1.42k likes | 1.82k Vues
Networking Overview. TCP/IP. TCP/IP == Transmission Control Protocol/Internet Protocol Almost ubiquitous protocol for communication over network Many other networking protocols ATM, X.25, SS7, Sonet,… But TCP/IP has taken over the world. TCP/IP. Here, a brief overview of TCP/IP
E N D
Networking Overview Networking Overview 1
TCP/IP • TCP/IP == Transmission Control Protocol/Internet Protocol • Almost ubiquitous protocol for communication over network • Many other networking protocols • ATM, X.25, SS7, Sonet,… • But TCP/IP has taken over the world Networking Overview 2
TCP/IP • Here, a brief overview of TCP/IP • For more info, see, for example, • Computer Networks, Tanenbaum • Computer Networks and Internets, Comer • Computer Networking: A Top Down Approach Featuring the Internet, Kurose and Ross • TCP/IP Protocol Suite, Forouzan Networking Overview 3
Why TCP/IP? • Almost everywhere • Author developed payphone billing protocol in 1992 • Used X.25, later ported to SS7 • Today would almost certainly use TCP/IP • TCP/IP makes the world “extremely hackable” Networking Overview 4
OSI Reference Model • In 1980, ISO developed OSI • Computer communication over network • Protocol layering • Breaks problem into small parts • Layer provides service to next higher • Modular • Makes it easy, for example, to replace Ethernet with wireless Networking Overview 5
OSI Reference Model • Layer 7 --- Application Layer • Links application to the communication channel • Layer 6 --- Presentation Layer • How to represent bits for transmission • Layer 5 --- Session Layer • Coordinate (multiple) sessions • Layer 4 --- Transport Layer • Logical channel between systems Networking Overview 6
OSI Reference Model • Layer 3 --- Network Layer • Move data from host-to-host, across network core (interconnected mesh of routers) • Layer 2 --- Data Link Layer (or Link Layer) • Move data across one “hop” • Layer 1 --- Physical Layer • Transmit bits across a physical link (fiber optic, copper cable, wireless, etc.) • Note: Layers 7,6,5 often treated as one Networking Overview 7
TCP/IP, Our Hero • Layers from TCP/IP’s perspective… • Application Layer --- Program trying to communicate using TCP/IP • E.g., email servers, SSH client and server, etc • Transport Layer --- Includes TCP and UDP • TCP provides reliable delivery • UDP is “bare bones” transport layer protocol Networking Overview 8
TCP/IP, Our Hero • Network Layer --- Based on IP • Deliver packets from end-to-end • To be cool, you must say “layer 3” • Data Link Layer --- One hop • “Layer 2” • Physical Layer --- The physical media Networking Overview 9
TCP/IP Protocol Stack • TCP/IP synonymous with transport layer and network layer (combined) • For example… Networking Overview 10
Layering (Again) • Each layer adds some info • Usually added to beginning, so called a header Networking Overview 11
Terminology • Application layer packet • Transport layer TCP segment (for example) • Network layer IP datagram • Data link/physical layer(s) frame • We may use “packet” for all of these Networking Overview 12
TCP/IP • Protocols: TCP, UDP, IP, ICMP • Defined in RFCs 791 thru 793 • Developed for academic research • No thought of security • No confidentiality, integrity, authentication, … Networking Overview 13
TCP/IP and Security • Originally, no security in TCP/IP • Any security provided by applications • But TCP/IP retrofit for security • IPSec --- security at the “IP layer” • “Built in” security for applications • IPSec is a bloated and complex protocol Networking Overview 14
TCP • TCP provides reliable delivery • Most familiar apps use TCP • Web browsing (HTTP) • Secure shell (SSH) • File transfer (FTP) • Email (SMTP, POP, IMAP) • Etc., etc., etc. • For most apps, TCP saves a lot of work Networking Overview 15
TCP Header • Every TCP packet includes header Networking Overview 16
TCP Port Numbers • Source port, destination port • 16-bit numbers • Tells which “door” to send data to • Source == outgoing “door”, etc. • Server application “listens” on a port • Listening ports are open • Non-listening ports are closed Networking Overview 17
TCP Port Numbers • Examples of well-known ports • TCP port 21 --- FTP • TCP port 22 --- SSH • TCP port 23 --- telnet • TCP port 25 --- SMTP • TCP port 80 --- HTTP • TCP port 6000 --- The X Window System (X11) • Note these ports are used by convention • Could use 8080 for HTTP and not get arrested • But both client and server must know this Networking Overview 18
Ports • Example • Note that attackers want to know which ports (“doors”) are open Networking Overview 19
Ports • To see which ports are in use • Locally, use netstat -na Networking Overview 20
TCP Control Bits • Control bits or flags • For “3-way handshake”, and other special things Networking Overview 21
TCP Control Bits • Originally, 6 control bits • URG --- urgent data, give it priority (or not…) • ACK --- acknowledge earlier data • PSH --- push data thru now • RST --- reset the connection, due to error or an interruption (abnormal termination) • SYN --- synchronize sequence numbers • FIN --- no more data, so tear down connection Networking Overview 22
TCP Control Bits • Two additional control bits • CWR --- congestion window reduced; due to network congestion, reduced window size • ECE --- explicit congestion notification echo; connection is experiencing congestion • For congestion control issues Networking Overview 23
TCP 3-Way Handshake • Used to establish TCP connection • Note sequence numbers: ISNA and ISNB • ACK and SYN flag bits used here Networking Overview 24
TCP 3-Way Handshake • Establishes “connection” • Sequence numbers enable TCP to • Make sure all packets arrive • Make sure all packets delivered in order • FIN bit used when session torn down • RST used to end in “error” cases Networking Overview 25
Other Fields in TCP Header • Data offset --- where the data begins • Reserved --- reserved for future use (or for clever attackers…) • Window --- controls number of outstanding packets; prevents one side from sending too fast (flow control) • Checksum --- error detection (uses CRC) Networking Overview 26
Other Fields in TCP Header • Urgent pointer --- if URG flag set, tells where the urgent data is located • Options --- additional info (e.g., the max size of packet); variable size • Padding --- used to make things line up on 32-bit boundaries Networking Overview 27
UDP • UDP == User Datagram Protocol • Minimal “no frills” transport protocol • Does minimum possible • “Connectionless” • No flow control, no congestion control, packets can be out of order, not arrive, … • UDP == Unreliable Damn Protocol Networking Overview 28
UDP • Why use UDP? • Low overhead • 8 byte header vs 20 bytes (or more) for TCP • No congestion control/flow control • How can this be good? Networking Overview 29
Where is UDP Used? • Streaming audio/video • Some packet loss is OK • Example: Real Player, UDP port 7070 • Apps where low overhead is useful • Trivial FTP (TFTP), UDP port 69 • Simple Network Management Protocol (SNMP), UDP port 161 Networking Overview 30
FTP vs UDP • Which is more secure? • With UDP, more work for firewalls • Hard to track “connections” • Example: Slammer worm fit into one 376-byte UDP packet; got thru firewalls • But neither TCP nor UDP offer any “real” security (confidentiality, etc.) Networking Overview 31
IP • IP == Internet Protocol • Not “intellectual property” • IP is the network layer protocol today • Mostly IPv4 • IPv6 used a little bit --- offers more addresses and more security • Here, we focus on IPv4 Networking Overview 32
IP Header • Note that source and destination addresses each 32 bits Networking Overview 33
What is a Network? • LAN == Local Area Network • LANs are building blocks of networks • LAN is bunch of computers connected together by hub, switch, wireless, … • No router between computers on a LAN • Usually, small geographic area Networking Overview 34
What is a Network? • LANs are connected by routers • Routers move packets between LANs Networking Overview 35
IP Addresses • IP addresses are 32 bits • Identify hosts (computers) on network • Written in “dotted decimal” notation • Author calls it “dotted quad” notation Networking Overview 36
IP Addresses • Every IP packet has source and destination IP addresses • Every IP address has 2 parts • One part identifies the network (LAN) • One part identifies the specific host • Makes routing more efficient • But which part is which? Networking Overview 37
Netmasks • Leftmost bits are network part of address • Netmask (subnet mask) often used • Uses “AND” operation • Classless Inter-Domain Routing (CIDR) notation • 10.21.0.0/16 Networking Overview 38
Packet Fragmentation • Link may accept packet of max length • What if packet is too big? • Fragmentation! • Router chops packet into pieces • Reassembled at destination • Fields in IP header identify fragments (and how to reassemble them) Networking Overview 39
Fragmentation Bits • Don’t fragment bit • 0 == OK to fragment, 1 == don’t fragment • More fragments bit • 0 == last fragment, 1 == more fragments • Fragmentation opens door to attacks • Firewalls/IDS do not like fragments Networking Overview 40
Other Stuff in IP Header • Version --- IPv4 or IPv6 • Hlen --- total length of IP header • Service Type --- for quality of service • Total Length --- length of data and header • Identification --- for fragment reassembly • Flags --- don’t fragment, more fragments, … • Fragmentation Offset --- how to reassemble fragments Networking Overview 41
Other Stuff in IP Header • Time-to-Live (TTL) --- max number of “hops” remaining before packet dies • Protocol --- TCP or UDP • Header Checksum --- error detection in header (recomputed at each router) • Source IP Address --- “from” • Destination IP Address --- “to” • Options --- e.g., “source routing” • Padding --- pad length to multiple of 32 bits Networking Overview 42
ICMP • Internet Control Message Protocol • Like the “network plumber” • Host uses ICMP to see if another host is alive and responding • Router uses ICMP to tell source it does not know how to route a packet • Host can tell another host to stop sending data so fast, etc., etc. Networking Overview 43
ICMP • Same packet format as IP • Protocol field is set to 1 • Many ICMP message types • Common types listed on next 2 slides Networking Overview 44
ICMP • Name (type number) --- explanation • Echo reply (0) --- response to ping • Destination unreachable (3) --- IP packet cannot be delivered (sent by router or host) • Source quench (4) --- slow down! • Redirect (5) --- send data to different router • Echo (8) --- ping (is system responding?) Networking Overview 45
ICMP • Message, type number, explanation • Time Exceeded (11) --- TTL exceeded, or problem reassembling fragments • Parameter Problem (12) --- bad parameter • Timestamp (13) --- request system’s time • Timestamp Reply (14) --- send system time • Information Request (15) --- used to determine which network a host is on • Information Reply (16) --- network IP address Networking Overview 46
Routing Packets • How routers get packets thru network • Like Little Red Riding Hood trying to find the best path to grandma’s house • Dynamic routing protocols • RIP, OSPF, BGP • As if trees in the forest calculate best path and tell Red which way to go Networking Overview 47
Routing Packets • Static routing protocols • Hard-coded routes • Red always has to go the same way • Source routing • Source specifies route in packet • Step-by-step directions to Grandma’s house tattooed on Red’s forehead Networking Overview 48
NAT • Network Address Translation • Address-related problems • Not enough IP addresses to go around • Internal network uses “illegal” or unroutable (private) addresses • Solutions: NAT • Gateway (i.e., router or firewall) “translates” addresses Networking Overview 49
NAT • Outgoing --- gateway replaces internal address with valid IP address • Incoming --- gateway replaces valid IP address with internal address • Note that gateway must remember! Networking Overview 50