BI GING MN: MNG MY TNH

Bin son: ThS. Trn B Nhim

GII THIU MN HC
Mc ch ca mn hc
Kin thc c bn v mng my tnh M hnh tham kho OSI M hnh TCP/IP

Thi lng: 5 bui hc

GII THIU MN HC
Ni dung mn hc
Chng 1: Tng quan v mng my tnh Chng 2: Cu trc ca mng Chng 3: Phng tin truyn dn v thit b mng Chng 4: Data link Chng 5: TCP/IP Chng 6: Khi nim c bn v bo mt mng Bi tp
3

CHNG 1:
TNG QUAN V MNG MY TNH Khi nim v mng my tnh ng dng ca mng my tnh Phn loi mng my tnh M hnh OSI

Khi nim v mng my tnh

Mt tp hp ca cc my tnh c lp c kt ni bng mt cu trc no . Hai my tnh c gi l kt ni nu chng c th trao i thng tin. Kt ni c th l dy ng, cp quang, sng ngn, sng hng ngoi, truyn v tinh

ng dng ca mng my tnh

Chia s thng tin Chia s phn cng v phn mm Qun l{ tp trung

Phn loi mng my tnh

Cch phn loi mng my tnh c s dng ph bin nht l da theo khong cch a l{ ca mng: Lan, Man, Wan. Theo k thut chuyn mch m mng p dng: mng chuyn mch knh, mng chuyn mch thng bo, mng chuyn mch gi. Theo cu trc mng: hnh sao, hnh trn, tuyn tnh Theo h iu hnh m mng s dng: Windows, Unix, Novell
7

LANs (Local Area Networks)

C gii hn v a l{ Tc truyn d liu cao T l li khi truyn thp Do mt t chc qun l{ S dng k thut Ethernet hoc Token Ring Cc thit b thng dng trong mng l Repeater, Brigde, Hub, Switch, Router.

802.3 Ethernet

802.5 Token Ring

LANs

MANs (Metropolitan Area Networks)

C kch thc vng a l{ ln hn LAN Do mt t chc qun l{ Thng dng cp ng trc hoc cp quang

10

WANs (Wide Area Networks)

L s kt ni nhiu LAN Khng c gii hn v a l{ Tc truyn d liu thp Do nhiu t chc qun l{ S dng cc k thut Modem, ISDN, DSL, Frame Relay, ATM

11

WANs (Wide Area Networks)

12

Mng khng dy (Wireless Networking)

Do t chc IEEE xy dng v c t chc Wi-fi Alliance a vo s dng trn ton th gii. C cc tiu chun: chun 802.11a, chun 802.11b, chun 802.11g (s dng ph bin th trng Vit Nam), chun 802.11n (mi c). Thit b cho mng khng dy gm 2 loi: card mng khng dy v b tip sng/im truy cp (Access Point - AP).
13

Mng khng dy

14

Internet
Mt h thng mng ca cc my tnh c kt ni vi nhau qua h thng vin thng trn phm vi ton th gii trao i thng tin.

15

M hnh OSI (Open Systems Interconnection)

L{ do hnh thnh: S gia tng mnh m v s lng v kch thc mng dn n hin tng bt tng thch gia cc mng. u im ca m hnh OSI: Gim phc tp Chun ha cc giao tip m bo lin kt hot ng n gin vic dy v hc

16

M hnh OSI

ng gi d liu trn mng

17

M hnh OSI

18

M hnh OSI

19

M hnh OSI
Truyn dn nh phn

Dy, u ni, in p Tc truyn d liu Phng tin truyn dn Ch truyn dn (simplex, half-duplex, full-duplex)
20

M hnh OSI

iu khin lin kt, truy xut ng truyn ng Frame Ghi a ch vt l iu khin lung Kim sot li, thng bo li
21

M hnh OSI

a ch mng v xc nh ng i tt nht Tin cy a ch lun l, topo mng nh tuyn (tm ng i) cho gi tin

22

M hnh OSI
Kt ni end-to-end Vn chuyn gia cc host Vn chuyn tin cy Thit lp, duy tr, kt ni cc mch o Pht hin li, phc hi thng tin v iu khin lung
23

M hnh OSI
Truyn thng lin host Thit lp, qun l v kt thc cc phin gia cc ng dng

24

M hnh OSI
Trnh by d liu nh dng d liu Cu trc d liu M ha Nn d liu

25

M hnh OSI

Cc qu trnh mng ca ng dng Xc nh giao din gia ngi s dng v mi trng OSI Cung cp cc dch v mng cho cc ng dng nh email, truyn file
26

M hnh OSI
Nhng lp ny ch tn ti trong my tnh ngun v my tnh ch

27

M hnh OSI

Nhng lp ny qun l thng tin di chuyn trong mng LAN hoc WAN gia my tnh ngun v my tnh ch

28

Dng d liu trn mng

29

CHNG 2: CU TRC MNG (TOPOLOGY)

Phng thc ni mng Cu trc vt l{ ca mng Giao thc truy cp ng truyn trn mng LAN

30

Phng thc ni mng

Point-to-point (im im): cc ng truyn ring bit c thit lp ni cc cp my tnh li vi nhau.

31

Phng thc ni mng

Broadcast (mt im - nhiu im): tt c cc trm phn chia chung mt ng truyn vt l{.

32

Cu trc vt l{ ca mng LAN

33

Dng ng thng (Bus Topology)

u im

D dng ci t v m rng Chi ph thp Mt my hng khng nh hng n cc my khc.

Kh qun tr v tm nguyn nhn li Gii hn chiu di cp v s lng my tnh Hiu nng gim khi c my tnh c thm vo Mt on cp backbone b t s nh hng n ton mng
34

Hn ch

Dng vng trn (Ring Topology)

u im
S pht trin ca h thng khng tc ng ng k n hiu nng Tt c cc my tnh c quyn truy cp nh nhau

Hn ch
Chi ph thc hin cao Phc tp Khi mt my c s c th c th nh hng n cc my tnh khc

35

Dng hnh sao (Star Topology)

u im
D dng b sung hay loi b bt my tnh D dng theo di v gii quyt s c C th ph hp vi nhiu loi cp khc nhau

Hn ch
Khi hub khng lm vic, ton mng cng s khng lm vic S dng nhiu cp

36

Giao thc truy cp ng truyn trn mng LAN

Hai loi giao thc: ngu nhin v c iu khin
Ngu nhin
Giao thc chuyn mch Giao thc ng dy a truy cp vi cm nhn va chm

C iu khin
Giao thc dng th bi vng (Token Ring) Giao thc dng th bi cho dng ng thng (Token Bus)
37

Giao thc truy cp ng truyn trn mng LAN

Giao thc chuyn mch (yu cu v chp nhn) Khi my tnh yu cu, n s c thm nhp vo ng cp nu mng khng bn, ngc li s b t chi.

38

Giao thc truy cp ng truyn trn mng LAN

Giao thc ng dy a truy cp vi cm nhn va chm (Carrier Sense Multiple Access/with Collision Detection)
Gi d liu ch c gi nu ng truyn rnh, ngc li mi trm phi i theo mt trong 3 phng thc: Ch i mt thi gian ngu nhin ri li bt u kim tra ng truyn Kim tra ng truyn lin tc cho n khi ng truyn rnh Kim tra ng truyn vi xc sut p (0<p<1)

39

Giao thc truy cp ng truyn trn mng LAN

Giao thc dng th bi vng (Token Ring)
Th bi l mt n v d liu c bit c mt bit biu din trng thi bn hoc rnh. Th bi chy vng quanh trong mng. Trm no nhn c th bi rnh th c th truyn d liu.

Giao thc dng th bi cho dng ng thng (Token bus)

To ra mt vng logic (vng o) v thc hin ging Token Ring.

