tcp-ip

Document Sample
tcp-ip Powered By Docstoc
					Network Design
     and
 Management


   Willis F. Marti
        Understanding TCP/IP -
               Agenda

•   Introduction to the Internet Suite
•   Core Protocols
•   Management Protocols
•   Application Protocols
•   Protocols in Operation
•   Firewalls & Security
•   Routing Protocols
•   Issues/Futures
   Introduction to the Internet
              Suite

• Brief History
• Overview of the Architecture
• References
  Brief History & Status of the
             Internet

• US DoD
• Research Organizations
• Operational Separation
  – MILNET
  – ARPANET
• NSFNet
• Commercialization
• Anarchy ?
                      History

• What is an Internet?
• Other contemporary communications
  architectures
• Defense Advanced Research Project Agency
  (DARPA)
  – 1969 network of four universities
  – TCP/IP in mid-1970‟s
                   History, cont.

•   Growth of military and research use
•   “Operational” net in 1983
•   Berkeley networking
•   National Science Foundation (NSF) 1985/6
     – Supercomputer centers
     – Start of regional networks
• Transition to open access 1990 -- ?
       (Partial) TCP/IP Stack

FTP


      TELNET      DNS

 TCP                        UDP



                     IP           ICMP
 ARP
      DIX Ethernet or ...
  Example: OSI & the Internet

Application            NFS

Presentation          XDR


Session                RPC

Transport              UDP


Network                IP


 Data/Link           DIX Ethernet

 Physical              IEEE 802.3
            TCP/IP Architecture

• Theme: Communication over unreliable,
  heterogenous infrastructure

• Universal Service

• Standards, not Implementations

• aka Internet Suite
          Universal Service

• Virtual Network

• Arbitrary Connectivity

• IP -- One address end-to-end

• Meaning of Hosts
              References TCP/IP
• Overall -- Douglas Comer
   –   Internetworking with TCP/IP, Vol I, 3d ed.
   –   Internetworking with TCP/IP, Vol II
   –   Internetworking with TCP/IP, Vol III (Sockets), 2d ed
   –   Internetworking with TCP/IP, Vol III (TLI)
• Unix Programming -- W. Richard Stevens
   – Unix Network Programming
   – Advanced Unix Network Programming
• Stevens & Wright
   – TCP/IP Illustrated Vol I
   – TCP/IP Illustrated Vol II
   – TCP/IP Illustrated Vol III
• http://www.qnx.com/~mphunter/tcpip_resources.html
              Core Protocols

•   ARP -- Address Resolution Protocol
•   IP -- Internet Protocol
•   ICMP -- Internet Control Message Protocol
•   UDP -- User Datagram Protocol
•   TCP -- Transmission Control Protocol
•   DNS -- Domain Name System
•   FTP -- File Transfer Protocol
•   TELNET -- Connectivty Application
                          ARP

• Address Resolution Protocol {translate network
  layer address to physical address}


• Part of general resolution procedure:

                    name {e.g., neuron.cs.tamu.edu}
        DNS

                    IP Address {e.g., 128.194.133.1}
        ARP

                    Ethernet address {e.g., 08:00:20:08:58:78}
                   IP and ICMP

• IP is the “Duct Tape” for the Internet
   – More details later


• ICMP is an Internal protocol to IP

• ICMP provides several services to network
  managers
   – ping
   – traceroute
              IP Functionality

•   Presents single, virtual network to user
•   Connectionless Delivery
•   Packet Routing
•   Interface to Lower Layers
                    IP Addresses
• “Dotted Decimal”
   32 bit (4 byte) address, written by taking each
     byte as an unsigned number
• Address Classes                 [first octet]
   – A - <net> < > <host> < >         1-126
   – B - <net> < > <host> < >         128-191
   – C -< > <net> < > <host>          192-223
   – D - special subset of C          224-239
     multicast
   – E - reserved                     240-254
• Netmask
   – a 32 bit value which, when ANDed with an address, selects
     only the network part
              Netmask Usage
“Do a bitwise AND then compare for equality of
  results”

<src addr> & netmask =?= <dst addr> & netmask


                   Same netmask
if comparison is equal, then both src & dst are
   on same (sub)net.
                      Netmask Examples

S=        128.194.100.10           D=        128.194.200.10
M=        255.255.255.0            M=        255.255.255.0
result    128.194.100.0            result    128.194.200.0
                      Not Equal

S=        128.194.12.10           D=        128.194.12.110
M=        255.255.255.0           M=        255.255.255.0
result    128.194.12.0            result    128.194.12.0
                           ?
 S=        67.194.18.10           D=        67.194.10.10
 M=        255.255.240.0          M=        255.255.240.0
 result    67.194.16.0            result    67.194. 0.0

                            ?
          Special Address Conventions

                                  •   This host
            all 0’s
                                  •   Host on this net
all 0’s               host
                                  •   Limited broadcast
           all 1’s                •   Directed broadcast
 net                   all 1’s    •   Loopback
127        anything (usually 1)
                    Bridges or Routers


                              Address & Netmask
                              1: 131.122.24.12 255.255.255.0
1
                              2: 131.122.31.253 255.255.255.0
                              3: 131.121.18.12 255.255.240.0
            3                 4: 131.121.24.18 255.255.240.0
    A                         5: 131.121.31.254 255.255.240.0


        B                C
2                                  5



        D
                4
                             IP Header
0        4       8                       16      19      24         31

VERS     HLEN    SERVICE TYPE                    TOTAL LENGTH

         IDENTIFICATION                  FLAGS    FRAGMENT OFFSET

TIME TO LIVE         PROTOCOL                 HEADER CHECKSUM

                             SOURCE IP ADDRESS

                       DESTINATION IP ADDRESS

       IP OPTIONS (IF ANY)                                PADDING

                                  DATA

                                   ...
             IP Packet Handling (rcv)

                                                   Sockets

                    Transport Layer (TCP or UDP)

            Other
                        IP


                Link {DIX Type or 802.3 DSAP}



                    Physical
receiving
          IP Packet Handling (xmit)

sending               Local or Non-Local ?


