260 likes | 353 Views
Packet Tracing -- Putting it all together. Packet tracing: the actions of observing packets as they appear on the media and deriving the activities occuring on hosts; or, knowing the top-level commands issued and predicting the packets that will appear on the media. Packet Decoding ….
E N D
Packet Tracing -- Putting it all together • Packet tracing: the actions of observing packets as they appear on the media and deriving the activities occuring on hosts; or, knowing the top-level commands issued and predicting the packets that will appear on the media.
Packet Decoding … “There are only 10 kinds of people in this world: Those who understand binary; And those who don’t.”
Motivations for Packet Tracing • Understanding network protocols • Debugging your network • Debugging applications that work over the network
Layer Protocols DNS Query DNS Reply SYN SYN/ACK Caller Callee ACK {TCP Establishment} ARP Request ARP Reply
Examples - 1 • Assumptions: Host A, IP Address 128.194.1.2 Host B, IP Address 128.194.1.3 netmask 255.255.255.0 ARP caches and bridge tables are empty All hosts know DNS Server is 128.194.1.3 Trace command “DNS Query” initiated on Host A B A 1
Answer - 1 Seg DAE SAE “type” SAIP DAIP 1 FF EA ARP Req 1.2 1.3 1 EA EB ARP Rply 1.3 1.2 1 EB EA DNS Q 1.2 1.3 1 EA EB DNS R 1.3 1.2
A 1 Examples - 2 • Assumptions: Host A, IP Address 128.194.1.2 Host B, IP Address 128.194.1.3 Host C, IP Address 128.194.1.4 netmask 255.255.255.0 ARP caches and bridge tables are empty All hosts know DNS Server is 128.194.1.3 Trace command “DNS Query” initiated on Host A B C 2
Answer - 2 Seg DAE SAE “type” SAIP DAIP 1 FF EA ARP Req 1.2 1.3 2 FF EA ARP Req 1.2 1.3 1 EA EB ARP Rply 1.3 1.2 1 EB EA DNS Q 1.2 1.3 1 EA EB DNS R 1.3 1.2
Examples - 3 • Assumptions: Host A, IP Address 128.194.1.2 Host B, IP Address 128.194.1.3 netmask 255.255.255.0 ARP caches and bridge tables are empty All hosts know DNS Server is 128.194.1.3 Trace command “telnet 128.194.1.3” initiated on HostA B A 1
Answer - 3 Seg DAE SAE “type” SAIP DAIP 1 FF EA ARP Req 1.2 1.3 1 EA EB ARP Rply 1.3 1.2 1 EB EA TCP SYN 1.2 1.3 1 EA EB SYN/ACK 1.3 1.2 1 EB EA TCP ACK 1.2 1.3
Examples - 4 • Assumptions: Host A, IP Address 128.194.1.2 Host B, IP Address 128.194.1.3 netmask 255.255.255.0 ARP caches and bridge tables are empty All hosts know DNS Server is 128.194.1.3 Trace command “telnet B” initiated on Host A B A 1
Answer - 4 Seg DAE SAE “type” SAIP DAIP 1 FF EA ARP Req 1.2 1.3 1 EA EB ARP Rply 1.3 1.2 1 EB EA DNS Q 1.2 1.3 1 EA EB DNS R 1.3 1.2 1 EB EA TCP SYN 1.2 1.3 1 EA EB SYN/ACK 1.3 1.2 1 EB EA TCP ACK 1.2 1.3
X Examples - 5 3 • Assumptions: Host A, IP Address 128.194.1.1 Host B, IP Address 128.194.2.2 Host X, IP Address 128.194.1.254 on segment 1 Host X, IP Address 128.194.2.254 on segment 2 netmask 255.255.255.0 ARP caches and bridge tables are empty All hosts know DNS Server is 128.194.1.3 Trace command “telnet 128.194.2.2” initiated on Host A 2 2 1 1 A B 1 2
Examples - 5 cont. Routing table on A: NetMaskRouter 0.0.0.0 0.0.0.0 128.194.1.254 Routing table on B: Net Mask Router 0.0.0.0 0.0.0.0 128.194.2.254 Routing table on X: Net Mask Router
Answer - 5 Seg DAE SAE “type” SAIP DAIP 1 FF EA ARP Req 1.1 1.254 1 EA EX1 ARP Reply 1.254 1.1 1 EX1 EA TCP SYN 1.1 2.2 2 FF EX2 ARP Req 2.254 2.2 2 EX2 EB ARP Reply 2.2 2.254 2 EB EX2 TCP SYN 1.1 2.2 2 EX2 EB SYN/ACK 2.2 1.1 1 EA EX1 SYN/ACK 2.2 1.1 1 EX1 EA TCP ACK 1.1 2.2 2 EB EX2 TCP ACK 1.1 2.2