40

CHNG 3: PHNG TIN TRUYN DN V CC THIT B LIN KT MNG Mi trng truyn dn Phng tin truyn dn Cc thit b lin kt mng

41

Mi trng truyn dn
L phng tin vt l{ cho php truyn ti tn hiu gia cc thit b. Hai loi phng tin truyn dn chnh:
Hu tuyn V tuyn

H thng s dng hai loi tn hiu:

Digital Analog

42

Cc c tnh ca phng tin truyn dn

Chi ph Yu cu ci t Bng thng (bandwidth). Bng tn (baseband, broadband) suy dn (attenuation). Nhiu in t (Electronmagnetic Interference - EMI) Nhiu xuyn knh (crosstalk)

43

Phng tin truyn dn

Cp ng trc Cp xon i Cp quang Wireless

44

Cp ng trc (coaxial)
Cu to Phn loi
Thinnet/Thicknet Baseband/ Broadband

Thng s k thut
Chiu di cp Tc truyn Nhiu Lp t/bo tr Gi thnh Kt ni

45

Cp xon i Unshielded Twisted Pair (UTP) Cable

46

Cp xon i Shielded Twisted Pair (STP) Cable

47

Chun cp 568A & 568B

Gii thiu

48

Phng thc bm Cp

Gii thiu

49

Cp quang (Fiber optic)

Thnh phn & cu to
Dy dn Ngun sng (LED, Laser) u pht hin (Photodiode, photo transistor)

Phn loi
Multimode stepped index Multimode graded index Single mode (mono mode)

Thng s k thut
Chiu di cp Tc truyn Nhiu Lp t/bo tr Gi thnh Kt ni

Lp ph

Li

Lp m
50

Cp quang (Fiber optic)

51

Thng s c bn ca cc loi cp

52

Wireless
Wireless? Cc k thut
Radio Microwave Infrared Lightwave

53

Radio
c im
Tn s Thit b: antenna, transceiver

Phn loi
Single-Frequency
Low power High power

Spread-Spectrum
Direct-sequence modulation Frequency-hopping
54

Microwave (sng cc ngn)

c im Phn loi
Terrestrial Microwave Satellite Microwave

Thng s

55

Infrared (Sng hng ngoi)

c im Phn loi
Point-to-point Infrared Broadcast Infrared

Thng s
56

Lightwave

57

Cc thit b lin kt mng

Card mng (Network Interface Card - NIC) Modem Repeater (B chuyn tip) Hub (B tp trung) Bridge (Cu ni) Switch (B chuyn mch) Router (B nh tuyn) Gateway (Cng ni)
58

Biu din ca cc thit b mng trong s mng

59

Card mng
Kt ni gia my tnh v cp mng pht hoc nhn d liu vi cc my tnh khc thng qua mng. Kim sot lung d liu gia my tnh v h thng cp. Mi NIC (Network Interface Adapter Card) c mt m duy nht gi l a ch MAC (Media Access Control). MAC address c 6 byte, 3 byte u l m s nh sn xut, 3 byte sau l s serial ca card.
60

Card mng

61

Modem
L tn vit tt ca hai t iu ch (MOdulation) v gii iu ch (DEModulation). iu ch tn hiu s (Digital) sang tn hiu tng t (Analog) gi theo ng in thoi v ngc li. C 2 loi l Internal v External.

62

Modem

63

Repeater (b chuyn tip)

Khuch i, phc hi cc tn hiu b suy thoi do tn tht nng lng trong khi truyn. Cho php m rng mng vt xa chiu di gii hn ca mt mi trng truyn. Ch c dng ni hai mng c cng giao thc truyn thng. Hot ng lp Physical.

64

Repeater (b chuyn tip)

65

Hub (b tp trung)
Chc nng nh Repeater nhng m rng hn vi nhiu u cm cc u cp mng. To ra im kt ni tp trung ni mng theo kiu hnh sao. Tn hiu c phn phi n tt c cc kt ni. C 3 loi Hub: th ng, ch ng, thng minh.

66

Hub (b tp trung)
Hub th ng (Passive Hub): ch m bo chc nng kt ni, khng x l{ li tn hiu. Hub ch ng (Active Hub): c kh nng khuch i tn hiu chng suy hao. Hub thng minh (Intelligent Hub): l Hub ch ng nhng c thm kh nng to ra cc gi tin thng bo hot ng ca mnh gip cho vic qun tr mng d dng hn.

67

Hub (b tp trung)

68

Bridge (cu ni)

Dng ni 2 mng c giao thc ging hoc khc nhau. Chia mng thnh nhiu phn on nhm gim lu lng trn mng. Hot ng lp Data Link vi 2 chc nng chnh l lc v chuyn vn. Da trn bng a ch MAC lu tr, Brigde kim tra cc gi tin v x l{ chng trc khi c quyt nh chuyn i hay khng.

69

Bridge (cu ni)

Bridge

Hub

Hub

70

Switch (b chuyn mch)

L thit b ging Bridge v Hub cng li nhng thng minh hn. C kh nng ch chuyn d liu n ng kt ni thc s cn d liu ny lm gim ng trn mng. Dng phn on mng trong cc mng cc b ln (VLAN). Hot ng lp Data Link.

71

Switch (b chuyn mch)

72

Switch (b chuyn mch)

73

Router (B nh tuyn)
Dng ghp ni cc mng cc b li vi nhau thnh mng rng. La chn ng i tt nht cho cc gi tin hng ra mng bn ngoi. Hot ng ch yu lp Network. C 2 phng thc nh tuyn chnh:
nh tuyn tnh: cu hnh cc ng c nh v ci t cc ng i ny vo bng nh tuyn. nh tuyn ng:
Vect khong cch: RIP, IGRP, EIGRP, BGP Trng thi ng lin kt: OSPF

74

Router (B nh tuyn)

75

Gateway (Proxy - cng ni)

Thng dng kt ni cc mng khng thun nht, ch yu l mng LAN vi mng ln bn ngoi ch khng dng kt ni LAN LAN. Kim sot lung d liu ra vo mng. Hot ng phc tp v chm hn Router. Hot ng t tng th 47
76

CHNG 4: DATA LINK

iu khin lung (dng) Pht hin li X l{ li

77

iu khin lung
L k thut nhm m bo rng bn pht khng lm trn d liu bn nhn Hai phng php c s dng:
Phng php dng v ch (Stop and Wait)
n gin nht, Km hiu qu, ch c mt khung tin c truyn ti mt thi im

Phng php ca s trt (Sliding Window Flow Control)

Hiu qu Cho php truyn nhiu khung tin cng mt lc trn knh truyn
78

Phng php dng v ch

Truyn mt gi tin v ch bo nhn
Bn pht truyn mt khung tin Sau khi nhn c khung tin, bn nhn gi li xc nhn Bn pht phi i n khi nhn c xc nhn th mi truyn khung tin tip theo

Khng hiu qu
Bn nhn c th dng qu trnh truyn bng cch khng gi khung tin xc nhn Ti mt thi im ch c mt khung tin trn ng truyn chm Trng hp rng ca knh truyn ln hn rng ca khung tin th n t ra cc kz km hiu qu.

79

Phng php ca s trt

Cho php nhiu khung tin c truyn ti mt thi im ->Truyn thng hiu qu hn. A v B c kt ni trc tip song cng (full-duplex). B c b m cho n khung tin -> B c th chp nhn n khung tin, A c th truyn n khung tin m khng cn i xc nhn t bn B Mi khung tin c gn nhn bi mt s th t. B xc nhn khung tin c nhn bng cch gi xc nhn cng vi s th t ca khung tin tip theo m n mong mun nhn

80

Phng php ca s trt

A duy tr danh sch cc s th t c

php gi

B duy tr danh sch s th t chun b

nhn
- Gi l ca s ca cc khung tin

- iu khin dng ca s trt

81

Phng php ca s trt

i vi ng truyn 2 chiu th mi bn phi s dng hai ca s:
Mt cho pht v mt cho nhn Mi bn u phi gi d liu v gi xc nhn ti bn kia

S th t c lu tr trong khung tin

B gii hn, trng k bit th s th t c nh s theo Module ca 2k Kch thc ca ca s khng nht thit phi ly l maximum ( v d trng 3 bit, c th ly di ca s l 4)
82

Pht hin li
L{ do mt hay nhiu bit thay i trong khung tin c truyn:
Tn hiu trn ng truyn b suy yu Tc truyn Mt ng b

Vic pht hin ra li khc phc, yu cu pht li l cn thit v v cng quan trng trong truyn d liu.
83

Pht hin li: Parity Check

L k thut n gin nht. a mt bit kim tra tnh chn l vo sau khi tin. Gi tr ca bit ny c xc nh da trn s cc s 1 l chn (even parity), hoc s cc s 1 l l (odd parity). Li s khng b pht hin nu trong khung tin c 2 hoc mt s chn cc bit b o. Khng hiu qu khi xung nhiu mnh.

