Download Review Session 1 - University of Windsor

Examples:
those, who hold the keys to the Kingdom:

Jim Allchin, Microsoft's Windows chief said in
Oct 2005,” I'd already been through lots of
days of personal training on the tools that are
used to do hacking.“


Researcher Dan Kaminsky found him to be quite
knowledgeable about Hashing.
Researcher Matt Conover, while talking about
a fairly obscure type of problem called a
"heap overflow”, asked the audience, made
up mostly of vice presidents, whether they
knew about this type of issue, 18 of 20 hands
went up. (Blue Hat Conference at Redmond in Oct 2005)
1
Internship:
provides learning opportunities
Internet and/or telecom protocols




TCP/IP stack
 SIP (Session Initiation Protocol)
H.323 (ITU standard to allow telephones,
on the public telephone network, to talk to
computers, connected to Internet)
Server Message Block/Common Internet File
System (CIFS),
Distributed Network Protocol (DNP3)
Ref: http://www.dnp.org/ .
2
Learning Opportunities

Working of Internet communications
equipment

how the communications channels, that
the Internet communication equipment
use, can be modified to compromise the
system.
3
Learning Opportunities

Ruby language and its use in modeling
network protocol stacks.

To create protocol implementations in “our”
Ruby framework and then to apply protocol
mutations to test systems for robustness
and security vulnerabilities using an attack
surface approach.
4
Security Threats

RFC 1244 identifies three distinct types of
security threats associated with network
connectivity:

Unauthorized access

A break-in by an unauthorized person.
Break-ins may be an embarrassment that
undermine the confidence that others have in
the organization.
Moreover unauthorized access  one of the
other threats:-- disclosure of information or
--denial of service.
5
Classification of Security Threats
Reference: RFC 1244

Disclosure of information


disclosure of valuable or sensitive information to people,
who should not have access to the information.
Denial of service

Any problem that makes it difficult or impossible for the
system to continue to perform productive work.
Do not connect to Internet:


a system with highly classified information, or,
if the risk of liability in case of disclosure is
great.
6
A secure system
Intersection of
 A system which is able to maintain
confidentiality of data;
 A system which is able to maintain
integrity of data;
 A system, which is available, whenever
the user require it
7
Terminology of Hacking






Snooping (also called passive wire-tapping)
Active wire-tapping or man-in-the middle
attack
Spoofing or Masquerading of a host or a
service-provider (Distinguish it from
Delegation)
Repudiation of origin or of creation of some
file
Denial of receipt
Usurpation: unauthorized control
8
Threats for the Internet/ISP





propagate false routing entries (“black holes”)
domain name hijacking
link flooding
packet intercept
Phishing attacks: use e-mails that often
appear to come from a legitimate e-mail
address and include links to spoofed Web
addresses. The receiver responds to the link,
which takes the receiver to a site, other than
what the receiver thinks he is going to.
(announced by MS on 16 Dec 2003, as a
problem with Internet Explorer).
9
Types of Security Threats: Additions
•
•
•
Denial of service
Illegitimate use
Authentication
•
•
•
•
•
IP spoofing
Sniffing the password
Playback Attack
Bucket-brigade attack ( when Eve substitutes her
own public key for the public key of Bob in a
message being sent by Bob to Alice)
Generic threats: Backdoors, Trojan horses,
viruses etc
10
TCP/IP STACK
11
DNS
RIP
FTP
TELNET
OSPF
SMTP
BGP
UDP
TCP
ICMP
IP
ARP
RARP
Data Link Layer
Physical Layer
12

Ethernet Type



ARP
RARP
IP

080616
803516
080016
UDP Ports



IP Protocol




OSPF 89
UDP 17
TCP
6
ICMP 1
520
53
TCP Ports

BGP
179
DNS
53
SMTP
25
TELNET 23
FTP
21
HTTP
80

HTTP PROXY 8080


RIP
DNS




13
TCP/IP
STACK+
14
Session Initiation Protocol (SIP)


a signalling protocol used for
establishing sessions in an IP network.
A session may be


a simple two-way telephone call or
a collaborative multi-media conference
session.
15
Uses of SIP




VoIP telephony
voice-enriched e-commerce,
web page click-to-dial,
Instant Messaging with buddy lists
References: 1. RFC 3261
2.http://www.sipcenter.com/sip.nsf/html/What+Is+SIP+Introduction
16
Session Initiation Protocol
VoIP uses the following standards and
protocols:





to ensure transport (RTP),
to authenticate users (RADIUS, DIAMETER),
to provide directories (LDAP),
to be able to guarantee voice quality (RSVP,
YESSIR) and
to inter-work with today's telephone network,
many ITU standards
17
H.323 and H.248


