1 / 60

TCP/IP Protocols Review

TCP/IP Protocols Review. Protocol Model Internet Protocol – IP/ICMP/ARP Reliable Stream Transport Service - TCP User Datagram Protocol - UDP Internet Applications. OSI Reference Model. Application. Application. Presentation. Presentation. Session. Session. Transport. Transport.

quemby-dale
Download Presentation

TCP/IP Protocols Review

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. TCP/IP Protocols Review • Protocol Model • Internet Protocol – IP/ICMP/ARP • Reliable Stream Transport Service - TCP • User Datagram Protocol - UDP • Internet Applications

  2. OSI Reference Model Application Application Presentation Presentation Session Session Transport Transport Network Network Network Network Data link Data link Data link Data link Physical Physical Physical Physical

  3. TCP/IP v.s. OSI 的架構 Application Http,Telnet,FTP,SMTP,SNMP,NFS TCP,UDP IP , ICMP device driver and interface card Host-to-Host Transport Internet Network Access

  4. TCP/IP Data Encapsulation Data Application Layer:User Data TCP Header Data TCP or UDP or ICMP Layer UDP Header Data ICMP Header Data IP Layer IP Header TCP / UDP/ICMP Header Data Lower Layer Frame Header IP Header TCP/UDP/ICMP Header Data Trailer

  5. TCP/IP階層性架構 User Process User Process User Process Application Application Transport TCP UDP Transport Internet ICMP IP IGMP Network Network Access ARP Interface RARP Link

  6. Internet Protocol (IP) • Internet Address • IP Datagram • IP Fragmentation • IP Routing • Internet Control Message Protocol(ICMP) • IP通信協定的特性 • IPv6

  7. Internet Address • Network ID and Host ID (Network Mask and Subnet) • Address Class and Classless IP • NIC Reserved IP Address • Broadcast / Loop Back / Multicast Address • Internet Addressing的缺點

  8. Network Mask and Subnet • network mask • A host needs to know how many bits are used for the Network-ID and how many bits are used for the Host-ID. This is specified using network mask. • Class C network mask example • 255.255.255.0 , 255.255.255.128, 255.255.255.192 , 255.255.255.224, 255.255.255.240, 255.255.255.248 • Commands to check IP address and network mask • Win95/98 - winipcfg • WinNT/2000 - ipconfig /all • UNIX - ifconfig -a

  9. 0 Network Host 1 0 Network Host IP Address Class (1) • Class A nnn.hhh.hhh.hhh(1.0.0.0 ~ 126.255.255.255) • Class B nnn.nnn.hhh.hhh(128.0.0.0 ~ 191.255.255.255) 0 7 0 15

  10. IP Address Class (2) • Class C nnn.nnn.nnn.rrr(192.0.0.0 ~ 223.255.255.255) • Class D Multicast address(224.0.0.0 ~ 239.255.255.255) 0 1 2 1 1 0 Network Host 1 1 1 0 Multicast address

  11. NIC Reserved IP Address • Class A • 10.0.0.0 ~ 10.255.255.255 • Class B • 172.16.0.0 ~ 172.31.255.255 • Class C • 192.168.0.0 ~ 192.168.255.255

  12. Special IP Address • Directed Broadcast Address • Network ID + all 1’s with Host ID • Limited Broadcast Address • Thirty-two 1s • Multicast Address • IGMP, Internet Group Management Protocol • Loop Back Address • 127.0.0.1 • For inter-process communication on the local machine

  13. Internet Addressing 缺點 • IP位址常常必須改變 • IP Spoofing • 位址不夠用

  14. IP Datagram 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Version IHL Type of Service Total Length Identification Flags Fragment Offset Time to live Protocol Header checksum Source address Destination address Options + padding Data......

  15. IP Fragmentation • Maximum Transmission Unit(MTU) • Related fields in IP Header • Identification • Flags: w/o more Fragment, DF bit • Fragment Offset • Related Attack • Ping of Death • Tiny Fragments • Fragments overlapped

  16. Network MTU (bytes) Hyperchannel 65536 16 Mbits/sec token ring (IBM) 17914 4 Mbits/sec token ring (IEEE 802.5) 4464 FDDI 4352 Ethernet 1500 IEEE 802.3/802.2 1492 X.25 576 Point-to-Point 296 MTU Typical Maximum Transmission Units (MTUs)