84

Kim tra Parity

Bit Parity n: Bit Parity 2 chiu:
pht hin cc li bit pht hin & sa cc li bit

Lp Link & cc mng LAN

85

Pht hin li: Cyclic redundancy Check (CRC)

M t:
Khi d liu k bit Mu n+1 bit (n<k) To ra dy n bit gi l dy kim tra khung tinFCS, Frame Check Sequence Tao ra mt khung tin k+n bit Bn nhn khi nhn c khung tin s chia cho mu, nu kt qu l chia ht, vic truyn khung tin ny l khng c li
86

Pht hin li: CRC di dng module ca 2

M: Khi tin k bit F: FCS n bit, n bit cui ca T T: khung tin k+n bit P: Mu n+1 bit, y l mt s chia c chn trc. Mc tiu: xc nh F T chia ht cho P T = 2n M + F
87

Pht hin li: Cc bc to v kim tra CRC

Cc bc to CRC
Dch tri M i n bit Chia kt qu cho P S d tm c l F Ly khung nhn c (n+k) bit Chia cho P Kim tra s d, nu s d khc 0, khung b li, ngc li l khng li

Cc bc kim tra CRC

88

Pht hin li: CRC- Dng a thc nh phn

Cch th 2 biu th CRC l biu din cc gi tr nh l mt a thc vi cc h s l s nh phn, y l cc bit ca s nh phn. Gi T(X), M(X), Q(X), P(X), R(X) l cc a thc tng ng vi cc s nh phn T, M, Q, P, R trnh by trn, khi CRC c biu th:

89

CRC- Dng a thc nh phn

Mt s a thc P(X) tiu biu: CRC-12: X12+X11+X3+X2+X+1 CRC-16: X16+X15+X2+1 CRC-CCITT: X16+X12+X5+1 CRC32: X32+X26+X23+X22+X16+X12+X11+X10+X8+X7+X5+X4+X2+X+1 V d: To CRC: 1. Cho tin M=1010001101 (10 bit) Mu P:110101 (6 bit) FCS R: c tnh theo phng php CRC v s c di l 5 bit 2. Nhn M vi 25 ta c: M25=101000110100000 3. Chia kt qu cho P: 4. S d l: 01110, c a vo sau tin M. Ta c tin T, c truyn i l: 101000110101110

90

CRC- Dng a thc nh phn

Kim tra CRC: Gi s bn thu nhn c T, khi kim tra l php truyn c li khng ta chia T cho P, s d l 00000, vy ta kt lun php truyn tin M, khng c li.

91

X l{ li
Li: Mt khung, hng khung Kim sot li:
Pht hin li Bo nhn: khung tin tt Truyn li khi ht thi gian nh trc Bo nhn: khung tin li v truyn li

92

X l{ li: ARQ dng v ch

Trn c s k thut iu khin lung dngv-ch Kim sot li:
Khung tin ti bn nhn b hng: Truyn li, s dng ng h m gi time-out Bo nhn b hng: Time-out, bn pht gi li, s dng label 0/1 v ACK0/ACK1 pht hin li

93

X l{ li: ARQ dng v ch

94

X l{ li: ARQ Quay-lui-N

Trn c s k thut iu khin lung bng Ca s trt Kim sot li:
Khung hng:
Khung i-1 thnh cng, i li, bn nhn gi SREJ i, bn pht gi li Khung i mt, i+1 c nhn khng ng trnh t, REJ i, bn gi pht li i v cc khung sau Ch khung i c truyn v b mt, bn nhn khng bit i c truyn i, bn pht gi time-out v gi RR vi P=1, khi bn pht nhn c RR t bn nhn n s pht li i

95

X l{ li: ARQ Quay-lui-N

RR hng:
B nhn khung i v gi RR(i+1), RR(i+1) mt, A c th nhn RR(>i+1) trc khi RR(i+1) time-out, v c ngha l khung i thnh cng. RR(i+1) time-out, A c gng gi RR vi P-bit cho n khi nhn c RR t B mt s ln nht nh, nu vn khng nhn c th Khi ng li giao thc

Reject hng:
A time-out, A gi RR vi P=1 cho n khi nhn c RRi t B th A s gi li khung i

96

X l li: ARQ Quay-lui-N

97

X l{ li: ARQ Chn-Hy (Selective-Reject)

Ch truyn li nhng khung c bo nhn l li (SREJ) Phi duy tr b m ln m bo tnh logic phc tp gi v nhn cc khung theo ng trnh t. ARQ Chn-Hy phi gii quyt c s chng cho gia ca s gi v nhn.
98

X l{ li: ARQ Chn-Hy (Selective-Reject)

Trm A gi cc khung t 0 n 6 ti trm B. Trm B nhn tt c 7 khung v bo nhn tch ly vi RR 7 V l do no v d nh nhiu lm RR 7 b mt trn ng truyn. ng h A ht hn v A truyn li khung 0. B iu chnh trc ca s nhn c th nhn cc khung 7, 0, 1, 2, 3, 4 v 5. Do m khung 7 c coi l b mt v khung nhn c ny l khung s 0 mi, v c chp nhn bi B.

99

CHNG 5: TCP/IP
Khi nim v TCP v IP M hnh tham chiu TCP/IP So snh OSI v TCP/IP Cc giao thc trong m hnh TCP/IP Chuyn i gia cc h thng s a ch IP v cc lp a ch NAT Mng con v k thut chia mng con Bi tp

100

Khi nim v TCP v IP

TCP (Transmission Control Protocol) l giao thc thuc tng vn chuyn v l mt giao thc c kt ni (connected-oriented). IP (Internet Protocol) l giao thc thuc tng mng ca m hnh OSI v l mt giao thc khng kt ni (connectionless).

101

M hnh tham chiu TCP/IP

102

Lp ng dng
Kim sot cc giao thc lp cao, cc ch v trnh by, biu din thng tin, m ha v iu khin hi thoi. c t cho cc ng dng ph bin.

103

Lp vn chuyn
Cung ng dch v vn chuyn t host ngun n host ch. Thit lp mt cu ni lun l gia cc u cui ca mng, gia host truyn v host nhn.
104

Lp Internet
Mc ch ca lp Internet l chn ng i tt nht xuyn qua mng cho cc gi d liu di chuyn ti ch. Giao thc chnh ca lp ny l Internet Protocol (IP).
105

Lp truy nhp mng

nh ra cc th tc giao tip vi phn cng mng v truy nhp mi trng truyn. C nhiu giao thc hot ng ti lp ny

106

So snh m hnh OSI v TCP/IP

Ging nhau
u phn lp chc nng u c lp vn chuyn v lp mng. Chuyn gi l hin nhin. u c mi quan h trn di, ngang hng.

Khc nhau

TCP/IP gp lp trnh by v lp phin vo lp ng dng. TCP/IP gp lp vt l v lp lin kt d liu vo lp truy nhp mng. TCP/IP n gin v c t lp hn. OSI khng c khi nim chuyn pht thiu tin cy lp 4 nh UDP ca TCP/IP
107

Cc giao thc trong m hnh TCP/IP

108

Lp ng dng
FTP (File Transfer Protocol): l dch v c to cu ni, s dng TCP truyn cc tp tin gia cc h thng. TFTP (Trivial File Transfer Protocol): l dch v khng to cu ni, s dng UDP. c dng trn router truyn cc file cu hnh v h iu hnh. NFS (Network File System): cho php truy xut file n cc thit b lu tr xa nh mt a cng qua mng. SMTP (Simple Mail Transfer Protocol): qun l{ hot ng truyn e-mail qua mng my tnh.

109

Lp ng dng
Telnet (Terminal emulation): cung cp kh nng truy nhp t xa vo my tnh khc. Telnet client l host cc b, telnet server l host xa. SNMP (Simple Network Management): cung cp mt phng php gim st v iu khin cc thit b mng. DNS (Domain Name System): thng dch tn ca cc min (Domain) v cc node mng c cng khai sang cc a ch IP.

110

Cc cng ph bin dng cho cc giao thc lp ng dng

111

Lp vn chuyn
TCP v UDP (User Datagram Protocol):
Phn on d liu ng dng lp trn. Truyn cc segment t mt thit b u cui ny n thit b u cui khc

Ring TCP cn c thm cc chc nng:

Thit lp cc hot ng end-to-end. Ca s trt cung cp iu khin lung. Ch s tun t v bo nhn cung cp tin cy cho hot ng.

112

Khun dng gi tin TCP

113

Khun dng gi tin UDP

114

Lp Internet
IP: khng quan tm n ni dung ca cc gi nhng tm kim ng dn cho gi ti ch. ICMP (Internet Control Message Protocol): em n kh nng iu khin v chuyn thng ip. ARP (Address Resolution Protocol): xc nh a ch lp lin kt s liu (MAC address) khi bit trc a ch IP. RARP (Reverse Address Resolution Protocol): xc nh cc a ch IP khi bit trc a ch MAC.

