examples those who hold the keys to the kingdom l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Examples: those, who hold the keys to the Kingdom: PowerPoint Presentation
Download Presentation
Examples: those, who hold the keys to the Kingdom:

Loading in 2 Seconds...

play fullscreen
1 / 114

Examples: those, who hold the keys to the Kingdom: - PowerPoint PPT Presentation


  • 339 Views
  • Uploaded on

Examples: those, who hold the keys to the Kingdom: Jim Allchin , Microsoft's Windows chief said in Oct 2005,” I'd already been through lots of days of personal training on the tools that are used to do hacking.“ Researcher Dan Kaminsky found him to be quite knowledgeable about Hashing.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Examples: those, who hold the keys to the Kingdom:


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
examples those who hold the keys to the kingdom
Examples:those, who hold the keys to the Kingdom:
  • Jim Allchin, Microsoft's Windows chief said in Oct 2005,” I'd already been through lots of days of personal training on the tools that are used to do hacking.“
    • Researcher Dan Kaminsky found him to be quite knowledgeable about Hashing.
  • Researcher Matt Conover, while talking about a fairly obscure type of problem called a "heap overflow”, asked the audience, made up mostly of vice presidents, whether they knew about this type of issue, 18 of 20 hands went up. (Blue Hat Conference at Redmond in Oct 2005)
internship provides learning opportunities
Internship: provides learning opportunities

Internet and/or telecom protocols

  • TCP/IP stack
    • SIP (Session Initiation Protocol)
  • H.323 (ITU standard to allow telephones, on the public telephone network, to talk to computers, connected to Internet)
  • Server Message Block/Common Internet File System (CIFS),
  • Distributed Network Protocol (DNP3)

Ref: http://www.dnp.org/ .

learning opportunities
Learning Opportunities
  • Working of Internet communications equipment
    • how the communications channels, that the Internet communication equipment use, can be modified to compromise the system.
learning opportunities4
Learning Opportunities
  • Ruby language and its use in modeling network protocol stacks.
    • To create protocol implementations in “our” Ruby framework and then to apply protocol mutations to test systems for robustness and security vulnerabilities using an attack surface approach.
security threats
Security Threats
  • RFC 1244 identifies three distinct types of security threats associated with network connectivity:
    • Unauthorized access
      • A break-in by an unauthorized person.

Break-ins may be an embarrassment that undermine the confidence that others have in the organization.

Moreover unauthorized access  one of the other threats:-- disclosure of information or

--denial of service.

classification of security threats reference rfc 1244
Classification of Security ThreatsReference: RFC 1244
  • Disclosure of information
    • disclosure of valuable or sensitive information to people, who should not have access to the information.
  • Denial of service
    • Any problem that makes it difficult or impossible for the system to continue to perform productive work.

Do not connect to Internet:

  • a system with highly classified information, or,
  • if the risk of liability in case of disclosure is great.
a secure system
A secure system

Intersection of

  • A system which is able to maintain confidentiality of data;
  • A system which is able to maintain integrity of data;
  • A system, which is available, whenever the user require it
terminology of hacking
Terminology of Hacking
  • Snooping (also called passive wire-tapping)
  • Active wire-tapping or man-in-the middle attack
  • Spoofing or Masquerading of a host or a service-provider (Distinguish it from Delegation)
  • Repudiation of origin or of creation of some file
  • Denial of receipt
  • Usurpation: unauthorized control
threats for the internet isp
Threats for the Internet/ISP
  • propagate false routing entries (“black holes”)
  • domain name hijacking
  • link flooding
  • packet intercept
  • Phishing attacks: use e-mails that often appear to come from a legitimate e-mail address and include links to spoofed Web addresses. The receiver responds to the link, which takes the receiver to a site, other than what the receiver thinks he is going to. (announced by MS on 16 Dec 2003, as a problem with Internet Explorer).
types of security threats additions
Types of Security Threats: Additions
  • Denial of service
  • Illegitimate use
  • Authentication
    • IP spoofing
    • Sniffing the password
    • Playback Attack
    • Bucket-brigade attack ( when Eve substitutes her own public key for the public key of Bob in a message being sent by Bob to Alice)
  • Generic threats: Backdoors, Trojan horses, viruses etc
slide12

