Welcome to Jeremy’s IT Lab. This is a free, complete course for the CCNA. If you like these videos, please subscribe to follow along with the series. Also, please like and leave a comment, and share the video to help spread this free series of videos. Thanks for your help. In this video we will cover two very important protocols, TCP and UDP, two Layer 4 protocols. These protocols are mentioned in exam topic 1.5, which says you must be able to compare TCP to UDP. I could spend hours covering the details of how these protocols work, but for the CCNA you just need a high-level understanding of their basic characteristics and how they are different. Here’s what we’ll cover in this video. First up, the basics of Layer 4. We’ve already covered a lot regarding Layers 1, 2, and 3. For example, at Layer 1 we covered the most common cable types used in networks. At Layer 2 we covered things like MAC addresses, switching, and spanning tree. At Layer 3 we covered things like IP addresses and routing. Now I think is a good time to talk about Layer 4. After a basic overview of Layer 4, I will introduce TCP, the Transmission Control Protocol. After that, I will introduce UDP, User Datagram Protocol. UDP is much simpler than TCP, and it’s easiest to understand after learning TCP. Then we’ll compare the two. Remember, that is the exam topic, compare TCP to UDP. As always, make sure to watch until the end of the video for a bonus practice question from Boson ExSim, the best practice exams you can get for the CCNA. If you want to get Boson ExSim, follow the link in the video description. Okay, let’s get started. So let’s cover some basic functions of Layer 4 protocols. First up, Layer 4 provides transparent transfer of data between end hosts. To briefly explain what that means, here’s an image I used back in Day 3 of the course when I covered the OSI Model and TCP/IP Suite. This up here shows the network topology, with Host A sending data to Host B. What does the Transport Layer do? It encapsulates the data with a Layer 4 header, and then uses the services of the lower layers, Layers 3, 2, and 1, to deliver the data unchanged to the destination host. The hosts themselves aren’t aware of the details of the underlying network, the transfer of data is ‘transparent’ to them. Another function of Layer 4 protocols is to provide, or not provide, various services to applications. You’ll soon see that TCP provides these services to applications, whereas UDP does not. What are some of these services? One is reliable data transfer. That means making sure that the destination host actually received every bit of data that it’s supposed to. Another service is error recovery. If an error occurs in transmission, Layer 4 can ensure the data is sent again. Next is data sequencing, making sure that even if data arrives at the destination out of order, the end host can sequence it in the correct order. One more is flow control, making sure that the source host doesn’t send traffic faster than the destination host can handle. These are services provided by TCP but not UDP. I’ll explain further later, so don’t worry about memorizing these yet. Okay, one more function of Layer 4 is to provide Layer 4 addressing. These addresses are called ‘port numbers’. Note that the word ‘port’ can also refer to the physical interfaces you connect cables to on network devices, but the Layer 4 port is a totally different meaning of the word. These port numbers provide a few functions, one of them is identifying the Application Layer protocol that is being used. Another is to provide something called ‘session multiplexing’. Let me explain these concepts. Here we have PC1, and it will access resources from two servers over the Internet, SRV1 and SRV2. Let’s see how these ports are used to identify the service PC1 wants to access, and to track sessions between PC1 and the servers. First of all, what is a session? It’s simply an exchange of data between two or more communicating devices. And in your daily use of your PC, your PC needs to be able to handle multiple communication sessions at once. Perhaps you have multiple Internet tabs open, accessing different services over the Internet. You probably have multiple services running on your computer that need Internet access. In PC1’s case, let’s say it is communicating with SRV1. At Layer 4 it is using TCP, and it uses a source port of 50000 and a destination port of 80. What are these ports used for? The destination port is very important, it identifies the Application Layer protocol. For example, TCP port 80 is used for the protocol HTTP, which is used to access websites. So, perhaps SRV1 is hosting a webpage that PC1 wants to access. Now, how about the source port? It’s