tcp ip tcp
play

TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides - PowerPoint PPT Presentation

Sep 07, 2022 •246 likes •559 views

TCP/IP: TCP Network Security Lecture 6 TCP Based on IP Provides connection-oriented , reliable stream delivery service (handles loss, duplication, transmission errors, reordering) Provides port abstraction (like UDP) Establishes

  1. TCP/IP: TCP Network Security Lecture 6

  2. TCP • Based on IP • Provides connection-oriented , reliable stream delivery service (handles loss, duplication, transmission errors, reordering) • Provides port abstraction (like UDP) • Establishes a virtual circuit (over packet switching IP) – (source IP address, source port, destination IP address, destination port) – Full duplex: two streams • RFC 793 Eike Ritter Network Security - Lecture 6 1

  3. TCP segment 0 4 8 12 16 20 24 28 31 Source port Destination port Sequence number Acknowledgment number Hdr len Reserved Flags Window Checksum Urgent pointer Options (id hdr_len > 5) Padding Data Eike Ritter Network Security - Lecture 6 2

  4. TCP segment Eike Ritter Network Security - Lecture 6 3

  5. TCP encapsulation TCP header TCP data TCP header TCP data IP header IP data IP header IP data Frame header Frame data Frame header Frame data Eike Ritter Network Security - Lecture 6 4

  6. TCP encapsulation Eike Ritter Network Security - Lecture 6 5

  7. TCP seq/ack numbers • The sequence number specifies the position of this segment’s data in the communication stream – SYN=1234 means that the payload of this segment contains data from byte 1234 • The acknowledgment number specifies the position of the next byte expected from the host – ACK=1234 means that the host has received correctly up to byte 1233 and expects byte 1234 • Basis for retransmission of lost segments, duplication Eike Ritter Network Security - Lecture 6 6

  8. TCP flags • Used for the setup/shutdown of virtual circuit and other operations on it: – SYN: used in connection setup – ACK: acknowledgment number is valid – FIN: request to shutdown one stream – RST: reset the virtual circuit – URG: indicates that the urgent pointer is valid – PSH: indicates that data should be passed to the application as soon as possible (“push”) Eike Ritter Network Security - Lecture 6 7

  9. TCP virtual circuit setup • TCP establishes a connection-oriented communication service on top of packet-oriented IP • The setup is done through the three-way handshake – Client sends a SYN to the server ( active open ); sequence number is I A – Server replies with SYN-ACK; the ack is set to I A +1 ; sequence number is I B – Client sends ACK; the ack is set to I B +1 ; sequence number is I A +1 Eike Ritter Network Security - Lecture 6 8

  10. Initial sequence number Server:80 Client:7890 Eike Ritter Network Security - Lecture 6 9

  11. Initial sequence numbers • What to use as the initial sequence number? • The original standard specified that sequence number should be incremented every 4 microseconds • BSD UNIXes initially used a number that is incremented by 64,000 every half second and by 64,000 every time a connection is established • We’ll see in a bit if these are good choices… Eike Ritter Network Security - Lecture 6 10

  12. TCP data exchange • Host sends data – Acknowledgment number: up to previous segment – Sequence number: initial sequence number increased of data transferred so far • Recipient (RCV) accepts a segment (SEG) if segment is inside the receive window − RCV.ACK <= SEG.SEQ < RCV.ACK + RCV.WINDOW or RCV.ACK <= SEG.SEQ + SEG.LENGTH – 1 < RCV.ACK + RCV.WINDOW • Empty segments may be exchanged to acknowledge received data Eike Ritter Network Security - Lecture 6 11

  13. Data exchange Server:80 Client:7890 data len: 15 data len: 15 Eike Ritter Network Security - Lecture 6 12

  14. TCP virtual circuit shutdown • One of the hosts, say the server, shuts down its stream by sending a segment with the FIN flag set • The other host, the client, acknowledges the receipt • From this point on, the server will not send any data – It will only send ACKs for the data it receives • When the client shuts down its stream, the virtual circuit is closed Eike Ritter Network Security - Lecture 6 13

  15. Virtual circuit shutdown Server:80 Client:7890 Server closes its half of the circuit Client closes its half of the circuit Eike Ritter Network Security - Lecture 6 14

  16. TCP portscan • Used to determine the TCP services available on a host – Each service is traditionally associated with a specific port (see /etc/services ) – Assumption: open port implies corresponding service is available • Simplest form: “connect scan” – connect to all possible ports – If three-way handshake succeeds, port is open • Disadvantage: – Noisy Eike Ritter Network Security - Lecture 6 15

  17. TCP connect scan $ nmap –sT 172.16.48.130 Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-21 01:15 PST Interesting ports on 172.16.48.130: Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 2049/tcp open nfs 3306/tcp open mysql 5000/tcp open upnp 6000/tcp open X11 8000/tcp open http-alt Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds Eike Ritter Network Security - Lecture 6 16