115

Khun dng gi tin IP

VER IHL Type of services Total lenght Flags Fragment offset

Identification

Time to live

Protocol

Header checksum

Source address Destination address Options + Padding Data

116

ARP
Host A ARP Request - Broadcast to all hosts What is the hardware address for IP address 128.0.10.4?

SIEMENS NIXDORF

ARP Reply
SIEMENS NIXDORF SIEMENS NIXDORF

Host B IP Address: 128.0.10.4 HW Address: 080020021545

117

RARP

118

Lp truy nhp mng

Ethernet
L giao thc truy cp LAN ph bin nht. c hnh thnh bi nh ngha chun 802.3 ca IEEE (Institute of Electrical and Electronics Engineers). Tc truyn 10Mbps

Fast Ethernet Gigabit Ethernet

119

Chuyn i gia cc h thng s

H 2 (nh phn): gm 2 k{ s 0, 1 H 8 (bt phn): gm 8 k{ s 0, 1, , 7 H 10 (thp phn): gm 10 k{ s 0, 1, , 9 H 16 (thp lc phn): gm cc k{ s 0, 1, , 9 v cc ch ci A, B, C, D, E, F

120

Chuyn i gia h nh phn sang h thp phn

101102 = (1 x 24) + (0 x 23) + (1 x 22) + (1 x 21) + (0 x 20) = 16 + 0 + 4 + 2 + 0= 22

121

Chuyn i gia h thp phn sang h nh phn

i s 20110 sang nh phn:
201 / 2 = 100 d 1 100 / 2 = 50 d 0 50 / 2 = 25 d 0 25 / 2 = 12 d 1 12 / 2 = 6 d 0 6 / 2 = 3 d 0 3 / 2 = 1 d 1 1 / 2 = 0 d 1 Khi thng s bng 0, ghi cc s d theo th t ngc vi lc xut hin, kt qu: 20110 =

110010012

122

Chuyn i gia h nh phn sang h bt phn v thp lc phn

Nh phn sang bt phn:
Gom nhm s nh phn thnh tng nhm 3 ch s tnh t phi sang tri. Mi nhm tng ng vi mt ch s h bt phn. V d: 1101100 (2) = 154 (8)

Nh phn sang thp lc phn:

Tng t nh nh phn sang bt phn nhng mi nhm c 4 ch s.

V d: 1101100 (2) = 6C (16)

123

Cc php ton lm vic trn bit

A 1 1 0 0

B 1 0 1 0

A and B 1 0 0 0

124

a ch IP v cc lp a ch
a ch IP l a ch c cu trc vi mt con s c kch thc 32 bit, chia thnh 4 phn mi phn 8 bit gi l octet hoc byte. V d:
172.16.30.56 10101100 00010000 00011110 00111000. AC 10 1E 38

125

a ch IP v cc lp a ch
a ch host l a ch IP c th dng t cho cc interface ca cc host. Hai host nm cng mt mng s c network_id ging nhau v host_id khc nhau. Khi cp pht cc a ch host th lu { khng c cho tt c cc bit trong phn host_id bng 0 hoc tt c bng 1. a ch mng (network address): l a ch IP dng t cho cc mng. Phn host_id ca a ch ch cha cc bit 0. V d: 172.29.0.0 a ch Broadcast: l a ch IP c dng i din cho tt c cc host trong mng. Phn host_id ch cha cc bit 1. V d: 172.29.255.255.
126

Cc lp a ch IP
Khng gian a ch IP c chia thnh 5 lp (class) A, B, C, D v E. Cc lp A, B v C c trin khai t cho cc host trn mng Internet, lp D dng cho cc nhm multicast, cn lp E phc v cho mc ch nghin cu.
127

Lp A (Class A)
Dnh 1 byte cho phn network_id v 3 byte cho phn host_id.

128

Lp A (Class A)
Bit u tin ca byte u tin phi l bit 0. Dng nh phn ca octet ny l 0xxxxxxx Nhng a ch IP c byte u tin nm trong khong t 0 (=00000000(2)) n 127 (=01111111(2)) s thuc lp A. V d: 50.14.32.8.
129

Lp A (Class A)
Byte u tin ny cng chnh l network_id, tr i bit u tin lm ID nhn dng lp A, cn li 7 bit nh th t cc mng, ta c 128 (=27 ) mng lp A khc nhau. B i hai trng hp c bit l 0 v 127. Kt qu l lp A ch cn 126 a ch mng, 1.0.0.0 n 126.0.0.0.
130

Lp A (Class A)
Phn host_id chim 24 bit, ngha l c 224 = 16777216 host khc nhau trong mi mng. B i hai trng hp c bit (phn host_id cha ton cc bit 0 v bit 1). Cn li: 16777214 host. V d i vi mng 10.0.0.0 th nhng gi tr host hp l l 10.0.0.1 n 10.255.255.254.
131

Lp B (Class B)
Dnh 2 byte cho phn network_id v 2 byte cho phn host_id.

132

Lp B (Class B)
Hai bit u tin ca byte u tin phi l 10. Dng nh phn ca octet ny l 10xxxxxx Nhng a ch IP c byte u tin nm trong khong t 128 (=10000000(2)) n 191 (=10111111(2)) s thuc v lp B V d: 172.29.10.1 .
133

Lp B (Class B)
Phn network_id chim 16 bit b i 2 bit lm ID cho lp, cn li 14 bit cho php ta nh th t 16384 (=214) mng khc nhau (128.0.0.0 n 191.255.0.0).

134

Lp B (Class B)
Phn host_id di 16 bit hay c 65536 (=216) gi tr khc nhau. Tr i 2 trng hp c bit cn li 65534 host trong mt mng lp B. V d i vi mng 172.29.0.0 th cc a ch host hp l l t 172.29.0.1 n 172.29.255.254.

135

Lp C (Class C)
Dnh 3 byte cho phn network_id v 1 byte cho phn host_id.

136

Lp C (Class C)
Ba bit u tin ca byte u tin phi l 110. Dng nh phn ca octet ny l 110xxxxx Nhng a ch IP c byte u tin nm trong khong t 192 (=11000000(2)) n 223 (=11011111(2)) s thuc v lp C. V d: 203.162.41.235
137

Cc lp a ch IP

138

Cc lp a ch IP

139

a ch dnh ring

140

Cc lp a ch IP

a ch mng

141

Cc lp a ch IP

a ch broadcast
142

Cc lp a ch IP
Lp
A B C D E

Byte u tin
0xxxxxxx 10xxxxxx 110xxxxx 1110xxxx 11110xxx

143

NAT: Network Address Translation

c thit k tit kim a ch IP. Cho php mng ni b s dng a ch IP ring. a ch IP ring s c chuyn i sang a ch cng cng nh tuyn c. Mng ring c tch bit v giu kn IP ni b. Thng s dng trn router bin ca mng mt ca.

144

NAT
a ch cc b bn trong (Inside local address): a
ch c phn phi cho cc host bn trong mng ni b.
a ch hp php c cung cp bi InterNIC (Internet Network Information Center) hoc nh cung cp dch v Internet, i din cho mt hoc nhiu a ch ni b bn trong i vi th gii bn ngoi. ch ring ca host nm bn ngoi mng ni b.

a ch ton cc bn trong (Inside global address):

a ch cc b bn ngoi (Outside local address): a

a ch ton cc bn ngoi (Outside global address):

a ch cng cng hp php ca host nm bn ngoi mng ni b.

