More on Tcp/Ip


Published on

Published in: Education, Technology
  • Nice !! Download 100 % Free Ebooks, PPts, Study Notes, Novels, etc @
    Are you sure you want to  Yes  No
    Your message goes here

More on Tcp/Ip

  1. 1. TCP/IP Transmission Control Protocol / Internet Protocol Rakhi Saxena Assistant Professor, Deshbandhu College, Delhi University
  2. 2. What is TCP/IP? <ul><li>TCP/IP: Transmission Control Protocol/ Internet Protocol </li></ul><ul><li>TCP/IP is the name of a protocol suite. </li></ul><ul><li>Applications interface with TCP layer to communicate with other peer applications </li></ul>
  3. 3. History of TCP/IP <ul><li>TCP/IP is the brain child of ARPAnet which was developed by the USA DoD (Department of Defense) supported project (Advanced Research Project Agency). </li></ul><ul><li>TCP/IP was first defined in 1974, meant to be used for geographically distant communication. </li></ul><ul><li>It has evolved with many improvements since then. </li></ul>
  4. 4. Why TCP/IP is Popular? <ul><li>Popularity of TCP/IP </li></ul><ul><ul><li>simpler than ISO-OSI model </li></ul></ul><ul><ul><li>provides an elegant solution to world wide data communication. </li></ul></ul><ul><li>Open Protocol Standards, freely available, and independent from any hardware platform. </li></ul><ul><li>The University of Berkeley has incorporated TCP/IP in their BSD Unix. </li></ul>
  5. 5. TCP/IP & OSI <ul><li>In OSI reference model terminology -the TCP/IP protocol suite covers the network and transport layers. </li></ul><ul><li>TCP/IP can be used on many data-link layers (can support many network hardware implementations). </li></ul>Physical Network Interface Data Link Layer Internet (IP) Network Transport (TCP) Transport Session Presentation Application Application Corresponding TCP/IP Layer OSI Model Layer
  6. 6. But First ...
  7. 7. Ethernet - Data-Link Layer <ul><li>It will be useful to discuss a real data-link layer. </li></ul><ul><li>Ethernet (really IEEE 802.3) is widely used. </li></ul><ul><li>CSMA/CD. </li></ul>
  8. 8. Ethernet <ul><li>Multi-access (shared medium). </li></ul><ul><li>Every Ethernet interface has a unique 48 bit address (a.k.a. hardware address- MAC Address ). </li></ul><ul><li>Example: C0:B3:44:17:21:17 </li></ul><ul><li>The broadcast address is all 1’s. </li></ul><ul><li>Addresses are assigned to vendors by a central authority. </li></ul>
  9. 9. MAC address <ul><li>Is globally unique and is written onto the hardware at the time of manufacture. </li></ul><ul><li>MAC address is 48 bits (6 bytes) long </li></ul><ul><li>The first three bytes identify the manufacturer; are assigned by IEEE </li></ul><ul><li>The last three bytes are assigned by the manufacturer </li></ul>
  10. 10. ipconfig/ ifconfig
  11. 12. Back to TCP/IP
  12. 13. Internet Protocol The IP in TCP/IP <ul><li>IP is the network layer </li></ul><ul><ul><li>packet delivery service (host-to-host). </li></ul></ul><ul><ul><li>translation between different data-link protocols. </li></ul></ul>
  13. 14. IP Datagrams <ul><li>IP provides connectionless, unreliable delivery of IP datagrams. </li></ul><ul><ul><li>Connectionless : each datagram is independent of all others. </li></ul></ul><ul><ul><li>Unreliable : there is no guarantee that datagrams are delivered correctly or even delivered at all. </li></ul></ul>An IP packet is called a datagram
  14. 15. IP Addresses <ul><li>IP addresses are not the same as the underlying data-link (MAC) addresses. </li></ul><ul><li>Why ? </li></ul>Rensselaer
  15. 16. IP Addresses <ul><li>IP is a network layer - it must be capable of providing communication between hosts on different kinds of networks (different data-link implementations). </li></ul><ul><li>The address must include information about what network the receiving host is on. This is what makes routing feasible. </li></ul>
  16. 17. IP Addresses <ul><li>IP addresses are logical addresses (not physical) </li></ul><ul><li>32 bits. </li></ul><ul><li>64 bits </li></ul><ul><li>Includes a network ID and a host ID. </li></ul><ul><li>Every host must have a unique IP address. </li></ul><ul><li>IP addresses are assigned by a central authority ( American Registry for Internet Numbers for North America). </li></ul>IPv4 (version 4) IPv6 (version 6)
  17. 18. Network and Host IDs <ul><li>A Network ID is assigned to an organization by a global authority. </li></ul><ul><li>Host IDs are assigned locally by a system administrator. </li></ul><ul><li>Both the Network ID and the Host ID are used for routing. </li></ul>