  18. TCP connect scan IP 172.16.48.139.46767 > 172.16.48.130.80: Flags [S] IP 172.16.48.130.80 > 172.16.48.139.46767: Flags [S.] IP 172.16.48.139.46767 > 172.16.48.130.80: Flags [.] IP 172.16.48.139.47399 > 172.16.48.130.3325: Flags [S] IP 172.16.48.139.36666 > 172.16.48.130.2910: Flags [S] IP 172.16.48.139.48912 > 172.16.48.130.1433: Flags [S] IP 172.16.48.139.53332 > 172.16.48.130.1082: Flags [S] IP 172.16.48.139.36286 > 172.16.48.130.63331: Flags [S] IP 172.16.48.139.41808 > 172.16.48.130.5100: Flags [S] IP 172.16.48.139.44684 > 172.16.48.130.444: Flags [S] IP 172.16.48.130.1433 > 172.16.48.139.48912: Flags [R.] IP 172.16.48.130.1082 > 172.16.48.139.53332: Flags [R.] IP 172.16.48.130.63331 > 172.16.48.139.36286: Flags [R.] IP 172.16.48.130.5100 > 172.16.48.139.41808: Flags [R.] IP 172.16.48.130.444 > 172.16.48.139.44684: Flags [R.] Eike Ritter Network Security - Lecture 6 17

  19. TCP SYN portscan • Attacker sends a SYN packet • The target host – Replies with a SYN/ACK, if the port is open – Replies with a RST, if the port is closed • The attacker sends a RST instead of ACK that would close three-way handshake • Connection is never completed – Applications do not record event in their logs Eike Ritter Network Security - Lecture 6 18

  20. TCP SYN portscan $ sudo nmap -sS 172.16.48.130 Starting Nmap 5.00 ( http://nmap.org ) at 2011-01-21 01:30 PST Interesting ports on 172.16.48.130: Not shown: 992 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 2049/tcp open nfs 3306/tcp open mysql 5000/tcp open upnp 6000/tcp open X11 8000/tcp open http-alt Nmap done: 1 IP address (1 host up) scanned in 0.23 seconds Eike Ritter Network Security - Lecture 6 19

  21. TCP SYN portscan IP 172.16.48.139.39558 > 172.16.48.130.80: Flags [S] IP 172.16.48.130.80 > 172.16.48.139.39558: Flags [S.] IP 172.16.48.139.39558 > 172.16.48.130.80: Flags [R] IP 172.16.48.139.39558 > 172.16.48.130.256: Flags [S] IP 172.16.48.130.256 > 172.16.48.139.39558: Flags [R.] IP 172.16.48.139.39558 > 172.16.48.130.111: Flags [S] IP 172.16.48.130.111 > 172.16.48.139.39558: Flags [S.] IP 172.16.48.139.39558 > 172.16.48.130.111: Flags [R] Eike Ritter Network Security - Lecture 6 20

  22. TCP FIN/Xmas scans • TCP RFC says – If port is closed, incoming segment not containing RST causes a RST to be sent – If port is open, incoming segment without SYN, RST, or ACK is silently dropped • FIN scan – Send segment with FIN – If RST received, port is closed; else open • Xmas scan – Send segment with FIN, PSH, and URG – If RST received, port is closed; else open Eike Ritter Network Security - Lecture 6 21

  23. TCP FIN/Xmas scans $ sudo nmap -sF 172.16.48.130 [target is Linux] Starting Nmap 5.00 ( http://nmap.org ) Interesting ports on 172.16.48.130: Not shown: 992 closed ports PORT STATE SERVICE ... 8000/tcp open|filtered http-alt 15:50:33.991035 IP 172.16.48.139.49879 > 172.16.48.130.1700: F 2638861074:2638861074(0) win 3072 15:50:33.991038 IP 172.16.48.130.1700 > 172.16.48.139.49879: R 0:0(0) ack 2638861075 win 0 15:50:33.991041 IP 172.16.48.139.49879 > 172.16.48.130.625: F 2638861074:2638861074(0) win 2048 15:50:33.991043 IP 172.16.48.130.625 > 172.16.48.139.49879: R 0:0(0) ack 2638861075 win 0 15:50:33.991066 IP 172.16.48.139.49879 > 172.16.48.130.1104: F 2638861074:2638861074(0) win 4096 15:50:33.991070 IP 172.16.48.130.1104 > 172.16.48.139.49879: R 0:0(0) ack 2638861075 win 0 15:50:34.027421 IP 172.16.48.139.49880 > 172.16.48.130.8000: F 2638795539:2638795539(0) win 2048 Eike Ritter Network Security - Lecture 6 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Programming for Engineers Bit Manipulation ICEN 200 Spring 2018 Prof. Dola Saha 1 Bitwise

Programming for Engineers Bit Manipulation ICEN 200 Spring 2018 Prof. Dola Saha 1 Bitwise

Programming for Engineers Bit Manipulation ICEN 200 Spring 2018 Prof. Dola Saha 1 Bitwise Operation Computers represent all data internally as sequences of bits. Each bit can assume the value 0 or the value 1. The bitwise

615 views • 20 slides
UR Gems Agenda Orientation and Logging In Choosing a Reporting Source Navigating

UR Gems Agenda Orientation and Logging In Choosing a Reporting Source Navigating

URGems Ad Hoc Reporting Using IBM Cognos Workspace Advanced UR Gems Agenda Orientation and Logging In Choosing a Reporting Source Navigating Workspace Advanced Building an Awards report Grouping Summarizing Setting

564 views • 37 slides
Supplementary Networking Slides These slides provide more detail than we covered in lecture

Supplementary Networking Slides These slides provide more detail than we covered in lecture

Supplementary Networking Slides These slides provide more detail than we covered in lecture We dont in general anticipate drawing upon these extra points If/when we do, well strive to explicitly cover them in lecture But

525 views • 37 slides
IDIS OVERVIEW IDIS Online for CDBG Entitlement Communities 1 What is IDIS Online? Real-time

IDIS OVERVIEW IDIS Online for CDBG Entitlement Communities 1 What is IDIS Online? Real-time

IDIS OVERVIEW IDIS Online for CDBG Entitlement Communities 1 What is IDIS Online? Real-time online database Supports CDBG, CDBG-R, HOME, ESG, and HOPWA Key purposes of IDIS: Disburse funds Collect data Accomplishments and

112 views • 9 slides
Changing the Face of Computing Tracy Camp Department Head and Professor Computer Science A

Changing the Face of Computing Tracy Camp Department Head and Professor Computer Science A

Changing the Face of Computing Tracy Camp Department Head and Professor Computer Science A Success Story in CS@Mines 2008-09 2014-15 2018-19 # Majors 157 226 524 Women (%) 10.8% 12.7% 21.4% URG 7.6% 13.9% 21.8% Women at

359 views • 10 slides
Chapter 3 outline 3.1 transport-layer 3.5 connection-oriented transport: TCP services

Chapter 3 outline 3.1 transport-layer 3.5 connection-oriented transport: TCP services

Chapter 3 outline 3.1 transport-layer 3.5 connection-oriented transport: TCP services segment structure 3.2 multiplexing and demultiplexing reliable data transfer flow control 3.3 connectionless connection management

496 views • 28 slides
10/15/2012 Aim of this Paper Critical Factors Characterizing Projects Advance the discovery of a

10/15/2012 Aim of this Paper Critical Factors Characterizing Projects Advance the discovery of a

10/15/2012 Aim of this Paper Critical Factors Characterizing Projects Advance the discovery of a process that will select [most] appropriate lifecycle for the planned project and Lifecycle Models Assumption: Certain critical factors

537 views • 5 slides
Chris Cooper

Chris Cooper

Chris Cooper Slides &amp; Scripts: http://QCCoLab.com/ipset

403 views • 22 slides
The Transport Layer: TCP &amp; Reliable Data Transfer Smith College, CSC 249 February 15, 2018

The Transport Layer: TCP &amp; Reliable Data Transfer Smith College, CSC 249 February 15, 2018

The Transport Layer: TCP &amp; Reliable Data Transfer Smith College, CSC 249 February 15, 2018 1 Chapter 3: Transport Layer q TCP Transport layer services: v Multiplexing/demultiplexing v Connection management v Reliable data transfer SEQ

285 views • 12 slides
1 TCP sender events: TCP reliable data transfer data rcvd from app: timeout: Create segment

1 TCP sender events: TCP reliable data transfer data rcvd from app: timeout: Create segment

TCP: Overview RFCs: 793, 1122, 1323, 2018, 2581 point-to-point: full duplex data: bi-directional data flow in one sender, one receiver same connection reliable, in-order byte TCP MSS: maximum segment steam: size no

311 views • 4 slides
Networking &amp; Network Attacks Engineering Secure Software Last Revised: August 28, 2020

Networking &amp; Network Attacks Engineering Secure Software Last Revised: August 28, 2020

Networking &amp; Network Attacks Engineering Secure Software Last Revised: August 28, 2020 SWEN-331: Engineering Secure Software Benjamin S Meyers 1 Why Do We Study Networks? Networks scans are the most prevalent method of understanding

1.3k views • 44 slides
.E! .E! !

.E! .E! !

