT + (δ*Diff)

o Now, we calculate the average of the difference factor.

Dev = Dev + δ ( |Diff| - Dev)

Here, Dev is a deviation factor, and δ is a factor between 0 and 1. The Dev is an
estimate of the variance from the EstRTT.

o We will consider the variance while calculating the timeout value.

Timeout = µ * EstRTT + ɸ * Dev

Where, µ =1 and ɸ =4

Fast Retransmission
The timeout-based strategy for retransmission is inefficient. TCP is a sliding-
window kind of protocol, so whenever the retransmission occurs, it starts sending
it from the lost packet onward.

Network Analysis and Trouble Shooting Page 29

Module 1

 Suppose I transmit the packets 0, 1, 2, and 3. Since packet 0 and packet 1 are
received on the other side, packet 2 is lost in a network.
 I have received the acknowledgment of packet 0 and packet 1, so I send two
more packets, i.e., packet 4 and packet 5. When packets 3, 4, and 5 are sent,
then I will get the acknowledgment of packet 1 as TCP acknowledgments
are cumulative, so it acknowledges up to the packet that it has received in
order.
 I have not received the acknowledgment of packet 2, 3,4, and 5 within the
timeout period, so I retransmit the packets 2, 3, 4, and 5.
 Since packet 2 is lost, but other packets, i.e., 3, 4,5 are received on the other
side, they are still retransmitted because of this timeout mechanism.

Network Analysis and Trouble Shooting Page 30

Module 1

How can this timeout inefficiency be removed?

The better solution under a sliding window:

Suppose n packet has been lost, but still, the packets n+1, n+2, and so on have been
received. The receiver is continuously receiving the packets and sending the ACK
packets saying that the receiver is still awaiting the nth packet. The receiver is
sending repeated or duplicate acknowledgments. In the above case, ACK of packet
1 is sent three-time as packet 2 has been lost. This duplicate ACK packet is an
indication that the nth packet is missing, but the later packets are received.

The above situation can be solved in the following ways:

o The sender can take the "duplicate ACKs" as an early hint that the nth
packet has been lost so that the sender can do the retransmission as early as
possible, i.e., the sender should not wait until the timeout occurs.
o The sender can implement a fast transmission strategy in TCP. In a fast
transmission strategy, the sender should consider the triple duplicate ACKs
as a trigger and retransmit it.

TCP uses three duplicate ACKs as a trigger and then performs retransmission. In
the above case, when three ACKs of packet 1 are received, then the sender should
send the lost packet, i.e., packet 2, without waiting for the timeout period to occur.

Network Analysis and Trouble Shooting Page 31

Module 1

User Datagram Protocol (UDP)

User Datagram Protocol (UDP) is a Transport Layer protocol. UDP is a part of

the Internet Protocol suite, referred to as UDP/IP suite. Unlike TCP, it is
an unreliable and connectionless protocol. So, there is no need to establish a
connection before data transfer. The UDP helps to establish low-latency and loss-
tolerating connections over the network. The UDP enables process-to-process
communication.
What is User Datagram Protocol?
Though Transmission Control Protocol (TCP) is the dominant transport layer
protocol used with most of the Internet services; provides assured delivery,
reliability, and much more but all these services cost us additional overhead and
latency. Here, UDP comes into the picture. For real-time services like computer
gaming, voice or video communication, and live conferences; we need UDP.
Since high performance is needed, UDP permits packets to be dropped instead of
processing delayed packets. There is no error checking in UDP, so it also saves
bandwidth.

Features of UDP protocol

The following are the features of the UDP protocol:

o Transport layer protocol

UDP is the simplest transport layer communication protocol. It contains a

minimum amount of communication mechanisms. It is considered an unreliable

Network Analysis and Trouble Shooting Page 32

Module 1

protocol, and it is based on best-effort delivery services. UDP provides no

acknowledgment mechanism, which means that the receiver does not send the
acknowledgment for the received packet, and the sender also does not wait for the
acknowledgment for the packet that it has sent.

o Connectionless

The UDP is a connectionless protocol as it does not create a virtual path to transfer
the data. It does not use the virtual path, so packets are sent in different paths
between the sender and the receiver, which leads to the loss of packets or received
out of order.

Ordered delivery of data is not guaranteed.

In the case of UDP, the datagrams are sent in some order will be received in the
same order is not guaranteed as the datagrams are not numbered.

o Ports

The UDP protocol uses different port numbers so that the data can be sent to the
correct destination. The port numbers are defined between 0 and 1023.

o Faster transmission

UDP enables faster transmission as it is a connectionless protocol, i.e., no virtual

path is required to transfer the data. But there is a chance that the individual packet
is lost, which affects the transmission quality. On the other hand, if the packet is

Network Analysis and Trouble Shooting Page 33

Module 1

lost in TCP connection, that packet will be resent, so it guarantees the delivery of
the data packets.

o Acknowledgment mechanism

The UDP does have any acknowledgment mechanism, i.e., there is no handshaking
between the UDP sender and UDP receiver. If the message is sent in TCP, then the
receiver acknowledges that I am ready, then the sender sends the data. In the case
of TCP, the handshaking occurs between the sender and the receiver, whereas in
UDP, there is no handshaking between the sender and the receiver.

o Segments are handled independently.

