TCP/IP: ICMP, UDP. Network Security Lecture 5

Size: px
Start display at page:

Download "TCP/IP: ICMP, UDP. Network Security Lecture 5"

Transcription

1 TCP/IP: ICMP, UDP Network Security Lecture 5

2 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security - Lecture 5 1

3 Internet Control Message Protocol Used to exchange control/error messages about the delivery of IP datagrams Encapsulated in IP datagrams Messages can be Requests Responses Error messages RFC 792 Eike Ritter Network Security - Lecture 5 2

4 ICMP message format Type Code Checksum Data Type: ICMP type Code: ICMP subtype Checksum: Error checking code -Computed on the ICMP header and data (with checksum field set to 0) Eike Ritter Network Security - Lecture 5 3

5 ICMP types Echo request/reply (type: 8, 0) Network connectivity (ping) Destination unreachable (type: 3) Inform host of the impossibility to deliver traffic to a specific destination Destination network, host, protocol, port unreachable Destination network, host unknown Fragmentation required and DF flag set Source route failed Source quench (type: 4) Congestion control Eike Ritter Network Security - Lecture 5 4

6 ICMP types cont d Time exceeded (type: 11) Report expired datagrams(ttl = 0) Redirect (type: 5) Inform hosts of better routes (gateways) Address mask request/reply (type: 17, 18) Used to obtain network mask at boot time Eike Ritter Network Security - Lecture 5 5

7 ICMP Echo request/reply Type = 0 or 8 Code = 0 Checksum Identifier Sequence number Optional data Eike Ritter Network Security - Lecture 5 6

8 ICMP echo request Eike Ritter Network Security - Lecture 5 7

9 ICMP encapsulation Eike Ritter Network Security - Lecture 5 8

10 ping $ ping PING ( ) 56(84) bytes of data. 64 bytes from : icmp_seq=1 ttl=52 time=8.16 ms 64 bytes from : icmp_seq=2 ttl=52 time=8.24 ms 64 bytes from : icmp_seq=3 ttl=52 time=8.02 ms 64 bytes from : icmp_seq=4 ttl=52 time=8.02 ms 64 bytes from : icmp_seq=5 ttl=52 time=8.16 ms 64 bytes from : icmp_seq=6 ttl=52 time=8.02 ms ping statistics packets transmitted, 6 received, 0% packet loss, time 25082ms rtt min/avg/max/mdev = 8.021/8.106/8.245/0.125 ms Eike Ritter Network Security - Lecture 5 9

11 ICMP echo-based attacks: scanning Attacker wants to know which hosts in a subnet are up and running Sends a ping message to all possible hosts in that subnet (pingsweep) Collects replies from hosts that are alive $ nmap -sp /24 Starting Nmap 5.00 ( ) at :48 PST Host is up (0.0024s latency). Host is up ( s latency). Host is up (0.0065s latency). Host is up ( s latency). Nmap done: 256 IP addresses (4 hosts up) scanned in 2.54 seconds Eike Ritter Network Security - Lecture 5 10

12 ICMP echo-based attacks: smurf Broadcast ping message Echo request directed to broadcast address of network All hosts on that subnet respond with echo reply Do you see a problem with this scenario? Consider IP spoofing Eike Ritter Network Security - Lecture 5 11

13 ICMP echo-based attacks: smurf From: To: Attacker: Victim: Eike Ritter Network Security - Lecture 5 12

14 ICMP echo-based attacks: smurf Defenses Ignore ICMP echo requests destined to the broadcast address Linux: $ sysctl net.ipv4.icmp_echo_ignore_broadcasts Eike Ritter Network Security - Lecture 5 13

15 Gateway: ICMP redirect (2) Datagram to Gateway: Destination Gateway (1) Datagram to (3) ICMP redirect message: use as gateway to communicate with 1.1.1/24 Host: (4) Destination Gateway Flags UG UGHD Eike Ritter Network Security - Lecture 5 14

16 ICMP redirect Type = 5 Code = 0, 1, 2, or 3 Checksum IP Address IP header + First 8 bytes of original datagram On receiving an ICMP redirect message, host checks that: The new gateway must be directly reachable (same subnet) The redirect must be from the current gateway for the destination The redirect cannot tell the host to act as the new gateway The route that is added must be indirect Eike Ritter Network Security - Lecture 5 15

