CSC 382: Computer Security

Slides:



Advertisements
Similar presentations
TCP/IP TCP/IP architecture
Advertisements

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
CCNA – Network Fundamentals
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Transmission Control Protocol (TCP)
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
1 CS 4396 Computer Networks Lab Transmission Control Protocol (TCP) Part I.
1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) Transmission Control Protocol (TCP) User Datagram Protocol.
CP476 Internet Computing TCP/IP 1 Lecture 3. TCP / IP Objective: A in-step look at TCP/IP Purposes and operations Header specifications Implementations.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
BZUPAGES.COM 1 User Datagram Protocol - UDP RFC 768, Protocol 17 Provides unreliable, connectionless on top of IP Minimal overhead, high performance –No.
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.
Chapter 2 Networking Overview. Figure 2.1 Generic protocol layers move data between systems.
Transport Layer TCP and UDP IS250 Spring 2010
Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.
Chapter Overview TCP/IP Protocols IP Addressing.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.
Packet Analysis with Wireshark
ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh spring.
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.
TCP/IP Protocol Suite Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009 Asia Pacific Institute.
TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
TCP/IP Basic Theory V1.2. Course Outline OSI model and layer function TCP/IP protocol suite Transfer Control Protocol Internet Protocol Address Resolution.
1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.
Fall 2005Computer Networks20-1 Chapter 20. Network Layer Protocols: ARP, IPv4, ICMPv4, IPv6, and ICMPv ARP 20.2 IP 20.3 ICMP 20.4 IPv6.
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
Fall 2005 By: H. Veisi Computer networks course Olum-fonoon Babol Chapter 6 The Transport Layer.
Review the key networking concepts –TCP/IP reference model –Ethernet –Switched Ethernet –IP, ARP –TCP –DNS.
Chapter 81 Internet Protocol (IP) Our greatest glory is not in never failing, but in rising up every time we fail. - Ralph Waldo Emerson.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
Basic IP Protocol Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
Network Protocols n ISO OSI 7-layer model n TCP/IP suite l TCP/UDP l IP l Ethernet/Token Ring l ICMP.
Cisco Networking Academy S2 C9 TCP/IP. ensure communication across any set of interconnected networks Stack components such as protocols to support file.
Lecture 4 Overview. Ethernet Data Link Layer protocol Ethernet (IEEE 802.3) is widely used Supported by a variety of physical layer implementations Multi-access.
1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.
Chapter 2 - Page 1 Infogem Institute of Technology CCNA Course TCP/IP Protocol Suite TCP/IP PROTOCOL SUITE Chapter 3 Sybex, Chapter 9 Exam Cram.
1 Bus topology network. 2 Data is sent to all computers, but only the destination computer accepts 02608c
CIT 384: Network AdministrationSlide #1 CIT 384: Network Administration IP.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
Telecommunications Essentials John R. Durrett July 5, 2005.
1 DETAILS OF PROTOCOLS The Zoo Protocol - TCP - IP.
CSC 382: Computer SecuritySlide #1 CSC 382: Computer Security TCP/IP.
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Packet Switch Network Server client IP Ether IPTCPData.
Introduction To TCP/IP Networking Mr. Zeeshan Ali, Asst. Professor
Introduction to TCP/IP networking
Introduction to TCP/IP
CIT 384: Network Administration
TCP/IP Internetworking
TCP.
TCP/IP Transmission Control Protocol / Internet Protocol
TCP/IP Internetworking
TCP - Part I Karim El Defrawy
Week 5: Network Protocols Part 1
PART 5 Transport Layer.
TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
Presentation transcript:

CSC 382: Computer Security TCP/IP CSC 382: Computer Security

CSC 382: Computer Security Topics TCP/IP Layering Encapsulation Internet Addresses Link Layer Protocols IP Routing TCP and UDP Application Layer Protocols CSC 382: Computer Security

CSC 382: Computer Security Network Example A1 A2 A3 Router External Router B1 B2 B3 CSC 382: Computer Security

