“Internet Security” Chapter 2
2. TCP/IP Suite and Internet Stack Protocols Contents 2. TCP/IP Suite and Internet Stack Protocols 2.1 Network Layer Protocols 2.2 Transport Layer Protocols 2.3 World Wide Web 2.4 File Transfer 2.5 Electronic Mail 2.6 Network Management Service 2.7 DNS 2.8 Routing Protocols 2.9 Remote System Programs
Network Layer Protocols Internet Protocol (IP) A network layer (layer 3 in the OSI model or Internet layer in the TCP/IP model) protocol which contains addressing information and some control information to enable packets to be controlled An unreliable and connectionless datagram protocol The service is called unreliable because delivery is not guaranteed The service is called connectionless because each packet is treated independently from all others Packets in the IP layer are called datagrams
Network Layer Protocols IP Datagrams ( Header + Data) 15 31 Ver HLEN Service Type Total Length Identification Flags Fragmentatin Offset 20~60 TTL Protocol Header Checksum bytes ( variable Source Address length ) Destination Address Options (if any) Data IP Datagram format
Network Layer Protocols Each field in an IP Datagram Version (VER, 4 bits) The version of the IP protocol that was used to create the datagram Header Length (HLEN, 4 bits) The total length of IPv4 datagram header Type of service (TOS, 8 bits) How the datagram should be handled by routers Precedence (3 bits) D T R C unused (1 bit) TOS 4 bits D : Minimize delay (1000) R : Maximize reliability (0010) T : Maximize throughput (0100) C : Minimize cost (0001) Normal (default) : (0000)
Network Layer Protocols Each field in an IP Datagram Overall length (16 bits) The total length (header plus data) of the IP datagram in bytes Identification (ID,16 bits) specifies to identify a datagram originating from the source host It is set by sender and uniquely identifies a specific IP datagram sent by a source host Flags (3 bits) used in fragmentation Fragmentation offset (13 bits) Fragment : the small pieces into which a datagram is divided Fragmentation : the process of dividing a datagram The relative position of each fragment with respect to the whole datagram Where the data in a fragmented datagram should be placed in the datagram being reassembled
Network Layer Protocols Each field in an IP Datagram Time to live (TTL, 8 bits) Limited lifetime in its travel through an Internet Routers and hosts that process datagram must decrement this TTL filed as time passes and remove the datagram from the Internet when its time expires Protocol (8 bits) Higher-level protocols such as TCP, UDP, ICMP, IGMP Helps the de_multiplexing process when the datagram arrives at its final destination Header checksum (16 bits) The error detection method used by most TCP/IP protocols Ensuring the integrity of header values
Network Layer Protocols Each field in an IP Datagram Source IP address (32 bits) The IP address of the sender of the IP datagram Destination IP address (32 bits) The IP address of the host to which this datagram is to be sent Options (variable length) Variable length filed ( zero or more) The most common options are as followings The security option A record route option The timestamp option A source routing option
Network Layer Protocols IP Addressing Table 2.2 TCP/IP architecture and corresponding address Layer Application Transport Internet Network Access TCP/IP Protocol HTTP, FTP, SMTP DNS and other protocols TCP, UDP IC, ICMP, IGMP Physical network Address Port address - IP address Physical (link) address
Network Layer Protocols IP Addressing Physical (local or link) address A local address is called a physical address because it is usually implemented in hardware IP address An IP address is called a logical address at the network level because it is usually implemented in software Port address The label assigned to a process is called a port address (1~1023 number) Telnet port port Telnet port port FTP FTP Computer A Computer B/C Computer B/C
Network Layer Protocols Addressing schemes IP address being divided into five different classes Class A, Class B, Class C, Class D Class A, B and C differ in the number of hosts allowed per network Class D is used for multicasting Class E is reserved for future use Table 2.3 Number of networks and hosts in each address class Address Class A (0) B (10) C (110) D (1110) E (1111) Netid First octet (8 bits) Two octets (16 bits) Three octets (24 bits) -- Hostid Three octets (24 bits) Two octets (16 bits) Last octets (8 bits) -- Number of Networks and Hosts 27 - 2 = 126 224 - 2 = 16777214 214 = 16384 216 - 2 = 65534 221 = 297152 28 - 2 = 254 No netid No hostid Netid Hostid
Network Layer Protocols Subnetting and supernetting In subnetting, one large network is divided into several samller subnetworks, and class A, B and C addresses can be subnetted Three portions netid, subnetid, hostid In supernetting, several networks are combined into one large network For example For a 32-bit IP address of 141.14.5.23 141.14 as netid 5 as subnetid 23 as hostid
Network Layer Protocols Mapping by mask Masking is a process that extracts the physical network address from IP address Performing a 32-bit IP address on another 32-bit mask, bit-by-bit logical AND operation Example 2.3