  18. 19. IP Addresses <ul><li>IP Addresses are usually shown in dotted decimal notation: </li></ul><ul><li> 00000001 00000010 00000011 00000100 </li></ul><ul><li> is </li></ul><ul><li>10 000000 11010101 00000001 00000001 </li></ul>CS has a class B network
  19. 21. Host and Network Addresses <ul><li>A single network interface is assigned a single IP address called the host address. </li></ul><ul><li>A host may have multiple interfaces, and therefore multiple host addresses. </li></ul><ul><li>Hosts that share a network all have the same IP network address (the network ID). </li></ul>
  20. 22. Mapping IP Addresses to Hardware Addresses <ul><li>IP Addresses are not recognized by hardware. </li></ul><ul><li>If we know the IP address of a host, how do we find out the hardware address ? </li></ul><ul><li>The process of finding the hardware address of a host given the IP address is called </li></ul><ul><li>Address Resolution </li></ul>
  21. 23. ARP <ul><li>The Address Resolution Protocol is used by a sending host when it knows the IP address of the destination but needs the Ethernet (or whatever) address. </li></ul><ul><li>ARP is a broadcast protocol - every host on the network receives the request. </li></ul><ul><li>Each host checks the request against it’s IP address - the right one responds. </li></ul>Arp Arp!
  22. 24. ARP (cont.) <ul><li>ARP does not need to be done every time an IP datagram is sent - hosts remember the hardware addresses of each other. </li></ul><ul><li>Part of the ARP protocol specifies that the receiving host should also remember the IP and hardware addresses of the sending host. </li></ul>
  23. 25. ARP conversation HEY - Everyone please listen! Will please send me his/her Ethernet address? not me Hi Green! I’m, and my Ethernet address is 87:A2:15:35:02:C3
  24. 26. Services provided by IP <ul><li>Connectionless Delivery (each datagram is treated individually). </li></ul><ul><li>Unreliable (delivery is not guaranteed). </li></ul><ul><li>Fragmentation / Reassembly (based on hardware MTU). </li></ul><ul><li>Routing. </li></ul><ul><li>Error detection. </li></ul>
  25. 27. IP-Layer Operation IP Data Link Physical IP Data Link Physical IP Data Link Physical Application TCP IP Data Link Physical X A B C Y X A B C Y Application TCP IP Data Link Physical TCP is end-to-end layer
  26. 28. Transport Layer & TCP/IP <ul><li>Q: We know that IP is the network layer - so TCP must be the transport layer, right ? </li></ul><ul><li>A: No… well, almost. </li></ul><ul><li>TCP is only part of the TCP/IP transport layer - the other part is UDP (User Datagram Protocol). </li></ul>
  27. 29. Process Layer Transport Layer Network Layer Data-Link Layer ICMP, ARP & RARP TCP UDP IP 802.3 Process Process
  28. 30. UDP User Datagram Protocol <ul><li>UDP is a transport protocol </li></ul><ul><ul><li>communication between processes </li></ul></ul><ul><li>UDP uses IP to deliver datagrams to the right host. </li></ul><ul><li>UDP uses ports to provide communication services to individual processes. </li></ul>
  29. 31. Ports <ul><li>TCP/IP uses an abstract destination point called a protocol port. </li></ul><ul><li>Ports are identified by a positive integer. </li></ul><ul><li>Operating systems provide some mechanism that processes use to specify a port. </li></ul>
  30. 32. Ports Host A Host B Process Process Process Process Process Process
  31. 33. UDP <ul><li>Datagram Delivery </li></ul><ul><li>Connectionless </li></ul><ul><li>Unreliable </li></ul><ul><li>Minimal </li></ul>The term datagram is also used to describe the unit of transfer of UDP!
  32. 34. TCP Transmission Control Protocol <ul><li>TCP is an alternative transport layer protocol supported by TCP/IP. </li></ul><ul><li>TCP provides: </li></ul><ul><ul><li>Connection-oriented </li></ul></ul><ul><ul><li>Reliable </li></ul></ul><ul><ul><li>Full-duplex </li></ul></ul><ul><ul><li>Byte-Stream </li></ul></ul>
  33. 35. Connection-Oriented <ul><li>Connection oriented means that a virtual connection is established before any user data is transferred. </li></ul><ul><li>If the connection cannot be established - the user program is notified (finds out). </li></ul><ul><li>If the connection is ever interrupted - the user program(s) is finds out there is a problem. </li></ul>
  34. 36. Reliable <ul><li>Reliable means that every transmission of data is acknowledged by the receiver. </li></ul><ul><li>If the sender does not receive acknowledgement within a specified amount of time, the sender retransmits the data. </li></ul>Reliable does not mean that things don't go wrong, it means that we find out when things go wrong.