DNS

FTP

TELNET

SMTP

RIP

OSPF

BGP

UDP

TCP

ICMP

IP

ARP

RARP

Data Link Layer

Physical Layer

slide13
Ethernet Type

ARP 080616

RARP 803516

IP 080016

IP Protocol

OSPF 89

UDP 17

TCP 6

ICMP 1

UDP Ports

RIP 520

DNS 53

TCP Ports

BGP 179

DNS 53

SMTP 25

TELNET 23

FTP 21

HTTP 80

HTTP PROXY 8080

slide14

TCP/IP

STACK+

session initiation protocol sip
Session Initiation Protocol (SIP)
  • a signalling protocol used for establishing sessions in an IP network.
  • A session may be
    • a simple two-way telephone call or
    • a collaborative multi-media conference session.
uses of sip
Uses of SIP
  • VoIP telephony
  • voice-enriched e-commerce,
  • web page click-to-dial,
  • Instant Messaging with buddy lists

References: 1. RFC 3261

2.http://www.sipcenter.com/sip.nsf/html/What+Is+SIP+Introduction

session initiation protocol
Session Initiation Protocol

VoIP uses the following standards and protocols:

  • to ensure transport (RTP),
  • to authenticate users (RADIUS, DIAMETER),
  • to provide directories (LDAP),
  • to be able to guarantee voice quality (RSVP, YESSIR) and
  • to inter-work with today's telephone network, many ITU standards
h 323 and h 248
H.323 and H.248
  • H.323 (ITU standard to allow telephones, on the public telephone network, to talk to computers, connected to Internet)
    • used for local area networks (LANs), but was not capable of scaling to larger public networks.
  • H.248 also called MEGACO:
      • Media Gateway Control Protocol (Megaco) --- the name used by IETF
      • H.248 – the name used by ITU-T Study Group 16
h 248 megaco
H.248/MEGACO
  • MEGACO: a standard protocol for handling the signaling and session management needed during a multimedia conference.
  • defines a means of communication between a media gateway, which converts data from the format required for a circuit-switched network to that required for a packet-switched network, and the media gateway controller.

References: 1.RFC 3015

2. http:// searchnetworking.techtarget.com/ sDefinition/0,,sid7_ gci817224,00.html as of 12th Oct 2006

stream control transmission protocol sctp
Stream Control Transmission Protocol (SCTP)

SCTP:

  • a reliable transport protocol operating on top of IP.
  • It offers acknowledged error-free non-duplicated transfer of datagrams (messages).
  • Detection of
    • data corruption,
    • loss of data and
    • duplication of data

is achieved by using checksums and sequence numbers. A selective retransmission mechanism is applied to correct loss or corruption of data.

difference between sctp and tcp
Difference between SCTP and TCP
  • difference with to TCP: multihoming and the concept of several streams within a connection. Where in TCP a stream is referred to as a sequence of bytes, an SCTP stream represents a sequence of messages (and these may be very short or long).
  • References: 1. SCTP for beginners http://tdrwww.exp-math.uni-essen.de/inhalt/forschung/sctp_fb/index.html as of Oct 12/2006
  • 2. http://www.sctp.org/ 3. RFC2960
slide22
DNP3
  • Protocols define the rules by which devices talk with each other.
  • DNP3 is a protocol for transmission of data from point A to point B using serial and IP communications.
  • used primarily by utilities such as the electric and water companies for SCADA (Supervisory Control and Data Acquisition) applications.
  • provides rules for remotely located computers (at sub-stations) and master station computers (at operations center) to communicate data and control commands.
server or sessions message block smb a file sharing protocol
Server (or Sessions) Message Block (SMB): A File-sharing protocol
  • Windows (95, 98, NT), OS/2 and Linux machines (running SAMBA): use SMB
  • Developed jointly by MS, IBM and Intel
  • SMB: provides a method for client applications on a computer
    • to read and to ‘write to’: files on servers in the network
    • to request services from servers in the network
slide24
SMB
  • SMB: can be used over the
    • Internet (through the TCP/IP protocol) or
    • over the local network (through the IPX and the NetBEUI/ NetBIOS protocols);
  • SMB: Windows equivalent to Sun's Network File System (NFS).
ports used by smb on tcp ip
Ports used by SMB on TCP/IP
  • UDP/137 is used for name resolution and registration
  • UDP/138 is used for browsing
  • TCP/139 is used for the main file and print sharing transactions

Windows 2000 and XP: port 445 (In/Out): Allows remote administration and monitoring using Windows Management Instrumentation (WMI).

