CS683 - Security and Privacy: Reviewing Computer Networking (2/2) - PowerPoint PPT Presentation

CS683 - Security and Privacy: Reviewing Computer Networking (2/2) Karim Eldefrawy keldefrawy@usfca.edu Universit of San Francisco Overview of Networking, TCP/IP Stack, ARP, IP 1

Networking Concepts • Protocol Architecture (Stack or Suite) • Protocol Layers • Encapsulation • Network Abstractions 2

TCP/IP Stack and OSI Reference Model The TCP/IP protocol stack does not define the lower layers of a complete protocol stack 3

TCP/IP Protocol Stack • IP is the waist of the hourglass of the Internet Applications protocol architecture HTTP FTP SMTP TCP UDP • Multiple higher-layer protocols • Multiple lower-layer protocols IP • Only one protocol at the Data link layer protocols network layer. Physical layer protocols 4

Assignment of Protocols to Layers 5

Sending a packet from Argon to Neon argon.tcpip-lab.edu neon.tcpip-lab.edu "Argon " "Neon" 128.143.137.144 128.143.71.21 router137.tcpip-lab.edu router71.tcpip-lab.edu "Router137" "Router71" 128.143.137.1 128.143.71.1 Router Ethernet Network Ethernet Network 6

Sending a packet from Argon to Neon 128.143.71.21 is not on my local network. Therefore, I need to send the packet to my 128.143.71.21 is on my local network. default gateway with address 128.143.137.1 DNS: What is the IP address DNS: The IP address of Therefore, I can send the packet directly. ARP: What is the MAC of “neon.tcpip-lab.edu ” ? “neon.tcpip-lab.edu ” is address of 128.143.137.1? ARP: The MAC address of 128.143.71.21 128.143.137.1 is 00:e0:f9:23:a8:20 ARP: What is the MAC ARP: The MAC address of address of 128.143.71.21? argon.tcpip-lab.edu neon.tcpip-lab.edu 128.143.137.1 is 00:20:af:03:98:28 "Argon " "Neon" 128.143.137.144 128.143.71.21 router137.tcpip-lab.edu router71.tcpip-lab.edu "Router137" "Router71" 128.143.137.1 128.143.71.1 Router frame frame Ethernet Network Ethernet Network 7

Communications Architecture • The complexity of the communication task is reduced by using multiple protocol layers: • Each protocol is implemented independently • Each protocol is responsible for a specific subtask • Protocols are grouped in a hierarchy • A structured set of protocols is called a communications architecture or protocol suite or stack 8

TCP/IP Protocol Suite • The TCP/IP protocol suite is the protocol architecture of the Internet • The TCP/IP suite has four layers: Application, Transport, Network, and Data Link Layer • End systems (hosts) implement all four layers. Gateways (Routers) only have the bottom two layers. 9

Functions of the Layers • Data Link Layer: – Service: Reliable transfer of frames over a link Media Access Control on a LAN – Functions: Framing, media access control, error checking • Network Layer: – Service: Move packets from source host to destination host – Functions: Routing, addressing • Transport Layer: – Service: Delivery of data between hosts – Functions: Connection establishment/termination, error control, flow control • Application Layer: – Service: Application specific (delivery of email, retrieval of HTML documents, reliable transfer of file) – Functions: Application specific 10

Layered Communications • An entity of a particular layer can only communicate with: 1. a peer layer entity using a common protocol ( Peer Protocol ) 2. adjacent layers to provide services and to receive services 11

Layers in the Example HTTP HTTP HTTP protocol TCP TCP TCP protocol IP IP IP IP protocol IP protocol Ethernet Ethernet Ethernet Ethernet Ethernet Ethernet argon.tcpip- neon.tcpip-lab.edu router71.tcpip- router137.tcpip- lab.edu 128.143.71.21 lab.edu lab.edu 128.143.137.144 128.143.137.1 128.143.71.1 00:e0:f9:23:a8:20 12

Layers in the Example HTTP HTTP Send HTTP Request to neon Establish a connection to 128.143.71.21 at TCP TCP port 80Open TCP connection to 128.143.71.21 port 80 IP datagram is a TCP segment for port 80 Send IP data-gram to Send a datagram (which contains a connection Send IP datagram to IP IP IP 128.143.71.21 request) to 128.143.71.21 128.143.71.21 Frame is an IP Frame is an IP datagram datagram Send the datagram to 128.143.137.1 Send the datagram Ethernet Ethernet Ethernet Ethernet to 128.143.7.21 argon.tcpip- neon.tcpip-lab.edu router71.tcpip- router137.tcpip- Send Ethernet frame Send Ethernet frame lab.edu 128.143.71.21 lab.edu lab.edu to 00:20:af:03:98:28 to 00:e0:f9:23:a8:20 128.143.137.144 128.143.137.1 128.143.71.1 00:e0:f9:23:a8:20 13

