View
249
Download
11
Tags:
Embed Size (px)
Citation preview
TCP/IP Layered Architecture
Physical
Data Link
Network
Transport
Session
Presentation
Application
Network Access
IP
TCP/UDP
Application
OSI Model
Internet Model
IP “Interfaces”
Here
“PhysicalPorts” Here
“Ports” and “Sockets”
Here
Labels for interlayer
data transfer structures
TCP/IP Layered Architecture
• Competing Views of Network Architecture– Open Systems Interconnection (OSI) Model– TCP/IP evolved from the DOD Arpanet
• TCP/IP Terminology– Internet Protocol (IP)– Transmission Control Protocol (TCP)– User Datagram Protocol (UDP)– Network Access Layer includes
• Sub Network Access Protocols, e.g. Ethernet MAC• Physical Interface Characteristics, e.g. RJ-45
TCP/IP Physical Architecture
RAS AnalogModem
Phone Line
ISP Network
Router
CMTS Cable Modem
HFC Line
Router
RS-232
Ethernet
DSLAM DSL Modem
DSL Line
Router
Ethernet
Host
Router With
Firewall Router
Private Intranet
Internet Access
High Speed Connection, e.g. T1 or T3
TCP/IP Physical Architecture
• Terminology– Remote Access Server (RAS)– Hybrid Fiber Coax (HFC)– Cable Modem Termination System (CMTS)– Digital Subscriber Line (DSL)– DSL Access Multiplexor (DSLAM)– T1 Line (a 1.5 Mbps digital telephone line)– T3 Line (a 45 Mbps digital telephone line)
TCP/IP Layered Architecture
• Connection-less Protocols– UDP and IP (and Ethernet MAC protocol)– No concept of a connection across the network
or at the end points– No error recovery built-in to the protocol
• Connection-oriented Protocol– TCP– Connection state is maintained at endpoints– Error recovery is built-in to the protocol
IP Packet Format
Bit 0 Bit 31
Version = 4 Header Length
Type of Service (Diff-Serv field today)
Total Packet Length
IPv4 Packet Header Format
Identification
Header Checksum Time to Live Protocol
Flags and Fragment Offset
Source Address
Destination Address
Options + Padding
Upper Layer Protocol Headers And
Application Data
Typical Header Length = 5 (32 bit words)
TCP Header Format
Source Port Destination Port
Sequence Number
Checksum
Bit 0 Bit 31
Data
Acknowledgement Number
WindowControl Flags
Urgent Pointer
UDP Header Format
Source Port Destination Port
Length Header Checksum
Bit 0 Bit 31
Data
Layered Protocols
NetworkAccess
IP
TCP/UDP
Application
NetworkAccess
IP
TCP/UDP
ApplicationApplication Data
Application DataApplication Data
Application Data
TCP or UDP
TCP or UDP
TCP or UDP
IP
IPMAC MAC
Bits on the “wire”
Physical Interface
• Most common one today is Ethernet LAN
• Ethernet Media Access Control Protocol– Based on Broadcast nature of a LAN– Connection-less Protocol– Source and Destination MAC Addresses
• Media Access Control (MAC) Address– Example: 00-13-20-AE-5C-03– Manufacturer ID + Manufacturer assigned field
TCP/IP Layered Architecture
• Interface– An interface represents a logical connection to a
physical sub-network– An interface has an IP address– An interface must be configured
• Interface Configuration Options– Manual (“Hard-coded”)– Reverse ARP (Not commonly Used)– Dynamic Host Configuration Protocol (DHCP)
• Possible Problem: IP address, address mask, or default gateway (router) configured incorrectly
Windows XP Interface ConfigurationC:\Documents and Settings\Bob>ipconfig /allWindows IP Configuration Host Name . . . . . . . . . . . . : SERVER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No
• Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-13-20-AE-5C-03 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DNS Servers . . . . . . . . . . . : 192.168.10.1 Lease Obtained. . . . . . . . . . : Thursday, November 13, 2008 3:09:29AM Lease Expires . . . . . . . . . . : Friday, November 14, 2008 3:09:29 AM
DHCP Process