H.323 (ITU standard to allow telephones, on
the public telephone network, to talk to
computers, connected to Internet)
 used for local area networks (LANs), but
was not capable of scaling to larger public
networks.
H.248 also called MEGACO:


Media Gateway Control Protocol (Megaco) --the name used by IETF
H.248 – the name used by ITU-T Study Group
16
18
H.248/MEGACO


MEGACO: a standard protocol for handling
the signaling and session management
needed during a multimedia conference.
defines a means of communication between a
media gateway, which converts data from the
format required for a circuit-switched network
to that required for a packet-switched
network, and the media gateway controller.
References: 1.RFC 3015
2. http:// searchnetworking.techtarget.com/ sDefinition/0,,sid7_
gci817224,00.html as of 12th Oct 2006
19
Stream Control Transmission Protocol
(SCTP)
SCTP:
 a reliable transport protocol operating on top of IP.
 It offers acknowledged error-free non-duplicated
transfer of datagrams (messages).
 Detection of



data corruption,
loss of data and
duplication of data
is achieved by using checksums and sequence
numbers. A selective retransmission mechanism is
applied to correct loss or corruption of data.
20
Difference between SCTP and
TCP



difference with to TCP: multihoming and the
concept of several streams within a
connection. Where in TCP a stream is
referred to as a sequence of bytes, an SCTP
stream represents a sequence of messages
(and these may be very short or long).
References: 1. SCTP for beginners
http://tdrwww.exp-math.uniessen.de/inhalt/forschung/sctp_fb/index.html as of
Oct 12/2006
2. http://www.sctp.org/ 3. RFC2960
21
DNP3




Protocols define the rules by which devices talk with each other.
DNP3 is a protocol for transmission of data
from point A to point B using serial and IP
communications.
used primarily by utilities such as the electric
and water companies for SCADA (Supervisory
Control and Data Acquisition) applications.
provides rules for remotely located computers
(at sub-stations) and master station
computers (at operations center) to
communicate data and control commands.
22
Server (or Sessions) Message Block (SMB):
A File-sharing protocol



Windows (95, 98, NT), OS/2 and Linux
machines (running SAMBA):
use SMB
Developed jointly by MS, IBM and Intel
SMB: provides a method for client
applications on a computer
 to read and to ‘write to’:
files on servers
in the network
 to request services from servers in the
network
23
SMB

SMB: can be used over the
Internet (through the TCP/IP protocol)
or
 over the local network (through the IPX
and the NetBEUI/ NetBIOS protocols);
SMB: Windows equivalent to Sun's Network
File System (NFS).


24
Ports used by SMB on TCP/IP
UDP/137 is used for name resolution
and registration
 UDP/138 is used for browsing
 TCP/139 is used for the main file and
print sharing transactions
Windows 2000 and XP: port 445
(In/Out): Allows remote administration
and monitoring using Windows
Management Instrumentation (WMI).

25
SAMBA
Reference: Robert Eckstein, David Collier-Brown, and
Peter Kelly, Using Samba , O'Reilly and Associates, 1999



"Samba is a suite of Unix applications that
speak the SMB (Server Message Block)
protocol.”
Many operating systems, including Windows and
OS/2, use SMB to perform client-server networking.
By supporting this protocol, Samba allows Unix
servers to get in on the action, communicating with
the same networking protocol as Microsoft Windows
products. Thus, a Samba-enabled Unix machine can
masquerade as a server on your Microsoft network
26
SAMBA
Reference: Samba-3 by Example by John H. Terpstra
http://us1.samba.org/samba/docs/man/Samba-Guide/preface.html#id2504950




an open source software
can be run on a platform other than Microsoft
Windows, for example, UNIX, Linux, IBM
System 390, OpenVMS, and other operating
systems.
uses the TCP/IP protocol that is installed on
the host server.
help you implement Windows-compatible file
and print services.
27
Using Samba
Reference: http://www.roseindia.net/linux/tutorial/linuxhowto/SMB-HOWTO-2.html
One can use Samba to





Share a Linux drive with Windows machines.
Access an SMB share with Linux machines.
Share a Linux printer with Windows
machines.
Share a Windows printer with Linux
machines.
allow a Linux host to interact with a Microsoft
Windows client or server as if the host were a
Windows file and print server, when correctly28
Services offered by
a SAMBA enabled UNIX machine





