Dr. Richard Spillman Fall 2006 The Lord Net Of the NETWORK S Dr. Richard Spillman Fall 2006 One net to rule them all One net to find them One net to bring them all And in the darkness bind them
Network Structures & Operation The Lord Net Of the Lecture 5 Network Structures & Operation One net to rule them all One net to find them One net to bring them all And in the darkness bind them
Class Topics Network Structure Network Structure VPN Database Security Audits VPN Database Security Audits Database Security Wireless Network Structure Net Attacks Firewalls VPN IDS Wireless Firewalls IDS Net Attacks
Review – Layer Structures Each layer has a specific application and carries specific information to communicate with a peer layer on another system As a result of this configuration model, it is possible to discuss each layer separately New features can be added to a layer without affecting other layers The operation of a layer can be understood without involving the other layers Application Transport Network Link Physical
Review – TCP Header The TCP protocol adds a header to the data + application header package TCP app data Identifies the application 32 bits Source Port # Destination Port # Sequence Number Acknowledgement Number Head Length Reserved U A P R S F Receiver Window Size CheckSum Urgent Data Pointer Options (variable length)
OUTLINE Network Layer IP Addressing IP Format
Network Layer
Network Layer The application layer provides the necessary structure to run an application on a network The transport layer sets up a connection for the application However neither the application layer nor the transport layer identify the target machine – this is the role of the network layer Application Transport Network Link Physical
Router Complex device that determines where to forward packets Used in large-scale networks (i.e., it is typically not used to forward packets within a LAN) a packet arrives on one interface leaves on other(s) heading toward desired destination(s) routers must determine where to forward packets with given destination address use routing protocols to communicate with other routers How does it know?
Main Goal Network Layer Protocols allow packets to be routed across multiple routers from a source host to a destination host, even if the routers come from different vendors provides an end-to-end connection Route The protocol for routing across the Internet is called IP (Internet Protocol)
General The Network Layer is responsible for delivering traffic between two hosts each host is identified by a unique host address (e.g. IP address) The Network Layer not concerned about delivery to particular applications on the host (that’s up to the Transport Layer)
Network Layer Functions Host, router network layer functions: N E T W O R k Transport Layer: TCP, UDP Routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling conventions ICMP protocol error reporting router “signaling” Link Layer Physical Layer
IP Addressing
A host interface has 3 types of addresses: Internet Addressing A host interface has 3 types of addresses: host name (Application Layer): e.g., www.cs.plu.edu IP address (Network Layer): e.g., 128.119.40.7 MAC address (Link Layer): e.g., E6-E9-00-17-BB-4B
Why 3 Addresses? Internet host names: convenient app-to-app communication IP: efficient large-scale network communication MAC: quick-n-easy LAN forwarding Internet 128.119.40.7 E6-E9-00-17-BB-4B
IP Address Consists of the network portion and a host portion. Every host must have a unique IP address IP address is a 32 bit number Usually written as four 8 bit numbers (dotted decimal): 192.168.4.3 Consists of the network portion and a host portion. Network [192.168.4] Host [3] Each network segment requires its own network number The number of bits dedicated to network versus host is configurable. By allocating more bits to the network portion you can increase the number of networks at the expense of the size of each network (called subnetting).
Default IP Address Types Default netmasks exists for three sizes of networks (class A, B, and C) Class A networks (netmask 255.0.0.0) 126 possible networks with 16,777,216 hosts per network First octet always in the range from 1 to 126 Class B networks (netmask 255.255.0.0) 16384 possible networks with 65,536 hosts per network First octet always in the range from 128 to 191 Class C networks (netmask 255.255.255.0) 2,097,152 possible networks with 254 hosts per network First octet always in the range from 192 to 223 Old Method
Netmasks 1 Netmasks are used to configure the number of bits to use for the network portion A Netmask is logically anded with the IP address to determine the network portion Decimal Notation Binary Notation 255.255.255.0 11111111 11111111 11111111 00000000 & 192.168.4.3 11000000 10101000 00000100 00000011 ------------------------------------------------------------------------------------------- 192.168.4.0 11000000 10101000 00000100 00000000
Netmasks 2 Can be written as dotted decimal or as a bit count address 192.168.4.3 netmask 255.255.255.0 192.168.4.3/24 Typical netmask (class C network) is 255.255.255.0. Allows for 256 address of which 254 can be used to number hosts. (The first and last number of any IP network are reserved) Do not need to end on an 8 bit boundary. 255.255.192.0 or 255.255.255.128 are valid netmasks. The first would allow networks with 16,382 hosts per network, the later 126 hosts per network.
