Downloaded 243 times
![Cache
• Requires more bandwidth for every outgoing
packet sending ARP request and waiting for
responses
• ARP cache maintained at each node
ARP entries ARP timeout time
windows 256 10 mins
Linux fedora 1024 60 s
23
arp -a to show
arp -d [IP] to delete
arp –s [IP] [MAC] to add](https://image.slidesharecdn.com/chap2-141119002448-conversion-gate02/75/Chap2-ipv4-arp-icmp-23-2048.jpg)
![Tools
• Ping, packet Internet groper
– sends an ICMP echo request to a remote host,
which then return an ICMP echo reply to the
sender
Windows ping program
Ping [IP] [-t] [-n Count] [-l Size] [-w Timeout]
-t Sends Echoes until interrupted
-n Count Specifies the number of Echo Request messages sent
-l Size Specifies the length, in bytes, of the Data field in the
Echo Request messages sent(Default is 32Bytes)
-w Timeout Specifies the amount of time, in milliseconds to wait
for the Echo Reply(Default is 1000=1s)
46](https://image.slidesharecdn.com/chap2-141119002448-conversion-gate02/75/Chap2-ipv4-arp-icmp-46-2048.jpg)
Uploaded by東原 李
Chap2. ipv4-arp-icmp
This document provides an overview of IPv4, ARP, and ICMP. It describes IPv4 addressing including classful addressing using classes A-E, classless addressing using CIDR notation, and special addresses. It also covers ARP including its operation, format, cache, and applications like proxy ARP and ARP spoofing. ICMP is introduced including its operation, format, types of messages for error reporting and querying, and tools. Hands-on examples of ARP requests, replies, probes and gratuitous ARP are also provided.
More Related Content
Similar to Chap2. ipv4-arp-icmp
![Vibe Coding vs. Spec-Driven Development [Free Meetup]](https://cdn.slidesharecdn.com/ss_thumbnails/vibecodingvsspecdrivendevelopment-251209105622-43f455e7-thumbnail.jpg?width=640&height=640&fit=bounds)
Chap2. ipv4-arp-icmp
- 1. Lesson 2 IPv4/ARP/ICMP Yuan Application Engineer / iConnectivity Group (ICG) 2014.11.5 1
- 2. Outline • IPv4 • ARP • ICMP 2
- 3.
- 4. Outline • IPv4 – Overview – Classful Addressing – Classless Addressing – Special Addresses – NAT • ARP • ICMP 4
- 5. Overview • InternetProtocol version 4 – The fourth version in the development of the Internet Protocol (IP) Internet – IPv4 is described in IETF publication RFC 791 (September 1981), replacing an earlier definition (RFC 760, January 1980) • Addressing – 32-bit(4-byte) – Address space to 232 addresses 5
- 6. Classful Addressing •Divides into 5 classes 1 1 1 1 0 0 0 0 Class A: 231= 2,147,483,648 addresses, 50% Class B: 230= 1,073,741,824 addresses, 25% Class C: 229= 536,870,912 addresses, 12.5% Class D: 228= 268,435,456 addresses, 6.25% Class E: 228= 268,435,456 addresses, 6.25% 6 8 bits 8 bits 8 bits 8 bits Class A 0……. Class B 10…… Class C 110….. Class D 1110…. Class E 1111…. 8 bits 8 bits 8 bits 8 bits Class A 0-127 Class B 128-191 Class C 192-223 Class D 224-299 Class E 240-255 Class A Class B Class C Class D Class E
- 7. Classful Addressing •Two-level addressing – netid, hostid, like Tel: (02)2792-7818 – Network address, network mask(default mask) 8 bits 8 bits 8 bits 8 bits Class A netid hostid 128 nets, 16,777,214 hosts per net Class B netid hostid 16,384 nets, 65,534 host per net Class C netid hostid 2,097,152 nets, 254 host per net Class D Multicast address Class E Reserve 8 bits 8 bits 8 bits 8 bits Network mask Class A 11111111 00000000 00000000 00000000 255.0.0.0 Class B 11111111 11111111 00000000 00000000 255.255.0.0 Class C 11111111 11111111 11111111 00000000 255.255.255.0 7
- 8. Classful Addressing •Three-level addressing – Subnetting • Network address, subnet address, host address, like Tel: (02)2792-7818 • Subnet Mask Class B 10101000 01011111 00000000 00000000 (168.95.0.0) 10101000 01011111 00000000 00000000 (168.95.0.0) 8 network address network address host address host address subnet address 8 bits 8 bits 8 bits 8 bits Class B 10101000 01011111 11000000 00000001 168.95.192.1 Network mask 11111111 11111111 00000000 00000000 255.255.0.0 Subnet mask 11111111 11111111 11111000 00000000 255.255.248.0
