tcp ip ethernet ip and arp and a pgp refresher
play

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network - PowerPoint PPT Presentation

Oct 06, 2022 •11 likes •431 views

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions on Administrativia, organizational matters? Historical/cultural overview? Eike Ritter Network Security - Lecture 2 1 Today PGP in 6

  1. TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2

  2. Any questions on… • Administrativia, organizational matters? • Historical/cultural overview? Eike Ritter Network Security - Lecture 2 1

  3. Today • PGP in 6 slides • IP • Ethernet • ARP • Attacks: sniffing Eike Ritter Network Security - Lecture 2 2

  4. PGP Eike Ritter Network Security - Lecture 2 3

  5. Pretty Good Privacy (PGP) • Application for data encryption and decryption created by Phil Zimmermann • Message format used by PGP is standardized (RFC 4880), so that interoperability among different programs is possible • Here we will use GnuPG Eike Ritter Network Security - Lecture 2 4

  6. Generating a key • $ gpg --gen-key • Every user has one (or more) key pairs, consisting of a private key and a public key – The private key can be encrypted using a passphrase – All keys are stored in a keyring • This command generates a new key pair and stores it in the keyring Eike Ritter Network Security - Lecture 2 5

  7. Publishing the public key • $ gpg --export –a ‘Eike Ritter (Test key)’ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQENBE8KvXUBCADGTet/EQF0qPeaG5IkwWzGfRxc2XT7I6KvOKI4NverNxC8JijF ZKMf0RSZ5himtEVGjXTmc0hyMzuYlDzg/oVM70tygqEEC28IpppdINJVtyUfNYwu … … =aGju -----END PGP PUBLIC KEY BLOCK----- • Public key can be upload it to web site or to keyserver, such as pgp.mit.edu Eike Ritter Network Security - Lecture 2 6

  8. Encrypting a message • $ gpg -r <recipient-key> -e secret.txt • Encrypts the file secret.txt so that the recipient having public key <recipient-key> can recover its plain text content • In practice, a session key is generated randomly and is used to encrypt (symmetrically) the file • The session key is encrypted with the public key of the recipient(s) and attached to the file • Decrypting: $ gpg -d secret.gpg Eike Ritter Network Security - Lecture 2 7

  9. Signing a message • $ gpg -s -a secret.txt • Generates a signature for the given file (in ASCII format) using the private key of the user • The signature can be verified by using the public key of the signer: $ gpg --verify secret.asc gpg: Signature made Mon 09 Jan 2012 10:43:15 GMT using RSA key ID AA226670 gpg: Good signature from "Eike Ritter (Test key) <test@rittere.co.uk>" Eike Ritter Network Security - Lecture 2 8

  10. Other common operations • Generating a detached signature • Signing and encrypting a message • Web of trust: sign a public key • Revoking a key Eike Ritter Network Security - Lecture 2 9

  11. TCP/IP Eike Ritter Network Security - Lecture 2 10

  12. TCP/IP Protocol Suite • Network protocols – IP (Internet Protocol) – ICMP (Internet Control Message Protocol) • Transport protocols – TCP (Transmission Control Protocol) – UDP (User Datagram Protocol) • Application protocols – HTTP (HyperText Transfer Protocol) – SSH – DNS • Other protocols – ARP (Address Resolution Protocol) Eike Ritter Network Security - Lecture 2 11

  13. TCP/IP layering Application RPC DNS FTP HTTP SSH RPC DNS FTP HTTP SSH • Application-specific protocols Transport UDP TCP UDP TCP • Ordering, multiplexing, correctness Network IP ICMP IP ICMP • Transmission and routing across subnets Data link Network card Network card • Error control between adjacent nodes Physical Ethernet, Wireless Ethernet, Wireless • Connect to channel • Send/receive bytes Eike Ritter Network Security - Lecture 2 12

  14. IP addresses • Each host has one or more IP addresses for each network interface • IPv4 addresses are composed of 32 bit (class+netid+hostid) • Represented in dotted-decimal notation: 147.188.193.82 • Classes (up to ~1993) Class Starts with Netid bits Hostid bits # hosts A 0 7 24 16,777,21 4 B 10 14 16 65,534 C 110 21 8 254 D 1110 Multicast address E 1111 Reserved for future use Eike Ritter Network Security - Lecture 2 13

  15. Special addresses • 127.0.0.0 – 127.255.255.255: loopback interface • Private networks (RFC 1597): – 10.0.0.0 - 10.255.255.255 – 172.16.0.0 - 172.31.255.255 – 192.168.0.0 - 192.168.255.255 • Network – hostid bits set to 0 • Broadcast – All bits set to 1: local broadcast – Netid+hostid with all bits to 1: net-directed broadcast to netid (147.188.255.255) Eike Ritter Network Security - Lecture 2 14

