 Hi everybody, welcome to Europe. I don't you are going to attend a wonderful interactive session and it is a game with pen and paper showing a basic communication with TCP so we will see how Connection established is established and how is it closed? everything is Interactive so you're going to write down IP addresses and checking TCP flags on Small flyers You should form Three or four people teams and every People team every three four people is our small local area network connected to To a hub switch a router and well the talk is presented by Daniela Boshano. He's a first-time speaker So I hope to Welcome him warmly and it is the first time that he makes these TCP IP game so your feedback to Make it grow and to make it better is really appreciated. So next year we could do even more and more complex stuff like a lot balancing encapsulation and so on encryption Last year we made a game with Mac addresses and basic Getaways and people enjoyed a lot and somebody can asking if I was delivering a Package with all the card of the games but well Let's start now Daniela speaking I will try to helping when needed Thank you. Thank you, Roberto Polly So this is our TCP IP animated interactive session you you can Touch the the packet that Transmit on the network in in in in and the writer on a paper and Simulate how this packet Travel on the on the net I am Daniela Boshano and work in a company partank that sponsored this talk and Roberto Polly Help me to this Adventure So we We start to bring up network interfaces with a DHP server and this is the DHP server First we make the handshake We We see just the the layer TCP and the IP Communicate some data We introduce some communication error to This is what we will see and then At last say goodbye with the closing connection This is just an overview of his Aussie stack. He's divided by layer and Each layer are encapsulating information one inside the the the next the next layer So from what's on is the physical is the How the PC are connected so the The wired or something else data link Network and transport We will focus our own attention in Network layer with the protocol IP and the transport layer with the TCP Then half of this layer we have the application layer and For not introducing some Information some Problematics about other protocols we use we choose the telnet application It's the simplest Simplest application who said the just to transmit the byte So I live They are back okay, so what's now I start to Danilo makes the DHP server Providing your video addresses and pants Please remember you should form teams of four people Every four people is a local area network. So Check your teammates and Form your teams What's essentially? TCPP is a TCPP provides the ability to have a reliable protocol It introduce the Conception concept that means that me and you knows Before starting transmitting data Who we are This is Something that is not provided by other protocols so with these writing packets with pen and paper We will understand why all those passages are important and So for every Transmission it happens something that we see in war movies like Okay, Roger that and then the other says okay Roger that TCPIP is something like radio communication during war movies between the sergeants and The chieftain What we see is that after that TCPIP provides a basic hijacking protection Using a random initial sequence number. That's something that we will see if we have time why we wrote packets and that all these Chacks all the those and knowledge enables retransmissions So Daniel is providing you pens and paper This is our basic Topology so one of your team should be The router the one that enables other people to communicate please chose something that knows a Bit of TCPIP, but it's I mean it's not compulsory and then Okay Now I'm going to help you in in making the teams. So is there some team already Made please raise your hand team one who is team one Okay, all your hands team one raise all your hands. Please give you a name Between yourself chose a name the same for the other teams So this is team two raise your hand team two Okay Tim to wow We are team remedy team remedy great chauvinist team. I love you Bologna team Bologna. Okay. Just like spaghetti alabona. Yeah, okay Wonderful team router switch Brother switch Wow Great just watching Okay, wonderful. No problem. You can join Whether you whenever you want It's just something like plugging another device in Okay, and another stand by device Excuse me. Yeah, but you can't have a router if you're not a switch For this setup as they just have an IP They they must be connected to something that is L2 enabled. So we couldn't have wrote just router Okay As the packets are well, not many You can reuse them Maybe for the first connection You can use the Just one piece of paper and then move on Danilo. It's up to you Okay We we just created the some subnet in the topology like this with us our one people is the router switch is the Blue one and the whole the harder people in the subnet are connected to the switch the router Have the happy ends with the two five four and In every subnet there are the dot one and he's the talent server And are listening on the port 23 whole orders are The the user Alright Okay, first goal is to make an handshake handshake It's used to establish a TCP IP connection over an IP network It's also called the three-way handshake because it's needed to transmit three messages first one is a scene The second one is from a router to to client and it's called a scene hack and the last one hack Then this the name of the packet are Are the same name of flex so we will explain later They the goal is a whole user will establish a connection to the talent server Every packet Every packet Must go first to the router switch then to the to the server This is just a datagram of IP IP header The information that we will use in this Speech is the source address and the destination address So you have to compile the packet with the source and destination The other part of packet is the TCP datagram and We have to use 23 as the destination port With so support so you you can write an random number and for We use also TCP flex and Data for transmit data In this slide you can see the handshake Communication between the client and server Client