TCP/IP Layered Architecture

Physical

Data Link

Network

Transport

Session

Presentation

Application

Network Access

IP

TCP/UDP

Application

OSI Model

Internet Model

IP “Interfaces”

Here

“PhysicalPorts” Here

“Ports” and “Sockets”

Here

Labels for interlayer

data transfer structures

TCP/IP Layered Architecture

• Competing Views of Network Architecture– Open Systems Interconnection (OSI) Model– TCP/IP evolved from the DOD Arpanet

• TCP/IP Terminology– Internet Protocol (IP)– Transmission Control Protocol (TCP)– User Datagram Protocol (UDP)– Network Access Layer includes

• Sub Network Access Protocols, e.g. Ethernet MAC• Physical Interface Characteristics, e.g. RJ-45

TCP/IP Physical Architecture

RAS AnalogModem

Phone Line

ISP Network

Router

CMTS Cable Modem

HFC Line

Router

RS-232

Ethernet

DSLAM DSL Modem

DSL Line

Router

Ethernet

Host

Router With

Firewall Router

Private Intranet

Internet Access

High Speed Connection, e.g. T1 or T3

TCP/IP Physical Architecture

• Terminology– Remote Access Server (RAS)– Hybrid Fiber Coax (HFC)– Cable Modem Termination System (CMTS)– Digital Subscriber Line (DSL)– DSL Access Multiplexor (DSLAM)– T1 Line (a 1.5 Mbps digital telephone line)– T3 Line (a 45 Mbps digital telephone line)

TCP/IP Layered Architecture

• Connection-less Protocols– UDP and IP (and Ethernet MAC protocol)– No concept of a connection across the network

or at the end points– No error recovery built-in to the protocol

• Connection-oriented Protocol– TCP– Connection state is maintained at endpoints– Error recovery is built-in to the protocol

IP Packet Format

Bit 0 Bit 31

Version = 4 Header Length

Type of Service (Diff-Serv field today)

Total Packet Length

IPv4 Packet Header Format

Identification

Header Checksum Time to Live Protocol

Flags and Fragment Offset

Source Address

Destination Address

Options + Padding

Upper Layer Protocol Headers And

Application Data

Typical Header Length = 5 (32 bit words)

TCP Header Format

Source Port Destination Port

Sequence Number

Checksum

Bit 0 Bit 31

Data

Acknowledgement Number

WindowControl Flags

Urgent Pointer

UDP Header Format

Source Port Destination Port

Length Header Checksum

Bit 0 Bit 31

Data

Layered Protocols

NetworkAccess

IP

TCP/UDP

Application

NetworkAccess

IP

TCP/UDP

ApplicationApplication Data

Application DataApplication Data

Application Data

TCP or UDP

TCP or UDP

TCP or UDP

IP

IPMAC MAC

Bits on the “wire”

Physical Interface

• Most common one today is Ethernet LAN

• Ethernet Media Access Control Protocol– Based on Broadcast nature of a LAN– Connection-less Protocol– Source and Destination MAC Addresses

• Media Access Control (MAC) Address– Example: 00-13-20-AE-5C-03– Manufacturer ID + Manufacturer assigned field

TCP/IP Layered Architecture

• Interface– An interface represents a logical connection to a

physical sub-network– An interface has an IP address– An interface must be configured

• Interface Configuration Options– Manual (“Hard-coded”)– Reverse ARP (Not commonly Used)– Dynamic Host Configuration Protocol (DHCP)

• Possible Problem: IP address, address mask, or default gateway (router) configured incorrectly

Windows XP Interface ConfigurationC:\Documents and Settings\Bob>ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : SERVER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No

• Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-13-20-AE-5C-03 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DNS Servers . . . . . . . . . . . : 192.168.10.1 Lease Obtained. . . . . . . . . . : Thursday, November 13, 2008 3:09:29AM Lease Expires . . . . . . . . . . : Friday, November 14, 2008 3:09:29 AM

DHCP Process

• If interface is not configured with IP address and other information (e.g. manually), the software must send a DHCP request

• DHCP response contains the IP address and other needed configuration information:– Address mask in use on this sub-network– Default gateway for reaching remote networks– Directory Name Server (DNS) Address

• Possible Problem: Server doesn’t respond

Host Names and DNS

• When an application tries to send data to another host on the network:– TCP/IP software sends a DNS request with

remote host name to get the host’s IP address– DNS response contains host’s IP address

• Possible Problem: DNS is down

• Possible Problem: DNS is unreachable

• Possible Problem: DNS has no ID for host

Host Names and DNS

C:\Documents and Settings\Bob>nslookup

www.cs.umb.edu

Server: wr850g.hsd1.ma.comcast.net

Address: 192.168.10.1

Non-authoritative answer:

Name: www.cs.umb.edu

Address: 158.121.105.2

IP Addresses and MAC Addresses

• When TCP/IP software sends an IP packet– It must locate physical port corresponding to the

IP Interface (IP source address) and own source MAC address (usually configured in “hardware”)

– It must find the MAC address for the destination IP address

– This is a multistep process for destination on:• Local Network – Address Resolution Protocol (ARP)• Remote Network – Find Gateway (Router) IP address

then use ARP to get Router’s MAC address

Address Resolution Protocol

• ARP protocol sends desired destination IP address and requests the MAC address

• The host or router with that IP address configured on its interface responds

• The response contains the source MAC address which the original requestor uses to send packet

• Requestor saves a copy of this mapping in local ARP cache to avoid unnecessary ARP requests

• Possible problem: This cache can get out of date

Network Diagnostic

• PING general purpose diagnostic tool

• PING = “Packet Inter-Network Groper”

• PING can determine the existence and/or reachability of the destination host

• Use PING via Command Prompt Window

• Possible Problem: Destination host has turned off PING feature (e.g. usually for security reasons)

Network Diagnostic - PingC:\Documents and Settings\Bob>ping Kayak

Pinging Kayak [192.168.10.3] with 32 bytes of data:

Reply from 192.168.10.3: bytes=32 time<1ms TTL=128Reply from 192.168.10.3: bytes=32 time<1ms TTL=128Reply from 192.168.10.3: bytes=32 time<1ms TTL=128Reply from 192.168.10.3: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.10.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms

Network Diagnostic - PingC:\Documents and Settings\Bob>ping www.cs.umb.edu

Pinging sf02.cs.umb.edu [158.121.105.2] with 32 bytes of data:

Request timed out.Request timed out.Request timed out.Request timed out.