Share one or more filesystems
Share printers installed on both the server
and its clients
Assist clients with Network Neighborhood
browsing
Authenticate clients logging onto a Windows
domain
Provide or assist with WINS name server
resolution
Samba: the brainchild of Andrew Tridgell, Samba development
team, Canberra, Australia.
Reference: http://us1.samba.org/samba/
29
References



http://us1.samba.org/samba/docs/SambaIntr
o.html
http://www.rxn.com/services/faq/smb/using_
samba/html/ch03_01.htm
A DNP3 Protocol Primer at
http://www.dnp.org/About/DNP3%20Primer%20Rev%20A.pdf

How to of networking

http://tldp.org/HOWTO/HOWTO-INDEX/networking.html
30
Ports used by
Real Time Streaming Protocol (RTSP)



TCP/554 (In/Out): Used for accepting
incoming RTSP client connections and for
delivering data packets to clients that are
streaming by using RTSPT.
UDP/5004 (Out): Used for delivering data
packets to clients that are streaming by using
RTSPU.
UDP/5005 (In/Out): Used for receiving packet
loss information from clients and providing
synchronization information to clients that are
streaming by using RTSPU.
31
IP – 5 layer DoD model

Layering – 5 layer DoD model
APPLICATION
TRANSPORT
INTERNET
NETWORK INTERFACE
PHYSICAL
32
IP and the Internet Architecture
OSI Model
Internet Architecture
Application
Presentation
Application
Session
Transport
Network
UDP
TCP
IP
Data Link
Network
Physical
Internet addressing,
routing
Ethernet, Token Ring, etc.
Bridging and switching
33
Ethernet Frame for ARP packet:
Ethernet-type for ARP 080616
HA
DEST
T
HA Y
SRC P
E
H
T
Y
P
E
P
T H
Y S
P I
E Z
E
P
S
I
Z
E
O
P
E
R
A
T
I
O
N
HA
S
E
N
D
E
R
IP
Add
S
E
N
D
E
R
HA
T
A
R
G
E
IP
Add
T
A
R
G
E
T
P
A
D
D
I
N
G
C
R
C
T
6
6
2
2 2
1
1
2
6
ARP message
4
6
4
18
4
34
IEEE 802.3 Standard
preamble
Dest
add
Src
add
type
8
6
6
2
16 bits
data
46B – 1500B
crc
4
bits 368-12,000
FRAME
CRC – Cyclic Redundancy Check
35
Ethernet parameters
Type –
 Self-identifying ->
e.g. 1. for an ARP message, type=080616
2. For RARP message, type = 803516
3. For an IP message, type = 080016

36
IP Address
Class
A
Number of bits in
net-ID
0
Net id
Host id
available n/w addresses
host-ID
lr-limit
Upr-limit
24
0.0.0.0
127.0.0.0
7+
(1.0.0.0)*
B
10
14+
C
1 1 0 21+
16
8
128.0.0.0
192.0.0.0
(126.0.0.0)*
191.255.0.0
223.255.255.0
----------------------------------------------------------------------------------------------------
D
1 1 1 0 m-cast
224.0.0.0
239.255.255.255
(used only as DEST add)
E
1 1 1 1 0 reserved
240.0.0.0
255.255.255.254
* After taking into account the addresses Reserved for SPECIAL cases.
37
IP Addresses (contd)
Class
A
Max no of N/W
126 networks with 16m hosts each
(27-2)
B
(224-2=16,777,214)
16384 networks with 64 k hosts each
(64*256)=(214)
C
Max no. of Hosts
2,097,152
(32*256*256)= (221)
(216-2=65,534)
254
(28-2=254)
38
Addresses per class
Class
A
B
C
D
E
No. of Addresses
231=2,147,483,648
230=1,073,741,824
229= 536,870,912
228= 268,435,456
228= 268,435,456
%age
50
25
12.5
6.25
6.25
39
Special IP addresses
Net-id
host-id
All zeroes
specific
all zeroes
all zeroes
specific
All ones
(Blocked by
127
(Blocked by
All zeroes
(Blocked by
all ones
all ones
Router)
any
Machine)
specific
Router)
Type
Purpose
this comp on this n/w bootstrap (SRC add only)
this n/w
identifies a n/w
(cant be a SRC/DST add)
directed broadcast
on a specific net
limited broadcast to
on the local net CLASS E
all hosts on this n/w
loop-back
testing
specific host on this n/w
(DEST address only)
127.x.y.z : loop-back address,not a n/w address. DEST add only.
Message does not leave the machine.
40
Special Multicast cases Categories :
224.0.0.x
e.g. All Routers which use a particular
category.
 Conferencing :
224.0.1.x

