정보보호기술연구본부 “Internet Security” Chapter 2. P.2 Contents 2. TCP/IP Suite and Internet Stack Protocols 2.1 Network Layer Protocols 2.2 Transport Layer Protocols

“Internet Security”

Chapter 2

P.2

Contents

2. TCP/IP Suite and Internet Stack Protocols 2.1 Network Layer Protocols

2.2 Transport Layer Protocols

2.3 World Wide Web

2.4 File Transfer

2.5 Electronic Mail

2.6 Network Management Service

2.7 DNS

2.8 Routing Protocols

2.9 Remote System Programs

P.3

Network Layer Protocols

▣ Internet Protocol (IP)◈ A network layer (layer 3 in the OSI model or Internet layer in the

TCP/IP model) protocol• which contains addressing information and some control

information to enable packets to be controlled

◈ An unreliable and connectionless datagram protocol◈ The service is called unreliable

• because delivery is not guaranteed

◈ The service is called connectionless• because each packet is treated independently from all others

◈ Packets in the IP layer are called datagrams

P.4


▣ IP Datagrams ( Header + Data)

Total LengthService Type

Source Address

Destination Address

3115

TTL Protocol

Flags Fragmentatin Offset

HLEN

Header Checksum

Identification

Ver0

Options (if any)

20~60bytes

(variablelength)

IP Datagram format

Data

P.5


▣ Each field in an IP Datagram◈ Version (VER, 4 bits)

• The version of the IP protocol that was used to create the datagram

◈ Header Length (HLEN, 4 bits)• The total length of IPv4 datagram header

◈ Type of service (TOS, 8 bits)• How the datagram should be handled by routers

DPrecedence

(3 bits)T R C

unused(1 bit)

D : Minimize delay (1000)R : Maximize reliability (0010)T : Maximize throughput (0100)C : Minimize cost (0001)

Normal (default) : (0000)

TOS 4 bits

P.6


▣ Each field in an IP Datagram◈ Overall length (16 bits)

• The total length (header plus data) of the IP datagram in bytes

◈ Identification (ID,16 bits)• specifies to identify a datagram originating from the source host• It is set by sender and uniquely identifies a specific IP datagram sent by a

source host

◈ Flags (3 bits)• used in fragmentation

◈ Fragmentation offset (13 bits)• Fragment : the small pieces into which a datagram is divided• Fragmentation : the process of dividing a datagram• The relative position of each fragment with respect to the whole datagram• Where the data in a fragmented datagram should be placed in the

datagram being reassembled

P.7


▣ Each field in an IP Datagram◈ Time to live (TTL, 8 bits)

• Limited lifetime in its travel through an Internet

• Routers and hosts that process datagram must decrement this TTL filed as time passes and remove the datagram from the Internet when its time expires

◈ Protocol (8 bits)• Higher-level protocols such as TCP, UDP, ICMP, IGMP

• Helps the de_multiplexing process when the datagram arrives at its final destination

◈ Header checksum (16 bits)• The error detection method used by most TCP/IP protocols

• Ensuring the integrity of header values

P.8


▣ Each field in an IP Datagram◈ Source IP address (32 bits)

• The IP address of the sender of the IP datagram

◈ Destination IP address (32 bits)• The IP address of the host to which this datagram is to be sent

◈ Options (variable length)• Variable length filed ( zero or more)

• The most common options are as followings The security option A record route option The timestamp option A source routing option

P.9


▣ IP Addressing

Layer

Application

TransportInternetNetwork Access

TCP/IP Protocol

HTTP, FTP, SMTPDNS and other protocolsTCP, UDPIC, ICMP, IGMPPhysical network

Address

Port address

-IP addressPhysical (link) address

Table 2.2 TCP/IP architecture and corresponding address

P.10


▣ IP Addressing◈ Physical (local or link) address

• A local address is called a physical address because it is usually implemented in hardware

◈ IP address• An IP address is called a logical address at the network level because it is

usually implemented in software

◈ Port address• The label assigned to a process is called a port address (1~1023 number)

Computer A

Telnet

FTP

port

Computer B/C

Telnet

Computer B/C

FTPport

port

port

P.11


▣ Addressing schemes◈ IP address being divided into five different classes

• Class A, Class B, Class C, Class D Class A, B and C differ in the number of hosts allowed per network Class D is used for multicasting Class E is reserved for future use

