 This is this is our TCP TCP segment TCP our packets are called segments and There's only one type. Okay, there's no different type of segment for an act. We just have one type of segment and Important things in the header. There's a source and destination port which identify the applications which are communicating We have two numbers a sequence number which is used to identify The data that we're sending to give our data some sequence the first piece of data the second piece of data and an acknowledgement number To indicate what the receiver the receiver of the data has Successfully received and is acknowledging and We've said it several times already When we send data the acknowledgement number that comes back Indicates the next sequence number expected So if I receive a segment with acknowledgement number 100 it says The TCP entity that just received the data X Should is now expects to receive 101. Okay, so act number 100. Sorry. I've got that wrong act number 100 Means the destination is expecting to receive data with sequence number 100 Means they've just received 99 Okay, so act number indicates the next one expected not the last one received and flags There are different flags used inside here, which is just one bit values when they're one it means that feature is on Or that packet has a particular meaning and in fact, that's how we use an acknowledgement There's one of the flags which is called an act flag when that bit is set to one. It means that this segment is an acknowledgement For some data previously received and it Means that the acknowledgement number has Has some meaning in this case if the act flag is one the acknowledgement number Needs to be needs to be read so that we know what's been acknowledged So in fact our segment can contain data and acts in the one segment We can include data and at the same time set the act flag and set the acknowledgement number so that That data also carries an act from previous data received now with the sequence numbers When we start our computers and I connect to a server or I want to transfer data to some from one client to a server The sequence numbers we don't necessarily start at zero or one I May transfer data from my computer to another computer and then the next time maybe one hour later when I want to transfer data I Will use a new set of sequence numbers and normally we'll keep increasing the sequence numbers until we get to the maximum and wrap back to zero So every time we connect or every time we want to transfer data. We don't restart the sequence numbers so in TCP we set up a connection and one of the things that we do when we set up a connection is we Negotiate those initial sequence numbers. What do we start with so? we set up a connection in TCP and in that that Process of setting up the connection both sides agree upon their initial sequence number and In fact how it works is that once we agree upon initial sequence numbers Then the data we send will start from that ISN plus one if I choose initial sequence number 300 and The other side Accept that they are happy to use it then the first piece of data I send to the other side will start with sequence number 301 and similar Because TCP is full duplex connection the other side can send data to me and the sequence numbers used in each direction that Independent of each other So they can be completely different So the other side also needs to choose an initial sequence number so The connection setup involves agreeing upon those Initial sequence numbers or synchronizing the sequence numbers and The general mechanism is we send three TCP segments A wants to initiate a data a connection to be it sends a TCP segment with the sin flag set It's a special segment to synchronize sequence numbers And the sequence number field in the header is set to the initial sequence number that user a chose Okay, so it chooses a value. It may be dependent upon what it's done in the past It tells be be responds Assuming everything's okay, and B is prepared to accept the connection be responds With an act and the way that we carry an act is that we set the act flag to true So in this This picture. I say the act flag is true or is on The acknowledgement number is the initial sequence number chosen by a plus one If a chose 300 it tells B B sends back an act saying I now expect 301 So the acknowledgement number a n But in this same TCP segment B also tells a of its initial sequence number So we also set the sin flag. We can have multiple flags set at any one time They're just a sequence of eight bits one bit represents each flag So in this one segment sent from B to a the act flag is set meaning this is an act of the previous segment and The sin flag is set meaning B is trying to tell a of its initial sequence number Isnb a receives that assuming everything's okay. I accept that then a sends back the third message saying I Accept that or I acknowledge Your initial sequence number by setting the act flag to be true and setting the acknowledgement number to be the one B chose plus one This diagram only shows the the important fields the field values in the TCP header Of course the other fields also have that values the other main ones of interest in the The connection setup or quarter TCP three-way handshake. It's a handshake or an agreement using three messages Let's see This in an example or several examples and let's go to a real example We'll see the connection setup in some detail and then we'll see well What happens after the connection setup the data transfer? this is a capture of a Accessing a web web page. I did it last year or even the year before I Accessed