Download TCP/IP Protocols Review

TCP/IP Protocols Review
 Protocol
Model
 Internet Protocol – IP/ICMP/ARP
 Reliable Stream Transport Service - TCP
 User Datagram Protocol - UDP
 Internet Applications
1
OSI Reference Model
Application
Application
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Network
Network
Data link
Data link
Data link
Data link
Physical
Physical
Physical
Physical
2
TCP/IP v.s. OSI 的架構
Application
Http,Telnet,FTP,SMTP,SNMP,NFS
Host-to-Host
Transport
TCP,UDP
Internet
IP , ICMP
Network Access
device driver and interface card
3
TCP/IP Data Encapsulation
Application Layer：User Data
TCP or UDP
or ICMP Layer
Lower
Layer
Data
TCP
Header
Data
UDP
Header
Data
ICMP
Header
Data
IP
Layer
IP
Header
TCP / UDP/ICMP
Frame
Header
IP
Header
TCP/UDP/ICMP
Header
Header
Data
Data
Trailer
4
TCP/IP階層性架構
Application
User
Process
Transport
User
Process
TCP
User
Process
Transport
UDP
Internet
ICMP
IP
Network Access
ARP
Interface
Application
IGMP
RARP
Network
Link
5
Internet Protocol (IP)
 Internet Address
 IP Datagram
 IP Fragmentation
 IP Routing
 Internet
Control Message Protocol(ICMP)
 IP通信協定的特性
 IPv6
6
Internet Address
 Network
ID and Host ID (Network Mask
and Subnet)
 Address Class and Classless IP
 NIC Reserved IP Address
 Broadcast / Loop Back / Multicast Address
 Internet Addressing的缺點
7
Network Mask and Subnet
network mask
A host needs
to know how many bits are used for
the Network-ID and how many bits are used for the
Host-ID. This is specified using network mask.
Class C network mask example
255.255.255.0 , 255.255.255.128,
255.255.255.192 , 255.255.255.224,
255.255.255.240, 255.255.255.248
Commands to check IP address and network
mask
Win95/98
- winipcfg
WinNT/2000
- ipconfig /all
UNIX
- ifconfig -a
8
IP Address Class (1)
Class A nnn.hhh.hhh.hhh(1.0.0.0 ~ 126.255.255.255)

0
7
0
Network
Host
Class B nnn.nnn.hhh.hhh(128.0.0.0 ~ 191.255.255.255)

0
1
15
0
Network
Host
9
IP Address Class (2)
Class C nnn.nnn.nnn.rrr(192.0.0.0 ~ 223.255.255.255)

0
1
2
1
1
0

1
Network
Host
Class D Multicast address(224.0.0.0 ~ 239.255.255.255)
1
1
0
Multicast
address
10
NIC Reserved IP Address
Class A
10.0.0.0 ~ 10.255.255.255
 Class B
172.16.0.0 ~ 172.31.255.255
 Class C
192.168.0.0 ~ 192.168.255.255

11
Special IP Address
Directed Broadcast Address
 Network ID + all 1’s with Host ID
 Limited Broadcast Address
 Thirty-two 1s
 Multicast Address
 IGMP, Internet Group Management Protocol
 Loop Back Address
 127.0.0.1
 For inter-process communication on the local
machine

12
Internet Addressing 缺點
 IP位址常常必須改變
 IP Spoofing
 位址不夠用
13
IP Datagram
01234567890123456789012345678901
Version IHL Type of Service
Identification
Time to live
Total Length
Flags
Protocol
Fragment Offset
Header checksum
Source address
Destination address
Options + padding
Data......
14
IP Fragmentation
Maximum Transmission Unit(MTU)
 Related fields in IP Header
 Identification
 Flags: w/o more Fragment, DF bit
 Fragment Offset
 Related Attack
 Ping of Death
 Tiny Fragments
 Fragments overlapped

15
MTU
Typical Maximum Transmission Units (MTUs)
Network
MTU (bytes)
Hyperchannel
65536
16 Mbits/sec token ring (IBM)
17914
4 Mbits/sec token ring (IEEE 802.5)
4464
FDDI
4352
Ethernet
1500
IEEE 802.3/802.2
1492
X.25
576
Point-to-Point
296
16
Why Frag. is BAD
•
•
•
封包分割重組造成效率降低與資源虛耗
封包被分割後不含TCP/UDP Header資訊，
造成防火牆過濾上的困難
可能規避安全機制(掃毒、入侵偵測)檢查
•
•
information hiding
可能造成系統當機或其他異常反應
•
overlapping data/header
17
Overlapping Fragments
IP
Header
TCP
Header
DATA
IP
Header
IP
Header
TCP
Header
DATA
IP
Header
IP
Header
IP
Header
TCP
Header
Fake TCP
Header
DATA
DATA
DATA
DATA
18
Time to Live (TTL)
–
–
–
封包可以經過路由器的最大限制 (hop count)
每當封包經過一台路由器(router/gateway)時，
路由器會將TTL的值減1
若TTL的值到達零，負責處理的路由器會將
封包丟棄不再繼續傳遞，並傳回ICMP Time
Exceeded錯誤訊息回發送端
19
Protocol Field
Transport
Layer
UDP
TCP
6
Internet
Layer
51
50
ESP
17
Protocol
Numbers
AH
IP
 Determines
destination upper-layer protocol
20
IP Options
–
–
通常是empty，很少使用
Firewall可能會碰到的IP option為IP
source route
»
–
IP source route除mobile IP的應用外，無太
大用途，反可能被攻擊者利用
有些packet filtering systems的政策是一
見到IP option set，就拒絕此packet，不
管它代表什麼意義
21
IP Routing
 Mapping
Internet Address to Physical
Address (ARP)
 Table Driven IP Routing
 Static and Dynamic Routing
22
Routing Scenario
Host B
Source MAC= Dst. MAC= Source IP= Dst. IP=
Router
B
A
B
Data….
Router
Host A
Source MAC= Dst. MAC= Source IP= Dst. IP=
A
Router
A
B
Data….
23
Address Resolution Protocol
 非IP Protocol
 ARP Cache
 ARP Proxy
 arp
-a, arp -p
24
封包擷取 – Sniffing (1)
我的MAC
位址是…..
B
B 的 MAC
位址是多少
?
A
本機IP : A
目的IP : B
ARP Request ( Broadcast)
ARP Reply
Ex. C:\> arp -a
25
封包擷取 – Sniffing (2)
 Sniffer是如何工作的 ?
1. 乙太網路內任兩台電腦溝通的封包是可以被該區域網路內
其他電腦所探知的.
2. 由於乙太網路卡會將不屬於它的封包訊息給忽略掉,也就是
它會忽略掉與它 MAC(Media Access Control) 位址不同的
封包. ( 廣播封包除外 – FF :FF :FF :FF :FF :FF )
3. Sniffer的程式會將乙太網路卡設定成隨機處理模式
”Promiscuous Mode”, 也就是不做任何封包的過濾,但前提
是要在同一個區域網路中.
26
IP Routing Tables
A System’s
Routing Tables Containing
loop back interface
Interface for itself network
host-specific are added
network-specific are added
default gateway are added
Commands to check routing tables
netstat -rn
27
IP Routing Principals
(1)
Search for host-specific host address
(2)
Search for network-specific network
(3)
Search for itself interface network for
broadcast
(4)
Search for a default entry
28
Static and Dynamic Routing
Static routing
Command added
There is single connection
point to other
network
Dynamic routing
Used by routers to communication each
other,informing each other of what
networks each router currently connected
to.
29
Add a Static Routing Into a Routing
Table

Windows 9x / NT / 2000 (Under Dos Mode )

route add [ Host/Network IP] mask [Network Mask] [Gateway IP
* Example :
route add 203.75.1.0 mask 255.255.255.128 192.72.155.254

Unix

route add [Host/Network IP] [Gateway IP] [Metric]
* Example :
- Add an Default Routing Entry :
route add default 192.72.155.254 1
- Add an Static Routing Entry :
route add 172.16.1.1 192.168.100.254 1
30
case study – static route
Host A
Host B
192.168.1.1
255.255.255.0
10.1.201.1
255.255.255.0
How to let the two host reach each other?
Add static routes
Host A •route add 10.1.201.1 mask 255.255.255.255 192.168.1.1
Host B •route add 192.168.1.1 mask 255.255.255.255 10.1.201.1
31
ICMP (1)
 Internet
Control Message Protocol
 ICMP only reports error conditions to the
original source; it does not correct it.
 ICMP Message Format
 Testing Destination Reachability and Status
 Echo Request and Reply
32
ICMP (2)
 Reports
of Unreachable Destinations
 並非所有錯誤均可偵測到，e.g.機器當
掉、網路卡壞掉
 Congestion and Datagram Flow Control
 Source Quench Message
 Route Change Request From Gateways
 Redirect Message
 Detecting Circular or Excessively Long
Routes
 Time Exceeded for a Datagram message
33
ICMP Message Format
IP:
IP Header
ICMP Message
ICMP:
01234567890123456789012345678901
Type
Code
Checksum
Data…..
34
ICMP Type
0: Echo Reply
12: Parameter Problem on
a Datagram
 3: Destination
Unreachable
13: Timestamp Request
14: Timestamp Reply
 4: Source Quench
15: Information Request
 5: Redirect(Change a
(Obsolete)
route)
16: Information Reply
 8: Echo Request
 11: Time Exceeded for a ( Obsolete)
17: Address Mask Request
Datagram
18: Address Mask Reply

35
ICMP Code of Unreachable Destination
0: Network Unreachable
 1: Host Unreachable
 2: Protocol Unreachable
 3: Port Unreachable
 4: Fragmentation Needed
and DF Set
 5: Source Route Failed
 6: Destination Network
Unknown
 7: Destination Host
Unknown

8:
9:
Source Host Isolated
Communication with
Destination Network
Administratively Prohibited
10: Communication with
Destination network
Administratively Prohibited
11: Network Unreachable for
Type of Service
12: Host Unreachable for
Type of Service
36
IP通信協定的特性
 Connectionless
Delivery System
 Unreliable Delivery Protocol
 Lost, Duplicated, Delayed, Out of Order
 依賴其它層的協定來提供Reliable
Service
37
IPv6特色
Plenty
of addresses (one would never run out of
address)
support of billions of hosts
Efficient yet flexible routing
reduce the size of the routing tables
simplify the protocol for high performance routing
process
Provide better security
Support of real-time data
Allow multicasting with specified scope
Allow a host to roam without changing its address
Allow protocol to evolve in the future
Allow the coexistence of the old and new protocols
38
IPv4 Header
20 Octets+Options : 13 fields, include 3 flag bits
Changed
0 bits
Ver
4
8
IHL
16
24
Service Type
Identifier
Time to Live
Removed
Total Length
Flags
Protocol
31
Fragment Offset
Header Checksum
32 bit Source Address
32 bit Destination Address
Options and Padding
39
IPv6 Header
40 Octets, 8 fields
0
4
Version
12
Class
16
24
31
Flow Label
Payload Length
Next Header
Hop Limit
128 bit Source Address
128 bit Destination Address
40
IPv6 Extension Headers
• IP options have been moved to a set of optional Extension
Headers
• Extension Headers are chained together
IPv6 Header TCP Header
Application Data
Next = TCP
IPv6 Header Routing Hdr
Next = Routing
TCP Header
Application Data
Next = TCP
IPv6 Header Security Hdr Fragment Hdr TCP Header
Next = Security Next = Frag
Next = TCP
Data
Frag
41
Transmission Control Protocol
 TCP Segment
Format
 Reliable Delivery Service
 Positive Acknowledgement with
Retransmission
 Sliding Windows
 Establish a TCP Connection
42
TCP Segment Format
01234567890123456789012345678901
Source Port
Destination Port
Sequence Number
Acknowledgment Number
Data
Reserved
Offset
U
R
G
A
C
K
P
S
H
R
S
T
S
Y
N
F
I
N
Checksum
Windows
Urgent Pointer
Options & padding
DATA
43
Port Numbers
Application
Layer
Transport
Layer
H
T
T
P
F
T
P
80
21
T
E
L
N
E
T
23
TCP
S
M
T
P
D
N
S
T
F
T
P
S
N
M
P
R
I
P
25
53
69
161
520
Port
Numbers
UDP
44
TCP Port Numbers
Source
Port
Dest.
Port
…
Telnet Z
Host Z
Host A
SP
DP
1028
23
…
Dest. port = 23.
Send packet to my
Telnet
application.
45
Reliable Delivery Service of
TCP (1)
Stream Orientation
 Instead of Lost, Duplicated, and Out of Order
 Virtual Circuit Connection
 Clients Connect and Servers Listen/Accept
 Ports and Connections
 Buffered Transfer
 TCP will buffer data to make transfer more
efficient
 Provides a push mechanism that applications
use to force a transfer

46
Reliable Delivery Service of
TCP (2)
 Unstructured
Stream
 TCP does not show packet boundaries to
applications
 Full Duplex Connection
 Think of it as two independent streams
joined with piggybacking mechanism
47
Acknowledgement and Retransmission
???
48
Sliding Windows (1)
 Packets:
1 2 3 | 4 5 6 7 8 | 9 10 11 12 13 =>
done windows Not Sent
 1-3 sent and ACKED
 4-8 in window and sent but not ACKED
 if ACK arrives, sender slides window up
 Recv controls sliding window and views
that as available buffering, can stop sending
by telling its window size is 0 in ACK
49
Sliding Windows (2)
 To
make stream transmission more efficient
than a simple positive acknowledgement
protocol
 Variable windows size and flow control
 Congestion Control
 Allowed-window = min (receiveradvertisement, congestion_window)
 Multiplicative decrease congestion
avoidance
 Slow-start (additive) Recovery
50
TCP Three Way Handshake-1
51
TCP Three Way Handshake-2
52
TCP Three Way Handshake-3
53
TCP Session Termination-1
Host A
1
Host B
FIN
(seq=m)
54
TCP Session Termination-2
Host A
1
Host B
FIN
(seq=m)
ACK m+1
2
55
TCP Session Termination-3
Host A
1
Host B
FIN
(seq=m)
ACK m+1
2
FIN (seq=n)
3
56
TCP Session Termination-4
Host A
1
4
Host B
FIN
(seq=m)
ACK m+1
2
FIN (seq=n)
3
ACK n+1
57
User Datagram Protocol (UDP)
 UDP Message
Format
 IP with
Ports
 Unreliable Connectionless Delivery
 Works fine just on a local network
58
UDP Message Format
0
1
2
3
01234567890123456789012345678901
Source
Port
Destination
Port
Length
Checksum
Data...
59
Internet Applications
 Telnet:
Remote Terminal Access
 FTP: File Transfer Protocol
 SMTP: Simple Mail Transfer Protocol
 POP3: Post Office Protocol 3
 HTTP: Hyper Text Transfer Protocol
 NNTP: Network News Transfer Protocol
 DNS: Domain Name Service
60