- 9. Classful Addressing •Three-level addressing – Supernetting • Supernet Mask Class C 11101000 01011111 00111000 00000000 (232.95.56.0) 11101000 01011111 00111000 00000000 subnetting 11101000 01011111 00111000 00000000 supernetting network address host address 9 network address network address host address host address 8 bits 8 bits 8 bits 8 bits Class B 11101000 01011111 00111010 00000001 235.95.58.1 Network mask 11111111 11111111 11111111 00000000 255.255.255.0 Supernet mask 11111111 11111111 11111000 00000000 255.255.248.0 Subnet mask 11111111 11111111 11111111 11100000 255.255.255.224
- 10. Classful Addressing •Class 4 -IP multicast addressing – the address denotes the recipient group – no geographic or location boundaries Class D Multicast Address Allocations by IANA Description IPv4 Address Range Local-link address (reserved) 224.0.0.0/24 Globally scope address (assigned) 224.0.1.0 to 238.255.255.255 Source-specific multicast 232.0.0.0/8 GLOP addresses 233.0.0.0/8 10 Administratively scoped addresses (local) 239.0.0.0/8
- 11. Classless Addressing •Classful addressing, the network portion ends on one of the separating dots in the address • Classless addressing uses a variable number of bits for the network and host portions of the address Classful addressing 11101000 01011111 00111000 00000000 Classless addressing 11101000 01 011111 00111000 00000000 11 …… …… …… …… Address Space Address Space Blocks of same size Blocks of different sizes
- 12. Classless Addressing •Prefix: internet, like netid • Suffix: host, like hostid • CIDR, classless interdomain routing, slash notation byte . byte . byte . byte / n=prefix length Slash notation Network mask 230.8.24.56/16 block 230.8.0.0 to 230.8.255.255 255.255.0.0 230.8.24.56/20 block 230.8.16.0 to 230.8.31.255 255.255.240.0 230.8.24.56/26 block 230.8.24.0 to 230.8.24.63 255.255.255.192 230.8.24.56/27 block 230.8.24.32 to 230.8.24.63 255.255.255.224 230.8.24.56/29 block 230.8.24.56 to 230.8.24.63 255.255.255.248 12 Classful addressing Level Prefix length A /8 B /16 C /24 D /4 E /4
- 13. Special Addresses •This network: host ID all zero – 203.75.205.0, this class C network • Broadcast: host ID all one, also use in subnet – 203.75.205.255, broadcast in 203.74.205.0 • Limit(Local) broadcast: broadcast in local network – 255.255.255.255, broadcast in the same network • Private IP address Private IP Class A 10.0.0.0 – 10.255.255.255 Class B 172.16.0.0 – 172.31.255.255 Class C 192.168.0.0 – 192.168.255.255 13
- 14. Special Addresses Reservedaddress blocks Range Description Reference 0.0.0.0/8 Current network (only valid as source address) RFC 6890 10.0.0.0/8 Private network RFC 1918 100.64.0.0/10 Shared Address Space RFC 6598 127.0.0.0/8 Loopback RFC 6890 169.254.0.0/16 Link-local RFC 3927 172.16.0.0/12 Private network RFC 1918 192.0.0.0/24 IETF Protocol Assignments RFC 6890 192.0.2.0/24 TEST-NET-1, documentation and examples RFC 5737 192.88.99.0/24 IPv6 to IPv4 relay RFC 3068 192.168.0.0/16 Private network RFC 1918 198.18.0.0/15 Network benchmark tests RFC 2544 198.51.100.0/24 TEST-NET-2, documentation and examples RFC 5737 203.0.113.0/24 TEST-NET-3, documentation and examples RFC 5737 224.0.0.0/4 IP multicast (former Class D network) RFC 5771 240.0.0.0/4 Reserved (former Class E network) RFC 1700 255.255.255.255 Broadcast RFC 919 14
- 15. NAT • NAT(Network Address Translator) – Modify network address into another – Static NAT: 1 private IP to 1 public IP – Dynamic NAT: 1 private IP to many unfixed public IP – NAPT(Network Address Port Translation) • Record port number • Many private IP to 1 public IP • IP Masquerade 15
- 16. NAPT Internet PrivateIP Private 16 A 80 25.8.3.2 172.18.3.30 B C D LAN NAT router 172.18.3.1 172.18.3.2 172.18.3.3 172.18.3.4 1400 1401 1402 1403 port Public IP Public port Layer 4 protocol 172.18.3.1 1400 25.8.3.2 80 TCP 172.18.3.2 1401 80 TCP 172.18.3.3 1402 80 TCP 172.18.3.4 1403 80 TCP
- 17.