17 ICMP redirect-based attacks ICMP redirect can be abused to re-route traffic to specific router or to a specific host Hijack traffic Denial-of-service attack How? The attacks works by sending a spoofed ICMP redirect message that appears to come from the host s default gateway Eike Ritter Network Security - Lecture 5 16

18 ICMP redirect attack Address Hwaddress Role :50:56:00:00:01 Gateway :50:56:00:00:02 Linux host :50:56:00:00:64 Windows host C:\windows\system32> route print -4 IPv4 Route Table ============================================================================ Active Routes: Network Destination Netmask Gateway Interface Metric On-link On-link On-link ============================================================================ # tcpdump n 00:50:56:00:00:02 > 00:50:56:00:00:64, IP > : ICMP redirect to host , length 68 Eike Ritter Network Security - Lecture 5 17

19 ICMP redirect attack cont d C:\Windows\system32> route print -4 IPv4 Route Table ============================================================================ Active Routes: Network Destination Netmask Gateway Interface Metric On-link On-link On-link ============================================================================ C:\Windows\system32> ping :50:56:00:00:64 > 00:50:56:00:00:02, IP > : ICMP echo request 00:50:56:00:00:64 > 00:50:56:00:00:02, IP > : ICMP echo request Eike Ritter Network Security - Lecture 5 18

20 ICMP destination unreachable Used by gateway to inform host that destination is unreachable Different subtypes Network unreachable Host unreachable Protocol unreachable Port unreachable Fragmentation needed and DF flag set Destination host unknown Destination network unknown Eike Ritter Network Security - Lecture 5 19

21 ICMP unreachable attack From To: Destination unreachable Gateway: Attacker: Victim: Eike Ritter Network Security - Lecture 5 20

22 ICMP time exceeded Type = 11 Code = 0 or 1 Checksum Unused IP header + First 8 bytes of original datagram Sent when TTL becomes 0 (code: 0) The reassembling of a fragment times out (code: 1) Eike Ritter Network Security - Lecture 5 21

23 traceroute Use ICMP time exceeded messages to determine the path used to deliver a datagram A series of IP datagramsare sent to the destination Each datagram has an increasing TTL field value (start value: 1) Router decrements TTL; if it is 0, sends back a ICMP unreachable message Useful for network analysis and debugging Eike Ritter Network Security - Lecture 5 22

24 traceroute cont d $ traceroute traceroute to ( ), 30 hops max, 40 byte pkts 1 rita-rw ( ) ms ms ms 2 bes ( ) ms ms ms 3 hscn-gw ( ) ms ms ms 4 cs-ac00b7e1-2.bham.ac.uk ( ) ms ms ms 5 cs-lb00b1e5-8b2e5-8.bham.ac.uk ( ) ms ms ms 6 fw-sr00.bham.ac.uk ( ) ms ms ms ( ) ms ms ms ( ) ms ms ms 9 so warr-sbr1.ja.net ( ) ms ms ms 10 so read-sbr1.ja.net ( ) ms ms ms 11 as0.lond-sbr3.ja.net ( ) ms ms ms 12 po1.lond-ban3.ja.net ( ) ms ms ms 13 google.lond-ban3.ja.net ( ) ms ms ms ( ) ms ms ( ) ms ( ) ms ms ( ) ms 16 lhr14s02-in-f104.1e100.net ( ) ms ms ms Eike Ritter Network Security - Lecture 5 23

25 UDP Based on IP Provides a connectionless, unreliable, best-effortdatagram delivery service delivery, integrity, non-duplication, ordering, and bandwidth are not guaranteed Introduces the abstraction of ports Allows one to address different message destinations for the same IP address Commonly used for Multimedia Services based on request/reply schema (e.g., DNS, NFS, RPC) RFC 768 Eike Ritter Network Security - Lecture 5 24

26 UDP message format UDP source port UDP message length UDP dest port Checksum Data Eike Ritter Network Security - Lecture 5 25

27 UDP message Eike Ritter Network Security - Lecture 5 26

28 UDP encapsulation UDP header UDP data IP header IP data Frame header Frame data Eike Ritter Network Security - Lecture 5 27

29 UDP encapsulation Eike Ritter Network Security - Lecture 5 28

30 UDP spoofing Essentially, it is IP spoofing UDP request Spoofed UDP reply UDP reply Client: Attacker: Server: Eike Ritter Network Security - Lecture 5 29

31 UDP hijacking Variation of UDP spoofing attack UDP reply to spoofed request Trusted client: Attacker: Server: Eike Ritter Network Security - Lecture 5 30

