Tag: TCP

TCP Challenge ACK

Posted on by lechuck park

This image explains the TCP Challenge ACK mechanism.

At the top, it shows a normal “TCP Connection Established” state. Below that, it illustrates two attack scenarios and the defense mechanism:

  1. First scenario: An attacker sends a SYN packet with SEQ(attack) value to an already connected session. The server responds with a TCP Challenge ACK.
  2. Second scenario: An attacker sends an RST packet with SEQ(attack) value. The server checks if the SEQ(attack) value is within the receive window size (RECV_WIN_SIZE):
    • If the value is inside the window (YES) – The session is reset.
    • If the value is outside the window (NO) – A TCP Challenge ACK is sent.

Additional information at the bottom includes:

  • The Challenge ACK is generated in the format seed ACK = SEQ(attack)+@
  • The net.ipv4.tcp_challenge_ack_limit setting indicates the limit number of TCP Challenge ACKs sent per second, which is used to block RST DDoS attacks.

Necessity and Effectiveness of TCP Challenge ACK:

TCP Challenge ACK is a critical mechanism for enhancing network security. Its necessity and effectiveness include:

  • Preventing Connection Hijacking: Detects and blocks attempts by attackers trying to hijack legitimate TCP connections.
  • Session Protection: Protects existing TCP sessions from RST/SYN packets with invalid sequence numbers.
  • Attack Validation: Verifies the authenticity of packets through Challenge ACKs, preventing connection termination by malicious packets.
  • DDoS Mitigation: Protects systems from RST flood attacks that maliciously terminate TCP connections.
  • Defense Against Blind Attacks: Increases the difficulty of blind attacks by requiring attackers to correctly guess the exact sequence numbers for successful attacks.

With Claude

TCP fast open

Posted on by lechuck park

The image compares two TCP connection establishment methods:

  1. TCP 3-Way Handshaking (Traditional Method):
  • Shows a standard connection process with three steps:
    1. SYN (Synchronize) packet sent
    2. SYN + ACK (Synchronize + Acknowledge) packet returned
    3. ACK (Acknowledge) packet sent back
  • This happens every time a new TCP connection is established
  • Requires a full round-trip time (RTT) for connection setup
  1. TCP Fast Open:
  • Introduces a “Cookie” mechanism to optimize connection establishment
  • First connection follows the traditional 3-way handshake
  • Subsequent connections can use the stored cookie to reduce connection time
  • Benefits:
    • Reduces Round-Trip Time (1-RTT)
    • Better optimization for multiple connections
  • Requirements for TCP Fast Open:
    • Cookie security must be implemented
    • Both server and client must support the method
    • Intermediate network equipment must support the technique

The blue arrows in the TCP Fast Open diagram represent the cookie exchange and optimized connection process, highlighting the key difference from the traditional method.

With Claude

Web Socket

Posted on by lechuck park

with a Claude’s help
The image is a diagram that explains the differences between HTTP (Hypertext Transfer Protocol) and WebSocket communication. Let me summarize the key points:

  1. HTTP REQ/RES (Request/Response):
    • The request is sent from the client (laptop icon) to the server (globe icon).
    • The response is sent back from the server to the client.
    • The <Req> and <Res> are separate connections, and the communication is bi-directional (one connection only).
    • All data is transferred via the HTTP protocol payload.
  2. WebSocket:
    • The WebSocket is established between the client (laptop icon) and server (globe icon).
    • The <Req> and <Res> are working in one connection, which is bi-directional.
    • Data Transferring is working on a socket (not HTTP Req/Res).
    • A TCP socket is commonly used for WebSocket data transfer.
    • WebSocket data transfer is described as “light & fast Transmission (more real time)”.

Overall, the diagram illustrates the differences between the traditional HTTP request-response model and the WebSocket communication, which provides a more efficient, real-time data transfer mechanism.

