Transcript BOOTP Packet Format - Texas Tech University

Originally (1/7/01) by:
Usha Viswanathan
Modified (1/17/03) by:
John R. Durrett
1
Presentation Overview
–
–
–
–
–
–
–
–
TCP/IP ideas and origins
Conceptual Model: OSI and TCP/IP
TCP/IP protocol architecture
IP addressing
IP Routing
TCP
Applications
IPv6
2
TCP/IP
The “lingua franca” of the Internet.
3
ISO’s Open Systems Interconnect (OSI)
Reference Model
–
Protocol Layering
• Series of small modules
 Well defined interfaces, hidden inner processes
Δ Process modules can be replaced

Lower layers provide services to higher layers
–
Protocol Stack: modules taken together
–
Each layer communicates with its pair on the other machine
4
The OSI Model
Sender
Receiver
Application
Application
The path messages take
Presentation
Presentation
Session
Session
Transport
Transport
Network
Network
Datalink
Datalink
Across Network
Physical
Physical
5
OSI Layers
Communication partners, QoS identified
Semantics , encryption compression (gateways)
Application
Presentation
Establishes, manages, terminates sessions
Session
Sequencing, flow/error control, name/address
resolution
Routing, network addresses (routers)
Transport
Network
MAC address, low level error control (bridges )
Datalink
Encoding/decoding digital bits, interface card
Physical
6
TCP/IP
Application
Application
Transport
Layer
Transport
Layer
Transport
Layer
Network
Layer
Network
Layer
Network
Layer
Network
Layer
Network
Layer
Network
Layer
Alice
Router
Bob
7
TCP/IP: The Protocols and the OSI Model
Application
Presentation
Session
Transport
TELNET
FTP
SMTP
DNS
SNMP
DHCP
RIP
RTP
RTCP
Transmission
Control Protocol
User Datagram
Protocol
OSPF
ICMP
IGMP
Internet Protocol
Network
ARP
Datalink
Physical
Ethernet
Token Bus
Token Ring
FDDI
8
Data Encapsulation by Layer
Data
Application
TCP Header
Datagram
TCP
Network
Packet
Data Link
Frame
Destination
Opens envelopes layer-by-layer
9
Transmission Control Protocol (TCP)
–
–
–
–
–
–
Traditional TCP/IP Security: None
• No authenticity, confidentiality, or integrity
• Future: IPSec
Workhorse of the internet
• FTP, telnet, ssh, email, http, etc.
The protocol responsible for the reliable transmission and reception
of data.
Unreliable service is provided by UDP.
Transport layer protocol.
Can run multiple applications using the same transport.
• Multiplex through port numbers
10
TCP Fields
Source port
Destination port
Sequence number
Acknowledgment number
Data offset Reserved
U A P R S F
R C S S Y I
P K H T N N
Window
Checksum
Urgent pointer
Options
Padding
data
11
TCP Connection Establishment
–
Alice to Bob: SYN with Initial Sequence Number-a
–
Bob to Alice: ACK ISN-a with ISN-b
–
Alice to Bob: ISN-b
–
Connection Established
12
User Datagram Protocol (UDP)
–
–
Connectionless
Does not retransmit lost packets
Does not order packets
Inherently unreliable
–
Mainly tasks where speed is essential
–
Streaming audio and video
DNS
–
–
–
Source Port
Destination Port
Message Length
Checksum
Data
…
13
ICMP: network plumber
Message Type
Type #
Purpose
Echo Reply
0
Ping response –system is alive
Destination Unreachable
3
No route, protocol, or port closed
Source Quench
4
Slow down transmission
Redirect
5
Reroute traffic
Echo
8
Ping
Time Exceeded
11
TTL exceeded packet dropped
Parameter Problem
12
Bad header
Timestamp
13
Time sent and requested
Timestamp return
14
Time request reply
Information request
15
Hosts asks: What network am I on
Information Reply
16
Information Response
14
Ports
“Ports are used in the TCP [RFC793] to name the ends of logical connections which carry
long term conversations. For the purpose of providing services to unknown callers, a service
contact port is defined. This list specifies the port used by the server process as its contact
port. The contact port is sometimes called the "well-known port".
PORT
USE
17
Quote of the Day
20
File Transfer Data
21
File Transfer Control
•Priviledged – unprivileged ports
22
SSH
•Netstat –na
23
Telnet
25
SMTP
43
Whois (tcp & udp)
666
Doom
•Source port
•Destination port
•Logical connection
15
IP Address
–
uniquely identifies a computer on a network
–
32 bits, 4 bytes of 8 bits each:
xxxxxxxx.xxxxxxxx.xxxxxxxx.xxxxxxxx
dotted quad notation system
Example 198.113.201.23
There are five classes of addresses: A - E.
–
–
–
16
Identifying a Class
Address
Identifier
Class A
0
Network Address
0-126
Host Address
16,277,214 hosts per network ID
7 bits of network address
First byte
65,354 hosts
Class B 128-191
14 bits of network address
10
First two bytes
Class C 192-223
254 hosts
21 bits of network address
110
First three bytes
24 bits of host address
Last three bytes
16 bits of host address
Last two bytes
8 bits of host address
Last byte
Class D 224-239
1110
Multicast address in the range of 224.0.0.0 - 239.255.255.255
Class E 240-255
11110
Class E - Reserved for future use
17
Subnetting
Customer Site
130.1.0.0
Internet
–
–
130.1.1.0
130.1.2.0
130.1.3.0
.......
130.1.255.0
Each address consists of two components:
Network address and Host address
Determined by Netmask
10.21.41.3 = 00001010 00010101 00101001 00000011
– 255.255.0.0 = 11111111 11111111 00000000 00000000
–
–
Network address is IP XORed with netmask
18
Masks and Prefixes
–
The addresses 210.10.40.0/24 and 210.10.40.0/255.255.255.0 mean
the exact same thing.
IP Network Address
Prefix
Subnet Mask
128.1.0.0
/16
255.255.0.0
190.1.8.0
/21
255.255.248.0
207.16.16.128
/25
255.255.255.128
19
IP Addressing
Customer can split the network into
multiple subnets, each with an entry in
the local router table.
One entry in the
Global Routing Tables
Internet
150.1.0.0
Router
150.1.4.0
150.1.10.0
150.1.12.0
150.1.1.0
150.1.5.0
150.1.9.0
150.1.11.0
150.1.2.0 150.1.17.0
150.1.6.0
150.1.15.0
150.1.3.0
150.1.16.0
150.1.14.0
150.1.7.0
1501.13.0 150.1.8.0
Autonomous System
(Typical Customer Network)
20
Address Allocation (The Internet Registry)
IANA
InterNIC
America
RIPE
Europe
APNIC
Asia
National
Regional
Consumer
21
Domain Name Service (DNS)
TELNET
Sun_server
(1) Name Query “Sun_Server”
(2) Query Response “198.1.1.1”
(3) Connection
11000
1
198.1.1.1
198.1.1.2
DNS Resolver
–
–
Name Server
101010
Database containing
the mapping for
Sun_Server 198.1.1.1
Provides a naming service for TCP/IP.
• Provides many functions related to IP addresses and names
Three components
• A name server, a name resolver, and a database
22
DNS Structure
–
–
–
–
–
Hierarchical in structure.
Each level provides further definition.
Each branch is called a level (63 characters in length).
Internet Registry provides uniqueness in names.
A single domain is assigned and may be further defined by the local
site.
23
Domain Structure
Root Server
com
.firm
edu
.arts
com
.nom
gov
.rec
mil
.info
net
.web
.store
The extra top-level domains (TLDs) that are shown as the bottom set
of boxes are proposed, they are shown here as examples,
and as of this writing have not been adopted.
24
Network Address Translation (NAT)
–
–
–
–
Illegal Addresses
Unroutable addresses: 10.0.0.0 192.168.0.0
Limited address space in IP V4
NAT maps bad to valid addresses
• Mapping to single external address
• One-to-One mapping
• Dynamically allocated addresses
12.13.4.5
10.0.0.5
Router
25
Name Servers
Query “labhost.bnr.ca.us”
Root server
Referral to us server
Query “labhost.bnr.ca.us”
Query
“labhost.bnr.ca.us”
Name Server
IP address of
“labhost.bnr.ca.us”
.us server
Referral to ca.us server
Query “labhost.bnr.ca.us”
.ca.us server
Referral to bnr.ca.us server
Query “labhost.bnr.ca.us”
bnr.ca.us server
IP address of “labhost.bnr.ca.us”
26
Logical Structure of the
Internet Protocol Suite
HTTP
TELNET
FTP
TFTP
DNS
SNMP
User Datagram
Protocol
Transmission
Control Protocol
Connectionless
Connection Oriented
IP
(ICMP,IGMP)
Internet Addressing
ARP
RARP
Physical Layer
27
Address Resolution Protocol (ARP)
Maps IP addresses to MAC addresses
When host initializes on local network:
– ARP broadcast : IP and MAC address
– If duplicate IP address, TCP/IP fails to initialize
Address Resolution Process on Local Network
– Is IP address on local network?
