Synchronization or three-way handshake

Synchronization or three-way handshake 
10.1.2 This page will explain the synchronization process that TCP uses. The process is also called a three-way handshake.

TCP is a connection-oriented protocol. Prior to data transmission, the two communicating hosts go through a synchronization process to establish a virtual connection for each session between hosts. This synchronization process ensures that both sides are ready for data transmission and allows the devices to determine the initial sequence numbers for that session. This process is known as a three-way handshake. This is a three-step process that establishes the virtual connection between the two devices. It is also important to note that the three-way handshake is initiated by a client host. To establish a TCP session, the client host will use the well-known port number of the service it wishes to contact on a server host.

In step one, the initiating host (client) sends a synchronization (SYN flag set) packet to initiate a connection. This indicates that a packet has a valid initial Sequence Number value in this segment for this session of x. The SYN bit set in the header indicates a connection request. The SYN bit is single bit in the code field of the TCP segment header. The Sequence Number is a 32 bit field TCP segment header.

In step two, the other host receives the packet, records the Sequence Number of x from the client, and replies with an acknowledgment (ACK flag set). The ACK control bit set indicates that the Acknowledgment Number field contains a valid acknowledgment value. The ACK flag is a single bit in the code field of the TCP segment header and the Acknowledgment Number is a 32 bit field TCP segment header. Once a connection is established, the ACK flag is set for all segments during the session. The Acknowledgment Number field contains the next sequence number that this host is expecting to receive (x + 1). The Acknowledgment Number of x + 1 means the host has received all bytes up to and including x, and expects to next receive byte x + 1. The host also initiates a return session. This includes a TCP segment with its own initial Sequence Number value of y and with the SYN flag set.

In step three, the initiating host responds with a simple Acknowledgment Number value of y + 1, which is the Sequence Number value of Host B + 1. This indicates that it received the previous acknowledgment and finalizes the connection process for this session.

It is important to understand that initial sequence numbers are used to initiate communication between two devices. They act as reference starting numbers between the two devices. The sequence numbers give each host a way to acknowledge so that the receiver knows the sender is responding to the proper connection request.

The Interactive Media Activity will help students understand synchronization.

The next page will discuss denial of service attacks

TCP Operation

TCP Operation 
10.1.1This page will explain how the transport layer provides reliability and flow control.
IP addresses allow for the routing of packets between networks. However, IP makes no guarantees about delivery. The transport layer is responsible for the reliable transport of and regulation of data flow from source to destination. This is accomplished through the use of sliding windows and sequencing numbers along with a synchronization process. This process ensures that each host is ready and willing to communicate. 
To understand reliability and flow control, think of a student who studies a foreign language for one year. Now imagine the student visits a country where the language is used. The student must ask people to repeat their words for reliability and to speak slowly for comprehension, which relates to the concept of flow control. The transport layer, which is Layer 4 of the OSI model, uses TCP to provide these services to Layer 5.
The next page will describe the concept of synchronization.

Module 10: Intermediate TCP/IP / Overview

Module 10: Intermediate TCP/IP

Overview

Routers use the IP address information in an IP packet header to determine the interface to which a packet should be switched based on its destination. Since IP does not ensure that the packet reaches the destination, it is described as an unreliable, connectionless protocol, that uses best-effort delivery. If packets are dropped in route, arrive in the wrong order, or are transmitted faster than the receiver can accept them, IP alone cannot correct the problem. To address these problems, IP relies on TCP. This module describes TCP and its functions and introduces UDP, another important Layer 4 protocol.
Each layer within the OSI reference model has various functions. These functions are independent of the other layers. Each layer expects to receive services from the layer beneath it, and each layer provides certain services to the layer above it. The application, presentation, and session layers of the OSI model, which are all considered to be part of the application layer in the TCP/IP model, access the services of the transport layer through logical entities called ports. This module will introduce the concept of ports and will explain the critical importance of ports and port numbers in data networking.
This module covers some of the objectives for the CCNA 640-801, INTRO 640-821, and ICND 640-811 exams. - 
Students who complete this module should be able to perform the following tasks: 

• Describe TCP and its functions
• Describe TCP synchronization and flow control
• Describe UDP operation and processes
• Identify common port numbers
• Describe multiple conversations between hosts
• Identify ports used for services and clients
• Describe port numbering and well known ports