  35. 37. Byte Stream <ul><li>Stream means that the connection is treated as a stream of bytes. </li></ul><ul><li>The user application does not need to package data in individual datagrams (as with UDP). </li></ul>Somebody needs to do this since IP is delivering all the data, it's just that the application layer doesn't need to do this!
  36. 38. Full Duplex <ul><li>TCP provides transfer in both directions (over a single virtual connection). </li></ul><ul><li>To the application program these appear as 2 unrelated data streams, although TCP can piggyback control and data communication by providing control information (such as an ACK) along with user data. </li></ul>
  37. 39. TCP Ports <ul><li>Inter-process communication via TCP is achieved with the use of ports (just like UDP). </li></ul><ul><li>Common ports and the services that run on them: </li></ul><ul><ul><ul><ul><ul><li>FTP 21 </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>telnet 23 </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>SMTP 25 </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>http 80 </li></ul></ul></ul></ul></ul><ul><ul><ul><ul><ul><li>POP3 110 </li></ul></ul></ul></ul></ul>
  38. 40. Addressing in TCP/IP <ul><li>Each TCP/IP address includes: </li></ul><ul><ul><li>Internet Address </li></ul></ul><ul><ul><li>Protocol (UDP or TCP) </li></ul></ul><ul><ul><li>Port Number </li></ul></ul>NOTE: TCP/IP is a protocol suite that includes IP, TCP and UDP.
  39. 41. TCP/IP Summary <ul><li>IP: network layer protocol </li></ul><ul><ul><li>unreliable datagram delivery between hosts. </li></ul></ul><ul><li>UDP: transport layer protocol </li></ul><ul><ul><li>unreliable datagram delivery between processes. </li></ul></ul><ul><li>TCP: transport layer protocol </li></ul><ul><ul><li>reliable, byte-stream delivery between processes. </li></ul></ul>
  40. 42. OSI and Protocol Stack OSI: Open Systems Interconnect Link Layer : includes device driver and network interface card Network Layer : handles the movement of packets, i.e. Routing Transport Layer : provides a reliable flow of data between two hosts Application Layer : handles the details of the particular application OSI Model TCP/IP Hierarchy Protocols 7 th Application Layer 6 th Presentation Layer 5 th Session Layer 4 th Transport Layer 3 rd Network Layer 2 nd Link Layer 1 st Physical Layer Application Layer Transport Layer Network Layer Link Layer
  41. 43. TCP vs. UDP <ul><li>Q: Which protocol is better ? </li></ul><ul><li>A: It depends on the application. </li></ul><ul><li>TCP provides a connection-oriented, reliable, byte stream service (lots of overhead). </li></ul><ul><li>UDP offers minimal datagram delivery service (as little overhead as possible). </li></ul>
  42. 44. Hmmmmm. TCP or UDP ? <ul><li>Electronic commerce? </li></ul><ul><li>Video server? </li></ul><ul><li>File transfer? </li></ul><ul><li>Email ? </li></ul><ul><li>Chat groups? </li></ul><ul><li>Robotic surgery controlled remotely over a network? </li></ul>
  43. 45. Break
  44. 46. TCP Connection Establishment <ul><li>TCP uses a three-way handshake to open a connection: </li></ul><ul><li>(1) ACTIVE OPEN: Client sends a segment </li></ul><ul><ul><ul><ul><li>SYN bit set * </li></ul></ul></ul></ul><ul><ul><ul><ul><li>port number of client </li></ul></ul></ul></ul><ul><ul><ul><ul><li>initial sequence number (ISN) of client </li></ul></ul></ul></ul><ul><li>(2) PASSIVE OPEN: Server responds with a segment with </li></ul><ul><ul><ul><ul><li>SYN bit set * </li></ul></ul></ul></ul><ul><ul><ul><ul><li>initial sequence number of server </li></ul></ul></ul></ul><ul><ul><ul><ul><li>ACK for ISN of client </li></ul></ul></ul></ul><ul><ul><li>(3) Client acknowledges by sending a segment </li></ul></ul><ul><ul><ul><ul><li>ACK ISN of server (* counts as one byte) </li></ul></ul></ul></ul>
  45. 47. C onnection Creation
  46. 48. C onnection Creation
  47. 49. C onnection Creation
  48. 50. C onnection Creation
  49. 51. Why is a two-Way Handshake not enough? When aida initiates the data transfer (starting with SeqNo=15322112355) , mng will reject all data. Will be discarded as a duplicate SYN 
  50. 52. C onnection Teardown
  51. 53. C onnection Teardown
  52. 54. C onnection Teardown
  53. 55. C onnection Teardown
  54. 56. C onnection Teardown
  55. 57. T wo-Army Problem Red army Red army Blue army
  56. 58. T wo-Army Problem
  57. 59. T wo-Army Problem
  58. 60. T wo-Army Problem
  59. 61. T wo-Army Problem
  60. 62. T wo-Army Problem
  61. 63. T wo-Army Problem So how many acks of acks are enough??