                                             Search Routing
                                             Table
           ARP


                                   Found!            Missing!

          Send locally...
                                                     ICMP Error
                     ICMP
• Reachability

• Redirection

• Information

• “Are you there?”
                  Ping

• ICMP Echo Request/Echo Reply

• Options for:
   – Routing
   – Timing
   – Size
                      Traceroute

• Echo Request/Reply with a twist:
traceroute to falcon.ece.utexas.edu (128.83.196.10),
   30 hops max, 40 byte packets
 1 exit_133 (128.194.133.254) 2 ms 2 ms 2 ms
 2 exit_128 (128.194.128.254) 2 ms 3 ms 2 ms
 3 FDDI-T3.TAMU.EDU (128.194.1.13) 3 ms 3 ms 3 ms
 4 FDDI-WAN.TAMU.EDU (165.91.128.17) 5 ms 4 ms 6 ms
 5 sprint-gw-h1-0.the.net (129.117.16.161) 20 ms 5 ms 5 ms
 6 ut8-h1-0.the.net (129.117.16.241) 8 ms 9 ms 21 ms
 7 129.117.20.12 (129.117.20.12) 7 ms 11 ms 7 ms
 8 ens.gw.utexas.edu (128.83.7.132) 16 ms 23 ms 21 ms
 9 ece-e0.gw.utexas.edu (128.83.249.251) 12 ms 9 ms 9 ms
10 * * *
                          UDP
    • Your basic datagram
    • No acknowledgements, no reliability
    • Why use it?
0                            16                      31

     SOURCE PORT                  DESTINATION PORT

     MESSAGE LENGTH               CHECKSUM

                          DATA

                           ...
        Managing Connections

•   Addressing
•   Identifying duplicate TPDUs
•   Three-way handshakes
•   Flow control
•   Crash recovery (largely ignored)
                    TCP

• Reliable, sequenced stream of bytes
• Virtual circuit
• Buffered transfer
• Unstructured
• Full Duplex
• Positive Acknowledgements w/
  Retransmission
• Sliding Windows
                     TCP Features
•   A protocol, not a package
•   Ports (Well Known Ports)
•   Out of Band, or URGENT, data
•   Timeouts
     – RTT Estimation (Karn‟s Algorithm)
• Congestion
     – Slow-Start Methodolgy
• Limitations
                         TCP Header
0    4              10             16             24             31

    SOURCE PORT                         DESTINATION PORT

                         SEQUENCE NUMBER

              ACKNOWLEDGEMENT NUMBER

HLEN RESERVED       CODE BITS                 WINDOW

         CHECKSUM                          URGENT POINTER

           OPTIONS (IF ANY)                            PADDING

                                DATA

                                 ...
 TCP Connection Management

• Three Way Handshake
  – SYN, SYN/ACK, ACK
• May be viewed as two Simplex connections
• Window management
  – Advertising Zero Window Size
  – Nagle‟s algorithm
  – Silly Window Syndrome
       Domain Name System

• A heirarchial, distributed database
• A service primarily aimed at mapping names
  to IP addresses
• Partitioned for ease of administration
         DNS Structure (partial)
                               .

                                                  gov
          edu                  com




utexas          tamu               ibm




                   cs                    austin


         mac1          solar             mac1
          DNS -- How it Works

•   DNS Servers in a logical tree
•   DNS clients on every host
•   Iterative Queries
•   Recursive Queries
                   TCP or UDP?

• Application developers have to pick a
  Transport protocol

• TCP
   – Simplicity
   – Reliability
• UDP
   – Network „Awareness‟
   – Low Overhead


• FTP vs FSP
      Management Protocols

• Information Gathering

• System Start up

• Address Management
                Decent Books


• Network Management Standards 2d ed
   – Uyless Black
• The Simple Book, 2d ed
   – Marshall T. Rose
• Communication Networks Management, 2d ed
   – Kornel Terplan
• Internetworking with TCP/IP, Vol I, 3d ed
   – Douglas E. Comer
         Network Management
              Definition

"...deploying and coordinating resources in
order to plan, operate, administer, analyze, evaluate,
design and expand communication networks to
meet service-level objectives at all times, at a
reasonable cost, and with optimum capacity."
      Network Management
        Functional Areas

• Fault Management
 detect -- diagnose -- repair
•Configuration/Name Mgmt
 a database problem...
•Performance Mgmt
 measure and predict
•Accounting Mgmt
 look at individual usage
•Security Mgmt
 access control and encryption
    Management Information
          Protocols

• SNMP - Simple Network Management
  Protocol
  – Internet
• CMIP - Common Management Information
  Protocol
  – ISO
• TMN - Telecommunications Management
  Network
  – ITU-T
       Management Protocols
           Philosophy

• SNMP - Simple Network Management
  Protocol
  – keep it simple! (cf the Internet toaster)
• CMIP - Common Management Information
  Protocol
  – the bazaar: whatever you want
• TMN - Telecommunications Management
  Network
  – actually a separate network specification
   SNMP vs CMIP {round 1}

SNMP                      CMIP




        Requirements from
        various vendors and
        user communities
        ISO Management Overview
Fault      Configuration Performance Security Accounting
Management Management Management Management Management



