Download ITI 510 - CJU.com - The Homepage Site of Chris Uriarte

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
page
43
page
44
Document related concepts

Internet protocol suite wikipedia , lookup

Peering wikipedia , lookup

IEEE 802.1aq wikipedia , lookup

Asynchronous Transfer Mode wikipedia , lookup

Net bias wikipedia , lookup

Point-to-Point Protocol over Ethernet wikipedia , lookup

Network tap wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Airborne Networking wikipedia , lookup

AppleTalk wikipedia , lookup

Multiprotocol Label Switching wikipedia , lookup

Distributed firewall wikipedia , lookup

IEEE 1355 wikipedia , lookup

RapidIO wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Computer network wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Deep packet inspection wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Packet switching wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
ITI-510
Computer
Networks
ITI 510 – Computer Networks
Meeting 2
Rutgers University Internet Institute
Instructor: Chris Uriarte
Agenda for Meeting 2
ITI-510
Computer
Networks
• IP (Internet Protocol)
• ARP and RARP (Address Resolution
Protocol, Reverse Address Resolution
Protocol)
• ICMP (Internet Control Messaging
Protocol)
• IP Routing
• traceroute, ping and arp utilities, host
routing tables
Some Very Basic Network Terms
ITI-510
Computer
Networks
• Node – generally refers to any addressable
device on a network like a workstation,
server, router, etc.
• Source – any nodes that initiates a
network connection - “the sender” (source
host, source node, etc.)
• Destination – any node that receives a
network packet or is intened as the
recipient of a network packet (destination
host, destination node, etc.)
• Packet, Frame or Datagram - The unit of
data that is routed between an source and a
destination node on a network.
IP – Internet Protocol
ITI-510
Computer
Networks
• Developed by the DOD – quickly became
the network protocol for governments,
universities and businesses.
• Allows for the seamless integration of
major network segments, new
subnetworks and LANs without disrupting
existing infrastructures.
• The protocol that defines the IP Addresses
• Operates at the Network layer of the OSI
model
Nodes on an IP Network
ITI-510
Computer
Networks
• Nodes on an IP network each have a unique
address – an IP Address
• Recall, IP addresses contain (4) eight bit numbers
separated by decimal places – e.g. 126.6.4.4
• IP address blocks can be divided into subnets –
small networks that contain a range of IP
addresses.
• The Subnet Mask is used to define IP subnetworks
within an IP Block.
• For example, a network 126.6.4.0 with a Subnet
Mask of 255.255.255.0 contains the IP addresses
126.6.4.0 to 126.6.4.255.
IP Networks – Special Addresses
ITI-510
Computer
Networks
• Each IP Subnetwork contains 2 special
addresses that cannot be used by hosts on
the network.
– The network address is the first IP address in a
subnetwork and can be used to describe the
“name” of a particular IP subnetwork (e.g. the
128.6.4.0 network). Using a network address in
conjunction with a subnet mask tells you
EXACTLY the IP addresses contained in a
subnetwork.
– The broadcast address is the last IP address in a
subnetwork range and is used to send a packet
to ALL hosts on a subnetwork. For example,
sending a packet to 128.6.4.255 on the
128.6.4.0/255.255.255.0 network sends a
packet to every host on that network)
Tying it All Together: Network
Subnet, Broadcast Addresses
ITI-510
Computer
Networks
• For example:
• If you have an IP network with a network
address of 64.220.31.0 and a subnet mask
of 255.255.255.0, this means:
– The Network address is 64.220.31.0
– The Broadcast address is 64.220.31.255
– The range of useable host IP addresses within
this network is 64.220.31.1 to 64.220.31.254.
Calculating IP Addresses in a
Subnet
ITI-510
Computer
Networks
• Given a particular IP network address and a subnet
mask, you can calculate IP addresses by comparing
the Binary equivalents of the network address and
the subnet address. Example:
• Network 128.4.3.0 with a subnet of 255.255.255.0
Net: 10000000.00000100.00000011.00000000
Mask: 11111111.11111111.11111111.00000000
• The all-ones portion of the netmask corresponds to
the “network address” portion of an IP address.
• The all-zeros portion of the netmask correspond to
the valid range of host IP addresses in a network.
• In this example 128.4.3.0
(10000000.00000100.00000011.00000000) to
128.4.3.255
(10000000.00000100.00000011.11111111) are in the
subnetwork described above.
Moving IP Packets from One
Host to Another – IP Routing
ITI-510
Computer
Networks
• Sending an IP packet from one host to another
host on network is known as IP Routing.
• In a computer network, the host sending a packet
is known as the source host. The host receiving
the packet is known as the destination host.
• When a host wants to transmit a packet to another
host on an IP Network, several checks are made:
– If the destination host is on the same subnet as the
source host, the packet is transmitted directly to the
destination host.
– If the destination host is on a different subnet, the
packet is sent to a gateway device, which is the
essentially a packet’s “exit ramp” to other networks.
This device is usually an IP router. The router ties
multiple networks together.
– The source host uses the IP address/subnet mask
calculations, demonstrated earlier, to determine if the
destination host is on the same subnet or on a
different subnet.
Basic IP Routing Example
ITI-510
Computer
Networks
Basic Rules for IP Routing
ITI-510
Computer
Networks
• ALL devices connecting to an IP network
follow some very basic rules when
determining where to send a packet:
– If the destination host is part of the the local
network or a network the host is directly
attached to, send the packet directly to the
host.
– If the destination host is NOT attached to a local
network, send the packet to a gateway device,
which can determine what path the packet
should take next.
• The rules above illustrate the concept of
“next-hop routing”
Next-hop Routing
ITI-510
Computer
Networks
• IP does not need to know the complete
route that must be followed to reach a
destination host – It only needs to find the
next hop that will take responsibility for
delivering the packet.
Which Gateway Device?
ITI-510
Computer
Networks
• How does a host know what gateway
device to use? What’s the IP address of
the gateway device?
– Remember, if a source host determines the
destination host is not on the local network, it
must forward the packet to a gateway device.
• Can there be multiple gateway devices on
a network?
– What if we want our host to send packets
destined for network “A” to gateway device “A”
and packets destined for network “B” to
gateway device “B”.
• The use of Host Routing Tables allow us to
address these specific questions.
Routing Tables
ITI-510
Computer
Networks
• Every device on an IP network has a
routing table, which is essentially a
roadmap for IP packets.
• The routing table tells the host where to
send IP packets destined for a specific IP
address or network and the addresses of
any associated gateway devices.
• Simple logical IP Routing Table:
Destination Address
128.6.5.0
128.7.7.0
Any other host/network
Address of Gateway Device
128.6.4.254
128.6.4.128
128.6.4.1
Example: Use of a Host Routing
Table
ITI-510
Computer
Networks
Default Routes
ITI-510
Computer
Networks
• In the previous examples, the “Any other
host/network” destination address is known as the
default route.
• The default route is the gateway address all
packets are sent to if the host cannot find a more
specific route for the destination.
• Sometimes, the “Any other host/network” is
displayed as “0.0.0.0” in the “Destination” column
of the routing table.
• Most PCs on a network are only setup with one
route – the default route. If a destination host is
not on the local network, the packet is passed on
to the default route.
• In the previous slide (diagram), the router
128.6.4.1 is setup as the default route for host “A”.
Examining Host Routing Tables
ITI-510
Computer
Networks
• You can view the routing table on your IP
host. Use:
– netstat –rn (UNIX hosts)
– route print (Windows hosts)
• For example, on the UNIX host
iti.rutgers.edu (165.230.30.68):
Kernel IP routing table
Destination
Gateway
165.230.30.68
0.0.0.0
165.230.30.64
0.0.0.0
127.0.0.0
0.0.0.0
0.0.0.0
165.230.30.65
Genmask
255.255.255.255
255.255.255.192
255.0.0.0
0.0.0.0
Flags
UH
U
U
UG
MSS
0
0
0
0
Window
0
0
0
0
irtt
0
0
0
0
Iface
eth0
eth0
lo
eth0
The IP Packet
ITI-510
Computer
Networks
• The actual IP packet sent from one host to
another is an arrangement of bits in a very
specific format.
• The packet contains the most basic data
needed to send a packet: the address of
the source host, the address of the
destination host and the actual data being
sent.
• The packet also contains a number of
additional mandatory and optional fields
that describe protocol versions, packet
size, checksums, and more.
Anatomy of an IP Packet
ITI-510
Computer
Networks
• An IP Packet contains a 20-byte header,
followed by the actual data, sometimes
referred to as the payload.
BIT 0
BIT 31
20 Bytes
Total
Examining some of the IP
Header Fields
ITI-510
Computer
Networks
• Version - Always set to the value ‘4’, which is the
current version of IP
• IHL (IP Header Length) – The number of 32-bit
words (rows) that form the header
• Type of Service (TOS) - Usually set to 0, but
may indicate particular Quality of Service needs
from the network. There are essentially “handling
instructions” for routers the can treat packets
differently based on the contents of this field. This
value can be set, for example, by the host
operating system, a router or an application.
– TOS Examples include:
• 0000 – Default
• 0001 – “Minimize Monetary Cost”
• 0010 – “Minimize Reliability”
• 0100 – “Maximize Throughput”
• 1000 - “Minimize Delay”
• 1111 – “Maximize Security”
IP Header Fields con’t.
ITI-510
Computer
Networks
• Total Length – Represents, in bytes, the size of
the entire IP packet, including the header and data.
• Identification – A 16-bit number which, together
with the source address, uniquely identifies this
packet - used during reassembly of fragmented
datagrams.
• Flags - a sequence of three flags (one of the 4 bits
is unused) used to control whether routers are
allowed to fragment, or break apart, a packet, and
to indicate the parts of a packet to the receiver
• Fragmentation Offset - a byte count from the
start of the original sent packet, set by any router
which performs IP router fragmentation.
IP Header Fields con’t.
ITI-510
Computer
Networks
• *Time To Live – The total number of
hops /links which the packet may be
routed over. When the packet hits a
router, this value is decremented by most
routers. Therefore, this value will enforce
a maximum hop-count on a packet. This
is used to prevent routing loops.
• *Protocol - A value used to represent
what type of transport-level (layer 4)
protocol or messaging protocol packet is
being used with this IP packet:
– 1 = ICMP; 2= IGMP; 6 = TCP; 17= UDP
– e.g. TCP/IP packets always set to 6, UDP/IP
packets always set to 17, etc.
IP Header Fields con’t
ITI-510
Computer
Networks
• Header Checksum - A mathematical checksum
inserted by the sender and updated whenever the
packet header is modified by a router. Used to
detect processing errors introduced into the packet
inside a router. Packets with an invalid checksum
are discarded by all nodes in an IP network.
• *Source Address - the IP address of the original
sender of the packet.
• *Destination Address - the IP address of the
final destination of the packet.
• Options - Not normally used, but when used the
IP header length will be > 5 32-bit words to
indicate the size of the options field
Sending IP Packets on Local
Networks
ITI-510
Computer
Networks
• Before sending an IP packet directly to a
host on a local LAN, it must first be
“wrapped up” in a frame that is
compatible with a lower-level protocol that
operates on the Data Link Layer of the OSI
model - this is usually the Ethernet
protocol.
• The Data Link layer is responsible for
moving packets from node to node on a
local network.
• In addition to a network address, like an
IP address, every node on an Ethernet
network has a special hardware address.
Ethernet Node Hardware
Addresses
ITI-510
Computer
Networks
• Each Ethernet node has a unique hardware
address that is built into the Network
Interface Card (NIC) that connects it to
the network.
• This address is sometimes referred to as a
MAC Address.
• A MAC Address is usually displayed as six
groups of two hexadecimal digits,
separated by colons:
– 08:00:20:10:d2:ae
• This existence of this address is usually
transparent to the end user.
Transmission of IP Packets over
Ethernet
ITI-510
Computer
Networks
• When an IP packet is transmitted over an
Ethernet LAN, the packet is encapsulated
by an Ethernet packet, which contains the
source and destination MAC address of the
packet.
• The Ethernet packet (which contains the
IP Packet) is sent across the LAN to the
destination host.
• The destination host receives the Ethernet
packet and extracts the IP packet it
contains, which also contains the data
(payload).
Sending an IP Packet over a LAN
ITI-510
Computer
Networks
MAC address and IP Address
Pairings
ITI-510
Computer
Networks
• Therefore, a host must not only know the
IP address of the host it is sending IP data
to, but it must also know the MAC address
associated with that destination IP
address.
• How does a host determine the MAC
address associated with a particular IP
address???
– Answer: ARP (Address Resolution Protocol)
APR – The Address Resolution
Protocol
ITI-510
Computer
Networks