Ping statistics for 158.121.105.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Application Networking Layer

• Socket– An Access point for Application Software to the

Transport Layer – UDP or TCP– Programmer’s reference point for networking

• UDP – No connection handling is required– But also no error recovery– Application must set a timer and retry on error

• TCP – Connection handling is required– “Open” to initiate connection (client)– “Listen” to await incoming connection (server)

Applications

• TELNET – traditional interactive protocol

• FTP – traditional file transfer protocol

• Email– Simple Mail Transport Protocol (SMTP)– Post Office Protocol Version 3 (POP3)

• Web Browsing– Hyper-Text Transport Protocol (HTTP)– Secure HTTP (HTTPS)

Network Diagnostic – LAN “Sniffer”

• Wireshark is a LAN “sniffer”

• In capture mode, it turns on the physical interface in “promiscuous mode”– Receives everything sent on the LAN– Captures it in a buffer and displays it

• Problem: Can create a real security issue!

Captured ARP Request/Response

Motorola_49:16:40 IntelCor_ae:5c:03 ARP Who has 192.168.10.2? Tell 192.168.10.1IntelCor_ae:5c:03 Motorola_49:16:40 ARP 192.168.10.2 is at 00:13:20:ae:5c:03

Email – POP3192.168.10.2     158.121.104.3    TCP      servergraph > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460158.121.104.3    192.168.10.2     TCP      pop3 > servergraph [SYN, ACK] Seq=0 Ack=1 Win=24840 Len=0 MSS=1380192.168.10.2     158.121.104.3    TCP      servergraph > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0158.121.104.3    192.168.10.2     POP     Response: +OK POP3 mx1.cs.umb.edu 2004.89 server ready192.168.10.2     158.121.104.3    POP     Request: USER bobw158.121.104.3    192.168.10.2     TCP     pop3 > servergraph [ACK] Seq=47 Ack=12 Win=24840 Len=0158.121.104.3    192.168.10.2     POP     Response: +OK User name accepted, password please192.168.10.2     158.121.104.3    POP     Request: PASS (my real password showed here)158.121.104.3    192.168.10.2     TCP     pop3 > servergraph [ACK] Seq=88 Ack=25 Win=24840 Len=0158.121.104.3    192.168.10.2     POP     Response: +OK Mailbox open, 0 messages192.168.10.2     158.121.104.3    POP     Request: STAT158.121.104.3    192.168.10.2     POP     Response: +OK 0 0192.168.10.2     158.121.104.3    POP     Request: QUIT

HTTP Interaction 192.168.10.2 158.121.105.2 HTTP GET /~bobw/MassIT HTTP/1.1 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 301 Moved Permanently (text/html)192.168.10.2 158.121.105.2 HTTP GET /~bobw/MassIT/ HTTP/1.1 158.121.105.2 192.168.10.2 TCP [TCP segment of a reassembled PDU]158.121.105.2 192.168.10.2 TCP [TCP segment of a reassembled PDU]192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=2448 Ack=3925 Win=65535 Len=0158.121.105.2 192.168.10.2 HTTP HTTP/1.1 200 OK (text/html)192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=2448 Ack=7892 Win=64328 Len=0

First TCP Segment Contents (Partial)

HTTP/1.1 200 OKDate: Fri, 21 Nov 2008 19:07:50 GMTServer: Apache/2.2.4 (Ubuntu) mod_python/3.3.1 Python/2.5.1 PHP/5.2.3-1ubuntu6Last-Modified: Wed, 19 Nov 2008 02:12:26 GMTETag: "1132b-18f2-45c0157e21680"Accept-Ranges: bytesContent-Length: 6386Keep-Alive: timeout=15, max=97Connection: Keep-AliveContent-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title>Mass IT Course Syllabus</title><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"></head>

HTTP Interaction192.168.10.2 158.121.105.2 HTTP GET /~bobw/ HTTP/1.1 158.121.105.2 192.168.10.2 TCP http > ecp [ACK] Seq=1 Ack=665 Win=6640 Len=0158.121.105.2 192.168.10.2 HTTP HTTP/1.1 304 Not Modified 192.168.10.2 158.121.105.2 HTTP GET /~bobw/bob.jpg HTTP/1.1 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 304 Not Modified 192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=1345 Ack=474 Win=65062 Len=0

TCP Error Detection Scenarios158.121.14.100 192.168.10.2 TLSv1 [TCP Retransmission] Application Data192.168.10.2 158.121.14.100 TCP [TCP Dup ACK 4786#1] f5-globalsite > https [ACK] Seq=1 Ack=7136 Win=65535 Len=0

155.199.36.151 192.168.10.2 HTTP [TCP Previous segment lost] Continuation or non-HTTP traffic192.168.10.2 155.199.36.151 TCP [TCP Dup ACK 4823#1] odette-ftp >http [ACK] Seq=635 Ack=1 Win=65535 Len=0 SLE=1461 SRE=1973155.199.36.151 192.168.10.2 TCP [TCP Out-Of-Order] [TCP segment of a reassembled PDU]