slide26
SAMBAReference: Robert Eckstein, David Collier-Brown, and Peter Kelly, Using Samba , O'Reilly and Associates, 1999
  • "Samba is a suite of Unix applications that speak the SMB (Server Message Block) protocol.”
  • Many operating systems, including Windows and OS/2, use SMB to perform client-server networking.
  • By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. Thus, a Samba-enabled Unix machine can masquerade as a server on your Microsoft network
slide27
SAMBAReference: Samba-3 by Example by John H. Terpstra http://us1.samba.org/samba/docs/man/Samba-Guide/preface.html#id2504950
  • an open source software
  • can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.
  • uses the TCP/IP protocol that is installed on the host server.
  • help you implement Windows-compatible file and print services.
using samba reference http www roseindia net linux tutorial linux howto smb howto 2 html
Using SambaReference: http://www.roseindia.net/linux/tutorial/linux-howto/SMB-HOWTO-2.html

One can use Samba to

  • Share a Linux drive with Windows machines.
  • Access an SMB share with Linux machines.
  • Share a Linux printer with Windows machines.
  • Share a Windows printer with Linux machines.
  • allow a Linux host to interact with a Microsoft Windows client or server as if the host were a Windows file and print server, when correctly configured.
services offered by a samba enabled unix machine
Services offered by a SAMBA enabled UNIX machine
  • Share one or more filesystems
  • Share printers installed on both the server and its clients
  • Assist clients with Network Neighborhood browsing
  • Authenticate clients logging onto a Windows domain
  • Provide or assist with WINS name server resolutionSamba: the brainchild of Andrew Tridgell, Samba development team, Canberra, Australia.

Reference: http://us1.samba.org/samba/

references
References
  • http://us1.samba.org/samba/docs/SambaIntro.html
  • http://www.rxn.com/services/faq/smb/using_samba/html/ch03_01.htm
  • A DNP3 Protocol Primer at http://www.dnp.org/About/DNP3%20Primer%20Rev%20A.pdf
  • How to of networking
  • http://tldp.org/HOWTO/HOWTO-INDEX/networking.html
ports used by real time streaming protocol rtsp
Ports used by Real Time Streaming Protocol (RTSP)
  • TCP/554 (In/Out): Used for accepting incoming RTSP client connections and for delivering data packets to clients that are streaming by using RTSPT.
  • UDP/5004 (Out): Used for delivering data packets to clients that are streaming by using RTSPU.
  • UDP/5005 (In/Out): Used for receiving packet loss information from clients and providing synchronization information to clients that are streaming by using RTSPU.
ip 5 layer dod model
IP – 5 layer DoD model
  • Layering – 5 layer DoD model

APPLICATION

TRANSPORT

INTERNET

NETWORK INTERFACE

PHYSICAL

ip and the internet architecture

UDP

TCP

IP and the Internet Architecture

OSI Model

Internet Architecture

Application

Application

Presentation

Session

Transport

Internet addressing, routing

Network

IP

Data Link

Network

Ethernet, Token Ring, etc.Bridging and switching

Physical

ethernet frame for arp packet ethernet type for arp 0806 16
Ethernet Frame for ARP packet: Ethernet-type for ARP 080616

HA

S

E

N

D

E

R

O

P

E

R

A

T

I

O

N

IP

Add

T

A

R

G

E

T

P

A

D

D

I

N

G

IP

Add

S

E

ND

E

R

HA

T

A

R

G

E

T

P

T

Y

P

E

P

S

I

Z

E

H

S

I

Z

E

H

T

Y

P

E

T

Y

P

E

C

R

C

HA

DEST

HA

SRC

6

2

1

2

6

4

6

4

18

4

6

2

2

1

ARP message

ieee 802 3 standard
IEEE 802.3 Standard

Dest

add

Src

add

data

preamble

type

crc

8

6

6

2

46B – 1500B

4

bits 368-12,000

FRAME

16 bits

CRC – Cyclic Redundancy Check

ethernet parameters
Ethernet parameters
  • Type –
  • Self-identifying ->

e.g. 1. for an ARP message, type=080616

2. For RARP message, type = 803516

3. For an IP message, type = 080016

ip address
IP Address

Net id

Host id

Cl-Number of bits in available n/w addresses

assnet-ID host-IDlr-limit Upr-limit

A 0 7+ 24 0.0.0.0 127.0.0.0

(1.0.0.0)* (126.0.0.0)*

B 1 0 14+ 16 128.0.0.0 191.255.0.0

C 1 1 0 21+ 8 192.0.0.0 223.255.255.0

----------------------------------------------------------------------------------------------------