from my laptop I think the the IP address of my laptop was ten dot ten dot ninety nine dot two five one and I was access Accessing what was called then the IT server which had IP address two oh three dot one three one two oh nine dot seventy two So two computers involved And what I actually did it from the application point of view is I opened my browser. I typed in some URL and that triggered The browser to use HTTP to send a request for a web page from the web server the server sent back the web page It was displayed on my screen So web browsing we know uses HTTP which in turn Uses TCP as the transport protocol So I captured that exchange and I filtered out some packets and I got these seven packets So we're going to go through them To demonstrate what happens with the connection setup and the data transfer focus on the first three so We'll go through the first three and as you may guess by the information there. This is the three-way handshake I think you've used or seen the output of wireshark in your assignment and other examples But just a reminder here. We have the time from when the first packet was captured in seconds The addresses of the two entities involved in this case the IP addresses The protocol is just a thing that wireshark Gives us as information about the highest level protocol used in this packet Note that each packet is using multiple protocols So it can be a bit confusing in a moment. Let's Not worry too much about the protocol column Info is just some summary of that particular packet So it doesn't show everything but just some summary information And then when we select a packet in the top window or the top pane The details of that packet we can expand in this middle pane or this lower one in this case So let's look at the first packet I'm going to focus mainly on the transport layer the application layer and a little bit of on the network layer that is IP The first packet is from this computer 10 10 99 2 5 1 which is my client laptop Going to the server 203 address Let's look at the TCP segment Some of the values in that the header field at least the source port number 42679 Represents my web browser on my laptop The destination port number port 80 represents the web server the web server software on the other computer 203 We'll skip some header fields and come back to them where necessary Importantly the flags if I expand that Recall the flags there there are in fact There are eight bits three a reserve that is not used. So What do we have? We have three plus another eight bits eight useful bits in this case When the value of that bit is one we think that feature is on So in this case, there's only one bit one the sin flag is set What that tells us is that this TCP TCP segment is Used to synchronize sequence numbers So the source sent it to mean a special type of TCP second no data involved so this For simplicity we often just call a sin segment. It's a TCP segment, but we give it a name a sin segment SYN for synchronize and Go back up the sequence number in a sin segment the sequence number field is The initial sequence number chosen by the computer that sends this segment and the number here two four one five six six six one oh eight It's not zero or one. It's um, what looks like some random number. Where did it come from? most likely when my computer booted It may either chosen a random number or started from a value in this case It's probably larger than what it used in the past So it keeps some state of what sequence number it used in the previous data transfer and keeps increasing it So this is the value that Computer a the source wants to choose and start with Now we'll show in my example. I will write some We'll draw a picture showing what happens here. Let's just focus on the last four numbers Okay, it's actually a much longer number. Let's focus say a six sequence number six one or six one oh eight So this is sent From laptop to server When the server receives that we see the response that it sends the second packet Again, we can see the port numbers. The source port is now 80. It's coming from the web server The destination port is 4267 9 it's going to the web browser on my laptop the IP addresses have just reversed and the flags which are set We see there are two flags set The act flag is set meaning this segment is an acknowledgement for something previously received and Also, the sin flag is set meaning this segment is The sender trying to inform the receiver of its initial sequence number So two flags set meaning this segment has two different meanings It's a sin and an act segment Or a sin act segment with the act flag being set it means the acknowledgement number is Important here. What is the act number? This long number two four one five six six six one oh nine The sequence number of the previous segment finished with six one oh eight and The acknowledge acknowledgement number that comes back will be six one oh nine because this is be saying thank you for the The sin segment I accept that value and the next one. I expect is six one oh nine So this is the acknowledgement of the previous segment But the sin segment but the sin flag is also set Meaning this segment also contains the initial sequence number that be chooses this value one nine oh one nine six eight one two four So another Independent value from what a chose the sequence number that B is going to use to send data to a sends that The third packet We see is received by the original laptop and sent back to the server What flags are set? Only the act flag is set Meaning this segment is an acknowledged acknowledgement of a previous segment Importantly the act