– ARP cache
– ARP request
– ARP reply
– ARP cache update on both machines
28
ARP Operation
Give me the MAC address of station 129.1.1.4
Here is my
MAC address
ARP
Request
129.1.1.1
ARP Response
Accepted
B
Not
me
Request
Ignored
C
Not
me
Request
Ignored
129.1.1.4
That’s
me
29
Address Resolution on Remote Network
–
IP address determined to be remote
– ARP resolves the address of each router on the way
– Router uses ARP to forward packet
Router
Network A
Network B
30
Reverse Address Resolution Protocol
(RARP)
Give me my IP address
RARP
Response
129.1.1.1
Not
me
Not
me
RARP
Request
Diskless
Workstation
B
RARP Response
Accepted
Request
Ignored
C
RARP
Server
Request
Ignored
 Same packet type used as ARP
 Only works on local subnets
 Used for diskless workstations
31
The Internet Protocol (IP)
–
–
IP’s main function is to provide for the
interconnection of subnetworks to form an
internet in order to pass data.
The functions provided by IP are:
• Addressing
• Routing
• Fragmentation of datagrams
32
Host Name Resolution
Standard Resolution
–
–
–
Checks local name
Local HOSTS file
DNS server
Windows NT Specific Resolution
–
–
–
–
NetBIOS cache
WINS server
b-node broadcasts
LMHOSTS file (NetBIOS name)
33
Routing Packets
–
Process of moving a packet from one network to another toward its
destination
–
RIP, OSPF, BGP
–
Dynamic routing
–
Static routing
–
Source routing
34
IP Routing
–
–
–
–
–
–
IP routing is the process by which packets are routed and delivered
between networks
Local vs remote networks
Router vs default gateway
Static vs dynamic routing
Two types: direct and indirect.
Two types of protocols IGP and EGP.
• IGP provides for routing within a single AS
• EGP provides for routing between ASs
35
Direct and Indirect Routing
Direct Routing
Direct
Routing
Station B
140.1.2.1
Station A
140.1.1.1
Station C
140.1.3.1
Indirect Routing
Station D 140.2.1.1
–
Network numbers must match for direct routing.
–
Different network numbers for indirect routing.
–
Remote nodes may use a combination of both direct and indirect
routing.
36
Hubs & Switches
–
Hub:
• broadcasts information received on one interface to all other
physical interfaces
–
Switch:
• does not broadcast
• Uses MAC address to determine correct interface
37
Firewalls
–
Control the flow of traffic between networks
–
Internal, External, Server, Client Firewalls
–
Traditional Packet filters
Stateful Packet filters
Proxy-based Firewalls
–
–
38
Traditional Packet Filters
–
–
–
Analyses each packet to determine drop or pass
SourceIP, DestinationIP, SrcPort, DestPort, Codebits, Protocol, Interface
Very limited view of traffic
Action
Source
Destination Protocol
SrcPort
Dest Port Codebits
Allow
Inside
Outside
TCP
Any
80
Any
Allow
Outside
Inside
TCP
80
>1023
ACK
Deny
All
All
All
All
All
All
39
Stateful Packet Filters
–
Adds memory of previous packets to traditional packet filters
–
When packet part of initial connection (SYN) it is remembered
Other packets analyzed according to previous connections
–
40
Proxy-based (Application) Firewalls
–
Focus on application to application
–
Can approve:
• By user
• By application
• By source or destination
–
Mom calls, wife answers, etc.
41
IP Address Allocation
–
–
–
Automatic Allocation: permanently assigns an IP address to a
station.
