This document provides an overview of the CIS 3360: Security in Computing course being taught by Cliff Zou in Spring 2012. The objectives of the course are to obtain basic knowledge of computer networking, the Internet, network applications and protocols like TCP/IP. It introduces some key concepts like the layered Internet protocol stack, packet switching, and the hierarchical structure of the Internet as a network of networks consisting of end systems, routers, and communication links. Example applications and protocols for each layer are also discussed at a high level.

1. CIS 3360: Security in Computing
Pre-Knowledge: Internet and Networking
Cliff Zou
Spring 2012

2. 2
Objectives
 Obtain the basic knowledge of computer
networking and the Internet
 Concepts of network applications, Internet
 Basic knowledge of network protocols: TCP/IP
 Reading assignment:
 Wikipiedia tutorials:
 http://en.wikipedia.org/wiki/Internet
 http://en.wikipedia.org/wiki/TCP/IP
 Reference book:
 Computer Networking: A Top Down Approach
Featuring the Internet, 5th edition. Jim Kurose,
Keith Ross, Addison-Wesley, Pearson
Education, 2010

3. Lecture Materials
Some of these slides are adapted from the
slides copyrighted by
Jim Kurose, Keith Ross
Addison-Wesley, Pearson
Education2010.
Computer Networking: A Top Down
Approach Featuring the Internet, 5th
edition.
3

4. 4
A Little Bit of Internet History
 1961: Kleinrock - queueing theory shows effectiveness of packet-
switching
 1967: ARPAnet conceived by Advanced Research Projects Agency
 1969: First ARPAnet node operational
 1972: 15 nodes in ARPAnet; First e-mail program
 1973: Metcalfe’s PhD thesis proposes Ethernet
 1974: Cerf and Kahn - architecture for interconnecting networks
 1983: deployment of TCP/IP
 1982: smtp e-mail protocol defined
 1983: DNS defined for name-to-IP-address translation
 early 1990s: Web
 Late 1990’s – 2000’s: instant messaging, P2P file sharing; network
security, est. 50 million host, 100 million+ users, backbone links
running at Gbps

5. 5
Cerf and Kahn’s internetworking principles:
 minimalism, autonomy - no internal
changes required to interconnect
networks
 best effort service model
 stateless routers
 decentralized control
define today’s Internet architecture

6. 6
What is the Internet?
Application Application
Network Network
Data Link
Transport Transport
Data Link
Physical
link
Web, Email…
TCP, UDP
IP
Ethernet, cellular

7. Some Internet applications
 E-mail
 Web
 Instant messaging
 Remote login
 P2P file sharing
 Multi-user network
games
 Streaming stored video
clips
 Internet telephone
 Real-time video
conference
 Massive parallel
computing

8. 8 8
Internet
 Internet: loosely
hierarchical “network of
networks”
 Major Components: Hosts,
Routers, Communication links
 Protocols: for sending,
receiving of msgs
 e.g., TCP, IP, HTTP, FTP, PPP
 Internet standards
 RFC: Request for comments
 IETF: Internet Engineering Task
Force
local ISP
company
network
regional ISP
router workstation
server
mobile

9. 9 9
Internet: Three Components
 End systems (hosts):
millions of connected
computing devices
executing network
applications
 Routers: forwarding packets
(chunks of data)
 Communication links:
Connecting hosts and
routers
 fiber, copper, radio, satellite
 transmission rate =
bandwidth
local ISP
company
network
regional ISP
router
workstation
server
mobile

10. 10
10
Internet Service
 Communication infrastructure enables distributed
applications:
 Web, email, games, e-commerce, file sharing
 Communication services provided to applications:
 Connectionless unreliable
 connection-oriented reliable

11. 11
11
Internet structure: network of networks
 roughly hierarchical
 at center: “tier-1” ISPs (e.g., UUNet, BBN/Genuity, Sprint,
AT&T), national/international coverage
 treat each other as equals
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
Tier-1
providers
interconnect
(peer)
privately
NAP
Tier-1 providers
also interconnect
at public network
access points
(NAPs)