D 1 1 1 0 m-cast 224.0.0.0 239.255.255.255

(used only as DEST add)

E 1 1 1 1 0 reserved 240.0.0.0 255.255.255.254

* After taking into account the addresses Reserved for SPECIAL cases.

ip addresses contd
IP Addresses (contd)

Class Max no of N/W Max no. of Hosts

A 126 networks with 16m hosts each

(27-2) (224-2=16,777,214)

B 16384 networks with 64 k hosts each

(64*256)=(214) (216-2=65,534)

C 2,097,152 254

(32*256*256)=(221) (28-2=254)

addresses per class
Addresses per class

Class No. of Addresses %age

A 231=2,147,483,648 50

B 230=1,073,741,824 25

C 229= 536,870,912 12.5

D 228= 268,435,456 6.25

E 228= 268,435,456 6.25

special ip addresses
Special IP addresses

Net-id host-id Type Purpose

All zeroes all zeroes this comp on this n/w bootstrap (SRC add only)

specific all zeroes this n/w identifies a n/w

(cant be a SRC/DST add)

specific all ones directed broadcast on a specific net

All ones all ones limited broadcast to on the local net CLASS E

(Blocked by Router) all hosts on this n/w

127 any loop-back testing

(Blocked by Machine)

All zeroes specific specific host on this n/w

(Blocked by Router)(DEST address only)

127.x.y.z : loop-back address,not a n/w address.DEST add only.

Message does not leave the machine.

special multicast cases
Special Multicast cases -
  • Categories :

224.0.0.x

e.g. All Routers which use a particular category.

  • Conferencing :

224.0.1.x

free ip addresses for intranets
Free IP addresses for Intranets

Private internets :

Class net-id no. of nets

A 10.0.0.0 1

B 172.16.0.0 to

172.31.0.0 16

C 192.68.0.0 to

192.68.255.0 256

conventions for ip addressing
Conventions for IP addressing

From the study of special IP addresses:

  • Net-id cannot begin with 127
  • First octet cannot be 255 in a net-id
  • First octet cannot be 0 in a net id
  • Group computers by Types / departmets
  • Address Routers starting with Low numbers

and Hosts starting with High numbers

ip address44
IP Address

Net id

Host id

Cl-Number of bits in available n/w addresses

assnet-ID host-IDlr-limit Upr-limit

A 0 7+ 24 0.0.0.0 127.0.0.0

(1.0.0.0)* (126.0.0.0)*

B 1 0 14+ 16 128.0.0.0 191.255.0.0

C 1 1 0 21+ 8 192.0.0.0 223.255.255.0

----------------------------------------------------------------------------------------------------

D 1 1 1 0 m-cast 224.0.0.0 239.255.255.255

(used only as DEST add)

E 1 1 1 1 reserved 240.0.0.0 255.255.255.254

* After taking into account the addresses Reserved for SPECIAL cases.

slide45

0

VERS Version of IP PROTOCOL

HLEN LENGTH of HEADER in 32 bit words

slide46
VERS version of IP 4

HLEN length of header in 32 bit words

TYPE OF SERVICE  0 1 2 3 4 5 6 7

D: Minimize delay R: Maximize Reliability

T: Maximize throughput C: Minimize Cost

PRECEDENCE 0 for Normal :  : 

7 for Network Control

PRECEDENCE D T R C Unused

precedence and tos bits
Precedence and TOS bits
  • Precedence (3 bits ):
    • 000 lowest priority 111 highest priority
    • (The highest priority may be accorded to the network management messages)
    • If a Router is congested, it may discard messages of lower precedence.
    • This is not a required field in Ver.4.
  • TOS bits: Only one bit ( out of 4 ) can be set at a time.
slide48
There are 5 types of services:
  • 0000 Normal
  • 0001 Minimize Cost
  • 0010 Maximize reliability
  • 0100 Maximize throughput
  • 1000 Minimize delay
  • Background activities need minimum costs.
  • Activities that send bulk data require maximum throughput
slide49
Management activities require maximum reliability.
  • Activities requiring
    • immediate attention,
    • activities requiring immediate response and Control/Command messages like Remote Login commands

require minimum of delay

  • IP v4 does not guarantee the TOS requested by a host.
protocol
PROTOCOL

Informs about the Protocol used by the Upper Layer; tells us about the nature of data

