COMPLETE CN FOR GATE, Study notes of Computer Networks

These notes are the summarized from the book by Behrouz A. Forouzan. These notes cover almost each and every topic in CN for GATE

Typology: Study notes

2021/2022

Uploaded on 04/25/2026

ankit-kumar-pandey
ankit-kumar-pandey 🇮🇳

1 document

1 / 25

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
DIAT M.Tech 2026 | Computer Networks — Chapters 3, 5, 13, 14, 17-18, 23-25 Page 1
Cyber Security · AI · Data Science | Prepared for DIAT M.Tech Entrance Exam 2026
DIAT M.Tech Entrance Exam
Computer Networks — Complete Notes
Chapters 3 · 5 · 13 · 14 · 17–19 · 23–25 | Physical Layer · Modulation · LANs · Wireless · IP ·
TCP/UDP
Cyber Security AI Data Science
Coverage: This document covers the 5 high-priority missing chapters identified for DIAT 2026
Self-Sponsored M.Tech entrance — Physical Layer signals & capacity (Ch 3), Analog Modulation (Ch 5),
Wired LANs / Ethernet (Ch 13), Wireless LANs & Cellular (Ch 14), IP Addressing & Subnetting (Ch
17–18), and TCP/UDP Transport layer (Ch 23–25). Use alongside the Ch 1, 2, 4, 7, 11, 12 notes for
complete coverage.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19

Partial preview of the text

Download COMPLETE CN FOR GATE and more Study notes Computer Networks in PDF only on Docsity!

DIAT M.Tech Entrance Exam

Computer Networks — Complete Notes

Chapters 3 · 5 · 13 · 14 · 17–19 · 23–25 | Physical Layer · Modulation · LANs · Wireless · IP ·

TCP/UDP

Cyber Security AI Data Science

Coverage: This document covers the 5 high-priority missing chapters identified for DIAT 2026 Self-Sponsored M.Tech entrance — Physical Layer signals & capacity (Ch 3), Analog Modulation (Ch 5), Wired LANs / Ethernet (Ch 13), Wireless LANs & Cellular (Ch 14), IP Addressing & Subnetting (Ch 17–18), and TCP/UDP Transport layer (Ch 23–25). Use alongside the Ch 1, 2, 4, 7, 11, 12 notes for complete coverage.

CHAPTER 3: Physical Layer

Signals · Bandwidth · Nyquist Theorem · Shannon Capacity

3.1 Analog vs Digital Signals

A signal is a function that represents the variation of a physical quantity over time to convey information. All

transmission on a network ultimately reduces to signals on a medium.

Signals are either analog (continuous, infinite values between any two points) or digital (discrete, finite levels —

typically two: 0 and 1).

Property Analog Signal Digital Signal Values Continuous (infinite levels) Discrete (finite levels, usually 2) Shape Smooth sine-like curves Square wave (staircase) Example Human voice, AM/FM radio Computer data, Ethernet frames Noise sensitivity Very sensitive — noise corrupts signal value

More robust — only need to distinguish 0 from 1 Attenuation effect Distorts signal shape Can regenerate perfectly with repeaters

3.1.1 Periodic Signals and Sine Wave Parameters

A periodic signal completes a pattern within a measurable time frame and repeats that pattern over subsequent

identical periods. A sine wave is the most fundamental periodic analog signal and is described by three parameters:

  • Peak Amplitude (A) — Maximum strength of signal (volts). Proportional to energy carried.
  • Frequency (f) — Number of complete cycles per second. Unit: Hz (Hertz). Relationship: f = 1/T where T is the

period in seconds.

  • Phase ( φ ) — Position of waveform relative to time zero. Measured in degrees or radians. A 360° phase shift =

identical waveform (full cycle).

f = 1/T | T = 1/f | Wavelength λ = c/f (c = 3×10^8 m/s in free space)

Signal power ∝ A^2 | Phase shift of 180° inverts the signal

n EXAM TIP: Frequency and period are exact reciprocals. If f = 100 Hz then T = 0.01 s = 10 ms. Wavelength λ = c/f — higher frequency = shorter wavelength. Microwave at 10 GHz: λ = 3×10^8 /10^10 = 3 cm. These are direct calculation MCQs.

