Компјутерски Мрежи NAT & ICMP

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Компјутерски Мрежи NAT & ICMP"

Transcription

1 Компјутерски Мрежи NAT & ICMP Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc

2 Internet AS Hierarchy Inter-AS border (exterior gateway) routers Intra-AS interior (gateway) routers 2

3 Private Network Private IP network is an IP network that is not directly connected to the Internet IP addresses in a private network can be assigned arbitrarily. Not registered and not guaranteed to be globally unique Generally, private networks use addresses from the following experimental address ranges (non-routable addresses):

4 Private Addresses H1 H2 H3 H Private network Private network 1 R1 Internet R H5 4

5 NATs Network address translation = local, LAN-specific address space translated to small number of globally routable IP addresses Motivation: scarce address space cost: about $9k/year for up to 262,000 addresses prevent home broadband users from running servers at home security: prevent unsolicited inbound requests avoid renumbering if provider changes most small/mid-sized LANs inherit address space from ISP 5

6 Prevalence of NATs Claim: 50% of broadband users are behind NATs All Linksys/D-Link/Netgear home routers are NATs Measurement: for Quake III users, about 17-25% using NAT (May/June 2001) 6

7 NAT types All use net-10/8 (10.*.*.*) or /16 (172.16/12 also available) Address translation Address-and-port translation (NAPT) most common form today, still called NAT one external (global) IP address 7

8 Network Address Translation: Motivation A local network uses just one public IP address as far as outside world is concerned Each device on the local network is assigned a private IP address rest of Internet local network (e.g., home network) / All datagrams leaving local network have same single source NAT IP address: , different source port numbers 8 Datagrams with source or destination in this network have /24 address for source, destination (as usual)

9 Network Address Translation (NAT) NAT is a router function where IP addresses (and possibly port numbers) of IP datagrams are replaced at the boundary of a private network NAT is a method that enables hosts on private networks to communicate with hosts on the Internet NAT is run on routers that connect private networks to the public Internet, to replace the IP address-port pair of an IP packet with another IP address-port pair. 9

10 Network Address Translation: Advantages No need to be allocated range of addresses from ISP: - just one public IP address is used for all devices need a small number of IP addresses can change ISP without changing addresses of devices in local network can change addresses of devices in local network without notifying outside world Devices inside local net not explicitly addressable, visible by outside world (a security plus) 10

11 NAT: Network Address Translation Implementation: NAT router must: outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)... remote clients/servers will respond using (NAT IP address, new port #) as destination addr. remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table 11

12 NAT: Network Address Translation 2: NAT router changes datagram source addr from , 3345 to , 5001, updates table 12 2 NAT translation table WAN side addr LAN side addr , , 3345 S: , 5001 D: , S: , 80 D: , : Reply arrives dest. address: , S: , 3345 D: , 80 1 S: , 80 D: , : host sends datagram to , 80 4: NAT router changes datagram dest addr from , 5001 to , 3345 Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc

13 NAT: Network Address Translation 16-bit port-number field: 60,000 simultaneous connections with a single LAN-side address! NAT is controversial: routers should process up to only layer 3 violates end-to-end argument NAT possibility must be taken into account by app designers, e.g., P2P applications address shortage should instead be solved by having more addresses --- IPv6! 13

14 IPv4 vs. IPv6 ver head. len 16-bit identifier time to live type of service protocol flgs total length fragment offset Internet checksum 32 bit source IP address 32 bit destination IP address Options (if any) data (variable length, typically a TCP or UDP segment) 14

15 Translation Modes Dynamic Translation (IP Masquerading) large number of internal users share a single external address Static Translation a block external addresses are translated to a same size block of internal addresses Load Balancing Translation a single incoming IP address is distributed across a number of internal servers Network Redundancy Translation multiple internet connections are attached to a NAT Firewall that it chooses and uses based on bandwidth, congestion and availability. 15

16 Dynamic Translation (IP Masquerading ) Also called Network Address and Port Translation (NAPT) Individual hosts inside the Firewall are identified based on each connection flowing through the firewall. Since a connection doesn t exist until an internal host requests a connection through the firewall to an external host, and most Firewalls only open ports only for the addressed host only that host can route back into the internal network IP Source routing could route back in; but, most Firewalls block incoming source routed packets NAT only prevents external hosts from making connections to internal hosts. Some protocols won t work; protocols that rely on separate connections back into the local network Theoretical max of 2 16 connections, actual is much less 16