• ARP is a protocol for mapping an IP address to a
physical machine address that is recognized in
the local network. Most commonly, this is used
to associated IP addresses (32-bits long) with
Ethernet MAC addresses (48-bits long)
• A host usually keeps a table, known as the ARP
cache, which maintains a correlation between
each MAC address and its corresponding IP
address.
• You can view a host’s ARP cache by issuing the
“arp –a” command on UNIX and Windows hosts.
(UNIX users may have to specify the full path to
the arp utility: /sbin/arp –a)
ARP – How the Protocol Works
ITI-510
Computer
Networks
• After an IP packet is formed, the host
must pass the packet down to the Data
Link Layer (Layer 2), which is responsible
for the Ethernet LAN protocol.
• Before the Ethernet packet is formed, a
host looks in its ARP Cache to see if it has
a MAC address entry that corresponds to
the IP destination address.
• If an entry is found, the Ethernet packet is
written, which contains the source and
destination MAC addresses and the IP
packet.
How ARP Works, con’t.
ITI-510
Computer
Networks
• If the host does not find a corresponding MAC
address entry in the ARP cache, it sends a
broadcast message to all hosts on the network,
literally asking “Who has IP address 123.4.5.6?”.
• If host 123.4.5.6 is alive on the network, it will
respond to the source host with it’s MAC address.
At this point, the destination host will also update
its ARP cache with the MAC address of the sender.
• Once the source host receives the MAC address, it
updates its ARP cache, writes the Ethernet frame
and sends it to the destination host over the
network.
• Each host will maintain the IP-MAC address entry in
the ARP cache for a period of time before it is
expired.
Reverse ARP (RARP)
ITI-510
Computer
Networks
• A variant of ARP, called Reverse ARP, was
developed to help a network node determine its
own IP address.
• Upon bootup, diskless workstations may not
contain any IP address setting. The workstation
can issue a RARP broadcast that says “My MAC
address is 08:00:20:10:d2:ae , what is my IP
address??”, in hopes that some other server is
listening and will provide and answer.
• In this cases, a centralized server needs to be
configured with the necessary IP Address/MAC
Address pairs.
• RARP, has been superseded by two superior
protocols, which perform the same functionality –
BOOTP and DHCP.
ICMP – Internet Control Message
Protocol
ITI-510
Computer
Networks
• ICMP is a message control and error-reporting
protocol between a host server and a gateway
to the Internet.
• ICMP uses IP datagrams to transport its
messages.
• ICMP messages are processed by the IP software
portion of the operating system, are not
directly apparent to the application user.
ICMP Message Generation
ITI-510
Computer
Networks
• There are a number of situations that may
cause an ICMP message to be generated
– A link is down to a host
– The TTL (Time-to-Live) IP Hop-count have have
expired.
• When an error is detected, the IP packet is
discarded by the router and an ICMP
message is returned directly to the source
host.
Types of ICMP Error Messages
• There are several types of ICMP Messages:
ITI-510
Computer
Networks
– Destination Unreachable – A packet cannot
reach it’s destination host, service or
application. Usually caused by a network link,
host or application being down.
– Time Exceeded – The Time-To-Live for a packet
has expired, i.e. the packet hit too many routers
in its travels. Usually caused by routing loops.
– Parameter Problem – Some piece of data in the
IP header just doesn’t make sense.
– Redirect – The router notifies the host sender to
use another gateway for the desired path.
Transmission of ICMP Messages
ITI-510
Computer
Networks
• ICMP Messages are sent in the “Data”
portion of an IP packet.
• The Protocol field in the IP packet is set to
’1’, signifies to a host that the data portion
of the packet contains an ICMP message.
• The format of an ICMP message will vary
based on the type of ICMP message.
• Refer to Feit’s TCP/IP, Signature Edition
pp. 190 to 198 for specific formats.
When ICMP Messages are NOT
Sent
ITI-510
Computer
Networks
• When a particular problem is encountered
sending an ICMP message back to a host
(we don’t want ICMP errors to create more
ICMP packets).
• When a problem is encountered with
broadcast or multicast packets (packets
sent to all hosts on a network). (we don’t
want multiple hosts responding with ICMP
errors)
• Messages whose source addresses does
not identify a unique hosts, like 0.0.0.0 or
127.0.0.1
The ping Utility
ITI-510
Computer
Networks