32 UDP spoofing Vulnerable protocols DNS RPC NFS NIS Eike Ritter Network Security - Lecture 5 31

33 UDP portscan Used to determine which UDP services are available A zero-length UDP packet is sent to each port If an ICMP error message port unreachable is received the service is assumed to be unavailable Note that the sending rate of ICMP messages can be limited (depending on the OS): the scan can be slow Linux: $ sysctl net.ipv4.icmp_ratelimit (number of jiffies to wait before sending another message) Eike Ritter Network Security - Lecture 5 32

34 UDP portscan $ sudo nmap -su Starting Nmap 5.00 ( ) at :17 PST Interesting ports on : Not shown: 997 closed ports PORT STATE SERVICE 111/udp open filtered rpcbind 137/udp open filtered netbios-ns 2049/udp open filtered nfs MAC Address: 00:0C:29:27:25:40 (VMware) Nmap done: 1 IP address (1 host up) scanned in seconds Eike Ritter Network Security - Lecture 5 33

35 UDP portscan $ sudo tcpdump -n host > : UDP, length > : ICMP udp port 1433 unreachable, length > : UDP, length > : ICMP udp port unreachable, length > : UDP, length > : UDP, length > : ICMP udp port unreachable, length > : UDP, length > : ICMP udp port unreachable, length > : UDP, length > : ICMP udp port 1033 unreachable, length > : UDP, length > : ICMP udp port unreachable, length 36 Eike Ritter Network Security - Lecture 5 34

36 NEXT ON Eike Ritter Network Security - Lecture 5 35

37 Take away points ICMP has good functionalities to debug and control network. Some of them can be abused by attackers ICMP scanning (pingsweep) ICMP smurf attack ICMP redirection UDP Format Portscan nmap Eike Ritter Network Security - Lecture 5 36

38 Next time TCP Eike Ritter Network Security - Lecture 5 37

ICMP Protocol and Its Security

ICMP Protocol and Its Security Lecture Notes (Syracuse University) ICMP Protocol and Its Security: 1 ICMP Protocol and Its Security 1 ICMP Protocol (Internet Control Message Protocol Motivation Purpose IP may fail to deliver datagrams

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) Relates to Lab 2: A short module on the Internet Control Message Protocol (ICMP). 1 Overview The IP (Internet Protocol) relies on several other protocols to perform

More information

Troubleshooting Tools

Troubleshooting Tools Troubleshooting Tools An overview of the main tools for verifying network operation from a host Fulvio Risso Mario Baldi Politecnico di Torino (Technical University of Turin) see page 2 Notes n The commands/programs

More information

04 Internet Protocol (IP)

04 Internet Protocol (IP) SE 4C03 Winter 2007 04 Internet Protocol (IP) William M. Farmer Department of Computing and Software McMaster University 29 January 2007 Internet Protocol (IP) IP provides a connectionless packet delivery

More information

8.2 The Internet Protocol

8.2 The Internet Protocol TCP/IP Protocol Suite HTTP SMTP DNS RTP Distributed applications Reliable stream service TCP UDP User datagram service Best-effort connectionless packet transfer Network Interface 1 IP Network Interface

More information

Network layer: Overview. Network layer functions IP Routing and forwarding

Network layer: Overview. Network layer functions IP Routing and forwarding Network layer: Overview Network layer functions IP Routing and forwarding 1 Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every host, router application

More information

Subnetting,Supernetting, VLSM & CIDR

Subnetting,Supernetting, VLSM & CIDR Subnetting,Supernetting, VLSM & CIDR WHAT - IP Address Unique 32 or 128 bit Binary, used to identify a system on a Network or Internet. Network Portion Host Portion CLASSFULL ADDRESSING IP address space

More information

Lecture Computer Networks

Lecture Computer Networks Prof. Dr. H. P. Großmann mit M. Rabel sowie H. Hutschenreiter und T. Nau Sommersemester 2012 Institut für Organisation und Management von Informationssystemen Thomas Nau, kiz Lecture Computer Networks

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

Internet Protocol. Raj Jain. Washington University in St. Louis.