Table 2.3 Number of networks and hosts in each address class

AddressClass

A (0)

B (10)

C (110)

D (1110)E (1111)

Netid

First octet (8 bits)Two octets (16 bits)Three octets (24 bits) -- --

Hostid

Three octets (24 bits)Two octets (16 bits)Last octets (8 bits) -- --

Number of Networks and Hosts

27 - 2 = 126 224 - 2 = 16777214 214 = 16384 216 - 2 = 65534 221 = 297152 28 - 2 = 254 No netid No hostid No netid No hostid

Netid Hostid

P.12

P.13


▣ Subnetting and supernetting◈ In subnetting, one large network is divided into several samller

subnetworks, and class A, B and C addresses can be subnetted• Three portions

netid, subnetid, hostid

◈ In supernetting, several networks are combined into one large network

◈ For example• For a 32-bit IP address of 141.14.5.23

141.14 as netid 5 as subnetid 23 as hostid

P.14


▣ Mapping by mask◈ Masking is a process that extracts the physical network address from

IP address• Performing a 32-bit IP address on another 32-bit mask, bit-by-bit logical

AND operation

◈ Example 2.3

P.15


▣ Address Resolution Protocol (ARP)◈ The delivery of a packet to a host or a router requires two levels of

addressing• Such as logical (IP) address and physical (MAC) address

◈ Since the IP datagram is encapsulated in a form to be passed through the physical network (such as LAN), the sender needs the physical MAC address of the receiver

NIC NIC

IP

MAC

P.16


▣ ARP operation◈ Refer to hard copy figure

P.17


▣ Proxy ARP

▣ Reverse Address Resolution Protocol (RARP)◈ Using the physical address to get the logical IP address

router

Network A

Network B

sender

receiver

1. ARP request

2. ARP replyLAN

LAN3. Packet delivery

Proxy ARP

P.18


▣ IP Version 6 (IPv6, or IPng)◈ Advantages

• Extended Address Space 32 bits (232) 128 bits (2128)

• Auto-configuration Stateless/Stateful address auto-configuration

• Efficient Packet Processing Fixed IPv6 basic header (Lower processing overhead) Extension header and no checksum

• Security IPSec

P.19


▣ IP Version 6 (IPv6, or IPng)◈ IPv6 Addressing

• IPv6 address consists of 32 hexadecimal digits, with every four digits separated by a colon

Flea:1075:fffb:110e:0000:0000:7c2d:a65f Flea:1075:fffb:110e::7c2d:a65f (abbreviated address)

◈ IPv6 Address Types• Unicast

Packets sent to a unicast address are delivered to the interface uniquely specified by the address

• Anycast Packets sent to a anycast address will be delivered to at least one interface

specified by the address

• Multicast Packets sent to a multicast address will be delivered to all the interface to

which the address refers

P.20


▣ IPv6 Packet formatTotal LengthService Type

Source Address

Destination Address

3115

TTL Protocol

Flags Fragmentatin Offset

HLEN

Header Checksum

Identification

Ver0

Option

20~40bytes

(variablelength)

Source Address

Destination Address

Flow LabelVer Priority

Payload Length Next Header Hop Limit

Hop-by-hop Option header

Destination Options header (note 1)

Routing header

Fragment header

Authentication header

Encapsulation header

Destination Options header (note 2)

upper-layer header

BasicHeader

ExtensionHeaders

3 3111 150

P.21


▣ IPv6 Header field◈ Version (4 bits)◈ Priority (4 bits)

• defines the priority of packet with respect to traffic congestion

◈ Flow label (24 bits)• designed to provide special handling for a particular flow of data• contains information that routers use to associate a datagram with s

specific flow and priority

◈ Payload length (16 bits)• The total length of the IP datagram excluding the base header• Optional extension header + data from the upper layer

◈ Next header (8 bits)• Defining the header that follows the base header in the datagram• Table 2.6 Next header codes

P.22


▣ IPv6 Header field◈ Hop limit (8 bits)