145

NAT

146

NAT
phn cn li ca Internet mng cc b (vd: mng gia nh) 10.0.0.0/24
10.0.0.4 138.76.29.7 10.0.0.3 10.0.0.1

10.0.0.2

Tt c datagram i ra khi mng cc b c cng mt a ch IP NAT l: 138.76.29.7, vi cc s hiu cng ngun khc nhau

cc Datagram vi ngun hoc ch trong mng ny c a ch 10.0.0/24

147

NAT
Mng cc b ch dng 1 a ch IP i vi bn ngoi: khng cn thit dng 1 vng a ch t ISP: ch cn 1 cho tt c cc thit b c th thay i a ch cc thit b trong mng cc b m khng cn thng bo vi bn ngoi c th thay i ISP m khng cn thay i a ch cc thit b trong mng cc b cc thit b trong mng cc b khng nhn thy, khng nh a ch r rng t bn ngoi (tng cng bo mt)
148

NAT
Hin thc: NAT router phi:

cc datagram i ra: thay th (a ch IP v s hiu cng ngun) mi datagram i ra bn ngoi bng (a ch NAT IP v s hiu cng ngun mi)
ghi nh (trong bng chuyn i NAT) mi cp chuyn i (a ch IP v s hiu cng ngun) sang (a ch NAT IP v s hiu cng ngun mi) cc datagram i n: thay th (a ch NAT IP v s hiu cng ngun mi) trong cc trng ch ca mi datagram n vi gi tr tng ng (a ch IP v s hiu cng ngun) trong bng NAT
. . . cc clients/servers xa s dng (a ch NAT IP v s hiu cng ngun mi) nh a ch ch

149

NAT
2: NAT router thay i a ch t 10.0.0.1, 3345 -> 138.76.29.7, 5001 cp nht bng bng chuyn i NAT a ch pha WAN a ch pha LAN

138.76.29.7, 5001 10.0.0.1, 3345

1: host 10.0.0.1 gi datagram n 128.119.40.186, 80

S: 10.0.0.1, 3345 D: 128.119.40.186, 80

S: 138.76.29.7, 5001 D: 128.119.40.186, 80

1
10.0.0.4
S: 128.119.40.186, 80 D: 10.0.0.1, 3345

10.0.0.1

10.0.0.2

138.76.29.7
S: 128.119.40.186, 80 D: 138.76.29.7, 5001

3: phn hi n a ch : ch 138.76.29.7, 5001

10.0.0.3 4: NAT router thay i a ch datagram ch t 138.76.29.7, 5001 -> 10.0.0.1, 3345
150

NAT
Trng s hiu cng 16-bit:
Cho php 60000 kt ni ng thi ch vi mt a ch pha WAN

NAT cn c th gy ra tranh lun:

cc router ch x l{ n lp 3 vi phm tha thun end-to-end
nhng ngi thit k ng dng phi tnh n kh nng NAT, vd: ng dng P2P

s thiu thn a ch IP s c gii quyt khi dng IPv6

151

Mng con

152

Mng con

153

K thut chia mng con

Mn mt s bit trong phn host_id ban u t cho cc mng con Cu trc ca a ch IP lc ny s gm 3 phn: network_id, subnet_id v host_id.

154

K thut chia mng con

S bit dng trong subnet_id tuz thuc vo chin lc chia mng con. Tuy nhin s bit ti a c th mn phi tun theo cng thc: S lng bit ti a c th mn:

Subnet_id <= host_id - 2

Lp A: 22 (= 24 2) bit -> chia c 222 = 4194304 mng con Lp B: 14 (= 16 2) bit -> chia c 214 = 16384 mng con Lp C: 06 (= 8 2) bit -> chia c 26 = 64 mng con

155

K thut chia mng con

S bit trong phn subnet_id xc nh s lng mng con. Vi s bit l x th 2x l s lng mng con c c. Ngc li t s lng mng con cn thit theo nhu cu, tnh c phn subnet_id cn bao nhiu bit. Nu mun chia 6 mng con th cn 3 bit (23=8), chia 12 mng con th cn 4 bit (24>=12).

156

Mt s khi nim mi
a ch mng con (a ch ng mng): gm c phn network_id v subnet_id, phn host_id ch cha cc bit 0 a ch broadcast trong mt mng con: tt c cc bit trong phn host_id l 1. Mt n mng con (subnet mask): tt c cc bit trong phn host_id l 0, cc phn cn li l 1.

157

Quy c ghi a ch IP
Nu c a ch IP nh 172.29.8.230 th cha th bit c host ny nm trong mng no, c chia mng con hay khng v c nu chia th dng bao nhiu bit chia. Chnh v vy khi ghi nhn a ch IP ca mt host, phi cho bit subnet mask ca n V d: 172.29.8.230/255.255.255.0 hoc 172.29.8.230/24 (c ngha l dng 24 bit u tin cho NetworkID).
158

K thut chia mng con

Thc hin 3 bc:
Bc 1: Xc nh lp (class) v subnet mask mc nhin ca a ch. Bc 2: Xc nh s bit cn mn v subnet mask mi, tnh s lng mng con, s host thc s c c. Bc 3: Xc nh cc vng a ch host v chn mng con mun dng
159

Bi tp 1
Cho a ch IP sau: 172.16.0.0/16. Hy chia thnh 8 mng con v c ti thiu 1000 host trn mi mng con .

160

Bc 1: Xc nh class v subnet mask mc nhin

Gii: a ch trn vit di dng nh phn
10101100.00010000.00000000.00000000

Xc nh lp ca IP trn: Lp B Xc nh Subnet mask mc nhin: 255.255.0.0

161

Bc 2: S bit cn mn
Cn mn bao nhiu bit:
N = 3, bi v:
S mng con c th: 23 = 8. S host ca mi mng con c th: 2(163) 2 = 213 - 2 > 1000.

Xc nh Subnet mask mi:

11111111.11111111.11100000.00000000

hay 255.255.224.0
162

Bc 3: Xc nh vng a ch host
10101100.00010000.00000000.00000001 n ST SubnetID 10101100.00010000.00000000.00000000 Vng HostID Broadcast 10101100.00010000.00011111.11111111 10101100.00010000.00011111.11111110
T 1 2 7 8 172.16.0.0 172.16.32.0 172.16.192.0 172.16.224.0 172.16.0.1 172.16.31.254 172.16.32.1 172.16.63.254 172.16.31.255 172.16.63.255

10101100.00010000.00100000.00000001 n 172.16.223.255 172.16.192.1 10101100.00010000.00111111.11111110 172.16.223.254

172.16.224.1 172.16.255.254 172.16.255.255

10101100.00010000.00111111.11111111 10101100.00010000.00100000.00000000

163

Bi tp 2
Cho 2 a ch IP sau: 192.168.5.9/28 192.168.5.39/28
Hy cho bit cc a ch network, host ca tng IP trn? Cc my trn c cng mng hay khng ? Hy lit k tt c cc a ch IP thuc cc mng va tm c?
164

a ch IP th nht: 192.168.5.9/28
Ch {: 28 l s bit dnh cho NetworkID y l IP thuc lp C Subnet mask mc nhin: 255.255.255.0

IP (thp 192 168 5 9 phn) IP (nh 11000000 10101000 00000101 00001001 phn)
165

Thc hin AND a ch IP vi Subnet mask

IP

11000000 10101000 00000101 00001001

Subnet 11111111 11111111 11111111 11110000 mask Kt qu 11000000 10101000 00000101 00000000 AND
166

Chuyn IP sang dng thp phn

Kt qu 11000000 10101000 00000101 00000000 AND Net ID Host ID

192

168

5
00001001

0 9
167

a ch IP th hai: 192.168.5.39/28
IP 192 168 5 39

IP (nh phn) Subnet Mask

AND Network ID HostID

11000000 10101000 00000101 00100111 11111111 11111111 11111111 11110000 11000000 10101000 00000101 00100000 192 168 5 32 7
168

Hai a ch trn c cng mng?

192.168.5.9/28 192.168.5.39/28
Kt lun: Hai a ch trn khng cng mng

Net ID ca a ch th 1 Net ID ca a ch th 2

192 192

168 168

5 5

0 32
169

Lit k tt c cc a ch IP
Mng tng ng vi IP
Vng a ch HostID vi dng nh phn
11000000.10101000.00000101.00000001

Vng a ch HostID vi dng thp phn

192.168.5.1/28 n n 11000000.10101000.00000101.00001110 192.168.5.14/28

11000000.10101000.00000101.00100001 192.168.5.33/28 n n 11000000.10101000.00000101.00101110 192.168.5.46/28
170

Bi tp 3
Hy xt n mt a ch IP class B, 139.12.0.0, vi subnet mask l 255.255.0.0. Mt Network vi a ch th ny c th cha 65534 nodes hay computers. y l mt con s qu ln, trn mng s c y broadcast traffic. Hy chia network thnh 5 mng con.

171

Bc 1: Xc nh Subnet mask

chia thnh 5 mng con th cn thm 3 bit (v 23 > 5).

