NETWORKING (2) Dr. Andy Wu BCIS 4630 Fundamentals of IT Security
Internet Control Message Protocol Internet Control Message Protocol (ICMP) is a control and information protocol, which is used to determine: –Remote network’s availability. –Length of time to reach a remote network. –The best route for packets to reach a remote network. ICMP can handle the flow of traffic, telling other network devices to “slow down” transmission speeds if packets are coming in too fast. ICMP is not connection-oriented (uses UDP). –Designed to carry small messages quickly. –Has minimal overhead. –Has minimum impact to bandwidth. 2
ICMP Message Types ICMP messages are used to exchange information about network host status, traffic condition, etc. Two important fields in an ICMP message are: –Type: A one-byte field to indicate the kind of ICMP message. –Code: For message of certain types, a one-byte Code field may have a value to further identify a message. For example, a ping command goes from one host to another and receive a response from the latter. Two types of ICMP messages are involved in this process: –Echo Request –Echo Reply 3
ICMP Messages TypeDescriptionCodeDescription 0Echo Reply 3Destination Unreachable0Network unreachable 1Host unreachable 3Port unreachable 6Destination network unknown 7Destination host unknown 4Source Quench 5Redirect Message 8Echo Request 4
Address Translation 5
Types of Addresses Communications between network computers (hosts) would be impossible without unique addresses for each host. Computers on a local network use MAC addresses to communicate with each other. To access hosts on remote networks, such as those on the Internet, a computer needs to know their IP addresses. –Routers will route the packets to the destination network by looking up those IP addresses in the routers’ routing tables. IP addresses are difficult for humans to memorize, so DNS Names (e.g., are used by humans. 6
Address Resolution Therefore, two types of address translation (resolution) are essential to network communications. –DNS Name-IP Address Resolution When a person uses a human-readable address like that address must be resolved into an IP address. –IP-MAC Address Resolution Scenario 1: If that IP address is local, the resolution of the IP address into MAC address takes place right away. Scenario 2: If that IP address is remote, the packet is routed to the remote network first. Then, once the packet gets to the remote network, it is resolved into a MAC address on that network. In both scenarios, the host owning that MAC address will take care of the packet. 7
DNS-IP Resolution Domain Name Service (DNS) translates user friendly names (called Fully Qualified Domain Names, or FQDNs) into IP addresses. –For example, = The DNS server handles DNS queries by examining its local records to see if it knows the answer. If it does not, the DNS server queries higher level domain servers. They check records or query the server above them and so on until a match is found. A domain’s DNS servers maintain a database that records all DNS name-IP mappings inside the domain, including those for web servers, directory servers, servers, hosts, etc. 8
Layer 3: IP Addresses It is common to express the 32-bit IP addresses in a decimal form (dotted decimal notation). –The address is divided from the high-order bit to the low-order bit into four 8-bit units called octets. –IP addresses are normally written as four separate decimal octets delimited by a period (a dot). –Each octets has eight bits and each bit has two possible values: 0 and 1. –Thus, in decimal terms, an octet can have 28 or 256 possible values, ranging from 0 to
Layer 3: IP Addresses An IP address is broken down into two portions: Network ID and Host ID. –Without subnetting, the end of the network ID falls on a 8-bit boundary (e.g., the 16th bit in a Class B subnet). –The network ID, or network address, identifies the nodes that are located on the same logical network. –The host ID, or host address, identifies a node within a network. An address with a host ID of all zeros is not assigned to any host. It is reserved to define the network itself (network address, e.g., “the network”). If the host ID is all 1s, the address is a broadcast address (e.g., ). It is used to send a packet to all hosts on a specific network. It can only be a destination address; no host can be assigned this address. 10
IP Addresses Source: Davies and Lee, Windows Server 2003 TCP/IP Protocols and Services. Class A Class B Class C 11
CIDR Notation A shorthand for subnet masks (n.n.n.n stands for an IP address). It indicates the number of bits that are set to 1 in the mask. –n.n.n.n/8 for class A default mask, equivalent to –n.n.n.n/16 for class B default mask, equivalent to –n.n.n.n/24 for class C default mask, equivalent to
Private Addresses An organization can use any IP addresses for its network, as long as it is not connected to the Internet. If it wants to use the addresses on the Internet, however, it has to apply for them from Internet Corporation for Assigned Names and Numbers (ICANN). Three blocks of addresses are reserved for private networks. Class A: – Class B: – Class C: – Private addresses are not routable on the Internet. 13
Layer 2: MAC Addresses MAC address is a unique, 48-bit hardware address assigned to a device by the manufacturer. –Each manufacturer is assigned a specific block of MAC addresses (the first 24 bits). –The manufacturer assigns the device a unique address (the second 24 bits). –No two devices can share the same MAC address. –For one system to send data to another on the local network, it must first find out the destination system’s MAC address. 14
IP-MAC Address Resolution To find a MAC address, the Address Resolution Protocol (ARP) is used. Using an ARP request, the sending system will broadcast a query – “who is ”? This broadcast query is examined by every host on the local network, but only the system whose IP address is will respond. 15
IP-MAC Address Resolution That system will send back a response that says “I’m and my MAC address is 00:07:e9:7c:c8:aa.” The sending system will then format the packet for delivery and drop it on the network media, with the MAC address of the destination host. If a host cannot find the destination host in this way, the packet is forwarded to the default gateway, which is the computer/router that knows how to route those packets. What happens if the receiving “host” is ? –The broadcast MAC address is all Fs. 16
Broadcast Used in one-to-everyone communications. A broadcast IP address is designed to be processed by every IP node on the same network segment. It is in the format of –Class A: nnn –Class B: nnn.nnn –Class C: nnn.nnn.nnn.255 The broadcast IP packet is addressed at the Data Link layer using the network technology's broadcast address. –For example, for Ethernet and Token Ring networks, all IP broadcasts are sent using the Ethernet and Token Ring broadcast address 0xFF-FF-FF-FF-FF-FF. 17
Unicast Used in one-to-one communications. A packet is sent from an individual source to an individual destination. In a hub-connected network, all hosts on the network segment see the packet. In normal mode, however, all hosts except the intended receipt will pick up and process the packet. 18