• Decrements by 1 each node that forwards the packet

• TTL in IPv4

◈ Source address (128 bits)• A 128 bit originator address that identifies the initial sender of the packet

◈ Destination address (128 bits)• A 128 bit recipient address that identifies the final destination of the

datagram

P.23


▣ Internet Control Message Protocol (ICMP)◈ An extension to the Internet Protocol

• which is used to communicate between a gateway and a source host, to manage errors and generate control messages

◈ The purpose of ICMP• Providing feedback about problems in the communication environment,

not to make IP reliable

ICMPmessage

IP dataIP

header

Framedata

Frameheader

Trailer(if any)

ICMP encapsulation

Type Type Checksum

Rest of the header

Data Section

8 bits 8 bits 16 bits

ICMP message format

P.24


▣ Internet Group Message Protocol (IGMP)◈ used to facilitate the simultaneous transmission of a message to a

group of recipients◈ Two types of message

• Report and query Report message : host -> router Query message : router -> host

Ver (1) Unused Checksum

Group address in report, all 0s in query

8 bits 16 bits

IGMP message format

Type

8 bits

Type : Query (1) Report (2)

P.25

Transport Layer Protocols

▣ Two protocols in the transport layer◈ TCP and UDP

▣ Transmission Control Protocol (TCP)◈ A connection-oriented byte stream transport layer protocol in the

TCP/IP suite◈ provides a full duplex connection between two applications, allowing

them to exchange large volumes of data efficiently◈ Uses a sliding window protocol so that it can make efficient use of the

network◈ Error detection is handled by checksum, acknowledgement and

timeout◈ TCP is used by many popular application such as HTTP, TELNET,

Rlogin, FTP and SMTP

P.26


▣ TCP header

Figure 2.10 TCP encapsulationIPheader

TCP DataTCP

header

TCP segment

IP datagram

20 bytes 20 bytes

HeaderLength(4 bits)

Reserved(6 bits)

Code bits(6 bits)

Windows size(16 bits)

Checksum(16 bits)

Urgent pointer(16 bits)

TCP option(24 bits)

Padding(8 bits)

Data

Acknowledgement number (32 bits)

Sequence number (32 bits)

Source port number(16 bits)

Destination port number(16 bits)

Figure 2.11 TCP packet format

P.27


▣ TCP header field◈ Source and destination port number (16 bits each)

• The number to identify the sending and receiving application

◈ Sequence number (32 bits)• The number assigned to the first byte of data stream contained in this

segment

◈ Acknowledgement number (32 bits)• The byte number that the sender of the segment is expecting to receive

from the receiver

◈ Header length (4 bits)• The number of four-byte words, between 20 to 60 bytes length

◈ Reserved (6 bits)• For future use

P.28


▣ TCP header field◈ Code bits (6 bits)

◈ Window size (16 bits)• Used by sliding window protocol

◈ Checksum (16 bits)◈ Urgent pointer (16 bits)

• This filed is used when the segment contains urgent data

◈ Options (24 bits)• The options are used to convey additional information to the destination

URG ACK PSH RST SYN FIN

URG : Urgent pointer is valid RST : Reset the connectionACK : Acknowledgement is valid SYN : Synchronize sequence numbersPSH : Request for push FIN : Terminate the connection

P.29


▣ User Datagram Protocol (UDP)◈ is suitable for a process that requires simple request-response

communication with little concern for flow and error control• But, UDP is not suitable for a process that needs to send bulk data, like

FTP

◈ UDP is used for management processes such as SNMP

P.30


▣ UDP header

IPheader

UDP DataUDP

header

UDP datagram

IP datagram

Figure 2.12 UDP encapsulation

Source port number (16 bits) Destination port number (16 bits)

UDP length (16 bits)

Data (if any)

Checksum (16 bits)

0 15 16 31

Header (8 bytes)

Figure 2.13 UDP header

20 bytes 8 bytes

P.31


▣ UDP header field◈ Source port number (16 bits)

• Using to Identify the sending process running on the source host

◈ Destination port number (16 bits)• The number used by the process running on the destination host