17 IP masquerading 17

18 Static Translation Map a range of external address to the same size block of internal addresses Firewall just does a simple translation of each address Port forwarding - map a specific port to come through the Firewall rather than all ports; useful to expose a specific service on the internal network to the public network 18

19 Load Balancing A firewall that will dynamically map a request to a pool of identical clone machines often done for really busy web sites each clone must have a way to notify the Firewall of its current load so the Firewall can choose a target machine or the firewall just uses a dispatching algorithm like round robin Only works for stateless protocols (like HTTP) 19

20 Load balancing of servers 20

21 Network Redundancy Can be used to provide automatic fail-over of servers or load balancing Firewall is connected to multiple ISP with a masquerade for each ISP and chooses which ISP to use based on client load kind of like reverse load balancing a dead ISP will be treated as a fully loaded one and the client will be routed through another ISP 21

22 Problems with NAT NAT causes problems with: protocols that require a separate back-channel protocols that encrypt TCP headers embed TCP address info specifically use original IP for some security reason 22

23 Services that NAT has problems with H.323, CUSeeMe, VDO Live video teleconferencing applications Xing Requires a back channel Rshell used to execute command on remote Unix machine back channel IRC Internet Relay Chat requires a back channel PPTP Peer-to-Peer Tunneling Protocol SQLNet2 Oracle Database Networking Services FTP Must be RFC-1631 compliant to work ICMP sometimes embeds the packed address info in the ICMP message IPSec used for many VPNs IKE Internet Key Exchange Protocol ESP IP Encapsulating Security Payload 23

24 Hacking through NAT Static Translation offers no protection of internal hosts Internal Host Seduction internals go to the hacker attachments Trojan Horse virus peer-to-peer connections hacker run porn and gambling sites solution = application level proxies State Table Timeout Problem hacker could hijack a stale connection before it is timed out very low probability but smart hacker could do it Source Routing through NAT if the hacker knows an internal address they can source route a packet to that host solution is to not allow source routed packets through the firewall 24

25 Concerns about NAT Performance: Modifying the IP header by changing the IP address requires that NAT boxes recalculate the IP header checksum Modifying port number requires that NAT boxes recalculate TCP checksum Fragmentation Care must be taken that a datagram that is fragmented before it reaches the NAT device, is not assigned a different IP address or different port numbers for each of the fragments. 25

26 Concerns about NAT End-to-end connectivity: NAT destroys universal end-to-end reachability of hosts on the Internet. A host in the public Internet often cannot initiate communication to a host in a private network. The problem is worse, when two hosts that are in two different private networks need to communicate with each other. 26

27 Concerns about NAT IP address in application data: Applications that carry IP addresses in the payload of the application data generally do not work across a private-public network boundary. Some NAT devices inspect the payload of widely used application layer protocols and, if an IP address is detected in the application-layer header or the application payload, translate the address according to the address translation table. 27

28 NAT and FTP Normal FTP operation 28

29 NAT and FTP NAT device with FTP support 29

30 NAT and FTP FTP in passive mode and NAT. 30

31 Dealing with dual NATs 31

32 ICMP Internet Control Message Protocol Handles special Internet control functions Responsibilities: Reporting unreachable destinations Reporting IP packet header problems Reporting routing problems Reporting echoes (pings) 32

33 ICMP Protocol for error detection and reporting tightly coupled with IP, unreliable ICMP messages delivered in IP packets ICMP functions: Announce network errors Announce network congestion Assist troubleshooting Announce timeouts 33

34 ICMP MSG IP header Source, Destination Address, TTL,... Message type examples: ICMP MSG Message type, Code, Checksum, Data 0 (8) echo request (reply) 3 destination unreachable 4 source quench 11 time exceeded 34 Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc.

35 35 Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc.