3.1.2 Composite Signals and Fourier Analysis

A composite signal is made up of multiple simple sine waves of different frequencies, amplitudes, and phases. By

Fourier analysis, ANY periodic signal can be decomposed into a set of sine waves. This is fundamental to

understanding bandwidth.

A digital signal (square wave) in theory contains an infinite number of sine wave components (harmonics). To faithfully

reproduce a digital signal, you need a medium with sufficient bandwidth to carry all significant harmonics.

3.2 Bandwidth

The term bandwidth has two related but distinct meanings in networking:

3.5 Throughput, Latency, and Bandwidth-Delay Product

Beyond raw bandwidth, two other performance metrics are critical for network design:

  • Throughput — Actual measured data transfer rate in practice. Always ≤ bandwidth (limited by network congestion,

protocol overhead, errors).

  • Latency (Delay) — Total time from first bit sent to last bit received. Components: Propagation delay + Transmission

delay + Queuing delay + Processing delay.

Propagation delay = Distance / Propagation speed

Transmission delay = Message size (bits) / Bandwidth (bps)

Bandwidth-Delay Product (BDP) = Bandwidth × Propagation delay [unit: bits]

BDP = number of bits 'in flight' in the pipe at any moment

n EXAM TIP: BDP tells you how many bits can be 'in the pipe' simultaneously. A 1 Gbps link with 10ms propagation delay: BDP = 10^9 × 0.01 = 10^7 = 10 Mb in transit. This is why TCP needs large windows for high-BDP links — 'fat pipes'.

Chapter 3 — Quick Revision Checklist n Analog = continuous; Digital = discrete. Digital more noise-resistant. n Sine wave: 3 parameters — Amplitude (A), Frequency (f), Phase (φ). f = 1/T. n Composite signals = sum of sine waves (Fourier). Digital signals have infinite harmonics. n Analog bandwidth = frequency range (Hz). Digital bandwidth = bit rate (bps). n Nyquist (noiseless): Max rate = 2 × B × logn(L). Binary (L=2): rate = 2B. n Shannon (noisy): C = B × logn(1 + SNR). Absolute ceiling — cannot be exceeded. n SNR(dB) = 10 × lognn(SNR). Convert dB→linear before using Shannon. n Latency = Propagation + Transmission + Queuing + Processing delay. n BDP = Bandwidth × Propagation delay = bits in flight in the pipe.

CHAPTER 5: Analog Transmission — Digital-to-Analog Modulation

ASK · FSK · PSK · QAM | Bandwidth Calculations

5.1 Why Modulation?

A digital signal (square wave) has very wide bandwidth and cannot be transmitted directly over many media (telephone

lines, radio channels) without modification. Modulation converts a digital bitstream into an analog signal by varying

one of the parameters of a carrier wave (a high-frequency sine wave) in accordance with the digital data.

The carrier wave: s(t) = A × sin(2πft + φ). Modulation changes A, f, or φ to encode data.

5.2 Amplitude Shift Keying (ASK)

In ASK , the amplitude of the carrier is changed to represent digital data while frequency and phase remain constant.

Binary ASK (BASK / OOK): two amplitudes — one for bit 1, one (often 0) for bit 0.

ASK Bandwidth = (1 + d) × Baud Rate where d = modulation factor (0 ≤ d ≤ 1)

Minimum bandwidth (d=0): B = Baud Rate = Bit Rate / log 2 (L)

Example: 4-ASK (4 levels), 2000 baud → Bit rate = 4000 bps, B(min) = 2000 Hz

  • Advantages: Simple to implement, low bandwidth.
  • Disadvantages: Very susceptible to noise (noise changes amplitude). Poor performance.
  • Application: Fiber-optic transmission (light on = 1, off = 0). Infrared remotes. n EXAM TIP: ASK is the LEAST noise-resistant modulation because noise directly affects amplitude. It IS used in fiber optics because fiber has very low noise. OOK (On-Off Keying) = special case of ASK where one amplitude = 0.

