TCP/IP Protocol

• Four layers: host-to-network, internet, transport, and application.

• The host-to-network layer is equivalent to the combination of the physical and
data link layers.
• The internet layer is equivalent to the network layer, and
• The application layer is roughly doing the job of the session, presentation, and
application layers
• The transport layer in TCPIIP takes care of part of the duties of the session
layer.
Swati (Data Communication & Computer Networks) 33
TCP/IP and OSI model

Swati (Data Communication & Computer Networks) 34

 1. Host-to-Network
• At the physical and data link layers, TCPIIP does not define any specific
protocol.
• It supports all the standard and proprietary protocols.
• A network in a TCPIIP internetwork can be a local-area network or a wide-
area network.

Swati (Data Communication & Computer Networks) 35

 2. Network Layer
• At this layer TCP/IP supports the Internetworking Protocol. IP, in turn, uses
four supporting protocols: ARP, RARP, ICMP, and IGMP
• The IP is the transmission mechanism used by the TCP/IP protocols. It is an
unreliable and connectionless protocol-a best-effort delivery service.
The term best effort means that IP provides no error checking or tracking. IP
assumes the unreliability of the underlying layers and does its best to get a
transmission through to its destination, but with no guarantees.

Swati (Data Communication & Computer Networks) 36

 Network Layer Protocols
• Address Resolution Protocol (ARP): ARP is used to find the physical address
of the node when its Internet address is known.
• Reverse Address Resolution Protocol (RARP): It allows a host to discover its
Internet address when it knows only its physical address.
• Internet Control Message Protocol (ICMP): It is a mechanism used by hosts
and gateways to send notifications of datagram problems back to the sender.
• Internet Group Message Protocol (IGMP): It is used to facilitate the
simultaneous transmission of a message to a group of recipients.
Swati (Data Communication & Computer Networks) 37
 3. Transport Layer
• UDP and TCP are transport level protocols responsible for delivery of a message from a process
(running program) to another process.
• User Datagram Protocol (UDP): Simpler than TCPIP. It is a process-to-process protocol that adds
only port addresses, checksum error control, length information to the data from the upper layer.
• Transmission Control Protocol (TCP): IT is a reliable stream protocol.
• Stream means connection-oriented.
• At sending end, TCP divides a stream of data into smaller units called segments. Each segment includes a
sequence number for reordering after receipt, together with an acknowledgment number for the segments
received.
• The Stream Control Transmission Protocol (SCTP) provides support for newer applications such as
voice over the Internet.
Swati (Data Communication & Computer Networks) 38
 4. Application Layer
• The application layer in TCPIIP is equivalent to the combined session,
presentation, and application layers in the OSI model.
• Many protocols are defined at this layer.
• We will cover many of the standard protocols in later chapters

Swati (Data Communication & Computer Networks) 39

 Addressing
• Four levels of addresses are used in an internet employing the TCP/IP
protocols.

Swati (Data Communication & Computer Networks) 40

 Relationship of layers and addresses in TCPIP

Swati (Data Communication & Computer Networks) 41

 Vulnerabilities and Attacks in OSI Layers
1. Physical Layer: It deals with the transmission of raw bitstreams over a physical
medium (e.g., cables, fiber optics).
• Vulnerabilities:
• Physical access to networking equipment.
• Lack of physical security controls.
• Attacks:
• Wiretapping: Intercepting cables or communication lines to eavesdrop on transmitted data.
• Jamming: Disrupting communication by emitting interfering signals that prevent legitimate
signals from being transmitted.
• Device Tampering: Physically altering or damaging networking hardware to disrupt network
communication or to introduce malicious devices.
Swati (Data Communication & Computer Networks) 42
2. Data Link Layer: The data link layer provides node-to-node data transfer
and error detection/correction mechanisms.
• Vulnerabilities:
• Lack of secure communication between devices.
• Poor configuration of switches and access points.
• Attacks:
• MAC address spoofing : An attacker changes their MAC address to impersonate another
device, allowing them to intercept or manipulate network traffic.
• ARP Spoofing/ Poisoning: An attacker sends fake Address Resolution Protocol (ARP)
messages to associate their MAC address with the IP address of another device, enabling them
to intercept, modify, or stop data intended for that IP.
• Switch Port Stealing: Exploiting switches' MAC address tables to gain unauthorized network
access or intercept traffic.
Swati (Data Communication & Computer Networks) 43
3. Network Layer: The network layer handles routing and forwarding of
packets between devices across networks
• Vulnerabilities:
• Weak routing protocols that are susceptible to manipulation
• Unauthenticated or insecure network configurations.
• Attacks:
• IP Spoofing: An attacker sends IP packets from a false source address to impersonate another
device and gain unauthorized access..
• Route Injection/Poisoning: An attacker injects malicious routing information into a network
to redirect traffic or cause network congestion.
• Denial of Service (DoS): Overwhelming a network device with excessive traffic, causing
legitimate traffic to be delayed or dropped.
Swati (Data Communication & Computer Networks) 44
4. Transport Layer: The transport layer ensures reliable or unreliable delivery
of data across network connections. Protocols like TCP and UDP operate
at this layer.
• Vulnerabilities:
• Poorly managed session states and connections.
• Weaknesses in protocol implementation..
• Attacks:
• TCP SYN Flood Attack: An attacker exploits the TCP handshake process by sending numerous
SYN requests without completing the handshake, causing resource exhaustion on the target
server.
• UDP Flood Attack: An attacker sends a large number of UDP packets to random ports,
overwhelming the target device.
• Port Scanning: An attacker scans open ports on a target device to identify services running and
find potential vulnerabilities.
Swati (Data Communication & Computer Networks) 45
5. Session Layer: The session layer manages sessions or connections
between applications.
• Vulnerabilities:
• Session hijacking due to weak session management.
• Insufficient timeout management.
• Attacks:
• Session Hijacking: An attacker takes control of a user's active session by stealing session
cookies or tokens, gaining unauthorized access to the user's resources.
• Man-in-the-Middle (MitM) Attack: An attacker intercepts and possibly alters communication
between two parties without their knowledge.

Swati (Data Communication & Computer Networks) 46

6. Presentation Layer: The presentation layer formats and encrypts/decrypts
data for application layer consumption.
• Vulnerabilities:
• Insecure encryption or encoding mechanisms.
• Lack of data validation and sanitization
• Attacks:
• SSL Stripping: An attacker downgrades an HTTPS connection to HTTP, allowing them to
intercept unencrypted traffic.
• Data Manipulation: Exploiting vulnerabilities in data encoding schemes to inject malicious
payloads.
• Code Injection: Malicious code is injected into data that is improperly handled by the
presentation layer.
Swati (Data Communication & Computer Networks) 47
7. Application Layer: The application layer interacts directly with end-user
software and handles high-level protocols.
• Vulnerabilities:
• Application-level security flaws (e.g., buffer overflows, SQL injection).
• Weak authentication and authorization mechanisms.
• Attacks:
• SQL Injection: Injecting malicious SQL code into a query to manipulate or retrieve
unauthorized data from a database.
• Cross-Site Scripting (XSS): Injecting malicious scripts into web pages viewed by other users,
potentially stealing cookies or performing actions on their behalf.
• Phishing: Deceiving users to divulge sensitive information (e.g., login credentials) by
masquerading as a trustworthy entity.
• Denial of Service (DoS): Overloading an application or web service with too many requests to
render it unusable.
Swati (Data Communication & Computer Networks) 48