HTTP Changes

Posted on by lechuck park

From Claude with some prompting
HTTP: HTTP uses text-based HTML with a head and body structure. HTTP/1.1 introduced Keep-Alive for maintaining TCP connections, but suffers from header overhead and Head-of-Line Blocking issues. Servers cannot push data without a client request.

HTTP/2: HTTP/2 introduced binary framing to improve performance. It enhances efficiency through header compression and multiplexing, and added server push functionality. It also strengthened authentication and encryption using TLS/SSL.

HTTP/3: HTTP/3 operates over the QUIC protocol using UDP instead of TCP. It includes TLS 1.3 by default and provides lower latency and improved multiplexing. HTTP/3 significantly enhances performance through 0-RTT connection establishment, elimination of TCP handshakes, and solving Head-of-Line Blocking issues. It also offers reliable data streams over UDP and ensures data ordering on each stream.

nagle for TCP

Posted on by lechuck park

From Claude with some prompting
This image illustrates the TCP (Transmission Control Protocol) packet structure and the Nagle algorithm.

  1. Top section:
    • Shows data transfer between two computers.
    • Demonstrates how data (payload) is divided into multiple packets for transmission.
  2. Middle section – Packet structure:
    • Data Payload: The actual data being transmitted
    • TCP/IP header: Contains control information for communication
    • Ethernet header: 14 Bytes
    • IPv4 header: 20 Bytes
    • TCP header: 20 Bytes
    • Data + Padding: Actual data and padding added if necessary
    • MTU Limit: Maximum Transmission Unit limit
  3. Bottom section – Nagle’s Algorithm:
    • Normal TCP/IP transmission: Small data packets are sent individually
    • With Nagle’s Algorithm: Small data packets are combined into larger packets before transmission
    • Packet sending conditions:
      1. When an ACK is received
      2. On timeout
      3. When the TCP sending window overflows

The image effectively demonstrates the packet structure in TCP communications and explains how the Nagle algorithm improves network efficiency. The main purpose of Nagle’s algorithm is to reduce network overhead by bundling small packets together before transmission.

TCP BBR

Posted on by lechuck park

From ChatGPT with some prompting
Overview of TCP BBR:

  • TCP BBR optimizes network performance using Bottleneck Bandwidth and Round-trip time (RTT).
  • Speed is determined by RTT.
  • Bandwidth is determined by Bottleneck Bandwidth.

Learning Process:

  • Every ACK:
    • Updates the bottleneck bandwidth.
    • Tracks the minimum observed RTT value.
  • Every RTT:
    • Adjusts the sending size (n * MSS) and the pacing rate (the rate at which data is sent).

Sending Size Update:

  • BBR continuously updates the sending size (how many MSS to send) based on the current network conditions.

In summary, TCP BBR learns the network conditions by monitoring the bottleneck bandwidth and RTT, and accordingly adjusts the sending size and pacing rate to optimize data transmission, reducing congestion and improving performance.

TCP Reliable 3

Posted on by lechuck park

From Claude with some prompting
RTT is measured by sending a packet (SEQ=A) and receiving an acknowledgment (ACK), providing insights into network latency. Bandwidth is measured by sending a sequence of packets (SEQ A to Z) and observing the amount of data transferred based on the acknowledgment of the last packet.

This image explains how to measure round-trip time (RTT) and bandwidth utilization to control and optimize TCP (Transmission Control Protocol) communications. The measured metrics are leveraged by various mechanisms to improve the reliability and efficiency of TCP.

These measured metrics are utilized by several mechanisms to enhance TCP performance. TCP Timeout sets appropriate timeout values by considering RTT variation. TIMELY provides delay information to the transport layer based on RTT measurements.

Furthermore, TCP BBR (Bottleneck Bandwidth and Round-trip propagation time) models the bottleneck bandwidth and RTT propagation time to determine the optimal sending rate according to network conditions.

In summary, this image illustrates how measuring RTT and bandwidth serves as the foundation for various mechanisms that improve the reliability and efficiency of the TCP protocol by adapting to real-time network conditions.