12. 12
12
Internet structure: network of networks
 “Tier-2” ISPs: smaller (often regional) ISPs
 Connect to one or more tier-1 ISPs, possibly other tier-2 ISPs
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISP
Tier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
Tier-2 ISP pays
tier-1 ISP for
connectivity to
rest of Internet
 tier-2 ISP is
customer of
tier-1 provider
Tier-2 ISPs
also peer
privately with
each other,
interconnect
at NAP

13. 13
13
Internet structure: network of networks
 “Tier-3” ISPs and local ISPs
 last hop (“access”) network (closest to end systems)
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISP
Tier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
local
ISP
local
ISP
local
ISP
local
ISP
local
ISP Tier 3
ISP
local
ISP
local
ISP
local
ISP
Local and
tier- 3 ISPs
are customers
of
higher tier
ISPs
connecting
them to rest
of Internet

14. 14
14
Internet structure: network of networks
 a packet passes through many networks!
Tier 1 ISP
Tier 1 ISP
Tier 1 ISP
NAP
Tier-2 ISP
Tier-2 ISP
Tier-2 ISP Tier-2 ISP
Tier-2 ISP
local
ISP
local
ISP
local
ISP
local
ISP
local
ISP Tier 3
ISP
local
ISP
local
ISP
local
ISP

15. “Real” Internet delays and routes
 What do “real” Internet delay & loss look like?
 Traceroute program: provides delay measurement
from source to router along end-end Internet path
towards destination. For all i:
 sends three packets that will reach router i on path towards
destination
 router i will return packets to sender
 sender times interval between transmission and reply.
3 probes
3 probes
3 probes

16. “Real” Internet delays and routes
1 cs-gw (128.119.240.254) 1 ms 1 ms 2 ms
2 border1-rt-fa5-1-0.gw.umass.edu (128.119.3.145) 1 ms 1 ms 2 ms
3 cht-vbns.gw.umass.edu (128.119.3.130) 6 ms 5 ms 5 ms
4 jn1-at1-0-0-19.wor.vbns.net (204.147.132.129) 16 ms 11 ms 13 ms
5 jn1-so7-0-0-0.wae.vbns.net (204.147.136.136) 21 ms 18 ms 18 ms
6 abilene-vbns.abilene.ucaid.edu (198.32.11.9) 22 ms 18 ms 22 ms
7 nycm-wash.abilene.ucaid.edu (198.32.8.46) 22 ms 22 ms 22 ms
8 62.40.103.253 (62.40.103.253) 104 ms 109 ms 106 ms
9 de2-1.de1.de.geant.net (62.40.96.129) 109 ms 102 ms 104 ms
10 de.fr1.fr.geant.net (62.40.96.50) 113 ms 121 ms 114 ms
11 renater-gw.fr1.fr.geant.net (62.40.103.54) 112 ms 114 ms 112 ms
12 nio-n2.cssi.renater.fr (193.51.206.13) 111 ms 114 ms 116 ms
13 nice.cssi.renater.fr (195.220.98.102) 123 ms 125 ms 124 ms
14 r3t2-nice.cssi.renater.fr (195.220.98.110) 126 ms 126 ms 124 ms
15 eurecom-valbonne.r3t2.ft.net (193.48.50.54) 135 ms 128 ms 133 ms
16 194.214.211.25 (194.214.211.25) 126 ms 128 ms 126 ms
17 * * *
18 * * *
19 fantasia.eurecom.fr (193.55.113.142) 132 ms 128 ms 136 ms
traceroute: gaia.cs.umass.edu to www.eurecom.fr
Three delay measurements from
gaia.cs.umass.edu to cs-
gw.cs.umass.edu
* means no response (probe lost, router not replying)
trans-oceanic
link
Under Windows is “tracert”

17. Traceroute from My Home Computer

19. Where a Router is Placed?
 There are many public websites provide
IP location service
 www.geobytes.com/iplocator.htm
 http://www.iplocation.net/
 Based on traceroute and IP locator, you
can know the complete routing path of a
connection
 Major reason why many networks block
traceroute traffic
19

20. Protocol
network protocols:
 all communication activity in Internet governed by
protocols
Protocols define format, order of
messages sent and received among network
entities, and actions taken on message
transmission, receipt

21. What’s a protocol?
a human protocol and a computer network protocol:
Hi
Hi
Got the
time?
2:00
TCP connection
request
TCP connection
response
Get http://www.awl.com/kurose-ross
<file>
time