41
Free IP addresses for Intranets
Private internets :
Class
net-id
A
10.0.0.0
B
172.16.0.0 to
172.31.0.0
C
192.68.0.0 to
192.68.255.0
no. of nets
1
16
256
42
Conventions for IP addressing
From the study of special IP addresses:
 Net-id
cannot begin with 127
 First octet cannot be 255 in a net-id

 First octet cannot be 0 in a net id


Group computers by Types / departmets
Address Routers starting with Low numbers
and Hosts starting with High numbers
43
IP Address
Class
A
Number of bits in
net-ID
0
Net id
Host id
available n/w addresses
host-ID
lr-limit
Upr-limit
24
0.0.0.0
127.0.0.0
7+
(1.0.0.0)*
B
10
14+
C
1 1 0 21+
16
8
128.0.0.0
192.0.0.0
(126.0.0.0)*
191.255.0.0
223.255.255.0
----------------------------------------------------------------------------------------------------
D
1 1 1 0 m-cast
224.0.0.0
239.255.255.255
(used only as DEST add)
E
1111
reserved
240.0.0.0
255.255.255.254
* After taking into account the addresses Reserved for SPECIAL cases.
44
0
VERS Version of IP PROTOCOL
HLEN
LENGTH of HEADER in 32 bit words
45
VERS version of IP
4
HLEN length of header in 32 bit words
TYPE OF SERVICE
PRECEDENCE
0
1
D
2
D: Minimize delay
T: Maximize throughput
PRECEDENCE
T
3
R
4 5
C
Unused
6
7
R: Maximize Reliability
C: Minimize Cost
0 for Normal : :
7 for Network Control
46
Precedence and TOS bits

Precedence (3 bits ):





000 lowest priority 111 highest priority
(The highest priority may be accorded to the
network management messages)
If a Router is congested, it may discard messages
of lower precedence.
This is not a required field in Ver.4.
TOS bits: Only one bit ( out of 4 ) can be set
at a time.
47








There are 5 types of services:
0000
Normal
0001
Minimize Cost
0010
Maximize reliability
0100
Maximize throughput
1000
Minimize delay
Background activities need minimum costs.
Activities that send bulk data require maximum throughput
48


Management activities require maximum reliability.
Activities requiring



immediate attention,
activities requiring immediate response and
Control/Command messages like Remote Login
commands
require minimum of delay
IP v4 does not guarantee the TOS requested by a
host.
49
PROTOCOL
Informs about the Protocol used by the Upper
Layer; tells us about the nature of data
 Value of Protocol field in IP datagram:









PROTOCOL
ICMP
IGMP
IP in IP
TCP
EGP
UDP
IP v6
OS PF
VALUE
1
2
4
6
8
17
41
89
50
ARP message format Variable length fields(28 octets for Ethernet)
8
0
16
24
Hardware type
HLEN
31
Protocol type
PLEN
Operation
Sender HA (Octets 0-3)
Sender HA (0ctets 4-5)
Sender IP (0ctets 2-3)
Sender IP (0ctets 0-1)
Target HA (0ctets 0-1)
Target HA ( 0ctets 2 - 5 )
Target IP ( 0ctets 0 - 3 )
51
ARP message format Variable length fields(28 octets for Ethernet)
8
0
16
24
Hardware type
HLEN
31
Protocol type
PLEN
Operation
Sender HA (Octets 0-3)
Sender HA (0ctets 4-5)
Sender IP (0ctets 2-3)
Sender IP (0ctets 0-1)
Target HA (0ctets 0-1)
Target HA ( 0ctets 2 - 5 )
Target IP ( 0ctets 0 - 3 )
52
ARP parameters