Network Layer Protocols Address Resolution Protocol (ARP) The delivery of a packet to a host or a router requires two levels of addressing Such as logical (IP) address and physical (MAC) address Since the IP datagram is encapsulated in a form to be passed through the physical network (such as LAN), the sender needs the physical MAC address of the receiver IP MAC NIC NIC
Network Layer Protocols ARP operation Refer to hard copy figure
Network Layer Protocols Proxy ARP Reverse Address Resolution Protocol (RARP) Using the physical address to get the logical IP address receiver Network A LAN 3. Packet delivery router Proxy ARP 1. ARP request LAN 2. ARP reply Network B sender
Network Layer Protocols IP Version 6 (IPv6, or IPng) Advantages Extended Address Space 32 bits (232) 128 bits (2128) Auto-configuration Stateless/Stateful address auto-configuration Efficient Packet Processing Fixed IPv6 basic header (Lower processing overhead) Extension header and no checksum Security IPSec
Network Layer Protocols IP Version 6 (IPv6, or IPng) IPv6 Addressing IPv6 address consists of 32 hexadecimal digits, with every four digits separated by a colon Flea:1075:fffb:110e:0000:0000:7c2d:a65f Flea:1075:fffb:110e::7c2d:a65f (abbreviated address) IPv6 Address Types Unicast Packets sent to a unicast address are delivered to the interface uniquely specified by the address Anycast Packets sent to a anycast address will be delivered to at least one interface specified by the address Multicast Packets sent to a multicast address will be delivered to all the interface to which the address refers
Network Layer Protocols IPv6 Packet format Source Address Destination Address Flow Label Ver Priority Payload Length Next Header Hop Limit Hop-by-hop Option header Destination Options header (note 1) Routing header Fragment header Authentication header Encapsulation header Destination Options header (note 2) upper-layer header Basic Header Extension Headers 3 31 11 15
Network Layer Protocols IPv6 Header field Version (4 bits) Priority (4 bits) defines the priority of packet with respect to traffic congestion Flow label (24 bits) designed to provide special handling for a particular flow of data contains information that routers use to associate a datagram with s specific flow and priority Payload length (16 bits) The total length of the IP datagram excluding the base header Optional extension header + data from the upper layer Next header (8 bits) Defining the header that follows the base header in the datagram Table 2.6 Next header codes
Network Layer Protocols IPv6 Header field Hop limit (8 bits) Decrements by 1 each node that forwards the packet TTL in IPv4 Source address (128 bits) A 128 bit originator address that identifies the initial sender of the packet Destination address (128 bits) A 128 bit recipient address that identifies the final destination of the datagram
Network Layer Protocols Internet Control Message Protocol (ICMP) An extension to the Internet Protocol which is used to communicate between a gateway and a source host, to manage errors and generate control messages The purpose of ICMP Providing feedback about problems in the communication environment, not to make IP reliable ICMP message 8 bits 8 bits 16 bits Type Type Checksum Rest of the header IP header IP data Data Section Frame header Frame data Trailer (if any) ICMP message format ICMP encapsulation
Network Layer Protocols Internet Group Message Protocol (IGMP) used to facilitate the simultaneous transmission of a message to a group of recipients Two types of message Report and query Report message : host -> router Query message : router -> host Type : Query (1) Report (2) 8 bits 8 bits 16 bits Ver (1) Type Unused Checksum Group address in report, all 0s in query IGMP message format
Transport Layer Protocols Two protocols in the transport layer TCP and UDP Transmission Control Protocol (TCP) A connection-oriented byte stream transport layer protocol in the TCP/IP suite provides a full duplex connection between two applications, allowing them to exchange large volumes of data efficiently Uses a sliding window protocol so that it can make efficient use of the network Error detection is handled by checksum, acknowledgement and timeout TCP is used by many popular application such as HTTP, TELNET, Rlogin, FTP and SMTP
Transport Layer Protocols TCP header IP datagram TCP segment IP header TCP header TCP Data Figure 2.10 TCP encapsulation 20 bytes 20 bytes Source port number (16 bits) Destination port number (16 bits) Sequence number (32 bits) Acknowledgement number (32 bits) Header Length (4 bits) Reserved (6 bits) Code bits (6 bits) Windows size (16 bits) Figure 2.11 TCP packet format Checksum (16 bits) Urgent pointer (16 bits) TCP option (24 bits) Padding (8 bits) Data
Transport Layer Protocols TCP header field Source and destination port number (16 bits each) The number to identify the sending and receiving application Sequence number (32 bits) The number assigned to the first byte of data stream contained in this segment Acknowledgement number (32 bits) The byte number that the sender of the segment is expecting to receive from the receiver Header length (4 bits) The number of four-byte words, between 20 to 60 bytes length Reserved (6 bits) For future use