  • Value of Protocol field in IP datagram:
  • PROTOCOL VALUE
  • ICMP 1
  • IGMP 2
  • IP in IP 4
  • TCP 6
  • EGP 8
  • UDP 17
  • IP v6 41
  • OS PF 89
arp message format
ARP message format -

Variable length fields(28 octets for Ethernet)

8

16

24

31

0

Hardware type

Protocol type

HLEN

PLEN

Operation

Sender HA (Octets 0-3)

Sender HA (0ctets 4-5)

Sender IP (0ctets 0-1)

Sender IP (0ctets 2-3)

Target HA (0ctets 0-1)

Target HA ( 0ctets 2 - 5 )

Target IP ( 0ctets 0 - 3 )

arp message format52
ARP message format -

Variable length fields(28 octets for Ethernet)

8

16

24

31

0

Hardware type

Protocol type

HLEN

PLEN

Operation

Sender HA (Octets 0-3)

Sender HA (0ctets 4-5)

Sender IP (0ctets 0-1)

Sender IP (0ctets 2-3)

Target HA (0ctets 0-1)

Target HA ( 0ctets 2 - 5 )

Target IP ( 0ctets 0 - 3 )

arp parameters
ARP parameters
  • Hardware type 1 for Ethernet
  • Protocol type 080016 for IP
  • HLEN & PLEN – length of hardware and protocol addresses in octets.
  • Operation – ARP request 1

ARP response 2

RARP request 3

RARP response 4

tcp segment format
TCP Segment: Format

(16 bits)

(16 bits)

u

(32 bits)

^

(32 bits)

(16 bits)

(4 bits)

(6 bits)

(6 bits)

(16 bits)

(16 bits)

(if any)

The Header is of 20-60 bytes in size.

tcp segment format continued
TCP Segment: Format (continued)

Normally, out of the last 4 flags, only one may be ON at a time.

the pseudo header
The PSEUDO - HEADER

PSEUDO - HEADER

addressing in ipv6
Addressing in IPv6
  • 128 bit addresses
  • Dotted decimal notation, used for v4 is inappropriate for v6. (Instead of 4, there would be 16 parts, if the same method were used to represent the addresses.)
  • Colon Hexadecimal notation used for represention.

Ex: 21AC:00C5:3D2C:8F23:AABC:0000:89CF:8C70

  • 64 bits for subnet and 64 bits for host.
  • 232 = 4,294,967,296
  • 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456

Surface area of earth = 197399,019 sq. miles

= 511,263,971,197,990 sq. metres

So there are 665,570,793,348,866,943,898,599 addresses per sq m

simplified representation
Simplified Representation
  • Simplification:
    • Suppress leading zeros in every 16-bit block;

Ex: Thus 00C5 may be written as C5.

    • Compress one single contiguous sequence of blocks of 16-bit zeros. Replace it by a double colon.

Thus the sixth block of 16 zeros may be replaced by ::.

But usable only once in a given address.

types of addresses in v6
Types of addresses in v6
  • Unicast

RFC 2373: multiple interfaces of a host can use the same address, if the multiple interfaces look to be a single interface to IPv6 implementation.

  • Multicast

No separate broadcast addresses. Broadcast addresses are managed as multicast addresses only.

  • Anycast delivers messages of a multicast group to the nearest member of the group
notes on v6 addressing
Notes on v6 addressing
  • IPv6: designed for efficient, hierarchical addressing and routing
  • Reserved addresses:

0:0:0:0:0:0:0:0 or :: indicates absence of address; used as a source address only; not assigned to any interface

0:0:0:0:0:0:0:1 Loopback address (like 127.x.y.z in v4)

  • IPv4 compatible addresses: Mixed notation:

0:0:0:0:0:0:w.x.y.z or ::w.x.y.z

where w.x.y.z is an IPv4 address.

For v6 and v4 to co-exist and for messages to go over a mix of v6 and v4 infrastructure, the compatibility problem has been specified in RFCs

slide62
IPv6 versus IPv4

some aspects

ipv6 and ipv4
IPv6 and IPv4

IPv6

  • A fixed length header of 40 bytes

(20 bytes <= v4 header length =<60 bytes)

  • Additional headers for fragmentation and options
  • Five (HLEN, Identification, Flags, Fragment Offset and Header Checksum ) fields removed
  • No of fields = 8 in v6

(v4: 12 fields (excluding Options))

  • Source and destination addresses:
    • of 16 bytes each in v6 and
    • of 4 bytes each in v4
processing at routers v6 packets vs v4 packets
Processing at routers v6 packets vs. v4 packets