22. 22
22
A closer look at network structure:
 network edge:
applications and
hosts
 network core:
 routers
 network of
networks
 Connection:
communication
links

23. The network edge:
 end systems (hosts):
 run application programs
 e.g. Web, email
 at “edge of network”
 client/server model
 client host requests, receives
service from always-on server
 e.g. Web browser/server; email
client/server
 peer-peer model:
 minimal (or no) use of
dedicated servers
 e.g. Gnutella, KaZaA

24. Network edge: connection-oriented
service
TCP [ Transmission Control Protocol ]
 reliable, in-order : byte-stream data transfer
 loss: acknowledgements and retransmissions
 flow control:
 sender won’t overwhelm receiver
 congestion control:
 senders “slow down sending rate” when network congested
Examples of applications using TCP:
 HTTP (Web), FTP (file transfer), SSH
(remote secure login), SMTP (email)

25. Network edge: connectionless service
 UDP [User Datagram Protocol]
 connectionless
 unreliable data transfer
 no flow control
 no congestion control
Examples of applications using UDP:
 streaming media, teleconferencing, DNS, Internet
telephony

26. The Network Core
 mesh of interconnected
routers
 data transfer methods
through net
 circuit switching:
dedicated circuit per
call: telephone net
 packet-switching:
data sent through
net in discrete
“chunks”

27. Circuit Switching
End-end resources
reserved for “call”
 call setup required
 link bandwidth, switch
capacity
 dedicated resources: no
sharing
 circuit-like (guaranteed)
performance

28. Packet-switched networks
 Move packets through routers from source to
destination
 datagram network:
 destination address in packet determines next hop
 routes may change during session
 virtual circuit network:
 each packet carries tag (virtual circuit ID), tag determines next
hop
 fixed path determined at call setup time, remains fixed thru call
 routers maintain per-call state

29. Internet protocol stack
 application: supporting network
applications
 FTP, SMTP, HTTP
 transport: host-host data transfer
 TCP, UDP
 network: routing of datagrams from
source to destination
 IP, routing protocols
 link: data transfer between neighboring
network elements
 PPP, Ethernet
 physical: bits “on the wire or wireless”
application
transport
network
link
physical

30. message
segment
datagram
frame
source
application
transport
network
link
physical
Ht
Hn
Hl M
Ht
Hn M
Ht M
M
destination
application
transport
network
link
physical
Ht
Hn
Hl M
Ht
Hn M
Ht M
M
network
link
physical
link
physical
Ht
Hn
Hl M
Ht
Hn M
Ht
Hn
Hl M
Ht
Hn M
Ht
Hn
Hl M Ht
Hn
Hl M
router
switch
Encapsulation

31. Message Flow
 transport segment from
sending to receiving host
 on sending side
encapsulates segments
into datagrams
 on receiving side, delivers
segments to transport
layer
 network layer protocols in
every host, router
 router examines header
fields in all IP datagrams
passing through it
application
transport
network
data link
physical
application
transport
network
data link
physical
network
data link
physical network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
network
data link
physical
31

32. TCP/IP
Introduction
32

33.  TCP  Transport Layer
 IP  Network Layer
 Networking security mainly deals
with these two services/protocols
33

34. Transport Layer
 TCP - connection-oriented service
 Provide reliable data transmission
 Used by most data-based, not time-sensitive
network applications
 Email, Web, file transfer….
 Require to set up TCP connection channel first
 UDP – connectionless service
 Unreliable data transmission
 Error packets will be discarded without
retransmission
 No additional delay for future incoming packets
 Used for time-sensitive, error-tolerant applications
 VOIP, video streaming, DNS….
34

35. Transport vs. network layer
 network layer: logical communication between hosts
 transport layer: logical communication between
processes
 relies on, enhances, network layer services
A
B
C
D
Sport:4625
Dport: 80
Sport:8050
Dport: 25

36. Addressing processes
 to receive messages, process must have identifier
 identifier includes both IP address and port numbers
associated with process on host.
 host device has unique 32-bit IP address
 IP address is for addressing a host/computer
 Example port numbers:
 HTTP server: 80
 Mail server: 25
 to send HTTP message to gaia.cs.umass.edu web
server:
 IP address: 128.119.245.12
 Port number: 80