Internet Protocol. Raj Jain. Washington University in St. Louis. Internet Protocol Raj Jain Washington University Saint Louis, MO 63131 Jain@cse.wustl.edu These slides are available on-line at: http://www.cse.wustl.edu/~jain/cse473-05/ 13-1 Overview! Internetworking

More information

TCP/IP Concepts Review. Ed Crowley

TCP/IP Concepts Review. Ed Crowley TCP/IP Concepts Review Ed Crowley 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP addressing

More information

Solution to Wireshark Lab: IP

Solution to Wireshark Lab: IP Solution to Wireshark Lab: IP Fig. 1 ICMP Echo Request message IP information 1. What is the IP address of your computer? The IP address of my computer is 192.168.1.46 2. Within the IP packet header, what

More information

IP - The Internet Protocol

IP - The Internet Protocol Orientation IP - The Internet Protocol IP (Internet Protocol) is a Network Layer Protocol. IP s current version is Version 4 (IPv4). It is specified in RFC 891. TCP UDP Transport Layer ICMP IP IGMP Network

More information

CIT 480: Securing Computer Systems. TCP/IP Security

CIT 480: Securing Computer Systems. TCP/IP Security CIT 480: Securing Computer Systems TCP/IP Security Topics 1. Internet Protocol (IP) 2. IP Spoofing and Other Vulnerabilities 3. ICMP 4. Transmission Control Protocol (TCP) 5. TCP Session Hijacking 6. UDP

More information

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP

IP Network Layer. Datagram ID FLAG Fragment Offset. IP Datagrams. IP Addresses. IP Addresses. CSCE 515: Computer Network Programming TCP/IP CSCE 515: Computer Network Programming TCP/IP IP Network Layer Wenyuan Xu Department of Computer Science and Engineering University of South Carolina IP Datagrams IP is the network layer packet delivery

More information

Internet Control Protocols Reading: Chapter 3

Internet Control Protocols Reading: Chapter 3 Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

IP addressing and forwarding Network layer

IP addressing and forwarding Network layer The Internet Network layer Host, router network layer functions: IP addressing and forwarding Network layer Routing protocols path selection RIP, OSPF, BGP Transport layer: TCP, UDP forwarding table IP

More information

NETWORK LAYER/INTERNET PROTOCOLS

NETWORK LAYER/INTERNET PROTOCOLS CHAPTER 3 NETWORK LAYER/INTERNET PROTOCOLS You will learn about the following in this chapter: IP operation, fields and functions ICMP messages and meanings Fragmentation and reassembly of datagrams IP

More information

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14

Internet Protocols. Supporting Protocols and Framing. Updated: 9/30/14 Internet Protocols Supporting Protocols and Framing Updated: 9/30/14 Supporting Protocols ARP / RARP BOOTP ICMP DHCP NAT IP Supporting Protocols IP protocol only deals with the data transfer (best-effort)

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9. Lecture 17 Overview Last Lecture Wide Area Networking (2) This Lecture Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.2 Next Lecture Internet Protocol (2) Source: chapters 19.1, 19.2, 22,1

More information

IPv6 Security : ICMPv6 Vulnerabilities. Navaneethan C. Arjuman National Advanced IPv6 Centre December 2012

IPv6 Security : ICMPv6 Vulnerabilities. Navaneethan C. Arjuman National Advanced IPv6 Centre December 2012 IPv6 Security : ICMPv6 Vulnerabilities Navaneethan C. Arjuman nava@nav6.usm.my National Advanced IPv6 Centre December 2012 1 Understanding ICMP What is ICMP? Internet Control Message Protocol (ICMP) ICMP

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP

Guide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe

More information

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus

Router Architecture Overview. Input Port Functions. Switching Via Memory. Three types of switching fabrics. Switching Via a Bus Router Architecture Overview Two key router functions: run routing algorithms/protocol (RIP, OSPF, BGP) forwarding grams from incoming to outgoing link Input Port Functions Physical layer: bit-level reception

More information

Technical Support Information Belkin internal use only

Technical Support Information Belkin internal use only The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.

More information

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Janno< Administrivia IP out today. Your job: Find partners and tell us Implement

More information

What is a DoS attack?

What is a DoS attack? CprE 592-YG Computer and Network Forensics Log-based Signature Analysis Denial of Service Attacks - from analyst s point of view Yong Guan 3216 Coover Tel: (515) 294-8378 Email: guan@ee.iastate.edu October

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols Auxiliary Protocols IP serves only for sending packets with well-known addresses. Some questions however remain open, which are handled by auxiliary protocols: Address Resolution Protocol (ARP) Reverse

More information

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline

TCP/IP Fundamentals. OSI Seven Layer Model & Seminar Outline OSI Seven Layer Model & Seminar Outline TCP/IP Fundamentals This seminar will present TCP/IP communications starting from Layer 2 up to Layer 4 (TCP/IP applications cover Layers 5-7) IP Addresses Data

More information

Introduction to IP & Addressing

Introduction to IP & Addressing Introduction to IP & Addressing Internet Protocol The IP in TCP/IP IP is the network layer protocol packet delivery service (host-to-host). translation between different data-link protocols. IP Datagrams

More information

The Network Layer and the Internet Protocol. Nixu Ltd.