number eight one two five The previous segment sequence number received B chose eight one two four So a sends back an act eight one two five So that shows well, that's an example of the three-way handshake and there's no data transferred in this case This is just the initial connection establishment connection set up As a result they'll start using those sequence numbers Let's draw because we'll go through for those other four packets, but before we do let's Record the sequence of packets exchanged. So I'm going to record the sequence numbers and the packet sent but I will not write the entire numbers We'll just cut it down to the last four digits for example a chose Remember a sent sequence number two four one five six six six one oh eight. Let's just write that a six one oh eight 6108 so a chose an initial sequence number of six 108 and sends a TCP SIN segment to the destination or Sends a TCP segment and We've if we look at the flags. We'll see that the SIN flag is set. So we call it a SIN segment and the sequence number Contains this value six one oh eight so I'll just write Six one oh eight here That's the first TCP segment and I've just it's common to just draw the exchange of packets Not showing all the details of the packet, but the important things for this particular packet. It's a SIN segment sequence number six one oh eight And note I've already recorded the IP address and port numbers of those two entities communicating and when that's received The server sends back a response and let's check the values that it uses So we've drawn the first packet the server sends back a response the SINs flag is set The act flag is set act number six one oh nine Sequence number eight one two four to the act first six one oh nine and This initial sequence number chosen by B in this case was eight one two four So this segment also has the SIN flag set and the sequence number eight one two four so when I The number next to the act flag is the acknowledgement number the number next to the SIN is the actual sequence number in this segment. We've got two different numbers six one oh nine because the one received was six one oh eight eight one two four Because the initial sequence number chosen by the server was eight one two four in an in the next Connection set up. It will be a different value and then the third segment act flag is set act number eight eight one two five I Will not write the sequence number in this segment although it has a value and we'll see it in a moment I would just want to capture the main things of These three segments with a connection set up a SIN with a sequence number a SIN act with a sequence number an act number and an act with the act number eight one two five In all segments both numbers are always set to some value But we just focus on the ones which are most important in this case We can think if the act flag is not set the act number is Not meaningful and if there's no data inside that segment Then the sequence number unless it's a SIN segment is not meaningful or that has a value now. Let's Let's move on and see the data transfer and we use our example of our web browsing to do so three-way handshake now in the next the fourth segment in this Exchange It's the laptop we note by the IP address the laptop sending to the server and It's sending TCP data Wireshark reports the protocol is HTTP. That's because the highest level protocol on this packet is HTTP It's used for web browsing but HTTP uses TCP as the transport protocol and if we zoom out a bit on that individual packet this selected packet if We think from the top layer from our protocol stack is using HTTP Transport protocol is TCP under that The network layer is IP and under that the data link layer is Ethernet Wireshark doesn't look at the physical layer. That's happens in the hardware So you can think that Wireshark presents the stack information about the stack upside down in this case Okay, so from the lowest layer to the highest layer frame for just means from Wireshark's perspective the This packet or frame that was captured the total size of it and some information about that that actual packet But from a layered perspective we can see it from these four entries So it's a TCP segment In fact, we'll see it's a TCP a segment that contains data where the data is the HTTP message So let's expand and see some parts of the TCP segment Source port our web browser same as before four two six seven nine Going to the web server port eighty sequence number six one oh nine the connection set up The laptop chose six one oh eight as the initial sequence number They agreed upon the values now the first piece of data that the laptop sends to the server Will start with sequence number six one oh nine And we see that from the act that come back Laptop chose six one oh eight Server sends back an act saying I now expect six one oh nine So in fact the first piece of data starts at six one oh nine Wireshark shows some other information, which is not contained in the segment The next sequence number for example Acknowledgement number We'll see it's the same act number as the previous segment Not important in this case because in fact we'll see Well no is important well not important, but we'll We'll come back to it when we see the flags Let's go to them. What are the flags set in this segment two flags are set the acknowledgement flag is set meaning This segment is an acknowledgement of a previous segment and that we need to take notice of the acknowledgement number Well, what is it acknowledging? It's in fact if you check it's the same value as The previous act that was sent. That's not the