Do Subnet mask s cn: 16 (bits trc y) + 3 (bits mi) = 19 bits a ch IP mi s l 139.12.0.0/19 ( { con s 19 thay v 16 nh trc y).
172

Bc 2: Lit k ID ca cc Subnet mi

Subnet mask vi dng nh phn

Subnet mask vi dng thp phn

11111111.11111111.11100000.00000000

255.255.224.0

173

NetworkID ca bn Subnets mi

TT 1 2 3

Subnet ID vi dng nh phn 10001011.00001100.00000000.00000000 10001011.00001100.00100000.00000000 10001011.00001100.01000000.00000000

Subnet ID vi dng thp phn 139.12.0.0/19 139.12.32.0/19 139.12.64.0/19

4
5

10001011.00001100.01100000.00000000
10001011.00001100.10000000.00000000

139.12.96.0/19
139.12.128.0/19
174

Bc 3: Cho bit vng a ch IP ca cc HostID

TT 1 2 3 Dng nh phn 10001011.00001100.00000000.00000001 10001011.00001100.00011111.11111110 10001011.00001100.00100000.00000001 10001011.00001100.00111111.11111110 10001011.00001100.01000000.00000001 10001011.00001100.01011111.11111110 10001011.00001100.01100000.00000001 10001011.00001100.01111111.11111110 10001011.00001100.10000000.00000001 10001011.00001100.10011111.11111110 Dng thp phn 139.12.0.1/19 139.12.31.254/19 139.12.32.1/19 139.12.63.254/19 139.12.64.1/19 139.12.95.254/19 139.12.96.1/19 139.12.127.254/19 139.12.128.1/19 139.12.159.254/19
175

4
5

Tnh nhanh vng a ch IP

n s bit lm subnet S mng con: S = 2n S gia a ch mng con: M = 28-n (n8) Byte cui ca IP a ch mng, v d lp C: (k-1)*M (vi k=1,2,) Byte cui ca IP host u tin, v d lp C: (k-1)*M + 1 (vi k=1,2,) Byte cui ca IP host cui cng, v d lp C: k*M 2 (vi k=1,2,) Byte cui ca IP broadcast, v d lp C: k*M - 1 (vi k=1,2,)
176

V d tnh nhanh vng a ch IP

Cho a ch: 192.168.0.0/24 Vi n=4 M= 16 (= 28-4) Network 1: 192.168.0.0. Host range: 192.168.0.1 192.168.0.14. Broadcast: 192.168.0.15 Network 2: 192.168.0.16. Host range: 192.168.0.17 192.168.0.30. Broadcast: 192.168.0.31 Network 3: 192.168.0.32. Host range: 192.168.0.33 192.168.0.46. Broadcast: 192.168.0.47 Network 4: 192.168.0.48. Host range: 192.168.0.49 192.168.0.62. Broadcast: 192.168.0.63
177

Bi tp 4

Cho a ch IP: 102.16.10.107/12 Tm a ch mng con? a ch host Di a ch host c cng mng vi IP trn? Broadcast ca mng m IP trn thuc vo?
178

Bc: Tnh subnet mask

102.16.10.107/12 Subnet mask: 11111111.11110000.00000000.00000000 Byte u tin chc chn khi dng php ton AND ra kt qu bng 102 khng cn i 102 sang nh phn

179

Tr li cu hi 1: a ch mng con?
Xt byte k tip l: 16 (10) 00010000 (2) Khi AND byte ny vi Subnet mask, ta c kt qu l: 00010000 (2) Nh vy a ch mng con s l:

102.16.0.0/12
Nh vy a ch host s l:

0.10.107
180

Tr li cu hi 2: Di a ch host? Broadcast?
Di a ch host s t:

01100110 00010000 00000000 00000001

(hay 102.16.0.1/12)
n:

01100110 00011111 11111111 11111110

(hay 102.31.255.254/12)
Broadcast:

102.31.255.255/12
181

Bi tp 5: Cho IP 172.19.160.0/21
Chia lm 4 mng con Lit k cc thng s gm a ch mng, dy a ch host, a ch broadcast ca cc mng con

182

Gii BT 5
Chia lm 4 mng con nn phi mn 2 bit Do /21 nn 2 byte u tin ca IP cho khng thay i. Xt byte th 3 160 = 10100000(2) Phn 2 bit 00 l ni ta mn lm subnet

183

Gii BT 5 (tt)
Xt byte th 3 Mng con th 1: 10100000(2) Mng con th 2: 10100010(2) Mng con th 3: 10100100(2) Mng con th 4: 10100110(2)

184

Gii BT 5 (tt)
a ch mng
172.19.160.0

Di a ch host
172.19.160.1 n 172.19.161.254

a ch broadcast
172.19.161.255

172.19.162.0

172.19.162.1 n 172.19.163.254
172.19.164.1 n 172.19.165.254 172.19.166.1 n 172.19.167.254

172.19.163.255

172.19.164.0

172.19.165.255

172.19.166.0

172.19.167.255

185

Bi tp 6: Cho IP 172.16.192.0/18
Chia lm 4 mng con Lit k cc thng s gm a ch mng, dy a ch host, a ch broadcast ca cc mng con

186

Gii BT 6
Chia lm 4 mng con nn phi mn 2 bit Do /18 nn 2 byte u tin ca IP cho khng thay i. Xt byte th 3 192 = 11000000(2) Phn 2 bit 00 l ni ta mn lm subnet

187

Gii BT 6 (tt)
Xt byte th 3 Mng con th 1: 11000000(2) Mng con th 2: 11010000(2) Mng con th 3: 11100000(2) Mng con th 4: 11110000(2)

188

Gii BT 6 (tt)
a ch mng
172.16.192.0

Di a ch host
172.16.192.1 n 172.16.207.254

a ch broadcast
172.16.207.255

172.16.208.0

172.16.208.1 n 172.16.223.254
172.16.224.1 n 172.16.239.254 172.16.240.1 n 172.16.255.254

172.16.223.255

172.16.224.0

172.16.239.255

172.16.240.0

172.16.255.255

189

CHNG 6: BO MT MNG
Hiu cc nguyn l{ ca bo mt mng:
mt m chng thc tnh ton vn kha phn b

Bo mt trong thc t:
cc firewall bo mt trong cc lp application, transport, network, data-link
190

Bo mt mng l g?
S bo mt: ch c ngi gi, ngi nhn mi hiu c ni dung thng ip

ngi gi m ha thng ip ngi nhn gii m thng ip

Chng thc: ngi gi, ngi nhn xc nh l nhn ra nhau S ton vn thng ip: ngi gi, ngi nhn mun bo m thng ip khng b thay i (trn ng truyn hoc sau khi nhn) Truy cp & tnh sn sng: cc dch v phi c kh nng truy cp v sn sng i vi cc user

191

Cc i tng cn bo mt
Trnh duyt Web/server cho cc giao dch in t Client/Server ngn hng trc tuyn DNS servers Cc router trao i thng tin cp nht bng routing .v.v.

192

K xu c th lm nhng vic g?
nghe ln: ngn chn cc thng ip kch hot chn cc thng ip vo trong kt ni gi danh: c th gi mo a ch ngun trong gi (hoc bt kz trng no trong ) cp: tip tc kt ni hin hnh nhng thay ngi gi hoc ngi nhn bng chnh h t chi dch v: dch v hin ti b ngi khc dng (ng ngha qu ti) .v.v.

193

Cc nguyn l m ha
K

kha m ca Alice

kha m K ca Bob B gii thut vn bn gc gii m

vn bn gc

gii thut vn bn m ha m ha

Hacker

kha i xng: kha bn gi v bn nhn ging nhau kha cng cng: kha m chung, kha gii m b mt (ring)
194

M ha kha i xng
mt m thay th: thay th ny thnh th khc
m ha k{ t n: thay th tng k{ t mt
vn bn gc: vn bn m ha: v d: abcdefghijklmnopqrstuvwxyz mnbvcxzasdfghjklpoiuytrewq

vn bn gc: Bob. i love you. Alice m ha thnh: nko. s gktc wky. mgsbc

B kha kiu m ha n gin ny d khng? brute force (kh nh th no?) khc?