The Network Layer and the Internet Protocol. Nixu Ltd. The Network Layer and the Internet Protocol Nixu Ltd. OVERVIEW The Internet Protocol IP addresses, address resolution IP in LAN environment Static routing Dynamic routing Nixu Ltd. 2/48 The Network Layer

More information

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg

Outline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

Ethernet. Ethernet. Network Devices

Ethernet. Ethernet. Network Devices Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking

More information

RARP: Reverse Address Resolution Protocol

RARP: Reverse Address Resolution Protocol SFWR 4C03: Computer Networks and Computer Security January 19-22 2004 Lecturer: Kartik Krishnan Lectures 7-9 RARP: Reverse Address Resolution Protocol When a system with a local disk is bootstrapped it

More information

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur

Module 6. Internetworking. Version 2 CSE IIT, Kharagpur Module 6 Internetworking Lesson 2 Internet Protocol (IP) Specific Instructional Objectives At the end of this lesson, the students will be able to: Explain the relationship between TCP/IP and OSI model

More information

Lecture 9. Address Resolution Protocol (ARP)

Lecture 9. Address Resolution Protocol (ARP) Lecture 9. Direct Datagram Forwarding: Address Resolution Protocol (ARP) Problem statement Routing decision for packet X has two possible outcomes: You are arrived to the final network: go to host X You

More information

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols

Guide to TCP/IP, Third Edition. Chapter 3: Data Link and Network Layer TCP/IP Protocols Guide to TCP/IP, Third Edition Chapter 3: Data Link and Network Layer TCP/IP Protocols Objectives Understand the role that data link protocols, such as SLIP and PPP, play for TCP/IP Distinguish among various

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Vulnerability Analysis 1 Roadmap Why vulnerability analysis? Example: TCP/IP related vulnerabilities

More information

Network Layer: Address Mapping, Error Reporting, and Multicasting

Network Layer: Address Mapping, Error Reporting, and Multicasting CHAPTER 21 Network Layer: Address Mapping, Error Reporting, In Chapter 20 we discussed the Internet Protocol (IP) as the main protocol at the network layer. IP was designed as a best-effort delivery protocol,

More information

Chapter 2 NETWORK LAYER

Chapter 2 NETWORK LAYER Chapter 2 NETWORK LAYER This chapter provides an overview of the most important and common protocols associated with the TCP/IP network layer. These include: Internet Protocol (IP), Routing protocols Routing

More information

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF

Network Layer IPv4. Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS. School of Computing, UNF Network Layer IPv4 Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing, UNF IPv4 Internet Protocol (IP) is the glue that holds the Internet together.

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Network Layer: and Multicasting. 21.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Network Layer: and Multicasting. 21.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 21-1 ADDRESS MAPPING The delivery

More information

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols

More information

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review

Hands-On Ethical Hacking and Network Defense - Second Edition. Chapter 2 - TCP/IP Concepts Review Objectives After reading this chapter and completing the exercises, you will be able to: Overview of TCP/IP Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary,

More information

Virtual Networks and Tunnels

Virtual Networks and Tunnels Virtual Networks and Tunnels Virtual private networks via internet Use leased lines Establish VCs on an ATM network Controlled connectivity Using IP IP Tunnels: No VC Concept of encapsulation router Example

More information

Unix System Administration

Unix System Administration Unix System Administration Chris Schenk Lecture 08 Tuesday Feb 13 CSCI 4113, Spring 2007 ARP Review Host A 128.138.202.50 00:0B:DB:A6:76:18 Host B 128.138.202.53 00:11:43:70:45:81 Switch Host C 128.138.202.71

More information

ACHILLES CERTIFICATION. SIS Module SLS 1508

ACHILLES CERTIFICATION. SIS Module SLS 1508 ACHILLES CERTIFICATION PUBLIC REPORT Final DeltaV Report SIS Module SLS 1508 Disclaimer Wurldtech Security Inc. retains the right to change information in this report without notice. Wurldtech Security