Transport Layer Protocols TCP header field Code bits (6 bits) Window size (16 bits) Used by sliding window protocol Checksum (16 bits) Urgent pointer (16 bits) This filed is used when the segment contains urgent data Options (24 bits) The options are used to convey additional information to the destination URG : Urgent pointer is valid RST : Reset the connection ACK : Acknowledgement is valid SYN : Synchronize sequence numbers PSH : Request for push FIN : Terminate the connection URG ACK PSH RST SYN FIN
Transport Layer Protocols User Datagram Protocol (UDP) is suitable for a process that requires simple request-response communication with little concern for flow and error control But, UDP is not suitable for a process that needs to send bulk data, like FTP UDP is used for management processes such as SNMP
Transport Layer Protocols UDP header IP datagram UDP datagram IP header UDP header UDP Data 20 bytes 8 bytes Figure 2.12 UDP encapsulation 15 16 31 Source port number (16 bits) Destination port number (16 bits) Header (8 bytes) UDP length (16 bits) Checksum (16 bits) Data (if any) Figure 2.13 UDP header
Transport Layer Protocols UDP header field Source port number (16 bits) Using to Identify the sending process running on the source host Destination port number (16 bits) The number used by the process running on the destination host Length (16 bits) Length of byte in the UDP datagram, including the UDP header and the user data Checksum (16 bits) Used to detect errors over the entire user datagram covering the UDP header and the UDP data
World Wide Web WWW Hypertext Transfer Protocol (HTTP) A distributed client-server service, in which a client using a browser can access a service using a server Hypertext Transfer Protocol (HTTP) The protocol used to transfer a Web page between a browser and a Web server Hypertext Markup Language (HTML) A language used to create Web pages Web page : head + body Tags = marks < Tag Name >
World Wide Web HTMP example <html> <head> <title>기본구조</title> </head> <body> <h1>HTML의 기본 구조</h1> HTML은 다음과 같이 ..... </body> </html>
File Transfer File Transfer Protocol (FTP) The standard mechanism provided by TCP/IP for copying a file from on host to another Two TCP connections between the hosts Trivial File Transfer Protocol (TFTP) A protocol that quickly copies files because it does not require all the sophistication provided in FTP Network File System (NFS) Developed by Sun Microsystems Provides online shared file access that is transparent and integrated Data transfer FTP FTP Control info. Host A Host B
Electronic Mail Protocols that support electronic mail service Simple Mail Transfer Protocol (SMTP) The protocol that transfer e-mail from one server to another Post Office Protocol Version 3 (POP3) Te most popular protocol used to transfer e-mail message from a permanent mailbox to local computer Internet Message Access Protocol (IMAP) A standard protocol for accessing e-mail from your local server Multipurpose Internet Mail Extension (MIME) allows arbitrary data to be encoded in ASCII and then transmitted in a standard e-mail message
Network Management Service Simple Network Management Protocol (SNMP) An application protocol that facilitate the exchange of management information between network devices enables network administrators to manage network performance, find and resolve network problems and plan for network growth Management system request response Managed devices
Converting IP Addresses Domain Name System (DNS) Distributed database to map a Domain Name to an IP address Receives query for a Domain Name Retrieves and Sends the IP address corresponding to a Domain Name Hierarchical naming scheme DNS Root Server DNS … There exist many servers and hosts in a DNS Domain
5. Send that query to Name Server for kunsan.ac.kr DNS operation example Upper level DNS 4. Notify the name server IP address for kunsan.ac.kr 3. If DNS has not cache data for “www.kunsan.ac.kr”, deliver that query to the upper level DNS 5. Send that query to Name Server for kunsan.ac.kr 3 6. Receive the IP address 198.81.200.1 corresponding to domain name “www.kunsan.ac.kr” 4 2. Send IP address query corresponding to domain name “www.kunsan.ac.kr” to predefined DNS 5 6 2 Predefined DNS 1. serching “www.kunsan.ac.kr” using Web Browser Name Server 7 7. Receive the IP address 198.81.200.1 from predefined DNS 1 8 8. Receive hypertext data from 198.81.200.1 using TCP 80 port
Routing Protocols Routing Information Protocol (RIP) A protocol used to propagate routing information inside an autonomous system Autonomous System (AS) is a group of networks and routers under the authority of a single administration Popular interior routing protocol Updating routing tables in an AS Open Shortest Path First (OSPF) A new alternative to RIP as an interior routing protocol Link-state routing A process by which each router shares its knowledge about its neighborhood with every other router in the area
Routing Protocols Border Gateway Protocol (BGP) An exterior gateway protocol for communication between routers in different autonomous system AS AS RIP or OSPF RIP or OSPF BGP
Remote System Programs TELNET A simple remote terminal protocol allows a user to log on to a computer across an Internet Remote Login (Rlogin) designed for remote login only between UNIX hosts