5.3 Frequency Shift Keying (FSK)

In FSK , the frequency of the carrier changes to represent digital data. Amplitude and phase remain constant. Binary

FSK (BFSK): two carrier frequencies f1 (bit 1) and f2 (bit 0).

BFSK Bandwidth = (1 + d) × Baud Rate + (fc1 − fc2)

Minimum BFSK bandwidth = Baud Rate + |f 1 − f 2 |

Example: f1=1200Hz, f2=2200Hz, 1000 baud → B = 1000 + 1000 = 2000 Hz (min)

  • Advantages: Less susceptible to noise than ASK (noise rarely changes frequency).
  • Disadvantages: Larger bandwidth required than ASK.
  • Application: Early modems (300 bps Hayes), amateur radio, Caller ID. n EXAM TIP: FSK bandwidth = ASK bandwidth PLUS the gap between the two carrier frequencies. Higher frequency separation = better noise immunity but MORE bandwidth used. Multilevel FSK: each symbol uses a different frequencymore bits per baud.

Method What Changes Noise Resistance Bandwidth Efficiency Key Use ASK Amplitude Lowest (noise = amplitude change)

Low Fiber-optic, IrDA

FSK Frequency Medium (noise ≠ frequency) Low-Medium (wider B needed)

Old modems, radio

PSK/QPS K

Phase High High (more bits per baud)

WiFi, CDMA, satellite QAM Amp + Phase Highest (needs best SNR) Highest Cable, LTE, WiFi 802.11n/ac/ax

Chapter 5 — Quick Revision Checklist n Modulation = varies carrier (A, f, or φ) to encode digital data for analog transmission. n ASK: changes Amplitude. Lowest noise resistance. Used in fiber-optic. n FSK: changes Frequency. B = Baud + |f1−f2|. Used in old modems/radio. n PSK: changes Phase. More noise-resistant than ASK. Same bandwidth as ASK. n QPSK: 4 phases, 2 bits/symbol. Halves baud rate. Most widely deployed PSK. n QAM: changes both Amplitude AND Phase. Highest efficiency. Used in WiFi, LTE, cable. n 256-QAM: 8 bits/symbol. Needs best SNR. Used in modern WiFi and cable. n All: Min Bandwidth = Baud Rate = Bit Rate / logn(L). More levels → fewer baud → less B.

CHAPTER 13: Wired LANs — Ethernet

IEEE 802.3 · Frames · MAC · Fast/Gigabit/10G Ethernet · Switches

13.1 IEEE Standards and Project 802

The IEEE 802 project defines standards for LANs and MANs. It splits the Data Link layer into two sublayers: LLC

(Logical Link Control) — IEEE 802.2, handles flow and error control, and MAC (Medium Access Control) —

handles access to the shared medium (CSMA/CD for Ethernet).

Ethernet is defined by IEEE 802.3. It is the dominant wired LAN technology worldwide.

IEEE Standard Technology 802.2 Logical Link Control (LLC) 802.3 Ethernet (CSMA/CD) 802.4 Token Bus (legacy) 802.5 Token Ring (legacy) 802.11 Wireless LAN (WiFi) 802.15 Bluetooth / WPAN 802.16 WiMAX

13.2 Standard Ethernet (10 Mbps) — IEEE 802.

13.2.1 Ethernet Frame Format

The Ethernet frame is the fundamental unit of data in a LAN. It has a fixed header structure:

Field Size Description Preamble 7 bytes 10101010... alternating bits for clock synchronization SFD (Start Frame Delimiter)

1 byte 10101011 — signals start of frame

Destination Address (DA) 6 bytes MAC address of recipient Source Address (SA) 6 bytes MAC address of sender Length/Type 2 bytes Length (≤1500) or EtherType (≥1536, e.g., 0x0800=IPv4) Data (Payload) 46– bytes

Upper-layer PDU (IP packet). Min 46 bytes (padding if needed)

CRC (FCS) 4 bytes 32-bit CRC for error detection

Minimum frame size = 64 bytes (512 bits) | Maximum frame size = 1518 bytes

Minimum payload = 46 bytes (padded if IP packet < 46 bytes)

