lan security don't let them in networking review firewall techniques network attacks various...
TRANSCRIPT
![Page 1: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/1.jpg)
LAN Security
Don't let them in
• Networking Review• Firewall Techniques
• Network Attacks• Various Implementations
![Page 2: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/2.jpg)
TCP/IP Stack
Apps: FTP, Telnet, SNMP, SMTP, TFTP
HTTP, DNSTransport: TCP, UDP
IP: IP, ICMP, GCMP, IPSEC
Ethernet: ARP, RARP
Applications
Transport
IP
Data Link
Physical
![Page 3: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/3.jpg)
Ethernet FrameEncapsulation
• Ethernet Frame Length– Header – 14 bytes, CRC – 4 bytes, Payload– 64 <= Total Length <= 1518 bytes
• Ethernet Frame Payload Length– Maximum 1500 bytes– Minimum 46 bytes– Padding to a multiple of ??
Header Data >= 46 bytes Padding CRC
Preamble and 802.1AE – Wikipedia Separate presentation with GCM
![Page 4: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/4.jpg)
Ethernet Frame Header
Destination MAC Address Source MAC AddressBit 0 47 48 95 96 111
Type orSize
Type or Size Field<= 1500 = 0x05dc – Size of 802.3 LLC/SNAP Data> 1500 = 0x05dc – Type of Frame
Value Meaning
0x0800 IPv40x86dd IPv60x0806 ARP0x809b Apple Talk0x6559 Frame Relay
![Page 5: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/5.jpg)
What Goes Inside
• ARP, RARP Messages
• IP datagrams
– ICMP– IGMP– TCP– UDP
![Page 6: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/6.jpg)
ARPAddress Resolution Protocol
Resolves IP Address to MAC Address
HW Addr Type
Sender Hardware Address
HW Addr Len Proto Addr Len Operation
Sender Protocol Address
Target Hardware Address
Target Protocol Address
Bit 0 15 16 31
Proto Addr Type
![Page 7: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/7.jpg)
ARPOperation Codes
1 ARP request2 ARP response3 RARP request4 RARP response5 etc....9 etc.
![Page 8: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/8.jpg)
IP Datagram (IPv4)RFC 791
●Internet Protocol●RFC 791●Connectionless communication●Best effort delivery●Virtual addressing
![Page 9: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/9.jpg)
IP Datagram Format
Header Payload
Total datagram size constraintsMaximum 216 -1 bytesHeader length between 20 and 60 bytes
![Page 10: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/10.jpg)
IP Datagram Header
Ver HlenDiff. or Type of
ServicesTotal length
IdentificationRsv
Frg
Lst
Fragment Offset
Time to Live Protocol Header Checksum
Source Address
Destination Address
Options Padding
Bit 0 15 16
31
![Page 11: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/11.jpg)
IP Datagram (cont)
Ver IP Version 4 or 6Hlen Header length in 32 bit wordsTotal Length Total length of datagram in octets
Note: Total length = Header + Payload
Source Address IP address of senderDestination Address IP address of destinationHeader Checksum 16 bit one's complement checksum
of header
![Page 12: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/12.jpg)
Service Type FieldBit Number 0 1 2 3 4 5 6 7
Bits 0-2 – Precedence
1 1 1 Network control
1 1 0Internetwork control
1 0 1 CRITIC/ECP
1 0 0 Flash override
0 1 1 Lash
0 1 0 Immediate
0 0 1 Priority
0 0 0 Routine
Bits 3-6 – Type of service
0 0 0 0 Normal (default)
0 0 0 1 Minimize cost
0 0 1 0Maximize reliability
0 1 0 0Maximize throughput
1 0 0 0 Minimize delay
1 1 1 1 Maximize security
Bit 7
Reserved
![Page 13: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/13.jpg)
Type of Service
Protocol
TOS Bits
Description
3 4 5 6
ICMP 0 0 0 0 Normal
BOOTP 0 0 0 0 Normal
IGP 0 0 1 0 Maximize Reliability
SNMP 0 0 1 0 Maximize Reliability
Telnet 1 0 0 0 Minimize Delay
FTP (data) 0 1 0 0 Maximize Throughput
FTP (control) 1 0 0 0 Minimize Delay
SMTP (command) 1 0 0 0 Minimize Delay
SMTP (data) 0 1 0 0 Maximize Throughput
DNS (UDP query) 1 0 0 0 Minimize Delay
DNS (UDP query) 0 0 0 0 Normal
DNS (zone) 0 1 0 0 Maximize Throughput
![Page 14: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/14.jpg)
Differentiated ServicesRFC 2474 & 2475
A method for differentiating services for network traffic6 high order bits of the fieldDSCP – differentiated services code pointDetermines PHB – Per-Hop BehaviorOften the the DSCP is set by a router based on trafficSometimes the DSCP is set by the content of the packet
VoIP, RTP are treated differently than e-mail
RFC 2597 & 2598 have set some DSCP values
![Page 15: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/15.jpg)
Differentiated ServicesCongestion Control
0 1 2 3 4 5 6 7
DSCP
DSCP Differentiated Services Code PointPool 0 for usePool 1 for experimental use
ECN Explicit Congestion Notification
Differentiated services describes the types of services to be applied to this datagram.
Congestion Notification (ECN and CE) provides devices a way to notify each otherthat a link is congested.
Pool ECN
![Page 16: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/16.jpg)
Differentiated ServicesAssured Forwarding
Assured Forwarding PHB – RFC 2579Bits 0, 1, 2 determine the class of service
Packets with the same class will be granted similar services
Available bandwidth, quality, etc.Services are determined by router
Bits 3, 4 determine the drop precedenceLow, medium, highIndicates who gets dropped first during router congestion
![Page 17: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/17.jpg)
Assured ForwardingRFC 2597
Bit Number 0 1 2 3 4 5
Class
0 0 1 Class 1
0 1 0 Class 2
0 1 1 Class 3
1 0 0 Class 4
Drop Precedence
0 1 0 Low
1 0 0 Medium
1 1 0 High
![Page 18: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/18.jpg)
Differentiated ServicesExpedited Forwarding
A Per Hop Behavior for services such as virtual leased lines.
Low loss, low latency, low jitter, end-to-end service through a differentiated services domain.
VoIP, video conferencing etc.
![Page 19: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/19.jpg)
Expedited ForwardingRFC 3246
Bit Number 0 1 2 3 4 5
Class
1 0 1 Class 5
Drop Precedence
1 1 0 High
![Page 20: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/20.jpg)
Explicit Congestion NotificationRFC 3168
Permits routers to mark packets about congestion rather than dropping them.
Also routers can indicate that they are ECN capable, i.e. ECT (ECN-Capable Transport)
Bit Number 0 1 2 3 4 5 6 7
ECN
0 0 Not ECN-Capable Transport
0 1 ECT(0) (ECN-Capable)
1 0 ECT(1) (ECN-Capable)
1 1 CE (Congestion Experienced)
![Page 21: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/21.jpg)
Protocol Field
Value Protocol
1 ICMP Internet Control Message Ptotocol
2 IGMP Internet Group Message Protocol
6 TCP Transmission Control Protocol
8 EGP Exterior Gateway Protocol
17 UDP User Datagram Protocol
41 IPv6 Version 6
89 OSPF Open Shortest Path First
![Page 22: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/22.jpg)
Time To Live Field
TTL – Time to live
Every router that forwards the datagram decrements this field by 1. The first to decrement the TTL field to zero must respond to originator with an ICMP message.
![Page 23: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/23.jpg)
TTL Initialization
Different OS 's initialize this field to different values
![Page 24: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/24.jpg)
Fragmentation Flags
Rsv, Frg, and Lst bits
– Rsv – Reserved – Frg – 0 May fragment 1 Do not fragment– Lst – 0 Last fragment 1 More fragments
![Page 25: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/25.jpg)
Fragment Offset
This field indicates where, i.e which octet, in the datagram payload this fragment belongs.
The offset is measured in units of 8 octets (64 bits).
The first fragment has offset zero (0).
