1

Introduction to Networking

Pehr SödermanCSC/KTH

Pehrs@kth.se

2

General information● There will be a /lot/ of abbreviations

– Use the cheat-sheet● This is far from everything you need to know● I will try to cover the fundamentals● This will be compressed

3

What is a network?● A system to share information between nodes● This course is about computers, so we will

concentrate on computer networks● There is no magic in the computer networks● Just lots of details to get wrong...

4

Fundamental network types● Circuit based networks

– Telephone systems– Constant connection– Good guarantees for throughput and performance

● Packet based systems– Computer networks– Data is split up in packets– Good performance and scalability

● We will only speak of packet based systems today.

5

Structure of the Internet● Internet is a set of interconnected networks

running the IP protocol● There are only three relationships on Internet:

– “I pay you”, “you pay me” and “peering”● Typically you pay an ISP for an Internet

connection● If you lend your Internet connection to

somebody for free you are peering● Internet has a lose hierarchy

6

Internet standards● Internet standards are created by IETF● They are published as RFC documents● The Internet protocols are defined this way● Most of the network standards come from IEEE● They are published as IEEE 802 documents

– IEEE 802.15.4● Application standards come from many

companies today

7

Encoding and Encapsulation● Encoding is used to make the data suitable for

network transport. ● Encoding is done in layers, providing

encapsulation. For example– Radio waves (Physical layer)– IEEE 802.11b/WiFi (Data-link layer )– IP (Network layer)– TCP (Transport layer)– HTTP (Application layer)

● A protocol should not care what is around it!

8

Stacks● The ISO/OSI stack is

used to describe networks

● Each layer should fully encapsulate data from layers above

● As you live in an IP world we will often compare OSI with TCP/IP

9

Addressing● We need a way to identify computers on a

network. For this we use addresses. ● Addresses have a scope. Unicast addresses

should be unique in the scope● Different protocols use different addresses:

– IPv4: 192.71.24.10– IPv6: fe80::219:dbff:fe6b:6f71– MAC: 00-19-DB-6B-6F-71

10

Hubs/Shared lines● The most fundamental method of connecting

computers● All computers see all data on the network● All computers share a collision-domain● Many early networks were of this type● Radio networks, cable-tv networks and similar

systems are still of this model.

11

Switching● Switches are the basis of modern computer

networks. Uses only layer 2 information● Fundamental idea 1: Never replicate a packet● Fundamental idea 2: Keep a list of receivers in

each direction.● Fundamental idea 3: Store and forward● Use a protocol such as ARP to find neighbors● Limited scalability

12

Routing● Whenever data moves between networks

routing has to be done● Routing works on layer 3 in the OSI stack● Routing uses a routing protocol such as OSPF,

ISIS, RIP● Global routing uses BGPv4● We will not speak much of routing in this course

– Take IPOP, IPRO1 and IPRO2 if you want to know how the Internet works.

13

Connecting to Google● We want to search for XXX on google.com● We need to use a series of protocols:

– Ethernet– ARP– IP– UDP– DNS– TCP– HTTP

14

Fundamental setup● The computer has to look up www.google.com

and figure out how to communicate with this system

● The computer knows it has an gateway to the Internet

● The computer has IP address and MAC address.

● The computer has to know a DNS server● All of this is configured in the computer from the

start

15

How do we even talk?● We need a protocol to define how to send data

on the wire. ● This is the lowest levels in the stack (layer 1

and 2)● Layer 1 is mostly Electrical Engineering● Layer 2 is typically very simple. ● We are connected over an Ethernet network, so

we use the Ethernet protocol.

16

Physical/Data link layer: Ethernet

● Ethernet has a simple frame format

● Supports P2P and Broadcast links

● Only speaks MAC addresses

● Supports Unicast and Broadcast traffic

● Limited MTU

17

Data link layer: ARP● We need to find the MAC address to contact the

gateway. We only know the IP-address● The address resolution protocol is used to map

IP-address to MAC address● We broadcast an ARP request for the MAC

address of the interface with IP 192.168.0.1● The gateway responds with a unicast back

containing the mac address.

18

Some security issues with ARP● Anybody on the network can reply to a request

– Anybody on the network can redirect your traffic– Called ARP poisoning

● ARP storms– Can easily take down a network

19

Send a request over the Internet● Now we can send data to the internet!● We will use DNS to resolve www.google.com to

an IP address● But we can't send DNS data on its own!

– We need to use several more protocols● First we will have to use IP to get the data to the

right system on the internet.

20

Network layer: Internet Protocol● IP is used to transport

data over the Internet● It contains

– Source– Destination– Timeout– Fragmentation– Protocol Identifier– Housekeeping data

21

A common issue● IP lets us send a packet to a machine and

define a protocol. There are 255 possible protocol values

● How do we keep track of multiple sessions?● How do we offer several versions of the same

service?● How we make sure the data is correctly

decoded in all cases?

22

Ports● Ports are an endpoint in a computer, allowing

several programs using the same protocol to use the network at the same time

● Some ports are well known: 80, 23, 25 etc.● Some ports are used dynamically. ● Ports under 1024 are typically used for services● There is no port support in IP. They are at the

transport layer. ● Note that any protocol can run over any port,

even if they have a well known port assigned.

23

Transport layer: UDP● UDP is a simple protocol providing ports and a

checksum● There is no reliable transport when using UDP● You won't know if you lose a packet on the

way

24

The Domain Name Service tree● DNS is a tree

structure of servers. ● At the root of the tree

is ROOT servers● Then comes top

domains● Then domains● We resolve from the

root, recursively, asking each server.

25

DNS queries● We send an UDP packet asking our name

server for www.google.com● The nameserver replies with a set of addresses

– It does the recursion for us!– DNS is complicated, read IPOP if you want to

understand how it actually works● We choose one of them as the address for

www.google.com● Now we only have to connect!

26

Attacking DNS● DNS is a caching system● If you can poison the cash you can redirect

traffic● All you have to do is to answer a query before

the DNS servers does– Spoofing UDP is trivial

● You need to guess the port number (2^16)– Unless you can monitor the traffic

27

Transport Layer: Transport Control Protocol

● A HTTP session is too large to fit in an UDP packet

● We do not want to use fragmentation (losing a single packet would destroy everything)

● We need a reliable protocol to transport large amounts of data

● That protocol is TCP.● TCP is the most common transport protocol on

the Internet (over 90% of the traffic is TCP)

28

The TCP header● Ports are familiar● Seq/Ack number

– Used to prevent loss● Control flags

– Controls the state● Window

– Speed control● We will ignore the rest

29

Setup a TCP connection

30

Send data over TCP

31

Retransmission over TCP

32

Flow control

33

Closing down TCP

34

TCP and network load● TCP increases the speed until it loses data● Then it slows down a bit● This means that packet loss causes low TCP

performance● TCP on its own will never overload a network

– Unless you are doing insane stuff.● Unlike UDP that can easily bring a network

down

35

Security issues with TCP● SYN Flooding● Data injection● Connection stealing/Man in the Middle● Blind data injection● Security is often implemented on higher layers

– SSH, SSL/TLS, ktelnet etc.– But they have to work around TCP limitations– Some critical protocols break encapsulation and

secure TCP headers

36

Application Layer: Hyper Text Transfer Protocol

● HTTP is the most common protocol for web pages on the net.

● HTTP defines a few commands (known as verbs) that a client to request and manipulate data on a server. The most common are:– GET – Fetch data from the server– POST – Send form data to to the server– OPTIONS – Get options the server uses

● Several requests can be made in the same TCP session

37

Putting it all together● 1: ARP to get the MAC address of the GW● 2: DNS over UDP to get the IP address● 3: HTTP over TCP to get the data

38

Network layer: Internet Control Message Protocol

● ICMP is the glue that keeps Internet together● It has basic control functionality such as

– Check if a host is reachable (Ping)● Echo/Echo reply

– Tell the sender the target is unreachable ● Destination Host unreachable

– Tell the sender the packet timed out ● Time Limit Exceeded

● There are several more rarely used messages.

39

Critical tools● Ping● Traceroute● Tcpdump● Wireshark● Nmap● Dig● Whois● arping

40

Wireshark● Lets have a look at the protocols we have

covered in wireshark

41

What you should know now● The protocols involved client side when loading

a web page● Have some idea of security issues for the

protocols● Know some useful commands● Know the general structure of the Internet● Know some of the standard organizations

42

Recommended Reading● All related RFC documents (IETF)

– 791-793, 768, 826 and 1087 are a good start● Data and computer communications (Stallings)

– Good book for low level stuff● TCP/IP Protocol Suite (Behrouz)

– Good book for high level stuff● Uplink: Hacker elite (Introversion Software)

– It gives a nice view of how hackers think and work