I'm just curious about how the server knows if the received segment is a UDP or a TCP segment, especially when the listening port can listen on both UDP and TCP.
I know the client can use SOCK_DGRAM to generate UDP segments and SOCK_STREAM for TCP segments, but the segment transmitted is still a bunch of bits. How can the server know whether it should interpret these bits as a UDP segment or as a TCP segment? What if these bits are a UDP segment, but accidentally do not mean "too weird" if they are interpreted as a TCP segment?
It's firstly an IP packet, which contains the protocol in the IP header. Inside the IP packet is a payload, which contains either a TCP segment or a UDP datagram.
Related
I have to design a program that reads all the TCP segments incoming of the same connection. How can I distinguish which connection a packet belongs to, among many packets that I receive? Is it sufficient to discriminate on the basis of the DESTINATION PORT field in the header?
No. Using just the destination port isn't enough. A TCP connection is defined by a combination of the following 4 values:
Source port
Source ip address
Destination port
Destination ip address
Port number equals to 80 is obviously not a sufficient condition. Is it a necessary condition that Wireshark has found a request message or response message in application layer payload?
I'm not sure this is a full answer, but here is what I know regarding Wireshark's identification of HTTP packets (all items below are dissected as HTTP):
TCP port 80
TCP or UDP ports 8080, 8008, 591
TCP traffic (on all ports) that has line end (CRLF) and the line begins or ends with the string "HTTP/1.1"
SSDP (Simple Service Discovery Protocol) in TCP or UDP port 1900
DAAP (Apple's Digital Audio Access Protocol) in TCP port 3689
IPP (Internet Printing Protocol) in TCP port 631
I am trying to capture the packets moving from my system when i searched URL www.google.com in the browser. This is the flow I am seeing in wireshark.
DNS request was made
TCP three-way handshake is done
TLSV1.2 handshake has started.
In between tlv1.2 handshake I am seeing TCP packets moving from my system to the same port. What is that traffic regarding? I am sharing the screenshot for the same.
The TCP packets with description "ACK" are TCP acknowledgement packets.
An acknowledgement packet is sent to the server for each time the client receives a TCP data packet from the server.
The TCP packets with description "TCP segment of a reassembled PDU" are TCP fragmented data packet.
TCP may divide an upper layer packet into multiple packets. A TCP fragmented data packet is a piece of a divided packet.
For example, the TLS server certificate packet (#1842) was divided into 3 packets by TCP, #1839, #1841, and #1842.
I want to scan udp ports with SYN flag. But how would udp server react to the SYN packet, when the udp port is open and not open?
There are not flags field (including SYN flag) in the UDP header. So, technically speaking, it is not possible to send SYN packet using UDP protocol.
If you try to send TCP-formatted packet with protocol value 17 (UDP), the checksum will not match, and the packet will be discarded.
Are datagrams a protocol or not?
Is "Ping" (protocol ICMP) used in an IP DATAGRAM? Or is it using other protocols, such as TCP or UDP?
How do you know the message "Reply" the way back?
Why the Tel number stays the same?
https://en.wikipedia.org/wiki/IPv4#Protocol
Datagrams are basically the packets that go back an forth over the network at IP level. Each of these packets can specify a protocol. You can have TCP, UDP, ICMP, etc. (see https://en.wikipedia.org/wiki/List_of_IP_protocol_numbers)
So to answer your question, yes the protocol for datagrams is basically IP.
You can have higher level protocols that run over IP such the one above.
See https://en.wikipedia.org/wiki/Internet_protocol_suite
Ping uses the ICMP protocol.
Are datagrams a protocol or no?
'Datagram' is the name of the unit of transmission in the UDP protocol.
Is "Ping" ( protocol ICMP ) used in a IP DATAGRAM?
The question doesn't make sense. It would make more sense to say that the ICMP protocol is transmitted via IP packets.
Or is it using other protocols, such as TCP or UDP ?
ICMP is a protocol: you said so yourself; and it is layered over the IP protocol.