310 likes | 723 Views
TCP/IP Layered Architecture. TCP/IP Layered Architecture. Competing Views of Network Architecture Open Systems Interconnection (OSI) Model TCP/IP evolved from the DOD Arpanet TCP/IP Terminology Internet Protocol (IP) Transmission Control Protocol (TCP) User Datagram Protocol (UDP)
E N D
TCP/IP Layered Architecture • Competing Views of Network Architecture • Open Systems Interconnection (OSI) Model • TCP/IP evolved from the DOD Arpanet • TCP/IP Terminology • Internet Protocol (IP) • Transmission Control Protocol (TCP) • User Datagram Protocol (UDP) • Network Access Layer includes • Sub Network Access Protocols, e.g. Ethernet MAC • Physical Interface Characteristics, e.g. RJ-45
TCP/IP Physical Architecture • Terminology • Remote Access Server (RAS) • Hybrid Fiber Coax (HFC) • Cable Modem Termination System (CMTS) • Digital Subscriber Line (DSL) • DSL Access Multiplexor (DSLAM) • T1 Line (a 1.5 Mbps digital telephone line) • T3 Line (a 45 Mbps digital telephone line)
TCP/IP Layered Architecture • Connection-less Protocols • UDP and IP (and Ethernet MAC protocol) • No concept of a connection across the network or at the end points • No error recovery built-in to the protocol • Connection-oriented Protocol • TCP • Connection state is maintained at endpoints • Error recovery is built-in to the protocol
TCP Header Format Bit 0 Bit 31 Source Port Destination Port Sequence Number Acknowledgement Number Control Flags Window Checksum Urgent Pointer Data
UDP Header Format Bit 0 Bit 31 Source Port Destination Port Length Header Checksum Data
Layered Protocols Application Data Application Application TCP/UDP TCP/UDP TCP or UDP Application Data IP IP TCP or UDP Application Data IP Network Access Network Access MAC IP TCP or UDP Application Data MAC Bits on the “wire”
Physical Interface • Most common one today is Ethernet LAN • Ethernet Media Access Control Protocol • Based on Broadcast nature of a LAN • Connection-less Protocol • Source and Destination MAC Addresses • Media Access Control (MAC) Address • Example: 00-13-20-AE-5C-03 • Manufacturer ID + Manufacturer assigned field
TCP/IP Layered Architecture • Interface • An interface represents a logical connection to a physical sub-network • An interface has an IP address • An interface must be configured • Interface Configuration Options • Manual (“Hard-coded”) • Reverse ARP (Not commonly Used) • Dynamic Host Configuration Protocol (DHCP) • Possible Problem: IP address, address mask, or default gateway (router) configured incorrectly
Windows XP Interface Configuration C:\Documents and Settings\Bob>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : SERVER Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No • Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/100 VE Network Connection Physical Address. . . . . . . . . : 00-13-20-AE-5C-03 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.1 DNS Servers . . . . . . . . . . . : 192.168.10.1 Lease Obtained. . . . . . . . . . : Thursday, November 13, 2008 3:09:29AM Lease Expires . . . . . . . . . . : Friday, November 14, 2008 3:09:29 AM
DHCP Process • If interface is not configured with IP address and other information (e.g. manually), the software must send a DHCP request • DHCP response contains the IP address and other needed configuration information: • Address mask in use on this sub-network • Default gateway for reaching remote networks • Directory Name Server (DNS) Address • Possible Problem: Server doesn’t respond
Host Names and DNS • When an application tries to send data to another host on the network: • TCP/IP software sends a DNS request with remote host name to get the host’s IP address • DNS response contains host’s IP address • Possible Problem: DNS is down • Possible Problem: DNS is unreachable • Possible Problem: DNS has no ID for host
Host Names and DNS C:\Documents and Settings\Bob>nslookup www.cs.umb.edu Server: wr850g.hsd1.ma.comcast.net Address: 192.168.10.1 Non-authoritative answer: Name: www.cs.umb.edu Address: 158.121.105.2
IP Addresses and MAC Addresses • When TCP/IP software sends an IP packet • It must locate physical port corresponding to the IP Interface (IP source address) and own source MAC address (usually configured in “hardware”) • It must find the MAC address for the destination IP address • This is a multistep process for destination on: • Local Network – Address Resolution Protocol (ARP) • Remote Network – Find Gateway (Router) IP address then use ARP to get Router’s MAC address
Address Resolution Protocol • ARP protocol sends desired destination IP address and requests the MAC address • The host or router with that IP address configured on its interface responds • The response contains the source MAC address which the original requestor uses to send packet • Requestor saves a copy of this mapping in local ARP cache to avoid unnecessary ARP requests • Possible problem: This cache can get out of date
Network Diagnostic • PING general purpose diagnostic tool • PING = “Packet Inter-Network Groper” • PING can determine the existence and/or reachability of the destination host • Use PING via Command Prompt Window • Possible Problem: Destination host has turned off PING feature (e.g. usually for security reasons)
Network Diagnostic - Ping C:\Documents and Settings\Bob>ping Kayak Pinging Kayak [192.168.10.3] with 32 bytes of data: Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Reply from 192.168.10.3: bytes=32 time<1ms TTL=128 Ping statistics for 192.168.10.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms
Network Diagnostic - Ping C:\Documents and Settings\Bob>ping www.cs.umb.edu Pinging sf02.cs.umb.edu [158.121.105.2] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 158.121.105.2: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Application Networking Layer • Socket • An Access point for Application Software to the Transport Layer – UDP or TCP • Programmer’s reference point for networking • UDP – No connection handling is required • But also no error recovery • Application must set a timer and retry on error • TCP – Connection handling is required • “Open” to initiate connection (client) • “Listen” to await incoming connection (server)
Applications • TELNET – traditional interactive protocol • FTP – traditional file transfer protocol • Email • Simple Mail Transport Protocol (SMTP) • Post Office Protocol Version 3 (POP3) • Web Browsing • Hyper-Text Transport Protocol (HTTP) • Secure HTTP (HTTPS)
Network Diagnostic – LAN “Sniffer” • Wireshark is a LAN “sniffer” • In capture mode, it turns on the physical interface in “promiscuous mode” • Receives everything sent on the LAN • Captures it in a buffer and displays it • Problem: Can create a real security issue!