CSC 382: Computer Security TCP/IP Layering Application Transport Network Data Link Physical HTTP, FTP, telnet TCP, UDP IP, ICMP, IGMP PPP, 802.11 Ethernet CSC 382: Computer Security

CSC 382: Computer Security TCP/IP Layers Physical NIC, cabling, electrical signaling. Data Link Single hop transport of packets. Wired protocols (ethernet, FDDI, PPP) Wireless protocols (802.11) Network End to end delivery of packets. IP: Internet Protocol CSC 382: Computer Security

CSC 382: Computer Security TCP/IP Layers Transport Flow of data between two hosts for application layer. TCP: reliable data flow with acknowledgements, retransmission, and timeouts. UDP: simpler service with no guarantees. Application Protocols for particular applications. ex: FTP, HTTP, SMTP CSC 382: Computer Security

Encapsulation/De-multiplexing Sending: data sent down protocol stack Each layer prepends a header to data Ethernet frame sent as bit stream across wire Receiving: data moves up protocol stack NIC moves bits into memory as ethernet frame Each layer removes its header from packet CSC 382: Computer Security

CSC 382: Computer Security Encapsulation Figure 1.7 from TCP/IP Illustrated, Vol 1. CSC 382: Computer Security

CSC 382: Computer Security De-multiplexing Figure 1.8 from TCP/IP Illustrated, Vol 1. CSC 382: Computer Security

CSC 382: Computer Security TCP/IP Security TCP/IP has no built-in strong security. No confidentiality features. Minimal availability features (ToS options). Insecure CRC checksums for integrity. IPsec protocol extension adds security. CSC 382: Computer Security

CSC 382: Computer Security Data Link Layer IEEE Standards Ethernet (802.3) Token Ring (802.5) Wireless (802.11) Serial Protocols SLIP and CSLIP PPP CSC 382: Computer Security

CSC 382: Computer Security Hubs and Switches Hubs Broadcast packets received to all interfaces. Switches Associates MAC addresses with physical interfaces. Sends packets only to specified interface. May have SPAN port for network monitoring. CSC 382: Computer Security

CSC 382: Computer Security Data Link Layer Loopback Looks like any other link layer device. Full network processing is performed. Sends packets to localhost for testing. 48-bit MAC address Maximum Transmission Unit (MTU) 1492 or 1500 bytes, depending on ethernet std CSC 382: Computer Security

CSC 382: Computer Security Promiscuous Mode All ethernet frames to or from any locally connected host are seen by all hosts. NIC normally filters out frames that are not addressed to its MAC address. In promiscuous mode, NIC processes all ethernet frames, not just ones addressed to it. Requires administrative access on most OSes. CSC 382: Computer Security

CSC 382: Computer Security IP: Internet Protocol Unreliable, connectionless datagram service Packets may arrived damaged, out of order, duplicated or not at all. Transport/Application layers provide reliability. IPv4 underlies Internet. 32-bit addresses in dotted-quad: 10.17.0.90. IPv6 is successor with 128-bit addresses. Complexities: addressing, routing RFC 791 CSC 382: Computer Security

CSC 382: Computer Security IP Header Figure 3.1 from TCP/IP Illustrated, Vol 1. CSC 382: Computer Security

CSC 382: Computer Security IP Header Protocol version: IPv4 Header length: 5-60 32-bit words Type of service (TOS): 3-bit precedence (ignored today) 4 TOS bits (min delay (telnet), max throughput (ftp), max reliability, min monetary cost) unused 0 bit CSC 382: Computer Security

CSC 382: Computer Security IP Header Total length: length of IP datagram (bytes) maximum size: 65535 bytes large packets fragmented at data link layer. small packets may be padded to minimum length. TTL: upper limit on number of router hops. Protocol: which protocol supplied packet data. Header checksum: IP header checksum CSC 382: Computer Security

CSC 382: Computer Security IP Fragments IP packets may be fragmented by routers for transmission across different media. Max IP packet size: 65536 Max Ethernet packet size: 1500 IP headers contain fragment data: Don’t Fragment Flag: 0=allowed, 1=don’t More Fragments Flag: 0=last, 1=more fragments Identification: identifies single packet for reassembly. Fragment Offset: where contents of fragment go. CSC 382: Computer Security

