Internet Protocol Reference
6 WatchGuard LiveSecurity System 4.5
• Used for services such as time synchronization in which an occasionally lost
packet will not affect continued operation. Many systems using UDP resend
packets at a constant rate to inform their peers about interesting events.
• Primarily used on LANs, in particular for NFS services where its low overhead
gives it a substantial performance advantage. A lack of congestion control makes
using UDP for bulk data transfer over long-haul connections not recommended.
• Supports broadcasts.
• Provides abstraction of ports.
• A connection is described by its source and destination ports and its source and
destination IP addresses. In typical usage, port numbers below 1024 are reserved
for well-known services (destinations), and the client side is supposed to use
ports above 1023 for the source of the connection. However, this rule has many
notable exceptions. In particular, NFS (port 2049) and Archie (port 1525) use
server ports at numbers above 1024. Some services use the same source and des-
tination port for server-to-server connections. Common examples are DNS (53),
NTP (123), syslog (514), and RIP (520).
TCP
Transmission Control Protocol (TCP) provides reliable stream-oriented services. It
trades speed and overhead for increased reliability. Like UDP, TCP provides source
and destination ports that are used in a similar fashion.
TCP uses a rather complicated state machine to manage connections. There are sev-
eral attribute bits that control the state of a connection. Three very important
attribute bits of TCP packets are the SYN, ACK, and FIN bits. The SYN bit is set
only on the first packet sent in each direction for a given connection. The ACK bit is
set when the other side is acknowledging the receipt of data to the peer. The FIN bit
is set when either side chooses to close the connection.
ICMP
The Internet Control Message Protocol (ICMP) is used primarily to deliver error
information about other services. It is otherwise quite similar in practical operation
to UDP. That is, it is connectionless and does not guarantee that packets are deliv-
ered to their destination. One dangerous ICMP packet is the ICMP redirect packet,
which can change routing information on the machines that receive it.
Other Protocols
The vast majority of the traffic on the Internet uses one of the three protocols men-
tioned above. There are some others that are of interest:
IGMP (Internet Group Multicast Protocol)
A protocol supporting multicasts used by SGI’s Dogfight game.
IPIP (IP-within-IP)
An encapsulation protocol used to build virtual networks over the Internet.
GGP (Gateway-Gateway Protocol)
A routing protocol used between autonomous systems.