value act number eight one two five Sent by the laptop The previous act sent by the laptop was in fact act number eight one two five So now we have a new TCP segment The act flag is set and the act number is the same as the old one And it's common to do this to include the act number in the segment in the segment Even if we haven't received any new data We keep saying I now expect to receive eight one two five So let's draw that segment from the laptop to the server We've seen the act flag is set Act number is eight one two five We'll see some other details in a moment, but note It's the same act as the previous one Same act number. It's just saying I now expect to receive eight one two five It hasn't received any data since so it's still the same act number What else is in this segment? There's another flag set the push flag We haven't explained this one before when we send data and we'll see that this segment contains data when we send data There's an option to try and force the receiver to process that data as soon as it gets it And that's what the push flag means in this case. It's saying here's some data and and Make sure you deliver that data as you receive it to the application at your side So this is the laptop sending data to the server When the server receives the data and sees the push flag is set That tells the server TCP software to push that data to the application on the server as soon as it gets it if it's not set Then what may happen is that the data may be buffered or weight at the receiver before it's delivered to the application It's not so important in our exchange And whether it was set or not set is not so important for this example. What is the sequence number in this segment? 6109 let's record those values the push flag is set Not so important The important thing is the sequence number 6109 and that comes from the previous act initial sequence number 6108 Be or the server says I now expect 6109 in this connection set up So the first piece of data contains sequence number 6109 How long is the data? How many bytes? Well, we can determine we can have a look there's different ways to find out but let's Let's go back and see some of the details this TCP segment in the IP datagram There's a field total length and another field header length So the IP datagram has a total length of 353 bytes The IP header length is 20 bytes So if we can visualize the IP datagram There's 20 bytes of header and 323 bytes inside that So inside the IP datagram is 20 bytes header plus three hundred and twenty Three hundred and thirty three bytes, okay, three five three minus 20 333 bytes what is inside? The TCP segment So that tells us that this TCP segment is 333 bytes and that TCP segment is made up of header and data header length of the TCP segment is 32 bytes So we had 333 bytes for the TCP segment Minus the header for the TCP segment of 32 bytes Leaves us with 301 bytes of data So we'd say or we know that this TCP segment contains 301 bytes of data Okay, so we can calculate from the the Datagram and header sizes We're going to even look at the data to see So why shark tells us some information about the data if we look at that the HTTP information But we know already it's 301 bytes Let's record that because we import be important with our sequence numbers The length so this is the first segment containing data. We'll just note a length 301 that is 301 bytes of data in this TCP segment TCP uses An ARQ scheme send data Expect acts back. What's the next segment anyone want to guess an act? okay, all right, we'll check and we'll see but We send some data. So this segment is the first one containing data sent it from laptop to server the data What is it? It's actually a request for a web page. We'll come back to that later The data sent to the server TCP at the server is going to send back an act saying thank you for that data I now expect more data. Let's start drawing the act and then we'll go back to our capture and see So in summary so far the first three segments connection set up now the first data segment and The response will be an act and we can guess that the act flag will be set We'll confirm that in a moment and the act number What is the act number going to be the servers receive data? 61 No Because the information that you need to answer is this shown here sorry this These three values are associated with this TCP segment this TCP segment Had the push flag set it contained data The sequence number was 6109 It had the act flag set with the act number 8125 And the length of the data inside this segment was 301 bytes So in fact, what's important to look at the act that comes back This act 8125 is not relevant the act 8125 is relevant for the data coming from the server To the laptop. We're focusing currently on data With sequence number 6109 going to the server the server sends back an act With an act number saying what's the next sequence number expected? Okay, that's our normal behavior that is we send data with a sequence number 6109 The receiver sends back an act saying the next value I expect Is and this is where the confusion arises or the prop the difference from what we've seen so far In the protocols we've seen so far We had sequence numbers that counted packets or frames Send frame zero act one comes back send frame one act two comes back In TCP it's not like that In TCP sequence numbers count bytes bytes of data What that means is this TCP segment Has 301 bytes of data We can think each of those bytes are labeled with a sequence number The first byte in that segment has sequence number 6109 The second byte 6110 The third byte 6111 and so