TELE3118 extrasFor week 4

IPv4 header in Wireshark

3

Assigning IP addresses

• Need enough host bits to identify all host & router interfaces + .0 and broadcast– e.g. 200 hosts + 1 router + 2 =

203 => /24

• Can pinch spare addresses– e.g. /30 from /24 for interfaces

between routers

223.1.1.1

223.1.1.3

223.1.1.4

223.1.2.2223.1.2.1

223.1.2.6

223.1.3.2223.1.3.1

223.1.3.27

223.1.1.2

223.1.7.2

223.1.7.1223.1.8.2223.1.8.1

223.1.9.1

223.1.9.2

Figure based on one from Kurose and Ross

4

Passage of a packetEach node• has 2 addresses: link + network• knows mask (255.0) & default routerEach packet has 4 addresses:

(source+dest)*(network+link†)A to B:1. A: Net prefix length => B is local2. A: Lookup B.link (by ARP)3. Transmit (AA,BB,1.1,1.2)4. B: BB=mine =>receive5. R: BBmine => ignore

A to F:6. A: Net prefix length => F is external, via router R7. A: Transmit (AA,CC,1.1,2.3)8. R: CC=mine => receive & pass to IP

– 2.3 on interface 2.1 & local– lookup 2.3’s link address (through ARP if not already stored)– transmit (DD,FF,1.1,2.3)

Note: Link addresses change for each hop

A B E F

RAA BB

CCEE FF

DD

1.1 1.2

1.3

2.2 2.3

2.1

† link layer “destination” is where the frame is destined on this link, not the link layer address of the final destination.

Slide from Kurose and Ross

6

src: 0.0.0.0, 68 dest:: 255.255.255.255, 67yiaddr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs

DHCP client-server scenarioDHCP server: 223.1.2.5 arriving

client

time

DHCP discover

src : 0.0.0.0, 68 dest.: 255.255.255.255,67yiaddr: 0.0.0.0transaction ID: 654

DHCP offer

src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddr: 223.1.2.4transaction ID: 654Lifetime: 3600 secs

DHCP request

DHCP ACK

src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs

67 = IP protocol number for DHCP servers68 = IP protocol number for DHCP clientsyiaddr = your internet address

Slide from Kurose and Ross

DHCP (BOOTP) in Wireshark

Request retransmitted

ARP in Wireshark

9

IP Fragmentation and ReassemblyID=x

offset=0

fragflag=0

length=4000

ID=x

offset=0

fragflag=1

length=1500

ID=x

offset=1480

fragflag=1

length=1500

ID=x

offset=2960

fragflag=0

length=1040

One large datagram becomesseveral smaller datagrams

Example• 4000 byte

datagram• MTU = 1500

bytes

IP length field includes 20B IP header3980B payload 1480 + 1480 + 10204000B IP packet 1500 + 1500 + 1040

Slide from Kurose and Ross

Fragmentation in Wiresharkping -l 6000Ethernet can carry 1500B data, IP header = 20B => 1480B ICMP/frame6000B = 3x1480 + 1x80

+ 8B ICMP header in first fragment:Frame 10: 8B ICMP header + 1472 ICMP dataFrames 11, 12, 13: 1480B ICMP dataFrame 14: 88B ICMP data

Traceroute in WiresharkTTL (outer, inner)

IPv6 header in Wireshark

Extension material follows

MPLS appearing in Linux traceroute(IP addresses have been removed to save clutter/space. Note route changes)$ traceroute www.ietf.orgtraceroute to www.ietf.org, 30 hops max, 38 byte packets 1 eebu4s2.uwn.unsw.EDU.AU.92.171.149.in-addr.arpa 1.176 ms 0.717 ms 0.454 ms 2 libcr1-po-6.gw.unsw.edu.au 0.657 ms 0.466 ms ombcr1-po-6.gw.unsw.edu.au 0.407 ms 3 unswbr1-te-8-1.gw.unsw.edu.au 0.565 ms unswbr1-te-7-1.gw.unsw.edu.au 0.769 ms 0.894 ms 4 bfw1-ea-1-3053.gw.unsw.edu.au 0.461 ms 0.799 ms 0.639 ms 5 unswbr1-vl-3054.gw.unsw.edu.au 0.749 ms 1.119 ms 0.773 ms 6 tengigabitethernet2-2.er1.unsw.cpe.aarnet.net.au 1.145 ms 1.135 ms 1.077 ms 7 ge-4-1-0.bb1.a.syd.aarnet.net.au 1.206 ms 1.219 ms 1.241 ms 8 ae9.pe2.brwy.nsw.aarnet.net.au 1.252 ms 1.315 ms 1.299 ms 9 xe-0-0-0.bb1.b.sea.aarnet.net.au 143.794 ms 143.774 ms 143.815 ms10 xe-0-6-0-23.r05.sttlwa01.us.bb.gin.ntt.net 152.582 ms 144.315 ms 144.346 ms11 ae-0.level3.sttlwa01.us.bb.gin.ntt.net 143.860 ms 143.665 ms 143.985 ms12 ae-31-51.ebr1.Seattle1.Level3.net 168.354 ms 168.093 ms 168.122 ms MPLS Label=1909 CoS=3 TTL=1 S=013 ae-7-7.ebr2.SanJose1.Level3.net 162.011 ms 162.081 ms 161.907 ms MPLS Label=1174 CoS=3 TTL=1 S=014 ae-92-92.csw4.SanJose1.Level3.net 163.372 ms 163.174 ms ae-72-72.csw2.SanJose1.Level3.net (4.69.153.22) 161.534 ms MPLS Label=1024 CoS=3 TTL=1 S=015 ae-2-70.edge8.SanJose1.Level3.net 161.208 ms 161.290 ms ae-3-80.edge8.SanJose1.Level3.net (4.69.152.148) 185.910 ms16 ASSOCIATION.edge8.SanJose1.Level3.net 168.199 ms 162.042 ms 162.041 ms17 * * *18 * * *19 * * *

How low is IP’s LCD?

Frame formats. (a) Ethernet (DIX). (b) IEEE 802.3.

Ethernet:

Ethernet services vs IP’s needs• Preamble -> Framing: Ethernet knows frame length, but not padding

length => data. IP independently determines length of data. • Addresses: IP can work over point-to-point links without addresses.• Type: 0x0800 = IPv4. but IPv4 checks anyhow with version field.• Checksum: Ethernet protects all data, but IP protects (again) its header &

TCP/UDP protect data.

Figures 4-14 and 5-46 From Tanenbaum & Wetherall

IPv4:

16

NAT: Operation

10.0.0.1

10.0.0.2

10.0.0.3

S: 10.0.0.1, 3345D: 128.119.40.186, 80

1

10.0.0.4

138.76.29.7

1: host 10.0.0.1 sends datagram to 128.119.40, 80

NAT translation tableWAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345…… ……

S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4

S: 138.76.29.7, 5001D: 128.119.40.186, 802

2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table

S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3

3: Reply arrives dest. addr.: 138.76.29.7, 5001

4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345

Slide from Kurose and Ross