Amazon AWS Certified Advanced Networking Specialty – Networking & AWS Primer Part 2

  • By
  • January 16, 2023
0 Comment

4. Understanding Transmission Control Protocol

Hey everyone, and welcome back to the KP Labs course. So in today’s lecture, we’ll go into a very high level overview about the TCP protocol. So, TCP is one of the very, very important protocols that everyone should be knowing. So let’s go ahead and discuss the TCP protocol with a very simple use case understanding standing. So generally whenever we want to communicate with someone so when you chat in WhatsApp or maybe Facebook, you begin with something like hello or hi, something like that, right? Some people are quite rude.

They would just directly tell the message without hello or hi. But ideally, in most of the cases, you idly generally begin the conversation with a formal hello. So same thing applies at the end of the communication where you say by and the communication completes. So very similar to that, TCP protocol also follows a similar approach. So in TCP protocol, there is a three way handshake that takes place before the communication is established between two entities. So on the left hand side you have a client, which is a laptop and on the right hand side you have the server. Now, before client and server can talk about business like talk, they have this formal three way handshake like hey, hello. And once this three way handshake completes, then the real data begins to flow.

So this handshake begins during the communication initiation as well as when the connection has to be closed. So, similar to what we were discussing, like during the initiation of the communication, it begins with hello or a high and when the communication maybe you want to close, you say by and the communication gets closed.

So, very similar to this, TCP protocol also follows. So why TCP protocol at the first place? Now many people will ask like, okay, you are explaining about the TCP protocol, so why is it used at the first place? Why should I be learning TCP protocol? So, TCP protocol allows two hosts, so two hosts can be two servers. It can be your mobile and a server, it can be mobile and your laptop. So, TCP protocol allows two hosts in a network to establish connection and exchange streams of data. So whenever you want to exchange data between two entities so these two entities can be any two entities in a network. So anytime you want to exchange a stream of data, you have to use TCP protocols.

So there are some different protocols as well, like UDP, but they are not very reliable. TCP is one of the most reliable protocols and generally, for most of the things that you use in the normal scenario, TCP protocol is used, like for example, you are downloading some song from the internet to your mobile. TCP protocol is used in the back end because when you want to download a song, there is an exchange of data that comes. So exchange of data means the data is exchanged from the server to your mobile phone. So that exchange of data is taking place with the help of TCP protocol. So TCP protocol does a lot of things other than just simply exchange of data. It is much more advanced. Like for example, it guarantees the delivery of data and it also guarantees that the packet will be delivered in the same order which they were sent.

So we’ll be discussing more about this in later detail. But I hope you understood that whenever two entities within the network wants to communicate, TCP protocol is one of the most reliable protocol which is used for such exchange. So with this said, let’s go ahead and understand this three way handshake that we were discussing and how exactly it might really look like. So you have this TCP three way handshake. On the left hand side you have your laptop, and on the right hand side you have the server. So now the laptop wants to initiate the connection with the server. So you can assume this to be Google server. So when you type Google. com in your browser, the TCP three way handshake happens behind the scenes before the Google. com Page opens. So let’s look into how that would really work. So the first thing, the client wants to communicate to the server. So the client will initiate the communication. So the first part of the TCP three way handshake will begin with the entity which wants to communicate. So what this would really mean, so the client would ask the server, or it would send a synth packet, SYNT packet. Basically you can assume like, hey, can we have a talk? So it is asking the server whether the communication can be possible or not.

Now, at this stage, server can either say yes or it can either say no. It really depends upon the configuration. So if the server says yes, then in this case you see short.

Let’s do. So this means the server has said yes for the connection to get initiated. And this packet is called as the sync. So you have a sin over here, you have a synagogue. And the last packet which the client will send upon the receiving of this synac is call it the act. And that means awesome, let’s discuss. So once this three way handshake, so this is the first, this is the second, and this is the third. So once this TCP three way handshake occurs, then the data communication can happen. So whenever you open Google. com, after this three way handshake occurs, then only the data communication will happen. Otherwise you will not see the Google. com Page if the three way handshake has not completed. Perfect. So let’s do one thing. Let’s go into the practical session and let’s look into how exactly it would really look like. These things are really interesting. Perfect. So I have my Kali Linux here. So what I’ll do, I’ll start up my Wireshark so that we can begin our packet capture. So for the Et zero interface. Currently there is no traffic other than maybe ARP protocols.