Class A Address Internet IP Address Ranges Network Host Class A: 1-126 0.0.1 to 255.255.254 (127 networks) (16,711,680 hosts) Network 1 Network 2 Network 3 Network Network 127 Networks: Few Internet 1 16,711,680 Networks: Many
Class B Address Internet IP Address Ranges Network Host Class B: 128.1 to 191.254 0.1 to 255.254 (16,320 networks) (65,024 hosts) Network 1 Network 2 Network 3 Network Network 16,320 Networks: Average Internet 1 65,024 Networks: Average
Class C Address Internet IP Address Ranges Network Host Class C: 192.0.1 to 223.255.254 1 to 254 (2,088,960 networks) (255 hosts) Network 1 Network 2 Network 3 Network Network 2,088,960 Networks: Many Internet 1 255 Networks: Few
CIDR Address Classless Interdomain Routing – the new method for IP addresses network part can be any # of bits Format: a.b.c.d/x, where x indicates # of bits in network part (the prefix) high order bits form the prefix once inside the network, can subnet: divide remaining 24-x bits 128.119.48.12/18 = 10000000 01110111 00110000 00001100
DHCP DHCP (Dynamic Host Configuration Protocol) is a protocol that lets network administrators manage centrally and automate the assignment of IP (Internet Protocol) configurations on a computer network. Without DHCP, the IP address must be entered manually at each computer system. DHCP lets a network administrator supervise and distribute IP addresses from a central point. The purpose of DHCP is to provide the automatic (dynamic) allocation of IP client configurations for a specific time period (called a lease period) and to eliminate the work necessary to administer a large IP network.
DHCP Protocol GOAL: allow the host to dynamically obtain its IP address from the network server when it joins the network Can renew its lease on the address Allows reuse of addresses (only hold the address while connected and “on”) Support for mobile users who want to the join the network Process Host broadcasts “DHCP discover” message DHCP server responds with “DHCP offer” message Host requests IP address with a “DHCP request” message DHCP server sends the address with a “DHCP ack” message
Transport Layer: TCP, UDP Network Level Format Physical Layer Link Layer N E T W O R k Transport Layer: TCP, UDP ICMP protocol error reporting router “signaling” IP protocol addressing conventions datagram format packet handling conventions Routing protocols path selection RIP, OSPF, BGP
IP Header The Network Layer adds an IP header to the data: IP TCP app 32 bits Version Length TOS Total Length (in bytes) Identification D M Fragment Offset Time to Live Protocol Header Checksum Source IP Address Destination IP Address Options (variable length)
Version & Header Length Version number of IP protocol Current is version 4 (IPv4) Moving to version 6 (IPv6) Note: no versions 1, 2, 3 or 5 were used The header length defines the size of the data unit in multiplies of four bytes (32 bits). The minimum length is five bytes and the maximum is 65536 bytes. Padding bytes fill any unused spaces. Options (variable length) Destination IP Address Source IP Address Time to Live Protocol Header Checksum 32 bits Identification D M Fragment Offset Version Length TOS Total Length (in bytes)
Type of Service & Total Length Type of Service (TOS) is designed to provide “hints” to routers Normal delay vs. low delay Normal throughput vs. high throughput Normal reliability vs. high reliability Just the total length in bytes of the packet Options (variable length) Destination IP Address Source IP Address Time to Live Protocol Header Checksum 32 bits Identification D M Fragment Offset Version Length TOS Total Length (in bytes)
ID, Flags & Fragment Fields Identification (16 bits). A value which is assigned by the sender to aid the assembly of the frames of a datagram. D and M bits. A gateway may route a datagram and split it into smaller fragments. The D bit informs the gateway that it should not fragment the data and thus it signifies that a receiving node should receive the data as a single unit or not at all. The M bit is the ‘more fragments’ bit and is used when data is split into fragments. Fragment offset (13 bits). Indicates which datagram this fragment belongs to. The fragment offset is measured in units of eight bytes (64 bits). The first fragment has an offset of zero. Options (variable length) Destination IP Address Source IP Address Time to Live Protocol Header Checksum 32 bits Identification D M Fragment Offset Version Length TOS Total Length (in bytes)
Time to Live Field Options (variable length) Destination IP Address Initially set by sending transport layer (0-255) Decremented by each router that handles packet Packet discarded when TTL = 0 avoids infinite loops Time To Live can usually be configured in operating system e.g. through Windows registry Example defaults: MS Windows prior to NT4: TTL = 32 MS Windows NT 4.0: TTL = 128 MacOS/MacTCP 2.0.x: TTL = 60 Sun Solaris 2.x: TTL = 255 Most other Unixes: TTL = 60 or 64 Options (variable length) Destination IP Address Source IP Address Time to Live Protocol Header Checksum 32 bits Identification D M Fragment Offset Version Length TOS Total Length (in bytes)
Protocol & Checksum Field Indicates the type of protocol in data field e.g. TCP = “6” e.g. UDP = “17” Checks for errors in the header only bad headers can harm the network very little work compared to checking entire packet verified & recomputed at every router Options (variable length) Destination IP Address Source IP Address Time to Live Protocol Header Checksum 32 bits Identification D M Fragment Offset Version Length TOS Total Length (in bytes)
Options (variable length) ICMP Protocol The Internet Control Message Protocol (ICMP) is the protocol used for error and control messages in the internet It provides an error reporting mechanism between routers and hosts All ICMP packets are encapsulated as IP datagrams: 32 bits Type Code Checksum Options (variable length)
Message Types ICMP messages are either query messages or error messages ICMP query messages: Echo request/Echo reply (‘ping’) Router advertisement/Router solicitation Timestamp request/Timestamp reply ICMP error messages Host unreachable Time exceeded Parameter problem