CSC 382: Computer Security Internet Addresses 32-bit IPv4 addresses Dotted decimal notation: ii.jj.kk.ll Divided into two parts Network ID Host ID XOR address with netmask to get Network ID. Network ID Host ID CSC 382: Computer Security

CSC 382: Computer Security Address Classes Class A: 0.0.0.0-127.255.255.255 8-bit net ID, 24-bit host ID Class B: 128.0.0.0-191.255.255.255 16-bit net ID, 16-bit host ID Class C: 192.0.0.0-223.255.255.255 24-bit net ID, 8-bit host ID Class D: 224.0.0.0-239.255.255.255 28-bit multicast group ID Class E: 240.0.0.0-255.255.255.255 Reserved for future use CSC 382: Computer Security

CSC 382: Computer Security CIDR Class addressing too inefficient Still need to aggregate routes to limit routing table size. Example:196.1.1.0/24 24-bits of Net ID: 196.1.1 Remaining 8-bits are host ID Not limited to network class sizes Example: 192.168.128.0/22 4 class C networks: 192.168.{128,129,130,131}.0 CSC 382: Computer Security

Network Address Translation Local network uses IETF reserved addresses. Non-routable: no router knows how to send packets to. RFC 1918: 10.x.y.z, 192.168.y.z, 172.16.y.z Gateway translates reserved addresses to unique, routable IP addresses. NAT: Dynamic mapping to pool of routable IP addresses. 10.0.0.1 -> 4.2.3.5 10.0.0.2 -> 4.2.3.6 NAPT: Dynamic mapping to IP addresss/pool of src ports. 10.0.0.1 -> 4.2.3.5:1 10.0.0.2 -> 4.2.3.5:2 CSC 382: Computer Security

ARP: Address Resolution Protocol MAC address determines packet destination. How does network layer supply the link layer with a MAC address? ARP: Address Resolution Protocol Maps 32-bit IP addresses to 48-bit MAC addrs Data link layer protocol above ethernet RARP: Reverse ARP CSC 382: Computer Security

CSC 382: Computer Security ARP Example sftp zappa.nku.edu Obtains IP address via gethostbyname() sftp asks TCP to connect to IP address TCP sends connection request to brahms using an IP datagram Sending host emits ARP broadcast, asking for MAC address of given IP address Destination host’s ARP layer receives broadcast, answers with an ARP reply w/ IP->MAC mapping Sending host constructs ethernet frame with destination MAC address containing IP datagram Sending host sends IP datagram CSC 382: Computer Security

CSC 382: Computer Security ARP Cache at204m02 (10.1.0.90) > arp -a Net to Media Table: IPv4 Device IP Address Phys Addr ------ -------------------- ------------------ hme0 at_elan.lc3net 00:00:a2:cb:28:5e hme0 10.1.0.79 00:e0:cf:00:0e:92 hme0 at204m02 08:00:20:d8:e0:07 hme0 10.1.7.103 00:90:27:b6:b5:e5 hme0 10.1.0.139 00:e0:cf:00:15:bd CSC 382: Computer Security

CSC 382: Computer Security ARP Features Proxy ARP Router can answer ARP requests on network B for a host on network A that doesn’t see broadcast. Gratuitous ARP Host sends ARP for own IP address at boot. No reply should be received. Network misconfiguration if reply received. CSC 382: Computer Security

CSC 382: Computer Security IP Connectivity No Network loopback only Single LAN direct connectivity to hosts Single Router Direct connectivity to local LAN Other networks reachable through one router Multiple Routes to Other Networks CSC 382: Computer Security

CSC 382: Computer Security IP Routing Figure 1.3 from TCP/IP Illustrated, Vol. 1 CSC 382: Computer Security

CSC 382: Computer Security Routing Table Where to send an IP packet to? Use a table lookup: routing table Search Process: Search for a matching host address. Search for a matching network address. Search for a default route. No route to destination: Host or network unreachable error if search fails. CSC 382: Computer Security

CSC 382: Computer Security Routing Table at204m02 (10.1.0.90) > netstat –rn Routing Table: IPv4 Destination Gateway Flags Ref Use Int ------------- -------------------- ----- ----- 10.1.0.0 10.1.0.90 U 1 4977 hme0 224.0.0.0 10.1.0.90 U 1 0 hme0 default 10.1.0.1 UG 1 66480 127.0.0.1 127.0.0.1 UH 6 798905 lo0 CSC 382: Computer Security

CSC 382: Computer Security Routing Table Destination: final destination host/network Gateway: next host in route to destination Flags U: Route is up G: Route is to a gateway (router) H: Route destination is a host (not a network) D: Route created by a redirect M: Route modified by a redirect CSC 382: Computer Security

CSC 382: Computer Security Routing Table 10.1.0.0 direct access to local subnet 224.0.0.0 multicast route default forward packets to router at IP 10.1.0.1 127.0.0.1 loopback CSC 382: Computer Security

CSC 382: Computer Security IP Routing Manual (static) routes Added with the route command. ICMP redirects can alter routes Router sends ICMP redirect when packet should’ve been sent to another router. Routing protocols Routers exchange routes with each other using special routing protocols. Full internet router tables contain ~30,000 routes. Source routing Sender includes routing info in packet header. CSC 382: Computer Security

ICMP (Internet Control Message Protocol) Network layer protocol encapsulated in IP Communicates error messages and exceptions. Messages handled by either IP or TCP/UDP. IP Header (20 bytes) ICMP Message 8-bit type 8-bit code 16-bit checksum Contents (always depend contains on type and code IP header + 8 data bytes) CSC 382: Computer Security

CSC 382: Computer Security ICMP Message Types Type 0: echo (ping) reply Type 3: destination unreachable Type 4: source quench Type 5: redirect Type 8: echo (ping) request Type 9, 10: router advertisement, solicitation Type 11: time (TTL) exceeded Type 12: parameter (header) problem Type 13: timestamp Type 14: timestamp reply Type 15, 16: information request, reply CSC 382: Computer Security

UDP: User Datagram Protocol Simple datagram transport layer protocol. Each application output generates one UDP datagram, which produces one IP datagram. Trades reliability for speed Sends datagrams directly to unreliable IP layer. 16-bit port numbers Identify sending and receiving processes. Applications DNS, SNMP, TFTP, streaming audio/video RFC 768 CSC 382: Computer Security

CSC 382: Computer Security UDP Header Figure 11.2 from TCP/IP Illustrated, Vol 1. CSC 382: Computer Security

CSC 382: Computer Security UDP Example: TFTP Trivial File Transfer Protocol No authentication TFTP Session: sun16 > tftp at204m02 tftp> get readme.txt Received 1024 bytes in 0.2 seconds. tftp> quit CSC 382: Computer Security

CSC 382: Computer Security TFTP Packet Types Packet types read a file (filename, ascii/binary) write a file (filename, ascii/binary) file data block ACK error CSC 382: Computer Security

CSC 382: Computer Security TFTP Packet Diagram Figure 15.1, TCP/IP Illustrated, Vol. 1 CSC 382: Computer Security

CSC 382: Computer Security TFTP Session Trace at204m02 > snoop udp sun16 0.00000 sun16 -> at204m02 TFTP Read "2sun" (netascii) 0.00498 at204m02 -> sun16 TFTP Data block 1 (512 bytes) 0.00136 sun16 -> at204m02 TFTP Ack block 1 0.00010 at204m02 -> sun16 TFTP Data block 2 (300 bytes) (last block) 5 0.00119 sun16 -> at204m02 TFTP Ack block 2 2sun is a 764-byte file CSC 382: Computer Security

CSC 382: Computer Security TFTP Security Feature: no username/password required TFTP used for diskless hosts to boot. How to protect /etc/passwd? Limit TFTP server filesystem access. Generally only can access /tftpboot directory. CSC 382: Computer Security

TCP: Transmission Control Protocol Connection-oriented Must establish connection before sending data. 3-way handshake. Reliable byte-stream TCP decides how to divide stream into packets. ACK, timeout, retransmit, reordering. 16-bit source and destination ports. FTP(21), HTTP(80), POP(110), SMTP(25) CSC 382: Computer Security

CSC 382: Computer Security TCP Reliability Breaks data into best-sized chunks. After sending segment, maintains timer; if no ACK within time limit, resends segment. Sends ACK on receipt of packets. Discards pkts on bad checkum of header and data. Receiver resequences TCP segments so data arrives in order sent. Receiver discards duplicate segments. Flow control: only sends as much data as receiver can process. CSC 382: Computer Security

CSC 382: Computer Security TCP Header Figure 17.2 from TCP/IP Illustrated, Vol 1. CSC 382: Computer Security

CSC 382: Computer Security TCP Header Sequence Number: 32-bit segment identifier. Acknowledgment: next sequence number expected by sender of ACK TCP is full duplex so both sides of connection have own set of sequence numbers Header length: length of header in 32-bit words (20bytes default–60bytes w/ options) Window size: number of bytes receiver is willing to accept (flow control) CSC 382: Computer Security

TCP Header Flags (Code Bits) URG: urgent pointer is valid ACK: acknowledgement number is valid PSH: rcvr should pass data to app asap RST: reset connection SYN: synchronize sequence numbers to initiate a connection FIN: sender is finished sending data CSC 382: Computer Security

CSC 382: Computer Security TCP Options End of option list (kind=0) NOP (kind=1) Used to pad fields to 32-bit boundary Maximum Segment Size (MSS) (kind=2) Len=4 (length includes kind + len bytes) 16-bit MSS Default: 536 data + 20 TCP hdr + 20 IP hdr Window Scale Factor (kind=3) Timestamp (kind=8) CSC 382: Computer Security

CSC 382: Computer Security TCP Connections Establishment 3-way handshake Connection Trace Termination Normal Termination Reset CSC 382: Computer Security

Connection Establishment Protocol Requester (client) sends a SYN segment, specifying the port number of the server to which it wants to connect and the client’s initial sequence number (ISN). Server responds with SYN segment containing server’s ISN. Server acknowledges client’s SYN by ACKing the client’s ISN+1. Client acknowledges server SYN by ACKing server’s ISN+1. CSC 382: Computer Security

CSC 382: Computer Security TCP 3-way Handshake Figure 2.2, UNIX Network Programming CSC 382: Computer Security

Connection Establishment Test at204m02> /usr/sbin/snoop sun09 at204m02> nc sun09 22 SSH-1.99-OpenSSH_3.7.1p2 ^C If no services running, start your own: at204m02> nc -l -p 8192 CSC 382: Computer Security

CSC 382: Computer Security TCP Connection Trace at204m02 -> sun09 TCP D=22 S=37519 Syn Seq=477982308 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460> sun09 -> at204m02 TCP D=37519 S=22 Syn Ack=477982309 Seq=3227257622 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460> at204m02 -> sun09 TCP D=22 S=37519 Ack=3227257623 Seq=477982309 Len=0 Win=24820 CSC 382: Computer Security

Connection Termination Protocol As TCP is full duplex, each side must terminate half of the connection as follows: Send FIN segment (active close) Other side ACKs w/ FIN sequence number +1 Half-closed connections Side that sent FIN can still receive data. Example: ssh fasthost sort < words.txt CSC 382: Computer Security

CSC 382: Computer Security TCP Disconnection Figure 2.3, UNIX Network Programming CSC 382: Computer Security

Connection Termination Test at204m02> /usr/lib/sendmail -bd at204m02> /usr/sbin/snoop port 25 sun09>nc at204m02 25 220 at204m02.lc3net ESMTP Sendmail 8.11.7+Sun/8.11.7; Mon, 29 Mar 2004 14:09:40 -0500 (EST) quit CSC 382: Computer Security