More information

Shortest Path First Example

Shortest Path First Example IP Exercises (Solutions in Class) 1 Shortest Path First Example Example: Received Set of Link State Update Packets (from Fig. 5-13, Computer Networks) Identity Sequence # Age List of Neighbors A 2021 60

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

TCP/IP Tutorial. Transmission Control Protocol Internet Protocol

TCP/IP Tutorial. Transmission Control Protocol Internet Protocol TCP/IP Tutorial Transmission Control Protocol Internet Protocol 1 TCP/IP & OSI In OSI reference model terminology -the TCP/IP protocol suite covers the network and transport layers. TCP/IP can be used

More information

TCP/IP: sniffing, ARP attacks, IP fragmentation. Network Security Lecture 3

TCP/IP: sniffing, ARP attacks, IP fragmentation. Network Security Lecture 3 TCP/IP: sniffing, ARP attacks, IP fragmentation Network Security Lecture 3 Recap and overview Last time TCP/IP IP Ethernet ARP Today Attacks Sniffing Spoofing Hijacking (ARP) Tools/libraries Libnet, libpcap

More information

Internet Architecture and Philosophy

Internet Architecture and Philosophy Internet Architecture and Philosophy Conceptually, TCP/IP provides three sets of services to the user: Application Services Reliable Transport Service Connectionless Packet Delivery Service The underlying

More information

Networks: IP and TCP. Internet Protocol

Networks: IP and TCP. Internet Protocol Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments

More information

LAB THREE STATIC ROUTING

LAB THREE STATIC ROUTING LAB THREE STATIC ROUTING In this lab you will work with four different network topologies. The topology for Parts 1-4 is shown in Figure 3.1. These parts address router configuration on Linux PCs and a

More information

Компјутерски Мрежи NAT & ICMP

Компјутерски Мрежи NAT & ICMP Компјутерски Мрежи NAT & ICMP Riste Stojanov, M.Sc., Aleksandra Bogojeska, M.Sc., Vladimir Zdraveski, B.Sc Internet AS Hierarchy Inter-AS border (exterior gateway) routers Intra-AS interior (gateway) routers

More information

Autumn Oct 21, Oct 21, 2004 CS573: Network Protocols and Standards 1 Oct 21, 2004 CS573: Network Protocols and Standards 2

Autumn Oct 21, Oct 21, 2004 CS573: Network Protocols and Standards 1 Oct 21, 2004 CS573: Network Protocols and Standards 2 IPv4 IP: Addressing, ARP, Routing Protocols and Standards Autumn 2004-2005 IP Datagram Format IPv4 Addressing ARP and RARP IP Routing Basics Subnetting and Supernetting ICMP Address Translation (NAT) Dynamic

More information

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory

Denial of Service (DoS) attacks and countermeasures. Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory Denial of Service (DoS) attacks and countermeasures Pier Luigi Rotondo IT Specialist IBM Rome Tivoli Laboratory Definitions of DoS/DDoS attacks Denial of Service is the prevention of authorised access

More information

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław

Computer Networks. Lecture 3: IP Protocol. Marcin Bieńkowski. Institute of Computer Science University of Wrocław Computer Networks Lecture 3: IP Protocol Marcin Bieńkowski Institute of Computer Science University of Wrocław Computer networks (II UWr) Lecture 3 1 / 24 In previous lectures We learned about layer 1

More information

IP Routing Features. Contents

IP Routing Features. Contents 7 IP Routing Features Contents Overview of IP Routing.......................................... 7-3 IP Interfaces................................................ 7-3 IP Tables and Caches........................................

More information

Material for the Networking lab in ETSF15 Computer Systems and Networks 2016

Material for the Networking lab in ETSF15 Computer Systems and Networks 2016 Material for the Networking lab in ETSF15 Computer Systems and Networks 2016 Preparations In order to succeed with the lab, you must have understood some important parts of the course. Therefore, before

More information

Internet Protocols Fall Lectures 7-8 Network Layer Andreas Terzis

Internet Protocols Fall Lectures 7-8 Network Layer Andreas Terzis Internet Protocols Fall 2006 Lectures 7-8 Network Layer Andreas Terzis Outline Internet Protocol Service Model Addressing Original addressing scheme Subnetting CIDR Forwarding Router Designs Fragmentation

More information

An Analysis of Security Mechanisms in the OSI Model

An Analysis of Security Mechanisms in the OSI Model An Analysis of Security Mechanisms in the OSI Model Karlo Rodriguez DTEC 6865 Merriam Webster s Dictionary defines security as measures taken to guard against espionage or sabotage, crime, attack, or escape.