• If interface is not configured with IP address and other information (e.g. manually), the software must send a DHCP request
• DHCP response contains the IP address and other needed configuration information:– Address mask in use on this sub-network– Default gateway for reaching remote networks– Directory Name Server (DNS) Address
• Possible Problem: Server doesn’t respond
Host Names and DNS
• When an application tries to send data to another host on the network:– TCP/IP software sends a DNS request with
remote host name to get the host’s IP address– DNS response contains host’s IP address
• Possible Problem: DNS is down
• Possible Problem: DNS is unreachable
• Possible Problem: DNS has no ID for host
Host Names and DNS
C:\Documents and Settings\Bob>nslookup
www.cs.umb.edu
Server: wr850g.hsd1.ma.comcast.net
Address: 192.168.10.1
Non-authoritative answer:
Name: www.cs.umb.edu
Address: 158.121.105.2
IP Addresses and MAC Addresses
• When TCP/IP software sends an IP packet– It must locate physical port corresponding to the
IP Interface (IP source address) and own source MAC address (usually configured in “hardware”)
– It must find the MAC address for the destination IP address
– This is a multistep process for destination on:• Local Network – Address Resolution Protocol (ARP)• Remote Network – Find Gateway (Router) IP address
then use ARP to get Router’s MAC address
Address Resolution Protocol
• ARP protocol sends desired destination IP address and requests the MAC address
• The host or router with that IP address configured on its interface responds
• The response contains the source MAC address which the original requestor uses to send packet
• Requestor saves a copy of this mapping in local ARP cache to avoid unnecessary ARP requests
• Possible problem: This cache can get out of date
Network Diagnostic
• PING general purpose diagnostic tool
• PING = “Packet Inter-Network Groper”
• PING can determine the existence and/or reachability of the destination host
• Use PING via Command Prompt Window
• Possible Problem: Destination host has turned off PING feature (e.g. usually for security reasons)
Network Diagnostic - PingC:\Documents and Settings\Bob>ping Kayak
Pinging Kayak [192.168.10.3] with 32 bytes of data:
Reply from 192.168.10.3: bytes=32 time<1ms TTL=128Reply from 192.168.10.3: bytes=32 time<1ms TTL=128Reply from 192.168.10.3: bytes=32 time<1ms TTL=128Reply from 192.168.10.3: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.10.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
Network Diagnostic - PingC:\Documents and Settings\Bob>ping www.cs.umb.edu
Pinging sf02.cs.umb.edu [158.121.105.2] with 32 bytes of data:
Request timed out.Request timed out.Request timed out.Request timed out.
Ping statistics for 158.121.105.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Application Networking Layer
• Socket– An Access point for Application Software to the
Transport Layer – UDP or TCP– Programmer’s reference point for networking
• UDP – No connection handling is required– But also no error recovery– Application must set a timer and retry on error
• TCP – Connection handling is required– “Open” to initiate connection (client)– “Listen” to await incoming connection (server)
Applications
• TELNET – traditional interactive protocol
• FTP – traditional file transfer protocol
• Email– Simple Mail Transport Protocol (SMTP)– Post Office Protocol Version 3 (POP3)
• Web Browsing– Hyper-Text Transport Protocol (HTTP)– Secure HTTP (HTTPS)
Network Diagnostic – LAN “Sniffer”
• Wireshark is a LAN “sniffer”
• In capture mode, it turns on the physical interface in “promiscuous mode”– Receives everything sent on the LAN– Captures it in a buffer and displays it
• Problem: Can create a real security issue!