randomly selected by PC1, and in combination with the destination port it helps identify the session. For example, after SRV1 receives PC1’s message it will probably send a reply. In SRV1’s reply, notice that the source and destination port numbers are reversed, the source port is 80 and the destination is 50000. When PC1 receives this message, the source and destination port numbers tell it that it’s part of the same communication session as the message it sent earlier. What if PC1 opens up a separate connection to SRV1? It might be using HTTP at destination port 80 again, but it’s using a different source port. SRV1’s response will use that source port as the destination port for its response, so PC1 knows it’s part of that session. But PC1 wants to access something on SRV2 at the same time. It uses a TCP destination port number of 21, and randomly selects the source port 60000. TCP port 21 is used for FTP, the File Transfer Protocol. As the name suggests, it is used to transfer files. SRV2’s reply will reverse the port numbers, using a source port of 21 and destination port of 60000. These will tell PC1 that this communication is part of the same session. Okay, I hope that gave you a basic understanding of how ports identify the Application Layer protocol, such as HTTP, the Hypertext Transfer Protocol which is used to access webpages, or FTP, the File Transfer Protocol which is used, as the name says, to transfer files. I also showed how these numbers are used by hosts to manage multiple communication sessions at once. The port numbers that Application Layer protocols use are registered with the IANA, the Internet Assigned Numbers Authority. They have designated the following ranges. Well-known port numbers are ports 0 through 1023. These are used for major protocols like HTTP, FTP, etc, and are very strictly regulated. Registered port numbers are in the range 1024 to 49151. Registration is required to use these port numbers, although it’s not as strict as with the well-known port range. Finally, the range 49152 through 65535 is used for ‘ephemeral’ ports, also known as private or dynamic ports. Hosts use this range when selecting the random source port. Note that in the previous example, all of the randomly selected source port numbers came from the ephemeral port range. Finally, note that port numbers are a function of both of the main Layer 4 protocols, TCP and UDP. Next I’ll explain each of the protocols, and you’ll see that these functions I listed earlier, reliable data transfer, error recovery, data sequencing, and flow control, are provided by TCP and not by UDP. First I’ll explain TCP. I’ll give an overview of it’s functions, we’ll take a brief look at the TCP header, and then I’ll go more in depth on a few of its functions. First up, TCP is a connection-oriented protocol. What does that mean? Well, before actually sending data to the destination host, the two hosts communicate to establish a connection. Once the connection is established, the data exchange begins. The source host doesn’t just start sending data without first communicating with the destination host and setting up this connection. Next, TCP provides reliable communication. How does it do that? The destination host must acknowledge that it received each TCP segment. Remember, segment is the name of the Layer 4 PDU, like the packet at Layer 3 and frame at Layer 2. Then, if the source host doesn’t receive an acknowledgment for a segment, it is sent again. Next, TCP provides sequencing. In the next slide you’ll see that there is a sequence field in the TCP header. The sequence numbers in the TCP header allow destination hosts to put segments in the correct order even if they arrive out of order. Okay, last thing for now, TCP provides flow control. That means that the destination host can tell the source host to increase or decrease the rate that data is sent, so that it isn’t overwhelmed by receiving traffic faster than it can process it. Okay, now let’s take a look at the TCP header, thanks to Wikipedia for this image. As you can see, there are quite a few different fields in the TCP header, which are used to provide all of those different services I listed in the previous slide. The good news is, you don’t have to learn and memorize the entire header for the CCNA. I just want to briefly point out a few important fields. First up, the source and destination port fields. Note that each field is 16 bits, 2 bytes, in length. That means there are a total of 65536, which is 2 to the power of 16, available port numbers. The next two fields are the sequence number and acknowledgment number. These two fields are used to provide sequencing and reliable communication, I’ll show that in a bit