TCP/IP Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr.

Slides:



Advertisements
Similar presentations
PJC CCNA Semester 2 Ver. 3.0 by William Kelly
Advertisements

Introduction to TCP/IP
Network Fundamentals – Chapter 4 Sandra Coleman, CCNA, CCAI
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA TCP/IP Protocol Suite and IP Addressing Halmstad University Olga Torstensson
Layer 3 of the TCP/IP protocol stack. Transport layer.
Interconnecting Networks with TCP/IP
Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Networking and Internetworking: Standards and Protocols i206 Fall 2010 John Chuang Some slides adapted from Coulouris, Dollimore and Kindberg.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Prepared By E.Musa Alyaman1 Networking Theory Chapter 1.
Transport Layer TCP and UDP IS250 Spring 2010
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Gursharan Singh Tatla Transport Layer 16-May
Chapter Overview TCP/IP Protocols IP Addressing.
CS 356 Systems Security Spring Dr. Indrajit Ray
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
CS 350 Chapter-6. A brief history of TCP/IP 1983 TCP/IP came to ARPAnet ARPAnet and MILNET dissolved in 1990 BSD UNIX.
Chapter Eleven An Introduction to TCP/IP. Objectives To compare TCP/IP’s layered structure to OSI To review the structure of an IP address To look at.
Networking Basics TCP/IP TRANSPORT and APPLICATION LAYER Version 3.0 Cisco Regional Networking Academy.
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.
Semester 2v2 Chapter 9:  TCP/IP.
TCP/IP Protocol Suite Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009 Asia Pacific Institute.
Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Chapter 4 TCP/IP Overview Connecting People To Information.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
TCP/IP Basic Theory V1.2. Course Outline OSI model and layer function TCP/IP protocol suite Transfer Control Protocol Internet Protocol Address Resolution.
1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
TCP/IP TCP/IP LAYERED PROTOCOL TCP/IP'S APPLICATION LAYER TRANSPORT LAYER NETWORK LAYER NETWORK ACCESS LAYER (DATA LINK LAYER)
TCP/IP Transport and Application (Topic 6)
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
© Introduction to Internetworking – Alex Kooijman 04/04/2000 Introduction to internetworking Part Two.
TCP/IP Protocols Contains Five Layers
Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.
Review the key networking concepts –TCP/IP reference model –Ethernet –Switched Ethernet –IP, ARP –TCP –DNS.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
 network appliances to filter network traffic  filter on header (largely based on layers 3-5) Internet Intranet.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
1 Chapter 8 – TCP/IP Fundamentals TCP/IP Protocols IP Addressing.
Cisco Networking Academy S2 C9 TCP/IP. ensure communication across any set of interconnected networks Stack components such as protocols to support file.
Lecture 4 Overview. Ethernet Data Link Layer protocol Ethernet (IEEE 802.3) is widely used Supported by a variety of physical layer implementations Multi-access.
1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.
Hands-On Ethical Hacking and Network Defense
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
01_NF_Ch04 – OSI Transport Layer ( 傳輸層 ) Source: CCNA Exploration.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Introduction to TCP/IP networking
Introduction to TCP/IP
Level 2 Diploma Unit 10 Setting up an IT Network
TCP/IP Internetworking
TCP/IP Transmission Control Protocol / Internet Protocol
TCP/IP Internetworking
Overview of Networking & Operating System Security
TCP/IP Protocol Suite: Review
PART V Transport Layer.
Networking Essentials For Firewall-1 Administrators
Transport Layer 9/22/2019.
Presentation transcript:

TCP/IP Refresher This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen C. Hayne

Protocol Layer n+1 Vertical & Horizontal Communication sender receiver Protocol Layer n+1 Protocol Layer n Protocol Layer 1

The TCP/IP “Suite” of Protocols RFCs developed & maintained by the Internet Engineering Task Force (IETF) Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet Protocol (IP) Internet Control Message Protocol (ICMP) Originally, no security provisions security provided at application level IPSec is a security add-on for IPv4 IPv6 incorporates IPSec

TCP/IP In this model, the top 3 layers in the OSI model are usually reduced to just “the application layer” Application Layer TCP IP Data Link Layer Physical Layer In reality, we will later squeeze a layer in between the application layer and TCP’s layer

TCP/IP Transmission Control Protocol the “workhorse” on the Internet at OSI Layer 4 (Transport Layer) ensures packets get to the right place, in the right order creates TCP segment by adding a header the User Datagram Protocol (UDP) also operates as this layer Internet Protocol most commonly used protocol at OSI Layer 3 (Network Layer) delivers packets end-to- end creates the IP datagram by adding a header the Internet Control Message Protocol (ICMP) also operates at this layer

The TCP Header TCP Source PortTCP Destination Port ChecksumUrgent Pointer Window Data Offset. Reserved. Control Bits Sequence Number Acknowledgment Number Options (if any)Padding Data 32-bit words

TCP Control/Code Bits URG the Urgent Pointer is significant ACK the Acknowledgement field is significant PSH Push Function — flush data RST reset the connection (due to an error condition) SYN synchronize sequence numbers FIN “the end” en français used during the 3-way handshake to establish a connection

3-way TCP Handshake by Steve Gibson, Gibson Research Corporation

TCP/IP Port Numbers Client sets destination port to a well known port on the server. Client source port is generated dynamically and is set to > Use ‘netstat –an” command to see which ports are currently used.

Application’s TCP Ports File Transfer Protocol (FTP) — Port 21 Secure Shell (SSH) — Port 22 Telnet — Port 23 Simple Mail Transfer Protocol (SMTP) — Port 25 Post Office Protocol version 3 (POP3) — Port 110 HyperText Transfer Protocol (HTTP) — Port 80 Secure HyperText Transfer Protocol (HTTPS) — Port 443 Kerberos — Port 88 [Stallings, §4.1] Echo — Port 7 Finger — Port 79 Network News Transfer Protocol (NNTP) — Port 119 Gopher — Port 70 Doom — Port – Back Orifice Trojan !

TCP v. UDP has control (= code) bits 6 bits what part of the session? has 3-way handshake  SYN=1, initial seq. no.  ACK=SYN=1, initial seq. no., acknowledgment no.  ACK=1, ack. no. has sequence numbers has more overhead SYN, ACK, RST help attackers find open ports “connectionless” protocol “unreliable” protocol no control bits no 3-way handshake can’t tell if a packet is... start of message a response a malicious scan no sequence numbers packets may be permuted dropped packets are not retransmitted

The UDP Header UDP Source PortUDP Destination Port Message LengthChecksum Data 32-bit words

UDP UDP Header contains only source, destination ports, message length, checksum and the data. 16 bit port number so possible ports. It’s harder for network devices to understand and track UDP status. You can’t tell from the header what part of the transmission it is. More difficult to secure therefore easy to use to attack.

Application’s UDP Ports Requests for Domain Name Service (DNS) lookup Port 53 Trivial File Transfer Protocol (TFTP) Port 69 Simple Network Management Protocol (SNMP) Port 161 [Stallings, Chp.8] Echo — Port 7 Gopher — Port 70 RealPlayer [streaming] Data Port 7070 (among others)

The IP Header 32-bit words Source IP Address Destination IP Address Options (if any)Padding Data Total LengthIHL Service Type Version. Fragment Offset FlagsIdentification Header ChecksumProtocol Time to Live

Some IP Header Components Internet Header Length (IHL) Service type sensitivity to delays Identification Supports fragment reassembly Flags “Don’t Fragment,” “More Fragments” Fragment Offset this fragment’s position in the packet Time-to-Live (TTL) max. no. of router-to-router hops packet can take

Internet Control Message Protocol (ICMP) Network layer, “network plumber” Provides more control than IP Same header format as IP, except... protocol field holds the value 1 (= ICMP) data component holds an ICMP type field 0 — echo reply 3 — destination unreachable 4 — source quench 5 — redirect 8 — echo 11 — time exceeded 12 — parameter problem 13 — timestamp 14 — timestamp reply 15 — information request 16 — information reply

IP Addresses 2 32 (= 4,294,967,296) dotted-quad addresses binary: 32 bits min: max: decimal: 4 groups of 3 digits (0-255) min: max: Not all addresses are available some set aside for private networks (“unroutable”) 10.x.y.z, y.z, y.z connects any machine back to itself!

MAC Addresses Medium Access Control (MAC) addresses Data link layer 48 bits Globally unique each card manufacturer has a range of addresses to assign each card has its own MAC address Address Resolution Protocol (ARP) table contains MAC-to-IP mappings

Types of Network Connection Points Hub dumb, broadcasts all packets to everybody Bridge connects 2 + networks, sends packet to destination Router connects several networks, can look up best route Switch additional intelligence, sends packets to one specific MAC address [Personal] firewall [Stallings, Chp. 10] hardware/software passes only authorized packets

Network Address Translation (NAT) Mapping to a single external IP address every inbound packet appears to come from the NAT device’s IP address connect large, IP-address-poor network to Internet One-to-one mapping each machine on the internal network is mapped to a valid IP address map user requests to a perimeter network

NAT Example

Traditional Packet Filters Can filter based on... source IP address destination IP address source TCP/UDP port destination TCP/UDP port TCP code bits protocol in use direction interface Can also filter using a state table which... remembers previous packets outgoing SYN should be followed by an incoming ACK from the appropriate address has timeouts (10-90 secs.) remove entry if no further packets associated with the entry after interval Stateful Packet Filters v.

Adding Security via Protocols Application-layer security Pretty Good Privacy (PGP) [Stallings, §5.1] Secure/Multipurpose Internet Mail Extension (S/MIME) [Stallings, §5.2] Secure Shell (SSH) Secure Socket Layer (SSL)  Transport Layer Security (TLS) [Stallings, §7.2] HTTPS is HTTP running over SSL (on Port 443) Internet Protocol Security (IPSec) [Stallings, Chp. 6] Authentication Header (AH) Encapsulating Security Payload (ESP)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.