* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download lecture 1 – Internet Layer IP, ARP,ICMP and IGMP
TCP congestion control wikipedia , lookup
Point-to-Point Protocol over Ethernet wikipedia , lookup
IEEE 802.1aq wikipedia , lookup
Asynchronous Transfer Mode wikipedia , lookup
Multiprotocol Label Switching wikipedia , lookup
Distributed firewall wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Network tap wikipedia , lookup
Airborne Networking wikipedia , lookup
Computer network wikipedia , lookup
List of wireless community networks by region wikipedia , lookup
Deep packet inspection wikipedia , lookup
Internet protocol suite wikipedia , lookup
Packet switching wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
UniPro protocol stack wikipedia , lookup
Zero-configuration networking wikipedia , lookup
CIT 742: Network Administration and Security DeSiaMore www.infoposter.co.tz 1 Powered by DeSiaMore DeSiaMore Important Information Lecturer name: Mr. Mohammed A. S. Find out about my contact details from my personal 2 website http://ifm.ac.tz/staff/msaleh For any questions regarding the course, you can write me an email at any time. Will try to be prompt for response. If you need to see me in my office please book an appointment by writing me an email [email protected] All notes will be uploaded on the CIT 524 web page, http://ifm.ac.tz/staff/msaleh/CIT742.html A hardcopy will be submitted to the class representative Powered by DeSiaMore DeSiaMore Origin of TCP/IP and the Internet The TCP/IP is like a language that computers speak Is a set of rules that defines how two computers address each other and send data to each other. Multiple protocols that are grouped together form a protocol suite and work together as a protocol stack. What is TCP/IP? A set of protocols that enable communication between computers. A network administrator can choose from many protocols, but the TCP/IP protocol is the most widely used 3 Powered by DeSiaMore DeSiaMore Features of TCP/IP 1. Support from vendors 2. receives support from many hardware and software vendors not tied to the development efforts of a single company the choice to use TCP/IP on a network can be based on the purpose of the network and not on the hardware or software that has been purchased. Interoperability can be installed and used on virtually every platform 3. For example, using TCP/IP, a Unix host can communicate and transfer data to a DOS host or a Windows host It eliminates the cross-platform boundaries Flexibility the latitude an administrator has in assigning and reassigning addresses Powered by DeSiaMore 4 DeSiaMore Cont … 4. Routability 5 An administrator can automatically or manually assign an IP address to a host A limitation of many protocols is their difficulty in moving data from one segment of the network to another TCP/IP is exceptionally well adapted to the process of routing data from one segment of the network to another History of the Internet Powered by DeSiaMore DeSiaMore Design goals of TCP/IP Hardware independence Software independence featured automatic recovery from any dropped or lost data. Efficient protocol with low overhead 6 Could be used by different software vendors and applications. Failure recovery and the ability to handle high error rates Could be used on a Mac, PC, mainframe, or any other computer. had a minimal amount of “extra” data moving with the data being transferred. This extra data, called overhead, functions as packaging for the data being transferred and enables the data transmission. Powered by DeSiaMore DeSiaMore Cont… Routable Data 7 data could make its way through an internetwork of computers to any possible destination. For this to be possible, a single and meaningful addressing scheme must be used Powered by DeSiaMore DeSiaMore Moving Data Across the Network Older communications used circuit-switched networks Newer standards used packet switched networks Moving Data on a Circuit-Switched Network Data moves across the same path throughout the entire communication An example of a circuit-switched network is the telephone system 8 When you make a telephone call, a single path (also called a circuit) is established between the caller and the recipient For the entire conversation, the voice data keeps moving through the same circuit. Powered by DeSiaMore DeSiaMore Cont … Circuit-switched network 9 Powered by DeSiaMore DeSiaMore Cont … Moving Data on a Packet-Switched Network Circuit-switched network was unacceptable for the Internet. Data had to be able to move through different routes so that if one circuit went down, it didn’t affect communication on the rest of the network. 10 Instead, data simply would take a different route. The Internet uses a packet-switched network The sending computer transmits data fragments which are more manageable chunks. Each packet is then individually addressed and sent to its intended recipient Powered by DeSiaMore DeSiaMore Cont … The receiving computer reassembles the packets into the original message Packet-switched network 11 Powered by DeSiaMore DeSiaMore Cont … 12 The receiving computer reassembles the packets into the original message Several routes that the data packets can follow from the source to the destination Powered by DeSiaMore DeSiaMore Protocols A protocol is a rule or a set of rules and standards for communicating that computers use when they send data back and forth. A group of protocols is called a protocol suite or a protocol stack Protocol suites are easier-to-use and more friendly in name. Some are proprietary protocols that have limited use 13 Both the sender and receiver involved in data transfer must recognize and observe the same protocols developed for specific purposes to meet some particular need of the hardware or software involved Powered by DeSiaMore DeSiaMore Cont … IPX/SPX AppleTalk This is the protocol suite that Apple has implemented with its operating system. TCP/IP 14 Novell has implemented with its operating system. The acronym stands for Internetwork Packet Exchange/ Sequenced Packet Exchange. A standard of the Internet. Anyone who would like to use the Internet must use the TCP/IP suite. Powered by DeSiaMore DeSiaMore Recap : OSI Model 15 Powered by DeSiaMore DeSiaMore Recap : OSI Model Vs DoD Model 16 Powered by DeSiaMore DeSiaMore Recap : OSI Model Vs DoD Model Terms to know: 17 Peer-layer communication DoD ISO OSI Layer Protocol suite/ protocol stack Encapsulation Headers Powered by DeSiaMore DeSiaMore Network Interface and Internet layers Address and route packets Protocols place headers onto the packet 18 Define how the packets are moved to and from the network Like labels being placed on a package that is being mailed As each packet is received at a host, it is examined to see if it needs to be processed or discarded. Powered by DeSiaMore DeSiaMore Network Interface layer Primary responsibility is to define how a computer connects to a network This layer does not regulate the type of network that the host is on 19 This is an important part of the data delivery process because data must be delivered to a particular host through a connection to a network Data leaving a host has to follow the rules of the network that it is on but the network that the host is on dictates the driver that the Network Interface layer uses. The host can be on an Ethernet, Token Ring, or Fiber Distributed Data Interface (FDDI) Powered by DeSiaMore DeSiaMore Cont … The host has to follow the rules for transmitting and receiving data according to the topology of the network. Used to receive packets and to send packets. The header at the NI layer contains addressing information 20 an address called a hardware address Consider the graphic representation that follows: Powered by DeSiaMore DeSiaMore Cont … 21 Powered by DeSiaMore DeSiaMore Hardware address Comes from a physical address that is burned into every NIC when the card is manufactured This address will not change for the life of the card This burned-in address can be called any of the following: 22 Hardware address Media Access Control (MAC) address Ethernet address Physical address Network Interface Card (NIC) address It is a 12-character hexadecimal address Powered by DeSiaMore DeSiaMore Cont … It looks like this: 00:A0:C9:0F:92:A5 The first six characters represent the manufacturer and are unique to the network card’s manufacturer The last six characters form a unique serial number that the card’s manufacturer has assigned to it Note: For all TCP/IP communication to occur, the sender/builder of the packet must know the destination hardware address. If the target hardware address matches that of the receiving network interface card, or if the packet was broadcast, the packet is passed up the stack for processing If it is different then the packet is discarded. 23 Powered by DeSiaMore DeSiaMore Broadcast packets Every packet must be addressed to a host. A broadcast packet contains the target hardware address of FF:FF:FF:FF:FF:FF. NI Layer analogy 24 every host will examine every packet to see if each is addressed to that host’s unique hardware address. Get well soon card -> Courier -> Receiving department Powered by DeSiaMore DeSiaMore Internet Layer Lies between the Network Interface layer and the Transport layer contains the protocols that are responsible for addressing and routing of packets Contains several protocols, including: 25 Internet Protocol (IP) Address Resolution Protocol (ARP) Internet Control Message Protocol (ICMP) Internet Group Message Protocol (IGMP) As the packet moves up to the Internet layer, it also needs to contain an IP address Powered by DeSiaMore DeSiaMore Cont … 26 Protocols at the Internet layer Powered by DeSiaMore DeSiaMore Internet Protocol Responsible for determining the source and destination IP addresses of every packet. every host on a