The Transport layer is situated under the Application layer in the TCP/IP stack and it’s responsible for end-to-end transfer of data. After data arrives at the Transport layer, it is encapsulated into a segment and application ports are added. Transport layer is also in charge for data segmentation at the source and reassembly at destination:
In windows, to list the available TCP/IP network connections use the command netstat (network statistics):
I have taken the netstat states explanation from Microsoft’s website: http://support.microsoft.com/kb/137984
SYN_SEND Indicates active open.
SYN_RECEIVED Server just received SYN from the client.
ESTABLISHED Client received server’s SYN and session is established.
LISTEN Server is ready to accept connection.
NOTE: See documentation for listen() socket call. TCP sockets in listening state are not shown – this is a limitation of NETSTAT. For additional information, please see the following article in the Microsoft Knowledge Base:
FIN_WAIT_1 Indicates active close.
TIMED_WAIT Client enters this state after active close.
CLOSE_WAIT Indicates passive close. Server just received first FIN from a client.
FIN_WAIT_2 Client just received acknowledgment of its first FIN from the server.
LAST_ACK Server is in this state when it sends its own FIN.
CLOSED Server received ACK from client and connection is closed.”
As we talked in a previous post, when data is sent onto the medium it is interleaved which means that multiple applications can transmit data at the same time. Transport layer must recognise and sort all the pieces so that when they arrive at destination, data is received intact. To understand the role of Transport layer imagine the following scenario. You are running multiple applications on your host, an email client, web browser and a data streaming client:
Data from all three applications must be segmented before it is sent to the lower layers for processing. Each segment receives an application port destination so that Transport layer protocols know which one corresponds to which application. When data is sent onto the medium it can be damaged or delayed that’s why when all the pieces arrive at destination they can be unordered or even missing. This is where Transport layer comes and arranges all pieces to form the whole data block. Overall Transport layer protocols offer reliable delivery, data reconstruction, data segmentation which facilitates multiplexing, flow control and session establishment. Transport protocols offer reliable delivery because they use acknowledgement, retransmission and tracking messages. An acknowledgement message is transmitted when individual pieces of data arrive at destination; when data has not been acknowledged it is retransmitted by the source and tracking is used to oversee each piece as it travels in the network. Now we will get to the two most known Transport layer protocols, the TCP or Trasmmission Control Protocol and UDP or User Datagram Protocol. You have probably heard about these two protocols but how many of you know what exactly these two protocols offer? I will write the differences between them:
TCP – This protocol is “connection oriented” because before any data is transmitted, a connection between the source and destination must be initiated. This connection is initiated by using the three way handshake method. After the connection has been created, data is sent from source to destination. After each segment has been send, the source waits for the acknowledgement message to be received and if the message doesn’t arrive then the segment is retransmitted.
The three way handshake – this method is used to establish the connection between source and destination. The source sends a SYN (Synchronize) message with a random sequence number value. This message is used by the host to request a connection to the server. The server responds with a SYN (Synchronize), ACK (Acknowledgement) message indicating that he is ready to establish the connection. The server also responds with it’s own sequence number and an ACK number (the SEQ is also random but the ACK number is grater then the host’s ACK by one). After this phase is complete, connection is established and the host sends the final SEQ and ACK message(the SEQ is greater then the server’s ACK number by 1 and the ACK number is greater than the server’s SEQ number by one). I know that is hard to understand this so that’s why I’m going to attach an image of this process:
To terminate the connection, the following steps are made:
To view a session establishment and termination use a protocol analyzer tool like Wireshark ( I use it and I think it’s the best one : http://www.wireshark.org/).
TCP is using sequence numbers and acknowledgements to provide reliability and window size to specify how much data can be transmitted before the acknowledgement message is send. Window size is also used for flow control. When network resources permit more traffic, the window size is increased, if not the windows size is decreased. This is very useful to avoid network congestion.
Services that use TCP are :
Web browsers, E-mail applications, File transfers
UDP – is a Transport layer conectionless protocol which means that UDP doesn’t wait for a connection to be established first. This feature considerably reduces overhead. UDP doesn’t use sequence numbers or acknowledgements when sending data which means that it’s unreliable and applications that run UDP do not guarantee for data delivery. Also datagrams can be lost during transmission and are not re-sent. After data is ready to be delivered and port numbers are identified, UDP creates the datagram and sends it to lower layers.
Some well known applications that run UDP are: SNMP, DNS, DHCP, video streaming and online gaming.
OK folks that’s all about the Transport layer, I hope you will enjoy this post, wish you all the best and have a nice day.