Networking Basics

Appendix

1

Network

Includes
o Computers o Servers o Routers

o Wireless devices
o Etc.

Purpose is to transmit data

Appendix

2

Network Edge
Network edge includes  Hosts

o o o o o

Computers Laptops Servers Cell phones Etc., etc.

Appendix

3

Network Core  Network core consists of o Interconnected mesh of routers  Purpose is to move data from host to host Appendix 4 .

a dedicated circuit is established o Dedicated bandwidth  Data is chopped up into discrete packets Packets are transmitted independently No real circuit is established More efficient bandwidth usage But more complex than circuit switched Appendix 5 .Packet Switched Network  Usual telephone network is circuit switched Modern data networks are packet switched o o o o o o For each call.

Network Protocols Study of networking focused on protocols  Networking protocols precisely specify the communication rules  Details are given in RFCs  Stateless protocols don’t remember  Stateful protocols do remember  Many security problems related to state  DoS easier against stateful protocols  Appendix 6 o RFC is effectively an Internet standard .

routing protocols o Ethernet. o TCP. SMTP. etc.Protocol Stack     Application layer protocols Transport layer protocols o HTTP. PPP  Physical layer NIC card Appendix 7 . FTP. UDP application transport network link physical user space OS Network layer protocols Link layer protocols o IP.

data goes down the protocol stack Each router processes packet up to network layer Router then passes packet down the protocol stack Destination processes up to application layer o That’s where the data lives Appendix o That’s where routing info lives 8 .Layering in Action data application router network link physical application transport network data transport network link physical link physical host     host At source.

X))))  network link  Header has info required by layer Note that app header is on the inside physical packet (H. each layer adds header information: o Application layer: (H. X))) o Link layer: (H.Encapsulation   data X X = application data at the source As X goes down protocol stack.(H. (H.(H. (H.X)))) Appendix 9 . (H. (H. (H. (H. X) application transport o Transport layer: (H. X)) o Network layer: (H.(H.

etc. o Run on hosts o Hosts want network to be transparent o HTTP. etc. etc.. email. SMTP.Application Layer  Applications   Application layer protocols o Web browsing. P2P. Gnutella. Protocol is one part of an application o For example. HTTP only part of Web browsing Appendix 10 . IMAP.

Client-Server Model  Client “speaks first”  Server tries to respond to request  Hosts are clients and/or servers  Example: Web browsing o You are the client (request web page) o Web server is the server Appendix 11 .

when sharing music  o You are client when requesting a file o You are a server when someone downloads a file In P2P model.Peer-to-Peer (P2P) Model Hosts act as clients and servers  For example. more difficult for client to find a server  Many different P2P models  from you Appendix 12 .

HTTP Example HTTP request HTTP response HTTP --.HyperText Transfer Protocol  Client (you) request a web page  Server responds to your request  Appendix 13 .

cookie sent from server to browser Browser manages cookie.cookies used to add state Initially.initial session cookie Web Cookies Cookie database cookie any later session     HTTP is stateless --. sends it to server Server looks in cookie database to “remember” you 14 Appendix .

Web Cookies  Web  Privacy o Shopping carts o Recommendations. o A weak form of authentication o Web site can learn a lot about you o Multiple web sites could learn even more cookies can be used for concerns Appendix 15 . etc.

SMTP commands are human readable  Sender Recipient SMTP SMTP POP3 Appendix 16 . IMAP or HTTP (Web mail) to get messages from server  As with many application protocols.SMTP SMTP used to send email from sender to recipient’s mail server  Then use POP3.

gov> 250 arnold@ca.sjsu. end with ".edu .edu 25 220 eniac.gov 250 Hello ca. pleased to meet you MAIL FROM: <arnold@ca.." on a line by itself It is my pleasure to inform you that you are terminated ..edu closing connection Appendix 17 .sjsu.gov..gov.edu HELO ca.sjsu.sjsu. 250 Message accepted for delivery QUIT 221 eniac. Sender ok RCPT TO: <stamp@cs.Spoofed email with SMTP User types the red lines: > telnet eniac.cs..sjsu.edu> 250 stamp@cs. Recipient ok DATA 354 Enter mail.

Domain Name Service o Convert human-friendly names such as www.com into 32-bit IP address o A distributed hierarchical database  Only 13 “root” DNS servers worldwide o A single point of failure for Internet o Attacks on root servers have succeeded o Attacks have not lasted long enough (yet…) Appendix 18 .google.Application Layer  DNS --.

Transport Layer The network layer offers unreliable. not routers o TCP  better service. minimal overhead Appendix 19 . more overhead o UDP  minimal service. “best effort” delivery of packets  Any improved service must be provided by the hosts  Transport layer has two protocols   TCP and UDP run on hosts.

TCP  TCP assures that packets   TCP also provides o Arrive at destination o Are processed in order o Are not sent too fast for receiver (flow control) o Network-wide congestion control o TCP contacts server before sending data o Orderly setup and take down of “connection” o But no true connection. only a logical connection TCP is “connection-oriented” Appendix 20 .

etc.TCP Header Source and destination port  Sequence number  Flags (ACK.)  20 bytes (if no options)  Appendix 21 . RST. SYN.