on the 301st byte is what? sequence number 6409 you have to be careful and check that So think of the first byte Is 6109 let's say we just had two bytes No, let's say we had one byte okay one byte of data only not 301 but one then the first byte would be 6109 And that's it the last byte would be 6109 if we had 11 bytes The first byte would be 6109 and the last byte would be 6 119 It finished with a nine And if we have 301 bytes it ranges from 6109 up to 6409 Okay So think now in every TCP segment that contains data Each byte of data has its own sequence number Can we draw that or make note of that? This segment that was sent here. Let's say we sequence numbers 6109 6110 to 6409 301 values in that case So that's the data That was received in this TCP segment The receiver now sends back an act saying the next number expected is 6410 So the act number will be 6410 in this segment and that's something new and it's A feature of TCP that our sequence numbers count bytes. They always remember that they don't count segments They count bytes So the act number will depend upon the sequence number received and the amount of data in that segment And quite simply the act number will be the sequence number plus the data size saying I've received from byte 6109 up to 6409 I've received those 301 bytes the next sequence number expected will be 6410 Let's check The highlighted packet was the data segment sent This packet is the response the act sent by the server 203.72 to the laptop And looking at the TCP header port numbers Act number the act flag is set and the act number 6410 You see the act flag is true act number 6410 in this case Sequence number also has a value. We'll see it's the previous one But what's important here is the act number. There's no data in this segment If you calculate the sizes the data length is zero. There's no data in this case. What happens next? well with with web browsing The way HTTP works my My laptop sends a request to the web server That was in fact this packet And when the web server receives that request it processes it and sends back a reply Which is in fact the next packet in our sequence We see the server 203 address sending to my laptop And it's actually a HTTP response So the way web browsing works send a request for a web page Server sends back that actual web page in a response With some status saying everything is okay So this is a TCP segment containing data from the server to the laptop port numbers sequence number in this segment 8125 because that was One more than the initial sequence number chosen by b8124 Similar to our previous data segment. We'll see the push flag is set saying To the laptop as soon as you receive that data Send it to the application And it also has the act flag set. It's just another act Of the previous act sent by the server same number 6410 Again, we can calculate the length The ip datagram has 555 bytes in total Contains 20 bytes of ip header leaving us with 535 bytes Which consists of 32 bytes of tcp header 503 bytes remaining that 503 bytes is the data inside the tcp segment So this packet from server to laptop contains 503 bytes of tcp data I'll record the values push flag was set The sequence number was 8125 And we see that follows from the act The act sent from a saying I now it's Have I done something wrong? Who sent the data? The server sends data in this case. Sorry. I had the direction of my arrow wrong This we're looking at the packet going from server to client What has happened is that the the web browser has sent a request for a web page to the server tcp sends back an act saying I've received that data and now the server The web server sends back some data In this case containing the web page So it's going in the same direction as the previous message The push flag is set sequence number 8125 The previous act sent by the client had Act number 8125 meaning the next one expected is 8125 The act number is included in here It's just a repeat of the previous act The server previously sent an act with act number 6410 And there hasn't received any data since then so sends the same act number Just reminding A that I still expect 6410 next And the length of this data segment is Well the length of data in the segment was calculated to be 503 bytes As you may guess and we saw we will see in the capture again. There's an act that comes back When the laptop receives this piece of data, it will send back an acknowledgement And what act number be careful This is the data segment here Sequence number 8125 act number 6410 length of data 503 When laptop receives that it sends back an act with act number 8628 will be the act number Let's Draw the data received so This segment the data received we can think there were 503 bytes each byte was labeled with a sequence number So the first byte would be 8125 The second byte 8126 8127 And there were 503 bytes the last one would be 8627 You can count them if you don't believe me go and count those values you should see 503 numbers in that list So And this is worth repeating In tcp the sequence numbers count bytes So always think that each byte has a sequence number assigned to it So we've received from 8125 through to 8627 So the act number that comes back is 8628 And that's our the main data transfer for this web page and the only packets that I captured It was a small web page less than 100 bytes We'll have a look at it in a moment not the web page the source Uh So we're seeing the main parts of the tcp data transfer We've seen both the connection set up at the start this three-way handshake Sin sin ac ac Now tcp is very complex. There are many features that we