               System Management Functions
Object Mgmt Alarm Mgmt Event Report Mgmt Workload Monitoring
State Mgmt Log Control Security Alarm        Security Reporting
Measurement Summarization         Bill Verification   Billing
Resource Utilization     Test Mgmt                    Relation Mgmt




                      CMISE Services
Initialize Event Report   Terminate        Action Create Abort
Set Get Delete Cancel     Confirmed Event Report Confirmed Get
         SNMP Architecture

• Keep the agent as simple as possible
• Support remote management operations to
  the fullest extent possible
• Plan for future additions & expansion
• Be independent of specific hosts or devices
• Operate at the Application level
    Internet Management Model


                      Managed
              Agent
                      Entities

Network
Management

              Proxy      Managed
              Agent      Entities
                           SNMP

• Intersection of vendor/user requirements
• Few „verbs‟:
   –   get / get-next
   –   get-bulk {SNMPv2}
   –   set
   –   trap
• Polled, Master-Slave, Request-Response
                SNMP Format

• <header><verb><value><variable>[<verb><value><variable>]
• ASN.1 subset to describe value format
• MIB-II{Management Information Base} to
  identify variables
• UDP as a Transport layer
• Now out! SNMPv2
                 The MIB

• Standard set of data for managing network
  devices
• Variable names are part of the ISO/CCITT
  object identifier namespace
• Provides globally unique identifiers
• Variables governed by Structure of
  Management Information (SMI) specification
        Accessing MIB Data

• SNMP Communities
• SNMP Views
• SNMP Authentication
      Abstract Syntax Notation 1
               (ASN.1)
• Data Structures
• Abstract Syntax
• Transfer Syntax
• International Standard 8825
• Notation used to encode, transfer and decode
  data structures across a wide range of
  applications
• Both connection-oriented and connectionless
  primitives
    Example SNMP PDU using
             ASN.1
SEQUENCE       len=41 INTEGER          len=1 vers=0
   30          29         02           01       00
string len=6 p         u      b        l        i           c
   04    06    70      75     62       6C       69          63
getreq. len=28 INTEGER len=4 -------request ID----------------
   A0    1c    02      04     05       AE       56          02
INTEGER len=1 status INTEGER len=1 error index
   02    01    00      02     01                00
SEQ.    len=14 SEQ     len=12 objectid          len=8
   30    0E    30      0C     06                08
1.3     6      1       2      1        1        1           0
   2B 06       01      02     01       01       01          00
null    len=0
05      00
            SNMP vs SNMPv2

• History in Brief
• More features (more complex)
• BIG increase in security
  – authentication and integrity
  – access controls
  – security and privacy
• Better access controls in Views
• Trap confirmations
• Knowledge of multiple managers
      Enterprise Architecture

• SNMP is designed for simple, manager-to-
  agent communications
• CMIP is complex and bulky, but complete
• Most Enterprise networks can‟t be managed
  directly from a single place
           Enterprise Management

    CMIP
                                   Separate
    Managers
                                   Organization




SNMP
Managers

Local
Networks
        Start Up {traditional}

• RARP -- Finding basic identity
• BOOTP -- Locating a boot image
• TFTP -- Transferring files

• Problems
  – Security
  – Coordination
       Address Management

• Every node has unique a configuration of
  common software
• Administrator must set these values
  (somehow)
• Every node needs an IP address (sometimes!)
• Duplicates are bad. 
• Dynamic Host Configuration Protocol ...
                      DHCP

• DHCP is a superset of BOOTP
  – extended options
  – address “leasing”: automatic, dynamic, manual
• Can simplify management PC environment
• See RFC 2131, 2132 (supersede older
  versions)
• BOOTP vs DHCP
           Management Tools

•   Packet Analyzer
•   Media Analyzers (TDR, OTDR, BER Tester)
•   RMON devices
•   Hosts (?)
           Software Tools

• Hosted on PCs

• Hosted on Unix Workstations

• Commercial Packages
                Decent Books


• Network Management Standards 2d ed
   – Uyless Black
• The Simple Book, 2d ed
   – Marshall T. Rose
• Communication Networks Management, 2d ed
   – Kornel Terplan
• Internetworking with TCP/IP, Vol I, 3d ed
   – Douglas E. Comer
          Internet Applications

• Connectivity
   – Web
   – Mail
   – Virtual Terminal
• Resource Sharing
   – File Transfer
   – File Sharing
       » NFS
       » SMB
   – Printer Sharing
       » lpd/lpr
       » Novell, Microsoft
         Application Protocols

•   TELNET, etc.
•   SMTP -- Email
•   FTP -- File Transfer
•   HTTP -- the Web
•   SNMP -- Management
•   NFS -- Network File Service
•   SMB -- Server Message Block
•   NNTP {News} and others
    Virtual Terminals - TELNET

• Designed for scroll mode terminals

• Hit a key , 8-bit bytes are sent

• 95 ASCII and 7 control characters legal

• Many other programs put “on top” for
  different options
            Electronic Mail

• Pioneered by ARPANET

• RFC 822 (widely used)

• Simple Mail Transfer Protocol (SMTP)

• Supports only ASCII text

• name@domain addressing
         File Transfer Protocol

• FTP recognizes four file types:
• 1. Image
   – bit by bit transfer
• 2. ASCII
• 3. EBCDIC
• 4. Logical Byte files
   – binary files which use byte size other than 8 bits
   USENET--How to Avoid Life

• Internet compatible (now)

• Variety of newsgroups

• Moderated newsgroups

• NNTP, Network News Transfer Protocol,
  allows selective downloading of messages
  to multiple sites
                     The Web

