Question ? TCP/IP and ACL

Please answer my question and correct me if I am wrong

What I understand is Transmission Control Protocol ( TCP ) does the following
Error recovery
Flow control
segmentation
Multiplexing
etc

TCP accomplish these functions through mechnasim at the endpoint computers. TCP relies on IP for end-to-end delivery of data.

When data Packets are sent to other networks, IP header AND Transmision layer protocol header ( TCP or UDP ) are sent with in this IP packet because of encapsulation. TCP/ UDP not only sends its header with every IP Packet but also stays at the end point for other funcitons like Segmentation or multiplexing or Error recovery

So it means every IP Packet which routes around has TCP or UDP header as well as their source and destination port regardless type of application.

For example when we say that FTP is using TCP it means every IP Packet would have TCP header as well and if we use TFTP every IP Packet Would have UDP header.

When we use TCP or UDP We specifically say in ACL commands that TCP or UDP for application to permit or deny packets for FTP or TFTP. Why we do that because every IP Packet have TCP or UDP header and source/ destination ports any way?.

Secondly, since Protocol field in IP Packets have other protocols as well apart from TCP , UDP
will ip packet still have tcp or udp header and their source and destination ports ?

I dont know if I have made a point here or not but every reply would help

Find more posts tagged with

Comments

gojericho0

Manglian wrote:

When we use TCP or UDP We specifically say in ACL commands that TCP or UDP for application to permit or deny packets for FTP or TFTP. Why we do that because every IP Packet have TCP or UDP header and source/ destination ports any way?.

Its done to specify which transport protocol and application to permit or deny

Manglian wrote:

Secondly, since Protocol field in IP Packets have other protocols as well apart from TCP , UDP
will ip packet still have tcp or udp header and their source and destination ports ?

Nope, for example IP will encapsulate ICMP or GRE. These applications replace TCP or UDP information

Manglian

Thanks for your reply , but in Case of ICMP where is TCP/IP encapsulation which says every frame at that data link layer will have Transport layer header and IP header. Because When we say TCP OR UDP are required to do segmentation as well. HOW DIFFERENT ICMP PACKET WILL BE SEQUECED AND NUMBERED WHEN THEY REACH AT DESTINAMTJION ? WITHOUT TCP OR IF WE DONT SEQ OR NUM HOW WILL THE MESSAGE WILL BE CONSTRUCTED ON OTHER ENDPOINT

Thanks

remyforbes777

Its done to specify which type of traffic you want to allow or deny based on port number. If you didn't specify that it would deny all the traffic from that host. Not every packet has a udp or tcp header. You can block layer three level traffic as well.

gojericho0

Manglian wrote:

Thanks for your reply , but in Case of ICMP where is TCP/IP encapsulation which says every frame at that data link layer will have Transport layer header and IP header. Because When we say TCP OR UDP are required to do segmentation as well. HOW DIFFERENT ICMP PACKET WILL BE SEQUECED AND NUMBERED WHEN THEY REACH AT DESTINAMTJION ? WITHOUT TCP OR IF WE DONT SEQ OR NUM HOW WILL THE MESSAGE WILL BE CONSTRUCTED ON OTHER ENDPOINT

Thanks

ICMP is not part of the TCP/IP suite. Not everything will use TCP or UDP

remyforbes777

gojericho0 wrote:

Manglian wrote:

Thanks for your reply , but in Case of ICMP where is TCP/IP encapsulation which says every frame at that data link layer will have Transport layer header and IP header. Because When we say TCP OR UDP are required to do segmentation as well. HOW DIFFERENT ICMP PACKET WILL BE SEQUECED AND NUMBERED WHEN THEY REACH AT DESTINAMTJION ? WITHOUT TCP OR IF WE DONT SEQ OR NUM HOW WILL THE MESSAGE WILL BE CONSTRUCTED ON OTHER ENDPOINT

Thanks

ICMP is not part of the TCP/IP suite. Not everything will use TCP or UDP

Its part of the Internet Protocol (IP) suite.