Presentation is loading. Please wait.

Presentation is loading. Please wait.

TELE3118 extras For week 4. IPv4 header in Wireshark.

Similar presentations


Presentation on theme: "TELE3118 extras For week 4. IPv4 header in Wireshark."— Presentation transcript:

1 TELE3118 extras For week 4

2 IPv4 header in Wireshark

3 3 Assigning IP addresses Need enough host bits to identify all host & router interfaces +.0 and broadcast – e.g. 200 hosts + 1 router + 2 = 203 => /24 Can pinch spare addresses – e.g. /30 from /24 for interfaces between routers Figure based on one from Kurose and Ross

4 4 Passage of a packet Each node has 2 addresses: link + network knows mask (255.0) & default router Each packet has 4 addresses: (source+dest)*(network+link † ) A to B: 1.A: Net prefix length => B is local 2.A: Lookup B.link (by ARP) 3.Transmit (AA,BB,1.1,1.2) 4.B: BB=mine =>receive 5.R: BB  mine => ignore A to F: 1.A: Net prefix length => F is external, via router R 2.A: Transmit (AA,CC,1.1,2.3) 3.R: CC=mine => receive & pass to IP – 2.3 on interface 2.1 & local – lookup 2.3’s link address (through ARP if not already stored) – transmit (DD,FF,1.1,2.3) Note: Link addresses change for each hop ABEF R AABB CC EEFF DD † link layer “destination” is where the frame is destined on this link, not the link layer address of the final destination.

5 Slide from Kurose and Ross

6 6 src: , 68 dest:: , 67 yiaddr: transaction ID: 655 Lifetime: 3600 secs DHCP client-server scenario DHCP server: arriving client time DHCP discover src : , 68 dest.: ,67 yiaddr: transaction ID: 654 DHCP offer src: , 67 dest: , 68 yiaddr: transaction ID: 654 Lifetime: 3600 secs DHCP request DHCP ACK src: , 67 dest: , 68 yiaddr: transaction ID: 655 Lifetime: 3600 secs 67 = IP protocol number for DHCP servers 68 = IP protocol number for DHCP clients yiaddr = your internet address Slide from Kurose and Ross

7 DHCP (BOOTP) in Wireshark Request retransmitted

8 ARP in Wireshark

9 9 IP Fragmentation and Reassembly ID =x offset =0 fragflag =0 length =4000 ID =x offset =0 fragflag =1 length =1500 ID =x offset =1480 fragflag =1 length =1500 ID =x offset =2960 fragflag =0 length =1040 One large datagram becomes several smaller datagrams Example 4000 byte datagram MTU = 1500 bytes IP length field includes 20B IP header 3980B payload  B IP packet  Slide from Kurose and Ross

10 Fragmentation in Wireshark ping -l 6000 Ethernet can carry 1500B data, IP header = 20B => 1480B ICMP/frame 6000B = 3x x80 + 8B ICMP header in first fragment: Frame 10: 8B ICMP header ICMP data Frames 11, 12, 13: 1480B ICMP data Frame 14: 88B ICMP data

11 Traceroute in Wireshark TTL (outer, inner)

12 IPv6 header in Wireshark

13 Extension material follows

14 MPLS appearing in Linux traceroute (IP addresses have been removed to save clutter/space. Note route changes) $ traceroute traceroute to 30 hops max, 38 byte packets 1 eebu4s2.uwn.unsw.EDU.AU in-addr.arpa ms ms ms 2 libcr1-po-6.gw.unsw.edu.au ms ms ombcr1-po-6.gw.unsw.edu.au ms 3 unswbr1-te-8-1.gw.unsw.edu.au ms unswbr1-te-7-1.gw.unsw.edu.au ms ms 4 bfw1-ea gw.unsw.edu.au ms ms ms 5 unswbr1-vl-3054.gw.unsw.edu.au ms ms ms 6 tengigabitethernet2-2.er1.unsw.cpe.aarnet.net.au ms ms ms 7 ge bb1.a.syd.aarnet.net.au ms ms ms 8 ae9.pe2.brwy.nsw.aarnet.net.au ms ms ms 9 xe bb1.b.sea.aarnet.net.au ms ms ms 10 xe r05.sttlwa01.us.bb.gin.ntt.net ms ms ms 11 ae-0.level3.sttlwa01.us.bb.gin.ntt.net ms ms ms 12 ae ebr1.Seattle1.Level3.net ms ms ms MPLS Label=1909 CoS=3 TTL=1 S=0 13 ae-7-7.ebr2.SanJose1.Level3.net ms ms ms MPLS Label=1174 CoS=3 TTL=1 S=0 14 ae csw4.SanJose1.Level3.net ms ms ae csw2.SanJose1.Level3.net ( ) ms MPLS Label=1024 CoS=3 TTL=1 S=0 15 ae-2-70.edge8.SanJose1.Level3.net ms ms ae-3-80.edge8.SanJose1.Level3.net ( ) ms 16 ASSOCIATION.edge8.SanJose1.Level3.net ms ms ms 17 * * * 18 * * * 19 * * *

15 How low is IP’s LCD? Ethernet: Ethernet services vs IP’s needs Preamble -> Framing: Ethernet knows frame length, but not padding length => data. IP independently determines length of data. Addresses: IP can work over point-to-point links without addresses. Type: 0x0800 = IPv4. but IPv4 checks anyhow with version field. Checksum: Ethernet protects all data, but IP protects (again) its header & TCP/UDP protect data. Figures 4-14 and 5-46 From Tanenbaum & Wetherall IPv4:

16 16 NAT: Operation S: , 3345 D: , : host sends datagram to , 80 NAT translation table WAN side addr LAN side addr , , 3345 …… S: , 80 D: , S: , 5001 D: , : NAT router changes datagram source addr from , 3345 to , 5001, updates table S: , 80 D: , : Reply arrives dest. addr.: , : NAT router changes datagram dest addr from , 5001 to , 3345 Slide from Kurose and Ross


Download ppt "TELE3118 extras For week 4. IPv4 header in Wireshark."

Similar presentations


Ads by Google