- 18. Outline • IPv4 • ARP – Introduction – Operation – Cache – Format – Application • ICMP 18
- 19. Introduction • AddressResolution Protocol – RFC 826, Internet Standard STD 37 – To make a distinction between logical address (IP address) and physical address (MAC address) IP 19 IGMP ICMP ARP Internet Layer logical address physical address TCP/IP suite
- 20. Operation 20 Lookingfor physical address of a node with IP address 166.16.66.1 A B C D LAN request • ARP request – broadcast
- 21. Operation 21 A 166.16.66.1 physical address is A5:00:00:00:00:01 B C D LAN reply • ARP reply – unitcast
- 22. Format ARP frameEtherType: 0x0806 22 Preamble and SD Destination address Source address Type Data CRC 8 bytes 6 bytes 6 bytes 2 bytes 4 bytes Ex:0x0001 Ethernet Ex:IP address Ex:6 Ethernet Ex:4 IP Ex: 0x0800 IP address ARP Request or Reply packet
- 23. Cache • Requiresmore bandwidth for every outgoing packet sending ARP request and waiting for responses • ARP cache maintained at each node ARP entries ARP timeout time windows 256 10 mins Linux fedora 1024 60 s 23 arp -a to show arp -d [IP] to delete arp –s [IP] [MAC] to add
- 24. Cache ARP entriesARP timeout time EKI-7756 6144 20 mins 24 EKI-7756 #arp brief EKI-7756 #show arp switch
- 25. Application • ProxyARP – Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks. 25
- 26. Application • ARPSpoofing – Malicious host sends unsolicited ARP replies to take over another host’s IP address – For what? • Passive sniffing • Modifying packets (man-in-the-middle attack) • Denial-of-service attack 26
- 27. Application • ARPprobe – an ARP request constructed with an all-zero sender IP address – used in the IPv4 Address Conflict Detection specification (RFC 5227) – Sent when there is any change in connectivity – Should not send periodically 27
- 28. Application • ARPAnnouncements (gratuitous ARP) – Updating other host's mapping of a hardware address when the sender's IP address or MAC address has changed – Broadcast as an ARP request containing the sender's protocol address (SPA) in the target field (TPA=SPA), with the target hardware address (THA) set to zero. – detecting IP conflicts – No ARP reply is expected 28
- 29. Hands On •ARP request 172.17.6.23 78:24:AF:82:8B:AA A D 29 LAN request 172.17.6.17 78:24:AF:82:8B:A1 0x0001 0x0800 0x06 0x04 0x0001 78:24:AF:82:8B:AA 172.17.6.23 00:00:00:00:00:00 172.17.6.17 Preamble and SD FF:FF:FF:FF:FF:FF 78:24:Af:82:8B:AA 0x0806 data CRC
- 30. Hands On •ARP reply A D 30 LAN reply 172.17.6.23 78:24:AF:82:8B:AA 172.17.6.17 78:24:AF:82:8B:A1 0x0001 0x0800 0x06 0x04 0x0002 78:24:AF:82:8B:A1 172.17.6.17 78:24:AF:82:8B:AA 172.17.6.23 Preamble and SD 78:24:Af:82:8B:AA 78:24:AF:82:8B:A1 0x0806 data CRC
- 31. Hands On •ARP probe • Gratuitous ARP 31
- 32.