195

M ha kha i xng: DES

DES: Data Encryption Standard
Chun m ha ca Hoa Kz *NIST 1993] Kha i xng 56-bit, vn bn gc vo 64-bit Bo mt trong DES nh th no?
cha c cch tip cn backdoor-ca sau gii m

lm cho DES bo mt hn: dng 3 kha tun t (3-DES) trong mi datum dng c ch lin kt khi m
196

M ha kha i xng: DES

DES hot ng

hon v u tin 16 vng ging nhau, mi vng dng kha 48 bit khc nhau hon v cui cng

197

AES: Advanced Encryption Standard

Chun NIST kha i xng mi (thng 112001) thay th cho DES D liu x l{ tng khi 128 bit Cc kha 128, 192 hoc 256 bit Gii m brute force (th sai) tn 1s vi DES, tn 149 t t nm vi AES

198

M ha kha cng cng

kha i xng yu cu ngi gi, ngi nhn phi bit kha cng cng Lm sao bit kha cng cng trong ln u tin (c bit vi nhng ngi cha bao gi gp trc)? M ha kha cng cng tip cn khc hon ton ngi gi, ngi nhn khng chia s kha cng cng kha cng cng cho mi ngi u bit kha gii m ring ch c ngi nhn bit

199

Gii thut m ha kha cng cng

Yu cu:
-

1 cn

K (.) v K (.) B nh sau: B

K (K (m)) = m
B
B + +

khng th 2 cho kha cng cng K , phi B tnh ton ra c kha ring K B

gii thut RSA: Rivest, Shamir, Adelson

200

S chng thc
Mc tiu: Bob mun Alice chng thc nhn dng ca c i vi anh ta
M t cch thc hin thc: Alice ni Ti l Alice Ti l Alice Tht bi s xy ra??

201

S ton vn
Ch k{ s: K thut m ha tng t nh cc ch
k{ bng tay. ngi gi (Bob) nh du (s ha) ti liu, thit lp thuc tnh l ngi s hu/to lp ti liu. c th kim tra, khng th lm gi: ngi nhn (Alice) c th chng thc vi ngi khc l ch c Bob ch ngoi ra khng c ai (k c Alice) k{ trn ti liu .

202

Ch k{ s
Ch k{ s n gin cho thng ip m:
Bob k{ m bng cch m ha vi kha ring ca anh y KB, to thng ip c k{, KB(m)
thng ip ca Bob, m
Dear Alice
Oh, how I have missed you. I think of you all the time! (blah blah blah)

K B kha ring ca

Bob

K B (m)
thng ip ca Bob l m, k (m ha) vi kha ring ca anh y

gii thut m ha kha cng cng

Bob

203

Ch k{ s (tt)
Gi s Alice nhn c m, vi ch k{ s ha l KB(m) Alice kim tra m c k{ bi Bob bng cch p dng kha cng cng ca Bob l KB cho KB(m) sau + kim-tra KB(KB(m) ) + = m. - ) = m, bt c ai k{ m phi dng kha ring Nu KB+ (KB(m) ca Bob Alice kim tra: Bob k{ m. Khng c ai khc k{ m. Bob k{ m v khng k{ m. Khng th ph nhn: Alice c th gi m v ch k{ KB(m) chng thc rng Bob k{ m.
204

Phn loi thng ip

thng ip ln m

Tnh ton cc thng ip di c chi ph t Mc tiu: du tay s ha c kch thc c nh, d tnh ton c p dng hm bm H vo m, tnh c phn loi thng ip kch thc c nh, H(m).

H: hm bm

H(m)

Cc c tnh hm bm: nhiu-mt sinh ra phn loi thng ip kch thc c nh (du tay) cho phn loi thng ip x, khng th tnh ton tm m dng x = H(m)
205

Kha phn b v chng ch

Vn kha i xng: Lm th no 2 thc th cng thit lp kha b mt trn mng?

Gii php:
Trung tm phn b kha (key distribution center-KDC) c tin cy hot ng trung gian gia cc thc th

Vn kha cng cng: Khi Alice ly c kha cng cng ca Bob (t web site, email, a) lm sao bit kha cng cng ca Bob ch khng phi ca Hacker? Gii php: ni cp chng ch (certification authorityCA) c tin cy
206

Cp chng ch
Certification authority (CA): gn kt kha cng cng vi thc th E no . E (ngi, router) ng k{ kha cng cng ca h vi CA.
E cung cp bng chng nhn dng cho CA. CA to ra chng ch rng buc E vi kha cng cng ca n. chng ch cha kha cng cng ca E c k{ s bi CA CA ni y l kha cng cng ca E
kha cng cng ca Bob

KB

ch k s ( m ha)
kha ring CA

KB chng ch cho kha cng cng ca Bob, k bi CA

207

thng tin nhn dng Bob

K CA

M t chng ch
S th t (duy nht) thng tin v ngi s hu chng ch, bao gm gii thut v chnh gi tr kha (khng hin th ra)

thng tin v ngi

pht hnh chng ch ngy kim tra tnh hp l ch k s bi ngi pht hnh chng ch

208

S dng chng ch
Gii m &

Ti liu Xc nhn ch k

T chc chng nhn (CA)

chp nhn ngh.

Ok! Tin tng & ? ng tin cy

Chng nhn hp l Public tr Thng tin & cn gi

key

To chng nhn Xc thc chng nhn

Chng nhn Yu cu cp K X.509 chng nhn theo & Chun X.509 M ha Ti Public liuThng tin Private key key
209

S dng chng ch
Kha b mt b

B !

CA

Xc thc Hy chng nhnnhn chng

Hy Chng nhn b HY vo 25/3/2009 3:10:22 Cn chng thc giao dch giy chng nhn

Private key

210

Cc Firewall-Tng la
firewall

c lp mng ni b ca t chc vi Internet, cho php mt s gi c truyn qua, ngn chn cc gi khc

mng c qun tr firewall

Internet cng cng

211

Firewall: Ti sao phi dng?

Ngn chn cc cuc tn cng t chi dch v Denial Of

Service (DoS):

SYN flooding: k tn cng thit lp nhiu kt ni TCP o, khng cn ti nguyn cho cc kt ni tht

Ngn chn vic sa i/truy cp bt hp php cc d

liu ni b.

V d: k tn cng thay th trang ch ca CIA bng trang no

Ch cho php cc truy cp hp php vo bn trong

mng (tp hp cc host/user c chng thc) 2 kiu firewall:

mc ng dng lc gi tin
212

Lc gi tin

Cc gi n s c php vo? Cc gi chun b ra c c php khng?

mng ni b kt ni vi Internet thng qua router firewall router lc tng gi mt, xc nh chuyn tip hoc b cc gi da trn:
a ch IP ngun, a ch IP ch cc s hiu port TCP/UDP ngun v ch kiu thng ip ICMP cc bit TCP SYN v ACK
213

Lc gi tin
V d 1: chn cc datagram n v i vi trng giao thc IP = 17 v port ngun hoc ch = 23. Tt c cc dng UDP n/i v cc kt ni telnet u b chn li. V d 2: chn cc on Block TCP vi ACK=0. Ngn chn cc client bn ngoi to cc kt ni TCP vi cc client bn trong, nhng cho php cc client bn trong kt ni ra ngoi.

214

Cc ng dng gateway
phin telnet t host n gateway

phin telnet t gateway n host

Lc cc gi trn d liu ng dng cng nh cc trng IP/TCP/UDP. V d: cho php chn cc user bn trong c telnet ra ngoi.

application gateway

router v lc

1. yu cu tt c cc user phi telnet thng qua gateway 2. vi cc user c cp php, gateway thit lp kt ni vi host ch. gateway tip vn d liu gia 2 kt ni. 3. Router lc v chn tt c cc kt ni telnet khng xut pht t gateway.

215

Cc hn ch ca cc firewall v gateway
gi mo IP: router khng cc lc thng dng tt c th bit d liu c thc s hoc khng c chnh sch n t ngun tin cy hay no dnh cho UDP khng s cn bng: mc nu nhiu ng dng cn truyn thng vi bn i x c bit, mi ci s ngoi v s an ton hu gateway ring nhiu site bo v mc cao phn mm client phi bit vn phi chu ng s tn cch tip xc vi gateway. cng
v d: phi thit lp a ch IP ca proxy trong trnh duyt Web
216

Cc loi tn cng v cch phng chng

Phng thc:
Trc khi tn cng: hacker tm hiu cc dch v hin thc/hot ng trn mng Dng ping xc nh cc host no c a ch trn mng Qut port: lin tc th thit lp cc kt ni TCP vi mi port (xem th chuyn g xy ra)

Bin php i ph?