![Page 26: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/26.jpg)
Identification
● ID field allows all fragments of a datagram to be associated
● Different OS's choose the ID differently● Linux Random ID and increments by 1● BSD Random each time● Others Random ID and increments by 1
![Page 27: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/27.jpg)
IP Options
Copy Class Number Value Name---- ----- ------ ----- ------------------------------- 0 0 0 0 EOOL - End of Options List 0 0 1 1 NOP - No Operation 1 0 2 130 SEC - Security 1 0 3 131 LSR - Loose Source Route 0 2 4 68 TS - Time Stamp 1 0 5 133 E-SEC - Extended Security 1 0 6 134 CIPSO - Commercial Security 0 0 7 7 RR - Record Route 1 0 8 136 SID - Stream ID 1 0 9 137 SSR - Strict Source Route 1 0 16 144 IMITD - IMI Traffic Descriptor 1 0 17 145 EIP - Extended Internet Protocol 0 2 18 82 TR - Traceroute 1 0 19 147 ADDEXT - Address Extension 1 0 20 148 RTRALT - Router Alert 1 0 21 149 SDB - Selective Directed Broadcast 1 0 23 151 DPS - Dynamic Packet State 1 0 24 152 UMP - Upstream Multicast Pkt.
![Page 28: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/28.jpg)
ICMP
• Internet Control Message Protocol
• RFC 792
• Used to
• Return error codes• Perform network testing
• Sent within an IP datagram
• Highly abused protocol
![Page 29: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/29.jpg)
ICMP Message Format
Bit 0 15 16 31
Message Type
Identifier
ChecksumMessage Code
7 8
Payload
Sequence Number
![Page 30: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/30.jpg)
ICMP Message Types
Type Description
0 Echo Reply3 Destination Unreachable4 Source Quench5 Redirect8 Echo Request9 Router Advertisement10 Router Selection11 Time Exceeded
Type Description
12 Parameter Problem13 Timestamp14 Timestamp Reply15 Information Request16 Information Reply17 Address Mask Request18 Address Mask Reply30 Traceroute
![Page 31: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/31.jpg)
ICMP Message CodesType 0 Echo Reply
Code Description
0 etc.
![Page 32: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/32.jpg)
ICMP Message CodesType 3 Destination Unreachable
Code Description
0 Net Unreachable1 Host Unreachable2 Protocol Unreachable3 Port Unreachable4 Frag Needed & DF Set5 Source Route Failed6 Dest Net Unknown7 Dest Host Unknown8 Source Host Isolatedetc.
![Page 33: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/33.jpg)
ICMP Message CodesType 8 Echo Request
Code Description
0 etc.
![Page 34: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/34.jpg)
ICMP Fields
• Checksum is of the entire ICMP message
• Identifier aides in matching requests/replies
• Sequence # aids in reassembly
• The data field has a number of uses
• The data field must be padded to a even number of octets
![Page 35: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/35.jpg)
ICMP Payload
• Used for information, e.g.
• Echo request/reply: Information to be sent • Time exceeded: First 64 octets of IP datagram
dropped• Etc.
![Page 36: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/36.jpg)
Client - ServerParadigm
• Layer 4• Network applications use the client-server model for
communication• The client
• Executes locally• Initiates communication with the server
• The server• Executes as a shared resource• Waits passively for an arbitrary unknown client• Accepts many connections at the same time
![Page 37: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/37.jpg)
Client - ServerParadigm
• Host system
• Must simultaneously run many server applications
• Must keep communication with each server app separate
• Host system has only one IP address• Uses the concept of Port Number to maintain
the integrity of the apps
![Page 38: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/38.jpg)
Ports
• Standard port numbers assigned to a server application by RFC 1700
• Client uses standard numbers to request a network service
• TCP/UDP assigns dynamically allocated client port number
• The protocol ID (IP header) and the port #'s uniquely identify server & client
![Page 39: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/39.jpg)
Port Numbers
• Latest IANA port assignments http://www.iana.org/assignments/port-numbers
• Well Known Ports are those from 0 through 1023• Registered Ports are those from 1024 through 49151• Dynamic and/or Private Ports are those from 49152
through 65535
• RFC 1700, ``Assigned Numbers'' (October 1994)
![Page 40: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/40.jpg)
Standard Port Numbers0 – 1024
• Assigned to well known network services
• Primarily used by server applications
• Controlled by IANA
![Page 41: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/41.jpg)
Some Common Port Numbers