Dynamic Allocation: assigns an IP address to a requesting station
for specified amount of time.
Manual Allocation: preconfigure the server to give the requesting
station the same IP address every time it requests it.
46
Security
–
Encryption: Symmetric vs Asymmetric, hash codes
–
Application Layer
• PGP, GnuPG, S/MIME, SSH
–
Session Layer: Secure Socket Layer (SSL)
• Digital certificates to authenticate systems and distribute
encryption keys
• Transport Layer Security (TLS)
–
Network-IP Layer Security (IPSec)
• AH: digital signatures
• ESP: confidentiality, authentication of data source, integrity
47
IPSec Authentication Header (AH)
Next Header
Payload Length
Reserved
Security Parameters Index (SPI)
Sequence Number Field
Authentication Data
(variable number of 32 bit Words)
48
IPSec: Encapsulating Security Payload (ESP)
Security Parameters Index (SPI)
Sequence Number Field
Opaque Data, variable Length
Padding
Pad Length
Next Header
Authentication Data
49
Introduction to the TCP/IP
Standard Applications
–
–
–
–
–
–
DHCP–Provides for management
of IP parameters.
TELNET–Provides remote terminal emulation.
FTP–Provides a file transfer protocol.
TFTP–Provides for a simple file transfer
protocol.
SMTP–Provides a mail service.
DNS–Provides for a name service.
50
DHCP Operation
DHCP
Server
B
DHCP
Server
A
DHCP Client
DHCP Discover
FFFFFF
DHCP A Offer (IP addr)
DHCP B Offer (IP addr)
DHCP Request (A)
DHCP A ACK
51
TELNET
TELNET
server
Host
TELNET
server
TELNET
client
52
File Transfer Protocol (FTP)
Host
Storage
Client
(TFTP – uses UDP)
53
Simple Mail Transfer Protocol (SMTP)
–Today
known as Electronic Mail, or email.
–RFCs 821, 822, 974.
–Email still cannot transport packages and other items.
–Email is very fast and guarantees delivery.
–Three protocols are used for today’s email.
• SMTP–operates over TCP
• POP–operates over TCP
• DNS–operates over UDP
–SMTP allows for the sending/receiving of email.
–POP allows us to intermittently retrieve email.
–DNS makes it simple.
54
Post Office Protocol (POP)
–
–
–
–
SMTP is set up to send and receive mail by hosts that are up full
time.
• No rules for those hosts that are intermittent on the LAN
POP emulates you as a host on the network.
• It receives SMTP mail for you to retrieve later
POP accounts are set up for you by an ISP or your company.
POP retrieves your mail and downloads it to your personal computer
when you sign on to your POP account.
55
POP Operation
POP
Server
POP Client
TCP port 110 connection
attempt
Send authentication
Retrieve all messages
Send QUIT command
Session closed
Read messages locally
“POP3 server ready” reply
Wait for authentication
Process authentication and if
okay, enter transaction state
Lock mailbox for user.
Assign messages numbers
Send messages
Delete (possibly) messages
Quit received
Perform update on mailbox
56
SMTP, DNS, and POP Topology
Your
PC
Your ISP
Retrieve mail
Send mail
POP Server
mnaugle
user1
user2
DNS
SMTP
POP3/SMTP
root DNS
Internet
Remote ISP
DNS
send mail
Joe’s PC
SMTP
joe
Retrieve mail
POP Server
57
IPv6
–
–
IPv6 features:
•
128 bit address space
•
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
•
ARP not used, “Neighbor Discovery Protocol"
IPv6 addressing:
•
Unicast: A one-to-one IP transfer
•
Multicast: A one-to-many-but-not-all transfer
•
Anycast: A one-to-many-but-not-all (nearest in group)
•
No broadcast
58
References
–
–
RFCs:
1180 - A TCP/IP tutorial, 1812 - IP Version 4 Routers
1122 - Requirements for Internet Hosts -- Communication Layers
1123 –Requirements for Internet Hosts -- Application & Support
826 – Address Resolution Protocol, 791 – IP addressing,
950 – Subnetting, 1700 – Assigned Numbers
TCP/IP 24/7 (ISBN: 0782125093)
–
MCSE TCP/IP for Dummies : Cameron Brandon
–
Illustrated TCP/IP : Matthew Naugle
59