send the first packet with the flag seen Checked the scene is for synchronization. I mean I want to start a synchronization with you So you can start to write Source IP destination IP seen flag and 23 as a destination port To the talent server Then the talent server the people that have the IP with n2 in one have to response with another packet With the scene and hack flagged Okay, where is that? Go It's something no, it's I mean it's not zero it's I mean Zero bytes so it's a Zero yes, it's it's not it's not red To the router, so I'm a router. I don't have any information about the network so I can't do anything But as we are in TCP, we think that where we simulate that you already have I mean we skip You do whatever is you do Whatever is L2 In background you don't show them Yes Okay, first exchange done Okay, so you sent a scene, but you shouldn't have provided any data because Okay Because it's the end shake you don't know if it's him You didn't already started something so you can't rely that that the message have been Rooted to the actual definition you might not even know that he exists Okay, so what just reuse blankets now he should know You're the server It's you that should send him he has to wait He you are the server you just receive it this Or you wrote it now you should wait for packets to come to you Okay, the telnet Well, it was in the previous slide actually the client the service always did that one. Yes Whatever you got that one Yeah, do they get it and He makes all the ARP stuff and provides Okay, you are just Yeah In this case you you don't you don't need to You are on the same local network so you don't you don't have an extra Because it's always on the same subnet You should okay You have a hate, okay Okay Okay, now you should have it's excuse me. You just To a You should have had only one network because the second part of the game is Connecting the two routers. So you exchange packet with him. No, exactly until you meet with him Okay, perfect. Wonderful. So, okay, you Just the scene No, well the port is 23. Yeah Because telnet is 23 And you So when you receive this packet what happens you should have knowledge you said an act on that and Perfect and send them back you actually should As the source But we have a very few packets, so we save it for this time, okay Exactly just use the last octect. Okay, that's it here everything fine Did you establish the connection, okay? You didn't have any oh Very good Can I see the first one? This was the scene Another important Another important Things is the as you show the client state and server state server start with the closed door then where the Telnet server comes up The server are in listening on the port 23 The client connection state Firstly are closed send the same packet and become same sent And the server has seen received after and shake after When the end shake are completed the all Client and server both are in the established Connection state. All right We can go on So now the connection Now the connection is a sufficient and we can start to talk The message the data messaging is my name is and write your name send the packet With Yes, okay send the packet with To the telnet server then to receive the packet and come back a Feedback with a package with the hack flag So now I Want to introduce another two fields the sequence number a Acknowledged number So the sequence number is just an integer when When the start from zero and Increment plus one every every time Someone send a packet Acknowledged number is another fields In in the TCP header to check if the packet are received well Or if That happens something wrong like lost data or Packet lost Sequence number is also used that to If I receive the packet not in order So is used to sort the My response In this light that you can see the handshake and Shake With This order two parameters set Now we have to send this information to this server telnet The information is my name is Daniel and start with the sequence number zero The server telnet to receive zero to seed to 16 bytes because the string My name is Daniel or R16 17 bytes Then the server See a feedback to the client With the flag hack and the number of bytes received right So this is possible to send information Only after the TCP IP connection is a bill shared At the end the server telnet know of all your names Is it everything clear? For now we are going to start with zero clearly for the game but What what happens is the first sequence number is our random one Because it helps to avoid other people Introducing themselves in the communication and the first value of sequence Of both hosts are used just like a secret the client and the server and Well, we can start writing our first data packet containing my name is Providing try to provide a sequence and a knowledge number in your communication If you are not able it's no problem. Just try to do it Someone needs some help So which is the packet that you received? Okay So that that's okay. Those are two different streams two different connections one from he Number one and two the other one is from number three and one Every connection has its own stream and as it's own Flux of sequence and the knowledge Okay questions So a question for all those Linux guys, where are all those? Synchronization and unknowledge bytes all those IP addresses stored In clients and servers all those TCP data stored in the servers in memory exactly So remember if your servers have to manage Thousands of connection That you need to use enough RAM For TCP if you set up a lot balancer This one machine that is a lot balancer Just don't think about how much Apaches Ram or Nginx Ram is or ha proxies Ram has going to consume But think and check How many concurrent connection? You are going to manage Okay, because every connection Is going to use memory now in the latest Linux version They have reduced a bit the footprint, but if you're interested in there is a Some Canon mechanism that is named TCP floating prevention have a look at it. It's it's interesting Okay, because some years ago they thought that it could be Removed but after some stress testing somebody said okay, even if we have removed The lowered the TCP footprint on our Linux servers still we have Benefit in having a sin food prevention Pugets floating Or