More information

- IPv4 Addressing and Subnetting -

- IPv4 Addressing and Subnetting - 1 Hardware Addressing - IPv4 Addressing and Subnetting - A hardware address is used to uniquely identify a host within a local network. Hardware addressing is a function of the Data-Link layer of the OSI

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Internet Applications Browsers, Ping, Traceroute, ARP

Internet Applications Browsers, Ping, Traceroute, ARP Internet Applications Browsers, Ping, Traceroute, ARP Professor Richard Harris School of Engineering and Advanced Technology (SEAT) Presentation Outline Computer Networks - 1/2 Learning Objectives You

More information

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol

Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol Mobile IP Network Layer Lesson 02 TCP/IP Suite and IP Protocol 1 TCP/IP protocol suite A suite of protocols for networking for the Internet Transmission control protocol (TCP) or User Datagram protocol

More information

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing

9025- TCP/IP Networking. History and Standards. Review of Numbering Systems. Local Signaling. IP Addressing 9025- TCP/IP Networking History and Standards ARPA NCP TCP, IP, ARPANET PARC Collaborative Network Requirements One Protocol? Peer-to-Peer Protocols Documentation and RFCs RFC Categories Where to Find

More information

Final for ECE374 05/06/13 Solution!!

Final for ECE374 05/06/13 Solution!! 1 Final for ECE374 05/06/13 Solution!! Instructions: Put your name and student number on each sheet of paper! The exam is closed book. You have 90 minutes to complete the exam. Be a smart exam taker -

More information

Internetworking. Problem: There is more than one network (heterogeneity & scale)

Internetworking. Problem: There is more than one network (heterogeneity & scale) Internetworking Problem: There is more than one network (heterogeneity & scale) Hongwei Zhang http://www.cs.wayne.edu/~hzhang Internetworking: Internet Protocol (IP) Routing and scalability Group Communication

More information

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes

Dynamic Host Configuration Protocol (DHCP) 02 NAT and DHCP Tópicos Avançados de Redes Dynamic Host Configuration Protocol (DHCP) 1 1 Dynamic Assignment of IP addresses Dynamic assignment of IP addresses is desirable for several reasons: IP addresses are assigned on-demand Avoid manual IP

More information

Lecture 8. IP Fundamentals

Lecture 8. IP Fundamentals Lecture 8. Internet Network Layer: IP Fundamentals Outline Layer 3 functionalities Internet Protocol (IP) characteristics IP packet (first look) IP addresses Routing tables: how to use ARP Layer 3 functionalities

More information

Transport and Network Layer

Transport and Network Layer Transport and Network Layer 1 Introduction Responsible for moving messages from end-to-end in a network Closely tied together TCP/IP: most commonly used protocol o Used in Internet o Compatible with a

More information

Security Technology White Paper

Security Technology White Paper Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced

More information

OSI Network Layer OSI Layer 3

OSI Network Layer OSI Layer 3 OSI Network Layer OSI Layer 3 Network Fundamentals Chapter 5 ١ Objectives Identify the role of the Network Layer, as it describes communication from one end device to another end device Examine the most

More information

Computer Networks I Laboratory Exercise 1

Computer Networks I Laboratory Exercise 1 Computer Networks I Laboratory Exercise 1 The lab is divided into two parts where the first part is a basic PC network TCP/IP configuration and connection to the Internet. The second part is building a

More information

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.

This Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same. This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the

More information

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide?

Network Scanning. What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Network Scanning What is a Network scanner? Why are scanners needed? How do scanners do? Which scanner does the market provide? Where will our research go? Page : 1 Function - attacker view What hosts

More information

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s)

netkit lab MPLS VPNs with overlapping address spaces 1.0 S.Filippi, L.Ricci, F.Antonini Version Author(s) netkit lab MPLS VPNs with overlapping address spaces Version Author(s) 1.0 S.Filippi, L.Ricci, F.Antonini E-mail Web Description silvia.filippi@kaskonetworks.it http://www.kaksonetworks.it/ A lab showing

More information

IP Basics Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA

IP Basics Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA IP Basics Unix/IP Preparation Course July 19, 2009 Eugene, Oregon, USA hervey@nsrc.org Layers Complex problems can be solved using the common divide and conquer principle. In this case the internals of