more detail later. TCP has a series of ‘flag’ bits which each serve a different purpose. I want to mention these three, ACK, SYN, and FIN. These three flags are used to establish and terminate connections. In the next slide I’ll explain those processes more. The final field I want to point out is the Window Size field. This field is used for flow control, adjusting the rate at which data is sent. Okay, that’s all for the TCP header. You don’t have to learn every field or memorize it, but you should be aware of the fields I pointed out in this slide. I mentioned that TCP is connection-oriented, meaning that hosts first communicate to establish a connection before actually sending data. The method TCP uses to establish connections is called the TCP Three-Way Handshake. It has that name because it involves three messages being sent between the two hosts. So, let’s say PC1 wants to access a webpage on SRV1 using HTTP. First, it must establish a TCP connection. To do so, it uses these two flags in the TCP header that I just showed you, ACK, meaning acknowledgment, and SYN, meaning synchronization. First, PC1 will send a TCP segment to SRV1 with the SYN flag set, meaning that bit is set to 1. That is part one of the three-way handshake. Next, SRV1 will reply by sending a TCP segment to PC1 with the SYN and ACK flags set. So both bits are set to 1. That is part two of the three-way handshake. Finally, PC1 will send a TCP segment with the ACK bit set. Now the three-way handshake is complete and the connection is established. The real data exchange can then begin, the first three messages, which make up the three-way handshake, are just to establish a connection. Make sure to remember the three-way handshake. SYN, SYN-ACK, and then ACK. Now let’s talk about how TCP terminates connections. This process, sometimes called the TCP ‘four-way handshake’, is less famous than the three-way handshake. When PC1 decides that it no longer needs the connection with SRV1 it will initiate this process to terminate the connection. The process uses these two flags in the TCP header, FIN and ACK. First, PC1 sends a TCP segment to SRV1 with the FIN flag set. SRV1 responds with an ACK. SRV1 then sends its own FIN. Finally, PC1 sends an ACK in response to SRV1’s FIN, and the connection is terminated. Here’s the same summary I showed you before. So, can you see what ‘connection-oriented’ means? Before actually exchanging data, PC1 and SRV1 established a connection. Okay, now let me demonstrate how TCP uses the sequence and acknowledgment fields of the header to provide reliable communication and sequencing. So, let’s look at an exchange between two PCs, PC1 and PC2. When PC1 sends the three-way handshake’s SYN message, it sets a random initial sequence number, let’s say it sets it to 10. Then, when PC2 sends the SYN-ACK to PC1, it sets its own random initial sequence number, for example 50. Not only that, it also acknowledges that it received PC1’s segment with a sequence number of 10, by setting the acknowledgment field to 11. Why 11? That’s because TCP uses something called ‘forward acknowledgment’. Instead of acknowledging sequence number 10 with an ack field of 10, it tells PC1 the sequence number of the next segment it expects to receive. So continuing that process, PC1 sends the final ACK of the three-way handshake. The sequence number is 11, and using forward acknowledgment it sets a value of 51 in the acknowledgment field. PC2 replies with a sequence number of 51, and again uses forward acknowledgment by setting a value of 12 in the acknowledgment field. Then the exchange continues, like this. So, what should you remember from this? Remember that hosts set a random initial sequence number, and that forward acknowledgment is used to indicate the sequence number of the next segment the host expects to receive. Okay, so now I’ve shown how the sequence and acknowledgment fields of the TCP header are used to acknowledge that the host has received each TCP segment it should receive. These sequence numbers also allow hosts to know the correct order of segments, even if for some reason they arrive out of order. Now, what about this part? If a segment isn’t acknowledged, it is sent again. I will briefly demonstrate. To simplify things, I will only show one set of sequence and acknowledgment numbers. So, PC1 sends SRV1 a segment with sequence number 20. Using forward acknowledgment, SRV1 sends Ack 21 to PC1. PC1 then sends Sequence number 21, but for some reason it doesn’t reach SRV1. After waiting a certain amount of time with no Ack, PC1 resends the segment. This is called TCP retransmission. This time SRV1 receives it, and sends Ack 22 to tell PC1 that it was received. Okay, that’s a very