Problem A -1 Use the data and diagram to show the packets resulting from the command "telnet B" being executed on hostC. Assumptions: The diagram consists of 8 numbered ethernet segments, 5 bridges (unlabeled rectangles), two routers (X, Y) and hosts A, B, C. ARP caches are empty. Tables on bridges are empty. Routing entries are as shown below. Host A is the DNS nameserver and its IP address is known to all machines. Netmask for 128.194 is 255.255.255.0. A- 128.194.15.1, ethernet e1 B- 128.194.99.2, ethernet e2 C- 128.194.12.3, ethernet e3 X- seg 7:128.194.15.100, ethernet e5 seg 3:128.194.12.100, ethernet e6 Y- seg 8:128.194.99.101, ethernet e7 seg 4:128.194.12.101, ethernet e8
Problem A - 3 Host Network NetmaskRouter A: 0.0.0.0 0.0.0.0 128.194.15.100 B: 128.194.12.0 255.255.255.0 128.194.99.101 128.194.15.0 255.255.255.0 128.194.99.101 C: 128.194.15.0 255.255.255.0 128.194.12.100 0.0.0.0 0.0.0.0 128.194.12.101 X: 128.194.99.0 255.255.255.0 128.194.12.101 0.0.0.0 0.0.0.0 128.194.12.101 Y: 128.194.15.0 255.255.255.0 128.194.12.100 0.0.0.0 0.0.0.0 128.194.12.100
Decode Example - 1 33 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Syn Seq=1011631 Len=0 Win=0 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 002c 6f03 0000 3c06 f2c2 80c2 8547 cfc8 .,o...<......G.. 32: 4734 07b9 0050 000f 6faf 0000 0000 6002 G4...P..o.....`. 48: 0000 036d 0000 0204 05a0 0000 ...m........
Decode Example - 2 36 h-207-200-71-52.netscape.com -> cfl02 TCP D=1977 S=80 Syn Ack=1011632 Seq=1144453529 Len=0 Win=49152 0: 00a0 2435 5343 0000 ef03 efb0 0800 4500 ..$5SC........E. 16: 002c 914c 4000 3206 9a79 cfc8 4734 80c2 .,.L@.2..y..G4.. 32: 8547 0050 07b9 4436 f999 000f 6fb0 6012 .G.P..D6ù...o.`. 48: c000 0577 0000 0204 05b4 15f8 ...w.......ø
Decode Example - 3 37 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453530 Seq=1011632 Len=0 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 0028 6f04 0000 3c06 f2c5 80c2 8547 cfc8 .(o...<......G.. 32: 4734 07b9 0050 000f 6fb0 4436 f99a 5010 G4...P..o.D6ù.P. 48: 0b40 d1f4 0000 0204 05a0 0000 .@..........
Decode Example - 4 56 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453530 Seq=1011632 Len=374 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 019e 6f08 0000 3c06 f14b 80c2 8547 cfc8 ..o...<..K...G.. 32: 4734 07b9 0050 000f 6fb0 4436 f99a 5018 G4...P..o.D6..P. 48: 0b40 a905 0000 4745 5420 2f65 7363 6170 .@....GET /escap 64: 6573 2f73 6561 7263 682f 696d 6167 6573 es/search/images 80: 2f68 6f72 697a 6f6e 7461 6c62 6172 2e67 /horizontalbar.g 96: 6966 2048 5454 502f 312e 300d 0a49 662d if HTTP/1.0..If- 112: 4d6f 6469 6669 6564 2d53 696e 6365 3a20 Modified-Since: 128: 5765 646e 6573 6461 792c 2031 362d 4170 Wednesday, 16-Ap 144: 722d 3937 2030 303a 3430 3a31 3620 474d r-97 00:40:16 GM 160: 543b 206c 656e 6774 683d 3534 0d0a 5265 T; length=54..Re 176: 6665 7265 723a 2068 7474 703a 2f2f 686f ferer: http://ho 192: 6d65 2e6e 6574 7363 6170 652e 636f 6d2f me.netscape.com/ 208: 6573 6361 7065 732f 7365 6172 6368 2f6e escapes/search/n 224: 7473 7263 6872 6e64 2d31 2e68 746d 6c0d tsrchrnd-1.html. 240: 0a43 6f6e 6e65 6374 696f 6e3a 204b 6565 .Connection: Kee 256: 702d 416c 6976 650d 0a55 7365 722d 4167 p-Alive..User-Ag 272: 656e 743a 204d 6f7a 696c 6c61 2f32 2e30 ent: Mozilla/2.0 288: 2028 5769 6e31 363b 2049 290d 0a48 6f73 (Win16; I)..Hos 304: 743a 2068 6f6d 652e 6e65 7473 6361 7065 t: home.netscape 320: 2e63 6f6d 0d0a 4163 6365 7074 3a20 696d .com..Accept: im 336: 6167 652f 6769 662c 2069 6d61 6765 2f78 age/gif, image/x 352: 2d78 6269 746d 6170 2c20 696d 6167 652f -xbitmap, image/ 368: 6a70 6567 2c20 696d 6167 652f 706a 7065 jpeg, image/pjpe 384: 670d 0a43 6f6f 6b69 653a 204e 4554 5343 g..Cookie: NETSC 400: 4150 455f 4944 3d31 3030 3065 3031 302c APE_ID=1000e010, 416: 3132 3336 3139 6130 0d0a 0d0a 123619a0....