Hardware type 1 for Ethernet
Protocol type 080016 for IP
HLEN & PLEN – length of hardware and
protocol addresses in octets.
Operation – ARP request
1
ARP response 2
RARP request 3
RARP response 4
53
TCP Segment: Format
(16 bits)
u
(16 bits)
(32 bits)
^
(32 bits)
(4 bits)
(6 bits)
(16 bits)
(6 bits)
(16 bits)
(16 bits)
(if any)
The Header is of 20-60 bytes in size.
54
TCP Segment: Format (continued)
Bit
Meaning
(left to
right)
(if bit set to 1)
URG
Urgent pointer field is valid
ACK
Acknowledgement field is valid
PSH
This segment requests a Push
RST
Reset the Connection
SYN
Synchronize Sequence Numbers
(for initiating a connection)
FIN
Sender has reached the end of its
byte stream (for closing the
connection)
Normally, out of the last 4 flags, only one may be ON at a time.
55
UDP Format
56
The PSEUDO - HEADER
PSEUDO - HEADER
57
Addressing in IPv6






128 bit addresses
Dotted decimal notation, used for v4 is inappropriate
for v6. (Instead of 4, there would be 16 parts, if the
same method were used to represent the addresses.)
Colon Hexadecimal notation used for represention.
Ex: 21AC:00C5:3D2C:8F23:AABC:0000:89CF:8C70
64 bits for subnet and 64 bits for host.
232 = 4,294,967,296
2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456
Surface area of earth = 197399,019 sq. miles
= 511,263,971,197,990 sq. metres
So there are 665,570,793,348,866,943,898,599 addresses per sq m
58
Simplified Representation

Simplification:

Suppress leading zeros in every 16-bit
block;
Ex: Thus 00C5 may be written as C5.

Compress one single contiguous sequence
of blocks of 16-bit zeros. Replace it by a
double colon.
Thus the sixth block of 16 zeros may be replaced
by ::.
But usable only once in a given address.
59
Types of addresses in v6



Unicast
RFC 2373: multiple interfaces of a host can use the
same address, if the multiple interfaces look to be a
single interface to IPv6 implementation.
Multicast
No separate broadcast addresses. Broadcast
addresses are managed as multicast addresses only.
Anycast delivers messages of a multicast group to
the nearest member of the group
60
Notes on v6 addressing
IPv6: designed for efficient, hierarchical addressing
and routing
 Reserved addresses:
0:0:0:0:0:0:0:0 or :: indicates absence of address;
used as a source address only; not assigned to any
interface
0:0:0:0:0:0:0:1 Loopback address (like 127.x.y.z in v4)
 IPv4 compatible addresses: Mixed notation:
0:0:0:0:0:0:w.x.y.z or ::w.x.y.z
where w.x.y.z is an IPv4 address.
For v6 and v4 to co-exist and for messages to go over a
mix of v6 and v4 infrastructure, the compatibility
problem has been specified in RFCs

61
IPv6 versus IPv4
some aspects
62
IPv6 and IPv4
IPv6
 A fixed length header of 40 bytes
(20 bytes <= v4 header length =<60 bytes)
 Additional headers for fragmentation and options
 Five (HLEN, Identification, Flags, Fragment Offset
and Header Checksum ) fields removed
 No of fields = 8 in v6
(v4: 12 fields (excluding Options))
 Source and destination addresses:


of 16 bytes each in v6 and
of 4 bytes each in v4
63
Processing at routers
v6 packets vs. v4 packets
IPv6
 No verification and recalculation of
header checksum
 No fragmentation required
 No processing of options, which are not
intended for routers
64
Some new field names in v6




Traffic Class
in place of Type of Service in v4
Payload Length (including the length of
extension headers and higher level protocol
data unit (PDU))
in place of Total Length in v4
Hop Limit
in place of TTL in v4
Next Header
in place of Protocol in v4
65
Class D and E in v4
Multicast in v6
CLASS E: Addresses from 240.0.0.0 to
255.255.255.254 reserved for experimental purposes.
If a node should use one of these addresses on the
Internet, it may fail to communicate properly.
 limited broadcast address: 255.255.255.255 for
a broadcast on the local network.
Addresses from 255.0.0.0 to 255.255.255.255:
reserved by IP for broadcast. Hence these addresses
may not be considered part of Class E.
 Class D: Addresses from 224.0.0.0 to
239.255.255.255: used for multicast.
Can be used only as a Destination address.
Both Class D and Class E addresses: Not to be used as
addresses of ordinary nodes on the Internet.

