Pages

10/21/2002

CITRIX::NETWORK PACKET ANALYSIS
From Citrix Support:Citrix KB

How ICA Client Connections over TCP/IP work


--------------------------------------------------------------------------------
This solution pertains to:
MetaFrame 1.8 for Microsoft NT Server 4.0, Terminal Server
MetaFrame 1.8 for Windows 2000
WinFrame 1.8
Last modified: Thu Nov 29 15:29:30 2001
--------------------------------------------------------------------------------
The ICA client uses the UDP (User Datagram Protocol) portion of the TCP/IP protocol suite when browsing for a Citrix server. UDP is a connectionless mode protocol, providing potentially unreliable, unsequenced, and/or duplicated packets, because it leaves these functions to other layers.
The ICA client broadcasts (ffffffffffff) UDP packets to the network with a destination address of UDP port 1604 (0644 hex) and the source address of the client is any high UDP port (any port over 1023). A Citrix server replies with a UDP packet, where the data area contains the names of the current Citrix servers. The pull down list is built using this information. This use of UDP can be avoided by connecting using the IP address rather than by browsing.
NOTE: If the client is in a multiple segmented LAN or WAN and there are IP routers setup to filter UDP then ICA connections will be limited to direct IP addresses only. UDP is normally used to resolve the name to IP address once it has done this then it relies soley on TCP for the ICA connection between Clients and Host.
Connecting to the Citrix Server
ICA client connections actually use the TCP (Transmission Control Protocol) portion of the TCP/IP suite of protocols for communication between the server and the client. TCP is a connection-oriented, end-to-end protocol. It provides reliable, sequenced, and unduplicated delivery of bytes to a remote or local user.
Any application that uses TCP as the transport is assigned a unique port identification number called a TCP port. Communications between a client and a server that take place on a TCP transport will occur through a TCP port. The client side will dynamically assign a port number when there is a request for service. The server side of the application uses a port number that has been preassigned by the InterNet Assigned Numbers Authority (IANA).
ICA has been assigned port 1494 in the same way Telnet uses port 23 or HTTP uses port 80. For further information regarding ICA and port 1494, refer to RFC 1700.
The process of connecting to a Citrix server from an ICA client is actually very similar to an FTP connection. The following steps are only a local subnet connection to simplify this discussion. Crossing routers or WANs brings the same factors and concerns to ICA connections as any IP traffic would.
First the client will ARP for the hardware address of the server so it can begin the connection. Once the hardware address is known, the client sends a TCP packet to TCP port 1494 (05d6 hex) on the server. At this point, the server normally accepts the request from the client and the ICA connection is negotiated.
How the ICA browser resolves names between client and host
For TCP/IP, the ICA browser resolves server/cluster/app names into IP addresses. There are 2 steps in Name resolving via the ICA browser:
1. Getting the Master Browser's IP address. This is done either by:
A). Broadcasting the "Get Master Address" packet to all Citrix servers (default).
B). Sending the request to one or more specified Citrix server(s) (refer to the ICA client Help under Server Location)
2. Send a request to the Master Browser to get the IP address of the server/cluster/app you want to connect to.
The ICA browser has nothing to do with the IP addresses -> hardware address translation ( the client system takes care of that via ARP ).

No comments: