Download knowledge on Internet and networking

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
page
45
page
46
page
47
page
48
page
49
page
50
page
51
Document related concepts
no text concepts found
Transcript 
CIS 3360: Security in Computing
Pre-Knowledge: Internet and Networking
Cliff Zou
Spring 2012
Objectives

Obtain the basic knowledge of computer
networking and the Internet



Concepts of network applications, Internet
Basic knowledge of network protocols: TCP/IP
Reading assignment:

Wikipiedia tutorials:
http://en.wikipedia.org/wiki/Internet
 http://en.wikipedia.org/wiki/TCP/IP


Reference book:

Computer Networking: A Top Down Approach
Featuring the Internet, 5th edition. Jim Kurose,
Keith Ross, Addison-Wesley, Pearson
Education, 2010
2
Lecture Materials
Some of these slides are adapted from the
slides copyrighted by
Jim Kurose, Keith Ross
Addison-Wesley, Pearson
Education2010.
Computer Networking: A Top Down
Approach Featuring the Internet, 5th
edition.
3
A Little Bit of Internet History











1961: Kleinrock - queueing theory shows effectiveness of packetswitching
1967: ARPAnet conceived by Advanced Research Projects Agency
1969: First ARPAnet node operational
1972: 15 nodes in ARPAnet; First e-mail program
1973: Metcalfe’s PhD thesis proposes Ethernet
1974: Cerf and Kahn - architecture for interconnecting networks
1983: deployment of TCP/IP
1982: smtp e-mail protocol defined
1983: DNS defined for name-to-IP-address translation
early 1990s: Web
Late 1990’s – 2000’s: instant messaging, P2P file sharing; network
security, est. 50 million host, 100 million+ users, backbone links
running at Gbps
4
Cerf and Kahn’s internetworking principles:
 minimalism, autonomy - no internal
changes required to interconnect
networks
 best effort service model
 stateless routers
 decentralized control
define today’s Internet architecture
5
What is the Internet?
Application
Web, Email…
Application
Transport
TCP, UDP
Transport
Network
IP
Network
Data Link
Ethernet, cellular
Data Link
Physical
6
link
Some Internet applications







E-mail
Web
Instant messaging
Remote login
P2P file sharing
Multi-user network
games
Streaming stored video
clips



Internet telephone
Real-time video
conference
Massive parallel
computing
Internet
 Internet: loosely
hierarchical “network of
networks”


Major Components: Hosts,
Routers, Communication links
Protocols: for sending,
receiving of msgs

e.g., TCP, IP, HTTP, FTP, PPP

Internet standards

RFC: Request for comments
IETF: Internet Engineering Task
Force

router
server
workstation
mobile
local ISP
regional ISP
company
network
88
Internet: Three Components



End systems (hosts):
millions of connected
computing devices
executing network
applications
Routers: forwarding packets
(chunks of data)
Communication links:
Connecting hosts and
routers


fiber, copper, radio, satellite
transmission rate =
bandwidth
router
server
workstation
mobile
local ISP
regional ISP
company
network
99
Internet Service

Communication infrastructure enables distributed
applications:


Web, email, games, e-commerce, file sharing
Communication services provided to applications:


Connectionless unreliable
connection-oriented reliable
10
10
Internet structure: network of networks


roughly hierarchical
at center: “tier-1” ISPs (e.g., UUNet, BBN/Genuity, Sprint,
AT&T), national/international coverage

treat each other as equals
Tier-1
providers
interconnect
(peer)
privately
Tier 1 ISP
Tier 1 ISP
NAP
Tier-1 providers
also interconnect
at public network
access points
(NAPs)
Tier 1 ISP
1111
Internet structure: network of networks

“Tier-2” ISPs: smaller (often regional) ISPs

Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs
Tier-2 ISP pays
tier-1 ISP for
connectivity to
rest of Internet
 tier-2 ISP is
customer of
tier-1 provider
Tier-2 ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
NAP
Tier 1 ISP
Tier-2 ISPs
also peer
privately with
each other,
interconnect
at NAP
Tier-2 ISP
Tier-2 ISP
12
12
Internet structure: network of networks

“Tier-3” ISPs and local ISPs

last hop (“access”) network (closest to end systems)
local
ISP
Local and
tier- 3 ISPs
are customers
of
higher tier
ISPs
connecting
them to rest
of Internet
Tier 3
ISP
Tier-2 ISP
local
ISP
local
ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
local
local
ISP
ISP
local
ISP
NAP
Tier 1 ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
local
ISP
13
13
Internet structure: network of networks

a packet passes through many networks!
local
ISP
Tier 3
ISP
Tier-2 ISP
local
ISP
local
ISP
Tier-2 ISP
Tier 1 ISP
Tier 1 ISP
Tier-2 ISP
local
local
ISP
ISP
local
ISP
NAP
Tier 1 ISP
Tier-2 ISP
local
ISP
Tier-2 ISP
local
ISP
14
14
“Real” Internet delays and routes


What do “real” Internet delay & loss look like?
Traceroute program: provides delay measurement
from source to router along end-end Internet path
towards destination. For all i:



sends three packets that will reach router i on path towards
destination
router i will return packets to sender
sender times interval between transmission and reply.
3 probes
3 probes
3 probes
“Real” Internet delays and routes
traceroute: gaia.cs.umass.edu to www.eurecom.fr
Three delay measurements from
gaia.cs.umass.edu to cs1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms
gw.cs.umass.edu
2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms
3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms
4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms
5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms
6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms
7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 mstrans-oceanic
8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms
link
9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms
10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms
11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms
12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms
13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms
14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms
15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms
16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms
17 * * *
* means no response (probe lost, router not replying)
18 * * *
19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
Under Windows is “tracert”
Traceroute from My Home Computer
Where a Router is Placed?

There are many public websites provide
IP location service



www.geobytes.com/iplocator.htm
http://www.iplocation.net/
Based on traceroute and IP locator, you
can know the complete routing path of a
connection

Major reason why many networks block
traceroute traffic
19
Protocol
network protocols:
 all communication activity in Internet governed by
protocols
Protocols define format, order of
messages sent and received among network
entities, and actions taken on message
transmission, receipt
What’s a protocol?
a human protocol and a computer network protocol:
Hi
TCP connection
request
Hi
TCP connection
response
Got the
time?
Get http://www.awl.com/kurose-ross
2:00
<file>
time
A closer look at network structure:


network edge:
applications and
hosts
network core:



routers
network of
networks
Connection:
communication
links
22
22
The network edge:

end systems (hosts):




client/server model



run application programs
e.g. Web, email
at “edge of network”
client host requests, receives
service from always-on server
e.g. Web browser/server; email
client/server
peer-peer model:


minimal (or no) use of
dedicated servers
e.g. Gnutella, KaZaA
Network edge: connection-oriented
service
TCP [ Transmission Control Protocol ]

reliable, in-order : byte-stream data transfer


flow control:


loss: acknowledgements and retransmissions
sender won’t overwhelm receiver
congestion control:

senders “slow down sending rate” when network congested
Examples of applications using TCP:
 HTTP (Web), FTP (file transfer), SSH
(remote secure login), SMTP (email)
Network edge: connectionless service

UDP [User Datagram Protocol]




connectionless
unreliable data transfer
no flow control
no congestion control
Examples of applications using UDP:

streaming media, teleconferencing, DNS, Internet
telephony
The Network Core


mesh of interconnected
routers
data transfer methods
through net


circuit switching:
dedicated circuit per
call: telephone net
packet-switching:
data sent through
net in discrete
“chunks”
Circuit Switching
End-end resources
reserved for “call”




call setup required
link bandwidth, switch
capacity
dedicated resources: no
sharing
circuit-like (guaranteed)
performance
Packet-switched networks


Move packets through routers from source to
destination
datagram network:



destination address in packet determines next hop
routes may change during session
virtual circuit network:



each packet carries tag (virtual circuit ID), tag determines next
hop
fixed path determined at call setup time, remains fixed thru call
routers maintain per-call state
Internet protocol stack

application: supporting network
applications


transport: host-host data transfer


IP, routing protocols
link: data transfer between neighboring
network elements


TCP, UDP
network: routing of datagrams from
source to destination


FTP, SMTP, HTTP
PPP, Ethernet
physical: bits “on the wire or wireless”
application
transport
network
link
physical
source
message
segment Ht
datagram Hn Ht
frame
Hl Hn Ht
M
M
M
M
application
transport
network
link
physical
Encapsulation
Hl Hn Ht
M
link
physical
Hl Hn Ht
M
switch
destination
M
Ht
M
Hn Ht
Hl Hn Ht
M
M
application
transport
network
link
physical
Hn Ht
Hl Hn Ht
M
M
network
link
physical
Hn Ht
Hl Hn Ht
M
M
router
Message Flow





transport segment from
sending to receiving host
on sending side
encapsulates segments
into datagrams
on receiving side, delivers
segments to transport
layer
network layer protocols in
every host, router
router examines header
fields in all IP datagrams
passing through it
application
transport
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
network
data
link
data link
physical
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
application
transport
network
data link
physical
31
TCP/IP
Introduction
32

TCP  Transport Layer

IP  Network Layer

Networking security mainly deals
with these two services/protocols
33
Transport Layer

TCP - connection-oriented service


Provide reliable data transmission
Used by most data-based, not time-sensitive
network applications



Email, Web, file transfer….
Require to set up TCP connection channel first
UDP – connectionless service


Unreliable data transmission
Error packets will be discarded without
retransmission


