Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 12 End-to-End Networking

Published byKim Groth Modified over 5 years ago

Similar presentations

Presentation on theme: "Chapter 12 End-to-End Networking"— Presentation transcript:

1 Chapter 12 End-to-End Networking

2 “Smart” vs. “Dumb” Networks
The 20th century telephone network A “smart” network with “dumb” endpoints Telephones (endpoints) only had a dial or touchpad, a speaker, and a microphone The original Internet A “dumb” network with “smart” endpoints Routing was as simple as possible Hosts handled the hard work Error detection and correction Reordering and reassembling messages

3 The End-to-End Principle
Reliable packet networks must rely on smart endpoints – the network can’t ensure reliable packet delivery by itself Network-based reliability may reduce unreliability, but it doesn’t ensure reliability End-to-end in practice Networks become more complex to address more complex routing challenges Network-based reliability in wireless LANs reduces unreliability to acceptable levels

4 Internet Transport Protocols
Two separate protocols User Datagram Protocol (UDP) – for highly efficient transmission without retransmission Transmission Control Protocol (TCP) – for reliable, sequential data transmission UDP Packets Contain source and destination port numbers Contain a checksum and a data field Applications must detect and handle any missing or damaged packets themselves

5 UDP Packet Format

6 Wireshark: UDP Packet Format
© Wireshark Foundation

7 Transmission Control Protocol – TCP

8 TCP Reliability Uses Sequence (SEQ) and Acknowledgement (ACK) numbers to track the delivered data Every byte of data sent via TCP is numbered consecutively A packet’s SEQ number reports the number of the first byte it contains Recipient sends ACK number to indicate the highest consecutive byte number received If packets arrive out of order, the ACK number never increases until missing packets arrive

9 Flow Control and Window Size
Flow Control prevents a sender from sending data faster than the recipient can handle it If we send data too fast, the recipient or the network will have to discard it Each TCP packet contains a window size Indicates the number of bytes the recipient can handle from upcoming packets Grows smaller if traffic arrives too quickly

10 Establishing a TCP Connection
Two hosts must agree to establish a connection Process uses a 3-way handshake Client sends a SYN packet Server responds with SYN-ACK packet Client completes the handshake with ACK The 3-way handshake establishes the starting SEQ numbers used in each direction If one host fails to finish the handshake, the other host discards the connection Close the connection with FIN or RST

11 Wireshark: TCP Connection
© Wireshark Foundation

12 Attacks on Internet Protocols
General types of protocol-oriented attacks Exploit one host to attack another host Use up the victim host’s resources Masquerade as a different host to a user Attack mechanisms Exploit ICMP – the Internet Control Message Protocol Exploit IP header settings Exploit TCP settings

13 ICMP Exploits Ping Floods – DOS attack that transmits numerous “ping” packets Smurf Attack – DOS attack that sends a forged “ping” using a broadcast address to amplify the number of replies produced Ping of Death – exploited a now-fixed flaw in protocol stacks: a buffer overflow in ping handling Redirection attacks – rerouted data for one host to traverse a different (masquerading) host

14 TCP and IP Attacks SYN Flood – attacker sends lots of SYN packets to produce “half open connections” and use up the protocol stack’s resources. IP Spoofing – forge the sender’s IP address in a TCP connection; success requires correct guessing of SEQ numbers. Source Routing Attack – similar to redirection attack, but uses an IP header option to route traffic to a masquerading host.

15 Domain Names on the Internet
Domain names provide memorable names for hosts on the Internet Domain Name System (DNS) converts names into IP addresses, and vice versa The “Internet telephone book” A distributed database managed by domain name owners and registrars Domain names constructed hierarchically From right to left

16 Domain Name construction

17 Domain Name Hierarchy

18 Domain names in practice
Individuals and companies buy names from registrars Registrar places the name under the chosen Top-Level Domain (TLD) Tying the name to a host Owners may provide their own domain name servers, and service hosts for Web or Some registrars will tie the domain name to specific host-based services for customers

19 Looking up Domain Names
A resolver uses the DNS to look up a name The resolver keeps a cache of recent answers If a name isn’t in the cache, the resolver contacts a domain name server If the server can’t answer, it identifies a server that can provide the answer, or it may contact that server itself Resolver saves the answer in its cache Resolving may be redirected or recursive

20 Wireshark: a DNS response
© Wireshark Foundation

21 DNS Lookup

22 Investigating Domain Names
dnslookup – interactive DNS resolver Returns basic information stored about a domain IP address for the generic host IP address, possibly different, to handle directed at that domain whois – returns details about domain ownership Identifies the domain’s owner Provides technical and administrative contact information