brief overview of how TCP retransmits any segments that aren’t acknowledged. Finally, let me introduce how TCP provides flow control. Acknowledging every single segment, no matter what size, is inefficient. However, the TCP header’s window size field allows more data to be sent before an acknowledgment is required. Here’s an example. A host could send three segments, with sequence numbers 20, 21, and 22, and then an Ack is sent with sequence number 23. In addition, a ‘sliding window’ is used to dynamically adjust how large the window size is. The window size is increased as much as possible until a segment is dropped, then the window size backs down to a more reasonable level, and slowly increases again. Okay, before moving on let me point out one thing. In all of these examples, I used very simple sequence numbers. In real situations, the sequence numbers get much larger and do not increase by 1 with each message, especially when the sliding window size gets very large. For the CCNA, just understand the concepts and don’t worry about the exact numbers. Okay, so that was a very brief overview of these functions that TCP provides to applications. It would take hours to cover all of the details, but for the CCNA you just need to understand the concepts. The details I did show you about sequence numbers, forward acknowledgment, etc. were just to help you understand the basic concepts. Remember, the exam topics state that you need to be able to compare TCP to UDP, not that you need to understand the detailed mechanics and operations of TCP. Now that you’ve seen some of what TCP provides to communications, let’s check out UDP. UDP is much simpler, so I’ll sum it up in one slide. UDP is not connection-oriented. It is connectionless. Unlike TCP, in UDP the sending host does not establish a connection with the destination host before sending data. It is simply sent. UDP does not provide reliable communication. When UDP is used, acknowledgments are not sent for received segments. If a segment is lost, UDP has no mechanism to re-transmit it. Segments are sent ‘best-effort’. You might not be familiar with the term best-effort. Basically, it means UDP provides no guarantee of delivery like TCP. It sends it, it makes the effort, but it doesn’t provide any guarantees. UDP does not provide sequencing. Unlike TCP, UDP has no sequence field in its header. If segments arrive out of order, UDP has no mechanism to put them back in order. Finally, UDP does not provide flow control. It has no mechanism like TCP’s window size to control the flow of data. Let’s take a look at the UDP header. , thanks again to Wikipedia for the image. That’s it. Four fields. Source and destination port numbers, a length field indicating the length of the segment, and a checksum so the receiving host can check for errors. In the next slide let’s compare TCP and UDP. First up, here are the two headers for comparison. All of the additional fields that TCP has allow it to provide those additional functions like sequencing and error recovery. So, in which cases would TCP be used, and in which cases would UDP be used? TCP provides more features than UDP, but at the cost of additional overhead because of the larger header. In addition, acknowledgments and retransmissions can slow down the transfer of data . For applications that require reliable communications, for example downloading a file, TCP is preferred. You wouldn’t want to download a PDF file with a page missing. You want to make sure you get the whole file. On the other hand, for applications like real-time voice and video, for example voice over IP phone calls, Zoom, Skype, etc, UDP is preferred. These applications are very delay-sensitive, you don’t want the overhead of TCP slowing it down. One thing to note is that there are some applications that use UDP, but provide reliability and such within the application itself. TFTP, the Trivial File Transfer Protocol, is such an example. I’ll cover it later in the course. Also, think about a Skype call. If you’re talking to someone over Skype and the audio cuts out for a few seconds, you can simply ask the other person to repeat what they said. In effect, you are asking for a ‘retransmission’. Finally, there are some applications that use both TCP & UDP, depending on the situation. DNS, the Domain Name System, is an example. Here’s a chart summarizing the differences between TCP and UDP. But don’t forget, both TCP and UDP provide Layer 4 addressing in the form of port numbers. These port numbers identify Application Layer protocols and allow for session multiplexing. They are both Layer 4 protocols, so they both provide these essential functions. Finally, I will list some important well-known port