Maximum payload (MTU) = 1500 bytes

Feature Hub (L1) Switch (L2) Router (L3) OSI Layer Physical (Layer 1) Data Link (Layer 2) Network (Layer 3) Intelligence None — dumb repeater Learns MAC addresses Reads IP addresses Forwarding basis Repeats to ALL ports Forwards to specific port Routes to next-hop IP Collision domain One shared domain Each port = own domain Separate network Broadcast domain One shared domain One shared domain Separate per interface Bandwidth sharing Shared among all Dedicated per port Routed CSMA/CD needed? YES (shared medium) NO (full-duplex per port) NO

  • Switch operation: Learns MAC addresses by observing source addresses of incoming frames. Builds a MAC

address table (CAM table). Forwards frames only to the correct port. Unknown destinations → flood to all ports.

  • Cut-through switching: Starts forwarding as soon as destination MAC is read (after 14 bytes). Lower latency but

may forward corrupted frames.

  • Store-and-forward switching: Receives entire frame, checks CRC, then forwards. Higher latency but filters bad

frames. Most common today.

n EXAM TIP: Switches eliminate collision domains (each port = separate collision domain). But switches do NOT break broadcast domains — a broadcast (FF:FF:FF:FF:FF:FF) is flooded to all ports. Only ROUTERS break broadcast domains. For Cyber Security: MAC flooding attack fills switch CAM tableswitch degrades to hubattacker can sniff all traffic.

13.5 VLANs — Virtual LANs

A VLAN logically partitions a single physical switch into multiple virtual switches, creating separate broadcast domains

without needing separate physical switches. VLAN membership is configured on the switch and identified by a VLAN

ID (1–4094).

  • 802.1Q VLAN tagging: Adds a 4-byte tag to the Ethernet frame between SA and Type fields. Tag contains VLAN ID

(12 bits, 0–4095). Allows VLANs to span multiple switches (trunk links).

  • Access port: Carries traffic for exactly one VLAN (untagged). Connected to end devices.
  • Trunk port: Carries traffic for multiple VLANs (tagged with 802.1Q). Between switches/routers.
  • Security benefit: VLANs isolate traffic — a device in VLAN 10 cannot directly communicate with VLAN 20 without

passing through a router (Layer 3 device). Limits broadcast storms and provides security segmentation.

Chapter 13 — Quick Revision Checklist n IEEE 802 splits DL layer: LLC (802.2) + MAC (802.3=Ethernet, 802.11=WiFi). n Ethernet frame: Preamble(7B)+SFD(1B)+DA(6B)+SA(6B)+Type(2B)+Data(46-1500B)+CRC(4B). n Min frame=64 bytes (512 bits). Max frame=1518 bytes. MTU=1500 bytes. n MAC address: 6 bytes (48 bits). Unicast/Multicast/Broadcast. OUI=first 3 bytes. n 10Base-T: 10Mbps, Cat3, 100m. 100Base-TX: 100Mbps, Cat5. 1000Base-T: 1Gbps, Cat5E. n Hub=L1 (floods all), Switch=L2 (MAC table, per-port), Router=L3 (IP routing). n Switch: each port = own collision domain. BUT same broadcast domain. n Router: separates broadcast domains. VLAN also separates broadcast domains on switch. n 802.1Q VLAN tag: 4 bytes, 12-bit VLAN ID. Trunk port carries tagged multi-VLAN traffic.

n MAC flooding → CAM table overflow → switch acts like hub (security attack).

Security Protocol Year Encryption Authentication Status / Vulnerability WEP (Wired Equivalent Privacy)

1997 RC4 (40/104-bit key) Shared key BROKEN — cracked in minutes. Do not use. WPA (WiFi Protected Access)

2003 TKIP (RC4-based) PSK or 802.1X Improved over WEP but TKIP has weaknesses. WPA2 (802.11i) 2004 AES-CCMP (128-bit) PSK or 802.1X Current standard. Secure if strong password. WPA3 2018 AES-GCMP (192/256-bit)

SAE (Dragonfly) Latest standard. Protects against offline dictionary attacks. n EXAM TIP: WEP is completely broken — uses a 24-bit IV (Initialization Vector) that repeats frequently, allowing key recovery. WPA2 with AES is the minimum acceptable security today. WPA3 uses SAE (Simultaneous Authentication of Equals) which prevents offline dictionary attacks even if the password is weak — critical Cyber Security MCQ topic.