• “the” killer application for the Internet
• Two components for popularity
   – http combines multiple access (gopher, ftp, etc) methods
   – hypertext interface supports point-and-click interface
• Who will organize the information?
   – No one...
   – Database experts
   – Librarians (!)
           Web Terminology
• Web Browsers
  – Netscape
  – Mosaic
• Web Servers
  – http daemon
      » httd.conf - main server config file
      » srm.con - server resource config file
      » access.conf - global access control file
• Home Page
  – Eg., www.cs.tamu.edu
• HTML
  – HyperText Markup Language
       Protocols in Operation

• Learning by Doing
• Job Assistance:
   – Debugging
   – Programming
• Basis for Learning New Protocols
        Layered Architectures
                 -Principles-


 Separation  of Functions
 Clearly Defined Interfaces
 Peer to Peer Protocols
 Provide Services Up,
 Request Services Down
                    Layering
                                            Message
Message

                        TRANSPORT



                                             Pkts
                                             Packets
          Pkts
          Packets

                         NETWORK

                                    10010111001
          10010111001
                                       {Bits}
             {Bits}         LINK


                         PHYSICAL



                         {Signal}
              Packet Formats
                           Application “Header” Data

                          Presentation “Header” Data

Stream                    Session Header (?)    Data

Packets                    Transport Header     Data

                  Network Header               Data

            Link Header                        Data

  Framing                                      Data
Protocols and Services
    -a better model


n+1                      n+1



n                        n



n-1                      n-1
         Packet Tracing --
        Putting it all together

• Packet tracing: the actions of observing
  packets as they appear on the media and
  deriving the activities occuring on hosts; or,
  knowing the top-level commands issued and
  predicting the packets that will appear on the
  media.
 Motivations for Packet Tracing

• Understanding network protocols
• Debugging your network
• Debugging applications that work over the
  network
            Layer Protocols
DNS
Query                             DNS
                                  Reply


            SYN

               SYN/ACK
Caller                            Callee
                         ACK
            {TCP Establishment}

  ARP
  Request                         ARP
                                  Reply
                   Examples - 1
• Assumptions:
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3

Trace command “DNS Query” initiated on Host A


          A                                B

                           1
                 Answer - 1

Seg   DAE   SAE   “type”      SAIP   DAIP

1     FF    EA    ARP Req     1.2    1.3
1     EA    EB    ARP Reply   1.3    1.2
1     EB    EA    DNS Q       1.2    1.3
1     EA    EB    DNS R       1.3    1.2
                       Examples - 2
    • Assumptions:
    Host A, IP Address 128.194.1.2
    Host B, IP Address 128.194.1.3
    Host C, IP Address 128.194.1.4
    netmask 255.255.255.0
    ARP caches and bridge tables are empty
    All hosts know DNS Server is 128.194.1.3

    Trace command “DNS Query” initiated on Host A
                                                B
C                     A

    2                                     1
                 Answer - 2

Seg   DAE   SAE   “type”      SAIP   DAIP

1     FF    EA    ARP Req     1.2    1.3
2     FF    EA    ARP Req     1.2    1.3
1     EA    EB    ARP Reply   1.3    1.2
1     EB    EA    DNS Q       1.2    1.3
1     EA    EB    DNS R       1.3    1.2
                    Examples - 3
• Assumptions:
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3

Trace command “telnet 128.194.1.3” initiated on Host A


          A                                   B

                            1
                 Answer - 3

Seg   DAE   SAE   “type”      SAIP   DAIP

1     FF    EA    ARP Req     1.2    1.3
1     EA    EB    ARP Reply   1.3    1.2
1     EB    EA    TCP SYN     1.2    1.3
1     EA    EB    SYN/ACK     1.3    1.2
1     EB    EA    TCP ACK     1.2    1.3
                    Examples - 4
• Assumptions:
Host A, IP Address 128.194.1.2
Host B, IP Address 128.194.1.3
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3

Trace command “telnet B” initiated on Host A


          A                                    B

                            1
                 Answer - 4

Seg   DAE   SAE   “type”      SAIP   DAIP

1     FF    EA    ARP Req     1.2    1.3
1     EA    EB    ARP Reply   1.3    1.2
1     EB    EA    DNS Q       1.2    1.3
1     EA    EB    DNS R       1.3    1.2
1     EB    EA    TCP SYN     1.2    1.3
1     EA    EB    SYN/ACK     1.3    1.2
1     EB    EA    TCP ACK     1.2    1.3
                      Examples - 5
• Assumptions:
Host A, IP Address 128.194.1.1
                                                             3
Host B, IP Address 128.194.2.2
Host X, IP Address 128.194.1.254 on segment 1            2       2
Host X, IP Address 128.194.2.254 on segment 2            1       1
netmask 255.255.255.0
ARP caches and bridge tables are empty
All hosts know DNS Server is 128.194.1.3

Trace command “telnet 128.194.2.2” initiated on Host A

                                 X
                A                                 B

                  1                               2
              Examples - 5 cont.

Routing table on A:
Net               Mask      Router
0.0.0.0           0.0.0.0   128.194.1.254
Routing table on B:
Net               Mask      Router
0.0.0.0           0.0.0.0   128.194.2.254


Routing table on X:
Net               Mask      Router
                  Answer - 5
Seg   DAE   SAE   “type”      SAIP    DAIP

1     FF    EA    ARP Req     1.1     1.254
1     EA    EX1   ARP Reply   1.254   1.1
1     EX1   EA    TCP SYN     1.1     2.2
2     FF    EX2   ARP Req     2.254   2.2
2     EX2   EB    ARP Reply   2.2     2.254
2     EB    EX2   TCP SYN     1.1     2.2
2     EX2   EB    SYN/ACK     2.2     1.1
1     EA    EX1   SYN/ACK     2.2     1.1
1     EX1   EA    TCP ACK     1.1     2.2
2     EB    EX2   TCP ACK     1.1     2.2
                                Problem A -1
Use the data and diagram to show the packets resulting from the command "telnet B" being
executed on host C. Assumptions: The diagram consists of 8 numbered ethernet segments,
5 bridges (unlabeled rectangles), two routers (X, Y) and hosts A, B, C. ARP caches are
empty. Tables on bridges are empty. Routing entries are as shown below. Host A is the
DNS nameserver and its IP address is known to all machines.
Netmask for 128.194 is 255.255.255.0.

A- 128.194.15.1, ethernet e1
B- 128.194.99.2, ethernet e2
C- 128.194.12.3, ethernet e3



X- seg 7:128.194.15.100, ethernet e5
   seg 3:128.194.12.100, ethernet e6
Y- seg 8:128.194.99.101, ethernet e7
   seg 4:128.194.12.101, ethernet e8
Problem A - 2
                      Problem A - 3

Host   Network           Netmask         Router
A:     0.0.0.0           0.0.0.0         128.194.15.100

B:     128.194.12.0      255.255.255.0   128.194.99.101

       128.194.15.0      255.255.255.0   128.194.99.101
C:     128.194.15.0      255.255.255.0   128.194.12.100

       0.0.0.0           0.0.0.0         128.194.12.101
X:     128.194.99.0      255.255.255.0   128.194.12.101

       0.0.0.0           0.0.0.0         128.194.12.101
Y:     128.194.15.0      255.255.255.0   128.194.12.100

       0.0.0.0           0.0.0.0         128.194.12.100
               Decode Example - 1

33 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Syn Seq=1011631 Len=0 Win=0


    0: 0000 ef03 efb0 00a0 2435 5343 0800 4500    ........$5SC..E.

   16: 002c 6f03 0000 3c06 f2c2 80c2 8547 cfc8    .,o...<......G..

   32: 4734 07b9 0050 000f 6faf 0000 0000 6002    G4...P..o.....`.

   48: 0000 036d 0000 0204 05a0 0000              ...m........
               Decode Example - 2

36 h-207-200-71-52.netscape.com -> cfl02         TCP D=1977 S=80 Syn Ack=1011632
 Seq=1144453529 Len=0 Win=49152

    0: 00a0 2435 5343 0000 ef03 efb0 0800 4500     ..$5SC........E.

   16: 002c 914c 4000 3206 9a79 cfc8 4734 80c2     .,.L@.2..y..G4..

   32: 8547 0050 07b9 4436 f999 000f 6fb0 6012     .G.P..D6ù...o.`.

   48: c000 0577 0000 0204 05b4 15f8               ...w.......ø
                Decode Example - 3

37 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977    Ack=1144453530 Seq=1011632
  Len=0 Win=2880

     0: 0000 ef03 efb0 00a0 2435 5343 0800 4500    ........$5SC..E.

    16: 0028 6f04 0000 3c06 f2c5 80c2 8547 cfc8    .(o...<......G..

    32: 4734 07b9 0050 000f 6fb0 4436 f99a 5010    G4...P..o.D6ù.P.

    48: 0b40 d1f4 0000 0204 05a0 0000              .@..........
                                        Decode Example - 4
56 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977                   Ack=1144453530 Seq=1011632 Len=374 Win=2880

       0:   0000   ef03   efb0   00a0   2435   5343   0800   4500   ........$5SC..E.
      16:   019e   6f08   0000   3c06   f14b   80c2   8547   cfc8   ..o...<..K...G..
      32:   4734   07b9   0050   000f   6fb0   4436   f99a   5018   G4...P..o.D6..P.
      48:   0b40   a905   0000   4745   5420   2f65   7363   6170   .@....GET /escap
      64:   6573   2f73   6561   7263   682f   696d   6167   6573   es/search/images
      80:   2f68   6f72   697a   6f6e   7461   6c62   6172   2e67   /horizontalbar.g
      96:   6966   2048   5454   502f   312e   300d   0a49   662d   if HTTP/1.0..If-
     112:   4d6f   6469   6669   6564   2d53   696e   6365   3a20   Modified-Since:
     128:   5765   646e   6573   6461   792c   2031   362d   4170   Wednesday, 16-Ap
     144:   722d   3937   2030   303a   3430   3a31   3620   474d   r-97 00:40:16 GM
     160:   543b   206c   656e   6774   683d   3534   0d0a   5265   T; length=54..Re
     176:   6665   7265   723a   2068   7474   703a   2f2f   686f   ferer: http://ho
     192:   6d65   2e6e   6574   7363   6170   652e   636f   6d2f   me.netscape.com/
     208:   6573   6361   7065   732f   7365   6172   6368   2f6e   escapes/search/n
     224:   7473   7263   6872   6e64   2d31   2e68   746d   6c0d   tsrchrnd-1.html.
     240:   0a43   6f6e   6e65   6374   696f   6e3a   204b   6565   .Connection: Kee
     256:   702d   416c   6976   650d   0a55   7365   722d   4167   p-Alive..User-Ag
     272:   656e   743a   204d   6f7a   696c   6c61   2f32   2e30   ent: Mozilla/2.0
     288:   2028   5769   6e31   363b   2049   290d   0a48   6f73    (Win16; I)..Hos
     304:   743a   2068   6f6d   652e   6e65   7473   6361   7065   t: home.netscape
     320:   2e63   6f6d   0d0a   4163   6365   7074   3a20   696d   .com..Accept: im
     336:   6167   652f   6769   662c   2069   6d61   6765   2f78   age/gif, image/x
     352:   2d78   6269   746d   6170   2c20   696d   6167   652f   -xbitmap, image/
     368:   6a70   6567   2c20   696d   6167   652f   706a   7065   jpeg, image/pjpe
     384:   670d   0a43   6f6f   6b69   653a   204e   4554   5343   g..Cookie: NETSC
     400:   4150   455f   4944   3d31   3030   3065   3031   302c   APE_ID=1000e010,
     416:   3132   3336   3139   6130   0d0a   0d0a                 123619a0....
                                Decode Example - 5
58 h-207-200-71-52.netscape.com -> cfl02                         TCP D=1977 S=80      Ack=1012006 Seq=1144453530 Len=280 Win=49152