Understand the differences and the relationship between MAC addresses, IP addresses, and port numbers 

Module 9: Summary

Summary
The show ip route command is used to gather detailed information about the routes installed on the router. It displays the contents of the IP routing table. New routes may be added with static routing, which allows an administrator to manually define routes, or with dynamic routing, which uses the rules defined by a routing protocol to exchange information and determine the best path.
Default routes are used when the router is unable to match a destination network with a more specific entry in the routing table. The router uses this default route to reach the gateway of last resort in an effort to forward the packet.
The path determination function occurs at the network layer of the OSI model. It enables a router to evaluate the available paths to a destination and to establish the preferred handling of a packet. This information is configured manually or collected dynamically. The administrative distance of the route is used by the router to decide what the best path is to a particular destination. The administrative distance is a number that measures the trustworthiness of the source of the route information. Lower administrative distances indicate more trustworthy sources.
To determine the best route to a destination, routing protocols use a value that measures the desirability of a route called a metric. The metric is usually determined by factors such as hop count, bandwidth, delay, load, reliability, and cost. Typically, the smaller the metric number, the better the path.
Troubleshooting should be an orderly process based on the networking standards set in place by an administrator. Documentation is an important part of the troubleshooting process. Indicator lights are a useful tool for troubleshooting at Layer 1. At Layer 3, ping is used to test network connectivity. Telnet connections are used to verify the application layer software between a source and a destination.
The show interfaces command shows the status of two important portions of the interfaces. They are the physical or hardware portion and logical or software portion. These can be related to the Layer 1 and the Layer 2 functions. If the interface is up and the line protocol is down, a Layer 2 problem exists. If the physical layer is properly functioning, then all other directly connected Cisco devices should be displayed. If no known device appears, a Layer 1 problem likely exists.
To debug connectivity issues, the show cdp neighbors command is used to display information about directly connected neighbors. Use the traceroute command to trace the routes that packets take to destinations. This command can be used to test the network layer at each hop and provide performance benchmarks.
To verify the routing protocol configuration, use the show ip protocols and show ip route commands. These commands display information about routing protocols and the routing table. To determine the type of cable connected without inspecting the cables, use the show controllers command.
The debug command is used to display dynamic data and events. Since the show commands only display static information, they provide a historical picture of the router operation. The debug command output gives more insight to the current events of the router.

Introduction to debug

Introduction to debug 
9.3.7 This page will explain the functions of the debug command.
The debug commands assist in the isolation of protocol and configuration problems. The debug command is used to display dynamic data and events. Since the show commands only display static information, they provide a historical picture of the router operation. The debug command output gives more insight into the current events of the router. These events could be traffic on an interface, error messages generated by nodes on the network, protocol-specific diagnostic packets, and other useful troubleshooting data. The dynamic output of the debug command creates performance issues. This command produces high processor overhead that may disrupt normal router operation. For this reason, debug should be used conservatively. Use debug commands to examine specific types of traffic or problems after likely problems have been narrowed a few causes. The debug command should be used to isolate problems and not to monitor normal network operation.

WARNING: The debug all command should be used sparingly as this can disrupt router operations.

By default, the router sends the debug output and system messages to the console. If a Telnet session is used to examine the router, then the debug output and system messages can be redirected to the remote terminal. This is done through the Telnet session with the terminal monitor command. Use extra caution when the debug commands are selected from a Telnet session. No command should be selected that will cause the debug output to create additional traffic that creates debug output. If this occurs, the Telnet session will rapidly saturate the link with traffic or the router will exhaust one or more resources. A good rule to follow to prevent this recursion of traffic is to never debug any activity on the port where the session is established.
The output of the different debug commands varies. Some may frequently generate many lines while others produce a line or two of output every few minutes.  
Another IOS software service that will enhance the usefulness of the debug output is the timestamps command. This command will put a timestamp on a debug message. This information provides the time when the debug event occurred and the duration of time between events.
This is often very useful when troubleshooting intermittent problems. By time stamping the output, a pattern of occurrence is often recognized. This helps to isolate the source of the problem. This also prevents the technician from intently watching the debug output for what may seem like hours.
The following command configures a timestamp that will show the hour:minute:second of the output, the amount of time since the router was last powered up, or when a reload command was executed:

GAD(config)#service timestamps debug uptime

The output from this is useful to determine the time between events. To determine how long since the last occurrence of the debug event, the time since the last reload has to be used as a reference. This time can be found with the show version command.
A more practical use of the timestamps is to have it display the time and date that the event occurred. This will simplify the process of determining the last occurrence of the debug event. This is done using the datetime option:

GAD(config)#service timestamps debug datetime localtime

It should be noted that this command is only useful if the clock is set on the router. Otherwise, the timestamp shown in the debug output is not an accurate time. To ensure that the timestamps are correct, the router clock should be set to the correct time from privileged EXEC mode with the following command:

GAD#clock set 15:46:00 3 May 2004

Note: On some Cisco platforms, the router clock is not backed up with a battery source, so the system time will need to be reset after a router reload or power failure.

The no debug all and undebug all commands turn off all diagnostic output. To disable a particular debug command, use the no form of the command. For example, if the debug ip rip command is used to monitor RIP, it can be disabled with no debug ip rip. To view what is currently being examined by a debug command, use show debugging.
The Lab Activity will help students become more familiar with the debug command.
This page concludes this lesson. The next page will summarize the main points from this module

Troubleshooting using show controllers

Troubleshooting using show controllers 
9.3.6 

This page will teach students about troubleshooting using the show controllers command. Router configuration and troubleshooting can be performed remotely when physical inspection of the connections is not possible. The show controllers command is useful to determine the type of cable connected without inspecting the cables.  The output displayed by the show controllers command indicates the type of cable detected by the controller. This is useful for finding a serial interface with no cable, the wrong type of cable, or a defective cable. The show controllers serial 0/0 command queries the integrated circuit, or controller chip, that controls the serial interfaces and displays information about the physical interface serial 0/0. This output varies for different controller chips. Regardless of the controller chip type, the show controllers command produces a large amount of output. Other than the cable type, most of this output is internal technical detail about the controller chip status. Without specific knowledge of the integrated circuit, this information is of little use. The Lab Activity will show students how to troubleshoot with the show controllers command. The Interactive Media Activity will help students link network problems to the corresponding layer of the OSI model. The next page will introduce the debug command.

Troubleshooting routing issues

Troubleshooting routing issues 
9.3.5 This page will describe the show ip protocols and show ip route commands. These commands display information about routing protocols and the routing table. The output from these commands can be used to verify the routing protocol configuration.

The show ip route command may be the most important command used to troubleshoot routing issues. This command displays the contents of the IP routing table. The output from the show ip route command shows the entries for all known networks and subnetworks, and how that information was learned. 

If there is a problem reaching a host in a particular network, then the output of the show ip route command can be used to verify that the router has a route to that network.

If the output of the show ip route command does not show the expected learned routes, or any learned routes, then the problem may be that routing information has not been exchanged. In this case, use the show ip protocols command on the router to check for a routing protocol configuration error.

The show ip protocols command displays values about IP routing protocol information on the entire router. This command can be used to confirm which protocols are configured, which networks are being advertised, which interfaces are sending updates, and the sources of routing updates. The show ip protocols output also shows timers, filters, route summarization, route redistribution, and other parameters that are specific to each routing protocol that is enabled on the router. When multiple routing protocols are configured, the information about each protocol is listed in a separate section. 

The show ip protocols command output can be used to diagnose many routing issues. For example, it can be used to identify a router that may advertise incorrect routing information. This command may be used to confirm that expected protocols, advertised networks, and routing neighbors are present. It is important to have documentation that indicates the expected results, or baseline information, when a problem occurs. It may be impossible to identify the problem without such documentation.

The Lab Activity will teach students how to use the show ip route and show ip protocols command.

The next page will discuss the show controllers serial command.

Troubleshooting using show cdp / traceroute

Troubleshooting using show cdp 
9.3.3 This page will explain the functions of the show cdp command.
CDP advertises device information to its direct neighbors. This includes MAC and IP addresses and outgoing interfaces.
The output from the show cdp neighbors command displays information about directly connected Cisco device neighbors. This information is useful for debugging connectivity issues. If a cabling problem is suspected, enable the interfaces with the no shutdown command and then execute the show cdp neighbors detail command before any other configuration. The command displays specific device detail such as the active interfaces, the port ID, and the device. The version of Cisco IOS that is running on the remote devices is also shown.
If the physical layer functions properly, then all other directly connected Cisco devices should be displayed. If no known device appears, this usually indicates a Layer 1 problem.
One area of concern with CDP is security. The amount of information CDP provides is so extensive that it can be a potential security hole. For security reasons CDP should be configured only on links between Cisco devices and disabled on user ports or links that are not locally managed.
In the Lab Activity, students will use the show cdp command to learn about network devices.
The next page will discuss the traceroute command.