66
Format Prefix (FP) for v6 addresses
FP of aggregatable global unicast addresses
(similar to public IP addresses in v4): 001
designed to support efficient hierarchical routing.
The Aggregatable Global Unicast addresses are 1/8th of the total v6
address space. It can assign 137,438,953,472 distinct sites.
Compare with

FP of Link-local Unicast addresses:
1111 1110 10

FP of Site-local Unicast addresses:
1111 1110 11

Format Prefix (FP) for Multicast Addresses:
1111 1111

67
Multicast for v6


Flag: 0001 a transient group; 0000 a permanent
group, with Group identity assigned by ICANN
Scope:





1 node-local: packets never leave the node
2 link-local: packets never forwarded by routers
5 site-local: packets never leave the site
8 org-local: packets never leave the organization (handled
by routing protocols)
E global
FF
Flag Scope
4bits
16bits 4bits
Group ID
112bits
68
Multicast Addresses
All nodes address: addresses all nodes on the local
network:
ff02::1
 All routers address: addresses all routers on the local
network:
ff02::2
 Solicited-Node address: replacement for ARP: Every
node with v6 address listens at its own IP address.
If the last 24 bits of its address are xyzwpq, it also
listens at
ff02::1:ffxy:zwpq
For nodes on the local net, if it is assumed that the last
24 bits of the IP address are the same, this may be a
replacement for ARP,
as a datagram with a destination address of
ff02::1:ffxy:zwpq will be received by every node on the
local net.
69

ROUTING
70
131.108.0.2
131.108.22.177
Am
131.108.0.1
131.108.154.88
N1 : 137.108.0.0
A small part of internet
R1
78.0.0.1
An
N2 : 78.0.0.0
78.0.0.2
B2
R2
78.0.0.3
155.126.0.2
155.126.0.0
N3
155.126.0.1
R3
223.240.129.1
223.240.129.254
Dn
N4 : 223.240.129.0
223.240.129.2
71

Jobs of a Router:
----Decrement TTL.
----Recompute the checksum.
----Extract the netid & find out if the datagram can
be delivered directly or find the next Hop address.
----send the datagram ahead after updating the IP
header
It may also perform fragmentation, if required.
Routing Tables: SPECIAL ROUTES :


Default route
Host specific route
72
ROUTING TABLE
FLAGS:





U: The route is up
H: Specifies whether destination address is
the address of a n/w or that of a host.
R: Specifies whether the Next Hop is a
Router or a directly connected interface.
D: The route was created by a Redirect
M: The route was modified by a Redirect
73
Example
74
For R3
Let 223.240.129.9 be the interface X2 and let
151.100.0.9 be the interface X1.
.
DESTINATION NEXT
FLA
GS
MASK
U
255.255.0.0
151.100.0.0
Direct
Delivery
X1
U
255.255.255.0
223.240.129.0
Direct
Delivery
X2
UR
UR
UR
255.0.0.0
78.0.0.0
223.240.129.5
255.255.0.0
131.108.0.0
223.240.129.7
255.255.0.0
178.080.0.0
151.100.0.1
X2
X2
X1
HOP
INTERFACE
75
ARP parameters




Hardware type 1 for Ethernet
Protocol type 080016 for IP
HLEN & PLEN – length of hardware and
protocol addresses in octets.
Operation – ARP request
1
ARP response 2
RARP request 3
RARP response 4
76
ICMP
77

Unreachable Destination
0
8
16
31
Type
code
checksum
Unused(must be
Zero)
IP HEADER + FIRST 64
78
Example: For an option-less IP datagram, 7
thirty-two bit words will be added after the
UNUSED 32 bit field.




TYPE
3
CODE
0 – 15
Routers may not be able to detect all
unreachability errors .
The sender may have no control over
the machines(s) causing the error.
79
TYPE 3 DESTINATION UNREACHABLE
MEANING
CODE
Message
Generated by
0
Network U
R
1
Host U/subnet R
U
2
Protocol U
H
3
Port U
H
4
Fragmentation R/H
Required and

80

Exception in Format for Code 4:
A Router may place, in the low-order
16 bits of the UNUSED 32-bit field, the
MTU of its outgoing interface
81
8
CODE
5
6
7
8
9
10
MEANING
Source Route
Failed
Destination N/W
unknown
Destination Host
unknown
The source host
isolated
Communication
with n/w
prohibited
Communication
with HOST
Message
Generated by
R
R
R
R
82
CODE
11
12
13
14
15
MEANING
N/w U for T OS
Host U for T OS
Message
Generated by
R
R
A Filter put on the
H
destination host
Requested precedence H
is not permitted for the
destination host.
Dest Host precedence H
higher than the
precedence specified in
the datagram
83
CONGESTION AND FLOW CONTROL

Source Quench
Format
for the
Unreachable
Destination case.

type
Code 0
4
same
as
that
Routers send one Source Quench message for
every datagram they discard.
84

A source Quench message



means a datagram has been discarded
warns the source
The sources has no clue when the
congestion ends.
It should reduce the rate as long as long it
continues to receive the SQ messages
 Then it may gradually increase the rate as long as
no SQ message is received.
The above decision has a validity if congestion is
caused by one-to-one communication, and not by
many-to-one communication. In the later case, the
SQ message my even go to the slowest source.