numbers you should know. We haven’t really covered any of these Application Layer protocols in the course yet, but I recommend taking the time to memorize the port numbers now. I will provide flashcards in the flashcard deck for today’s lecture. I will, however, mention the port numbers again when I cover these protocols later in the course, so if you prefer you can learn them individually then. Here’s the list. First up, FTP, the File Transfer Protocol, uses TCP ports 20 and 21. SSH, Secure Shell, which is commonly used to connect to the CLI of routers and switches, uses TCP port 22. Telnet, which can also be used to connect to the CLI of devices, uses TCP port 23. SMTP, the Simple Mail Transfer Protocol, is used for sending email and uses TCP port 25. HTTP, Hypertext Transfer Protocol, commonly used for accessing web pages, uses TCP port 80. POP3, Post Office Protocol 3, used for retrieving emails, uses TCP port 110. And finally HTTPS, Hypertext Transfer Protocol Secure, uses TCP port 443. Okay, let’s list some protocols that use UDP. DHCP, Dynamic Host Configuration Protocol, which allows hosts to automatically set their IP address and other things, uses UDP ports 67 and 68. TFTP, the Trivial File Transfer Protocol, uses UDP port 69. SNMP, the Simple Network Management Protocol, uses UDP ports 161 and 162. Syslog uses UDP port 514. Finally, the only protocol you should be aware of that uses both TCP and UDP is DNS, Domain Name System. It usually uses UDP, but uses TCP in some situations. Okay, to help you review I have added a ‘portnumbers’ tag to the Anki flashcards for these port numbers. Here’s how you can use it to review these specific cards. Open the Anki flashcard deck. Click on ‘custom study’. You’ll see this window. Select ‘study by card state or tag’. Then select ‘all cards in random order (don’t reschedule)’. Finally click on ‘choose tags’. This window will pop up. Check ‘require one or more of these tags’ and make sure the ‘portnumbers’ tag is highlighted. Also make sure it isn’t highlighted under ‘select tags to exclude’. Finally, click OK. Now you will be able to review the cards without effecting Anki’s scheduling algorithm. After you have reviewed them, you can simply follow this same process again if you want to review them once more. Do it until you answer them all perfectly. By the way, if you have questions about Anki on other platforms like iOS or Android, or are having trouble getting the custom study session set up, please try a Google search or look on the Anki website. I’m no Anki expert and it’s hard for me to troubleshoot Anki problems via the comment section. Before moving on to the quiz, let’s review what we covered. We covered the basics of Layer 4, including Layer 4 addressing in the form of port numbers. We took a look at TCP, a Layer 4 protocol which provides various services to applications, such as reliable communication and flow control. Then we looked at UDP, which doesn’t provide the various services that TCP does, but uses a smaller header with less overhead. Finally, we spent some time comparing the two protocols. Remember the exam topics list, you’re expected to be able to compare the two for the exam, so focus on that. Watch until the end of the quiz for a bonus question from Boson ExSim, the best practice exams for the CCNA. Okay, let’s go to quiz question 1. Which of the following is a well-known port number, as defined by IANA? A, 1010. B, 2001. C, 4023. Or D, 65000. Pause the video to think about your answer. The answer is A, 1010. Here are the ranges designated by IANA. Well-known port numbers are those from 0 through 1023. Answers B and C are in the Registered range, and D is in the Ephemeral range. Okay, let’s move on to question 2. According to IANA specifications, what range of port numbers should hosts select from when randomly selecting a source Layer 4 port number? A, well-known. B, registered. C, ephemeral. Or D, reserved. Pause the video to think about your answer. The answer is C, ephemeral. The destination port number depends on the Application layer protocol, but the source port number should be randomly selected from the Ephemeral port range. Once again, here are the different port ranges as designated by IANA. Note that D, reserved, isn’t one of the ranges. Okay, let’s go to question 3. Which of the following are features of TCP but not UDP? (select three). A, Layer 4 addressing. B, error recovery. C, session multiplexing. D, flow control. And E, sequencing. Pause the video to think about your answers, select three. The answers are B, error recovery, D, flow control, and E, sequencing. Layer 4 addressing in the form of port numbers and session multiplexing are features of both TCP and UDP, but only