36 Specific uses of ICMP Echo request/reply Can be used to check if a host is alive Address mask request/reply Learn the subnet mask Destination unreachable Invalid address and/or port Source quench choke packet TTL expired Routing loops, or too far away 36

37 Ping Uses ICMP echo request/reply Source sends ICMP echo request message to the destination address Echo request packet contains sequence number and timestamp Destination replies with an ICMP echo reply message containing the data in the original echo request message Source can calculate round trip time (RTT) of packets If no echo reply comes back then the destination is unreachable 37

38 Ping (cont d) A R1 R2 R3 B Echo request Time Echo reply 38 Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc.

39 Traceroute Traceroute records the route that packets take A clever use of the TTL field When a router receives a packet, it decrements TTL If TTL=0, it sends an ICMP time exceeded message back to the sender To determine the route, progressively increase TTL Every time an ICMP time exceeded message is received, record the sender s (router s) address Repeat until the destination host is reached or an error message occurs 39

40 Traceroute (cont d) A TTL=1, Dest = B, port = invalid R1 R2 R3 Te = Time exceeded Pu = Port unreachable B Te (R1) TTL=2, Dest = B Time TTL=3, Dest = B Te (R2) Te (R3) TTL=4, Dest = B Pu (B) 40 Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc.

IP addressing and forwarding Network layer

IP addressing and forwarding Network layer The Internet Network layer Host, router network layer functions: IP addressing and forwarding Network layer Routing protocols path selection RIP, OSPF, BGP Transport layer: TCP, UDP forwarding table IP

More information

Network Address Translation (NAT)

Network Address Translation (NAT) Network Address Translation (NAT) Relates to Lab 7. Module about private networks and NAT. Taken from http://www.cs.virginia.edu/~itlab/ book/slides/module17-nat.ppt 1 Private Network Private IP network

More information

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

CS 457 Lecture 19 Global Internet - BGP. Fall 2011 CS 457 Lecture 19 Global Internet - BGP Fall 2011 Decision Process Calculate degree of preference for each route in Adj-RIB-In as follows (apply following steps until one route is left): select route with

More information

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus Router Architecture Overview Two key router functions: run routing algorithms/protocol (RIP, OSPF, BGP) forwarding grams from incoming to outgoing link Input Port Functions Physical layer: bit-level reception

More information

Network layer: Overview. Network layer functions IP Routing and forwarding

Network layer: Overview. Network layer functions IP Routing and forwarding Network layer: Overview Network layer functions IP Routing and forwarding 1 Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every host, router application

More information

IP addressing. Interface: Connection between host, router and physical link. IP address: 32-bit identifier for host, router interface

IP addressing. Interface: Connection between host, router and physical link. IP address: 32-bit identifier for host, router interface IP addressing IP address: 32-bit identifier for host, router interface Interface: Connection between host, router and physical link routers typically have multiple interfaces host may have multiple interfaces

More information

Network Address Translation (NAT)

Network Address Translation (NAT) Network Translation () Relates to Lab 7. Module about private networks and. 1 Network IP network is an IP network that is not directly connected to the Internet IP addresses in a private network can be

More information

Network Layer. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross

Network Layer. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross Network Layer Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross IP addresses: how to get one? Q: how does network get subnet part of IP addr? A: gets allocated

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Network layer" 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! goals: "

Network layer 1DT066! Distributed Information Systems!! Chapter 4 Network Layer!! goals: 1DT066! Distributed Information Systems!! Chapter 4" Network Layer!! Network layer" goals: "! understand principles behind layer services:" " layer service models" " forwarding versus routing" " how a

More information

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes Dynamic Host Configuration Protocol (DHCP) 1 1 Dynamic Assignment of IP addresses Dynamic assignment of IP addresses is desirable for several reasons: IP addresses are assigned on-demand Avoid manual IP

More information

Savera Tanwir. Internet Protocol

Savera Tanwir. Internet Protocol Savera Tanwir Internet Protocol The IP Protocol The IPv4 (Internet Protocol) header. IP Packet Details Header and payload Header itself has a fixed part and variable part Version IPv4, IPv5 or IPv6 IHL,

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) Relates to Lab 2: A short module on the Internet Control Message Protocol (ICMP). 1 Overview The IP (Internet Protocol) relies on several other protocols to perform

More information

21.4 Network Address Translation (NAT) 21.4.1 NAT concept

21.4 Network Address Translation (NAT) 21.4.1 NAT concept 21.4 Network Address Translation (NAT) This section explains Network Address Translation (NAT). NAT is also known as IP masquerading. It provides a mapping between internal IP addresses and officially

More information

VLAN und MPLS, Firewall und NAT,

VLAN und MPLS, Firewall und NAT, Internet-Technologien (CS262) VLAN und MPLS, Firewall und NAT, 15.4.2015 Christian Tschudin Departement Mathematik und Informatik, Universität Basel 6-1 Wiederholung Unterschied CSMA/CD und CSMA/CA? Was

More information

IPv4 Addresses. Network Layer. Types of IPv4 Addresses. IPv4 Address Classes (old) q 32 bits long q Identifier for host, router interface q Notation:

IPv4 Addresses. Network Layer. Types of IPv4 Addresses. IPv4 Address Classes (old) q 32 bits long q Identifier for host, router interface q Notation: IPv4 Addresses Network Layer q 32 bits long q Identifier for host, router interface q Notation: v Each byte is written in decimal in MSB order, separated by dots v Example: 128.195.1.80 2 Types of IPv4

More information

Proxy Server, Network Address Translator, Firewall. Proxy Server

Proxy Server, Network Address Translator, Firewall. Proxy Server Proxy Server, Network Address Translator, Firewall 1 Proxy Server 2 1 Introduction What is a proxy server? Acts on behalf of other clients, and presents requests from other clients to a server. Acts as

More information

ICMP Protocol and Its Security

ICMP Protocol and Its Security Lecture Notes (Syracuse University) ICMP Protocol and Its Security: 1 ICMP Protocol and Its Security 1 ICMP Protocol (Internet Control Message Protocol Motivation Purpose IP may fail to deliver datagrams

More information

Proxy Server, Network Address Translator, Firewall

Proxy Server, Network Address Translator, Firewall For Summer Training on Computer Networking visit Proxy Server, Network Address Translator, Firewall Prepared by : Swapan Purkait Director Nettech Private Limited swapan@nettech.in + 91 93315 90003 Proxy

More information

Subnetting,Supernetting, VLSM & CIDR

Subnetting,Supernetting, VLSM & CIDR Subnetting,Supernetting, VLSM & CIDR WHAT - IP Address Unique 32 or 128 bit Binary, used to identify a system on a Network or Internet. Network Portion Host Portion CLASSFULL ADDRESSING IP address space

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Internet Ideal: Simple Network Model

Internet Ideal: Simple Network Model Middleboxes Reading: Ch. 8.4 Internet Ideal: Simple Network Model Globally unique identifiers Each node has a unique, fixed IP address reachable from everyone and everywhere Simple packet forwarding Network

More information

Middleboxes. Firewalls. Internet Ideal: Simple Network Model. Internet Reality. Middleboxes. Firewalls. Globally unique idenpfiers

Middleboxes. Firewalls. Internet Ideal: Simple Network Model. Internet Reality. Middleboxes. Firewalls. Globally unique idenpfiers Ideal: Simple Network Model Middleboxes Jennifer Rexford COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101 hgp://www.cs.princeton.edu/courses/archive/spr12/cos461/ Globally unique

More information

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur Module 6 Internetworking Lesson 2 Internet Protocol (IP) Specific Instructional Objectives At the end of this lesson, the students will be able to: Explain the relationship between TCP/IP and OSI model

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

Internet Protocols Fall Lectures 7-8 Network Layer Andreas Terzis

Internet Protocols Fall Lectures 7-8 Network Layer Andreas Terzis Internet Protocols Fall 2006 Lectures 7-8 Network Layer Andreas Terzis Outline Internet Protocol Service Model Addressing Original addressing scheme Subnetting CIDR Forwarding Router Designs Fragmentation

More information

2. IP Networks, IP Hosts and IP Ports

2. IP Networks, IP Hosts and IP Ports 1. Introduction to IP... 1 2. IP Networks, IP Hosts and IP Ports... 1 3. IP Packet Structure... 2 4. IP Address Structure... 2 Network Portion... 2 Host Portion... 3 Global vs. Private IP Addresses...3

More information

IP - The Internet Protocol

IP - The Internet Protocol Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Lecture Computer Networks

Lecture Computer Networks Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks

More information

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery

More information

Virtual Private Networks

Virtual Private Networks Virtual Private Networks Jonathan Reed jdreed@mit.edu MIT IS&T VPN Release Team Overview Basic Networking Terms General Concepts How the VPN works Why it s useful What to watch out for Q&A Networking 101

More information

About Firewall Protection

About Firewall Protection 1. This guide describes how to configure basic firewall rules in the UTM to protect your network. The firewall then can provide secure, encrypted communications between your local network and a remote

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols Auxiliary Protocols IP serves only for sending packets with well-known addresses. Some questions however remain open, which are handled by auxiliary protocols: Address Resolution Protocol (ARP) Reverse

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 http://technet.microsoft.com/en-us/library/cc757501(ws.10).aspx Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003 Updated: October 7, 2005 Applies To: Windows Server 2003 with

More information

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering

Internet Firewall CSIS 3230. Internet Firewall. Spring 2012 CSIS 4222. net13 1. Firewalls. Stateless Packet Filtering Internet Firewall CSIS 3230 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 8.8: Packet filtering, firewalls, intrusion detection Ch

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Classful IP Addressing. Classless Addressing: CIDR. Routing & Forwarding: Logical View of a Router. IP Addressing: Basics

Classful IP Addressing. Classless Addressing: CIDR. Routing & Forwarding: Logical View of a Router. IP Addressing: Basics Switching and Forwarding Switching and Forwarding Generic Router rchitecture Forwarding Tables: ridges/layer Switches; VLN Routers and Layer 3 Switches Forwarding in Layer 3 (Network Layer) Network Layer

More information

Internet Protocol. Raj Jain. Washington University in St. Louis.

Internet Protocol. Raj Jain. Washington University in St. Louis. Internet Protocol Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 13-1 Overview! Internetworking

More information

Chapter 12 Supporting Network Address Translation (NAT)

Chapter 12 Supporting Network Address Translation (NAT) [Previous] [Next] Chapter 12 Supporting Network Address Translation (NAT) About This Chapter Network address translation (NAT) is a protocol that allows a network with private addresses to access information

More information

Troubleshooting Tools

Troubleshooting Tools Troubleshooting Tools An overview of the main tools for verifying network operation from a host Fulvio Risso Mario Baldi Politecnico di Torino (Technical University of Turin) see page 2 Notes n The commands/programs

More information

Solution to Wireshark Lab: IP

Solution to Wireshark Lab: IP Solution to Wireshark Lab: IP Fig. 1 ICMP Echo Request message IP information 1. What is the IP address of your computer? The IP address of my computer is 192.168.1.46 2. Within the IP packet header, what

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

Unix System Administration

Unix System Administration Unix System Administration Chris Schenk Lecture 08 Tuesday Feb 13 CSCI 4113, Spring 2007 ARP Review Host A 128.138.202.50 00:0B:DB:A6:76:18 Host B 128.138.202.53 00:11:43:70:45:81 Switch Host C 128.138.202.71

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

High Performance VPN Solutions Over Satellite Networks

High Performance VPN Solutions Over Satellite Networks High Performance VPN Solutions Over Satellite Networks Enhanced Packet Handling Both Accelerates And Encrypts High-Delay Satellite Circuits Characteristics of Satellite Networks? Satellite Networks have

More information

04 Internet Protocol (IP)

04 Internet Protocol (IP) SE 4C03 Winter 2007 04 Internet Protocol (IP) William M. Farmer Department of Computing and Software McMaster University 29 January 2007 Internet Protocol (IP) IP provides a connectionless packet delivery

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

IP Address Classes (Some are Obsolete) 15-441 Computer Networking. Important Concepts. Subnetting 15-441 15-641. Lecture 8 IP Addressing & Packets

IP Address Classes (Some are Obsolete) 15-441 Computer Networking. Important Concepts. Subnetting 15-441 15-641. Lecture 8 IP Addressing & Packets Address Classes (Some are Obsolete) 15-441 15-441 Computer Networking 15-641 Class A 0 Network ID Network ID 8 16 Host ID Host ID 24 32 Lecture 8 Addressing & Packets Peter Steenkiste Fall 2013 www.cs.cmu.edu/~prs/15-441-f13

More information

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing 9025- TCP/IP Networking History and Standards ARPA NCP TCP, IP, ARPANET PARC Collaborative Network Requirements One Protocol? Peer-to-Peer Protocols Documentation and RFCs RFC Categories Where to Find

