What is TCP?

TCP (Transmission Control Protocol) is the main transport protocol utilized in IP

networks.
The TCP protocol exists on the Transport Layer of the OSI Model.
The TCP protocol is a connection-oriented protocol which provides end-to-end
reliability.
By connection-oriented, we mean that before two network nodes can communicate using
TCP, they must first complete a handshaking protocol to create a connection.
When we say that TCP provides end-to-end reliability, we mean that TCP includes
mechanisms for error detection and error correction between the source and the
destination.
These properties of TCP are in contrast to UDP, which is connectionless and unreliable.
Higher layer protocols which utilize TCP include HTTP, SMTP, NNTP, FTP, telnet,
SSH, and LDAP.

Diagram of the TCP Header

TCP Header Format
-----------------

0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

Additional Reading on TCP

The TCP protocol is defined in RFC 793: Transmission Control Protocol
What is UDP?
User Datagram Protocol or UDP is part of the Internet Protocol suite, using which,
programs running on different computers on a network can send short messages known
as Datagrams to one another. UDP can be used in networks where TCP is traditionally
used, but unlike TCP, it does not guarantee reliability or the right sequencing of data.
Datagrams may go missing without notice, or arrive in a different order from the one in
which they were sent.

Though these factors might seem to suggest that UDP is not a useful protocol, it still
finds good use in particular areas where speed, more than reliability, is of utmost
importance. Since UDP does not have the overhead of checking whether the data has
reached the destination every time it is sent, it makes the protocol that much faster and
more efficient. UDP is often used for time-sensitive applications where missing data is
preferred to late-arriving data.
UDP is a stateless protocol which is useful for servers engaged in answering short queries
from a large number of clients. While TCP is mainly used for communication between a
server and a single client, UDP is used for packet broadcast or multicasting whereby the
data is sent to all the clients in the network.
Since UDP lacks any kind of mechanism to control or avoid network congestion, other
forms of network-based control mechanisms need to be implemented to ensure smooth
flow of traffic in a UDP network. One of the solutions being designed to tackle this
problem is DCCP or Datagram Congestion Control Protocol which is aimed at
monitoring and controlling traffic congestion in a UDP network.
A typical IP network consists of five layers:
The Physical Layer consisting of the actual channel for data flow like coaxial, twisted
pair or fiber optic cables
The Data Link Layer implementing Wi-Fi, ISDN, GPRS etc
The Network / Internet Layer
Transport Layer implementing TCP, UDP etc
Application Layer running DNS, FTP, HTTP, POP3, SMTP, Telnet etc
As shown above, UDP belongs to the fourth layer. Although the entire amount of UDP
traffic in a network is a small fraction of the whole, a number of key application in the
fifth layer like DNS and SNMP or simple network management protocol use UDP.
Additional Reading on UDP
The UDP protocol is defined in RFC 768: User Datagram Protocol.

What are TCP/IP ports?

TCP and IP are two seperate protocols. IP (Internet Protocol) is a network layer protocol,
while TCP (Transmission Control Protocol) is a transport layer protocol.

Every computer and network device attached to the Internet has at least one IP address.
For example, the IP address of this web server is 66.37.153.81.
Then, within each of those IP addresses, each computer and network device will have a
number of TCP ports. For example, the web server software on this web server responds
on TCP port 80 and the mail server software on the same computer responds on TCP port
25.
In a non-technical sense, you can think of an IP address as the address of an office
building and the TCP ports are individual offices within that building.

TCP Ports
TCP ports either originate connections or they receive connections. Any TCP port can
originate a connection, and the port numbers for those are not important. TCP ports
which receive connections, on the other hand, have to be assigned specific port numbers
so that people and applications know where to look for them. For example, DNS answers
on TCP port 53 and HTTP answers on TCP port 80.
Port numbers that are statically assigned are known as well known port numbers are are
usually below 1,024. To see a list of well known TCP ports, read What port number is
XXX on?.

What Port Number is XXX on?

The way that most services work under TCP/IP is that the server is configured to use a
well known port number and the client connects from a random high port.

Most of these well known ports are port numbers below 1,024. High ports are ports 1,024
or above.
In the old days, ports below 1,024 were known as trusted ports. On Unix machines, only
a user or process with root privileges is able to open an outgoing port below 1,024.
With the proliferation of Windows and single-user Unix systems, the trusted port model
no longer works.
A few of the most common well known ports are:
Service Port
FTP 20,21
SSH 22
telnet 23
SMTP 25
DNS 53
DHCP 67,68
TFTP 69
HTTP 80
POP3 110
NNTP 119
NTP 123
IMAP4 143
LDAP 389
HTTPS 443
IMAPS 993
RADIUS 1812
AIM 5190
The file /etc/services on most Unix machines lists the port assignments for that machine.
On Windows, TCP/IP port assignments are stored in the
C:\WINDOWS\SYSTEM32\DRIVERS\ETC\SERVICES file.
The original complete list of port assignments was in RFC 1700 - Assigned Numbers.
The most current official list of port assignments is maintained by the IANA (Internet
Assigned Numbers Authority) at http://www.iana.org/assignments/port-numbers.

What is DNS?
Domain Name System (DNS) is an Internet Engineering Task Force (IETF) standard
name service that allows your computer to register and resolve domain names. The DNS
makes it possible to assign domain names to organizations independent of the routing of
the numerical IP address. In other words, DNS is a system that translates domain names
into IP addresses. This is necessary because computers only make use of IP addresses yet
we use only human readable names since the names are easier to remember than IP
addresses. Without this DNS resolution, the internet would be a very inconvenient place.
DNS resolution is therefore a very important task. However, you may sometimes try to
connect to a system by name and get a DNS error because the name did not resolve to the
proper IP address. There can be several causes for this, such as:

• The DNS server is down.

• IP connectivity gets lost and thus the DNS cannot resolve

• DNS cache poisoning.

• Update and zone issues.

• The DNS server does not have network connectivity to the root servers.

There are a number of ways to find out whether your system is resolving properly. You
can use nslookup to verify name resolution. The nslookup command can be used to find
various details relating to a particular DNS (Domain Name System) such as IP address,
MX records etc.
Go to the command prompt and type in nslookup host_name server_IP_address.
Replace the actual host name that you are trying to resolve for host_name and the IP
address of the DNS server for server_IP_address then press enter.
This will allow you to verify if an error is on the server, if there is a widespread
resolution error, or if the server is possibly down. Nslookup will also display the various
types of DNS records, not just primary (A) records, or all records for a domain. You can
then ping with the -a switch to also verify if DNS resolution is working fine.
Troubleshoot the dns client since most problems start with failed queries at the client. If a
dns server provides incorrect data to queries that it successfully answers, then the most
likely causes would be:
 • Resource records (RRs) were not dynamically updated in a zone.

• An error was made when manually adding or modifying static resource records in
the zone.

• Stale resource records in the DNS server database, left from cached lookups or
zone records not updated with current information or removed when they are no
longer needed.
If the dns server does not resolve names for external networks, then the possible causes
could be:

• The recursive query times out before it can be completed.

• A remote DNS server fails to respond.

• A remote DNS server provides incorrect data.

• DNS server recursion has been disabled.

Troubleshoot also the connectivity to the root servers. Verify that the DNS server used in
a failed query can ping its root servers by IP address. If a ping attempt to one root server
fails, it might indicate that an IP address for that root server has changed