IPv6

  • No verification and recalculation of header checksum
  • No fragmentation required
  • No processing of options, which are not intended for routers
some new field names in v6
Some new field names in v6
  • Traffic Class

in place of Type of Service in v4

  • Payload Length (including the length of extension headers and higher level protocol data unit (PDU))

in place of Total Length in v4

  • Hop Limit

in place of TTL in v4

  • Next Header

in place of Protocol in v4

class d and e in v4 multicast in v6
Class D and E in v4 Multicast in v6
  • CLASS E: Addresses from 240.0.0.0 to 255.255.255.254 reserved for experimental purposes.

If a node should use one of these addresses on the Internet, it may fail to communicate properly.

  • limited broadcast address: 255.255.255.255 for a broadcast on the local network.

Addresses from 255.0.0.0 to 255.255.255.255: reserved by IP for broadcast. Hence these addresses may not be considered part of Class E.

  • Class D: Addresses from 224.0.0.0 to 239.255.255.255: used for multicast.

Can be used only as a Destination address.

Both Class D and Class E addresses: Not to be used as addresses of ordinary nodes on the Internet.

format prefix fp for v6 addresses
Format Prefix (FP) for v6 addresses
  • FP of aggregatable global unicast addresses

(similar to public IP addresses in v4): 001

designed to support efficient hierarchical routing.

The Aggregatable Global Unicast addresses are 1/8th of the total v6 address space. It can assign 137,438,953,472 distinct sites.

Compare with

  • FP of Link-local Unicast addresses:

1111 1110 10

  • FP of Site-local Unicast addresses:

1111 1110 11

  • Format Prefix (FP) for Multicast Addresses:

1111 1111

multicast for v6
Multicast for v6
  • Flag: 0001 a transient group; 0000 a permanent group, with Group identity assigned by ICANN
  • Scope:
    • 1 node-local: packets never leave the node
    • 2 link-local: packets never forwarded by routers
    • 5 site-local: packets never leave the site
    • 8 org-local: packets never leave the organization (handled by routing protocols)
    • E global
multicast addresses
Multicast Addresses
  • All nodes address: addresses all nodes on the local network: ff02::1
  • All routers address: addresses all routers on the local network: ff02::2
  • Solicited-Node address: replacement for ARP: Every node with v6 address listens at its own IP address.

If the last 24 bits of its address are xyzwpq, it also listens at ff02::1:ffxy:zwpq

For nodes on the local net, if it is assumed that the last

24 bits of the IP address are the same, this may be a

replacement for ARP,

as a datagram with a destination address of

ff02::1:ffxy:zwpq will be received by every node on the

local net.

slide71

131.108.0.2

131.108.22.177

Am

An

131.108.154.88

N1 : 137.108.0.0

131.108.0.1

A small part of internet

R1

78.0.0.1

N2 : 78.0.0.0

78.0.0.2

B2

R2

78.0.0.3

155.126.0.2

N3

155.126.0.0

155.126.0.1

R3

223.240.129.1

223.240.129.254

N4 : 223.240.129.0

223.240.129.2

Dn

slide72
Jobs of a Router:

----Decrement TTL.----Recompute the checksum.----Extract the netid & find out if the datagram can be delivered directly or find the next Hop address.

----send the datagram ahead after updating the IP header

It may also perform fragmentation, if required.

Routing Tables: SPECIAL ROUTES :

  • Default route
  • Host specific route
routing table
ROUTING TABLE

FLAGS:

  • U: The route is up
  • H: Specifies whether destination address is the address of a n/w or that of a host.
  • R: Specifies whether the Next Hop is a Router or a directly connected interface.
  • D: The route was created by a Redirect
  • M: The route was modified by a Redirect
for r3 let 223 240 129 9 be the interface x2 and let 151 100 0 9 be the interface x1
For R3Let 223.240.129.9 be the interface X2 and let 151.100.0.9 be the interface X1.

.

arp parameters76
ARP parameters
  • Hardware type 1 for Ethernet
  • Protocol type 080016 for IP
  • HLEN & PLEN – length of hardware and protocol addresses in octets.
  • Operation – ARP request 1

ARP response 2

RARP request 3

RARP response 4

slide79
Example: For an option-less IP datagram, 7 thirty-two bit words will be added after the UNUSED 32 bit field.
  • TYPE 3
  • CODE 0 – 15
  • Routers may not be able to detect all unreachability errors .
  • The sender may have no control over the machines(s) causing the error.
slide81
Exception in Format for Code 4:

A Router may place, in the low-order 16 bits of the UNUSED 32-bit field, the MTU of its outgoing interface

congestion and flow control
CONGESTION AND FLOW CONTROL
  • Source Quench type 4 same Format

Code 0 as that for the Unreachable Destination case.