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Firewall 1 Basic firewall concept Roadmap Filtering firewall Proxy firewall Network Address Translation

More information

CIT 480: Securing Computer Systems. TCP/IP Security

CIT 480: Securing Computer Systems. TCP/IP Security CIT 480: Securing Computer Systems TCP/IP Security Topics 1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP

More information

CHAPTER 2 BACKGROUND OF INTERNET PROTOCOL

CHAPTER 2 BACKGROUND OF INTERNET PROTOCOL CHAPTER 2 BACKGROUND OF INTERNET PROTOCOL This chapter presents the background and the using of Internet Protocol version 4 (IPv4). The IPv4 addresses have some problems and limitations. Several solutions

More information

Chapter 4 Firewall Protection and Content Filtering

Chapter 4 Firewall Protection and Content Filtering Chapter 4 Firewall Protection and Content Filtering This chapter describes how to use the content filtering features of the ProSafe Dual WAN Gigabit Firewall with SSL & IPsec VPN to protect your network.

More information

Transport Layer: UDP vs. TCP

Transport Layer: UDP vs. TCP EEC 189Q: Computer Networks Transport Layer: UDP vs. TCP Reading: 8.4 & 8.5 Review: Internet Protocol Stack Application Telnet FTP HTTP Transport Network Link Physical bits on wire TCP LAN IP UDP Packet

More information

Firewalls and Intrusion Detection Systems. Advanced Computer Networks

Firewalls and Intrusion Detection Systems. Advanced Computer Networks Firewalls and Intrusion Detection Systems Advanced Computer Networks Firewalls & IDS Outline Firewalls Stateless packet filtering Stateful packet filtering Access Control Lists Application Gateways Intrusion

More information

NAT and Firewall Traversal with STUN / TURN / ICE

NAT and Firewall Traversal with STUN / TURN / ICE NAT and Firewall Traversal with STUN / TURN / ICE Simon Perreault Viagénie {mailto sip}:simon.perreault@viagenie.ca http://www.viagenie.ca Credentials Consultant in IP networking and VoIP at Viagénie.

More information

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering

Internet Firewall CSIS 4222. Packet Filtering. Internet Firewall. Examples. Spring 2011 CSIS 4222. net15 1. Routers can implement packet filtering Internet Firewall CSIS 4222 A combination of hardware and software that isolates an organization s internal network from the Internet at large Ch 27: Internet Routing Ch 30: Packet filtering & firewalls

More information

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS FIREWALLS Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others FIREWALLS: WHY Prevent denial of service attacks: SYN flooding: attacker

More information

The IP and Related Protocols

The IP and Related Protocols Internet Protocol Essentially, IP defines: The basic unit of data transfer, Internet datagram Packets forwarded using destination host address Packets between same source and destination pair may take

More information

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.

Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch. Network Address Translation (NAT) Adapted from Tannenbaum s Computer Network Ch.5.6; computer.howstuffworks.com/nat1.htm; Comer s TCP/IP vol.1 Ch.20 Long term and short term solutions to Internet scalability

More information

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions Find your network example: 1. Basic network with and 2 WAN lines - click here 2. Add a web server to the LAN - click here 3. Add a web,

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

Network Address Translation (NAT) Good Practice Guideline

Network Address Translation (NAT) Good Practice Guideline Programme NPFIT Document Record ID Key Sub-Prog / Project Infrastructure Security NPFIT-FNT-TO-IG-GPG-0011.06 Prog. Director Chris Wilber Status Approved Owner James Wood Version 2.0 Author Mike Farrell

More information

INTRODUCTION TO FIREWALL SECURITY

INTRODUCTION TO FIREWALL SECURITY INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ

More information

NETWORK LAYER/INTERNET PROTOCOLS

NETWORK LAYER/INTERNET PROTOCOLS CHAPTER 3 NETWORK LAYER/INTERNET PROTOCOLS You will learn about the following in this chapter: IP operation, fields and functions ICMP messages and meanings Fragmentation and reassembly of datagrams IP