Okay, hey, no, there is no sin flag there only only a knowledge so Yes if if someone tried to send a packet to the server, but for example wrong the port number or The server died. What's happened? The The first packet is send to the router the router know the the IP the destination IP and Give the packet to to the server then The server receive the packet, but they Know no one services are in listening on that port and In this case The server generate a Reset the packet back to the to the client and the client this is the case of Connection and refused Right Okay Roberto okay try to implement this case so a client Sends a packet to the server on part 80 But the server has no web server listening So he doesn't know What to do with that packet? this case also happened and when the for example a firewall closed the incoming requests to the to the sound port Okay, now the server Replies flagging the rest No Yeah The server what not always discards the packet but wow you can see an RST flag and Replies back one server replies with a russet packet You still have information The information you got is that the server exists? Okay, and it is very useful to send packets to Non-listening parts if you want to discover a Network topology Okay, so you don't know which IP addresses are there around so you start Trying to connect different part and wait for Reset packets to come back Then you know those hosts are live and maybe if there is no part no 80 parts There is some other parts that is listening no Well being is something different When you ping a host You may have that host that don't accept on don't reply to ping requests But if you have a system That Leaves on a host that doesn't allow ping requests. Okay, so it's firewalls in some way that host might still reply to Connection attempt on different hosts on different parts. Okay, so maybe you have a firewall that is able to ping requests and responses But they don't just block all parts around So if your network is firewalled for ping you can try do probe to other parts and discover Networking topologies This is what trace route that is another client program does it does it with UDP and With TCP usually with TCP. It's more probable that you get Insights of a network because with UDP. Maybe you have still for rolling. It's not easy to Have TCP for rolling on all parts Because they're there are machine listening So maybe some she said mean forgets to firewall everything Okay, because it's it's a part that is not listening everybody rest Okay Remember that all these Resets when a client receive a reset with a source port What happens it drops the connection? Okay so if I am exchanging communication with a server on Part 80 and they receive a reset sourcing port 80 I Drop all the day all the rest of the data That's yes. Yeah, but the server exists So they is the server that responds to the client. I can even forge packets and send them to clients with my 80 parts So that all clients just start dropping Pugets from a legitimate server This is how a random using a random synchronization number helps because a client accept a reset pocket only if they synchronization and a knowledge plug Match the one of the stream. They are communicating on right So if I receive a reset From a server, but the reset but they are knowledge and synchronization flag doesn't match I just skip this reset as a for jet pocket Good question. Yes If the destination is reachable So when you try to talk to another server the router receive the the pocket but the router can't Don't know where where send Your pocket and the router Give you back and hippie pocket not TCP IP just the hippie with the With the error now with the error no root to host Okay, remember if you're looking for those ICMP packets that it's about no root to host and so on if you are on your own laptop and Your laptop your PC doesn't resolve this address. It's your local interface Replying back On with these no root to host So if you use TCP damp trying to get those kind of packets Probably the best way to track them is to TCP damp listening on all interfaces not just on the Outgoing interface so if you want to have a best insights of Traffic and ICMP packets ICMP. It's out of scope for this for this talk we Actually should have something about the no root to host stuff But we don't want it to go on on the ICMP stuff You have a lot of Kind of errors and there is a table where you should Check and map each kind of errors on what could have happened on on the network so Check at the man page if you man ICMP probably you can just get all those information Try to TCP damp stuff to Together there is a very nice book. There is TCP IP illustrated where you can get a lot of examples There are truly two releases the first one which I prefer is very simple very straight and Is very useful for learning all those stuff and there is a second release that is more verbose And it is used that is better than a Windows client I don't like it very much, but it is very comprehensive And it can be very useful if you have many protocols to check as a reference So let's move on with So and More complicated scenario with now we have all router linked together and Now the subnet can talk one to each other to each other and The goal of this scenario is there are client in a subnet Have to establish a connection to a tennis ever In another subnet so you You Can Speak about to close some nets So let's connect the routers so you are the routers now you should populate This one we spoke you Yeah So Your L2 layer is the name of the other router the Christian name of the other router Okay So the router Getting touch from your network Okay, yeah, maybe Here we can have a three-way router rooting stuff So one connected with two and two connected with three so it would be Yeah This passion for true roots Shake Start and shake now so start and shake with the server on a different network a different subnet Okay, it's Both two and three right and disheveled so he for example on a different network I mean that they speak on a different Network now always the same layer, but they speak for example on a private Routing network. Yeah, so a while it happens at the IP level TCP is only between client and server Router just see IP Unless they do something like mapping and manipulating layer layers Okay, that's going here It's always The server is always Okay, this rooting can happen on the same networks Okay, or there can be a server network Where you root packets that is not One which the clients are connected on for example, there is there can be a 10 198 network so you And he has a rooting table One goes through your address on that network and you know what you believe her And so they can be All On those one and eight, okay Okay If the connection is low Okay, you can start to understand how important is to start problem network and If the connections low try to send Puckets to other hosts and try to get a reset To check if the problem is the server or the rooting if the packet from If the reset packet comes back Then probably there is a firewall on that host Otherwise that host would have replied with a reset or with an unknowledge Okay Try to understand try to mingle to talk your human network Next year will do it with 100 people And check what happens Yeah, with the L2 with the L2 game people just start Not complying with the protocol to win the game we we made a Competition for the team that was going to exchange in the packet faster and they start to get Just like this is Frank. This is John and they just go straight on Yeah Exactly, and then we examine examined all the kind of hacks they do to win and try to make similarities with the difference between hubs router And so on so we find that somebody just drop the hubs to be smart and then remember that parts Want one other reuse? packets and We hope that after these Experiment this year we can fine-tune the game to have something like that Nego logarithm and caching buffering and so on but the problem is we we need some refundment If people get the first impact with TCP it's very hard to introduce Porter concepts on this kind of game. Yeah That's that I don't know if we have this case we had the case with No route to us on on that part Yeah, they really triggered the retransmission Okay Yeah, well probably if somebody wants to try these Next year we could plan for two sessions Two different session one with TCP basic and the other one with TCP complex but with the same teams we can do this we Exchanging people between teams it would be very complex. I think So no leave your connection. Hope and it's time to close the hit And this is the The rule to closer and Establish your connection. It's made by four packets. The first is fin the flag fin the server response with the hack and then another fin and act because the Connection we had this ability shed is bidirectional. So We we have to do two Closing one from client to server and another one from server to client It's possible to collapse the second third messages in Just one win both flag hack and fin so This this mod modality you can close the connection with the three packet exchange exchanging three packets I Want I want to show you the client state and server state also Starting from established the connection and And passing from close wait and Time wait and then close because After closing the client Could be receive another data messages Under the closing connection So a maintain the way a waiting for For a time this This delayed messages and sometimes on server we have a lot of Connection in a closed way to state This is happen when the when the closing When the closing connection are not completed so he if you want to try to close Your connection you just send the fin receive hack Yes essentially fin means I'm not going To send you any more packets fin doesn't mean I Not going to read more packets okay So to send the fin just means I can receive more packets from you Okay But I won't send anymore This is the reason why we need two packets a Fin that is I'm not going to send anymore and Then a knowledge that the other one is Done with sending Okay This last part in famous time wait Stuff is very important because As you can see This team had Quite long rooting layer Okay, they had two steps between clients and server And in that case Pocket transmission was slow in this case this time wait enables to get Delayed packets to reach the client in this case Without that this connection this socket to be reused by another one imagine that We reuse we don't have time wait The connection is closed. I reuse the socket so reuse the coupling of Source the Destination part This destination part received our delayed packet and what does it do with a packet that he doesn't know what to do He sends back a reset He says you are not a connection established to me so you should close so a new client Sends a legitimate Connection request for example and gets back a reset. He thinks that the server is not responsive instead He should be or differently, so this is important to have a time wait Okay Time wait could be problematic because means that there is a socket in use on the server And if you have a server with both a proxy layer Okay between another process that is local Okay So for example, I have an HAProxy on the same server then the back at service When connection starts to get closed I Have a local connection in time wait Okay, or if I have firewalls or a lot balancer so You can Mechanism for soccer reuse When You think that you can have a lower time on Time wait, okay. You should do it only if You trust that your network has a low latency so you won't get packets Very fast very with with a big delay, okay So if you trust your network is Very fast that you don't have latency you can reuse sockets for example locally and so on Otherwise if you have time wait just Stick with it. Don't just make or use magic in into your TCP Configuration because it's it probably getting things work work Then you you got it always test a stress test your TCP environment Before tuning don't tune TCP On to regular stuff because it's not going to work at a certain point Just do if you prove it that it's better for you okay, thank you Roberto and Thank you to have you for attention And so Finn I Would thank you very much Danilo because at first in This talk should have been brought to you by another colleague that had an issue and Bravely Danilo Took it over made it up Without starting it first and Try to manage to make it in a very brief time to have it delivered to you So, thank you Danilo and hope to you see you next year At Europe I thanks to you Paulie