No additional delay for future incoming packets
Used for time-sensitive, error-tolerant applications

VOIP, video streaming, DNS….
34
Transport vs. network layer


network layer: logical communication between hosts
transport layer: logical communication between
processes

relies on, enhances, network layer services
C
Sport:8050
Dport: 25
A
B
Sport:4625
Dport: 80
D
Addressing processes



to receive messages, process must have identifier
identifier includes both IP address and port numbers
associated with process on host.
host device has unique 32-bit IP address


Example port numbers:



IP address is for addressing a host/computer
HTTP server: 80
Mail server: 25
to send HTTP message to gaia.cs.umass.edu web
server:


IP address: 128.119.245.12
Port number: 80
TCP and UDP Port Numbers



16 bits (0 – 65535)
Internet Assigned Numbers Authority
(IANA) www.iana.org
Well known ports (0 -1023)


Registered ports (1024 – 49151)


Example: HTTP – 80, SMTP – 25
Example: HTTP alternate 8080 used for web
proxy and caching server
Dynamic and/or private ports: (49152–
65535)

Each TCP connection is identified by
4-tuple:
source IP address
 source port number
 dest IP address
 dest port number


These four values are widely used in
network filtering and intrusion
detection
38
UDP Packet Header
32 bits



UDP packet
Length, in
header is 8
bytes of UDP
segment,
bytes long
including
header
Port number is
16 bits long
Checksum for
verifying packet
error
39
source port #
dest port #
length
checksum
Application
data
(message)
UDP segment format
UDP Transmission Process
Host B
Host A


No acknowledgement
from recipient
Sending rate is
controlled by sender
(bounded by sender’s
bandwidth)
X
time
40
TCP Transmission Process (simplified
without considering piplining)
Need sequence # and acknowledge # to
distinguish each packet
41
TCP segment structure
(Header is 20 bytes normally)
32 bits
URG: urgent data
(generally not used)
ACK: ACK #
valid
PSH: push data now
RST, SYN, FIN:
connection estab
(setup, teardown
commands)
Internet
checksum
(as in UDP)
source port #
dest port #
sequence number
acknowledgement number
head not
UA P R S F
len used
checksum
Receive window
Urg data pnter
Options (variable length)
application
data
(variable length)
counting
by bytes
of data
(not segments!)
# bytes
rcvr willing
to accept
TCP seq. #’s and ACKs
Seq. #’s:
 byte stream “number” of first byte in segment’s data
ACKs:
 seq # of next byte expected from other side
 Cumulative ack ack to receive all bytes until the
specified #
Q: how receiver handles out-of-order segments?


TCP spec doesn’t say
Practical approach: save in buffer
Q: How TCP implement duplex communication?

Seq. # for sending data, Ack# for receiving data
An example of TCP Duplex Communication
Host A
Host B
User
79
42
host ACKs
receipt, echoes
back ‘pass’
host ACKs
receipt, send
back use
password
Sequence number is
based on bytes, not packets!
simple telnet scenario
time
ACK Only in Duplex Communication ?
host ACKs
receipt, send
back use
password
time
ACK only packet, seq# is the first byte
to be transmitted in the future
(the packet has no data section)
45
TCP: retransmission scenarios
Host A
X
loss
Sendbase
= 100
SendBase
= 120
SendBase
= 100
time
SendBase
= 120
lost ACK scenario
Host B
Seq=92 timeout
Host B
Seq=92 timeout
timeout
Host A
time
premature timeout
TCP retransmission scenarios
(more)
Host B
Host A
SendBase
= 120
time
Host B
X
loss
SendBase
= 120
Seq=92 timeout
Sendbase
= 100
SendBase
= 120
timeout
Seq=92 timeout
Host A
premature timeout
time
Cumulative ACK scenario
TCP Connection Setup --Three-Way Handshaking
Step 1: client host sends TCP SYN
segment to server
 specifies initial seq #
 no data
Step 2: server host receives SYN,
replies with SYN/ACK segment
server allocates buffers
 specifies server initial seq. #
Step 3: client receives SYN/ACK,
replies with ACK segment, which
may contain data

client
server
TCP Connection Setup

Most firewalls, packet capturing software,
and intrusion detection software use TCP
connection setup packets to determine
how to deal with the new connection

Very important to understand the three-way
handshake
49
TCP Connection Management (cont.)
client
Closing a connection:
close();
server
close
Step 1: client end system
sends TCP/FIN control
segment to server
replies with ACK. Closes
connection, sends FIN.
timed wait
Step 2: server receives FIN,
close
closed
TCP Connection Management (cont.)
client
Step 3: client receives FIN,
replies with ACK.

server
closing
Enters “timed wait” - will
respond with ACK to
received FINs
closing
Step 4: server, receives ACK.
Some applications simply
send RST to terminate TCP
connections immediately
timed wait
Connection closed.
closed
closed
Related documents