14.4 Bluetooth (IEEE 802.15)

Bluetooth is a short-range wireless technology for personal area networks (PANs). Defined by IEEE 802.15.1. Uses

2.4 GHz ISM band with FHSS (Frequency Hopping Spread Spectrum) — hops 1600 times/second across 79 channels

to avoid interference.

Parameter Value Frequency 2.4 GHz ISM band Range Class 1: 100m, Class 2: 10m, Class 3: 1m Max data rate Bluetooth 1.x: 1 Mbps, BT 2.0+EDR: 3 Mbps, BT 3.0: 24 Mbps, BT 5.x: 50 Mbps Topology Piconet: 1 master + up to 7 active slaves (255 parked) Spread spectrum FHSS — 1600 hops/second across 79 channels IEEE standard 802.15.

14.5 Cellular Networks — Generations

Cellular networks divide geographic areas into cells, each served by a base station. Frequencies are reused in

non-adjacent cells (frequency reuse). Handoff/handover occurs when a mobile moves between cells.

Generati on

Era Standard Technology Max Data Rate Key Feature

1G 1980s AMPS (N. America)

Analog FDMA N/A (voice only) First cellular, analog voice

2G 1990s GSM (global), CDMA

Digital TDMA/CDMA

9.6–14.4 kbps Digital voice, SMS; GPRS=2.5G (171 kbps) 2.5G Late 1990s

GPRS, EDGE Packet-switched overlay

384 kbps (EDGE) Data over GSM

3G 2000s UMTS/WCDMA, CDMA

Wideband CDMA 2–42 Mbps Mobile internet; HSPA+ = 3.5G

Generati on

Era Standard Technology Max Data Rate Key Feature

4G 2010s LTE, LTE-Advanced

OFDMA + MIMO 100 Mbps–1 Gbps All-IP, high-speed data; VoLTE for voice 5G 2020s NR (New Radio) mmWave + OFDMA + massive MIMO

10–20 Gbps Ultra-low latency (<1ms), IoT, network slicing

n EXAM TIP: 1G=Analog. 2G=Digital voice (GSM uses TDMA; CDMA uses code division). 3G=CDMA-based (WCDMA/UMTS). 4G=OFDMA (completely different from CDMA). 5G=mmWave (very high freq, short range) + sub-6GHz + massive MIMO. GSM uses SIM cards. CDMA phones bound to carrier. LTE = Long Term Evolution.

Chapter 14 — Quick Revision Checklist n WiFi: BSS (with AP) vs IBSS (ad hoc). ESS = multiple BSSs on same DS. n 802.11b=11Mbps, 802.11a/g=54Mbps, 802.11n=600Mbps (MIMO, WiFi 4). n 802.11ac=WiFi 5 (5GHz, MU-MIMO, 256-QAM). 802.11ax=WiFi 6 (OFDMA, 1024-QAM). n WiFi uses CSMA/CA (not CD). ACK required for every frame. n WEP=broken(RC4+24-bit IV). WPA2=AES-CCMP (current). WPA3=SAE (latest). n Bluetooth: 2.4GHz, FHSS, piconet (1 master + 7 slaves), IEEE 802.15. n 1G=Analog FDMA. 2G=Digital (GSM/TDMA). 3G=WCDMA. 4G=LTE/OFDMA. 5G=mmWave+NR. n Handoff = moving between cells. Frequency reuse = same freq in non-adjacent cells.

CIDR Subnet Mask Host Bits Hosts/Subnet Common Use /8 255.0.0.0 24 16,777,214 Class A (legacy) /16 255.255.0.0 16 65,534 Class B (legacy) /24 255.255.255.0 8 254 Most common small network /25 255.255.255.128 7 126 Half of / /26 255.255.255.192 6 62 Quarter of / /27 255.255.255.224 5 30 1/8 of / /28 255.255.255.240 4 14 Small segment /29 255.255.255.248 3 6 Point-to-point with spares /30 255.255.255.252 2 2 Point-to-point links (2 hosts) /31 255.255.255.254 1 0 (special) P2P per RFC 3021 /32 255.255.255.255 0 0 (1 host) Host route / loopback

17.3.2 Subnetting — Step-by-Step Method

Example: Subnet 192.168.10.0/24 into subnets of at least 30 hosts each.