  16. Classless Inter-Domain Routing (CIDR) • Classes lead to inefficient use of IP space and to large routing tables – Not enough class B – Little opportunity for route aggregation (many class C networks geographically dispersed) • Solution: variable-length subnet masking, i.e., the netid/hostid boundary can be placed on arbitrary bit • Notation: /N gives the number of bits interpreted as network number (“prefix”) – /24: legacy class C – /16: legacy class B – /8: legacy class A Eike Ritter Network Security - Lecture 2 15

  17. Internet Protocol (IP) • Transmissions of blocks of data (datagrams) from source to destination • Standardized in RFC 791 • Transmission properties – Connectionless – Unreliable, best-effort • delivery, integrity, ordering, non-duplication are not guaranteed • IP does handle fragmentation and reassembly of long datagrams • For direct communication, IP relies on lower level protocols (e.g., Ethernet) Eike Ritter Network Security - Lecture 2 16

  18. IP datagram 24 28 8 12 16 20 31 0 4 Version HL ToS Total length Identifier Flags Fragment offset Time To Live Protocol Header checksum Source IP address Destination IP address Options Padding Data Eike Ritter Network Security - Lecture 2 17

  19. IP header • Normal size: 20 bytes • Version (4 bits): 4 (IPv4) • Header length (4 bits): number of 32-bit words in the header, including options (max header size: 60 bytes) • Type Of Service (8 bits): – Used to be: priority (3 bits), quality of service (4 bits), unused bit – Now: Differentiated Services Code Point (6 bits), Explicit Congestion Notification (2 bits) • Total length (16 bits): datagram length in bytes (max size: 65,535 bytes) • ID (16 bits): datagram identifier Eike Ritter Network Security - Lecture 2 18

  20. IP header • Flags (3 bits) and Offset (13 bits): to support fragmentation • Time To Live (8 bits): max number of hops in the delivery process • Protocol (8 bits): specifies the protocol encapsulated in the datagram data (e.g., TCP, UDP) • Header checksum (16 bits): checksum calculated over the IP header – Recomputed at each hop (TTL, fragmentation) • Source and destination address (32 bits each): IP addresses of the source and destination of the datagram Eike Ritter Network Security - Lecture 2 19

  21. IP options • Present if header length > 5 • Variable length • Type is identified by first byte – Record route – Source route – Timestamp – … • Not often used Eike Ritter Network Security - Lecture 2 20

  22. IP encapsulation • How are IP datagrams transferred over a LAN? • RFC 894 explains IP over Ethernet – Encapsulation + direct delivery IP header IP data IP header IP data Frame header Frame data Frame header Frame data Eike Ritter Network Security - Lecture 2 21

  23. IP direct delivery • Sender forwards a packet to the final destination on a directly attached network 147.188.193.6 From: 00:19:D1:80:AE:45 To: 00:04:96:1D:6B:20 00:04:96:1D:6B:20 From: 147.188.193.82 To: 147.188.193.6 147.188.193.82 147.188.193.15 147.188.193.80 00:19:D1:80:AE:45 Eike Ritter Network Security - Lecture 2 22

  24. Ethernet • Widely-used link layer protocol • Uses CSMA/CD (Carrier Sense, Multiple Access with Collision Detection) Dest Src Ethertype Payload CRC 6 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes 0800 IP datagram 0800 IP datagram 0806 ARP 0806 ARP Eike Ritter Network Security - Lecture 2 23

  25. Address Resolution Protocol (ARP) • Used to map an IP address to the link-level addresses associated with the peer’s hardware interface (e.g., Ethernet) • ARP messages are encapsulated in the underlying link-level protocol Eike Ritter Network Security - Lecture 2 24

  26. Address Resolution Protocol (ARP) • Host A wants to know the hardware address associated with IP address I b of host B • A broadcasts a special message to all the hosts on the same physical link • Host B answers with a message containing its own link- level address • A keeps the answer in its cache (for some time, e.g., 20 minutes) • When A sends its request, A includes its own IP address in the request - As an optimization, the receiver of the ARP request may cache the requester mapping Eike Ritter Network Security - Lecture 2 25

  27. ARP messages Proto Proto Sender Sender Target Target Hw type Hw size Op type size Ether IP Ether IP Mapping information • – Hardware (2 bytes) [Typically: Ethernet] – Protocol (2 bytes) [Typically: IP] – Hardware size (1 byte) – Protocol size (1 byte) Typically: 0x0001, 0x0800, 6, 4 Op: type of message (1: request; 2: response) • Sender Ethernet/IP: sender data • Target Ethernet/IP: target data • - Target Ethernet is all 0s in request Eike Ritter Network Security - Lecture 2 26

