tcp/ip protocols review
DESCRIPTION
TCP/IP Protocols Review. Protocol Model Internet Protocol – IP/ICMP/ARP Reliable Stream Transport Service - TCP User Datagram Protocol - UDP Internet Applications. OSI Reference Model. Application. Application. Presentation. Presentation. Session. Session. Transport. Transport. - PowerPoint PPT PresentationTRANSCRIPT
1
TCP/IP Protocols Review
Protocol Model Internet Protocol – IP/ICMP/ARP Reliable Stream Transport Service - TCP User Datagram Protocol - UDP Internet Applications
2
PresentationPresentation
SessionSession
TransportTransport
NetworkNetwork
Data linkData link
PhysicalPhysical
NetworkNetwork
Data linkData link
PhysicalPhysical
NetworkNetwork
Data linkData link
PhysicalPhysical
PresentationPresentation
ApplicationApplication
SessionSession
TransportTransport
NetworkNetwork
Data linkData link
PhysicalPhysical
ApplicationApplication
OSI Reference Model
3
Application
Host-to-Host Transport
Internet
Network Access
Http,Telnet,FTP,SMTP,SNMP,NFS
TCP,UDP
IP , ICMP
device driver and interface card
TCP/IP v.s. OSI 的架構
4
FrameHeader
IPHeader
TCP/UDP/ICMP
Header Data Trailer
IPHeader
TCP / UDP/ICMP
Header Data
UDPHeader
Data
TCPHeader
Data
DataApplication Layer: User Data
TCP or UDPor ICMP Layer
IPLayer
LowerLayer
ICMPHeader
Data
TCP/IP Data Encapsulation
5
TCP/IP 階層性架構
ICMP IP IGMP
ARP Interface RARP
TCP UDP
UserProcess
UserProcess
UserProcess
Application
Transport
Network
Link
Application
Transport
Internet
Network Access
6
Internet Protocol (IP)
Internet Address IP Datagram IP Fragmentation IP Routing Internet Control Message Protocol(ICMP) IP 通信協定的特性 IPv6
7
Internet Address
Network ID and Host ID (Network Mask and Subnet)
Address Class and Classless IP NIC Reserved IP Address Broadcast / Loop Back / Multicast Address Internet Addressing 的缺點
8
network mask A host needs to know how many bits are used for the Network-ID and how many bits are used for the Host-ID. This is specified using network mask.
Class C network mask example 255.255.255.0 , 255.255.255.128, 255.255.255.192 , 255.255.255.224, 255.255.255.240, 255.255.255.248
Commands to check IP address and network maskWin95/98 - winipcfgWinNT/2000 - ipconfig /allUNIX - ifconfig -a
Network Mask and Subnet
9
IP Address Class (1)
Class A nnn.hhh.hhh.hhh(1.0.0.0 ~ 126.255.255.255)
Class B nnn.nnn.hhh.hhh(128.0.0.0 ~ 191.255.255.255)
Host0 Network
Host1 Network0
0
70
15
10
IP Address Class (2)
Class C nnn.nnn.nnn.rrr(192.0.0.0 ~ 223.255.255.255)
Class D Multicast address(224.0.0.0 ~ 239.255.255.255)
Host1 Network
1 Multicast address0
0
1 0
1 2
1 1
11
Class A10.0.0.0 ~ 10.255.255.255
Class B172.16.0.0 ~ 172.31.255.255
Class C192.168.0.0 ~ 192.168.255.255
NIC Reserved IP Address
12
Special IP Address Directed Broadcast Address
Network ID + all 1’s with Host ID Limited Broadcast Address
Thirty-two 1s Multicast Address
IGMP, Internet Group Management Protocol Loop Back Address
127.0.0.1 For inter-process communication on the local
machine
13
Internet Addressing 缺點
IP 位址常常必須改變 IP Spoofing 位址不夠用
14
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Time to live
Data......