Captured ARP Request/Response Motorola_49:16:40 IntelCor_ae:5c:03 ARP Who has 192.168.10.2? Tell 192.168.10.1 IntelCor_ae:5c:03 Motorola_49:16:40 ARP 192.168.10.2 is at 00:13:20:ae:5c:03
Email – POP3 192.168.10.2 158.121.104.3 TCP servergraph > pop3 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 158.121.104.3 192.168.10.2 TCP pop3 > servergraph [SYN, ACK] Seq=0 Ack=1 Win=24840 Len=0 MSS=1380 192.168.10.2 158.121.104.3 TCP servergraph > pop3 [ACK] Seq=1 Ack=1 Win=65535 Len=0 158.121.104.3 192.168.10.2 POP Response: +OK POP3 mx1.cs.umb.edu 2004.89 server ready 192.168.10.2 158.121.104.3 POP Request: USER bobw 158.121.104.3 192.168.10.2 TCP pop3 > servergraph [ACK] Seq=47 Ack=12 Win=24840 Len=0 158.121.104.3 192.168.10.2 POP Response: +OK User name accepted, password please 192.168.10.2 158.121.104.3 POP Request: PASS (my real password showed here) 158.121.104.3 192.168.10.2 TCP pop3 > servergraph [ACK] Seq=88 Ack=25 Win=24840 Len=0 158.121.104.3 192.168.10.2 POP Response: +OK Mailbox open, 0 messages 192.168.10.2 158.121.104.3 POP Request: STAT 158.121.104.3 192.168.10.2 POP Response: +OK 0 0 192.168.10.2 158.121.104.3 POP Request: QUIT
HTTP Interaction 192.168.10.2 158.121.105.2 HTTP GET /~bobw/MassIT HTTP/1.1 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 301 Moved Permanently (text/html) 192.168.10.2 158.121.105.2 HTTP GET /~bobw/MassIT/ HTTP/1.1 158.121.105.2 192.168.10.2 TCP [TCP segment of a reassembled PDU] 158.121.105.2 192.168.10.2 TCP [TCP segment of a reassembled PDU] 192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=2448 Ack=3925 Win=65535 Len=0 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 200 OK (text/html) 192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=2448 Ack=7892 Win=64328 Len=0
First TCP Segment Contents (Partial) HTTP/1.1 200 OK Date: Fri, 21 Nov 2008 19:07:50 GMT Server: Apache/2.2.4 (Ubuntu) mod_python/3.3.1 Python/2.5.1 PHP/5.2.3-1ubuntu6 Last-Modified: Wed, 19 Nov 2008 02:12:26 GMT ETag: "1132b-18f2-45c0157e21680" Accept-Ranges: bytes Content-Length: 6386 Keep-Alive: timeout=15, max=97 Connection: Keep-Alive Content-Type: text/html <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Mass IT Course Syllabus</title> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1"> </head>
HTTP Interaction 192.168.10.2 158.121.105.2 HTTP GET /~bobw/ HTTP/1.1 158.121.105.2 192.168.10.2 TCP http > ecp [ACK] Seq=1 Ack=665 Win=6640 Len=0 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 304 Not Modified 192.168.10.2 158.121.105.2 HTTP GET /~bobw/bob.jpg HTTP/1.1 158.121.105.2 192.168.10.2 HTTP HTTP/1.1 304 Not Modified 192.168.10.2 158.121.105.2 TCP ecp > http [ACK] Seq=1345 Ack=474 Win=65062 Len=0
TCP Error Detection Scenarios 158.121.14.100 192.168.10.2 TLSv1 [TCP Retransmission] Application Data 192.168.10.2 158.121.14.100 TCP [TCP Dup ACK 4786#1] f5-globalsite > https [ACK] Seq=1 Ack=7136 Win=65535 Len=0 155.199.36.151 192.168.10.2 HTTP [TCP Previous segment lost] Continuation or non-HTTP traffic 192.168.10.2 155.199.36.151 TCP [TCP Dup ACK 4823#1] odette-ftp >http [ACK] Seq=635 Ack=1 Win=65535 Len=0 SLE=1461 SRE=1973 155.199.36.151 192.168.10.2 TCP [TCP Out-Of-Order] [TCP segment of a reassembled PDU]