Network Security – TCP/IP Refresher - netsec.ethz.ch · Network Security – TCP/IP Refresher What you (at least) need to know about networking! ... 4th edition, 2008, Morgan Kaufmann,

Network Security HS 2014

Network Security – TCP/IP Refresher

What you (at least) need to know about networking! Dr. David Barrera

NSHS08H8353226 ETH Zurich, Bernhard Plattner Network Security HS 2014 2

Outline

§  Network Reference Models §  Local Area Networks §  Internet Protocol (IP) §  Internet-level Routing §  IP Packet Structure §  Transmission Control Protocol (TCP) §  Hypertext Transfer Protocol (HTTP)


TCP/IP and OSI Reference Models


Layered view of internetworking example

Source: Peterson/Davie:^, „Computer Networks“


Local Area Networks


Local Area Networks

§  Devices need to know each other’s layer 2/hardware address (MAC address) §  6 groups of 2 hex digits: 08:00:27:0E:25:B8

§  Hosts use Address Resolution Protocol to find the hardware address of a host on the same LAN given an IP address.


The Address Resolution Protocol (ARP)

§  If MAC address is not known: Send broadcast ARP request „who has IP address x?“

§  Owner of IP address x answers with (directed) ARP reply

§  Requestor stores (IP address/MAC address) pair in its ARP cache

§  Cache lifetime: a few/a few 10 seconds (avoiding frequent ARP requests for the same IP address

§  Note: The ARP protocol is only executed between neighboring nodes (e.g. host and next router, host and host)


Local Area Networks

ARP

S D

10.0.0.1 10.0.0.2

Who has 10.0.0.2?


Local Area Networks

It’s me! It’s me!

(and this is my MAC addr)

S D


Switch vs. Router


Similarities and differences

§  Switches and routers are network elements, allowing for the extension of physical networks.

§  Switches: §  Extend Local Area Networks (Ethernet) §  Operate at layer 2 §  Forward frames, separates collision domains

§  Routers: §  Interconnect networks §  Operate at layer 3 §  Forward IP packets

§  Home „routers“ are actually a combination of router, switch, wireless access point, NAT device, firewall, DHCP server


Routers interconnect LANs/extended LANs

§  Routers interconnect (sub)networks of the Internet

§  Layer 3 only (IP) §  ARP requests and other

MAC broadcasts don‘t go across routers!


Interconnection of Heterogeneous Networks

§ Host § Host

§ Host

§ Host § Host

§ Host

§ Host § Host

§ Host

network@home

Router

Wireless LAN R

R

R

R Ethernet

Internet = network of networks, interconnected by routers


Internet Protocol (IP)


Internet Protocol

§  IP devices must be addressable via an IP address §  The IP must be unique on the Internet

§  Public address space (assigned by regional registrars) §  Private address space (RFC 1918)

-  10.0.0.0-10.255.255.255 -  172.16.0.0-172.31.255.255 -  192.168.0.0-192.168.255.255

§  Reserved address space (special purpose) -  224.0.0.0-239.255.255.255 (multicast) -  240.0.0.0-255.255.255.254 (reserved)


IP Addresses

§  IPv4: a.b.c.d §  E.g, 10.1.2.3, 208.67.222.222 §  4 “octets” (4x8 = 32 bits) §  Each octet can go from 0-28-1 or 0 – 255

§  IPv6: a:b:c:d:e:f:g:h §  2db8:0001:0000:0000:0000:0000:c001:beef §  2db8:1::c001:beef §  8 “hextets” (8x16 bits = 128 bits) §  Each hextet can go from 0-216-1 or 0-65535





IP Addresses – Network Address Translation

§  Public IP addresses can be shared among hosts on internal networks.

§  NAT devices keep track of translations that take place to forward the packet to the right destination


Routing


Routing

§  Devices need a way to find out where in the world a specific IP address is located

§  Routers are connected to other routers through multiple interfaces

§  Routers keep “routing tables” that list the “next hop” for a list of destinations. If the destination is not on the list, a default hop might be used

§  Routers communicate with each other, informing neighbors which destinations are reachable through them


Internet-level routing


Internet-level routing

§  Backbone routers currently store around 500k entries


Packet Structure




Format of an IPv4 packet

Version Header length Type of service Total length

Identification Flags Fragment offset

Time to live Protocol Header checksum

Source IP address

Destination IP address

IP options (if any) Padding to 32 bits

Payload

32 Bit






Source IP address



Payload

32 Bit






Source IP address



Payload

32 Bit






Source IP address



Payload

32 Bit

TCP UDP

ICMP




Transmission Control Protocol (TCP)


Transmission Control Protocol (TCP)

§  Connection-oriented §  Error detection and correction (reliable) §  Full-duplex connection §  Provides a “byte pipe”

§  Unstructured byte stream §  Sliding window protocol §  Sequence numbers are byte numbers §  Sender window is variable, determined by the

minimum of §  Request of the receiver (receiver window size) §  Estimation of the network load (congestion window size,

slow start algorithm)


Format of a TCP Segment

Options (variable)

Data

Checksum

SrcPort DstPort

HdrLen 0 Flags

UrgPtr

AdvertisedWindow

SequenceNum

Acknowledgment

0 4 10 16 31


Conn. setup with 3-way handshake

§  Initial sequence numbers are randomly chosen, within bounds

Last Ack may contain data

Active participant (client)

Passive participant (server)

SYN, SequenceNum = x

SYN + ACK, SequenceNum = y ,

ACK, Acknowledgement = y + 1

Acknowledgement = x + 1


Hypertext Transfer Protocol (HTTP)


Basic properties

§  HTTP: Text-based protocol used between web client and web server processes

§  Client issues requests, server sends responses §  First line of request contains method, object, version:

GET /path/to/file/index.html HTTP/1.0 §  First line of response contains version, code, reason:

HTTP/1.1 200 OK §  Subsequent lines contain parameters or content §  HTTP is stateless: Req/Res interaction are

independent from each other à how do we maintain session state (e.g. the fact that a user is logged in)?


Methods

Method Description GET Retrieve document identified by URL HEAD Same as above, but only return metainformation about the

document POST Send information to server (e.g. form data) PUT Store a resource under a specified URL (if access rights

allow) DELETE Delete a resource identified by a URL (if access rights allow) TRACE Instructs server to mirror back the client request CONNECT Used to tunnel through a proxy server OPTIONS Determine options and facilities a resource supports, e.g. a

server


Codes

Code Type Description 1xx Informational Request received, processing 2xx Success Action successfully received and accepted 3xx Redirection Further action needed to complete request 4xx Client Error Bad request by client 5xx Server Error Server failed to execute apparently valid request


For probing further

§  Computer Networks: A Systems Approach Larry L. Peterson and Bruce S. Davie, 4th edition, 2008, Morgan Kaufmann, ISBN: 0-12370-548-7 (hard cover); 0-12374-013-4 (soft cover)

§  Internetworking with TCP/IP, Vol. 1: Principles, Protocols, and Architecture, Douglas E. Comer, Prentice Hall International (5th ed., 2005), ISBN: 0-13187-671-6

§  TCP/IP Tutorial and Technical Overview, IBM Redbooks, Dec. 2006, available on-line: http://www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf

Documents

Network Security – TCP/IP Refresher - netsec.ethz.ch · Network Security – TCP/IP Refresher What you (at least) need to know about networking! ... 4th edition, 2008, Morgan Kaufmann,