Upload
vutuyen
View
243
Download
0
Embed Size (px)
Citation preview
Network Security HS 2014
Network Security – TCP/IP Refresher
What you (at least) need to know about networking! Dr. David Barrera
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 2
Outline
§ Network Reference Models § Local Area Networks § Internet Protocol (IP) § Internet-level Routing § IP Packet Structure § Transmission Control Protocol (TCP) § Hypertext Transfer Protocol (HTTP)
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 3
TCP/IP and OSI Reference Models
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 4
Layered view of internetworking example
Source: Peterson/Davie:^, „Computer Networks“
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 6
Local Area Networks
§ Devices need to know each other’s layer 2/hardware address (MAC address) § 6 groups of 2 hex digits: 08:00:27:0E:25:B8
§ Hosts use Address Resolution Protocol to find the hardware address of a host on the same LAN given an IP address.
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 7
The Address Resolution Protocol (ARP)
§ If MAC address is not known: Send broadcast ARP request „who has IP address x?“
§ Owner of IP address x answers with (directed) ARP reply
§ Requestor stores (IP address/MAC address) pair in its ARP cache
§ Cache lifetime: a few/a few 10 seconds (avoiding frequent ARP requests for the same IP address
§ Note: The ARP protocol is only executed between neighboring nodes (e.g. host and next router, host and host)
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 8
Local Area Networks
ARP
S D
10.0.0.1 10.0.0.2
Who has 10.0.0.2?
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 9
Local Area Networks
It’s me! It’s me!
(and this is my MAC addr)
S D
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 11
Similarities and differences
§ Switches and routers are network elements, allowing for the extension of physical networks.
§ Switches: § Extend Local Area Networks (Ethernet) § Operate at layer 2 § Forward frames, separates collision domains
§ Routers: § Interconnect networks § Operate at layer 3 § Forward IP packets
§ Home „routers“ are actually a combination of router, switch, wireless access point, NAT device, firewall, DHCP server
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 12
Routers interconnect LANs/extended LANs
§ Routers interconnect (sub)networks of the Internet
§ Layer 3 only (IP) § ARP requests and other
MAC broadcasts don‘t go across routers!
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 13
Interconnection of Heterogeneous Networks
§ Host § Host
§ Host
§ Host § Host
§ Host
§ Host § Host
§ Host
network@home
Router
Wireless LAN R
R
R
R Ethernet
Internet = network of networks, interconnected by routers
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 16
Internet Protocol
§ IP devices must be addressable via an IP address § The IP must be unique on the Internet
§ Public address space (assigned by regional registrars) § Private address space (RFC 1918)
- 10.0.0.0-10.255.255.255 - 172.16.0.0-172.31.255.255 - 192.168.0.0-192.168.255.255
§ Reserved address space (special purpose) - 224.0.0.0-239.255.255.255 (multicast) - 240.0.0.0-255.255.255.254 (reserved)
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 17
IP Addresses
§ IPv4: a.b.c.d § E.g, 10.1.2.3, 208.67.222.222 § 4 “octets” (4x8 = 32 bits) § Each octet can go from 0-28-1 or 0 – 255
§ IPv6: a:b:c:d:e:f:g:h § 2db8:0001:0000:0000:0000:0000:c001:beef § 2db8:1::c001:beef § 8 “hextets” (8x16 bits = 128 bits) § Each hextet can go from 0-216-1 or 0-65535
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 21
IP Addresses – Network Address Translation
§ Public IP addresses can be shared among hosts on internal networks.
§ NAT devices keep track of translations that take place to forward the packet to the right destination
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 23
Routing
§ Devices need a way to find out where in the world a specific IP address is located
§ Routers are connected to other routers through multiple interfaces
§ Routers keep “routing tables” that list the “next hop” for a list of destinations. If the destination is not on the list, a default hop might be used
§ Routers communicate with each other, informing neighbors which destinations are reachable through them
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 25
Internet-level routing
§ Backbone routers currently store around 500k entries
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 30
Format of an IPv4 packet
Version Header length Type of service Total length
Identification Flags Fragment offset
Time to live Protocol Header checksum
Source IP address
Destination IP address
IP options (if any) Padding to 32 bits
Payload
32 Bit
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 32
Format of an IPv4 packet
Version Header length Type of service Total length
Identification Flags Fragment offset
Time to live Protocol Header checksum
Source IP address
Destination IP address
IP options (if any) Padding to 32 bits
Payload
32 Bit
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 33
Format of an IPv4 packet
Version Header length Type of service Total length
Identification Flags Fragment offset
Time to live Protocol Header checksum
Source IP address
Destination IP address
IP options (if any) Padding to 32 bits
Payload
32 Bit
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 34
Format of an IPv4 packet
Version Header length Type of service Total length
Identification Flags Fragment offset
Time to live Protocol Header checksum
Source IP address
Destination IP address
IP options (if any) Padding to 32 bits
Payload
32 Bit
TCP UDP
ICMP
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 47
Transmission Control Protocol (TCP)
§ Connection-oriented § Error detection and correction (reliable) § Full-duplex connection § Provides a “byte pipe”
§ Unstructured byte stream § Sliding window protocol § Sequence numbers are byte numbers § Sender window is variable, determined by the
minimum of § Request of the receiver (receiver window size) § Estimation of the network load (congestion window size,
slow start algorithm)
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 48
Format of a TCP Segment
Options (variable)
Data
Checksum
SrcPort DstPort
HdrLen 0 Flags
UrgPtr
AdvertisedWindow
SequenceNum
Acknowledgment
0 4 10 16 31
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 49
Conn. setup with 3-way handshake
§ Initial sequence numbers are randomly chosen, within bounds
Last Ack may contain data
Active participant (client)
Passive participant (server)
SYN, SequenceNum = x
SYN + ACK, SequenceNum = y ,
ACK, Acknowledgement = y + 1
Acknowledgement = x + 1
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 51
Basic properties
§ HTTP: Text-based protocol used between web client and web server processes
§ Client issues requests, server sends responses § First line of request contains method, object, version:
GET /path/to/file/index.html HTTP/1.0 § First line of response contains version, code, reason:
HTTP/1.1 200 OK § Subsequent lines contain parameters or content § HTTP is stateless: Req/Res interaction are
independent from each other à how do we maintain session state (e.g. the fact that a user is logged in)?
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 52
Methods
Method Description GET Retrieve document identified by URL HEAD Same as above, but only return metainformation about the
document POST Send information to server (e.g. form data) PUT Store a resource under a specified URL (if access rights
allow) DELETE Delete a resource identified by a URL (if access rights allow) TRACE Instructs server to mirror back the client request CONNECT Used to tunnel through a proxy server OPTIONS Determine options and facilities a resource supports, e.g. a
server
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 53
Codes
Code Type Description 1xx Informational Request received, processing 2xx Success Action successfully received and accepted 3xx Redirection Further action needed to complete request 4xx Client Error Bad request by client 5xx Server Error Server failed to execute apparently valid request
NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 54
For probing further
§ Computer Networks: A Systems Approach Larry L. Peterson and Bruce S. Davie, 4th edition, 2008, Morgan Kaufmann, ISBN: 0-12370-548-7 (hard cover); 0-12374-013-4 (soft cover)
§ Internetworking with TCP/IP, Vol. 1: Principles, Protocols, and Architecture, Douglas E. Comer, Prentice Hall International (5th ed., 2005), ISBN: 0-13187-671-6
§ TCP/IP Tutorial and Technical Overview, IBM Redbooks, Dec. 2006, available on-line: http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf