More on Tcp/Ip
Upcoming SlideShare
Loading in...5
×
 

More on Tcp/Ip

on

  • 1,368 views

 

Statistics

Views

Total Views
1,368
Views on SlideShare
1,334
Embed Views
34

Actions

Likes
1
Downloads
71
Comments
0

7 Embeds 34

http://rakhisaxena.blogspot.in 23
http://rakhisaxena.blogspot.com 4
http://www.rakhisaxena.blogspot.com 2
http://rakhisaxena.blogspot.ru 2
http://www.slideshare.net 1
http://rakhisaxena.blogspot.fi 1
http://rakhisaxena.blogspot.mx 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    More on Tcp/Ip More on Tcp/Ip Presentation Transcript

    • TCP/IP Transmission Control Protocol / Internet Protocol Rakhi Saxena Assistant Professor, Deshbandhu College, Delhi University
    • What is TCP/IP?
      • TCP/IP: Transmission Control Protocol/ Internet Protocol
      • TCP/IP is the name of a protocol suite.
      • Applications interface with TCP layer to communicate with other peer applications
    • History of TCP/IP
      • TCP/IP is the brain child of ARPAnet which was developed by the USA DoD (Department of Defense) supported project (Advanced Research Project Agency).
      • TCP/IP was first defined in 1974, meant to be used for geographically distant communication.
      • It has evolved with many improvements since then.
    • Why TCP/IP is Popular?
      • Popularity of TCP/IP
        • simpler than ISO-OSI model
        • provides an elegant solution to world wide data communication.
      • Open Protocol Standards, freely available, and independent from any hardware platform.
      • The University of Berkeley has incorporated TCP/IP in their BSD Unix.
    • TCP/IP & OSI
      • In OSI reference model terminology -the TCP/IP protocol suite covers the network and transport layers.
      • TCP/IP can be used on many data-link layers (can support many network hardware implementations).
      Physical Network Interface Data Link Layer Internet (IP) Network Transport (TCP) Transport Session Presentation Application Application Corresponding TCP/IP Layer OSI Model Layer
    • But First ...
    • Ethernet - Data-Link Layer
      • It will be useful to discuss a real data-link layer.
      • Ethernet (really IEEE 802.3) is widely used.
      • CSMA/CD.
    • Ethernet
      • Multi-access (shared medium).
      • Every Ethernet interface has a unique 48 bit address (a.k.a. hardware address- MAC Address ).
      • Example: C0:B3:44:17:21:17
      • The broadcast address is all 1’s.
      • Addresses are assigned to vendors by a central authority.
    • MAC address
      • Is globally unique and is written onto the hardware at the time of manufacture.
      • MAC address is 48 bits (6 bytes) long
      • The first three bytes identify the manufacturer; are assigned by IEEE
      • The last three bytes are assigned by the manufacturer
    • ipconfig/ ifconfig
    •  
    • Back to TCP/IP
    • Internet Protocol The IP in TCP/IP
      • IP is the network layer
        • packet delivery service (host-to-host).
        • translation between different data-link protocols.
    • IP Datagrams
      • IP provides connectionless, unreliable delivery of IP datagrams.
        • Connectionless : each datagram is independent of all others.
        • Unreliable : there is no guarantee that datagrams are delivered correctly or even delivered at all.
      An IP packet is called a datagram
    • IP Addresses
      • IP addresses are not the same as the underlying data-link (MAC) addresses.
      • Why ?
      Rensselaer
    • IP Addresses
      • IP is a network layer - it must be capable of providing communication between hosts on different kinds of networks (different data-link implementations).
      • The address must include information about what network the receiving host is on. This is what makes routing feasible.
    • IP Addresses
      • IP addresses are logical addresses (not physical)
      • 32 bits.
      • 64 bits
      • Includes a network ID and a host ID.
      • Every host must have a unique IP address.
      • IP addresses are assigned by a central authority ( American Registry for Internet Numbers for North America).
      IPv4 (version 4) IPv6 (version 6)
    • Network and Host IDs
      • A Network ID is assigned to an organization by a global authority.
      • Host IDs are assigned locally by a system administrator.
      • Both the Network ID and the Host ID are used for routing.
    • IP Addresses
      • IP Addresses are usually shown in dotted decimal notation:
      • 1.2.3.4 00000001 00000010 00000011 00000100
      • cs.rpi.edu is 128.213.1.1
      • 10 000000 11010101 00000001 00000001
      CS has a class B network
    •  
    • Host and Network Addresses
      • A single network interface is assigned a single IP address called the host address.
      • A host may have multiple interfaces, and therefore multiple host addresses.
      • Hosts that share a network all have the same IP network address (the network ID).
    • Mapping IP Addresses to Hardware Addresses
      • IP Addresses are not recognized by hardware.
      • If we know the IP address of a host, how do we find out the hardware address ?
      • The process of finding the hardware address of a host given the IP address is called
      • Address Resolution
    • ARP
      • The Address Resolution Protocol is used by a sending host when it knows the IP address of the destination but needs the Ethernet (or whatever) address.
      • ARP is a broadcast protocol - every host on the network receives the request.
      • Each host checks the request against it’s IP address - the right one responds.
      Arp Arp!
    • ARP (cont.)
      • ARP does not need to be done every time an IP datagram is sent - hosts remember the hardware addresses of each other.
      • Part of the ARP protocol specifies that the receiving host should also remember the IP and hardware addresses of the sending host.
    • ARP conversation HEY - Everyone please listen! Will 128.213.1.5 please send me his/her Ethernet address? not me Hi Green! I’m 128.213.1.5, and my Ethernet address is 87:A2:15:35:02:C3
    • Services provided by IP
      • Connectionless Delivery (each datagram is treated individually).
      • Unreliable (delivery is not guaranteed).
      • Fragmentation / Reassembly (based on hardware MTU).
      • Routing.
      • Error detection.
    • IP-Layer Operation IP Data Link Physical IP Data Link Physical IP Data Link Physical Application TCP IP Data Link Physical X A B C Y X A B C Y Application TCP IP Data Link Physical TCP is end-to-end layer
    • Transport Layer & TCP/IP
      • Q: We know that IP is the network layer - so TCP must be the transport layer, right ?
      • A: No… well, almost.
      • TCP is only part of the TCP/IP transport layer - the other part is UDP (User Datagram Protocol).
    • Process Layer Transport Layer Network Layer Data-Link Layer ICMP, ARP & RARP TCP UDP IP 802.3 Process Process
    • UDP User Datagram Protocol
      • UDP is a transport protocol
        • communication between processes
      • UDP uses IP to deliver datagrams to the right host.
      • UDP uses ports to provide communication services to individual processes.
    • Ports
      • TCP/IP uses an abstract destination point called a protocol port.
      • Ports are identified by a positive integer.
      • Operating systems provide some mechanism that processes use to specify a port.
    • Ports Host A Host B Process Process Process Process Process Process
    • UDP
      • Datagram Delivery
      • Connectionless
      • Unreliable
      • Minimal
      The term datagram is also used to describe the unit of transfer of UDP!
    • TCP Transmission Control Protocol
      • TCP is an alternative transport layer protocol supported by TCP/IP.
      • TCP provides:
        • Connection-oriented
        • Reliable
        • Full-duplex
        • Byte-Stream
    • Connection-Oriented
      • Connection oriented means that a virtual connection is established before any user data is transferred.
      • If the connection cannot be established - the user program is notified (finds out).
      • If the connection is ever interrupted - the user program(s) is finds out there is a problem.
    • Reliable
      • Reliable means that every transmission of data is acknowledged by the receiver.
      • If the sender does not receive acknowledgement within a specified amount of time, the sender retransmits the data.
      Reliable does not mean that things don't go wrong, it means that we find out when things go wrong.
    • Byte Stream
      • Stream means that the connection is treated as a stream of bytes.
      • The user application does not need to package data in individual datagrams (as with UDP).
      Somebody needs to do this since IP is delivering all the data, it's just that the application layer doesn't need to do this!
    • Full Duplex
      • TCP provides transfer in both directions (over a single virtual connection).
      • To the application program these appear as 2 unrelated data streams, although TCP can piggyback control and data communication by providing control information (such as an ACK) along with user data.
    • TCP Ports
      • Inter-process communication via TCP is achieved with the use of ports (just like UDP).
      • Common ports and the services that run on them:
              • FTP 21
              • telnet 23
              • SMTP 25
              • http 80
              • POP3 110
    • Addressing in TCP/IP
      • Each TCP/IP address includes:
        • Internet Address
        • Protocol (UDP or TCP)
        • Port Number
      NOTE: TCP/IP is a protocol suite that includes IP, TCP and UDP.
    • TCP/IP Summary
      • IP: network layer protocol
        • unreliable datagram delivery between hosts.
      • UDP: transport layer protocol
        • unreliable datagram delivery between processes.
      • TCP: transport layer protocol
        • reliable, byte-stream delivery between processes.
    • OSI and Protocol Stack OSI: Open Systems Interconnect Link Layer : includes device driver and network interface card Network Layer : handles the movement of packets, i.e. Routing Transport Layer : provides a reliable flow of data between two hosts Application Layer : handles the details of the particular application OSI Model TCP/IP Hierarchy Protocols 7 th Application Layer 6 th Presentation Layer 5 th Session Layer 4 th Transport Layer 3 rd Network Layer 2 nd Link Layer 1 st Physical Layer Application Layer Transport Layer Network Layer Link Layer
    • TCP vs. UDP
      • Q: Which protocol is better ?
      • A: It depends on the application.
      • TCP provides a connection-oriented, reliable, byte stream service (lots of overhead).
      • UDP offers minimal datagram delivery service (as little overhead as possible).
    • Hmmmmm. TCP or UDP ?
      • Electronic commerce?
      • Video server?
      • File transfer?
      • Email ?
      • Chat groups?
      • Robotic surgery controlled remotely over a network?
    • Break
    • TCP Connection Establishment
      • TCP uses a three-way handshake to open a connection:
      • (1) ACTIVE OPEN: Client sends a segment
            • SYN bit set *
            • port number of client
            • initial sequence number (ISN) of client
      • (2) PASSIVE OPEN: Server responds with a segment with
            • SYN bit set *
            • initial sequence number of server
            • ACK for ISN of client
        • (3) Client acknowledges by sending a segment
            • ACK ISN of server (* counts as one byte)
    • C onnection Creation
    • C onnection Creation
    • C onnection Creation
    • C onnection Creation
    • Why is a two-Way Handshake not enough? When aida initiates the data transfer (starting with SeqNo=15322112355) , mng will reject all data. Will be discarded as a duplicate SYN 
    • C onnection Teardown
    • C onnection Teardown
    • C onnection Teardown
    • C onnection Teardown
    • C onnection Teardown
    • T wo-Army Problem Red army Red army Blue army
    • T wo-Army Problem
    • T wo-Army Problem
    • T wo-Army Problem
    • T wo-Army Problem
    • T wo-Army Problem
    • T wo-Army Problem So how many acks of acks are enough??
    • C onnection Teardown Connection close is treated as two separate “close’s” of each simplex connection
    • Sockets
      • Server process multiplexes streams with same source port numbers according to source IP address
      • Socket = (IP address, port number)
      • Each stream (“flow”) is uniquely identified by a socket pair
      • For example: 10.1.1.2:80
    • Packet Exchange for TCP Connection socket() socket() bind() listen() connect() write() read() read() write() Data reply, ack Data request ack of reply close() close() SYN j SYN k, ack j+1 ack k+1 FIN M ack M+1 FIN N ack N+1 CLIENT SERVER accept()
    • netstat –n Lists all active sockets with the address/port number pair
    • netstat –r Displays the routing table
    • netstat –s Displays network statistics
    • ping sends a test packet to a given address and reports the round trip time
    • traceroute discovers the route from a source to a destination
    • TCP/IP Hacks and Attacks
      • Think like Hacker, to stop the intrusion in your own Network
      • Protect your Network, before they(evil hacker) attack the vulnerabilities in your Network
      • Some common attacks
    • Denial of Service Attacks
      • Denial of Service attacks attempt to negate service by
        • exhausting the resources at the victim side (such as network bandwidth, CPU, memory, etc.) ,
        • forcing victim equipment into non operational state
        • hijacking victim equipment/resources for malicious goals.
      • Distributed Denial of Service (DDoS) attack is a special case of the DoS when multiple distributed network nodes (zombies) are used to multiply DoS effect.
    • Early DOS attacks
      • ping of death
        • Simple network flood
        • either single very large ping packet, or a flood of large or small ping packets
      • smurf attack
        • Amplified network flood
        • widespread pings with faked return address (broadcast address)
    • TCP SYN Flood client server SYN RQST SYN ACK Spoofed SYN RQST zombie victim Waiting buffer overflows Zombies SYN ACK
    • Distributed Denial of Service Zombies on innocent computers Server-level DDoS attacks Infrastructure-level DDoS attacks Bandwidth-level DDoS attacks
    • Spoofing X Y Z Mr. Z is that you? Yes I’m here!
    • ARP Cache Poisoning IP -> 192.168.51.36 MAC -> 00:00:00:BB:BB:BB Internal ARP Cache 192.168.51.35 – 00:00:00:CC:CC:CC System B IP -> 192.168.51.35 MAC -> 00:00:00:AA:AA:AA Internal ARP Cache 192.168.51.36 – 00:00:00:CC:CC:CC System A IP -> 192.168.51.37 MAC -> 00:00:00:CC:CC:CC Internal ARP Cache 192.168.51.36 – 00:00:00:BB:BB:BB 192.168.51.35 – 00:00:00:AA:AA:AA Attacker 192.168.51.36 is at 00:00:00:CC:CC:CC 192.168.51.35 is at 00:00:00:CC:CC:CC
    • More DoS attacks Continuous requests for a heavy computational dynamic page HTTP SQL/Application server attack Source and destination IP addresses are the same causing the response to loop TCP SYN Land Local IP address hijack Middleman attack ARP ARP Redirect
    • Mitigation Techniques
    • ACL – Access Control List
      • Layer 4 filtration rules:
      • <protocol,srcIP,dstIP,srcPort,dstPort>
      • SQL Slammer prevention ACL:
      • access-list 101 deny udp any any eq 1434
      • access-list 101 permit ip any any
    • TCP Intercept
    • References
      • “ TCP/IP Illustrated, Volume 1 The Protocols “
      • by W. Richard Stevens
      • “ Internet Working with TCP/IP Volume 1”
      • by Douglas E. Comer
      • THANK YOU!