• Ping is a basic Internet program that lets you
verify that a particular IP address exists and can
accept requests.
• Generally used for network troubleshooting and
to verify connectivity between hosts.
• Ping uses the ICMP ECHO function, which simply
sends ICMP messages round-trip between hosts.
When a destination host receives an ICMP ECHO
request, it returns an ICMP ECHO message back
to the source host.
The traceroute Utility
ITI-510
Computer
Networks
• Traceroute is a network debugging utility that
attempts to trace the path a packet takes through
the network - its route.
• It provides a visual depiction of each router a
packet encounters between a source and
destination host. Example:
iti% /usr/sbin/traceroute www.upenn.edu
traceroute to NISC9.upenn.edu (128.91.2.28), 30 hops max, 38 byte packets
1 nb-gw (165.230.30.65) 0.824 ms 0.809 ms 0.718 ms
2 rucs-gw (128.6.227.1) 0.850 ms 0.629 ms 0.588 ms
3 transition2-gw (165.230.12.145) 0.994 ms 1.417 ms 1.188 ms
4 pcp01-hill012-svcs.Rutgers.EDU (198.151.130.2) 1.395 ms 1.046 ms 1.092 ms
5 rutgers-gw.Rutgers.EDU (198.151.130.194) 8.809 ms 110.798 ms 1.546 ms
6 jn1-at1-1-0-502.wor.vbns.net (204.147.128.26) 3.182 ms 3.041 ms 2.917 ms
7 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 9.027 ms 8.344 ms 8.481 ms
8 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 12.166 ms 11.791 ms 12.325 ms
9 local.abilene.magpi.net (198.32.42.133) 15.652 ms 15.592 ms 15.284 ms
10 less.upenn.magpi.net (198.32.42.234) 15.283 ms 15.567 ms 15.652 ms
11 DEFAULT1-GW-FE2.UPENN.EDU (165.123.217.2) 20.907 ms DEFAULT1-GW-FE.UPENN.EDU
(165.123.237.2) 16.578 ms DEFAULT1-GW-FE2.UPENN.EDU (165.123.217.2) 16.421 ms
12 NISC9.UPENN.EDU (128.91.2.28) 17.149 ms 16.147 ms 16.265 ms
Traceroute, con’t.
• How traceroute works:
ITI-510
Computer
Networks
– Traceroute transmits packets with small TTL values.
Recall that the TTL (Time To Live) is an IP header
field that is designed to prevent packets from running
in loops. Every router that handles a packet subtracts
one from the packet's TTL. If the TTL reaches zero,
the packet has expired and is discarded.
– Traceroute depends on the common router practice of
sending an ICMP Time Exceeded message, back to
the sender when a TTL timeout occurs.
– By using small TTL values which quickly expire,
traceroute causes routers along a packet's normal
delivery path to generate these ICMP messages
which identify the router.
– A TTL value of one should produce a message from
the first router; a TTL value of two generates a
message from the second; etc.
Traceroute, con’t.
ITI-510
Computer
Networks
• In a typical traceroute session, a group of packets
with TTL=1 are sent. A single router should
respond, using the IP address of the interface it
transmits the ICMP Timeout messages on.
• The user is told this IP address, and DNS is used to
convert this into a hostname, if available. Also,
round trip times are reported for each packet in the
group.
• Traceroute reports any additional ICMP messages
(such as destination unreachable errors) using a
rather cryptic syntax:
– - !N means network unreachable, !H means host
unreachable, etc.
• Once this first group of packets has been processed
(this can take 10 seconds or no time at all), the
second group (TTL=2) begins transmitting, and the
whole process repeats
Traceroute, usage:
• UNIX Hosts:
ITI-510
Computer
– traceroute <IP Address or Hostname> - e.g.
– traceroute www.yahoo.com
Networks
• Windows Hosts:
– tracert <IP Address or Hostname> - e.g.:
– tracert www.yahoo.com
Recommended Reading
ITI-510
Computer
Networks
• Chapters 4, 6, 7, and 8 in TCP/IP,
Signature Edition by Sidnie Feit.
Next Meeting…
ITI-510
Computer
Networks
• Introduction to Interconnection Devices
(routers, hubs, switches, bridges, etc.)
• Dynamic Routing Protocols
• UDP (User Datagram Protocol0
• TCP (Transmission Control Protocol)
Related documents
p4 - Describe What Data Elements Are and why they are important
p4 - Describe What Data Elements Are and why they are important
Summer Packet EnteringGrade7
Summer Packet EnteringGrade7
ppt3
ppt3
COP 4930 Computer Network Projects
COP 4930 Computer Network Projects
INTERNET CONNECTIONS How does data get from point A to point
INTERNET CONNECTIONS How does data get from point A to point
EC310 Hwk 11
EC310 Hwk 11
155
155
Network Measurement
Network Measurement
Network Traffic Measurement and Modeling
Network Traffic Measurement and Modeling
1. Assume that for the network represented on the right the routing
1. Assume that for the network represented on the right the routing
2 - UTRGV Faculty Web
2 - UTRGV Faculty Web
Networks
Networks