  • Step 1 — Find host bits needed: 30 hosts → need h such that 2^h− 2 ≥ 30 → h=5 (2^5−2=30 3 ). So new prefix =
  • Step 2 — Subnet mask: /27 = 255.255.255.224. Block size = 256−224 = 32.
  • Step 3 — List subnets: Subnets at intervals of 32: .0, .32, .64, .96, .128, .160, .192, .224 (8 subnets).
  • Step 4 — For each subnet (e.g., .32): Network=192.168.10.32, Broadcast=192.168.10.63, Hosts=192.168.10.33 to

.62 (30 usable hosts).

n EXAM TIP: BLOCK SIZE = 256last octet of subnet mask. Subnets start at multiples of block size. Quick check: host bits hhosts = 2^h2. /27h=530 hosts. For VLSM (Variable Length Subnet Masking): assign largest subnets first, then smaller ones. This is the most common calculation question in DIAT entrance.

17.4 Special IP Addresses

Address / Range Purpose 0.0.0.0/8 This network (unspecified). Used by DHCP before IP assignment. 127.0.0.0/8 Loopback. 127.0.0.1 = localhost. Never routed. 10.0.0.0/8 Private (RFC 1918). Not routed on internet. 172.16.0.0/12 Private (RFC 1918). 172.16.x.x to 172.31.x.x. 192.168.0.0/16 Private (RFC 1918). Most common home/office network. 169.254.0.0/16 Link-local (APIPA). Auto-assigned when DHCP fails. Not routed. 224.0.0.0/4 Multicast (Class D). 224.0.0.1=all hosts, 224.0.0.2=all routers. 255.255.255.255 Limited broadcast. Sent to all hosts on local segment.

n EXAM TIP: Private RFC 1918 ranges: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16. These are NOT routed on the internet — NAT translates them. APIPA (169.254.x.x) = Windows auto-assigns when DHCP server unreachable. If you see 169.254.x.x, the device has no DHCP connectivity — a diagnostic clue.

17.5 NAT — Network Address Translation

NAT allows multiple devices with private IP addresses to share one (or a few) public IP addresses. The NAT router

maintains a translation table mapping internal (private IP:port) to external (public IP:port).

NAT Type Description Static NAT One private IP → one public IP (permanent 1:1 mapping). For servers. Dynamic NAT Pool of public IPs shared among private hosts. First-come first-served. PAT / NAT Overload Many private IPs → ONE public IP, distinguished by port numbers. Most common (home routers). n EXAM TIP: PAT (Port Address Translation) = NAT Overload = the type used in home routers. A single public IP can serve thousands of private hosts by using different port numbers. NAT breaks end-to-end connectivity — problematic for P2P, VoIP, gaming (NAT traversal needed). NAT also provides a degree of security (hides internal structure) but is NOT a firewall.

17.6 IPv6 — Brief Overview

IPv6 was designed to solve IPv4 address exhaustion. Key differences:

Feature IPv4 IPv Address size 32 bits (4 bytes) 128 bits (16 bytes) Address space ~4.3 billion ~3.4 × 10^ Notation Dotted decimal: 192.168.1.1 Colon hex: 2001:0db8:85a3::8a2e:0370: Header size Variable (20–60 bytes) Fixed 40 bytes (simpler processing) Fragmentation By routers and hosts By source host ONLY (no router fragmentation) Checksum Header checksum present No header checksum (left to upper layers) Broadcast Has broadcast No broadcast — uses multicast + anycast ARP Uses ARP (IPv4) Uses NDP (Neighbor Discovery Protocol) Configuration Manual or DHCP SLAAC (Stateless Auto-config) or DHCPv IPsec Optional Built-in (mandatory in original spec, now optional in practice)

CHAPTER 23–25: Transport Layer — TCP & UDP

Port Numbers · UDP · TCP · Three-Way Handshake · Flow Control · Congestion Control

23.1 Transport Layer Overview

The transport layer provides process-to-process (end-to-end) communication. While the network layer delivers

packets between hosts (host-to-host), the transport layer identifies which application process on that host should

receive the data — using port numbers.