More information

Networking Theory. Jeffrey Miller, Ph.D. CSCI 201L USC CSCI 201L

Networking Theory. Jeffrey Miller, Ph.D. CSCI 201L  USC CSCI 201L Networking Theory CSCI 201L Jeffrey Miller, Ph.D. HTTP://WWW-SCF.USC.EDU/~CSCI201 USC CSCI 201L Outline Networking Overview DNS IP Addressing Subnets DHCP Ports NAT Test Yourself USC CSCI 201L 2/24 Networking

More information

TCP/IP: ICMP, UDP. Network Security Lecture 5

TCP/IP: ICMP, UDP. Network Security Lecture 5 TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter

More information

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4)

Chapter 3. TCP/IP Networks. 3.1 Internet Protocol version 4 (IPv4) Chapter 3 TCP/IP Networks 3.1 Internet Protocol version 4 (IPv4) Internet Protocol version 4 is the fourth iteration of the Internet Protocol (IP) and it is the first version of the protocol to be widely

More information

Internet Protocols Fall 2005. Lectures 7-8 Andreas Terzis

Internet Protocols Fall 2005. Lectures 7-8 Andreas Terzis Internet Protocols Fall 2005 Lectures 7-8 Andreas Terzis Outline Internet Protocol Service Model Fragmentation Addressing Original addressing scheme Subnetting CIDR Forwarding ICMP ARP Address Shortage

More information

CS450 Introduc0on to Networking Lecture 27 ICMP, IPv6, and Rou0ng. Phu Phung March 18, 2015

CS450 Introduc0on to Networking Lecture 27 ICMP, IPv6, and Rou0ng. Phu Phung March 18, 2015 CS450 Introduc0on to Networking Lecture 27 ICMP,, and Rou0ng Phu Phung March 18, 2015 The Internet network layer host, router network layer func0ons: transport layer: TCP, UDP network layer routing protocols

More information

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31

IP address format: Dotted decimal notation: 10000000 00001011 00000011 00011111 128.11.3.31 IP address format: 7 24 Class A 0 Network ID Host ID 14 16 Class B 1 0 Network ID Host ID 21 8 Class C 1 1 0 Network ID Host ID 28 Class D 1 1 1 0 Multicast Address Dotted decimal notation: 10000000 00001011

More information

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration

ICS 351: Today's plan. IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration ICS 351: Today's plan IP addresses Network Address Translation Dynamic Host Configuration Protocol Small Office / Home Office configuration IP address exhaustion IPv4 addresses are 32 bits long so there

More information

Firewall Defaults and Some Basic Rules

Firewall Defaults and Some Basic Rules Firewall Defaults and Some Basic Rules ProSecure UTM Quick Start Guide This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSecure Unified

More information

NAT & IP Masquerade. Internet NETWORK ADDRESS TRANSLATION INTRODUCTION. NAT & IP Masquerade Page 1 of 5. Internal PC 192.168.0.25

NAT & IP Masquerade. Internet NETWORK ADDRESS TRANSLATION INTRODUCTION. NAT & IP Masquerade Page 1 of 5. Internal PC 192.168.0.25 NAT & IP Masquerade Page 1 of 5 INTRODUCTION Pre-requisites TCP/IP IP Address Space NAT & IP Masquerade Protocol version 4 uses a 32 bit IP address. In theory, a 32 bit address space should provide addresses

More information

Internet Infrastructure Measurement: Challenges and Tools

Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Internet Infrastructure Measurement: Challenges and Tools Outline Motivation Challenges Tools Conclusion Why Measure? Why Measure? Internet, with

More information

Netfilter / IPtables

Netfilter / IPtables Netfilter / IPtables Stateful packet filter firewalling with Linux Antony Stone Antony.Stone@Open.Source.IT Netfilter / IPtables Quick review of TCP/IP networking & firewalls Netfilter & IPtables components

More information

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address Firewall Defaults, Public Server Rule, and Secondary WAN IP Address This quick start guide provides the firewall defaults and explains how to configure some basic firewall rules for the ProSafe Wireless-N

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

TCP/IP Tutorial. Transmission Control Protocol Internet Protocol

TCP/IP Tutorial. Transmission Control Protocol Internet Protocol TCP/IP Tutorial Transmission Control Protocol Internet Protocol 1 TCP/IP & OSI In OSI reference model terminology -the TCP/IP protocol suite covers the network and transport layers. TCP/IP can be used