More information

Internet Protocol. IP Datagram, Fragmentation and Reassembly

Internet Protocol. IP Datagram, Fragmentation and Reassembly Internet Protocol IP Datagram, Fragmentation and Reassembly IP Datagram Header Data Data (variable length) IP Packet Header number of IP protocol Current version is 4 6 has different header format IP Packet

More information

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology

Indian Institute of Technology Kharagpur. TCP/IP Part I. Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Indian Institute of Technology Kharagpur TCP/IP Part I Prof Indranil Sengupta Computer Science and Engineering Indian Institute of Technology Kharagpur Lecture 3: TCP/IP Part I On completion, the student

More information

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration

Interconnection of Heterogeneous Networks. Internetworking. Service model. Addressing Address mapping Automatic host configuration Interconnection of Heterogeneous Networks Internetworking Service model Addressing Address mapping Automatic host configuration Wireless LAN network@home outer Ethernet PPS Internet-Praktikum Internetworking

More information

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets)

Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) Gary Hecht Computer Networking (IP Addressing, Subnet Masks, and Packets) The diagram below illustrates four routers on the Internet backbone along with two companies that have gateways for their internal

More information

Network and Services Discovery

Network and Services Discovery A quick theorical introduction to network scanning January 8, 2016 Disclaimer/Intro Disclaimer/Intro Network scanning is not exact science When an information system is able to interact over the network

More information

Networking Test 4 Study Guide

Networking Test 4 Study Guide Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.

More information

IP network tools & troubleshooting. AFCHIX 2010 Nairobi, Kenya October 2010

IP network tools & troubleshooting. AFCHIX 2010 Nairobi, Kenya October 2010 IP network tools & troubleshooting AFCHIX 2010 Nairobi, Kenya October 2010 Network configuration Reminder, configure your network in /etc/ rc.conf ( x = your IP, from.10 to...) ifconfig_bge0= 41.215.76.x/24

More information

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Internet Protocol: IP packet headers. vendredi 18 octobre 13 Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)

More information

Classful IP Addressing. Classless Addressing: CIDR. Routing & Forwarding: Logical View of a Router. IP Addressing: Basics

Classful IP Addressing. Classless Addressing: CIDR. Routing & Forwarding: Logical View of a Router. IP Addressing: Basics Switching and Forwarding Switching and Forwarding Generic Router rchitecture Forwarding Tables: ridges/layer Switches; VLN Routers and Layer 3 Switches Forwarding in Layer 3 (Network Layer) Network Layer

More information

Instructor Notes for Lab 3

Instructor Notes for Lab 3 Instructor Notes for Lab 3 Do not distribute instructor notes to students! Lab Preparation: Make sure that enough Ethernet hubs and cables are available in the lab. The following tools will be used in

More information

Unverified Fields - A Problem with Firewalls & Firewall Technology Today

Unverified Fields - A Problem with Firewalls & Firewall Technology Today Unverified Fields - A Problem with Firewalls & Firewall Technology Today Ofir Arkin The Sys-Security Group ofir.arkin@sys-security.com October 2000 1 Introduction The following problem (as discussed in

More information

TCP/IP Security Problems. History that still teaches

TCP/IP Security Problems. History that still teaches TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home

More information

3. Configuring Network Settings in Knoppix

3. Configuring Network Settings in Knoppix 3. Configuring Network Settings in Knoppix Objective Configure a Knoppix computer s IP address information. Equipment The following equipment is required for this exercise: o A server with Knoppix 3.9

More information

1000 CCNA Certification Exam Preparation Questions and Answers:

1000 CCNA Certification Exam Preparation Questions and Answers: 1000 CCNA Certification Exam Preparation Questions and Answers: One Thousand Practice Questions for Passing the CCNA Exams - Pass On Your First Try 1 Copyright 2009 Notice of rights All rights reserved.

More information

Chapter 11. User Datagram Protocol (UDP)

Chapter 11. User Datagram Protocol (UDP) Chapter 11 User Datagram Protocol (UDP) The McGraw-Hill Companies, Inc., 2000 1 CONTENTS PROCESS-TO-PROCESS COMMUNICATION USER DATAGRAM CHECKSUM UDP OPERATION USE OF UDP UDP PACKAGE The McGraw-Hill Companies,

More information

Transport and Network Layer Protocols Lab TCP/IP

Transport and Network Layer Protocols Lab TCP/IP Transport and Network Layer Protocols Lab TCP/IP Name: Date Experiment Performed: Group Members: TCP/IP lab Version 1.3, February 2004-1 - PART I: Internet Protocol (IP) Objective Internet Protocols are

More information