  17. Why Frag. is BAD • 封包分割重組造成效率降低與資源虛耗 • 封包被分割後不含TCP/UDP Header資訊,造成防火牆過濾上的困難 • 可能規避安全機制(掃毒、入侵偵測)檢查 • information hiding • 可能造成系統當機或其他異常反應 • overlapping data/header

  18. Overlapping Fragments IP Header TCP Header DATA IP Header DATA IP Header TCP Header DATA IP Header DATA IP Header TCP Header DATA IP Header Fake TCP Header DATA

  19. Time to Live (TTL) • 封包可以經過路由器的最大限制 (hop count) • 每當封包經過一台路由器(router/gateway)時,路由器會將TTL的值減1 • 若TTL的值到達零,負責處理的路由器會將封包丟棄不再繼續傳遞,並傳回ICMP Time Exceeded錯誤訊息回發送端

  20. Protocol Field TransportLayer UDP TCP ProtocolNumbers 6 17 ESP 51 InternetLayer AH 50 IP • Determines destination upper-layer protocol

  21. IP Options • 通常是empty,很少使用 • Firewall可能會碰到的IP option為IP source route • IP source route除mobile IP的應用外,無太大用途,反可能被攻擊者利用 • 有些packet filtering systems的政策是一見到IP option set,就拒絕此packet,不管它代表什麼意義

  22. IP Routing • Mapping Internet Address to Physical Address (ARP) • Table Driven IP Routing • Static and Dynamic Routing

  23. Routing Scenario Host B Source MAC= Router Dst. MAC= B Source IP= A Dst. IP= B Data…. Router Host A Source MAC= A Dst. MAC= Router Source IP= A Dst. IP= B Data….

  24. Address Resolution Protocol • 非IP Protocol • ARP Cache • ARP Proxy • arp -a, arp -p

  25. 封包擷取 – Sniffing (1) 我的MAC位址是….. B B 的 MAC位址是多少? A ARP Request ( Broadcast) 本機IP : A 目的IP : B ARP Reply Ex. C:\> arp -a

  26. 封包擷取 – Sniffing (2) • Sniffer是如何工作的 ? 1.乙太網路內任兩台電腦溝通的封包是可以被該區域網路內 其他電腦所探知的. 2.由於乙太網路卡會將不屬於它的封包訊息給忽略掉,也就是 它會忽略掉與它 MAC(Media Access Control) 位址不同的 封包. ( 廣播封包除外 – FF :FF :FF :FF :FF :FF ) 3. Sniffer的程式會將乙太網路卡設定成隨機處理模式 ”Promiscuous Mode”, 也就是不做任何封包的過濾,但前提 是要在同一個區域網路中.

  27. IP Routing Tables • A System’s Routing Tables Containing • loop back interface • Interface for itself network • host-specific are added • network-specific are added • default gateway are added • Commands to check routing tables • netstat -rn

  28. IP Routing Principals • (1) Search for host-specific host address • (2) Search for network-specific network • (3) Search for itself interface network for broadcast • (4) Search for a default entry

  29. Static and Dynamic Routing • Static routing • Command added • There is single connection point to other network • Dynamic routing • Used by routers to communication each other,informing each other of what networks each router currently connected to.

  30. Add a Static Routing Into a Routing Table • Windows 9x / NT / 2000 (Under Dos Mode ) • route add [ Host/Network IP] mask [Network Mask] [Gateway IP] *Example : route add 203.75.1.0 mask 255.255.255.128192.72.155.254 • Unix • route add [Host/Network IP] [Gateway IP] [Metric] *Example : - Add an Default Routing Entry : route add default 192.72.155.2541 - Add an Static Routing Entry : route add 172.16.1.1192.168.100.2541

  31. case study – static route Add static routes Host A route add 10.1.201.1 mask 255.255.255.255192.168.1.1 route add 192.168.1.1 mask 255.255.255.25510.1.201.1 Host B 192.168.1.1 255.255.255.0 10.1.201.1 255.255.255.0 Host A Host B How to let the two host reach each other?

  32. ICMP (1) • Internet Control Message Protocol • ICMP only reports error conditions to the original source; it does not correct it. • ICMP Message Format • Testing Destination Reachability and Status • Echo Request and Reply

  33. ICMP (2) • Reports of Unreachable Destinations • 並非所有錯誤均可偵測到,e.g.機器當掉、網路卡壞掉 • Congestion and Datagram Flow Control • Source Quench Message • Route Change Request From Gateways • Redirect Message • Detecting Circular or Excessively Long Routes • Time Exceeded for a Datagram message

  34. ICMP Message Format IP: IP Header ICMP Message ICMP: 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Type Code Checksum Data…..