More information

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1

Scaling the Network: Subnetting and Other Protocols. Networking CS 3470, Section 1 Scaling the Network: Subnetting and Other Protocols Networking CS 3470, Section 1 Today CIDR Subnetting Private IP addresses ICMP, IMAP, and DHCP Protocols 2 Packet Encapsulation ** Creative Commons: http://en.wikipedia.org/wiki/file:udp_encapsulation.svg

More information

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14 Internet Protocols Supporting Protocols and Framing Updated: 9/30/14 Supporting Protocols ARP / RARP BOOTP ICMP DHCP NAT IP Supporting Protocols IP protocol only deals with the data transfer (best-effort)

More information

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF Network Layer IPv4 Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF IPv4 Internet Protocol (IP) is the glue that holds the Internet together.

More information

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) The diagram below illustrates four routers on the Internet backbone along with two companies that have gateways for their internal

More information

William Stallings Data and Computer Communications. Chapter 15 Internetwork Protocols

William Stallings Data and Computer Communications. Chapter 15 Internetwork Protocols William Stallings Data and Computer Communications Chapter 15 Internetwork Protocols Internetworking Terms (1) Communications Network Facility that provides data transfer service An internet Collection

More information

Chapter 4 Network Layer

Chapter 4 Network Layer Chapter 4 Network Layer A note on the use of these ppt slides: We re making these slides freely available to all (faculty, students, readers). They re in PowerPoint form so you can add, modify, and delete

More information

Basic Network Configuration

Basic Network Configuration Basic Network Configuration 2 Table of Contents Basic Network Configuration... 25 LAN (local area network) vs WAN (wide area network)... 25 Local Area Network... 25 Wide Area Network... 26 Accessing the

More information

Internet Packets. Forwarding Datagrams

Internet Packets. Forwarding Datagrams Internet Packets Packets at the network layer level are called datagrams They are encapsulated in frames for delivery across physical networks Frames are packets at the data link layer Datagrams are formed

More information

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Firewalls and VPNs. Principles of Information Security, 5th Edition 1 Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches

More information

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1 Smart Tips Enabling WAN Load Balancing Overview Many small businesses today use broadband links such as DSL or Cable, favoring them over the traditional link such as T1/E1 or leased lines because of the

More information

NAT (Network Address Translation)

NAT (Network Address Translation) NAT (Network Address Translation) Introduction NAT (Network Address Translation) is a method of mapping one or more IP addresses and/or IP service ports into different specified values. Two functions of

More information

Virtual Networks and Tunnels

Virtual Networks and Tunnels Virtual Networks and Tunnels Virtual private networks via internet Use leased lines Establish VCs on an ATM network Controlled connectivity Using IP IP Tunnels: No VC Concept of encapsulation router Example

More information

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Janno< Administrivia IP out today. Your job: Find partners and tell us Implement

More information

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0

APNIC elearning: IPSec Basics. Contact: training@apnic.net. esec03_v1.0 APNIC elearning: IPSec Basics Contact: training@apnic.net esec03_v1.0 Overview Virtual Private Networks What is IPsec? Benefits of IPsec Tunnel and Transport Mode IPsec Architecture Security Associations

More information

Lecture 9. Address Resolution Protocol (ARP)

Lecture 9. Address Resolution Protocol (ARP) Lecture 9. Direct Datagram Forwarding: Address Resolution Protocol (ARP) Problem statement Routing decision for packet X has two possible outcomes: You are arrived to the final network: go to host X You

More information

Chapter 8 Network Security

Chapter 8 Network Security [Computer networking, 5 th ed., Kurose] Chapter 8 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 84Securing 8.4 e-mail 8.5 Securing TCP connections: SSL 8.6 Network

More information

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas surligas@csd.uoc.gr

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas surligas@csd.uoc.gr Lab 2 CS-335a Fall 2012 Computer Science Department Manolis Surligas surligas@csd.uoc.gr 1 Summary At this lab we will cover: Basics of Transport Layer (TCP, UDP) Broadcast ARP DNS More Wireshark filters

More information

Chapter 8 Security Pt 2

Chapter 8 Security Pt 2 Chapter 8 Security Pt 2 IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross,

More information