1 / 21

The complete picture

The complete picture. Linux Network Management. End to End Connection. Being able to describe the end to end connection sequence is a useful thing Very popular question on technical interviews Usually necessary in troubleshooting

jerry-houston
Download Presentation

The complete picture

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The complete picture Linux Network Management

  2. End to End Connection • Being able to describe the end to end connection sequence is a useful thing • Very popular question on technical interviews • Usually necessary in troubleshooting • If you don't know how it should work, you won't recognize problems when you see them

  3. HTTP Connection How do we google??

  4. What do we need? • We need IP addresses for both ends • We need MAC addresses for anything on the local subnet • End station if it's on local subnet • Gateway MAC if address is not local • We need port numbers for TCP/UDP

  5. What do we have??? • A name for the destination - google.com • Our own source IP address • Our own MAC address • Our own gateway IP address • Our own DNS server IP address • Well-known port addresses (/etc/services) • Our own subnet mask

  6. ARP EXCHANGE what's your MAC? 00:C3:04:22:17:0A

  7. Step 1 - Get the router MAC We need to get the IP address of the name google.com We will get that from the DNS server (IP in resolv.conf) Since the IP address of the DNS server is probably not local we need to send the DNS request to the router For that we need the MAC address of the router Packet 1 Broadcast ARP request to router port IP

  8. Step 2 - ARP response Assuming the router port is up we will get an ARP response with the MAC of the router port IF THERE IS A PROBLEM WE WILL SEE A TRACE WITH REPEATED ARP REQUESTS FOR THE ROUTER PORT AND NOTHING ELSE Packet 2 Unicast ARP response from router port

  9. DNS LOOKUP who is google.com? 216.239.51.100 DNS SERVER

  10. Step 3 - DNS Request for Google.com Our Source IP and Source MAC Randomly generated Source Port Destination MAC is router port Destination IP is the DNS server Well known UDP DNS Port 53 Packet 3 DNS Query to DNS Server (in resolv.conf) for google.com

  11. Step 4 - DNS Response Destination IP and Destination MAC to us UDP Destination Port same as Source in request Source MAC is router port Source IP is the DNS server Source UDP DNS Port 53 Packet 4 DNS Response from DNS Server with IP of google.com

  12. TCP SYN-SYN/ACK-ACK SYN SYN/ACK WEB SERVER ACK

  13. Step 5 - TCP SYN Source MAC and IP from us Random TCP port Destination MAC is router port Destination IP is the HTTP Server Destination HTTP Port 80 Packet 5 TCP SYN to HTTP Server

  14. Step 6 - TCP SYN/ACK Destination MAC and IP is to us Same TCP port we used in SYN Source MAC is router port Source IP is the HTTP Server Source HTTP Port 80 Packet 6 TCP SYN/ACK from HTTP Server

  15. Step 7 - TCP ACK Source MAC and IP from us Same TCP port Destination MAC is router port Destination IP is the HTTP Server Destination HTTP Port 80 Packet 7 TCP ACK to HTTP Server

  16. HTTP GET - TCP ACK HTTP GET TCP ACK WEB SERVER

  17. Step 8 - HTTP GET Source MAC and IP from us Same TCP port Destination MAC is router port Destination IP is the HTTP Server Destination HTTP Port 80 Packet 8 HTTP GET to HTTP Server It's possible to have the GET with the ACK flag set (Piggy-back ACK)

  18. Step 9 - TCP ACK Destination MAC and IP is to us Same TCP port we used in SYN Source MAC is router port Source IP is the HTTP Server Source HTTP Port 80 Packet 9 TCP ACK from HTTP Server

  19. HTTP RESPONSE - TCP ACK HTTP RESPONSE TCP ACK WEB SERVER

  20. Step 10 - HTTP RESPONSE Destination MAC and IP from us Same TCP port (remember - socket pair defines TCP connection) Source MAC is router port Source IP is the HTTP Server Destination HTTP Port 80 Packet 10 HTTP RESPONSE from HTTP Server

  21. Step 11 - TCP ACK Source MAC and IP is from us Same TCP ports Destination MAC is router port Destination IP is the HTTP Server Source HTTP Port 80 Packet 11 TCP ACK to HTTP Server

More Related