Options + padding
Destination address
Source address
Protocol Header checksum
Identification Flags Fragment Offset
Version IHL Type of Service Total Length
IP Datagram
15
IP Fragmentation
Maximum Transmission Unit(MTU) Related fields in IP Header
Identification Flags: w/o more Fragment, DF bit Fragment Offset
Related Attack Ping of Death Tiny Fragments Fragments overlapped
16
MTU
Network MTU (bytes)
Hyperchannel
X.25
IEEE 802.3/802.2
Point-to-Point
16 Mbits/sec token ring (IBM)
4 Mbits/sec token ring (IEEE 802.5)
Ethernet
FDDI
65536
17914
4464
4352
1500
1492
576
296
Typical Maximum Transmission Units (MTUs)
17
Why Frag. is BAD
• 封包分割重組造成效率降低與資源虛耗• 封包被分割後不含 TCP/UDP Header 資訊,
造成防火牆過濾上的困難• 可能規避安全機制 ( 掃毒、入侵偵測 ) 檢
查• information hiding
• 可能造成系統當機或其他異常反應• overlapping data/header
18
Overlapping Fragments
IPHeader
TCPHeader
DATA
IPHeader
DATA
IPHeader
TCPHeader
DATA
IPHeader
DATA
IPHeader
TCPHeader
DATA
IPHeader
Fake TCPHeader
DATA
19
Time to Live (TTL)
– 封包可以經過路由器的最大限制 (hop count)
– 每當封包經過一台路由器 (router/gateway) 時,路由器會將 TTL 的值減 1
– 若 TTL 的值到達零,負責處理的路由器會將封包丟棄不再繼續傳遞,並傳回 ICMP Time Exceeded 錯誤訊息回發送端
20
Protocol Field
Determines destination upper-layer protocol
TransportLayer
InternetLayer
TCP UDP
ProtocolNumbers
IP
50
6 1751
AH
ESP
21
IP Options
– 通常是 empty ,很少使用– Firewall 可能會碰到的 IP option 為 IP s
ource route» IP source route 除 mobile IP 的應用外,無太大用途,反可能被攻擊者利用
– 有些 packet filtering systems 的政策是一見到 IP option set ,就拒絕此 packet ,不管它代表什麼意義
22
IP Routing
Mapping Internet Address to Physical Address (ARP)
Table Driven IP Routing Static and Dynamic Routing
23
Routing Scenario
Source MAC=A
Source MAC=A
Host A
Host B
Router
Dst. MAC=Router
Dst. MAC=Router
Source IP=A
Source IP=A
Dst. IP=B
Dst. IP=B Data….Data….
Source MAC=Router
Source MAC=Router
Dst. MAC=B
Dst. MAC=B
Source IP=A
Source IP=A
Dst. IP=B
Dst. IP=B Data….Data….
24
Address Resolution Protocol
非 IP Protocol ARP Cache ARP Proxy arp -a, arp -p
25
封包擷取 – 封包擷取 – Sniffing (1)Sniffing (1)
本機 IP : A目的 IP : B
ARP Request ( Broadcast)
ARP Reply
B 的 MAC位址是多少
?A
B
Ex. C:\> arp -a
我的 MAC位址是… ..
26
封包擷取 – 封包擷取 – Sniffing (2)Sniffing (2)
SnifferSniffer 是如何工作的 是如何工作的 ??
1.1. 乙太網路內任兩台電腦溝通的封包是可以被該區域網路內乙太網路內任兩台電腦溝通的封包是可以被該區域網路內 其他電腦所探知的其他電腦所探知的 ..
2.2. 由於乙太網路卡會將不屬於它的封包訊息給忽略掉由於乙太網路卡會將不屬於它的封包訊息給忽略掉 ,, 也就也就是是
它會忽略掉與它 它會忽略掉與它 MAC(Media Access Control) MAC(Media Access Control) 位址位址不同的不同的
封包封包 . . ( ( 廣播封包除外 – 廣播封包除外 – FF :FF :FF :FF :FF :FF )FF :FF :FF :FF :FF :FF )
3.3. Sniffer Sniffer 的程式會將乙太網路卡設定成隨機處理模式 的程式會將乙太網路卡設定成隨機處理模式 ””Promiscuous Mode”Promiscuous Mode”, , 也就是不做任何封包的過濾也就是不做任何封包的過濾 ,, 但前提但前提 是要在同一個區域網路中是要在同一個區域網路中 ..