Decode Example - 5 58 h-207-200-71-52.netscape.com -> cfl02 TCP D=1977 S=80 Ack=1012006 Seq=1144453530 Len=280 Win=49152 0: 00a0 2435 5343 0000 ef03 efb0 0800 4500 ..$5SC........E. 16: 0140 92eb 4000 3206 97c6 cfc8 4734 80c2 .@..@.2.....G4.. 32: 8547 0050 07b9 4436 f99a 000f 7126 5018 .G.P..D6ù...q&P. 48: c000 3e23 0000 4854 5450 2f31 2e31 2032 ..>#..HTTP/1.1 2 64: 3030 204f 4b0d 0a53 6572 7665 723a 204e 00 OK..Server: N 80: 6574 7363 6170 652d 456e 7465 7270 7269 etscape-Enterpri 96: 7365 2f33 2e30 0d0a 4461 7465 3a20 5375 se/3.0..Date: Su 112: 6e2c 2032 3420 4175 6720 3139 3937 2030 n, 24 Aug 1997 0 128: 383a 3135 3a33 3820 474d 540d 0a43 6f6e 8:15:38 GMT..Con 144: 7465 6e74 2d74 7970 653a 2069 6d61 6765 tent-type: image 160: 2f67 6966 0d0a 4c61 7374 2d6d 6f64 6966 /gif..Last-modif 176: 6965 643a 2054 7565 2c20 3135 2041 7072 ied: Tue, 15 Apr 192: 2031 3939 3720 3233 3a34 303a 3136 2047 1997 23:40:16 G 208: 4d54 0d0a 436f 6e74 656e 742d 6c65 6e67 MT..Content-leng 224: 7468 3a20 3534 0d0a 4163 6365 7074 2d72 th: 54..Accept-r 240: 616e 6765 733a 2062 7974 6573 0d0a 436f anges: bytes..Co 256: 6e6e 6563 7469 6f6e 3a20 6b65 6570 2d61 nnection: keep-a 272: 6c69 7665 0d0a 0d0a 4749 4638 3961 0b00 live....GIF89a.. 288: 1400 9100 00ff ffff 6699 9900 0000 0000 ........f....... 304: 002c 0000 0000 0b00 1400 0002 0f8c 8f01 .,.............. 320: cbed 0fa3 9cb4 da8b b3de 9c17 003b .............;
Decode Example - 6 59 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453810 Seq=1012006 Len=0 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 0028 6f09 0000 3c06 f2c0 80c2 8547 cfc8 .(o...<......G.. 32: 4734 07b9 0050 000f 7126 4436 fab2 5010 G4...P..q&D6..P. 48: 0b40 cf66 0000 0204 05a0 0000 .@.f........
Decode Example - 7 60 h-207-200-71-52.netscape.com -> cfl02 TCP D=1977 S=80 Fin Ack=1012006 Seq=1144453810 Len=0 Win=49152 0: 00a0 2435 5343 0000 ef03 efb0 0800 4500 ..$5SC........E. 16: 0028 92ec 4000 3206 98dd cfc8 4734 80c2 .(..@.2.....G4.. 32: 8547 0050 07b9 4436 fab2 000f 7126 5011 .G.P..D6ú...q&P. 48: c000 1aa5 0000 6915 9192 0000 ......i.....
Decode Example - 8 61 cfl02 -> h-207-200-71-52.netscape.com TCP D=80 S=1977 Ack=1144453811 Seq=1012006 Len=0 Win=2880 0: 0000 ef03 efb0 00a0 2435 5343 0800 4500 ........$5SC..E. 16: 0028 6f0a 0000 3c06 f2bf 80c2 8547 cfc8 .(o...<......G.. 32: 4734 07b9 0050 000f 7126 4436 fab3 5010 G4...P..q&D6ú.P. 48: 0b40 cf65 0000 0204 05a0 0000 .@.e........