TCP Disconnection Trace at204m02 -> sun09 TCP D=33042 S=25 Fin Ack=3597541820 Seq=872479258 Len=0 Win=24820 sun09 -> at204m02 TCP D=25 S=33042 Ack=872479259 Seq=3597541820 Len=0 Win=24820 sun09 -> at204m02 TCP D=25 S=33042 Fin Ack=872479259 Seq=3597541820 Len=0 Win=24820 at204m02 -> sun09 TCP D=33042 S=25 Ack=3597541821 Seq=872479259 Len=0 Win=24820 CSC 382: Computer Security

CSC 382: Computer Security TCP Reset Connection Refused > telnet at204m02 8192 Trying 10.1.0.90... telnet: Unable to connect to remote host: Connection refused Packet Trace sun09 -> at204m02 TCP D=8192 S=33048 Syn Seq=3848454475 Len=0 Win=24820 Options=<nop,nop,sackOK,mss 1460> at204m02 -> sun09 TCP D=33048 S=8192 Rst Ack=3848454476 Win=0 CSC 382: Computer Security

CSC 382: Computer Security TCP Reset (cont.) Connection Abort Any queued data is thrown away. Other side is informed of abnormal close. Packet Detail: One side sends RST. Other side aborts connection. There is no ACK sent in response. CSC 382: Computer Security

Half-Open Connections Connections where one side has aborted or closed connection w/o knowledge of other. Client or server host has crashed. DOS attack: requester sends SYN, doesn’t respond to SYN+ACK. CSC 382: Computer Security

Example List of TCP Ports TCP: IPv4 (netstat –na output) Local Addr Rmt Addr State ---------- -------------------- *.111 *.* LISTEN *.32771 *.* LISTEN *.32772 *.* LISTEN *.32773 *.* LISTEN *.32774 *.* LISTEN *.4045 *.* LISTEN *.22 *.* LISTEN *.2049 *.* LISTEN *.515 *.* LISTEN *.80 *.* LISTEN *.6000 *.* LISTEN *.22 10.17.0.23.32827 ESTABLISHED *.2049 10.17.0.23.799 ESTABLISHED CSC 382: Computer Security

CSC 382: Computer Security TCP Servers Local Address *.80 means that it will accept connections on any network interface on TCP port 80. Foreign Address *.* means that the server will accept connections from any source host and port. Conn=(src IP, src port, dst IP, dst port) All connections to same server will have same dst IP and port, but will have different source IPs and ports Kernel maintains queue of ~5 incoming connections for each server. CSC 382: Computer Security

CSC 382: Computer Security Key Points TCP/IP Layers: encapsulation/de-multiplexing Physical/Data Link: ethernet, PPP Network: IP, ICMP Transport: UDP, TCP Application: ftp, http, smtp, telnet, etc. IP Addressing: DNS/IP/MAC, netmasks, CIDR, NAT. Routing: tables, hubs/switches/routers. TCP Connection and Termination: 3-way handshake Addressing: source and destination ports. CSC 382: Computer Security

CSC 382: Computer Security References K. Egevang and P. Francis, “The IP Network Address Translator (NAT),” RFC 1631, http://www.ietf.org/rfc/rfc1631.txt, 1994. J.B. Postel, “Internet Protocol,” RFC 791, “http://www.ietf.org/rfc/rfc0791.txt, 1981. J.B. Postel, “Internet Control Message Protocol,” RFC 792, “http://www.ietf.org/rfc/rfc0792.txt, 1981. J.B. Postel, “Transmission Control Protocol,” RFC 793, http://www.ietf.org/rfc/rfc0793.txt, 1981. Ed Skoudis, Counter Hack, Prentice Hall, 2002. Richard Stevens, TCP/IP Illustrated, Vol. 1, Addison-Wesley, 1994. Richard Stevens, UNIX Network Programming, Vol. 1, Prentice-Hall, 1998. Andrew Tannenbaum, Computer Networks, 4th edition, Prentice-Hall, 2002. CSC 382: Computer Security

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.