Presentation is loading. Please wait.

Presentation is loading. Please wait.

NETWORKING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

Similar presentations


Presentation on theme: "NETWORKING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security."— Presentation transcript:

1 NETWORKING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security

2 Overview OSI Model Addressing –DNS, IP, MAC address –Address resolution Layer 4 communication –Port numbers –TCP flow control and error correction Headers –TCP, UDP, IP ICMP 2

3 OSI Model Network communications protocols are developed using the Open System Interconnection (OSI) model. An ISO standard for worldwide communications. The OSI model defines a framework for implementing protocols in seven distinct layers. Each layer makes use of the services of the layer below it to provide a set of specific services to the layer above it. Adjacent layers communicate with each other through a well- defined interface, so that in principle, we could change one layer or even completely rewrite it without affecting the others. 3

4 OSI Layers 4

5 OSI Mnemonic AwayApplication PizzaPresentation SausageSession ThrowTransport NotNetwork DoDoData Link PleasePhysical 5

6 Encapsulation When data is passed down from higher layers to lower ones, each layer creates its header and places the data given to it by the next-higher layer behind its own header, thereby encapsulating the higher layer’s data. The Data Link layer also creates a trailer. 6

7 Encapsulation – Layer 4 7

8 Encapsulation – Layer 3 8

9 Encapsulation – Layer 2 9

10 Network Communication 10

11 Decomposition – Layer 2 11

12 Decomposition – Layer 3 12

13 Decomposition – Layer 4 13

14 Protocol Data Unit A term that describes a set of bytes that includes the layer’s header and trailer (if any) and all data encapsulated. From Layer X’s perspective, the higher-layer headers and the user data form one large data field. 14

15 Address Translation 15

16 Types of Addresses Communications between network computers (hosts) would be impossible without unique addresses for each host. Computers on a local network use MAC addresses to communicate with each other. To access hosts on remote networks, such as those on the Internet, a computer needs to know their IP addresses. –Routers will route the packets to the destination network by looking up those IP addresses in the routers’ routing tables. IP addresses are difficult for humans to memorize, so DNS Names (e.g., are used by humans.www.unt.edu 16

17 Address Resolution Therefore, two types of address translation (resolution) are essential to network communications. –DNS Name-IP Address Resolution When a person uses a human-readable address like that address must be resolved into an IP address. –IP-MAC Address Resolution Scenario 1: If that IP address is local, the resolution of the IP address into MAC address takes place right away. Scenario 2: If that IP address is remote, the packet is routed to the remote network first. Then, once the packet gets to the remote network, it is resolved into a MAC address on that network. In both scenarios, the host owning that MAC address will take care of the packet. 17

18 DNS-IP Resolution Domain Name Service (DNS) translates user friendly names (called Fully Qualified Domain Names, or FQDNs) into IP addresses. –For example, = The DNS server handles DNS queries by examining its local records to see if it knows the answer. If it does not, the DNS server queries higher level domain servers. They check records or query the server above them and so on until a match is found. A domain’s DNS servers maintain a database that records all DNS name-IP mappings inside the domain, including those for web servers, directory servers, servers, hosts, etc. 18

19 Layer 3: IP Addresses It is common to express the 32-bit IP addresses in a decimal form (dotted decimal notation). –The address is divided from the high-order bit to the low-order bit into four 8-bit units called octets. –IP addresses are normally written as four separate decimal octets delimited by a period (a dot). –Each octets has eight bits and each bit has two possible values: 0 and 1. –Thus, in decimal terms, an octet can have 28 or 256 possible values, ranging from 0 to

20 Layer 3: IP Addresses An IP address is broken down into two portions: Network ID and Host ID. –Without subnetting, the end of the network ID falls on a 8-bit boundary (e.g., the 16th bit in a Class B subnet). –The network ID, or network address, identifies the nodes that are located on the same logical network. –The host ID, or host address, identifies a node within a network. An address with a host ID of all zeros is not assigned to any host. It is reserved to define the network itself (network address, e.g., “the network”). If the host ID is all 1s, the address is a broadcast address (e.g., ). It is used to send a packet to all hosts on a specific network. It can only be a destination address; no host can be assigned this address. 20