  • Routers send one Source Quench message for every datagram they discard.
    • IP has no flow control
    • Routers and (destination) host have a limited buffer size
slide85
A source Quench message
    • means a datagram has been discarded
    • warns the source
  • The sources has no clue when the congestion ends.
    • It should reduce the rate as long as long it continues to receive the SQ messages
    • Then it may gradually increase the rate as long as no SQ message is received.

The above decision has a validity if congestion is caused by one-to-one communication, and not by many-to-one communication. In the later case, the SQ message my even go to the slowest source.

time exceeded error message
Time Exceeded Error Message
  • When a Router discards a datagram because
    • TTL has reached zero or
    • Reassembly timer timed out, while waiting for fragments of a datagram,

the message format same as that of the Unreachable Destination case

  •  TYPE 11
  • CODE 0 TTL exceeded or

1 Reassembly timer timed out.

parameter problem
Parameter Problem
  • OTHER Problems
  • When a datagram has to be discarded, because some header fields are incorrect, a parameter problem message is sent to the Sender.
slide88
TYPE 12
  • CODE 0
  • Pointer points to the octet in the datagram header, which caused the problem.
missing option
Missing Option
  • To Report a Missing Option:
    • Nearly the above format is used to report a missing option, which is required. The only changes are:
    • code 1 (type remains 12)
    • Pointer is not there. Instead unused is extended to 32 bits
redirect request
Redirect Request
  • Route change Request from Routers
  • Redirect:
  • Routers: assumed to know correct routes.
  • Host begins with a small routing table. (It is initialized using a system configuration file at system startup.)
  • Then the Host learns about new Routes from Routers. 
redirect request contd92
Redirect Request (Contd.)
  • TYPE 5
  • CODE 0 to 3
  • Router Internet address is the address of the Router that the host is to use to reach the destination in the header.
  • 0 is not used now.
slide94
Type 8 ( REQUEST) OR 0 (REPLY)
    • CODE 0
  • Identifier and Seq No:
    • To match replies to requests
  • An Identifier may define a class of messages. The sequence number specifies a particular message of the class.
slide95
Optional data:
    • If it is sent in the Request, the Reply contains exactly the same data

Ping sends a series of echo requests with specified length of data and interval between requests. It provides statistical data about datagram loss and Transit Time.

slide97
TYPE 13 (REQUEST) OR 14 (REPLY)
    • CODE 0 
  • Originate time stamp
    • Filled in by the sender
    • Just Before the datagram is send
  • Receive Timestamp
    • Filled in by the receiver
    • Immediately upon receipt of the Request
slide98
Transmit Timestamp
    • Filled by the ‘receiver’ before the Reply is transmitted
    • Time is in ms starting from midnight at universal time prime maridian.
    • The largest number that can be accommodated

is 2 32 - 1 = 4, 294, 967, 295

    • During a day , the number of milliseconds is 24 X 60 X 60 X 1000 = 86, 400, 000
  • If a system uses a nonstandard timestamp(ie if it does not provide ms after UTC midnight), it turns on the highest-order bit of the 32-bit time stamp.
slide99
EXAMPLE:
    • ORIGINATE Timestamp = 1285
    • RECEIVE Timestamp = 1299
    • Transmit Timestamp = 1300
    • The message is received back at 1307
    • Time taken for forward path = 1299 – 1285 = 14ms
    • Time taken for return path = 1307 – 1300 = 7ms
    • Round Trip time (RTT) = 21 ms
    • Difference in the clock = 1299 – (1285 + RTT/ 2) = 3.5 ms
    • DISADVANTAGE: It does not specify the date.
tcp segment format continued100
TCP Segment: Format (continued)
  • Checksum is calculated by:
      • (I) Using TCP Header;
      • (II) Using Pseudo-Header;
      • (III) Using the Data.
  • At the Receiver-end, the IP layer passes the segment and the two IP addresses to the TCP software for processing.
  • The pseudo-Header

(32 bits)

(32 bits)

(8 bits)

(8 bits)