So before I begin, I’ll just type the command. Let me type the command in the browser so that it will become much more related. So you see, as soon as you open the browser, the connection began to flow because these websites are initiating the communication. Perfect. So now let’s do one thing. Let’s start the wireshack packet capture. And let me put dexter Kplabs in and you see the website has opened, I’ll stop the packet capture and this is very similar. So when you type Google. com, the Google page opens. So here I have put dexter KP Labs in and a simple page has opened. So let’s look behind the scenes on what exactly has happened. So the very first thing, let me try to zoom in so that it will become much more clearer. So the very first thing that has happened is the standard query. So this is the DNS standard query. Now, the reason why this has happened is because I have put the domain as dexter Kplabs and we have already discussed this in the DNS lecture.

Now, the DNS server has given the response that this is the IP address associated with the dexter Kplabs in. So what has happened till now, let me show you, is that a client wants to communicate to this server which is called as the dexter Kplabs in. So before the communication can happen, the client would require the IP address of this server. So during the DNS phase, the client has received the IP address of this server, which can be Google or which can be KP Labs. Also, once it has received the IP address, then the client will go ahead and send the Syn packet. Server will go ahead and send the Sync, then act and then the data communication will begin. So let’s look that in our wireshack packet capture. So once the standard DNS response has been received, next packet that you will see is the Syn packet. So you will see this is the Sin packet. After that there is a Synch packet and after Synagogue packet there is an AK packet. Now, after this three way handshake has completed, then you have the Http protocol and you have a lot of images which were being sent.

You see KP Labs hyphen logo, dot PNG. So this actually is basically this logo that you see. This has been requested. So before the data transfer has taken place, so before this logo and all these things have taken place, there is a three way handshake that has been completed. So this is it. About this lecture, I just wanted to show you in a high level overview on what the TCP three way handshake is all about in a very high level. So if you go in detail, there are a lot of things that you can see. So this is the transmission control protocol. So there are a lot of things which are like sequence number, you have various flags, you have window size, and definitely you have various options related to the TCP protocol. So you will actually require an entire course for this. But since this is a very high level overview lecture, I hope you understood the basic on what the TCP protocol is all about. And even when you download a song in your mobile, the phone first thing that would happen is the sins intact act. Definitely before that there will be a DNS query and response. Then there will be a cincinnat act, and after that the song downloading will take place.

5. Understanding Maximum Transmission Unit

Hey everyone and welcome back to the KP Labs course. So in today’s lecture, we’ll be understanding about the maximum transmission unit in networking. So, maximum transmission unit is also referred as MTU, which is a very important configuration parameter, due to which sometimes if it is not properly configured, it leads to the packet loss as well as deep degraded networking performance. So let’s understand about maximum transmission unit with a simple use case. So in this simple use case, what we have is we want to send a courier which is basically a luggage from a location A to location B. Now we want to send it via the air. So we go to the Air post office and ask them to send it. Now, typically, if you want to send a specific luggage via air, the first thing that they’ll check is they’ll check the size of the luggage and also the weight, because commercial flights they do have restrictions related to the size and the weight of the luggage which you can send.

So if this seems to be all good, then you will be able to send it via the air. However, you cannot send the luggage which is very large in a normal commercial flight. So let’s assume that you want to send this entire car. So definitely they’ll ask you to use a train or a ship as a preferred shipping method. If you want to transport a car from a location A to a location B, or maybe even a big truck can transport car, or what they might ask you, they might ask you to disassemble this car into small, small pieces and then send it via the air and at the destination you can assemble it back. So this is a very simple use case. Now, a very similar analogy can be applied in the field of networking. So let’s assume that this is a client and this is the destination. Now you want to send a specific data. You want to send a specific data from a source to a destination. Now, similar to what analogy we have described, it really depends upon the size of data that you want to send. It’s not like you can send entire chunk of data together. That will not work. So since internet is all about routers, there are various intermediary routers. Whenever you want to send the data, it will go through these routers. And the size of data that you can send through these routers really is determined by a configuration value called as MTU.

So MTU denotes what is the maximum data that can be sent in a single network transaction frame. So generally, let’s assume that this routers are connected. So in this first router you have the MTU of 1500 bytes, and in second router also you have the MTU of 1500 bytes. So if you have a data of 3000 bytes, so you will not be able to send the entire data of 3000 bytes in a single chunk of frame. So what you’ll have to do, let’s assume that this is 3000 bytes of data. So since the maximum transmission unit is 1500 bytes, you cannot send the entire data together. So what you will have to do, you will have to divide the data into multiple chunks and then this individual chunks can be sent from that client to the destination. So what is the maximum chunk value is determined by the MTU value. So generally, as far as the internet is concerned, MTU of 1500 bytes is the standard which is followed across the internet.