85
Time Exceeded Error Message

When a Router discards a datagram
because




TTL has reached zero or
Reassembly timer timed out, while waiting for
fragments of a datagram,
the message format same as that of the
Unreachable Destination case
TYPE 11
CODE
0
TTL exceeded or
1
Reassembly timer
timed out.
86
Parameter Problem


OTHER Problems
When a datagram has to be discarded,
because some header fields are
incorrect,
a
parameter
problem
message
to the
0 is sent
8
16 Sender.
31
Type
pointer
Zero)
code
checksum
Unused(must be
87



TYPE
12
CODE
0
Pointer points to the octet in the
datagram header, which caused the
problem.
88
Missing Option

To Report a Missing Option:

Nearly the above format is used to report a
missing option, which is required. The only
changes are:
code 1 (type remains 12)
 Pointer is not there. Instead unused
is extended to 32 bits

89
Redirect Request





Route
change
Request
from
Routers
Redirect:
Routers:
assumed to know correct
routes.
Host begins with a small routing table.
(It is initialized using a system configuration
file at system startup.)
Then the Host learns about new
90
Routes from Routers.
Redirect Request (Contd.)

0
8
16
31
Type
code
checksum
Routers Internet Address 32 bits
Internet Header + first
64 BITS OF DATAGRAM
91




Redirect Request (Contd.)
TYPE
5
CODE
0 to 3
Router Internet address is the address of the Router
that the host is to use to reach the destination in the
header.
0 is not used now.
TYPE
1
2
REDIRECT
Redirect for the
Host
Redirect for the NET and
TOS
Redirect for the HOST and
92

ECHO REQUEST AND REPLY
0
8
16
31
Type
code
checksum
Identifier 16 bits Sequence No 16
bits
Optional data
93



Identifier and Seq No:


Type 8 ( REQUEST) OR 0 (REPLY)
CODE 0
To match replies to requests
An Identifier may define a class of
messages. The sequence number
specifies a particular message of the
class.
94

Optional data:

If it is sent in the Request, the Reply
contains exactly the same data
Ping sends a series of echo requests with
specified length of data and interval
between requests. It provides statistical
data about datagram loss and Transit
Time.
95
Transit Time Estimation and
Clock Synchronization
0
31
Type
8
16
code
Identifier 16 bits
checksum
Sequence No 16 bits
ORIGINATE TIME STAMP
RECEIVE TIME STAMP
TRANSMIT TIME STAMP
96



Originate time stamp



TYPE 13 (REQUEST) OR 14 (REPLY)
CODE 0
Filled in by the sender
Just Before the datagram is send
Receive Timestamp


Filled in by the receiver
Immediately upon receipt of the Request
97


Transmit Timestamp

Filled by the ‘receiver’ before the Reply is
transmitted
 Time is in ms starting from midnight at
universal time prime maridian.
 The
largest number that can be
accommodated
is 2 32 - 1 = 4, 294, 967, 295
 During a day , the number of milliseconds
is 24 X 60 X 60 X 1000 = 86, 400, 000
If a system uses a nonstandard timestamp(ie
if it does not provide ms after UTC midnight),
it turns on the highest-order bit of the 32-bit
98

EXAMPLE:









ORIGINATE Timestamp
=
1285
RECEIVE
Timestamp
=
1299
Transmit
Timestamp
=
1300
The message is received back at 1307
Time taken for forward path = 1299 – 1285 =
14ms
Time taken for return path = 1307 – 1300 = 7ms
Round Trip time (RTT) = 21 ms
Difference in the clock = 1299 – (1285 +
RTT/
2) = 3.5 ms
DISADVANTAGE: It does not specify the date.
99
TCP Segment: Format (continued)
•Checksum is calculated by:
(I) Using TCP Header;
(II) Using Pseudo-Header;
(III) Using the Data.
•At the Receiver-end, the IP layer passes the segment and
the two IP addresses to the TCP software for processing.
•The pseudo-Header
(32 bits)
(32 bits)
(8 bits)
(8 bits)
(16 bits)
100
TCP Segment: Format (continued)
• Protocol: For IP datagrams carrying TCP, the
value is 6
• TCP Length (in octets): Specifies the total length
of the TCP segment including the TCP header.
• Urgent Pointer:
When URG bit is set, it defines the number that
must be added to the SEQUENCE NUMBER
to obtain the number of the last urgent byte in
the data section of the segment.
101
TCP OPTIONS
• Every option has an 8 bit KIND field.
• The format of an option can be of two types:
• Type 1: A Single Octet of KIND
• Type 2: An Octet of KIND + an octet of
field OPTION - LENGTH + Option - Data
octets.
• OPTION - LENGTH counts the two octets of
KIND and OPTION - LENGTH as well as the
Data octets.
102
• All options are included in the Checksum.
TCP OPTIONS (continued)
•An 8-bit KIND field is always the
first field in an Option and is the
only field in Single Byte Options.
103
TCP OPTIONS (continued)
A few options are as follows:
KIND
Length
Meaning
(I)
0
-
End of options list
(II)
1
-
No Operation
(III)
2
4
Maximum Segment Size
(IV)
3
3
Window Scale Factor
(V)
8
10
Timestamp for Round Trip Time
Measurement
104
TCP OPTIONS (continued)
(I) End-of-Options:
Used at the end of ALL options; to be used only
if the end of options does not make the TOTAL
number of ALL option bits a multiple of 32.
(Shown as ZEROS in the figure of segment format)
End of Options means:
1. No more Options in the Header.
2. The remainder of the 32 bit word is garbage.
3. Data starts at the beginning of the next 32 bit
105
word.
TCP OPTIONS (continued)
(II) No Operation:
May be used BETWEEN options if it is desired to
align the beginning of the next option at a (16bit) word boundary.
0000 0001
106
TCP OPTIONS (continued)
(III)Max Segment Size:
• Performance of the network can be poor for either
extremely large or extremely small sizes.
• If the two end-points lie on the same physical
network, the maximum segment size may be equal
to the Network MTU. Or the maximum data size
may be the default size of IP datagram(576) minus
the size of the IP and TCP Headers.
• The option is used along with SYN=1 at start.
107
TCP OPTIONS (continued)
•
Format of MSS Option:
KIND
8 bits
LENGTH
8 bits
MAX SEG SIZE
16 bits
KIND = 2
LENGTH = 4
108
TCP OPTIONS (continued)
(IV) Window Scale Factor:
•Actual Window size = (Window size in header)* 2Scale factor
•In 8 bits a value of up to 255 can be there. But TCP/IP allows
a MAX VALUE of 16 .
•Window Scale Factor is fixed during connection set-up phase
only.
•During data transfer, the size of specified window may
change. But it is always multiplied by the same scale factor.109
TCP OPTIONS: Window Scale Factor
continued
LENGTH = 3,
Kind =3
KIND
LENGTH
SCALE
FACTOR
8bits
8bits
8bits
110
TCP OPTIONS (continued)
(V) TIMESTAMP Option:
•TS Value: Current Clock time of the TCP sending the
option
•TS Echo: Valid only if ACK bit is sent. It echoes the
TS value sent by the remote TCP. Otherwise its value
must be zero.
111
KIND = 8; LENGTH = 10.
TCP OPTIONS (continued)
(V) TIMESTAMP Option (continued):
•To confirm availability of TS option:
A TCP may send TS Option in the SYN segment. It
may send TS option in other segments only if it
receives a TS Option in SYN segment.
•Format:
Kind (8 bits)
Length (8 bits)
TS Value (32 bits)
TS Echo (32 bits)
112
Establishing a Connection (continued)
•Thus let ISN at the sending end = X
ISN at the receiving end = Y
Segment1
Segment2
Segment3
Figure
Establishing the Connection
113
Closing a TCP connection (continued)
Active Close
Passive Close
RECEIVER B
SENDER
A
Application Closes
REC FIN
Segment 1
Send FIN, SEQ=P
REC ACK
Segment 2
Inform Application by
delivering EOF
SEND ACK=P+1
Application Closes connection
Segment 3
REC FIN + ACK
Send FIN, SEQ=Q, ACK=P+1
Inform Application by
delivering EOF, Time-Wait
SEND ACK=Q+1
Segment 4
Fig: Closing the Connection
REC ACK
114