Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012."— Presentation transcript:

1 1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012

2 2 Security Goals: Review Three main security goals: C onfidentiality of communications and proprietary information I ntegrity of corporate data A vailability of network services and resources CIA

3 3 TCP/IP and Security Goals Understanding TCP/IP helps understand: Technical aspects of systems attacks like:  Attack Messages’ structure  Attack Messages’ content  What makes attack messages dangerous How defense tools are designed and configured to meet security goals.

4 4 Network Communication Model? Communication Models that define tasks and rules for communication in a network Tasks and rules allow each device to: Generate messages in the required form for transmission “Understand” and process received messages properly Computer 1 Task 1/ Rule 1 Task 2 / Rule 2 Task 3 / Rule 3 Task 4 /Rule 4 Task 5 / Rule 5 Task 1 / Rule 1 Task 2 / Rule 2 Task 3 / Rule 3 Task 4 / Rule 4 Task 5 / Rule 5 Computer 2

5 5 OSI Reference Model 7 layers Each layer communicates with its peer layer, and with layer above and below it. Different protocols at each layer Upper layer deal with application issues, and are implemented in software Lower layers handle data transport issues, and are implemented in software and hardware Application Data transport  OSI model created by the International Organization for Standardization

6 6 OSI Reference Model LayersRole Application Represent user interface between the application sofware (e.g. Eudora) and the Network Provides services like: Identification of the intended communication partner, determining resources availability for communication, etc. 7 Presentation Performs code conversion and data reformatting (syntax translation) incluing encryption and compression if required. Uses coding & conversion schemes: Common Data Representation Formats, Common Data Encryption Schemes, EBCDIC, ASCII, etc. 6 Session Responsible for establishing, managing & terminating communication sessions between computers. Communication sessions consist of service requests and service responses between applications Session layer’s protocols coordinate request & response sessions. 5

7 7 OSI Reference Model LayersRole Transport Makes sure the data arrives at the destination exactly as it left source (in case of connection-oriented communication) Provides error checking before transmission, and error recovery in case of failed delivery. 4 Network Responsible for creating, maintaining and ending network connections. Provides logical address (IP address) to messages Provides routing services: determining routes for sending. If router can’t send large packets, break data into smaller units. 3 Subdivided into 2 sublayers (Logical Link Control and Media Access Control) Provides physical address (MAC address) to messages Combines bits into bytes, bytes into a frames with header, address information, error detection code, and trailer 2 Data Link LLC MAC

8 8 OSI Reference Model LayersRole Physical Handles the transmission of bits over a communication channel. Defines characteristics such as voltage levels, connector types and maximum transmission distance. Places signal on the cable. Responsible to move bits between devices. 1

9 9 The TCP/IP (or Internet) Model 7. Application 6. Presentation 5. Session 4. Transport 3. Network 2. Data Link 1. Physical 4 layers Interface layer - equivalent to the OSI’s Physical and Data Link layers Network layer - roughly equivalent to the OSI’s Network layer Transport layer - performs same function as OSI Transport layer Application layer - equivalent to the OSI’s Presentation and Application layers 4. Application 3. Transport 2. Network 1. Interface OSIInternet

10 10 Applications/Protocols Use in Internet Model LayersApplications/Protocols Application  Webservice: HTTP  E-mail: SMTP (Simple Mail Transfer Protocol), POP (Post Office Protocol), IMAP (Internet Message Access Protocol)  Telnet applications: Terminal Emulation Protocol  File transfer: FTP Transport  TCP (Transmission Control Protocol).  Required in webservice when HTTP is used  Required in Mailservice when SMTP is used. SMTP messages are encapsulated in TCP segments  Connection-oriented: Establishes and maintains connections before sending. Close connections after transmission. Correct errors in TCP segments.  UDP (User Datagram Protocol)  Connectionless: Don’t open connection. Simply sends. Discards incorrect UDP datagrams (no retransmission) Network  IP (Internet Protocol) Interface  PPP (Point-to-Point Protocol)  V.90 for 56 Kbps modems

11 11 Hybrid TCP/IP-OSI Model LayersSample protocols for Web access ApplicationHTTP TransportTCP, UDP, ICMP InternetIP Data LinkEthernet, PPP PhysicalEthernet, Modem standards, Telephone standards