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and bridges: Ethernet packets Ethernet topologies Bus, star, tree. Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) All nodes

499 views • 27 slides
Any questions on Administrativia, organizational matters? TCP/IP: Ethernet, IP, and ARP

Any questions on Administrativia, organizational matters? TCP/IP: Ethernet, IP, and ARP

Any questions on Administrativia, organizational matters? TCP/IP: Ethernet, IP, and ARP Historical/cultural overview? (and a PGP refresher) Network Security Lecture 2 Eike Ritter Network Security - Lecture 2 1 Today PGP in 6

234 views • 7 slides
EthERNet Role of EthERNet in Making GIS Resources More accessible in Ethiopian Academic and

EthERNet Role of EthERNet in Making GIS Resources More accessible in Ethiopian Academic and

EthERNet Role of EthERNet in Making GIS Resources More accessible in Ethiopian Academic and Research Institutions Zelalem A Agenda What are RENs and NREN ? What is EthERNet Regional RENs Services &amp; Activities by EthERNet

502 views • 25 slides
GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that all staff and volunteers have GDPR refresher training on an annual basis. Logistically, it makes sense to offer refresher training electronically

682 views • 39 slides
Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course

Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course

Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry standards and current EPA and OSHA

522 views • 30 slides
Ethernet The LAN Killer 2005/03/11 (C) Herbert Haas Ethernet works in practice but not in

Ethernet The LAN Killer 2005/03/11 (C) Herbert Haas Ethernet works in practice but not in

Ethernet The LAN Killer 2005/03/11 (C) Herbert Haas Ethernet works in practice but not in theory. Robert Metcalfe History (1) Late 1960s: Aloha protocol University of Hawaii Late 1972: Robert Metcalfe developed first Ethernet

618 views • 29 slides
Ethernet The LAN Killer (C) Herbert Haas 2005/03/11 Ethernet works in Robert Metcalfe

Ethernet The LAN Killer (C) Herbert Haas 2005/03/11 Ethernet works in Robert Metcalfe

Ethernet The LAN Killer (C) Herbert Haas 2005/03/11 Ethernet works in Robert Metcalfe practice but not in theory. History (1) Late 1960s: Aloha protocol University of Hawaii Late 1972: Robert Metcalfe developed first Ethernet

937 views • 67 slides
Ethernet OAM and Protection Ethernet OAM and Protection Switching Switching Hiroshi Ohta

Ethernet OAM and Protection Ethernet OAM and Protection Switching Switching Hiroshi Ohta

I nternational Telecom m unication Union ITU-T Ethernet OAM and Protection Ethernet OAM and Protection Switching Switching Hiroshi Ohta Senior Research Engineer, NTT I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1

547 views • 17 slides
Fibre Channel over Ethernet Robert Love Chris Leech 1 What is Fibre Channel over Ethernet?

Fibre Channel over Ethernet Robert Love Chris Leech 1 What is Fibre Channel over Ethernet?

Fibre Channel over Ethernet Robert Love Chris Leech 1 What is Fibre Channel over Ethernet? An encapsulation protocol to carry Fibre Channel frames over Ethernet Standardized in T11 Focused on SCSI FCP Not interested in IP over

317 views • 20 slides
Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher

Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher

Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher Training Training Course Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry

425 views • 40 slides
Ethernet POWERLINK (DRAFT) David Herzog-Botzenhart June 16 th , 2011 Ethernet POWERLINK (DRAFT)

Ethernet POWERLINK (DRAFT) David Herzog-Botzenhart June 16 th , 2011 Ethernet POWERLINK (DRAFT)

Ethernet POWERLINK (DRAFT) Ethernet POWERLINK (DRAFT) David Herzog-Botzenhart June 16 th , 2011 Ethernet POWERLINK (DRAFT) Introduction History Real time computing? The idea of a synchronous protocol. What is the benefit of using PowerLink?

1.09k views • 89 slides
Ethernet Addresses ITS323: Introduction to Data Communications Sirindhorn International

Ethernet Addresses ITS323: Introduction to Data Communications Sirindhorn International

ITS323 Ethernet IEEE 802 Switched Ethernet Frames &amp; Ethernet Addresses ITS323: Introduction to Data Communications Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 11 November 2014

422 views • 13 slides
M12 X-coded 10Gb/s M12 X-Coded Field installable for Rail D4 Industrial Ethernet, Ethernet/IP

M12 X-coded 10Gb/s M12 X-Coded Field installable for Rail D4 Industrial Ethernet, Ethernet/IP