network is assigned a unique IP address IP address refers to a logical address An example of an IP address is: 192.168.5.1 A portion of the IP address describes the network that the host is on, and a portion describes the unique host address on that network. IP layer analogy 27 Street address -> person receiving the letter Powered by DeSiaMore DeSiaMore Cont … IP determines whether the destination is local or remote as compared to the source host IP can make this determination based on the IP address of the target and the subnet mask of the source host. 28 The target is local if IP determines that the target is on the same network it is remote if the target is on another network subnet mask is a required parameter of every TCP/IP address that is used to separate the network and host portions of that address. Powered by DeSiaMore DeSiaMore Determining Whether the Destination Is Local or Remote If the destination is addressed to a host on the local network If the host is on a remote network TCP/IP needs to send the packet through the default gateway. A default gateway, also called a router, is the address of a host on the network that offers a route off of the network Mail package analogy 29 TCP/IP can communicate directly with the destination host Same street (you can do it) -> Different city (post office) Powered by DeSiaMore DeSiaMore Cont … 30 Powered by DeSiaMore DeSiaMore Cont … The IP protocol in Harry’s TCP/IP stack will examine the destination address (Sally’s) and determine that Sally is local to Harry. How do you determine that the destination is local? If the target host is local, IP needs to get the hardware address for the target. If the target host is remote, IP looks in its routing table for an explicit route to that network 31 If there is an explicit route, IP needs to get the hardware address of the gateway listed in the routing table If there is no explicit route, IP needs to get the hardware address for the default gateway. Powered by DeSiaMore DeSiaMore Determining the Hardware Address 32 Powered by DeSiaMore DeSiaMore Cont … If a packet needs to be sent to a remote host, the destination hardware address will be for the default gateway and the destination IP will be for the host The gateway then determines whether the target IP address is on one of its other interfaces or whether the default gateway needs to forward the packet to another router Airport analogy - > direct or indirect flight 33 If the target is on one of the other interfaces, IP can send the packet through that interface onto the destination network. IP on the gateway strips off the original IP header and puts a new IP header on the packet. The gateway is now the source, and the destination of the packet is either the actual target Powered by DeSiaMore DeSiaMore Cont … IP uses the Address Resolution Protocol (ARP) to get the hardware address of the destination host 34 Finds the hardware address of the destination host based on the IP address that the Internet Protocol is asking for. Powered by DeSiaMore DeSiaMore Address Resolution Protocol (ARP) It is a protocol that can resolve an IP address to a hardware address Before translating a logical to a physical address ARP will look at its ARP cache 35 After the hardware address is resolved ARP maintains that information for a short time ARP cache is an area in RAM where ARP keeps the IP and hardware addresses that have been resolved If the IP address is not in ARP cache, ARP will initiate an ARP request broadcast Once the resolution is done the hardware address will be stored in the ARP cache for 120 seconds Powered by DeSiaMore DeSiaMore Address Resolution Protocol (ARP) 36 ARP cache An entry in ARP cache is dynamic when an address has been discovered through broadcast, and static when the address has been manually added Powered by DeSiaMore DeSiaMore Cont … Using Broadcast to Resolve a Hardware Address When does an ARP protocol initiate an ARP request? This request is broadcast on the local network Harry’s ARP is trying to get resolution for the IP address of 209.132.94.101 ARP broadcasts a packet onto the network that basically says: The ARP broadcast is addressed to every host by setting the destination hard- ware address to FF:FF:FF:FF:FF:FF The ARP broadcast also contains the source’s hardware address. 37 “HEY, WHOEVER IS 209.132.94.101, I NEED YOUR HARDWARE ADDRESS!” Including the source’s hardware address expedites the reply from the destination host Powered by DeSiaMore DeSiaMore ARP Operation 38 Powered by DeSiaMore DeSiaMore Cont … 39 Powered by DeSiaMore DeSiaMore Cont … As the ARP packet is received at each host 40 the network interface card takes the packet off of the wire and passes it up through the Network Interface layer to the Internet layer and ARP When the hardware address is found an ARP reply is packaged and sent back, including the source and destination hardware addresses An ARP reply is sent out as a unicast whereas the ARP request is a broadcast. Powered by DeSiaMore DeSiaMore Cont … 41 Powered by DeSiaMore DeSiaMore Cases using ARP There are four cases that use ARP: 1. Same LAN Here the ARP request is broadcast on the LAN if not already available in the ARP table of the sender. 