So during the time when the Ethernet specifications were created by IEEE, the bandwidth of Ethernet was around ten megabit to a maximum of 100 megabit. So during the time the specifications were created, you did not really have a super fast Ethernet capacity and this is the reason why you had a standard MPU of 1500 bytes which was set and it is still followed. However, nowadays in today’s generation, you have extremely fast connections, so you have a ten gigabit network and for a ten gigabit network which is extremely fast, if you have the lesser empty you, that will create a performance issue. So let’s assume that you have a ten gigabit network and you are still not able to send 3000 bytes file in a single chunk. That is really a sad thing. And since MTU is of 1500 bytes, so even though if you have a ten gigabit and MTU is still of 1000 bytes, so you still have to convert or divide the data into the chunks of 1500 bytes and send. This is a really troublesome issue. So before we go further, let’s look into what I mean by this specific aspect. So, I am connected to the internet and let me try and do a pink. So along with the pink, what I’m doing is I’m trying to send the data of 1600 bytes. So as we have already discussed in internet, you have the MTU followed of 1500 bytes.

So if you try and send data which is higher or larger than 1500 bytes, it will not work. So let’s try that out. So here I am trying to send 1600 bytes of data to Kplabs in. So if I press Enter over here, so let me press Enter. You see, over here it is saying that packet needs to be fragmented. So this basically means that you have the data which is of 1600 bytes which cannot be sent. So it is asking that packet needs to be fragmented. So this data has to be divided into a smaller chunks before it could be sent. So instead of 1600 bytes, if I put 1200 bytes this time it should work perfectly because this is well in the range of maximum transmission unit followed in the internet. So let’s come back to our PowerPoint presentation. So I hope you understood what the MTU is all about. Now in today’s industry.

Specifically, when it comes to big data, you typically have to send a file size which are of like gigabytes or terabytes. And for a gigabyte file, if you convert them into 1500 bytes of chunks, it is really a big pain. There will be thousands, tens of thousands of packets and it will really cause a big slowdown. So, what is generally followed is that instead of 1500 bytes of data, which is set by Italy, if this is a private network. So by private network, I mean let’s assume you have a data center where both the router are within your own private network, then you can configure the MTU to be increased. So these are called as the jumbo frames. So jumbo frames are ethernet frames which are used in the network with at least one GPP link. So if this is entire private your own data center, then you can definitely increase the size of MDU to 9000 bytes. So instead of 1500 bytes of data, what now you can do is you can send 9000 bytes of data in a single chunk. So it’s like five times increase in capacity. And this is also called as a jumbo frame. So let me show you on how exactly it will really look like. So, I have a server, so this is a server in AWS and I have one more server in Digital Ocean.

So let me go ahead and zoom it a little bit. Let me so when you quickly do if configure so this is my 880 interface. And if you see over here within the 880 interface, I have the standard MTU size of 1500 bytes, which has been set. However, in AWS within the VPC, if you want to transfer between two servers, you can actually do it. So, let’s take an example. Let me open a file. So I have an AWS VPC and within the AWS VPC I have a server one and I have a server two. Now, since AWS VPC is a single network, so again, we are speaking about this. So you have the server one year, you have a server two and you have the router and all of them are within the same network. In this case, you can set the jumbo frames. Now, what AWS does is AWS has the MTU size of 9000 bytes.

So if you try and ping one more server so you have a ping, let’s take the size of 5000 bytes to one more server. So this is one more server within my AWS VPC. If I do this ping, you see it is working perfectly. Why it is working perfectly even though if my size, my byte size is 5000 is because on the routers of the AWS site, within the internal network, they have the MTU size of 9000 bytes. And this is the reason why it works perfectly between the two entities in the same VPC. Okay? And now if I do a quick if configure. Here you will see that the MTU is much more higher. So let me just quickly refresh the screen and let’s run this command again. You see the MTU sizes of 9000 bytes.

So this is the reason why it is very important that you have the correct MTU size. So if you are in the internal network and if you have a connection which is faster than a gigabyte, then setting up the right MTU size also for jumbo frames is much more better, and it will increase the performance if you’re sending large chunks of data between them. So this is it about what MTU is all about. I hope in a high level overview, you understood what MTU is all about. And jumbo frames are basically the frames which are larger than 1500 bytes, which is accepted over the Internet. Now, one thing that I wanted to show you is that if you try to send the same data to the server, which is outside of the AWS VPC, it will be fragmented. So this 8000 bytes or this 5000 bytes will automatically be fragmented to 1500 bytes, which is the MTU standard which is set on the Internet. And this is automatically done by AWS. You don’t really have to worry much.