Ghi nhn lu thng vo mng Quan tm cc hnh vi nghi ng (cc a ch IP, port b qut lin tc)
217

Cc mi e da bo mt Internet
Packet sniffing: Nghe ngng gi
NIC promiscuous (hn tp) c tt c cc gi chuyn qua n C th c tt c cc d liu c m ha (nh mt khu) V d: C nghe ngng cc gi ca B
A C

src:B dest:A

payload

B
218

Cc mi e da bo mt Internet
Packet sniffing: Bin php i ph
Tt c cc host trong t chc chy phn mm kim tra nh kz xem host c ch promiscuous 1 host mi on ca phng tin truyn thng
A
C

src:B dest:A

payload

219

Cc mi e da bo mt Internet
IP Spoofing (gi mo IP):
C th sinh ra cc gi IP th trc tip t ng dng, gn gi tr bt kz vo trng a ch IP ngun Bn nhn khng th xc nh ngun b gi mo V d: C gi mo l B
A C

src:B dest:A

payload

B
220

Cc mi e da bo mt Internet
IP Spoofing: lc quyn vo
Router s khng chuyn tip cc gi i vi trng hp cc a ch ngun khng hp l Tuyt vi, nhng lc nh th khng th p dng cho tt c cc mng
A C

src:B dest:A

payload

B
221

Cc mi e da bo mt Internet
Denial of Service (DoS):
Gy ra ngp lt bng cc gi sinh ra bi { xu cho bn nhn Distributed DOS (DDoS): nhiu ngun phi hp lm ngp lt bn nhn V d: C v cc host xa tn cng SYN A
A
SYN SYN SYN

C
SYN SYN

B
SYN SYN
222

Cc mi e da bo mt Internet
Denial of Service (DoS): Bin php i ph?
Lc ra trc cc gi dng lm ngp lt (v d: SYN) Theo di ngc li ngun gy ra ngp lt (c ch ging my pht hin ni di ca M)
A
SYN SYN SYN

C
SYN SYN

B
SYN SYN
223

Bo mt e-mail
Alice mun gi 1 e-mail b mt, m, n Bob.
KS m
K (. )
S

KS(m )

KS(m )

KS( )

KS
Alice:

KB( )

+
KB(KS )

Internet

KB(KS )

KS -

K B( )

K+ B

KB

Bob:
dng kha ring ca anh y gii

sinh ra kha ring i xng ngu

nhin, KS. m ha thng ip vi KS cng m ha KS vi kha cng cng ca Bob. gi c KS(m) v KB(KS) cho Bob.

m v phc hi KS dng KS gii m KS(m) v phc hi m

224

Bo mt e-mail
Alice mun cung cp s ton vn thng ip chng thc ngi gi.
H(. )

KA -

KA ( )

KA(H(m))

KA(H(m))

+ KA +

KA ( )

. .

H(m )

+
m

Internet

compare H( ) H(m )

Alice k{ s trn thng ip.

gi c thng ip (dng r rng) v ch k{ s.
225

Bo mt e-mail
Alice mun cung cp s ton vn thng ip chng thc
ngi gi s b mt
m
H( )

KA

KA ( )

.
+

KA(H(m)) KS( )

KS

m KS +

KB( ) K+ B

+
KB(KS )

Internet

Alice dng 3 kha: kha ring ca c y, kha cng cng ca Bob, kha i xng va mi to
226

Pretty good privacy (PGP)

Chun trn thc t m ha Mt thng ip c k{ bng PGP email Internet. Dng m ha kha i xng, ---BEGIN PGP SIGNED MESSAGE--kha cng cng, hm bm v Hash: SHA1 ch k{ s nh trnh by Bob:My husband is out of town trc. tonight.Passionately yours, A H tr ng nht, chng thc ---BEGIN PGP SIGNATURE--ngi gi, b mt Version: PGP 5.0 Charset: noconv Ngi pht minh: Phil yhHJRHhGJGhgg/12EpJ+lo8gE4vB3mqJ Zimmerman.
hFEvZP9t6n7G6m5Gw2 ---END PGP SIGNATURE---

227

Secure sockets layer (SSL)

Bo mt lp transport vi bt kz ng dng no da trn TCP dng cc dch v SSL Dng gia trnh duyt Web, cc server trong thng mi in t Cc dch v bo mt:
Chng thc server M ha d liu Chng thc client (ty chn)

Chng thc server:

Trnh duyt cho php SSL cha cc kha cng cng cho cc CA c tin cy Trnh duyt yu cu chng ch server, pht ra bi CA c tin cy Trnh duyt dng kha cng cng ca CA trch ra kha cng cng ca server t chng ch

Kim tra trong trnh duyt ca bn thy cc CA c tin cy

228

SSL (tt)
M ha phin lm vic SSL : SSL: c s ca IETF Transport Layer Security Trnh duyt sinh ra kha (TLS). phin i xng, m ha n vi kha cng cng ca SSL c th dng cho cc server, gi kha ( m ha) ng dng khng Web, cho server. nh IMAP. Dng kha ring, server gii Chng thc client c th m kha phin hon thnh vi cc chng ch client Trnh duyt, server bit kha phin
Tt c d liu gi vo trong TCP socket (do client hoc server) c m ha bi kha phin.
229

IPSec: bo mt lp Network
Bo mt lp Network: Vi c AH v ESP, ngun ch bt tay nhau: host gi m ha d liu trong IP datagram to knh logic lp network gi l mt security association cc on TCP & UDP; cc (SA) thng ip ICMP & SNMP. Mi SA theo 1 chiu duy nht Chng thc lp Network: host ch c th chng thc duy nht xc nh bi: a ch IP ngun giao thc bo mt (AH hoc ESP) 2 giao thc c bn: a ch IP ngun authentication header (AH) ID ca kt ni 32-bit encapsulation security payload (ESP)

230

Giao thc AH
H tr chng thc ngun, ton vn d liu, khng tin cy AH header c chn vo gia IP header, trng d liu. Trng giao thc: 51 Trung gian x l{ cc datagram nh bnh thng AH header cha: Nhn dng kt ni D liu chng thc: thng ip c k{ t ngun c tnh ton da trn IP datagram gc Trng header k tip: xc nh kiu ca d liu (vd: TCP, UDP, ICMP)

IP header

AH header

d liu (vd: TCP, UDP, ICMP)

231

Giao thc ESP

H tr ton vn d liu, chng thc host, tnh b mt M ha d liu, ESP trailer Trng header k tip nm trong ESP trailer. Trng chng thc ESP tng t nh ca AH Protocol = 50.

chng thc m ha IP header

ESP ESP ESP TCP/UDP segment header trailer authent.

232

Bo mt IEEE 802.11
Kho st: 85% vic s dng m khng c m ha/chng thc D dng b pht hin/nghe ngng v nhiu loi tn cng khc! Bo mt 802.11 M ha, chng thc Th nghim bo mt 802.11 u tin l Wired Equivalent Privacy (WEP): c thiu st Th nghim hin ti: 802.11i
233

Wired Equivalent Privacy (WEP):

Chng thc nh trong giao thc ap4.0 host yu cu chng thc t access point access point gi 128 bit host m ha dng kha i xng chia s access point gii m, chng thc host Khng c c ch phn b kha Chng thc: ch cn bit kha chia s

234

Wi-Fi Protected Access (WPA)

Hai s ci tin chnh so vi WEP:
M ha d liu ci tin thng qua giao thc Temporal Key Integrity Protocol (TKIP). TKIP scrambles key s dng thut ton hashing v bng c tnh kim tra s nguyn, m bo rng Key s khng b gi mo. Chng thc ngi dng, thng qua EAP.

WPA l tiu chun tm thi m s c thay th vi chun IEEE 802.11i

235

802.11i: ci tin s bo mt
Rt nhiu (v chc chn hn) dng m ha c th H tr phn b kha Dng chng thc server tch ring khi AP

236

EAP: Extensible Authentication Protocol

EAP c gi trn cc link ring bit
mobile-n-AP (EAP trn LAN) AP n server chng thc (RADIUS trn UDP)

wired network

EAP TLS EAP

EAP over LAN (EAPoL) IEEE 802.11 RADIUS UDP/IP
237

TI LIU THAM KHO, A CH LIN LC

Gio trnh Mng my tnh, KS. Nguyn Bnh Dng, TS. m Quang Hng Hi Gio trnh h thng Mng my tnh CCNA, Nguyn Hng Sn CCNA: Cisco Certified Network Associate Study Guide, Todde Lammle - 2007 Computer Networking: A Top Down Approach Featuring the Internet, 3rd edition. Jim Kurose, Keith Ross. 2004. Computer Networks, 4th edition. Andrew S. Tanenbaum. 2003 a ch lin lc: Trn B Nhim Khoa Mng my tnh & Truyn thng H CNTT 34 Trng nh, Q3, Tp.HCM. Email: tranbanhiem@yahoo.com
238