echo 7/tcpecho 7/udpftp-data 20/tcpftp-data 20/udpftp 21/tcpftp 21/udp fsp fspdssh 22/tcp # SSHssh 22/udp # SSH telnet 23/tcptelnet 23/udpsmtp 25/tcp mail # mailsmtp 25/udp mail # maildomain 53/tcp # name-domain serverdomain 53/udphttp 80/tcp www www-http # WorldWideWeb HTTPhttp 80/udp www www-http # httpkerberos 88/tcp kerberos5 krb5 # Kerberos v5kerberos 88/udp kerberos5 krb5 # Kerberos v5https 443/tcp # MComhttps 443/udp # MCom
![Page 42: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/42.jpg)
Layer 4 Protocols
• UDP – User Datagram Protocol
• TCP – Transmission Control Protocol
![Page 43: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/43.jpg)
UDP
• Connectionless transport
• No guaranteed delivery
• No error messages
![Page 44: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/44.jpg)
UDP DatagramRFC 768
Bit 0 15 16 31
Source Port Destination Port
UDP Length Checksum
UDP Data
![Page 45: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/45.jpg)
UDP Header Fields
• Ports are layer 5 application ports
• Length is in bytes including the header and data
• Length should be in even number of octets
• Checksum of all 16 words in the header and UDP data
![Page 46: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/46.jpg)
TCP
• Transmission Control Protocol• RFC – 793• Connection Oriented• Reliable transport• Full Duplex communication• Stream interface• Point-to-point communication
![Page 47: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/47.jpg)
TCP Header Format
Source Port Destination Port
RST
SYN
FIN
UnusedOffset Window
Acknowledge Number
Sequence Number
Options Padding
Bit 0 15 16 31
URG
ACK
PSH
Checksum Urgent Pointer
Flags
ECE
CWR
8
![Page 48: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/48.jpg)
Header FieldsSequence #
• Sequence# indicates the byte position of the first octet of the current datagram within the data stream
• Usually starts with a random number and wraps if it exceeds 232
• If a SYN is present, the Seq # is the initial sequence number.
• Each successive Seq# is the previous Seq # + the payload size in octets.
![Page 49: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/49.jpg)
Header Fields Acknowledgment #
• Ack# indicates the next Seq# expected and that the sender has correctly processed datagrams to that point within the data stream
• Insures the connected stream has not dropped any data
![Page 50: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/50.jpg)
Header Fields cont'd
• Offset• 4-bit field is the length of the TCP Header in 32-bit words
including options
• Window• 16-bit field for the number of octets the sender is willing to
accept
• Urgent Pointer• Field (byte) in the data stream that is urgent. Receiver will
skip to this field if URG bit is set
![Page 51: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/51.jpg)
Header Fields cont'd
• Checksum
• 16-bit checksum of the TCP header and data• Unused
• 4-bits zero filled
![Page 52: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/52.jpg)
FlagsCWR, ECE
• CWRCongestion Window Reduced flag for the data senderto inform the data receiver that the congestion window has been reduced
• ECEECN-Echo for the data receiver to inform the data sender
when a CE packet has been received
![Page 53: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/53.jpg)
FlagsSYN, ACK, RST
• SYNIndicates a request to initiate TCP connection
• ACKIndicates that the datagram's acknowledgment sequence
number specifies that the TCP data stream has been correctly received
• RSTIndicates that the sender has abruptly closed the connection
![Page 54: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/54.jpg)
FlagsPSH, URG, FIN
• PSHIndicates that the receiver should immediately make the data available to the app rather than wait until subsequent or earlier datagrams
• URGIndicates that the urgent pointer is set
• FINIndicates the sender has completed its communication and is shutting down the connection
• RSV - Reserved and set to zero
![Page 55: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/55.jpg)
Options• Single byte
– End of options– No operation
» Used to align for the next option or beginning of an option
• Multi - byte– Max segment size– Window scale factor– Timestamp
![Page 56: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/56.jpg)
TCP Connection3-Way Handshake
Segment 1
Segment 3
Segment 2
Seq# 10580322Ack# 378086427
Seq# 10580321
(SYN , . )
Seq# 378086426
Ack# 10580322(SYN ,
ACK)
( . , ACK)
Client Server
![Page 57: LAN Security Don't let them in Networking Review Firewall Techniques Network Attacks Various Implementations](https://reader030.vdocuments.mx/reader030/viewer/2022032709/56649e985503460f94b9b2ca/html5/thumbnails/57.jpg)
TCP Teardown
Segment 4
Segment 7
Segment 5
Seq# 378086579Ack# 10580352
Ack #378086580
Ack# 10580353
Segment 6Seq# 10580352
Ack# 378086580
(FIN, ACK)
( . , ACK)
(FIN, ACK)
( . , ACK)
Client Server