TCP provides services like error recovery, flow control, and sequencing to applications. Okay, let’s go to question 4. Which of the following Application Layer protocols use TCP to provide reliable communications? (select three). A, SMTP. B, SNMP. C, HTTPS. D, DHCP. E, Syslog. Or F, SSH. Pause the video to think about your answers, select three. The answers are A, SMTP, C, HTTPS, and F, SSH. Although we haven’t learned the details of these protocols yet, I recommend learning which ones use TCP or UDP, and their port numbers. You’ll definitely need to know some of them for the test. Okay, let’s move on to question 5. PC1 and SRV1 have an active TCP connection. SRV1 receives a TCP segment from PC1 with a sequence number of 27. When SRV1 acknowledges the segment, what will the value of the Acknowledgment field in the TCP header be? Assume a TCP window size of 1. A, 26. B, 27. Or C, 28. Pause the video to think about your answer. The answer is C. TCP uses ‘forward acknowledgment’, meaning it acknowledges that it received a segment by stating the next segment it expects to receive. If SRV1 acknowledged with a value of 27, for example, PC1 would assume that SRV1 didn’t receive the segment with sequence number 27, so it would send it again. Don’t worry too much about the details of TCP operations, but make sure you have a basic understanding of how sequencing and acknowledgment works. Okay, that’s all for the quiz. Let’s take a look at a bonus question in Boson ExSim for CCNA. Here's today's Boson ExSim practice question. So, I will click on Launch Simulator and here it is, a drag-and-drop question. Select the applications layer protocols on the left, and drag them to the corresponding transport layer protocols. All application layer protocols will be used. So, these here on the left are all application layer protocols, and these are the transport layer protocols we just learned, TCP and UDP. And also one of these uses both TCP and UDP. Okay, so pause the video here and think about the answer. Okay, let's check. So I will go from top to bottom. DNS, Domain Name System, that uses TCP and UDP. Usually it uses UDP, but it does use TCP in some cases. Next, DHCP uses UDP. FTP, File Transfer Protocol, TCP. HTTP uses TCP. SMTP, Simple Mail Transfer Protocol, TCP. And then these last two, of course UDP. SNMP, Simple Network Management Protocol. And TFTP, the Trivial File Transfer Protocol. Okay, so I will click on 'done'. And let's see if I'm correct. Click on 'show answer'. And yes, that is correct. So, if you want to read Boson's explanation you can pause the video here. I haven't explained all of these application layer protocols yet, but I will cover them later in the course. For now just remember whether they use TCP or UDP, and also remember their port numbers. Okay, so that's Boson ExSim for CCNA. I highly recommend these practice exams. I used them when I was studying for my CCNA and CCNP exams, and I highly recommend them because they really helped me pass my exams. So, if you want to get a copy of Boson ExSim, please follow the link in the video description. There are supplementary materials for this video. There is a flashcard deck to use with the software ‘Anki’. This time there won’t be a packet tracer practice lab, instead I will make a Wireshark demo, to show you TCP and UDP in action in a real network. Wireshark is a packet capture program, which lets you analyze network traffic. It’s great for studying and also a very useful tool for network engineers. Before finishing today’s video I want to thank my JCNP-level channel members. To join, please click the ‘Join’ button under the video. Thank you to Benjamin, Deepak, Tshepiso, Justin, Loki, TheGunguy, Nil, Alex, Prakaash, Nasir, Erlison, Apogee, Wasseem, Marko, Florian, Daming, Kone, Joshua, Jhilmar, Samil, Ed, Value, John, Funnydart, Scott, Hassan, Gerrard, Joyce, Marek, Velvijaykum, C Mohd, Johan, Mark, Yousif, Sidi, Boson Software, Charlesetta, Devin, Lito, Yonatan, and Vance. Sorry if I pronounced your name incorrectly, but thank you so much for your support. One of you is still displaying as Channel failed to load, if this is you please let me know and I’ll see if YouTube can fix it. This is the list of JCNP-level members at the time of recording by the way, September 28th 2020, if you signed up recently and your name isn’t on here don’t worry, you’ll be in future videos. Thank you for watching. Please subscribe to the channel, like the video, leave a comment, and share the video with anyone else studying for the CCNA. If you want to leave a tip, check the links in the description. I'm also a Brave verified publisher and accept BAT, or Basic Attention Token, tips via the Brave browser. That's all for now.