27
A System’s Routing Tables Containing loop back interfaceInterface for itself networkhost-specific are addednetwork-specific are added default gateway are added
Commands to check routing tablesnetstat -rn
IP Routing Tables
28
(1) Search for host-specific host address
(2) Search for network-specific network
(3) Search for itself interface network for broadcast
(4) Search for a default entry
IP Routing Principals
29
Static routingCommand addedThere is single connection point to other network
Dynamic routing Used by routers to communication each other,informing each other of what networks each router currently connected to.
Static and Dynamic Routing
30
Windows 9x / NT / 2000 (Under Dos Mode ) route add [ Host/Network IP] mask [Network Mask] [Gateway IP]
* Example : route add 203.75.1.0 mask 255.255.255.128 192.72.155.254
Unix route add [Host/Network IP] [Gateway IP] [Metric]
* Example : - Add an Default Routing Entry : route add default 192.72.155.254 1 - Add an Static Routing Entry : route add 172.16.1.1 192.168.100.254 1
Add a Static Routing Into a Routing Table
31
192.168.1.1255.255.255.0
10.1.201.1255.255.255.0
Host A Host B
How to let the two host reach each other?
case study – static route
•route add 10.1.201.1 mask 255.255.255.255 192.168.1.1
•route add 192.168.1.1 mask 255.255.255.255 10.1.201.1
Host A
Host B
Add static routes
32
ICMP (1)
Internet Control Message Protocol ICMP only reports error conditions to the
original source; it does not correct it. ICMP Message Format Testing Destination Reachability and Status
Echo Request and Reply
33
ICMP (2)
Reports of Unreachable Destinations並非所有錯誤均可偵測到, e.g. 機器當掉、網路卡壞掉
Congestion and Datagram Flow ControlSource Quench Message
Route Change Request From GatewaysRedirect Message
Detecting Circular or Excessively Long RoutesTime Exceeded for a Datagram message
34
ICMP Message Format
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
Type
Data…..
Code Checksum
IP Header
ICMP:
IP:
ICMP Message
35
ICMP Type
0: Echo Reply 3: Destination
Unreachable 4: Source Quench 5: Redirect(Change a
route) 8: Echo Request 11: Time Exceeded for a
Datagram
12: Parameter Problem on a Datagram 13: Timestamp Request14: Timestamp Reply15: Information Request (Obsolete)16: Information Reply ( Obsolete)17: Address Mask Request18: Address Mask Reply
36
ICMP Code of Unreachable Destination
0: Network Unreachable 1: Host Unreachable 2: Protocol Unreachable 3: Port Unreachable 4: Fragmentation Needed
and DF Set 5: Source Route Failed 6: Destination Network
Unknown 7: Destination Host
Unknown
8: Source Host Isolated9: Communication with Destination Network Administratively Prohibited 10: Communication with Destination network Administratively Prohibited 11: Network Unreachable for Type of Service12: Host Unreachable for Type of Service
37
IP 通信協定的特性 Connectionless Delivery System Unreliable Delivery Protocol
Lost, Duplicated, Delayed, Out of Order 依賴其它層的協定來提供 Reliable Se
rvice
38
Plenty of addresses (one would never run out of address)
support of billions of hosts Efficient yet flexible routing
reduce the size of the routing tablessimplify the protocol for high performance routing process
Provide better securitySupport of real-time dataAllow multicasting with specified scopeAllow a host to roam without changing its addressAllow protocol to evolve in the futureAllow the coexistence of the old and new protocols
IPv6 特色
39
IPv4 Header20 Octets+Options : 13 fields, include 3 flag bits
0 bits 31
Ver IHL Total Length