TCP Three Way Handshake SYN request SYN-ACK ACK (and data) SYN: synchronization requested  SYN-ACK: acknowledge SYN request  ACK: acknowledge msg 2 and send data  Then TCP “connection” established  Appendix o Connection terminated by FIN or RST packet 22 .

server must remember “half-open” connection  o Remembering consumes resources o Too many half-open connections and server resources will be exhausted o Then server can’t respond to new connections Appendix 23 .Denial of Service Attack The TCP 3-way handshake makes denial of service (DoS) attacks possible  Whenever SYN packet is received.

“no frills” service Why does UDP exist? o No assurance that packets arrive o No assurance packets are in order. etc. o More efficient (smaller header) o No flow control to slow down sender o No congestion control to slow down sender   Packets sent too fast..UDP  UDP is minimalist. etc. they will be dropped o Either at intermediate router or at destination o But in some apps this is OK (audio/video) Appendix 24 .

etc. BGP. OSPF.Network Layer     Core of network/Internet Purpose of network layer o Interconnected mesh of routers o Route packets through this mesh Network layer protocol is IP IP runs in every host and every router  Routers also run routing protocols o Follows a “best effort” approach o Used to determine the path to send packets o Routing protocols: RIP. Appendix 25 .

IP Addresses IP address is 32 bits  Every host has an IP address  Not enough IP addresses!   IP addresses given in dotted decimal notation Host’s IP address can change o For example: 195.72.180.27 o Each number is between 0 and 255 o Lots of tricks to extend address space  Appendix 26 .

etc. send email at same time  IP address and port number define a socket o Socket uniquely identifies a process (HTTP port 80.Socket Each host has a 32 bit IP address  But many processes on one host   How to distinguish processes on a host?  Each process has a 16 bit port number o Port numbers < 1024 are “well-known” ports o You can browse web. POP3 port 110.) o Port numbers above 1024 are dynamic (as needed) Appendix 27 .

IP Header  IP header used by routers   Time to live (TTL) limits number of “hops” Fragmentation information (see next slide) 28 o Note source and destination IP addresses o So packets can’t circulate forever Appendix .

IP Fragmentation fragmented re-assembled Each link limits maximum size of packets  If packet is too big. router fragments it  Re-assembly occurs at destination  Appendix 29 .

for example Appendix 30 .IP Fragmentation One packet becomes multiple packets  Packets reassembled at destination   Fragmentation is a security issue! o o o o o Prevents multiple fragmentation/re-assemble Fragments may obscure real purpose of packet “Fragments” can overlap when re-assembled Must re-assemble packet to fully understand it Lots of work for firewalls.

IPv6 Current version of IP is IPv4  IPv6 is a new-and-improved version  IPv6 provides  o Longer addresses: 128 bits o Real security “built-in” (IPSec) But difficult to migrate from v4 to v6  So IPv6 has not taken hold yet  Appendix 31 .

Link Layer Link layer sends packet from one node to next  Each link can be different  o o o o Wired Wireless Ethernet Point-to-point… Appendix 32 .

11 card. etc.Link Layer  Implemented in adapter known as network interface card (NIC) o Ethernet card o Wireless 802.  NIC is (mostly) out of host’s control o Implements both link and physical layers Appendix 33 .

two packets can collide o o o o o On a local area network. or LAN  We won’t discuss details here Then data is corrupted Packets must be resent How to be efficient in distributed environment? Many possibilities. ethernet is most popular Appendix 34 .Ethernet Ethernet is a multiple access protocol  Many hosts access a shared media   In ethernet.

Link Layer Addressing IP addresses live at network layer  Link layer also requires addresses   MAC address Analogy o MAC address (LAN address. physical address) o 48 bits. globally unique o Used to forward packets over one link o IP address is like home address o MAC address is like social security number  Appendix 35 .

ARP  Used at link layer to find MAC address of given IP address  Each host has ARP table  o o o o Generated automatically Entries expire after some time (20 min) ARP used to find ARP table entries ARP table also known as ARP cache Appendix 36 .ARP Address resolution protocol.

111.111.111.111.111.001 AA-AA-AA-AA-AA-AA ARP cache Appendix ARP cache 37 .002 BB-BB-BB-BB-BB-BB 111.001 IP: 111.111.111.ARP ARP is stateless  ARP sends request and receives ARP reply  Replies used to fill ARP cache  IP: 111.111.002 LAN MAC: AA-AA-AA-AA-AA-AA MAC: BB-BB-BB-BB-BB-BB 111.

002 CC-CC-CC-CC-CC-CC ARP “reply” 111.111.111.001 AA-AA-AA-AA-AA-AA CC-CC-CC-CC-CC-CC ARP cache ARP cache  Host CC-CC-CC-CC-CC-CC is “man-in-the-middle” 38 Appendix .003 CC-CC-CC-CC-CC-CC ARP “reply” 111.001 CC-CC-CC-CC-CC-CC 111.111.111.002 CC-CC-CC-CC-CC-CC BB-BB-BB-BB-BB-BB 111.001 AA-AA-AA-AA-AA-AA LAN 111. even if no request sent!  111.111.111.111.111.ARP Cache Poisoning ARP is stateless  Accepts any reply.002 BB-BB-BB-BB-BB-BB 111.111.111.111.111.111.111.

Sign up to vote on this title
UsefulNot useful