◈ Length (16 bits)• Length of byte in the UDP datagram, including the UDP header and the

user data

◈ Checksum (16 bits)• Used to detect errors over the entire user datagram covering the UDP

header and the UDP data

P.32

World Wide Web

▣ WWW◈ A distributed client-server service,

• in which a client using a browser can access a service using a server

▣ Hypertext Transfer Protocol (HTTP)◈ The protocol used to transfer a Web page between a browser and a

Web server

▣ Hypertext Markup Language (HTML)◈ A language used to create Web pages

• Web page : head + body

• Tags = marks< Tag Name >

P.33

World Wide Web

▣ HTMP example <html> <head> <title> 기본구조 </title> </head> <body> <h1>HTML 의 기본 구조 </h1> HTML 은 다음과 같이 ..... </body> </html>

P.34

File Transfer

▣ File Transfer Protocol (FTP)◈ The standard mechanism provided by TCP/IP for copying a file from

on host to another◈ Two TCP connections between the hosts

▣ Trivial File Transfer Protocol (TFTP)◈ A protocol that quickly copies files because it does not require all the

sophistication provided in FTP

▣ Network File System (NFS)◈ Developed by Sun Microsystems◈ Provides online shared file access that is transparent and integrated

Host A Host B

FTP FTPData transfer

Control info.

P.35

Electronic Mail

▣ Protocols that support electronic mail service◈ Simple Mail Transfer Protocol (SMTP)

• The protocol that transfer e-mail from one server to another

◈ Post Office Protocol Version 3 (POP3)• Te most popular protocol used to transfer e-mail message from a

permanent mailbox to local computer

◈ Internet Message Access Protocol (IMAP)• A standard protocol for accessing e-mail from your local server

◈ Multipurpose Internet Mail Extension (MIME)• allows arbitrary data to be encoded in ASCII and then transmitted in a

standard e-mail message

P.36

Network Management Service

▣ Simple Network Management Protocol (SNMP)◈ An application protocol that facilitate the exchange of management

information between network devices◈ enables network administrators to manage network performance, find

and resolve network problems and plan for network growth

Management system

Managed devices

request

response

P.37

Converting IP Addresses

▣ Domain Name System (DNS)◈ Distributed database to map a Domain Name to an IP address

• Receives query for a Domain Name

• Retrieves and Sends the IP address corresponding to a Domain Name

◈ Hierarchical naming scheme

DNS Root Server

DNS DNS DNS

DNS DNS DNS

…There exist many servers and hosts in a DNS Domain

P.38

DNS operation example

1. serching “www.kunsan.ac.kr” using Web Browser

2. Send IP address query corresponding to domain name “www.kunsan.ac.kr” to predefined DNS

1

2

3

4

5

6

7

8

3. If DNS has not cache data for “www.kunsan.ac.kr”, deliver that query to the upper level DNS

4. Notify the name server IP address for kunsan.ac.kr

5. Send that query to Name Server for kunsan.ac.kr

6. Receive the IP address 198.81.200.1 corresponding to domain name “www.kunsan.ac.kr”

7. Receive the IP address 198.81.200.1 from predefined DNS

8. Receive hypertext data from 198.81.200.1 using TCP 80 port

Predefined DNS

Upper level DNS

Name Server

P.39

Routing Protocols

▣ Routing Information Protocol (RIP)◈ A protocol used to propagate routing information inside an

autonomous system• Autonomous System (AS) is a group of networks and routers under the

authority of a single administration

◈ Popular interior routing protocol• Updating routing tables in an AS

▣ Open Shortest Path First (OSPF)◈ A new alternative to RIP as an interior routing protocol◈ Link-state routing

• A process by which each router shares its knowledge about its neighborhood with every other router in the area

P.40

Routing Protocols

▣ Border Gateway Protocol (BGP)◈ An exterior gateway protocol for communication between routers in

different autonomous system

AS AS

BGP

RIP or OSPF RIP or OSPF

P.41

Remote System Programs

▣ TELNET◈ A simple remote terminal protocol

• allows a user to log on to a computer across an Internet

▣ Remote Login (Rlogin)◈ designed for remote login only between UNIX hosts

Documents

정보보호기술연구본부 “Internet Security” Chapter 2. P.2 Contents 2. TCP/IP Suite and Internet Stack Protocols 2.1 Network Layer Protocols 2.2 Transport Layer Protocols