- 33. Outline • IPv4 • ARP • ICMP – Introduction – Operation – Format – Types of ICMP – Tools 33
- 34. Introduction • InternetControl Message Protocol – RFC 792 – IP provides unreliable and connectionless delivery – Error reporting protocol for IP – Does not correct the encountered network problem – ICMP for IPv4 is known as ICMPv4, and IPv6 is also known as ICMPv6 34
- 35. Operation • Triggeredwhen an IP packet encounters a problem, then ICMP packet sent back to the source IP address ICMP message L3 IP header IP data 35 IP TCP/IP suite IGMP ICMP ARP Internet Layer IP protocol numbers: 0x01 Ethernet Frame header frame data
- 36. Format – Type:ICMP type – Code: ICMP subtype – Checksum: Error checking data – Rest of Header: Contents very based on the ICMP type and code – Data 1 byte 1 byte 2 bytes 36 ICMP header Type Code Checksum Rest of Header Data Data section(no fixed length)
- 37. Types of ICMP • Error-reporting message: Report problems • Query message: Get specific information Category Type Message 37 Error-reporting Message 3 Destination unreachable 4 Source quench 11 Time exceeded 12 Parameter problem 5 Redirection Query Message 8 or 0 Echo request or reply 13 or 14 Timestamp request and reply 17 or 18 Address mask request and reply 10 or 9 Router solicitation and advertisement
- 38. Types of ICMP • Error-reporting message error-reporting message 38 destination-unreachable message source-quench message time-exceeded message parameter-problem message redirection message IP Header 8 bytes IP data ICMP Header IP Header 8 bytes IP Header ICMP Header IP Header 8 bytes receive packet ICMP packet deliver packet
- 39. Types of ICMP • Error-reporting message 39 destination-unreachable message ICMP header Type=3 Code=0-15 Checksum Rest of Header=unused (all zero) Data IP header and first 8 bytes of original datagram’s data Router A B
- 40. Types of ICMP • Error-reporting message 40 source-quench message ICMP header Type=4 Code=0 Checksum Rest of Header=unused (all zero) Data IP header and first 8 bytes of original datagram’s data Router Source-quench 85%
- 41. Types of ICMP • Error-reporting message 41 time-exceeded message ICMP header Type=11 Code=0 or 1 Checksum Rest of Header=unused (all zero) Data IP header and first 8 bytes of original datagram’s data • Code=0, TTL count exceeded • Code=1, Fragment reassembly time exceeded Router Router Time-exceeded TTL=1 X
- 42. Types of ICMP • Error-reporting message 42 parameter-problem message ICMP header Type=12 Code=0,1,2 Checksum index unused (all zero) Data IP header and first 8 bytes of original datagram’s data • Code=0, Pointer indicates the error • Code=1, Missing a required option • Code=2, Bad length
- 43. Types of ICMP • Error-reporting message 43 redirection message ICMP header Type=5 Code=0-3 Checksum Rest of Header= IP address Data IP header and first 8 bytes of original datagram’s data Code Description 0 Redirect for Network 1 Redirect for Host 2 Redirect for Type of Service and Network 3 Redirect for Type of Service and Host
- 44. Types of ICMP • Query message: Get specific information 44 echo-request message echo-reply message ICMP header Type=8 or 0 Code=0 Checksum identifier sequence number Data Optional data Sent by the request message; repeated by the reply message • type=8, echo-request • type=0, echo reply
- 45. Types of ICMP • Query message: Get specific information 45 timestamp-request message timestamp-reply message ICMP header Type=13, 14 Code=0 Checksum identifier sequence number Data originate timestamp receive timestamp transmit timestamp • type=13, timestamp-request message • type=14, timestamp-reply message • 32 bits timestamp, universal time(ms), <86,400,000
- 46. Tools • Ping,packet Internet groper – sends an ICMP echo request to a remote host, which then return an ICMP echo reply to the sender Windows ping program Ping [IP] [-t] [-n Count] [-l Size] [-w Timeout] -t Sends Echoes until interrupted -n Count Specifies the number of Echo Request messages sent -l Size Specifies the length, in bytes, of the Data field in the Echo Request messages sent(Default is 32Bytes) -w Timeout Specifies the amount of time, in milliseconds to wait for the Echo Reply(Default is 1000=1s) 46
- 47. Tools • Tracerouteprogram – Determine a path from a host to a destination node – Each router along the path decreases the TTL – Concept 47
- 48. Tools 48 Ping tracert
- 49. What Ping TTLdefault ? 49 Guess TTL default (a) 128 (b) 64
- 50. What Ping TTLdefault ? 50 128+0=128 127+1=128 Guess again, TTL default (a) 128 (b) 64
- 51. What Ping TTLdefault ? 51 And this, TTL default (a) 128 (b) 64 53+11=64 Ping TTL default Depends on IP?
- 52. What Ping TTLdefault ? Request ttl=128 Reply ttl=128 52 windows Default=128 windows Default=128
- 53. What Ping TTLdefault ? 53 Request ttl=128 Reply ttl=127 windows Default=128 windows Default=128 Request ttl=127 Reply ttl=128
- 54. What Ping TTLdefault ? Default=128 Default=64 54 Request ttl=128 Reply ttl=53 Request ttl=117 Reply ttl=64 Request ttl=127 Reply ttl=54 11 routers
- 55. Ping TTL default • Ping program TTL default depends on OS ICMP packet default. • The TTL shows on the ping program, depends on the sender ICMP default. • Windows XP/Vista/7 ICMP TTL is 128 • Linux 2.0.x kernal/Red Hat 9 ICMP TTL is 64 • We can guess the sender OS by TTL. 55
- 56.