Presentation is loading. Please wait.

Presentation is loading. Please wait.

TELE3118 extras For week 4. IPv4 header in Wireshark.

Similar presentations


Presentation on theme: "TELE3118 extras For week 4. IPv4 header in Wireshark."— Presentation transcript:

1 TELE3118 extras For week 4

2 IPv4 header in Wireshark

3 3 Assigning IP addresses Need enough host bits to identify all host & router interfaces +.0 and broadcast – e.g. 200 hosts + 1 router + 2 = 203 => /24 Can pinch spare addresses – e.g. /30 from /24 for interfaces between routers 223.1.1.1 223.1.1.3 223.1.1.4 223.1.2.2 223.1.2.1 223.1.2.6 223.1.3.2 223.1.3.1 223.1.3.27 223.1.1.2 223.1.7.2 223.1.7.1 223.1.8.2223.1.8.1 223.1.9.1 223.1.9.2 Figure based on one from Kurose and Ross

4 4 Passage of a packet Each node has 2 addresses: link + network knows mask (255.0) & default router Each packet has 4 addresses: (source+dest)*(network+link † ) A to B: 1.A: Net prefix length => B is local 2.A: Lookup B.link (by ARP) 3.Transmit (AA,BB,1.1,1.2) 4.B: BB=mine =>receive 5.R: BB  mine => ignore A to F: 1.A: Net prefix length => F is external, via router R 2.A: Transmit (AA,CC,1.1,2.3) 3.R: CC=mine => receive & pass to IP – 2.3 on interface 2.1 & local – lookup 2.3’s link address (through ARP if not already stored) – transmit (DD,FF,1.1,2.3) Note: Link addresses change for each hop ABEF R AABB CC EEFF DD 1.11.2 1.3 2.22.3 2.1 † link layer “destination” is where the frame is destined on this link, not the link layer address of the final destination.

5 Slide from Kurose and Ross

6 6 src: 0.0.0.0, 68 dest:: 255.255.255.255, 67 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs DHCP client-server scenario DHCP server: 223.1.2.5 arriving client time DHCP discover src : 0.0.0.0, 68 dest.: 255.255.255.255,67 yiaddr: 0.0.0.0 transaction ID: 654 DHCP offer src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 654 Lifetime: 3600 secs DHCP request DHCP ACK src: 223.1.2.5, 67 dest: 255.255.255.255, 68 yiaddr: 223.1.2.4 transaction ID: 655 Lifetime: 3600 secs 67 = IP protocol number for DHCP servers 68 = IP protocol number for DHCP clients yiaddr = your internet address Slide from Kurose and Ross

7 DHCP (BOOTP) in Wireshark Request retransmitted

8 ARP in Wireshark

9 9 IP Fragmentation and Reassembly ID =x offset =0 fragflag =0 length =4000 ID =x offset =0 fragflag =1 length =1500 ID =x offset =1480 fragflag =1 length =1500 ID =x offset =2960 fragflag =0 length =1040 One large datagram becomes several smaller datagrams Example 4000 byte datagram MTU = 1500 bytes IP length field includes 20B IP header 3980B payload  1480 + 1480 + 1020 4000B IP packet  1500 + 1500 + 1040 Slide from Kurose and Ross

10 Fragmentation in Wireshark ping -l 6000 Ethernet can carry 1500B data, IP header = 20B => 1480B ICMP/frame 6000B = 3x1480 + 1x80 + 8B ICMP header in first fragment: Frame 10: 8B ICMP header + 1472 ICMP data Frames 11, 12, 13: 1480B ICMP data Frame 14: 88B ICMP data

11 Traceroute in Wireshark TTL (outer, inner)

12 IPv6 header in Wireshark

13 Extension material follows

14 MPLS appearing in Linux traceroute (IP addresses have been removed to save clutter/space. Note route changes) $ traceroute www.ietf.org traceroute to www.ietf.org, 30 hops max, 38 byte packets 1 eebu4s2.uwn.unsw.EDU.AU.92.171.149.in-addr.arpa 1.176 ms 0.717 ms 0.454 ms 2 libcr1-po-6.gw.unsw.edu.au 0.657 ms 0.466 ms ombcr1-po-6.gw.unsw.edu.au 0.407 ms 3 unswbr1-te-8-1.gw.unsw.edu.au 0.565 ms unswbr1-te-7-1.gw.unsw.edu.au 0.769 ms 0.894 ms 4 bfw1-ea-1-3053.gw.unsw.edu.au 0.461 ms 0.799 ms 0.639 ms 5 unswbr1-vl-3054.gw.unsw.edu.au 0.749 ms 1.119 ms 0.773 ms 6 tengigabitethernet2-2.er1.unsw.cpe.aarnet.net.au 1.145 ms 1.135 ms 1.077 ms 7 ge-4-1-0.bb1.a.syd.aarnet.net.au 1.206 ms 1.219 ms 1.241 ms 8 ae9.pe2.brwy.nsw.aarnet.net.au 1.252 ms 1.315 ms 1.299 ms 9 xe-0-0-0.bb1.b.sea.aarnet.net.au 143.794 ms 143.774 ms 143.815 ms 10 xe-0-6-0-23.r05.sttlwa01.us.bb.gin.ntt.net 152.582 ms 144.315 ms 144.346 ms 11 ae-0.level3.sttlwa01.us.bb.gin.ntt.net 143.860 ms 143.665 ms 143.985 ms 12 ae-31-51.ebr1.Seattle1.Level3.net 168.354 ms 168.093 ms 168.122 ms MPLS Label=1909 CoS=3 TTL=1 S=0 13 ae-7-7.ebr2.SanJose1.Level3.net 162.011 ms 162.081 ms 161.907 ms MPLS Label=1174 CoS=3 TTL=1 S=0 14 ae-92-92.csw4.SanJose1.Level3.net 163.372 ms 163.174 ms ae-72-72.csw2.SanJose1.Level3.net (4.69.153.22) 161.534 ms MPLS Label=1024 CoS=3 TTL=1 S=0 15 ae-2-70.edge8.SanJose1.Level3.net 161.208 ms 161.290 ms ae-3-80.edge8.SanJose1.Level3.net (4.69.152.148) 185.910 ms 16 ASSOCIATION.edge8.SanJose1.Level3.net 168.199 ms 162.042 ms 162.041 ms 17 * * * 18 * * * 19 * * *

15 How low is IP’s LCD? Ethernet: Ethernet services vs IP’s needs Preamble -> Framing: Ethernet knows frame length, but not padding length => data. IP independently determines length of data. Addresses: IP can work over point-to-point links without addresses. Type: 0x0800 = IPv4. but IPv4 checks anyhow with version field. Checksum: Ethernet protects all data, but IP protects (again) its header & TCP/UDP protect data. Figures 4-14 and 5-46 From Tanenbaum & Wetherall IPv4:

16 16 NAT: Operation 10.0.0.1 10.0.0.2 10.0.0.3 S: 10.0.0.1, 3345 D: 128.119.40.186, 80 1 10.0.0.4 138.76.29.7 1: host 10.0.0.1 sends datagram to 128.119.40, 80 NAT translation table WAN side addr LAN side addr 138.76.29.7, 5001 10.0.0.1, 3345 …… S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4 S: 138.76.29.7, 5001 D: 128.119.40.186, 80 2 2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3 3: Reply arrives dest. addr.: 138.76.29.7, 5001 4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345 Slide from Kurose and Ross


Download ppt "TELE3118 extras For week 4. IPv4 header in Wireshark."

Similar presentations


Ads by Google