Identifier Flags Fragment Offset
32 bit Source Address
32 bit Destination Address
4 8 2416
Service Type
Options and Padding
Time to Live Header ChecksumProtocol
RemovedChanged
40
IPv6 Header40 Octets, 8 fields
0 31
Version Class Flow Label
Payload Length Next Header Hop Limit
128 bit Source Address
128 bit Destination Address
4 12 2416
41
IPv6 Header
Next = TCP
TCP Header
IPv6 Header
Next = Routing
TCP HeaderRouting HdrNext = TCP
IPv6 Header
Next = Security
TCP HeaderSecurity HdrNext = Frag
Application Data
Application Data
Fragment HdrNext = TCP
DataFrag
• IP options have been moved to a set of optional Extension Headers
• Extension Headers are chained together
IPv6 Extension Headers
42
Transmission Control Protocol
TCP Segment Format Reliable Delivery Service Positive Acknowledgement with
Retransmission Sliding Windows Establish a TCP Connection
43
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
DATA
Options & padding
Checksum
Sequence Number
Source Port Destination Port
Urgent Pointer
DataOffset
ReservedURG
ACK
PSH
RST
SYN
FIN
Acknowledgment Number
Windows
TCP Segment Format
44
Port Numbers
TCP
Port Numbers
FTP
TransportLayer
TELNET
DNS
SNMP
TFTP
SMTP
UDP
ApplicationLayer
2121 2323 2525 5353 6969 161161
RIP
520520
HTTP
8080
45
TCP Port Numbers
SourcePort
SourcePort
Dest.Port
Dest.Port ……
Host A
10281028 2323 ……
SP DP
Host ZTelnet Z
Dest. port = 23.Send packet to my
Telnet application.
46
Reliable Delivery Service of TCP (1) Stream Orientation
Instead of Lost, Duplicated, and Out of Order Virtual Circuit Connection
Clients Connect and Servers Listen/Accept Ports and Connections
Buffered Transfer TCP will buffer data to make transfer more
efficient Provides a push mechanism that applications use to
force a transfer
47
Reliable Delivery Service of TCP (2) Unstructured Stream
TCP does not show packet boundaries to applications
Full Duplex ConnectionThink of it as two independent streams
joined with piggybacking mechanism
48
Acknowledgement and Retransmission
???
49
Sliding Windows (1)
Packets: 1 2 3 | 4 5 6 7 8 | 9 10 11 12 13 => done windows Not Sent
1-3 sent and ACKED4-8 in window and sent but not ACKEDif ACK arrives, sender slides window up
Recv controls sliding window and views that as available buffering, can stop sending by telling its window size is 0 in ACK
50
Sliding Windows (2)
To make stream transmission more efficient than a simple positive acknowledgement protocol
Variable windows size and flow control Congestion Control
Allowed-window = min (receiver-advertisement, congestion_window)
Multiplicative decrease congestion avoidance
Slow-start (additive) Recovery
51
TCP Three Way Handshake-1
52
TCP Three Way Handshake-2
53
TCP Three Way Handshake-3
54
TCP Session Termination-1
FIN (seq=m)
Host A Host B
1
55
TCP Session Termination-2
FIN (seq=m)
Host A Host B
1
ACK m+1 2
56
TCP Session Termination-3
FIN (seq=m)
Host A Host B
1
ACK m+1
FIN (seq=n) 3
2
57
TCP Session Termination-4
FIN (seq=m)
Host A Host B
1
ACK m+1
FIN (seq=n) 3
2
ACK n+14
58
User Datagram Protocol (UDP)
UDP Message Format IP with Ports Unreliable Connectionless Delivery Works fine just on a local network
59
UDP Message Format
0 1 2 30 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
SourcePort
DestinationPort
Length Checksum
Data...
60
Internet Applications
Telnet: Remote Terminal Access FTP: File Transfer Protocol SMTP: Simple Mail Transfer Protocol POP3: Post Office Protocol 3 HTTP: Hyper Text Transfer Protocol NNTP: Network News Transfer Protocol DNS: Domain Name Service