Layers and Services • Service provided by TCP to HTTP: – reliable transmission of data over a logical connection • Service provided by IP to TCP: – unreliable transmission of IP datagrams across an IP network • Service provided by Ethernet to IP: – transmission of a frame across an Ethernet segment • Other services: – DNS: translation between domain names and IP addresses – ARP: translation between IP addresses and MAC addresses 14

Encapsulation and Demultiplexing • As data is moving down the protocol stack, each protocol is adding layer-specific control information 15

Different Views of Networking • Different Layers of the protocol stack have a different view of the network. This is HTTP’s and TCP’s view of the network. 16

Network View of IP Protocol 17

Network View of Ethernet • Ethernet’s view of the network 18

Address Resolution Protocol (ARP) 19

Overview Transport TCP UDP Layer Network ICMP IP IGMP Layer Network ARP RARP Link Layer Access Media 20

ARP and RARP • Note: – The Internet is based on IP addresses – Data link protocols (Ethernet, FDDI, ATM) may have different (MAC) addresses • The ARP and RARP protocols perform the translation between IP addresses and MAC layer addresses • We will discuss ARP for broadcast LANs, particularly Ethernet LANs Ethernet MAC ARP IP address address (32 bit) (48 bit) RARP 21

Processing of IP packets by network drivers IP Output IP Input Put on IP IP destination = multicast Put on IP Yes input queue or broadcast ? input queue No Yes Ethernet IP destination of packet IP datagram Driver = local IP address ? loopback Driver No: get MAC demultiplex ARP ARP address with Ethernet Frame Packet ARP Ethernet 22

Sending a packet from Argon to Neon argon.tcpip-lab.edu neon.tcpip-lab.edu "Argon " "Neon" 128.143.137.144 128.143.71.21 router137.tcpip-lab.edu router71.tcpip-lab.edu "Router137" "Router71" 128.143.137.1 128.143.71.1 Router Ethernet Network Ethernet Network 23

Address Translation with ARP ARP Request : Argon broadcasts an ARP request to all stations on the network: “What is the hardware address of Router137?” Argon Router137 128.143.137.144 128.143.137.1 00:a0:24:71:e4:44 00:e0:f9:23:a8:20 ARP Request: What is the MAC address of 128.143.71.1? 24

Address Translation with ARP ARP Reply : Router 137 responds with an ARP Reply which contains the hardware address Argon Router137 128.143.137.144 128.143.137.1 00:a0:24:71:e4:44 00:e0:f9:23:a8:20 ARP Reply: The MAC address of 128.143.71.1 is 00:e0:f9:23:a8:20 25

ARP Cache • Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after 20 minutes. • Contents of the ARP Cache: (128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0 (128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0 (128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0 (128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1 (128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0 (128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0 26

Things to know about ARP • What happens if an ARP Request is made for a non-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up. • What if a host sends an ARP request for its own IP address? The other machines respond (gratuitous ARP) as if it was a normal ARP request. This is useful for detecting if an IP address has already been assigned. 27

Proxy ARP • Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks. 28

LAN Switching and Bridges 29

Outline • Interconnection Devices • Bridges/LAN Switches vs. Routers • Bridges • Learning Bridges • Transparent bridges 30

Introduction • There are many different devices for interconnecting networks Ethernet Ethernet Hub Hub Hosts Hosts Bridge Router X.25 Token- Network ring Gateway 31

Ethernet Hub • Used to connect hosts to Ethernet LAN and to connect multiple Ethernet LANs • Collisions are propagated Ethernet Ethernet Hub Hub Host Host IP IP LLC LLC Hub Hub 802.3 MAC 802.3 MAC 32

Bridges/LAN switches • A bridge or LAN switch is a device that interconnects two or more Local Area Networks ( LANs) and forwards packets between these networks. • Bridges/ LAN switches operate at the Data Link Layer (Layer 2) Token- ring Bridge IP IP Bridge LLC LLC LLC LAN LAN 802.3 MAC 802.3 MAC 802.5 MAC 802.5 MAC