12 12 Layered Communications: Encapsulation – De-encapsulation Application programs on different computers cannot communicate directly There is no direct connection between them! They need to use an indirect communication system called layered communications or layer cooperation Browser Trans Int DL Phy User PC Web App Trans Int DL Phy Webserver HTTP Request

13 13 PPP-T Layer Cooperation on the User PC Encapsulation on the sending machine Embedding message received from upper layer in a new message Application Transport Internet Data Link HTTP req. Physical User PC HTTP req. TCP-H HTTP req. TCP-H IP-H HTTP req. TCP-H IP-H PPP-H IP Packet TCP segment HTTP request Frame Encapsulation of HTTP request in data field of a TCP segment

14 14 Layer Cooperation on the Web server De-encapsulation Other layers pass successive data fields (containing next-lower layer messages) up to the next-higher layer Application Transport Internet Data Link Transmission media Webserver PPP-T HTTP req. TCP-H HTTP req. TCP-H IP-H HTTP req. TCP-H IP-H PPP-H IP Packet TCP segment HTTP request Frame

15 15 Summary Questions (Part 1) 1.What is encapsulation? On what machine does it occur: sending or receiving machine? 2.If layer N creates a message, does Layer N or Layer N-1 encapsulate the message? 3.What layer creates frames? Segments? Packets? 4.Which of the following network communication models is used on the Internet? a)The OSI model b)The HTML model c)The TCP/IP model d)The IP model

16 16 IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time To Live (8 bits) Flags Protocol (8 bits) 1=ICMP, 6=TCP,17=UDP Bit 0Bit 31IP Version 4 Packet Source IP Address (32 bits) Fragment Offset (13 bits) QoS (8 bits) Header Length (4 bits) Version (4 bits) Destination IP Address (32 bits) Options (if any)Padding Data Field 0100  QoS: Also called Type of Service, indicates the priority level the packet should have  Identification tag: to help reconstruct the packet from several fragments  Flags: indicates whether packet could be fragmented or not (DF: Don't fragment), indicates whether more fragments of a packet follow (MF: More Fragments or NF: No More Fragments)  Fragment offset: identify which fragment this packet is attached to  TTL: Indicates maximum number of hops (or routers) the packet could pass before a hop discards it.  Header checksum: to check for errors in the headers only

17 17 Summary Questions (Part 2) What is the main version of the Internet Protocol in use today? What is the other version? What does a router do with an IP packet if it decrements its TTL value to zero? Assume that a router received an IP packet with the Protocol in header set to 6. What Transport layer protocol is used in the message: TCP, UDP, or ICMP?

18 18 IP Fragmentation When a packet arrives at a router, the router selects the port and subnet to forward the packet to If packet too large for the subnet to handle, router fragments the packet; ie. Divides packet’s data field into fragments Gives each fragment same Identification tag value, i.e. the Identification tag of original packet  First fragment is given Fragment Offset value of 0  Subsequent fragments get Fragment Offset values consistent with their data’s place in original packet  Last fragment’s Flag is set to “No More Fragments” Destination host reassemble fragments based on the offsets. Identification (16 bits)FlagsFragment Offset (13 bits) Subnet 1 Subnet 2

19 19 Firewalls and Fragmented IP Packet 5. Firewall 60.168.47.47 Can Only Filter TCP Header in First Fragment Attacker 1.34.150.37 2. Second Fragment 4. TCP Data Field No TCP Header IP Header TCP Data Field 1. First Fragment IP Header 3. TCP Header Only in First Fragment Fragmentation makes it hard for firewalls to filter individual packets TCP or UDP header appears only in the first fragment Firewall might drop the first fragment, but not subsequent fragments Some firewalls drop all fragmented packets Router

20 20 TCP Segment Source Port Number (16 bits)Destination Port Number (16 bits) Bit 0 Bit 31 Acknowledgment Number (32 bits) Sequence Number (32 bits) TCP Checksum (16 bits) Window Size (16 bits) Flag Fields: ACK, SYN,… (6 bits) Reserved (6 bits) Header Length (4 bits) Urgent Pointer (16 bits) Data  Port number: identifies sending and receiving application programs.  Sequence number: Identifies segment’s place in the sequence. Allows receiving Transport layer to put arriving TCP segments in order.  Acknowledgement number: identifies which segment is being acknowledged  Flag fields: Six one-bit flags: ACK, SYN, FIN, RST, URG, PSH. Can be set to 0 (off) or 1 (on). e.g. SYN=1 means a request for connection/synchronization. Q: If the ACK flag is set to 1, what other field must also be set to allow the receiver know what TCP segment is being acknowledged?

21 21 TCP and use of Flags TCP is a connection-oriented protocol Sender and receiver need to establish connection Sender and receiver need to agree to “talk” Flags are used for establishing connection Sender requests connection opening: SYN flag set to 1 If receiver is ready to “talk”, it responds by a SYN/ACK segment Sender acknowledges the acknowledgment If sender does not get ACK, it resends the segment PC Transport Process Webserver Transport Process 1. SYN (Open) 2. SYN, ACK (1) (Acknowledgment of 1) 3. ACK (2) Note: With connectionless protocols like UDP, there is no flags. Messages are just sent. If part of sent messages not received, there is no retransmission. 3-way Handshake Flag Fields (6 bits) ACKSYNFINRSTURGPSH

22 22 Communication during a normal TCP Session Note: At any time, either process can send a TCP RST (reset) segment with RST bit set to 1 to drop the connection (i.e. to abruptly end the connection). Q1: How many segments are sent in a normal TCP communication opening? ____ Q2: How many segments are sent in a normal TCP communication closing? ____

23 23 SYN/ACK Probing Attack SYN/ACK Segment Victim 60.168.47.47 Attacker 1.34.150.37 1. Probe 60.168.47.47 5. 60.168.47.47 is Live! 4. Source IP Addr= 60.168.47.47 3. Go Away! 2. No SYN (Open): Makes No Sense! IP HdrRST Segment  Sending SYN/ACK segments helps attackers locate “live” targets  Older Windows OS could crash when they receive a SYN/ACK probe

24 24 TCP and use of Port numbers Port Number identify applications Well-known ports (0-1023): used by major server applications running at root authority.0-1023 HTTP web service=80, Telnet=23, FTP=21, SMTP email =25 Registered ports (1024-49151): Used by client and server applications. Ephemeral/dynamic/private ports (49152-65535) Not permanently assigned by ICANN. Web server applications www:80FTP:21SMTP:25 Operating System Computer hardware HD RAM chip Processor Socket notation: IP address:Port # Source Port Number (16 bits)Destination Port Number (16 bits)

25 25 Summary Questions (Part 3) A host sends a TCP segment with source port number 25 and destination port number 49562. 1) Is the source host a server or a client? Why? 2) If the host is a server, what kind of service does it provide? 3) Is the destination host a server or a client ? Why?

26 26 TCP and Port spoofing Most companies set their firewall to accept packet to and from port 80 Attackers set their client program to use well-know port 80 Attackers set their application to use well-known port despite not being the service associated with the port

27 27 Summary Questions (Part 4) 1.What is IP Fragmentation? Does IP fragmentation make it easier for firewall to filter incoming packets? Why? 2.What is SYN/ACK probing attack? 3.What kind of port numbers do major server applications, such as email service, use? 4.What kind of port numbers do client applications usually use? 5.What is socket notation? 6.What is port spoofing? 7.How many well-known TCP ports are vulnerable to being scanned, exploited, or attacked?

Download ppt "1 TCP/IP Internetworking (February 1, 2012) © Abdou Illia – Spring 2012."

Similar presentations

CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
Chapter 5: TCP/IP and OSI Business Data Communications, 5e.

Chapter 5: TCP/IP and OSI Business Data Communications, 5e.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.

Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.
Chapter 4 : TCP/IP and OSI Business Data Communications, 4e.

Chapter 4 : TCP/IP and OSI Business Data Communications, 4e.
OSI Model.

OSI Model.
Introduction To Networking

Introduction To Networking
Transport Layer TCP and UDP IS250 Spring 2010

Transport Layer TCP and UDP IS250 Spring 2010
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.

 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
1 Protocol Interaction (ISO’s Open Systems Interconnection (OSI model)) the 7 layers.

1 Protocol Interaction (ISO’s Open Systems Interconnection (OSI model)) the 7 layers.
Process-to-Process Delivery:

Process-to-Process Delivery:
Data Communications and Networks

Data Communications and Networks
OSI Model Routing Connection-oriented/Connectionless Network Services.

OSI Model Routing Connection-oriented/Connectionless Network Services.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.

Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.

Similar presentations

Ads by Google