Differences

This shows you the differences between two versions of the page.

--- network_stuff:tcpnotes [2022/02/06 13:23] – jotasandoku
+++ network_stuff:tcpnotes [2024/10/14 12:44] (current) – jotasandoku
@@ Line 8: / Line 8: @@
     * SACK is like a lookeahead acknowledgement while we wait for slow Bytes to arrive.
     * Example: "If I received Bytes 1,2,3 5,6 but not 4, I acknowledge 3 and 'selectively acknowledge' 5 and 6."
+    * How it works in practice: by appending to a duplicate acknowledgment packet a TCP option containing a range of noncontiguous data received
 \\
-ACK is sent __by the SENDER__. Indicating that is has received cumulated data and is ready for the next segment
+ACK is sent indicating that is has received cumulated data and is ready for the next segment
 The ACK number for a packet is the packet's sequence number plus the data length. See this for a **full explanation of ack and seq numbers**: [[https://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/|External Link]]
@@ Line 20: / Line 21: @@
 \\
 The three way handshake implies there are two clients and two servers <<
+{{:network_stuff:3wayhandshakesimple.png?400|}}
+----
+TCP TIMERS:
+\\
+  * Time Out Timer: sender waiting for the ack. If ack doesn't arrive, TCP rtx. Value of Time Out Timer adapts depending on  the traffic in the network.
+  * Time Wait Timer: used for the orderly close and discard or ports at the end of a session. Sender starts the time wait timer after sending the ACK for the second FIN segment.
+  * Keep Alive Timer: If server stops hearing a customer for 2 hours starts sending 10 probes every 75 seconds.
+  * Persistent Timer: Used to deal with deal with a zero-widow-size deadlock situation. Keeps sending data for a while even when the receiver has closed the window.
 ----
@@ Line 28: / Line 43: @@
 \\
 (Reno, Cubic, Tahoe, more recently, BBR + Vegas, , Westwood)
-[[https://medium.com/@atoonk/tcp-bbr-exploring-tcp-congestion-control-84c9c11dc3a9]]
+\\
+  * BBR (Bottleneck Bandwidth and RTT). Used in QUIC and HTTP/3 protocols. More modern and **doesn't rely on packet loss**, aiming to maximize throughput by actively **probing network capacity**. It's better suited for modern, high-speed networks.
+  * CUBIC (cubic function) is default in Linux. It relies on packet loss and a cubic window growth, making it less aggressive than BBR but well-optimized for traditional networks.
+  * BBR offers more efficient bandwidth usage and lower latency, especially in unpredictable networks, while CUBIC is robust in traditional high-speed environments.
+  *
   * sysctl net.ipv4.tcp_congestion_control  # default is usually cubic or reno
   * sysctl net.ipv4.tcp_available_congestion_control  # list available suites
@@ Line 56: / Line 74: @@
 ----
-FUN FACTS ABOUT TCP:\\
+**FUN FACTS ABOUT TCP**:\\
   * reset flag is a rude way of finishing a connection. It can be used by scanners to detect closed/opened ports. Can be sent by the source or destination host, or a network device in transit such as a firewall. Avoids half closed connections due to missed FIN/ACKs etc.
     * An attacker in the middle can disrupt the communication between 2 peers.  [[https://robertheaton.com/2020/04/27/how-does-a-tcp-reset-attack-work/|RST_attack]]
+  * PUSH: is a flag that informs the receiver that all data has been sent. When we disable Nagle with TCP_NODELAY it also sends the push flag but is not exactly the same. [[http://smallvoid.com/article/winnt-tcp-push-flag.html|External Link]]
+----
+QUIC NOTES
+  * You need decryption keys or won't see much [[https://youtu.be/fHBUOlvS3ts]]
+  * 1 or 0 handshake modes
+  * Multiplexes hundreds of flows over single connection
+  * It has a long connection index (each side chooses its counterpart index).
+  * ^^ allows reuse connection independently underlying protocol (ie IP changes when moving WiFi to 5G)

dokucama

User Tools

Site Tools

Differences

Page Tools