37. TCP and UDP Port Numbers
 16 bits (0 – 65535)
 Internet Assigned Numbers Authority
(IANA) www.iana.org
 Well known ports (0 -1023)
 Example: HTTP – 80, SMTP – 25
 Registered ports (1024 – 49151)
 Example: HTTP alternate 8080 used for web
proxy and caching server
 Dynamic and/or private ports: (49152–
65535)

38.  Each TCP connection is identified by
4-tuple:
 source IP address
 source port number
 dest IP address
 dest port number
 These four values are widely used in
network filtering and intrusion
detection
38

39. UDP Packet Header
 UDP packet
header is 8
bytes long
 Port number is
16 bits long
 Checksum for
verifying packet
error
39
source port # dest port #
32 bits
Application
data
(message)
UDP segment format
length checksum
Length, in
bytes of UDP
segment,
including
header

40. UDP Transmission Process
40
Host A
time
Host B
X
 No acknowledgement
from recipient
 Sending rate is
controlled by sender
(bounded by sender’s
bandwidth)

41. TCP Transmission Process (simplified
without considering piplining)
41
Need sequence # and acknowledge # to
distinguish each packet

42. TCP segment structure
(Header is 20 bytes normally)
source port # dest port #
32 bits
application
data
(variable length)
sequence number
acknowledgement number
Receive window
Urg data pnter
checksum
F
S
R
P
A
U
head
len
not
used
Options (variable length)
URG: urgent data
(generally not used)
ACK: ACK #
valid
PSH: push data now
RST, SYN, FIN:
connection estab
(setup, teardown
commands)
# bytes
rcvr willing
to accept
counting
by bytes
of data
(not segments!)
Internet
checksum
(as in UDP)

43. TCP seq. #’s and ACKs
Seq. #’s:
 byte stream “number” of first byte in segment’s data
ACKs:
 seq # of next byte expected from other side
 Cumulative ack ack to receive all bytes until the
specified #
Q: how receiver handles out-of-order segments?
 TCP spec doesn’t say
 Practical approach: save in buffer
Q: How TCP implement duplex communication?
 Seq. # for sending data, Ack# for receiving data

44. An example of TCP Duplex Communication
Host A Host B
User
host ACKs
receipt, send
back use
password
host ACKs
receipt, echoes
back ‘pass’
time
simple telnet scenario
42
79
Sequence number is
based on bytes, not packets!

45. ACK Only in Duplex Communication ?
45
host ACKs
receipt, send
back use
password
time
ACK only packet, seq# is the first byte
to be transmitted in the future
(the packet has no data section)

46. TCP: retransmission scenarios
Host A
time
premature timeout
Host B
Seq=92
timeout
Host A
loss
timeout
lost ACK scenario
Host B
X
time
Seq=92
timeout
SendBase
= 100
SendBase
= 120
SendBase
= 120
Sendbase
= 100

47. TCP retransmission scenarios
(more)
Host A
loss
timeout
Cumulative ACK scenario
Host B
X
time
SendBase
= 120
Host A
time
premature timeout
Host B
Seq=92
timeout
Seq=92
timeout
SendBase
= 120
SendBase
= 120
Sendbase
= 100

48. TCP Connection Setup ---
Three-Way Handshaking
Step 1: client host sends TCP SYN
segment to server
 specifies initial seq #
 no data
Step 2: server host receives SYN,
replies with SYN/ACK segment
 server allocates buffers
 specifies server initial seq. #
Step 3: client receives SYN/ACK,
replies with ACK segment, which
may contain data
client server

49. TCP Connection Setup
 Most firewalls, packet capturing software,
and intrusion detection software use TCP
connection setup packets to determine
how to deal with the new connection
 Very important to understand the three-way
handshake
49

50. TCP Connection Management (cont.)
Closing a connection:
close();
Step 1: client end system
sends TCP/FIN control
segment to server
Step 2: server receives FIN,
replies with ACK. Closes
connection, sends FIN.
client server
close
close
closed
timed
wait

51. TCP Connection Management (cont.)
Step 3: client receives FIN,
replies with ACK.
 Enters “timed wait” - will
respond with ACK to
received FINs
Step 4: server, receives ACK.
Connection closed.
client server
closing
closing
closed
timed
wait closed
Some applications simply
send RST to terminate TCP
connections immediately