  35. ICMP Type • 0: Echo Reply • 3: Destination Unreachable • 4: Source Quench • 5: Redirect(Change a route) • 8: Echo Request • 11: Time Exceeded for a Datagram • 12: Parameter Problem on a Datagram • 13: Timestamp Request • 14: Timestamp Reply • 15: Information Request (Obsolete) • 16: Information Reply ( Obsolete) • 17: Address Mask Request • 18: Address Mask Reply

  36. ICMP Code of Unreachable Destination • 8: Source Host Isolated • 9: Communication with Destination Network Administratively Prohibited • 10: Communication with Destination network Administratively Prohibited • 11: Network Unreachable for Type of Service • 12: Host Unreachable for Type of Service • 0: Network Unreachable • 1: Host Unreachable • 2: Protocol Unreachable • 3: Port Unreachable • 4: Fragmentation Needed and DF Set • 5: Source Route Failed • 6: Destination Network Unknown • 7: Destination Host Unknown

  37. IP通信協定的特性 • Connectionless Delivery System • Unreliable Delivery Protocol • Lost, Duplicated, Delayed, Out of Order • 依賴其它層的協定來提供Reliable Service

  38. IPv6特色 • Plenty of addresses (one would never run out of address) • support of billions of hosts • Efficient yet flexible routing • reduce the size of the routing tables • simplify the protocol for high performance routing process • Provide better security • Support of real-time data • Allow multicasting with specified scope • Allow a host to roam without changing its address • Allow protocol to evolve in the future • Allow the coexistence of the old and new protocols

  39. Changed Removed IPv4 Header20 Octets+Options : 13 fields, include 3 flag bits 0 bits 4 8 16 24 31 Ver IHL Service Type Total Length Identifier Flags Fragment Offset Time to Live Protocol Header Checksum 32 bit Source Address 32 bit Destination Address Options and Padding

  40. IPv6 Header40 Octets, 8 fields 0 4 12 16 24 31 Version Class Flow Label Payload Length Next Header Hop Limit 128 bit Source Address 128 bit Destination Address

  41. IPv6 Extension Headers IP options have been moved to a set of optional Extension Headers Extension Headers are chained together IPv6 Header TCP Header Application Data Next = TCP IPv6 Header Routing Hdr TCP Header Application Data Next = Routing Next = TCP IPv6 Header Security Hdr Fragment Hdr TCP Header Data Frag Next = Security Next = Frag Next = TCP

  42. Transmission Control Protocol • TCP Segment Format • Reliable Delivery Service • Positive Acknowledgement with Retransmission • Sliding Windows • Establish a TCP Connection

  43. TCP Segment Format 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 Source Port Destination Port Sequence Number Acknowledgment Number Data Offset Reserved U R G A C K P S H R S T S Y N F I N Windows Checksum Urgent Pointer Options & padding DATA

  44. Port Numbers TELNET RIP SMTP DNS TFTP SNMP H T T P FTP ApplicationLayer 520 25 53 69 161 80 21 23 Port Numbers TransportLayer TCP UDP

  45. TCP Port Numbers Source Port Dest. Port … Telnet Z Host Z Host A Dest. port = 23.Send packet to my Telnet application. SP DP 1028 23 …

  46. Reliable Delivery Service of TCP (1) • Stream Orientation • Instead of Lost, Duplicated, and Out of Order • Virtual Circuit Connection • Clients Connect and Servers Listen/Accept • Ports and Connections • Buffered Transfer • TCP will buffer data to make transfer more efficient • Provides a push mechanism that applications use to force a transfer

  47. Reliable Delivery Service of TCP (2) • Unstructured Stream • TCP does not show packet boundaries to applications • Full Duplex Connection • Think of it as two independent streams joined with piggybacking mechanism

  48. Acknowledgement and Retransmission ???

  49. Sliding Windows (1) • Packets: 1 2 3 | 4 5 6 7 8 | 9 10 11 12 13 => done windows Not Sent • 1-3 sent and ACKED • 4-8 in window and sent but not ACKED • if ACK arrives, sender slides window up • Recv controls sliding window and views that as available buffering, can stop sending by telling its window size is 0 in ACK

  50. Sliding Windows (2) • To make stream transmission more efficient than a simple positive acknowledgement protocol • Variable windows size and flow control • Congestion Control • Allowed-window = min (receiver-advertisement, congestion_window) • Multiplicative decrease congestion avoidance • Slow-start (additive) Recovery

More Related