  62. 64. C onnection Teardown Connection close is treated as two separate “close’s” of each simplex connection
  63. 65. Sockets <ul><li>Server process multiplexes streams with same source port numbers according to source IP address </li></ul><ul><li>Socket = (IP address, port number) </li></ul><ul><li>Each stream (“flow”) is uniquely identified by a socket pair </li></ul><ul><li>For example: </li></ul>
  64. 66. Packet Exchange for TCP Connection socket() socket() bind() listen() connect() write() read() read() write() Data reply, ack Data request ack of reply close() close() SYN j SYN k, ack j+1 ack k+1 FIN M ack M+1 FIN N ack N+1 CLIENT SERVER accept()
  65. 67. netstat –n Lists all active sockets with the address/port number pair
  66. 68. netstat –r Displays the routing table
  67. 69. netstat –s Displays network statistics
  68. 70. ping sends a test packet to a given address and reports the round trip time
  69. 71. traceroute discovers the route from a source to a destination
  70. 72. TCP/IP Hacks and Attacks <ul><li>Think like Hacker, to stop the intrusion in your own Network </li></ul><ul><li>Protect your Network, before they(evil hacker) attack the vulnerabilities in your Network </li></ul>
  71. 73. <ul><li>Some common attacks </li></ul>
  72. 74. Denial of Service Attacks <ul><li>Denial of Service attacks attempt to negate service by </li></ul><ul><ul><li>exhausting the resources at the victim side (such as network bandwidth, CPU, memory, etc.) , </li></ul></ul><ul><ul><li>forcing victim equipment into non operational state </li></ul></ul><ul><ul><li>hijacking victim equipment/resources for malicious goals. </li></ul></ul><ul><li>Distributed Denial of Service (DDoS) attack is a special case of the DoS when multiple distributed network nodes (zombies) are used to multiply DoS effect. </li></ul>
  73. 75. Early DOS attacks <ul><li>ping of death </li></ul><ul><ul><li>Simple network flood </li></ul></ul><ul><ul><li>either single very large ping packet, or a flood of large or small ping packets </li></ul></ul><ul><li>smurf attack </li></ul><ul><ul><li>Amplified network flood </li></ul></ul><ul><ul><li>widespread pings with faked return address (broadcast address) </li></ul></ul>
  74. 76. TCP SYN Flood client server SYN RQST SYN ACK Spoofed SYN RQST zombie victim Waiting buffer overflows Zombies SYN ACK
  75. 77. Distributed Denial of Service Zombies on innocent computers Server-level DDoS attacks Infrastructure-level DDoS attacks Bandwidth-level DDoS attacks
  76. 78. Spoofing X Y Z Mr. Z is that you? Yes I’m here!
  77. 79. ARP Cache Poisoning IP -> MAC -> 00:00:00:BB:BB:BB Internal ARP Cache – 00:00:00:CC:CC:CC System B IP -> MAC -> 00:00:00:AA:AA:AA Internal ARP Cache – 00:00:00:CC:CC:CC System A IP -> MAC -> 00:00:00:CC:CC:CC Internal ARP Cache – 00:00:00:BB:BB:BB – 00:00:00:AA:AA:AA Attacker is at 00:00:00:CC:CC:CC is at 00:00:00:CC:CC:CC
  78. 80. More DoS attacks Continuous requests for a heavy computational dynamic page HTTP SQL/Application server attack Source and destination IP addresses are the same causing the response to loop TCP SYN Land Local IP address hijack Middleman attack ARP ARP Redirect
  79. 81. Mitigation Techniques
  80. 82. ACL – Access Control List <ul><li>Layer 4 filtration rules: </li></ul><ul><li><protocol,srcIP,dstIP,srcPort,dstPort> </li></ul><ul><li>SQL Slammer prevention ACL: </li></ul><ul><li>access-list 101 deny udp any any eq 1434 </li></ul><ul><li>access-list 101 permit ip any any </li></ul>
  81. 83. TCP Intercept
  82. 84. References <ul><li>“ TCP/IP Illustrated, Volume 1 The Protocols “ </li></ul><ul><li>by W. Richard Stevens </li></ul><ul><li>“ Internet Working with TCP/IP Volume 1” </li></ul><ul><li>by Douglas E. Comer </li></ul>
  83. 85. <ul><li>THANK YOU! </li></ul>