would not cover It's not always like this, but this is the most common interaction This sin sin ac ac Where this sin ac really is one segment which has two meanings Act the previous packet received and synchronized the Initial sequence number chosen by the server Client chose an initial sequence number server chose a sequence initial sequence number Once the connection is set up So after those three segments then we can transfer the data in either direction And this example saw data going from client to server The push flag not so important here Data going from client to server containing 301 bytes and an ac coming back saying thanks for that data And importantly their ac number is the next sequence number expected Where the sequence numbers count bytes And then we saw data going from server to client and the final ac coming back So we say tcp is full duplex. We can send data in either direction once the connection is set up It doesn't matter who set up the connection Uh and the sequence numbers are independent in each direction Everything that the client is sending Is going to keep increasing from this sequence number 6109 6410 and so on sending in this direction and in the opposite direction from server to to client We're starting with what 8125 and going up from there by maintained independently And we can keep sending data in acs Depending on how much data that they want to exchange Not just once one tcp segment. They may keep sending segments any questions on connection setup sequence numbers Let's see if we covered most things in the In the slides. All right, we've covered the three-way handshake Not covered in our example, but eventually we closed the connection I didn't capture those packets. I omitted them But we transfer the data data transfer is done Then we closed the connection so that they can Remove the allocation of resources memory and so on and and move on with the next data transfer So there are there's an exchange to close the connection and there's TCP segments with the fin flag fin for finish the connection set fin and an act that comes back And there's some complexities in that the the connection can be closed from one endpoints perspective But still open from the other endpoints We're not going to cover how the The connection closing works That's just one example Set up a connection Data transfer close the connection the data transfer We saw one simple example. What else? It uses actually sliding window for the data transfer With the error control and the flow control the source is allowed to send a window of of tcp segments or of data So it's not always limited to just send one segment It can usually send multiple segments containing some window of data and acts come back We've seen the mechanisms in the sliding window mechanism for flow control and selective reject for retransmission So it has own algorithms for the error and flow control and even congestion control And there are many details with them again. We don't get to see them There are many details that explain how they work and Even some parts vary depending upon the implementation the details of You receive data. Do you immediately send an act? Or maybe wait for some time and act two data segments that you've received Okay, that it depends upon the implementation One thing that we've started to see Is sequence numbers and we can think of the data in tcp We've said it before as a stream of data So tcp offers a stream oriented data transfer service meaning the data that comes from the applications tcp doesn't care whether it's multiple messages Or one big message It just treats the data as a sequence of bytes a stream of bytes What that may mean is that the application has one large piece of data to send 10,000 bytes tcp may send that is multiple segments It doesn't have to send it as one large segment Okay, so it can break that data up into smaller chunks and deliver those segments to the other other side And then the other side at receipt as it receives those segments sends the data as it received to the application Not necessarily all is one group of 10,000 bytes Let's see an example of that And it'll reiterate how we use sequence numbers to count bytes This is a not a realistic example. It's just one to demonstrate some basics What it's showing is that some application has data to send from a to b From client to server for example Like our first message of data from my web browser to web server And let's say it's 10,000 bytes of data to send So my application has 10,000 bytes to send to b The application delivers that to tcp now from the sequence numbers perspective we can think Each of those 10,000 bytes have a sequence number assigned to them And what's the first value? Well, it depends upon the initial sequence number Or the pre preceding sequence number. So in this example, I've said If we had an initial sequence number of 300 We did a connection setup Then the first byte of data that we send would have sequence number 301 Because how connection setup works is I choose 300 The other side other side sends back an ax saying now I expect 301 So the first piece of data will be 301 So we can think of the first byte as sequence number 301 And the 10,000th byte 10,300 That last byte the sequence number would be 10,300 if we labeled every single byte In this example To make things a bit different TCP receives the 10,000 bytes of data needs to send it to the other side It decides to split it up into smaller blocks Instead of sending it all at once send it in multiple blocks Why does it decide upon different blocks and particular block sizes? It actually depends upon the different