    0:   00a0   2435   5343   0000   ef03   efb0   0800   4500     ..$5SC........E.
   16:   0140   92eb   4000   3206   97c6   cfc8   4734   80c2     .@..@.2.....G4..
   32:   8547   0050   07b9   4436   f99a   000f   7126   5018     .G.P..D6ù...q&P.
   48:   c000   3e23   0000   4854   5450   2f31   2e31   2032     ..>#..HTTP/1.1 2
   64:   3030   204f   4b0d   0a53   6572   7665   723a   204e     00 OK..Server: N
   80:   6574   7363   6170   652d   456e   7465   7270   7269     etscape-Enterpri
   96:   7365   2f33   2e30   0d0a   4461   7465   3a20   5375     se/3.0..Date: Su
  112:   6e2c   2032   3420   4175   6720   3139   3937   2030     n, 24 Aug 1997 0
  128:   383a   3135   3a33   3820   474d   540d   0a43   6f6e     8:15:38 GMT..Con
  144:   7465   6e74   2d74   7970   653a   2069   6d61   6765     tent-type: image
  160:   2f67   6966   0d0a   4c61   7374   2d6d   6f64   6966     /gif..Last-modif
  176:   6965   643a   2054   7565   2c20   3135   2041   7072     ied: Tue, 15 Apr
  192:   2031   3939   3720   3233   3a34   303a   3136   2047      1997 23:40:16 G
  208:   4d54   0d0a   436f   6e74   656e   742d   6c65   6e67     MT..Content-leng
  224:   7468   3a20   3534   0d0a   4163   6365   7074   2d72     th: 54..Accept-r
  240:   616e   6765   733a   2062   7974   6573   0d0a   436f     anges: bytes..Co
  256:   6e6e   6563   7469   6f6e   3a20   6b65   6570   2d61     nnection: keep-a
  272:   6c69   7665   0d0a   0d0a   4749   4638   3961   0b00     live....GIF89a..
  288:   1400   9100   00ff   ffff   6699   9900   0000   0000     ........f.......
  304:   002c   0000   0000   0b00   1400   0002   0f8c   8f01     .,..............
  320:   cbed   0fa3   9cb4   da8b   b3de   9c17   003b            .............;
               Decode Example - 6

59 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977    Ack=1144453810 Seq=1012006
 Len=0 Win=2880

    0: 0000 ef03 efb0 00a0 2435 5343 0800 4500    ........$5SC..E.

   16: 0028 6f09 0000 3c06 f2c0 80c2 8547 cfc8    .(o...<......G..

   32: 4734 07b9 0050 000f 7126 4436 fab2 5010    G4...P..q&D6..P.

   48: 0b40 cf66 0000 0204 05a0 0000              .@.f........
               Decode Example - 7

60 h-207-200-71-52.netscape.com -> cfl02         TCP D=1977 S=80 Fin Ack=1012006
 Seq=1144453810 Len=0 Win=49152

    0: 00a0 2435 5343 0000 ef03 efb0 0800 4500     ..$5SC........E.

   16: 0028 92ec 4000 3206 98dd cfc8 4734 80c2     .(..@.2.....G4..

   32: 8547 0050 07b9 4436 fab2 000f 7126 5011     .G.P..D6ú...q&P.

   48: c000 1aa5 0000 6915 9192 0000               ......i.....
               Decode Example - 8

61 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977    Ack=1144453811 Seq=1012006
 Len=0 Win=2880

    0: 0000 ef03 efb0 00a0 2435 5343 0800 4500    ........$5SC..E.

   16: 0028 6f0a 0000 3c06 f2bf 80c2 8547 cfc8    .(o...<......G..

   32: 4734 07b9 0050 000f 7126 4436 fab3 5010    G4...P..q&D6ú.P.

   48: 0b40 cf65 0000 0204 05a0 0000              .@.e........
         Security & Firewalls

Good News: WIth IP you can get to anywhere
Bad News: With IP, anywhere can get to you

• What is Network Security?