Troubleshooting using show traceroute

9.3.4  This page will describe the functions of the traceroute command.

The traceroute command is often referred to as the trace command in reference materials. However, the correct command syntax is traceroute. The traceroute command displays the routes that packets take to their destinations. The traceroute command can also be used to test each hop at the network layer and provide performance benchmarks.

The output of the traceroute command generates a list of hops that were successfully reached.  If the data successfully reaches the intended destination, then the output indicates every router that the datagram passes through. This output can be captured and used for future troubleshooting of the internetwork.

Traceroute output will also indicate the specific hop at which the failure occurs. A line of output is generated on the terminal for each router in the path. This indicates the IP address of the interface that the data entered. If an asterisk (*) appears, the packet failed. To isolate the problem area, obtain the last good hop from the traceroute output and compare it to a diagram of the internetwork.

The traceroute command also provides information about the performance of links. The round trip time (RTT) is the time required to send an echo packet and get a response. This is useful for an approximate idea of the delay on the link. These figures are not precise enough to be used for an accurate performance evaluation. However, this output can be captured and used for future performance troubleshooting of the internetwork.

Notice that the device receiving the traceroute also has to know how to send the reply back to the source of the traceroute. For the traceroute or ping data to make the round trip between routers, there must be known routes in both directions. A failed response is not always an indication of a problem because ICMP messages could be rate-limited or filtered at the host site. This is especially true across the Internet.

Traceroute sends out a sequence of User Datagram Protocol (UDP) datagrams from the router to an invalid port address on the remote host. For the first sequence of three datagrams, a TTL field value is set to 1. The TTL value of 1 causes the datagram to time out at the first router in the path. This router then responds with an ICMP Time Exceeded Message (TEM) indicating that the datagram has expired.

Three more UDP messages are now sent, this time with the TTL value set to 2. This causes the second router to return ICMP TEMs. This process continues until the packets actually reach the other destination or the maximum TTL has been reached. The default maximum TTL for traceroute is 30.

Since these datagrams are trying to access an invalid port at the destination host, ICMP Port Unreachable Messages are returned instead of ICMP TEMs. This indicates an unreachable port and signals the Traceroute program to end the process.

The Lab Activity will help students become more familiar with the traceroute command.

The next page will discuss some other commands that are used to troubleshoot routing issues.

Troubleshooting Layer 2 using show interfaces

Troubleshooting Layer 2 using show interfaces 
9.3.2 This page will further explain why the show interfaces command may be the most important tool to discover Layer 1 and Layer 2 problems with the router. The first parameter, which is line, refers to the physical layer. The second parameter, which is protocol, indicates if the IOS processes that control the line protocol consider the interface usable. This is determined by whether keepalives are successfully received. Keepalives are defined as messages sent by one network device to inform another network device that the virtual circuit between the two is still active. If the interface misses three consecutive keepalives, the line protocol is marked as down.
When the line is down, the protocol is always down, because there is no useable media for the Layer 2 protocol. This will be true when the interface is down due to a hardware problem and when it is administratively down.
If the interface is up and the line protocol is down, a Layer 2 problem exists. Possible causes are as follows:

• No keepalives
• No clock rate
• Mismatch in encapsulation type

The show interfaces command should be used after configuring a serial interface to verify the changes and that the interface is operational.
The Interactive Media activity will help students understand the show interfaces command.
The next page will discuss the show cdp command

Troubleshooting Layer 1 using show interfaces

Troubleshooting Layer 1 using show interfaces 
9.3.1 This page will discuss show commands and explain how they are used to troubleshoot Layer 1 issues.

The Cisco IOS contains many commands for troubleshooting. Among the more widely used are the show commands. Every aspect of the router can be viewed with one or more of the show commands. The show command used to check the status and statistics of the interfaces is the show interfaces command. The show interfaces command without arguments returns status and statistics on all the router ports. The show interfaces returns the status and statistics of only the named port. To view the status of Serial 0/0, use show interfaces serial 0/0.

