1 / 42

Computer Networks II

Computer Networks II. By: Ing. Hector M Lugo-Cordero, MS. What is a network?. Collection of computers interconnected to share resources A network does not mean Internet access Exposes security issues. OSI Model Layers. Physical (repeaters/hubs): signals Data Link (bridges/switches): frame

phillipa-mark
Télécharger la présentation

Computer Networks II

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Networks II By: Ing. Hector M Lugo-Cordero, MS

  2. What is a network? • Collection of computers interconnected to share resources • A network does not mean Internet access • Exposes security issues

  3. OSI Model Layers • Physical (repeaters/hubs): signals • Data Link (bridges/switches): frame • Network (routers/L3switches): packet • Transport: segment • Session • Presentation • Application: data

  4. Network Layer • Is responsible of two tasks: • Pre-routing: creates optimal routes from one end node to another storing them in a routing table • Post-routing: communicates data through the network using IP Address (Postal Office) • Communication pattern • Unicast: one source, one destination • Multicast: one source, multiple destination • Broadcast: one source, all destination

  5. IP Addresses • Identify nodes in a network in combination with the subnet mask • Is divided into classes, each one has some private ranges • A (1 – 127) • Private: 10.x.x.x and 127.x.x.x (localhost) • Default subnet mask: 255.0.0.0 • 24.0.0.0/8 Cable Television Networks • B (128 – 191) • Private: 172.16.x.x – 172.31.x.x • Default subnet mask: 255.255.0.0 • C (192 – 223) • Private: 192.168.x.x • Default subnet mask: 255.255.255.0 • E (240 ) • Reserved for future use

  6. Multicast IP Addresses • Class D (224 – 239) • 224.0.0.0 – 224.0.0.255 (Reserved) • 224.0.0.5 (OSPF Routers) • 224.0.0.6 (OSPF Designated Routers) • 224.0.0.9 (RIP Routers) • 224.0.1.0 – 238.255.255.255 (global) • 239.0.0.0 – 239.255.255.255 (local) • A widely used multicast protocol is • Protocol Independent Multicasting (PIM) • Uses multicast address 224.0.0.13

  7. Sub-netting • Sub-netting is using host bits to create subnets • Increases the number of networks that can exist • Good if we want a lot of networks and fewer hosts

  8. Super-netting • Super-netting is using network bits to increase the number of hosts • Good if we have a single network and need to increase its size to support more hosts • Good in combination with vlans • Used in our department

  9. Interface Configuration (Cisco) • Router (config)# interface <interface_name> <interface_number> • Router (config-if)# duplex full • Router (config-if)# speed 100 • Router (config-if)# ip address <address> <netmask> • Router (config-if)# no shutdown • Router (config-if)# no keep-alive

  10. NAT/PAT • Network Address Translation • Enables address translation from one interface to another • Typically this translation is from private to public for local computers accessing the Internet • When overloaded uses one single IP for many computers by changing the source port • Known as Port Address Translation

  11. NAT/PAT Configuration (Cisco) • Static: • ip nat source static <addr> <new_addr> • ip nat source static network <addr> <new_addr> • Dynamic: • ip nat pool <NAME> <start_addr> <end_addr> netmask <mask> • ip nat source list <acl_num> pool <NAME> [overload] • The overload command is used to configure PAT • Then go to interface and say if it is inside or outside • Router (config-if)# ip nat <inside> | <outside>

  12. Routing Protocols • Routing Information Protocol (RIP) • 224.0.0.9 • Open Shortest Path First (OSPF) • 224.0.0.5 and 224.0.0.6 • Optimal Link State Routing (OLSR) • Ports 698 and 255.255.255.255 (limited broadcast) • Ad hoc On-Demand Distance Vector (AODV) • Used on ZigBees Modules (IEEE802.15.4)

  13. Routing Configuration (Cisco) • Router (config)# router rip • Router (config-router)# network <base_address> • Router (config-router)# version 2 • Router (config-router)# end • Router # show ip route • FOR STATIC ROUTE USE: • Router (config)# ip route <dest_address> <dest_mask> <next_hop> | <if_name>

  14. Sub-Interfaces • Enable having multiple interfaces on one single router port • Useful for interconnecting vlans • Physical properties of the interface must be configured in the main interface (e.g. speed, duplex, no shutdown)

  15. Sub-Interfaces Configuration (Cisco) • Router (config)# interface fa 0/0.1 • Router (config-if)# ip address <addr> <mask> • Router (config-if)# encapsulation dot1Q # • Router (config-if)# no shutdown

  16. Router Security • Remote login • Set password on all vty interfaces • Some routers allow TELNET as well as SSH remote sessions • Firewalls • Control what kind of traffic passes through you network • Access Control Lists (Cisco) • 1 – 99 and 1300 – 1999 (standard ACL) • 100 – 199 and 2000 – 2699 (extended ACL) • 700 – 799 and 1100 – 1199 (MAC ACL) • Iptables (Linksys with Openwrt)

  17. ACL Configuration (Cisco) • Standards (can only evaluate source) • Apply it as close to the destination as possible • For a specific host • Router (config)# access-list <num> [deny | permit] host [address | hostname] • For a network • Router (config)# access-list <num> [deny | permit] [address | hostname] [wildcard] • Can be used for specific host • In general • Router (config)# access-list <num> [deny | permit] any • There is an implicit deny any at the end of all ACLs

  18. ACL Configuration (Cisco) • Extended (source and destination) • Apply it as close to the source as possible • For a specific host • Router (config)# access-list <num> [deny | permit] [proto] host [address | hostname] [info for destination optional] [lt |gt | eq | neq] • For a network • Router (config)# access-list <num> [deny | permit] [proto] [address | hostname] [wildcard] [info for destination optional] [lt |gt | eq | neq] • Can be used for specific host • In general • Router (config)# access-list <num> [deny | permit] [proto] any [info for destination optional] [lt |gt | eq | neq] • There is an implicit deny any at the end of all ACLs

  19. ACL Configuration (Cisco) • MAC (evaluates the MAC address) • Apply it in the same network where the node is connected, since mac are local addresses • Router (config)# access-list <num> [deny | permit] <mac_addr>

  20. ACL Configuration (Cisco) • Applying ACLs • Go to the interface and type • Router (config-if)# access-group <num> [in | out] • If interface is vty (TELNET) • Router (config-line)# access-class <num> [in | out] • Important to know • Applying an ACL that is not created does nothing, all traffic is accepted • Applying an empty ACL blocks everything, remember the implicit deny any

  21. iptables Configuration (Linksys) • iptables [-t table] command [match] [target/jump] • -t table is used to specify the table to be configured, if none then filter table is used • iptables –P FORWARD DROP • -P flag set the default policy in case no rule is matched

  22. iptables Configuration (Linksys) • Commands • -A is for appending a new rule to a chain • -D is for deleting a new rule from a chain • -L list all rules on a chain • -F flushes a specific chain • -N creates a new chain on the specified table • -X removes a chain from a table • -E rename chain • -P set default action for a chain • Built in chains • input, output, forward, prerouting, postrouting

  23. iptables Configuration (Linksys) • Matches • -p protocol (e.g tcp, udp, icmp) • -s source ip • -d destination ip • -i in interface • -o out interface • -sport source port • -dport destination port • -mac-source source mac

  24. iptables Configuration (Linksys) • Jumps/target • -j ACCEPT • -j DROP (it is better to use reject) • -j REJECT • -reject-with • icmp-net-unreachable • icmp-host-unreachable, • icmp-port-unreachable • icmp-proto-unreachable • icmp-net-prohibited • icmp-host-prohibited • tcp-reset

  25. iptables Configuration (Linksys) • Examples • iptables –F INPUT • iptables –P INPUT ACCEPT • iptables –A INPUT –dport 23 –j REJECT • Blocks all incoming telnet traffic • iptables –A INPUT –s 10.0.0.1 –dport 23 –j ACCEPT • Accepts all incoming telnet traffic from 10.0.0.1, we should put this first • For more on protocols and services • /etc/protocols • /etc/services

  26. Wireless Mesh Networking • Configure mesh router in ad-hoc mode • Install routing protocol such as OLSR on router • Terminal nodes should be in ad-hoc mode as well

  27. Wireless Mesh Networking Router PC In Linux may also use: sudo iwconfig eth1 mode ad-hoc

  28. IPv6 • New IP family with more ip addresses • 128 bits instead of 32 • Hex notation instead of decimal notation • Travels using ip tunnels • Router (config-if) # ipv6 … • Does not require MAC layer header • IPv6 link local address is derived from MAC address Step 1 Step 2

  29. OSPFv3 • OSPF version for the IPv6 family • Is configured inside of the interface • Router (config-if)# ipv6 ospf area <area_number> • Need to configure another ip routing protocol (e.g. ospf, rip) • Need to activate ipv6 routing in global configuration mode • Router (config)# ipv6 unicast-routing

  30. Transport Layer • Ensures connectivity between two end nodes independent of their route • Uses ports (doors) to keep connectivity • Two protocols are widely used • User Datagram Protocol (UDP) • Transport Control Protocol (TCP)

  31. Transport Protocols • UDP uses datagram connection to send information faster but does not guarantee delivery and end node has to put segments in order • TCP uses virtual circuit ensuring that all segments arrive at destination and in order, however it takes more time. Uses triple handshake

  32. Protocols Implementation • Stop and wait protocol • Wait for an ACK before sending the next packet • Slow procedure • Window protocol • Send a sequence of frames and if retransmission is made retransmit from ACK number forward • Does not retransmit frames with id less than ACK number • More common type of transport protocol (e.g. TCP)

  33. Port Forwarding • Transport layer technique that involves transferring segments from one port to another so that the other port deals with it • Ex. Pass from port 80 (http) to 21 (ftp)

  34. Port Numbers • FTP TCP 20, 21 • SSH TCP 22 • TELNET TCP 23 • SMTP TCP 25 • DNS UDP 53 • DHCP UDP 67, 68 • TFTP UDP 69 • HTTP TCP 80 • MYSQL TCP 3306 • RTP UDP 5004 • RTCP UDP 5005 • VoIP UDP ≥ 1024 • IPTV UDP ≥ 1024 • Online Games UDP ≥ 1024

  35. Applications • Session Layer is in charge of scheduling in a multi-user computer who utilizes the network • Presentation Layer is in charge of formatting the data depending on the application (JPG, MP3, DOC, etc) • Application Layer is in charge of providing interaction with users

  36. Dynamic Host Configuration Protocol (DHCP) • Is able to pass multiple parameters to nodes • IP Address • Subnet Mask • Default Gateway • DNS Servers, etc.

  37. File Transfer Protocol (FTP) • Application protocol for downloading files • Uses two TCP ports • 20 for establishing connection • 21 for downloading the file itself • It has a faster but less reliable version for UDP called TFTP (Trival FTP) • Uses port 69

  38. Domain Name Service (DNS) • Translates computer names to ip addresses • Makes networks, websites and servers/hosts easier to remember • Uses UDP port 53

  39. Telecommunications Network (Telnet) vs Secure Shell (SSH) • Both enable remote control of a machine • Telnet is not secure • telnet rumad.uprm.edu • tcp port 23 • Secure shell uses encryption to send data • ssh rumad.uprm.edu? • tcp port 22

  40. Packet Sniffer • A network tool that allows a network administrator to monitor what kind of traffic is passing through the network • Can sniff through different interfaces and log the results • Can apply filters to the packets • Can analyze packets by layers

  41. Ping • A network tool to test connectivity with a remote host (all the way up to the application layer) • Should be the first thing to be checked (after the power and cable of course) • Can be used for a denial of service attack • Some routers have extended ping

  42. Traceroute • A network tool that allows the administrator to see hop by hop how to reach a destination and know where the connectivity is being lost

More Related