2. Host to Router A host wants to send a packet to another host on another network. It must first be delivered to a router. 3. Router to Router A router receives a packet to be sent to a host on another network . It must first be delivered to the appropriate router 4. Router to Host Router receives a packet to be sent to a host on the same network. 42 Powered by DeSiaMore DeSiaMore Case 1: Same LAN 43 Powered by DeSiaMore DeSiaMore Case 2: Host to Router 44 Powered by DeSiaMore DeSiaMore Case 3: Router to Router 45 Powered by DeSiaMore DeSiaMore Case 4: Router to Host 46 Powered by DeSiaMore DeSiaMore Summary Each router/host maintains an ARP table The table is empty on boot up An ARP request is a broadcast while an ARP reply is a unicast. Each time an ARP request is answered, it is entered in the table for the future The computer receiving the request can add the source computer’s details to its own ARP table. 47 Powered by DeSiaMore DeSiaMore Internet Control Message Protocol (ICMP) Used primarily for sending error messages, performing diagnostics, and controlling the flow of data. Types of ICMP messages Destination unreachable may be sent from the host or from a router - unknown/unavailable/prohibited network/host/service. Source quench message informs the source that a datagram has been discarded due to congestion in a router or the destination host The source must slow down the sending of datagram until the congestion is relieved. 48 Powered by DeSiaMore DeSiaMore Cont … Time Exceeded Whenever a router receives a datagram with a TTL value of zero, it discards the datagram and sends a time-exceeded message ICMP message to the original source. Redirection This is an ICMP message generated due to inefficiency of the initial routes chosen to send packets. 49 Powered by DeSiaMore DeSiaMore Performing Diagnostics with ICMP and Ping Using ICMP as a diagnostic tool is with the Ping utility Four ICMP echo request packets to the destination host for them to be replied. If the data returns, the admin can assume successful connectivity to the destination. If the ICMP packet does not return, then a connectivity problem exists. A ping command can be executed at the command prompt (win) or the terminal in an (Ix) 50 ping [ip address] or [dns name] Powered by DeSiaMore DeSiaMore Examining ping packets 51 The source host (209.132.94.100) pinged the destination host (209.132.94.101). Figure shows a screenshot of the result obtained. Powered by DeSiaMore DeSiaMore Screenshot shows: 1. 2. 3. 4. 5. 52 (Frame 1) An ARP request is broadcast for the target 209.132.94.101. (Frame 2) An ARP reply is sent to the source at 209.132.94.100 with the target’s hardware address. (Frame 3) An ICMP packet is sent from the source 209.132.94.100 to the destination 209.132.94.101 requesting an “echo.” (Frame 4) An ICMP echo reply is sent from the destination 209.132.94.101 to the source 209.132.94.100. (Frames 5–10) Steps 3 and 4 are repeated three more times. Powered by DeSiaMore DeSiaMore Cont … It takes virtually no overhead for the destination to respond with an ICMP reply. Some websites will not reply to ICMP request packets. Example websites include www.microsoft.com and www.ebay.com Enormous amount of ping- request traffic Microsoft was receiving caused the overhead to get excessive Their servers no longer reply to such requests 53 ICMP echo packets are filtered or dropped at the fire- wall for security purposes A company may not want outsiders pinging or “groping” inside their network. Powered by DeSiaMore DeSiaMore Cont … It takes virtually no overhead for the destination to respond with an ICMP reply. Some websites will not reply to ICMP request packets. Example websites include www.microsoft.com and www.ebay.com Enormous amount of ping- request traffic Microsoft was receiving caused the overhead to get excessive Their servers no longer reply to such requests 54 ICMP echo packets are filtered or dropped at the fire- wall for security purposes A company may not want outsiders pinging or “groping” inside their network. Powered by DeSiaMore DeSiaMore Internet Group Management Protocol (IGMP) Enables one host to send one stream of data to many hosts 55 at the same time. The destination IP address used by IGMP is called a multicast address Multicast addresses contain reserved IP’s, which are not assigned to hosts. Devices on a network use IGMP packets to exchange data Some routing protocols use IGMP to exchange routing tables Across the Internet, many sites are using IGMP packets to move streams of data to many hosts concurrently Powered by DeSiaMore DeSiaMore Questions DeSiaMore Powered by DeSiaMore