algorithms of error control flow control and congestion control In this example, I've said it decides that There'll be two 1,000 byte blocks and two 4,000 byte blocks different sizes giving our total of 10,000 bytes of data And that's what we get at the top on this diagram So now look at the sequence numbers Of the first byte in each of those four blocks Going back First byte sequence number 301 So the first byte in this data one the first block would be sequence number 301. That's easy If we label all these bytes What is the sequence number of the first byte of the second block? And then the sequence number of the first byte of the third block and the fourth block That's what we're trying to to determine Well the answers on the next slide You can do the calculations, but we see if this is 301 here There are 1,000 bytes If we labeled those bytes it would be 301 302 303 up to 1,300 So the last byte in the first block of data would be 1,300 Therefore the next block of data the first byte would be 1,301 Through the 2,300 The third block of data 2,301 up to 6,300 because it has a length of 4,000 bytes And then 6,301 up to 10,300 So all i've done there is split the 10,000 bytes into four blocks And looked at the sequence number of the first byte in each of those four blocks And you get these values 301 1,301 2,301 6,301 Now what TCP does is sends those segments individually one at a time Sends so this is segment one segment two segment three segment four it sends them How does it send them it takes the segment and puts it in an IP datagram? So it takes this segment We attach a header Okay, so each piece of data has a header attached And that's the TCP segment which is then sent in an IP datagram across the internet What's important is what is the sequence number in the header of each TCP segment? Well, it's these values The header contains the sequence number of the first byte of data So the header of the fourth segment Would contain sequence number 6,301 And the header of the first segment 301 So the sequence numbers in the headers come from the the first byte of that TCP segment data So you need to be careful when you look at sequence numbers in TCP again This is reiterating We don't count segments It's not sequence number one two three four The sequence numbers count bytes of data So it depends upon the length of data in each segment as to what the next sequence number will be in the the next segment 301 Plus 1,000 bytes the next one would be one 301 Another 1,000 bytes of data The next segment 2,301 plus 4,000 bytes brings us up to 6301 for the fourth segment This diagram shows those four segments with acts coming back Just a simplified view assuming we've already set up the connection So it's not shown for the connection setup The first segment i've just noted as data Haven't worried about other flags And the sequence number in that segment 301 The second segment is data with sequence number 1,301 Third segment 2,301 6301 for the fourth segment those sequence numbers With these values here now the data segment sent But we've also got acts coming back And the same with what was seen The act says what is the next sequence number expected B received sequence number 301 Containing 1,000 bytes We knew from the previous site it was 1,000 bytes. So the next number expected will be 1301 Sends back act with act number 1301 And of course the next data segment has sequence number 1301 Contains a thousand bytes act number 2301 comes back Data act 6301 Data 6301 act 10,301 meaning B is now expecting sequence number 10,301 from the next piece of data that ascends if there is any more data So another example showing our sequence numbers counting bytes Any questions before we move on with sequence numbers? Okay, let's make sure everyone is clear. Let's say we have a fifth segment Containing 2,000 bytes of data What's the sequence number in the data? So I draw a segment 5 here data comes across and the value in the brackets For the data is the sequence number in that segment. What's the value? Draw it on your picture and an act will come back What's the act number? So the scenario is the fifth segment with 2,000 bytes of data If we continue this picture, then what's the sequence number of the data? And then an act comes back. What's the act number that B sends back? What are these two values? If you can work them out, then you have a basic knowledge of how the sequence numbers are working Data size is 2,000 bytes The amount of data in this fifth segment is 2,000 bytes. A few people have answers Okay, those that have attempted I think are on the right track The data the sequence number is in fact the hint comes from the previous act The next data should contain the sequence number of the previous act number B is expecting 10,301 so the next data we send should be 10,301 Unless there's been some error or some retransmission, we'll send the next That will be the next sequence number we send So this is one TCP segment sent from A to B. It contains 2,000 bytes So we can think B is received when it receives that 10,301 10,302 and a total of 2,000 bytes Brings us to what value if we if you list the 2,000 values the last value there would be 12,300 So just go write them down and you know 12,300 is the last one. That's the last byte received by B therefore the act That comes back says I now expect 12,301 So you can calculate that quite easily In the last 10 minutes let's look at our capture and look at our web browsing So in summary of those seven packets The first three are the three-way handshake SIN, SINAC, ACC That's the typical three segments you'll see for a connection set up