21 IP Addresses Source: Davies and Lee, Windows Server 2003 TCP/IP Protocols and Services. Class A Class B Class C 21

22 CIDR Notation A shorthand for subnet masks (n.n.n.n stands for an IP address). It indicates the number of bits that are set to 1 in the mask. –n.n.n.n/8 for class A default mask, equivalent to –n.n.n.n/16 for class B default mask, equivalent to –n.n.n.n/24 for class C default mask, equivalent to

23 Private Addresses An organization can use any IP addresses for its network, as long as it is not connected to the Internet. If it wants to use the addresses on the Internet, however, it has to apply for them from Internet Corporation for Assigned Names and Numbers (ICANN). Three blocks of addresses are reserved for private networks. Class A: – Class B: – Class C: – Private addresses are not routable on the Internet. 23

24 Layer 2: MAC Addresses MAC address is a unique, 48-bit hardware address assigned to a device by the manufacturer. –Each manufacturer is assigned a specific block of MAC addresses (the first 24 bits). –The manufacturer assigns the device a unique address (the second 24 bits). –No two devices can share the same MAC address. –For one system to send data to another on the local network, it must first find out the destination system’s MAC address. 24

25 IP-MAC Address Resolution To find a MAC address, the Address Resolution Protocol (ARP) is used. Using an ARP request, the sending system will broadcast a query – “who is ”? This broadcast query is examined by every host on the local network, but only the system whose IP address is will respond. 25

26 IP-MAC Address Resolution That system will send back a response that says “I’m and my MAC address is 00:07:e9:7c:c8:aa.” The sending system will then format the packet for delivery and drop it on the network media, with the MAC address of the destination host. If a host cannot find the destination host in this way, the packet is forwarded to the default gateway, which is the computer/router that knows how to route those packets. What happens if the receiving “host” is ? –The broadcast MAC address is all Fs. 26

27 Broadcast Used in one-to-everyone communications. A broadcast IP address is designed to be processed by every IP node on the same network segment. It is in the format of –Class A: nnn –Class B: nnn.nnn –Class C: nnn.nnn.nnn.255 The broadcast IP packet is addressed at the Data Link layer using the network technology's broadcast address. –For example, for Ethernet and Token Ring networks, all IP broadcasts are sent using the Ethernet and Token Ring broadcast address 0xFF-FF-FF-FF-FF-FF. 27

28 Unicast Used in one-to-one communications. A packet is sent from an individual source to an individual destination. In a hub-connected network, all hosts on the network segment see the packet. In normal mode, however, all hosts except the intended receipt will pick up and process the packet. 28

29 What About Layer 4 “Addresses”? Layer 3 (IP) only takes care of host-to-host communication. It doesn’t care which process (program) will use which packet it delivers. –Its job is done when a packet reaches its destination IP address. Layer 4 (Transport) is responsible for process-to- process communication. –After getting rid of the Layer 3 header, the remainder of the packet (datagram) is passed up to Layer 4. –Layer 4 on the destination computer thus reads the information transmitted from Layer 4 on the origin. 29

30 Layer 4 Communication There are two types of communication at Layer 4: –TCP is like registered mail, which guarantees delivery to the intended recipient (process). –UDP is like first-class mail and is best-of-effort delivery. There is no guarantee of delivery to the intended recipient (process). Processes decide which service to use based on the task at hand, just like how we choose between registered vs. first-class mail depending on the importance of the mail involved. –For example, DNS uses UDP for DNS name queries but TCP for zone transfers (synchronization of information in the DNS database). 30

31 Ports In current computing environments, network communications usually uses client/server architecture. Client is the requester for information; server serves information to the client. For example, when you visit a website, your computer is the client and the web server is the server. Client initiates the communication. For the packets to go to the correct process on the server for the type of information requested (e.g., going to web server for HTML files), each process on the server must be easily located. This locator is called a “port”. Ports are numbered, just like piers or docks are numbered along waterfront, e.g., on Fisherman’s Wharf, San Francisco, –To watch seals, go to Pier 39. –To take ferries, go to Pier

32 32

33 Ephemeral Ports Servers, however, don’t have to have pre-knowledge of which port the client will use for communication. It’s practically impossible because the number of potential clients is limitless. Therefore, when initiating communication, the client picks a port (an ephemeral port) through which it wants to receive information from the server. The client uses the very first packet in the communication to notify the server the client-side port number to use for this session. –The process that requests the information (e.g., web browser) then awaits it behind that particular port. When the server returns a packet, it knows which port to send it to on the client. The client-side port is “ephemeral” because it doesn’t have to be tied to the process after the communication is over. 33