The status of two important portions of the interfaces is shown with the show interfaces command. They are the physical, or hardware portion and logical, or software, portion. These can be related to the Layer 1 and the Layer 2 functions.

The hardware includes cables, connectors, and interfaces showing the condition of the physical connection between the devices. The software status shows the state of messages such as keepalives, control information, and user information that are passed between adjacent devices. This relates to the condition of a Layer 2 protocol passed between two connected router interfaces.

These important elements can be demonstrated by an example of a serial port on a modular router. The show interfaces serial 0/0 command displays the line and data-link protocol status of serial port one. 
The first parameter refers to the hardware layer and indicates if the interface receives a Carrier Detect (CD) signal from the other end of the connection. If the line is down, a problem may exist with the cabling, equipment somewhere in the circuit may be powered off or malfunctioning, or one end may be administratively down. If the interface is administratively down it has been manually disabled in the configuration.
The show interfaces serial 0/0 command also provides information to help diagnose other Layer 1 issues that are not as easy to determine. An increasing number of carrier transitions counts on a serial link may indicate one or more of the following problems: 

• Line interruptions due to problems in the service provider network
• Faulty switch, DSU, or router hardware

If an increasing number of input errors appear in the show interfaces serial 0/0 output, there are several possible sources of those errors. Some common Layer 1 problems are as follows:

• Faulty telephone company equipment
• Noisy serial line
• Incorrect cable or cable length
• Damaged cable or connection
• Defective CSU or DSU
• Defective router hardware

Another area to examine is number of interface resets. These are the result of too many missed keepalives. The following Layer 1 problems could be a cause of interface resets:

• Bad line that causes carrier transitions
• Possible hardware problem at the CSU, DSU, or switch

If carrier transitions and interface resets are increasing or if input errors are high while this occurs, the problem is likely to be a bad link or defective CSU or DSU.
The number of errors should be interpreted relative to the amount of traffic that the router has processed and the amount of time that the statistics have been captured. The router tracks statistics that provide information about the interface. The statistics reflect router operation since it was started or since the last time the counters were cleared. 
If the show interfaces output shows the last clearing of the counters as never, use the show version command to find out how long the router has been functional.
Use the clear counters privileged EXEC command to reset the counters to zero. These counters should always be cleared after an interface problem has been corrected. This reset to zero gives a better picture of the current status of the network and will help verify that an issue has been corrected.
The Lab Activity will help students become more familiar with the show interfaces command.
The next page will explain how the show interfaces command is used to troubleshoot Layer 2 problems.

Layer 7 troubleshooting using Telnet

Layer 7 troubleshooting using Telnet 
9.2.7 The Telnet utility is a virtual terminal protocol that is part of the TCP/IP protocol suite. It allows verification of the application layer software between source and destination stations. This is the most complete test mechanism available. The Telnet utility is normally used to connect remote devices, to gather information, and to run programs.
The Telnet application provides a virtual terminal connection to routers that use TCP/IP. For troubleshooting purposes, it is useful to verify that a connection can be made using Telnet. This proves that at least one TCP/IP application is able to connect end-to-end. A successful Telnet connection indicates that the upper-layer application and the services of lower layers are functioning properly. 
If an administrator can Telnet to one router but not to another router, verify lower layer connectivity. If connectivity has been verified, it is likely that the Telnet failure is caused by specific addressing, naming, or access permission problems. These problems can exist on the administrator's router or on the router that failed as a Telnet target.
If the Telnet to a particular server fails from one host, Telnet from a router and other devices. If a login prompt is not achieved during Telnet, check the following:

• A reverse DNS lookup may not be found on the client address. Many Telnet servers will not allow connections from IP addresses that have no DNS entry. This is a common problem for DHCP-assigned addresses if the administrator has not added DNS entries for the DHCP pools.
• It is possible that a Telnet application cannot negotiate the appropriate options and will not connect. On a Cisco router, this negotiation process can be viewed with the debug telnet command.
• It is possible that Telnet is disabled or has been moved to a port other than 23 on the destination server.

The Lab Activity will allow students to troubleshoot a network with Telnet and the ping command. The Interactive Media Activity will help students become more familiar with Telnet.
This page concludes this lesson. The next lesson will teach students how to troubleshoot router issues. The first page will discuss show commands.