in TCP That's connected my web browser to the web server Now we transfer data And what what do we do? Well, we're using actually the application protocol HTTP And the way that works is that The web browser sends a request for a resource to the server That resource is typically a web page And that web server if it has that resource sends it back in a response And we see that in the the request is in the highlighted packet And the response is this packet The other two packets are TCP acts Let's look at these two HTTP Messages a request and response Our next topic is on application protocols. HTTP is the the only one we're going to cover So we can cover it now A HTTP request There's some structure in the request. We'll see that later But the basics is that We send a text message We don't encode or we don't look at the header as Sets of bits. We think of as just some some text Where the first line is the request And the request type or called the method And the common one we see is get meaning this browser the browser that sends the request Wants to get this resource where the resource is identified by some URL or some path In this example Get the file it.html in the directory slash So in the root directory on the web server And this is just the version of the protocol being used HTTP version 1.1 This is just end of line Line feeds So a typical web browser request is a get request sent from browser to client Requesting to get some resource or some file The next fields in this request are options Think of header fields giving some information to the server The name The domain name of the server in this case it dot s i t The user agent is some information that identifies the web browser We can see some values the web browser was mozilla version 5.0 running on linux and so on so information about the particular browser This is all sent from client to server from browser to server some optional Recommendations for what the the client wants to accept in response This is the browser saying i would like to accept HTML as a response x html different formats So this is the browser saying what are what are its preferences for the response that comes back But there are only preferences that is It depends on what what the server has as to what will actually be sent back But if the server has multiple copies of that resource Then the preferences can be taken into account in that case Similar the preferred languages for the response Maybe the web page is available in a set of languages So the browser can give the the preferences english in this case Whether the server will compress Or encode the response To reduce the size of the response you can use gzip to compress the the response So this is what the browser is willing to accept or prefers to accept as a response And there may be some other fields in the header The main one is this initial line saying i'm requesting the file it.html That's sent to the server The server processes it Checks the request is a valid In this case it was and in this case sends back a response Saying everything is okay. And here is the requested file We see that in this selective packet Sends back some status codes saying 200 okay meaning 200 has some meaning which is the common case of the request was successful and here's the response Here's the resource you requested Also some header fields The date of the response Something that identifies the server So this is from server to browser Some information about when the resource was last changed or modified In the case that if you request that same resource again in the future Whether or not to send a request or just to use the local cached copy in your browser The content encoding This is how the response is encoded So in fact in this case the server has zipped up the file using the algorithm gzip or the gzip library So it compressed the file that it sent back The length of the content 92 bytes and then A number of other fields the actual content This is the actual web page this it.html that was requested by the browser. So the the html is sent back And when the browser receives this response it takes the html if everything's okay and displays it on the screen So the very basics of how htdp were Send a request for a resource Send that resource back in the response some last thing If in wireshark you check the size of the packets What do we say the size of our packet was 503 bytes in the response? Where did that 503 bytes come from? It comes from All of these header fields which make up 411 bytes All of these values and then the actual data The data so 411 bytes we set a total of 503 The the html was actually 93 bytes, but it was compressed And it was compressed from 93 bytes down to just 92 bytes okay very small file compression is not very useful in this case So you need to be careful with With the file sizes and and the packet sizes if compression is applied The html is received by the web browser and the web browser displays it on the screen Someone clicks on a link It triggers the same process to happen send a request get the response back And so on So in fact you need to be now Well, you now know the very basics of htdp And we will not cover much more than that on how htdp works a few few other examples on wednesday finishes for today what we'll do wednesday is Recap on some on tcp There may be one or two slides that we we need to mention again on or a new on tcp Present this information about htdp In a more formal setting rather than just this example And then say a little bit about domain names and URLs and that finishes the course So we'll just finish on time In the last lecture on wednesday