6. Maximum Segment Size in TCP protocol

Hey everyone, and welcome back to the KP Labs course. So in today’s lecture, we’ll be discussing about the maximum segment size in the TCP protocol. So we have been discussing about the maximum transmission unit. So let’s just quickly revise. MTU is more related to the maximum size of the IP packet that can be sent over a single transaction. So so, MTU is basically generally set on the router ends, and this is the size or maximum size of the IP packet. So what do I mean by IP packet? So, if you must have remembered the diagram where you have the data which is generated by the application. Now, this data is appended by the transport layer protocol, it can be UDP or TCP, and then it is appended by the IP header. So the MTU is the maximum size of this particular packet, which contains IP plus TCP.

So till here, this is the MTU. However, on the data link layer, there is also an Ethernet header which gets added. However, that Ethernet header is not part of the MTU size. Just remember that. So, if the MTU is of 1500 bytes, so let’s go ahead and understand what maximum segment size is all about. So if the MTU is of 1500 bytes, it does not mean that we can send 1500 bytes of TCP data. So let’s assume that the MTU is of 1500 bytes. So if the application creates the data whose size is 1500 bytes, that will not work, okay? Because further down the protocol, there will be certain IP headers, there will be certain TCP headers which will get added, and the overall size will be much more higher. So let’s assume, if the application is generating a data worth of 1500 bytes, and then you have the TCP or UDP header of 20 bytes, plus the IP header of 20 bytes, that becomes 1540 bytes, so it exceeds the MTU.

So that will not work. So, maximum segment size is basically the maximum size of the data which the application can generate or receive. So this particular data is basically the maximum segment size. So maximum segment size is calculated with the following formula, which is MTU minus the size of the TCP header, minus the size of the IP header. So if if you have, if you remove the IP header over here, you will get the data plus the UDP header or the TCP header. If you subtract this UDP or the TCP header, you will get the plane data, and this plain data is called as the maximum segment size. So in the generic scenario, maximum segment size, which has been advertised, by the client is MTU -20 which is the generic TCP header size, -20 bytes, which is the size of the IP header.

So let’s calculate, you have 1500 as the MTU. You subtract 20 bytes of the TCP header, you subtract 20 bytes of the IP header, that becomes 1460 bytes. As the MSS just remember, this value will look into it when you go into the wiretap packet capture. So let’s go back to the next slide. So, how MSS is calculated is something that we’ll see. So during the TCP three way handshake, MSS is defined by both end communication. So when the TCP three way handshake occurs, you have seen synagogue at. So both the client and the server will advertise what is the MSS value that they would like for. So let’s do one thing, let me open up the wire shock and let’s look into how exactly it really looks like. So I’ll capture the WiFi frame and I simply do a curl. So now this curl have returned me the value. So there is a TCP three way handshake that must have occurred. So let’s find that TCP three way handshake and this is the TCP three way handshake in the frame 21 and in the frame 22. So, as we had already discussed, when the client sends the sin to the server within the TCP protocol, it would advertise the MSS value. So remember, the MSS value that we had calculated over here, ideally it should be 1460. So if you open up the TCP, if you go into the options fee, you see the maximum segment size is 1460.

Now, same thing, similar thing would have been written from the server to the client. Now, if you look into the maximum segment size, it is a 1460 bytes. So this is how the maximum segment size, which is basically the size of the data is calculated. Now, along with that, let’s look into the maximum segment size of the network which has the jumbo frames enabled. So I have this packet capture, I’ll upload it in the internet. So, if you will see over here within the sin packet. So this is the AWS where the jumbo frames are enabled and the MDU is of 9000 bytes. So if you look into the TCP, you see the maximum segment size seems to be of 1460. I think we took the wrong BCAP capture, so this was the right one. So, if you look into the TCP, the maximum segment size is of 8961 bytes. Now, same is advertised by the so this is the source where the MSS is of 8961 and this is the server, the synagogue packet, where the maximum is of 8961. So just remember, depending upon whether the network has the jumbo frames or whether the network has the standard MTO of 1500, the MSS is calculated accordingly. So, this is it. About this lecture, I hope you understood what the maximum segment size was all about and I look forward to seeing you in the next lecture.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img