• How do Firewalls (etc.) help?
       Defining Network Security

Security is prevention of unwanted information
  transfer
• What are the components?
   –   ...Physical Security
   –   …Operational Security
   –   …Human Factors
   –   …Protocols
          Areas for Protection

•   Privacy
•   Data Integrity
•   Authentication/Access Control
•   Denial of Service
   Regulations and Standards

• Computer Crime Laws
• Encryption
• Government as “Big Brother”
                 Security

Threat, Value and Cost Tradeoffs

• Identify the Threats
• Set a Value on Information
• Add up the Costs (to secure)

             Cost < Value * Threat
                  Threats

•   Hackers/Crackers (“Joyriders”)
•   Criminals (Thieves)
•   Rogue Programs (Viruses, Worms)
•   Internal Personnel
•   System Failures
               Network Threats

•   IP Address spoofing attacks
•   TCP SYN Flood attacks
•   Random port scanning of internal systems
•   Snooping of network traffic
•    SMTP Buffer overrun attacks
      Network Threats (cont.)
• SMTP backdoor command attacks
• Information leakage attacks via finger, echo,
  ping, and traceroute commands
• Attacks via download of Java and ActiveX
  scripts
• TCP Session Hijacking
• TCP Sequence Number Prediction Attacks
                   Security Tools

Threat, Value and Cost Tradeoffs



•   Operations Security
•   Host Security
•   Firewalls
•   Cryptography: Encryption/Authentication
•   Monitoring/Audit Trails
               Host Security

•   Security versus Performance & Functionality
•   Unix, Windows NT, MVS, etc
•   PCs
•   “Security Through Obscurity” L
        Host Security (cont)

• Programs
• Configuration
• Regression Testing
          Network Security

• Traffic Control
• Not a replacement for Host-based
  mechanisms
• Firewalls and Monitoring, Encryption
• Choke Points & Performance
                     Access Control
• Host-based:
   –   Passwords, etc.
   –   Directory Rights
   –   Access Control Lists
   –   Superusers L
• Network-based:
   –   Address Based
   –   Filters
   –   Encryption
   –   Path Selection
  Network Security and Privacy

• Protecting data from being read by unauthorized persons.

• Preventing unauthorized persons from inserting and deleting
  messages.

• Verifying the sender of each message.

• Allowing electronic signatures on documents.
                   Firewalls
•   Prevent against attacks
•   Access Control
•   Authentication
•   Logging
•   Notifications
            Types of Firewalls
• Packet Filters                 Application
   – Network Layer
                                 Presentation
• Stateful Packet Filters          Session
   – Network Level
                                  Transport
• Circuit-Level Gateways           Network
   – Session Level
                                  Data Link
• Application Gateways             Physical
   – Application Level
             Packet Level

• Sometimes part of router
                               ROTW
• TAMU “Drawbridge”


                  Drawbridge   Router


 Campus
              Circuit Level

• Dedicated Host
• Socket Interfaces
  Local               FW

                              ROTW
            Application Level

  • Needs a dedicated host
  • Special Software most everywhere


                  Firewall
telnet
                                       ROTW
Firewall Installation Issues

                FTP   DNS    Web   Mail




INTERNET                Router
     Firewall Installation Issues
•   DNS Problems
•   Web Server
•   FTP Server
•   Mail Server
•   Mobile Users
•   Performance
       Address Transparency
• Need to make some addresses visible to
  external hosts.
• Firewall lets external hosts connect as if
  firewall was not there.
• Firewall still performs authentication
           Network Address Translation

               128.194.103.0




                                          10.0.0.0
 Gateway




Internet                       Firewall
        Network Address Translation
Host B: External Host           Gateway Host      Host A: Internal Host


                                  gw control
            ftpd                                          ftp
                                   proxy ftp
            TCP                                          TCP
             IP                     TCP
                                                          IP
         Data Link                   IP
                                                       Data Link
         Hardware                 Data Link
                                                      Hardware
                                  Hardware



           A GW      Datagram                  A B Datagram
           IP Packet Handling
•   Disables IP Packet Forwarding
•   Cannot function as a insecure router
•   eg. ping packets will not be passed
•   Fail Safe rather than Fail Open
•   Only access is through proxies
                      DNS Proxy Security


                              INTERNET


                                                      External DNS Server


                     DNSd
                                      Eagle Gateway
                                      eagle.xyz.com




finance.xyz.com   sales.xyz.com   marketing.xyz.com
                       Virtual Private Tunnels




Encapsulate    Hello                   INTERNET                 Hello   Decapsulate


Authenticate   Hello                                            Hello   Authenticate


Encrypt        Hello        !@@%*       !@@%*        !@@%*      Hello   Decrypt


                        Creates a “ Virtual Private Network “
         VPN Secure Tunnels
• Two types of Tunnels supported
   – SwIPe and IPsec tunnels
• Encryption
   – DES, triple DES and RC2
• Secret key used for used for authenticatio
  and encryption
• Trusted hosts are allowed to use the tunnel
  on both ends
            Designing DMZ‟s

               DMZ                INTERNET




                     Web      Screening
                               Router
                     FTP



Company              Mail
 Intranet
              Firewall Design Project
                                                       San Jose
                                                                     File Server
INTERNET
                             Mail Server



                                           Wide Area Router
                                                Dallas


   Internet   Raptor Eagle
    Router
                                                                  Raptor Remote
                                                                  Hawk Console
                Monitoring

• Many tools exist for capturing network traffic.
• Other tools can analyze captured traffic for
  “bad” things.
• Few tools are real-time.
                Summary

• Security must be comprehensive to be
  effective.
• Remember threat, value, cost when
  implementing a system.
• Security is achievable, but never 100%.
• Make your system fault tolerant.
            Routing Protocols

• Network Layer maintains two kinds of
  information
   – Routing Tables (Where to send packets)
   – Route Propagation Data (how to participate in routing
     protocols)
• Which protocol(s) to use?
   – May use more than one in the same router
• Considerations
   – What your neighbors are doing
   – Network Size
   – Organizations Involved
            “Internetworking”

• Bridges
   – Transparent bridges
   – Source Routing - Transparent Bridges


• Routers (Network Layer)
                                                3

• Brouters                                  2       2
                             2
                                            1       1
                         1       1
     Network Layer Functions