Captured ARP Request/Response
Motorola_49:16:40 IntelCor_ae:5c:03 ARP Who has 192.168.10.2? Tell 192.168.10.1IntelCor_ae:5c:03 Motorola_49:16:40 ARP 192.168.10.2 is at 00:13:20:ae:5c:03
Email – POP3192.168.10.2 158.121.104.3 TCP servergraph > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460158.121.104.3 192.168.10.2 TCP pop3 > servergraph [SYN, ACK] Seq=0 Ack=1 Win=24840 Len=0 MSS=1380192.168.10.2 158.121.104.3 TCP servergraph > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0158.121.104.3 192.168.10.2 POP Response: +OK POP3 mx1.cs.umb.edu 2004.89 server ready192.168.10.2 158.121.104.3 POP Request: USER bobw158.121.104.3 192.168.10.2 TCP pop3 > servergraph [ACK] Seq=47 Ack=12 Win=24840 Len=0158.121.104.3 192.168.10.2 POP Response: +OK User name accepted, password please192.168.10.2 158.121.104.3 POP Request: PASS (my real password showed here)158.121.104.3 192.168.10.2 TCP pop3 > servergraph [ACK] Seq=88 Ack=25 Win=24840 Len=0158.121.104.3 192.168.10.2 POP Response: +OK Mailbox open, 0 messages192.168.10.2 158.121.104.3 POP Request: STAT158.121.104.3 192.168.10.2 POP Response: +OK 0 0192.168.10.2 158.121.104.3 POP Request: QUIT
HTTP Interaction 192.168.10.2 158.121.105.2 HTTP GET /~bobw/MassIT HTTP/1.1 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 301 Moved Permanently (text/html)192.168.10.2 158.121.105.2 HTTP GET /~bobw/MassIT/ HTTP/1.1 158.121.105.2 192.168.10.2 TCP [TCP segment of a reassembled PDU]158.121.105.2 192.168.10.2 TCP [TCP segment of a reassembled PDU]192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=2448 Ack=3925 Win=65535 Len=0158.121.105.2 192.168.10.2 HTTP HTTP/1.1 200 OK (text/html)192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=2448 Ack=7892 Win=64328 Len=0
First TCP Segment Contents (Partial)
HTTP/1.1 200 OKDate: Fri, 21 Nov 2008 19:07:50 GMTServer: Apache/2.2.4 (Ubuntu) mod_python/3.3.1 Python/2.5.1 PHP/5.2.3-1ubuntu6Last-Modified: Wed, 19 Nov 2008 02:12:26 GMTETag: "1132b-18f2-45c0157e21680"Accept-Ranges: bytesContent-Length: 6386Keep-Alive: timeout=15, max=97Connection: Keep-AliveContent-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><title>Mass IT Course Syllabus</title><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"></head>
HTTP Interaction192.168.10.2 158.121.105.2 HTTP GET /~bobw/ HTTP/1.1 158.121.105.2 192.168.10.2 TCP http > ecp [ACK] Seq=1 Ack=665 Win=6640 Len=0158.121.105.2 192.168.10.2 HTTP HTTP/1.1 304 Not Modified 192.168.10.2 158.121.105.2 HTTP GET /~bobw/bob.jpg HTTP/1.1 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 304 Not Modified 192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=1345 Ack=474 Win=65062 Len=0
TCP Error Detection Scenarios158.121.14.100 192.168.10.2 TLSv1 [TCP Retransmission] Application Data192.168.10.2 158.121.14.100 TCP [TCP Dup ACK 4786#1] f5-globalsite > https [ACK] Seq=1 Ack=7136 Win=65535 Len=0
155.199.36.151 192.168.10.2 HTTP [TCP Previous segment lost] Continuation or non-HTTP traffic192.168.10.2 155.199.36.151 TCP [TCP Dup ACK 4823#1] odette-ftp >http [ACK] Seq=635 Ack=1 Win=65535 Len=0 SLE=1461 SRE=1973155.199.36.151 192.168.10.2 TCP [TCP Out-Of-Order] [TCP segment of a reassembled PDU]