34 Reserved Ports To avoid chaos, port numbers on the server must be reserved for common process and this made public information. Most of port numbers on servers are between 0 and 1023 and are called well known port numbers. However, application developers may take advantage of ports that are 1024 or higher. As long as there is general consensus regarding which application commonly uses which port, these registered ports can be used to establish communication with the server for the related process without pre-knowledge of behind which port the process is awaiting incoming connections. –For example, MySQL uses Port 3306 by default. The important corollary – By looking at the open ports on a server, we can deduce what processes are running on that server. 34

35 IANA Port Ranges The Internet Assigned Numbers Authority (IANA), the same organization that assigns IP addresses, manages port numbers. 35 Port TypePort NumbersDescription Well-Known Ports0 – 1,023Assigned and controlled by IANA. Reserved for the most universal applications. Registered Ports1,024 – 49,151Not assigned or controlled by IANA. Can only be registered with IANA to avoid duplication. Dynamic Ports49,152 – 65,535 Neither registered or controlled. Often used by a private protocol that only a particular organization uses.

36 Important Port Numbers 36

37 TCP vs. UDP UDP is a “connectionless” protocol. –Very few error recovery services – this is done by applications. –Unreliable protocol – No guarantee of delivery. –For network services not affected by occasional lost or dropped packets. TCP is a connection-oriented protocol. –Data delivery is guaranteed. –Does this with flow control and error correction. 37

38 TCP Flow Control Both hosts have a sliding window (they can be of different sizes). –It defines the number of bytes (actually, “chucks” of data, or segments) that the host can send without worrying about an acknowledgment from the other host. When the window slides to a portion of the buffer, that portion is “freed up” for transmission. When an acknowledgment is received, the windows “slides” over to the next batch of bytes get to be sent. 38

39 TCP Error Correction TCP is reliable because if the recipient receives a segment from the sender successfully, it will let the sender know. –Oddly, it does this not by saying “I got it” but rather, “Give me the next piece.” –This mechanism is called forward acknowledgment. If the recipient doesn’t receive a segment, it will also let the sender know, using the same acknowledgment mechanism. –In this case, instead of asking for the next piece, it asks for a piece that the sender has sent previously. –The sender interprets this as indication that the previously-sent segment was lost somehow in transmission. –The sender then resends the segment. –This will be done again until the recipient gets the segment. Obviously, to do this, each segment must have some sort of “ID”. This ID is called sequence number, or SEQ. 39

40 TCP Sequence Numbers A sequence number is just a very long number and is quasi-randomly generated. For either side of the connection, two types of SEQ numbers are involved: –An initial SEQ (used in connection establishment) –SEQs assigned to the data transmitted During connection establishment (handshake), each host (client and server) must let the other one know where its SEQs will start. –Usually, the two hosts will have very different SEQs. 40

41 Initial Sequence Numbers In the very first segment, the client (info requester) will tell the server (info provider) – this is my first SEQ number. This is the Initial Sequence Number (ISN). The server’s answer, following the mechanism of forward acknowledgment, is to ask for the segment with the “ID” of ISN client + 1. Therefore, for the client the SEQs for data segments start with a SEQ of ISN client + 2. At the same time the server acknowledges the receipt of the first segment from the client, it also tells the client ISN server. The client acknowledges this by asking for the segment identified by ISN server + 1. So, the data segments sent from the server start with ISN server + 2. What about segment afterwards? 41

42 Stream Orientation of TCP Most, if not all, data have to be transmitted over a number of chunks (segments). TCP doesn’t read the data taken from the application layer. So it doesn’t divide data into segments based on units used in application layers (a page of document, a row in database, etc.). TCP simply line up the bytes comprising the data, sequentially, from the first to the last byte. The bytes are numbered sequentially, and the numbering starts with SEQ + 2. Each segment has an “ID”, which simply is the sequence number of the first byte in the segment. 42

43 SEQ Numbers for Data The first data segment has a SEQ 1 = ISN + 2. Since each byte is numbered and each segment (composed by a predetermined number of bytes) is identified by the sequence number of the first byte in the segment, we have: SEQ 2 = SEQ 1 + Size of Segment Subsequently, SEQ 3 = SEQ 2 + Size of Segment –And so on and so forth. Using SEQ numbers, segments can arrive in any order and at different times. –The receiving host will use the SEQs to line up the segments in the right order. In other words, the stream of bytes that comprise the data will be restored at the destination host. 43

44 44

45 Error Correction Expressed in SEQs The receiver doesn’t send out an ACK for each segment it receives. Forward acknowledgement is cumulative. If the sender sends chunks # 202, 402, and 602, and it receives the ACK of 802, it knows that all three segments have arrived safe and sound. If it receives an ACK of 602, it knows that it should resend chunk #

46 TCP Segment Format 46

47 TCP Segment Format Source Port (16 bits) Destination Port (16 bits) Sequence Number (32 bits) Acknowledgement Number (32 bits) Control (6 bits) –URG: The value of the urgent pointer field is valid –ACK: The value of the acknowledgement field is valid –PSH: Request for push –RST: Reset the connection –SYN: Synchronize sequence numbers –FIN: Terminating the connection Window (16 bits) –For flow control 47

48 Important TCP Header Fields Source Port (16 bits) Destination Port (16 bits) Sequence Number (32 bits) Acknowledgement Number (32 bits) Control Bits (aka flags; 1 bit each; 1 means on; 0 means off) –URG: The value of the urgent pointer field is valid –ACK: The value of the acknowledgement field is valid –PSH: Request for push –RST: Reset the connection –SYN: Synchronize sequence numbers –FIN: Terminating the connection Window (16 bits) –For flow control 48

49 TCP Three-Way Handshake Source: Wendell Odom, Cisco CCNA Certification Guide. 49

50 UDP Datagram Format 50

51 Internet Protocol IP is unreliable. It works on the best-effort basis. –It relegates the work of error detection to higher layers (TCP, application, etc.). When a packet is too large to deliver (which often is the case), IP divides it into smaller packets (fragmentation). Packets can arrive out of sequence. IP relies on information contained in the IP header to reassemble them into the original-size packet and pass it to the Transport layer. 51

52 Layer 3: IP Packet 52

53 IP Header Fields 53

54 Important IP Header Fields Version (4 bits) –The version of the IP protocol. IHL (4 bits) –The total length of the datagram header. It is needed because the header can vary from 20 to 60 bytes. Total Length (16 bits) –Header length + length of the data coming from upper layers. –Total length has a maximum of 65,535 bytes. Protocol (8 bits) –Higher layer protocol that uses the services. –Know the values for TCP, UDP, ICMP, IGMP. Source Address (32 bits) Destination Address (32 bits) 54

55 Important IP Header Fields Fragmentation (13 bits) –Each Data Link Layer protocol has its own frame format, incl. the maximum size of the data field (Maximum Transfer Unit, MTU). –An IP datagram may have to be broken down into smaller units to fit into the Layer 2 frame. When a datagram is fragmented, each fragment has its own header with most of the fields identical except: flags, fragmentation offset, and total length. –The fragmentation offset is the offset of the data in the original datagram that indicates the relative position of this fragment in the entire packet. 55

56 Internet Control Message Protocol Internet Control Message Protocol (ICMP) is a control and information protocol, which is used to determine: –Remote network’s availability. –Length of time to reach a remote network. –The best route for packets to reach a remote network. ICMP can handle the flow of traffic, telling other network devices to “slow down” transmission speeds if packets are coming in too fast. ICMP is not connection-oriented (uses UDP). –Designed to carry small messages quickly. –Has minimal overhead. –Has minimum impact to bandwidth. 56

57 ICMP Message Types ICMP messages are used to exchange information about network host status, traffic condition, etc. Two important fields in an ICMP message are: –Type: A one-byte field to indicate the kind of ICMP message. –Code: For message of certain types, a one-byte Code field may have a value to further identify a message. For example, a ping command goes from one host to another and receive a response from the latter. Two types of ICMP messages are involved in this process: –Echo Request –Echo Reply 57

58 ICMP Messages TypeDescriptionCodeDescription 0Echo Reply 3Destination Unreachable0Network unreachable 1Host unreachable 3Port unreachable 6Destination network unknown 7Destination host unknown 4Source Quench 5Redirect Message 8Echo Request 58


Download ppt "NETWORKING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security."

Similar presentations


Ads by Google