• Key Layer in Internet Architecture
• End-to-end Packets
• Adapt to lower layers



                        3
                    2       2
                    1        1
                    Network Layer
• Design Goals
   – „Independent‟ of layer 1 & 2 implementations
   – Hide layer 1 & 2 details from upper layers
• Architecture
   – Connection oriented
   – Connectionless
   – (where should reliability be done?)
• Services
   – Routing (Path selection)
   – Adaptation to different lower layers
              Routing Algorithms
• Goals
  –   Optimality
  –   Fairness
  –   Stablility
  –   Robustness
  –   Correctness
  –   Simplicity
• Adaptive vs Static
• Congestion Control
             Adaptive Routing

• Centralized

• Isolated

• Distributed
                 Distributed Routing
• Metric - Vector Algorithms
   –   sometimes called shortest path
   –   Bellman-Ford most famous
   –   Knowledge of immediate neighbors
   –   Result is “first step” in path to ultimate destination
• Link State Algorithms
   – OSPF {Open Shortest Path First}
   – Knowledge of network layer map (connectivity)
                 IP Routing

•   Making Decisions
•   Gathering Information
•   ICMP
•   CIDR
            Routing Protocols

“How visibile is the network structure?”
• Interior (Intradomain) Protocols
   – RIP -- a distance-vector algorithm
   – OSPF -- link state
   – Differences
• Exterior (Interdomain) Protocols
   – Requirement:s (policy as well as path)
   – Evolution: EGP -> BGP -> BGP4
       » TREE --> MESH
     Routers - Non-Directly Attached
                Networks
• If the destination network is not directly attached to the router, the router will forward
  the packet to another router in the forwarding path of the destination network.
• Router-to-router communication is directly MAC addressed.

• Will all routers in the path perform the same decisions as the previous router?

• The last router in the path to the destination will forward the packet directly to the
  destination.

• Important to note that the data link MAC headers will constantly change while the
  packet is being forwarded.
   – Very little information in the network header will change.
      » The network layer header in the packet will contain the originator‟s full address
        and final destination address of the packet.
      » The full address of a network station is the combination of the network ID and
        its MAC address.
           • This uniquely identifies any station on the internet.
             Multiprotocol Routers
• LANs currently operate with many different types of protocols.
   – Apple Computers can use AppleTalk.
   – UNIX workstations use TCP/IP.
   – Client/Server applications could use Novell NetWare.

• To require one router for each protocol on the LAN is not efficient.

• Multiprotocol routers were invented to handle this.
   – Arrived around 1986.
   – Routes not only based on the network IDs but are able to pass the
     packet to the correct protocol processor by examining the Type of
     packet.
   Multiprotocol Routers - A Block
              Diagram
                    Bridge                             Router
                  Forward on
                  MAC address                      Route on
                                                  network IDs




                                  Combine both
                                    into one
                                      box
                                Can packet be routed
Incoming packet                 based on protocol type?         Bridged or routed packet


                                Bridge packet if not
Routing Diagram

                                                        Network 4
                                                    G
                                         Router X
          H
                                                    F

                          E                             Network 3
                  Router Y

                         D



                                                        Network 2

                                C
  MAC addresses               Router Z

                                B


                                                        Network 1
          A
       Routing Information Protocol
                   (RIP)
• Known as a routing table update protocol

• Developed by Xerox and gained widespread acceptance by the proliferation
  of TCP/IP‟s implementation of it in UNIX.

• Other protocols (AppleTalk, NetWare) adopted RIP as their standard routing
  update protocol.

• Known as a distance vector protocol.
   – Vector is an adjacent router and the distance is how far away (hops) the
      network is.
   – One hop is considered one router traversed.

• Devised for relatively stable, small-to-medium size networks (less than 16
  routers in diameter) .
          Calculating the Cost
                                                                                     Network 4
                                                    Internal routing
                                                         table         Network            Hops
                                                                         3                  1
                                      Router C
                                                                         4                  1
                                                                         2                  2
                                                                         1                  3

                                                                                     Network 3

                   Router B           Transmitted           Network          Hops
                                        routing               2                1
                                         table
                                                               3                 1
                                                               1                 2


                                                                                     Network 2
                  Transmitted
                    routing
Network    Hops      table
  1          1
  2         1                   Router A

  3         2




                                                                                     Network 1
Border Gateway Protocol (BGP)

• Autonomous Systems
   – stub, multi-homed, transit
• Path Advertisement instead of Reachability
• Route Aggregation!!!
           Upcoming Issues

• IPv6

• Quality of Service

• Internet 2 / vBNS / NGI
                         IP v 6

• Solution for:
   – running out of addresses (128 vs 32 bits)
   – security support
   – mobile systems
• Transition Planning
   – Incremental -- No “flag” day
   – Experiments under way
   – Dual stacks; smart routers
              Quality of Service

•   QoS: A delivery contract
•   Kinds of traffic desciptors
•   Why bother?
•   How is it done?
     – Using ATM vs using IP
                             RSVP
• Resource Reservation Protocol
• Provides QoS (Quality of Service) guarantees
• Operates in simplex
    each direction has separate reservation
    maps well to ATM (two individual VCCs)
• Built on IP, but no data transport built-in
• Only if resources available and does not conflict with policy
• Flowspec (bandwidth and delay) and filterspec (type of
  packets) transmitted downstream
    hop by hop
         The “Next” Internet

• www.internet2.edu
• Exploiting higher speeds
• Application centric
              Other Issues

• Standards -- IENs, RFCs

• The “Information Superhighway” ?

• TCP/IP and International Standards

• Telephone Companies

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:37
posted:11/22/2011
language:English
pages:153