A socket = IP address + Port number. A unique communication channel = (source IP, source port, dest IP, dest port,

protocol). This 5-tuple uniquely identifies every TCP connection.

23.2 Port Numbers

Range Name Assignment 0–1023 Well-Known Ports Assigned by IANA. Reserved for standard services. 1024–49151 Registered Ports Registered by software vendors (e.g., MySQL=3306). 49152–65535 Dynamic/Private Ports Ephemeral ports assigned by OS for client connections. Port Protocol Service 20 TCP FTP — Data transfer 21 TCP FTP — Control (commands) 22 TCP SSH (Secure Shell) 23 TCP TELNET (unencrypted remote access — avoid!) 25 TCP SMTP (email sending) 53 TCP/UDP DNS (queries use UDP, zone transfers use TCP) 67/68 UDP DHCP (67=server, 68=client) 69 UDP TFTP (Trivial FTP — simple, no auth) 80 TCP HTTP 110 TCP POP3 (email retrieval) 143 TCP IMAP (email retrieval, keeps mail on server) 161/162 UDP SNMP (161=agent, 162=trap to manager) 443 TCP HTTPS (HTTP over TLS/SSL) 445 TCP SMB (Windows file sharing) 3306 TCP MySQL 3389 TCP RDP (Remote Desktop Protocol)

n EXAM TIP: Port numbers are the foundation of firewall rules and network security. For Cyber Security: port 23 (Telnet) sends passwords in plaintextuse port 22 (SSH). Port 80 (HTTP) unencryptedport 443 (HTTPS) with TLS. DNS uses UDP for queries (small packets, fast) but TCP for zone transfers (large data). DHCP: client sends from port 68 TO server port 67 (broadcast).

23.3 UDP — User Datagram Protocol

UDP is a connectionless, unreliable transport protocol. It adds minimal overhead to IP — just port numbers and a

checksum. No connection setup, no acknowledgment, no flow control, no congestion control, no ordering.

UDP Header (8 bytes fixed) Field Size Description Source Port 2 bytes Sender's port number (optional, 0 if not used) Destination Port 2 bytes Receiver's port number Length 2 bytes Total length of UDP datagram (header + data). Min = 8 bytes. Checksum 2 bytes Optional error detection over header + data + pseudo-header

  • When to use UDP: Applications that tolerate loss but need speed. Real-time audio/video (VoIP, streaming), DNS

queries, DHCP, online gaming, IoT sensors.

  • Why UDP for streaming: Late packets are useless — better to skip than wait and retransmit. UDP avoids

retransmission delay.

  • Advantages: Very low overhead (8-byte header vs 20-byte TCP). No connection setup delay. Supports broadcast

and multicast (TCP cannot).

n EXAM TIP: UDP = 8-byte header. TCP = 20-byte minimum header. UDP supports broadcast/multicast; TCP does not. UDP has NO flow control, NO congestion control, NO ordering. Applications that need reliability over UDP implement it themselves (e.g., QUIC protocol, RUDP).

23.4 TCP — Transmission Control Protocol

TCP is a connection-oriented, reliable, full-duplex transport protocol. It provides: byte-stream service, error control,

flow control, and congestion control.

23.4.1 TCP Header (20+ bytes) Field Size Description Source Port 2 bytes Sender's port Destination Port 2 bytes Receiver's port Sequence Number 4 bytes Byte offset of first data byte in this segment (ISN + position) Acknowledgment Number 4 bytes Next byte the receiver expects (cumulative ACK) Data Offset (HLEN) 4 bits Header length in 32-bit words (min=5, max=15 → 20–60 bytes) Control Flags (6 bits) 6 bits URG, ACK, PSH, RST, SYN, FIN — each 1 bit Window Size 2 bytes Receive buffer size (flow control). Max = 65,535 bytes (or scaled)