Each UDP segment is handled individually of others as each segment takes

different path to reach the destination. The UDP segments can be lost or delivered
out of order to reach the destination as there is no connection setup between the
sender and the receiver.

o Stateless

It is a stateless protocol that means that the sender does not get the
acknowledgement for the packet which has been sent.

Network Analysis and Trouble Shooting Page 34

Module 1

UDP Header Format

In UDP, the header size is 8 bytes, and the packet size is upto 65,535 bytes. But
this packet size is not possible as the data needs to be encapsulated in the IP
datagram, and an IP packet, the header size can be 20 bytes; therefore, the
maximum of UDP would be 65,535 minus 20. The size of the data that the UDP
packet can carry would be 65,535 minus 28 as 8 bytes for the header of the UDP
packet and 20 bytes for IP header.

The UDP header contains four fields:

o Source port number: It is 16-bit information that identifies which port is

going t send the packet.
o Destination port number: It identifies which port is going to accept the
information. It is 16-bit information which is used to identify application-
level service on the destination machine.

Network Analysis and Trouble Shooting Page 35

Module 1

o Length: It is 16-bit field that specifies the entire length of the UDP packet
that includes the header also. The minimum value would be 8-byte as the
size of the header is 8 bytes.
o Checksum: It is a 16-bits field, and it is an optional field. This checksum
field checks whether the information is accurate or not as there is the
possibility that the information can be corrupted while transmission. It is an
optional field, which means that it depends upon the application, whether it
wants to write the checksum or not. If it does not want to write the
checksum, then all the 16 bits are zero; otherwise, it writes the checksum. In
UDP, the checksum field is applied to the entire packet, i.e., header as well
as data part whereas, in IP, the checksum field is applied to only the header
field.

Differences between TCP and UDP

The main differences between TCP (Transmission Control Protocol) and UDP
(User Datagram Protocol) are:

User
Datagram
Transmission Control Protocol
Basis Protocol (TCP) (UDP)

TCP is a connection-oriented UDP is the

protocol. Connection Datagram-
orientation means that the oriented protocol.
communicating devices This is because
Type of Service should establish a there is no
connection before overhead for
transmitting data and should opening a
close the connection after connection,
transmitting the data. maintaining a
connection, or

Network Analysis and Trouble Shooting Page 36

Module 1

User
Datagram
Transmission Control Protocol
Basis Protocol (TCP) (UDP)

terminating a
connection. UDP
is efficient for
broadcast and
multicast types of
network
transmission.

The delivery of
data to the
TCP is reliable as it
destination
Reliability guarantees the delivery of
cannot be
data to the destination router.
guaranteed in
UDP.

TCP provides extensive UDP has only the

Error checking error-checking mechanisms. basic error-
mechanism checking
It is because it provides flow
control and acknowledgment mechanism using
of data. checksums.

No
An acknowledgment
Acknowledgment acknowledgment
segment is present.
segment.

Network Analysis and Trouble Shooting Page 37

Module 1

User
Datagram
Transmission Control Protocol
Basis Protocol (TCP) (UDP)

There is no
Sequencing of data is a sequencing of
feature of Transmission data in UDP. If
Control the order is
Sequence
Protocol (TCP). this means required, it has to
that packets arrive in order at be managed by
the receiver. the application
layer.

UDP is faster,
TCP is comparatively slower simpler, and
Speed
than UDP. more efficient
than TCP.

There is no
retransmission of
Retransmission of lost
lost packets in
Retransmission packets is possible in TCP,
the User
but not in UDP.
Datagram
Protocol (UDP).

UDP has an 8
TCP has a (20-60) bytes
Header Length bytes fixed-
variable length header.
length header.

Network Analysis and Trouble Shooting Page 38

Module 1

User
Datagram
Transmission Control Protocol
Basis Protocol (TCP) (UDP)

UDP is
Weight TCP is heavy-weight.
lightweight.

It’s a
Uses handshakes such as connectionless
Handshaking Techniques
SYN, ACK, SYN-ACK protocol i.e. No
handshake

TCP doesn’t support UDP supports

Broadcasting
Broadcasting. Broadcasting.

UDP is used
TCP is used by HTTP,
by DNS, DHCP,
Protocols HTTPs, FTP, SMTP and Teln
TFTP, SNMP, RI
et.
P, and VoIP.

UDP connection
The TCP connection is a
Stream Type is a message
byte stream.
stream.

Overhead Low but higher than UDP. Very low.

Network Analysis and Trouble Shooting Page 39

Module 1

User
Datagram
Transmission Control Protocol
Basis Protocol (TCP) (UDP)

This protocol is
used in situations
where quick
This protocol is primarily
communication is
utilized in situations when a
necessary but
safe and trustworthy
where
Applications communication procedure is
dependability is
necessary, such as in email,
not a concern,
on the web surfing, and
such as VoIP,
in military services.
game streaming,
video, and music
streaming, etc.

Network Analysis and Trouble Shooting Page 40