23 Attacks on DNS Cache poisoning – resolver receives a bogus response to a DNS request Difficult: can only affect an existing query DOS – attacker floods an important server, like a root server, so it can’t respond to queries Botnets are often used in such attacks DOS attack using a shared resolver – attacker sends numerous bogus queries that produce lots of traffic to a targeted server An amplification attack, like the smurf attack

24 DNS Security Improvements
Randomized requests – clients choose unpredictable port numbers and request numbers to resist cache poisoning Limited access to resolvers – ISPs only allow their customers to use their resolvers, to reduce risks of amplification attacks Replicated DNS servers – major servers are replicated so that DOS against one won’t shut down an entire TLD or subdomain. DNSSEC – authentication for DNS responses

25 Internet Gateways and Firewalls

26 Network Address Translation
All IP packets travel between 2 hosts with unique addresses There are not enough IPv4 addresses to assign one to every IP host on the planet Sites use private addresses and NAT to provide separate addresses to all hosts Private addresses fall into one of 3 ranges: 10.x.x.x x.x through

27 Mapping Private to Public Addresses

28 Configuring Host Computers
Gateways and firewalls typically assign private addresses Use Dynamic Host Configuration Protocol DHCP A client sends a broadcast DHCP query The gateway responds with information IP address assigned to the host IP addresses to use for routing and DNS Gateway must be configured to use a particular private address range

29 Traffic Filtering and Connectivity
Packet Filtering – discards packets by checking: MAC address – source or destination Broadcast transmissions ICMP messages IP address – source or destination IP application protocol – based on port number Inbound connections usually rejected by NAT Gateway may configure a server to receive inbound connections

30 Long-Distance Networking
Traditionally, all communications networks were long-distance networks, using technologies: Paper Optical Wire Radio Categories of networking technologies Older – still used, but being replaced Mature – today’s workhorse technologies Evolving – newer, supplanting older ones

31 Older Technologies Analog broadcast networks – radio and TV
Wired, circuit-switched telephone network Support for older dedicated data links Microwave networks – line-of-sight Usually provided dedicated analog or digital links, owned or rented by users Analog two-way radios Relied on dedicated frequencies assigned to specific purposes: limits traffic by limiting a frequency’s purpose

32 Mature Technologies Dedicated digital network links
Unswitched T1/T3 or E1/E3 rented data links Often replaced by switched ATM or frame relay data services Cell Phones – network of cell towers Originally analog, now digital Cable TV – originally analog, now digital Provides broadband entertainment distribution Vendors now offer Internet and phone services

33 Evolving Technologies
Optical fiber networks Provide backbone for modern ATM and frame relay data services Some vendors reach households Bidirectional satellite communications Built on satellite TV technology, and satellite telephone technology Provides bidirectional communications for voice and Internet applications

34 End of Chapter 12

Download ppt "Chapter 12 End-to-End Networking"

Similar presentations

Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Transmission Control Protocol (TCP)

Transmission Control Protocol (TCP)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
CISCO NETWORKING ACADEMY PROGRAM (CNAP)

CISCO NETWORKING ACADEMY PROGRAM (CNAP)
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
S305 – Network Infrastructure Chapter 5 Network and Transport Layers Part 2.

S305 – Network Infrastructure Chapter 5 Network and Transport Layers Part 2.
Introduction To Networking

Introduction To Networking
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
1 CCNA 2 v3.1 Module 10. 2 Intermediate TCP/IP CCNA 2 Module 10.

1 CCNA 2 v3.1 Module Intermediate TCP/IP CCNA 2 Module 10.
WXES2106 Network Technology Semester 1 2004/2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,

15-1 Networking Computer network A collection of computing devices that are connected in various ways in order to communicate and share resources Usually,
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.

TRANSPORT LAYER T.Najah Al-Subaie Kingdom of Saudi Arabia Prince Norah bint Abdul Rahman University College of Computer Since and Information System NET331.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen

1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.

1 Chapter Overview TCP/IP DoD model. 2 Network Layer Protocols Responsible for end-to-end communications on an internetwork Contrast with data-link layer.
COMT 6251 Network Layers COMT 625. 2 Overview IP and general Internet Operations Address Mapping ATM LANs Other network protocols.

COMT 6251 Network Layers COMT Overview IP and general Internet Operations Address Mapping ATM LANs Other network protocols.

Similar presentations

Ads by Google