M12 X-coded 10Gb/s M12 X-Coded Field installable for Rail D4 Industrial Ethernet, Ethernet/IP for Railway Applications A5 Actuator-sensor plug M12 X-coded series acc IEC 61076-2-109 connections for Devicenet, A8 IO link and Profibus

784 views • 20 slides
Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the

Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the

Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet TEF 2012: The End Users Speak! February 16, 2012 I ntroductions I ntroductions I

307 views • 5 slides
Shared Access Networks Outline Bus (Ethernet 802.2/3) Token ring Wireless (802.11) 1 Ethernet

Shared Access Networks Outline Bus (Ethernet 802.2/3) Token ring Wireless (802.11) 1 Ethernet

Shared Access Networks Outline Bus (Ethernet 802.2/3) Token ring Wireless (802.11) 1 Ethernet Overview The most successful Local Area Networks Bandwidth: 10Mbps, 100Mbps (Fast), 1Gbps Avoid Simultaneous on a Shared Line: CSMA/CD

121 views • 8 slides
Ethernet Services over Transport Ethernet Services over Transport MPLS (T- -MPLS) MPLS) MPLS

Ethernet Services over Transport Ethernet Services over Transport MPLS (T- -MPLS) MPLS) MPLS

I nternational Telecom m unication Union ITU-T Ethernet Services over Transport Ethernet Services over Transport MPLS (T- -MPLS) MPLS) MPLS (T Italo Busi Alcatel (Editor of G.8110.1) I TU-T W orkshop NGN and its Transport Netw orks

319 views • 12 slides
1 IP Addressing: introduction IP networks 223.1.1.1 223.1.1.1 IP address: 32-bit Address has

1 IP Addressing: introduction IP networks 223.1.1.1 223.1.1.1 IP address: 32-bit Address has

IP overview Internet Protocol Service model Addressing Forwarding (Routing later) 9/29/06 CS/ECE 438 - UIUC, Fall 2006 1 9/29/06 CS/ECE 438 - UIUC, Fall 2006 2 Layer reminder IP service model Bridges - emulate single link

602 views • 7 slides
Network Layer CMPS 4750/6750: Computer Networks 1 Outline Overview of network layer

Network Layer CMPS 4750/6750: Computer Networks 1 Outline Overview of network layer

Network Layer CMPS 4750/6750: Computer Networks 1 Outline Overview of network layer Forwarding (data plane) Routing (control plane) The Internet Protocol (IP) Routing in the Internet: OSPF, BGP 2 Network Layer application

1.2k views • 94 slides
Network Layer: The Data Plane Network Layer Overview Router Architecture Network

Network Layer: The Data Plane Network Layer Overview Router Architecture Network

Network Layer: The Data Plane Network Layer Overview Router Architecture Network Layer Functions and Service Models Network Layer Functions IP Addressing Network Service Models: Virtual Circuit vs. Datagram

1.18k views • 63 slides
Internet Technologies 3-Networking F. Ricci 2010/2011 Content Protocol Hierarchies

Internet Technologies 3-Networking F. Ricci 2010/2011 Content Protocol Hierarchies

Internet Technologies 3-Networking F. Ricci 2010/2011 Content Protocol Hierarchies Services and protocols Service Primitives Connection-Oriented and Connectionless Services Reference models OSI reference model TCP/IP

798 views • 57 slides
the evolution of collective intelligence adventures in information sharing wesyoung.me Monday,

the evolution of collective intelligence adventures in information sharing wesyoung.me Monday,

the evolution of collective intelligence adventures in information sharing wesyoung.me Monday, May 21, 12 zombie hunting, the survival guide What is the REN-ISAC? Who do we work with? Why should I care? Challenges the

506 views • 24 slides
Routing Computer Center, CS, NCTU Dynamic Route Routing Protocol 2 Computer Center, CS,

Routing Computer Center, CS, NCTU Dynamic Route Routing Protocol 2 Computer Center, CS,

Routing Computer Center, CS, NCTU Dynamic Route Routing Protocol 2 Computer Center, CS, NCTU Why dynamic route ? (1) Static route is ok only when Network is small There is a single connection point to other network No

757 views • 41 slides
Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco

Setting Strong Encrypted Passwords Configuring Password Encryption for Clear Text Passwords Cisco IOS stores passwords in clear text in network device configuration files for several features such as passwords for local and remote CLI sessions,

354 views • 13 slides
Undo-Redo Principles, concepts Undo patterns Java implementation Undo 1 Undo* Benefits

Undo-Redo Principles, concepts Undo patterns Java implementation Undo 1 Undo* Benefits

Undo-Redo Principles, concepts Undo patterns Java implementation Undo 1 Undo* Benefits Undo lets you recover from errors - input errors (human) and interpretation errors (computer) - you can work quickly (without fear) Undo enables

541 views • 27 slides

More recommend