(16 bits)

tcp segment format continued101
TCP Segment: Format (continued)
  • Protocol: For IP datagrams carrying TCP, the value is 6
  • TCP Length(in octets): Specifies the total length of the TCP segment including the TCP header.
  • Urgent Pointer:

When URG bit is set, it defines the number that must be added to the SEQUENCE NUMBER to obtain the number of the last urgent byte in the data section of  the segment.

tcp options
TCP OPTIONS
  • Every option has an 8 bit KIND field.
  • The format of an option can be of two types:
      • Type 1: A Single Octet of KIND
      • Type 2: An Octet of KIND + an octet of field OPTION - LENGTH + Option - Data octets.
  • OPTION - LENGTH counts the two octets of KIND and OPTION - LENGTH as well as the Data octets.
  • All options are included in the Checksum.
tcp options continued
TCP OPTIONS (continued)
  • An 8-bit KIND field is always the first field in an Option and is the only field in Single Byte Options.
tcp options continued104

KIND

Length

Meaning

(I)

0

-

End of options list

(II)

1

-

No Operation

(III)

2

4

Maximum Segment Size

(IV)

         3

            3

Window Scale Factor

(V)

8

10

Timestamp for Round Trip Time Measurement

TCP OPTIONS (continued)

A few options are as follows:

tcp options continued105
TCP OPTIONS (continued)
  • End-of-Options:
    • Used at the end of ALL options; to be used only
    • if the end of options does not make the TOTAL number of ALL option bits a multiple of 32.
    • (Shown as ZEROS in the figure of segment format)
  •   End of Options means:
    •  1. No more Options in the Header.
    • 2. The remainder of the 32 bit word is garbage.
    • 3. Data starts at the beginning of the next 32 bit word.
tcp options continued106
TCP OPTIONS (continued)
  • (II) No Operation:
    • May be used BETWEEN options if it is desired to align the beginning of the next option at a (16-bit) word boundary.
    • 0 0 0 0 0 0 0 1
tcp options continued107
TCP OPTIONS (continued)
  • (III)Max Segment Size:
  • Performance of the network can be poor for either extremely large or extremely small sizes.
  • If the two end-points lie on the same physical network, the maximum segment size may be equal to the Network MTU. Or the maximum data size may be the default size of IP datagram(576) minus the size of the IP and TCP Headers.
  • The option is used along with SYN=1 at start.
tcp options continued108
TCP OPTIONS (continued)
  • Format of MSS Option:

KIND = 2 LENGTH = 4

tcp options continued109
TCP OPTIONS (continued)

(IV) Window Scale Factor:

  • Actual Window size = (Window size in header)* 2Scale factor
  • In 8 bits a value of up to 255 can be there. But TCP/IP allows a MAX VALUE of 16 .
  • Window Scale Factor is fixed during connection set-up phase only.
  • During data transfer, the size of specified window may change. But it is always multiplied by the same scale factor.
tcp options window scale factor continued
TCP OPTIONS: Window Scale Factor continued

LENGTH = 3,

Kind =3

SCALE FACTOR

8bits

KIND

8bits

LENGTH

8bits

tcp options continued111
TCP OPTIONS (continued)

(V) TIMESTAMPOption:

  • TS Value: Current Clock time of the TCP sending the option
  • TS Echo: Valid only if ACK bit is sent. It echoes the TS value sent by the remote TCP. Otherwise its value must be zero.
  • KIND = 8; LENGTH = 10.
tcp options continued112
TCP OPTIONS (continued)

(V) TIMESTAMPOption (continued):

  • To confirm availability of TS option:
    • A TCP may send TS Option in the SYN segment. It may send TS option in other segments only if it receives a TS Option in SYN segment.
  • Format:
establishing a connection continued
Establishing a Connection (continued)
  • Thus let ISN at the sending end = X
  • ISN at the receiving end = Y

Segment1

Segment2

Segment3

Figure Establishing the Connection

closing a tcp connection continued
Closing a TCP connection (continued)

Active Close

Passive Close

RECEIVER B

SENDERA

REC FIN

Inform Application by delivering EOF

SEND ACK=P+1

Application Closes

Send FIN, SEQ=P

Segment 1

Segment 2

REC ACK

Application Closes connection

Send FIN, SEQ=Q, ACK=P+1

Segment 3

REC FIN + ACK

Inform Application by delivering EOF, Time-Wait

SEND ACK=Q+1

Segment 4

REC ACK

Fig: Closing the Connection