428 views • 8 slides
Accountability Sub-Report on Diversity: Faculty Diversity Outcomes Michael T. Brown, Provost and

Accountability Sub-Report on Diversity: Faculty Diversity Outcomes Michael T. Brown, Provost and

Accountability Sub-Report on Diversity: Faculty Diversity Outcomes Michael T. Brown, Provost and Executive Vice President, Academic Affairs, Office of the President Susan Carlson, Vice Provost, Academic Personnel and Programs, Office of the

622 views • 5 slides
Expansion of the Global SCIONLAB Network Presented by Jonghoon Kwon &amp; David Hausheer

Expansion of the Global SCIONLAB Network Presented by Jonghoon Kwon &amp; David Hausheer

Expansion of the Global SCIONLAB Network Presented by Jonghoon Kwon &amp; David Hausheer SCIONLAB: A Next Gen. Internet Testbed Open research network you can use today Secure and fine-grained inter-domain routing control along with true

368 views • 16 slides
1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

1 Transport Layer Transport Layer RTT Estimation RTT Estimation Basic Idea SampleRTT :

Transport Layer Transport Layer Outline Mobile network Transport-layer Connection-oriented Global ISP services transport: TCP Transport Layer Multiplexing and segment structure Home network demultiplexing reliable data

264 views • 5 slides
Transport layer Transp anspor ort t se services ices and nd pr protocols ocols applicatio

Transport layer Transp anspor ort t se services ices and nd pr protocols ocols applicatio

Transport layer Transp anspor ort t se services ices and nd pr protocols ocols applicatio Provide communication between n transport application processes running on network data link physical different hosts Protocols run in

649 views • 51 slides
CS 356: Computer Network Architectures Lecture 18: End-to-end Protocols Chapter 5.1, 5.2

CS 356: Computer Network Architectures Lecture 18: End-to-end Protocols Chapter 5.1, 5.2

CS 356: Computer Network Architectures Lecture 18: End-to-end Protocols Chapter 5.1, 5.2 Xiaowei Yang xwy@cs.duke.edu Transport protocols Overview UDP and TCP Lab 3 Before: How to deliver packet from one host to another

680 views • 63 slides
TCP CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/

TCP CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/

TCP CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/ TCP Header Source port Destination port Used to mux Sequence number and demux Acknowledgment HdrLen Advertised window Flags 0 Checksum

945 views • 69 slides
Explore VisIt:: an open source, end user tool for visualizing and analyzing very large data M04:

Explore VisIt:: an open source, end user tool for visualizing and analyzing very large data M04:

at Explore VisIt:: an open source, end user tool for visualizing and analyzing very large data M04: Introduction to VisIt: : 8:30-12:00 M14: Advanced VisIt usage: 1:30-5:00 Monday, November 15 th in Rm 388 Introduction to Tutorial M04 8:30

885 views • 63 slides
A new crustal model as input for the European strength map Tesauro (1,2) (1,2) , Kaban (2) (2) ,

A new crustal model as input for the European strength map Tesauro (1,2) (1,2) , Kaban (2) (2) ,

A new crustal model as input for the European strength map Tesauro (1,2) (1,2) , Kaban (2) (2) , Cloetingh (1) (1) M. Tesauro , M. M. Kaban , S. S. Cloetingh M. (1) Netherlands Research Centre for Integrated Solid Earth science, Faculty of

288 views • 8 slides
food security and implement international environmental protection in standards and gain and

food security and implement international environmental protection in standards and gain and

Vision Goal Sustainable economic Increased capacity of growth, poverty reduction, developing countries to food security and implement international environmental protection in standards and gain and developing countries maintain market

657 views • 20 slides
RPP Refresh POTOMAC YARD CIVIC ASSOCIATION AUGUST 12, 2019 Update the Residential Permit

RPP Refresh POTOMAC YARD CIVIC ASSOCIATION AUGUST 12, 2019 Update the Residential Permit

RPP Refresh POTOMAC YARD CIVIC ASSOCIATION AUGUST 12, 2019 Update the Residential Permit Parking (RPP) program to: better address current residential parking issues Project Overview and improve the Citys ability to proactively

316 views • 16 slides
Multi-Party Computation with Hybrid Security Matthias Fitzi, Thomas Holenstein, and J urg

Multi-Party Computation with Hybrid Security Matthias Fitzi, Thomas Holenstein, and J urg

Multi-Party Computation with Hybrid Security Matthias Fitzi, Thomas Holenstein, and J urg Wullschleger Multi-Party Computation (MPC)

405 views • 29 slides
ReliableByte-Stream(TCP) Outline ConnectionEstablishment/Termination

ReliableByte-Stream(TCP) Outline ConnectionEstablishment/Termination

ReliableByte-Stream(TCP) Outline ConnectionEstablishment/Termination SlidingWindowRevisited FlowControl AdaptiveTimeout Spring2002 CS461 1 End-to-EndProtocols Underlyingbest-effortnetwork

668 views • 7 slides

More recommend