TCP/IP illustrated Vol. 1 The Protocols. Introduction. Summary of Chapter. Layered structure. Network layer. Link layer

Transcription

1 TCP/IP illustrated Vol. 1 The Protocols Chapter 1 - Introduction Introduction Late 1960 s research project. IPv4 described in RFC-791 (1981) Today's most widely used network protocol Open system Definitions and free implementations available Base of worldwide Internet Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / Summary of Chapter Layered structure Layered structure Internet addresses Domain Name System Encapsulation Demultiplexing Client server model Port numbers Introduction (c) Jouni Ikonen / TCP/IP is combination of different protocols at various layers. TCP is 4-layer system Application (Sovellus) Transport (Kuljetus) Network (Verkko) Link (Linkki) Telnet, FTP, , etc. TCP, UDP IP, ICMP, IGMP device driver and interface card Introduction (c) Jouni Ikonen / Link layer Device driver and network interface card handle hardware details of physically interfacing with the media Network layer Handles movement of packet around in the network Routing of packets IP (Internet Protocol) ICMP (Internet Control Message Protocol) IGMP (Internet Group Management Protocol) Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / 1

2 Transport layer Provides flow of data between two hosts, for application layer above (TCP and UDP) TCP (Transmission Control Protocol) provides reliable data flow between two hosts. Dividing data to packets, acknowledging of packets, timeouts... UDP (User Datagram Protocol) sends datagrams from a host to another. No guarantees! Application layer Handles details of the particular application Telnet, FTP (File Transfer Protocol), SMTP (Simple Mail Transfer Protocol), SNMP (Simple Network Management Protocol)... Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / Two networks connected with a router User process TCP/IP layering User process User process User process Application FTP Client TCP FTP protocol TCP protocol FTP Server TCP TCP UDP Transport IP Ethernet driver Ethernet IP protocol Ethernet protocol IP Ethernet driver TR driver IP protocol Token Ring protocol Token Ring Introduction (c) Jouni Ikonen / IP Token ring driver ICMP ARP IP Hardware interface IGMP RARP Introduction (c) Jouni Ikonen / Media Network Link Internet addresses Internet addresses Every interface must have a unique Internet Address (IP address) 32-bit address, e.g, types of addresses Unicast Broadcast Multicast Class A Class B Class C Class D Class E bits 24 bits netid hostid bits 16 bits netid hostid 21 bits 8 bits netid hostid 28 bits multicast group ID 28 bits (reserved for future use) Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / 2

3 Class A B C D E Internet addresses Range Multihomed host has multiple IP addresses (1/interface) Introduction (c) Jouni Ikonen / Private IP addresses The Internet Assigned Numbers Authority (IANA) has reserved the three blocks of the IP address space for private internets (local networks) The Internet Assigned Numbers Authority (IANA) has reserved private IP addresses in the range of for Automatic Private IP Addressing. Introduction (c) Jouni Ikonen / Domain name system A distributed database system that provides mapping between IP addresses and hostnames. Any application can call a standard library function to look up an IP address corresponding given hostname. Encapsulation Each layer adds its own header (and maybe a trailer) to user data which is send through network. User data + application header => TCP segment => IP datagram => Ethernet frame Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / Demultiplexing When an Ethernet frame is received all the headers are removed in appropriate places. Each protocol looks at certain identifiers in its header to determine which protocol on next upper layer receives data. E.g. IP detect if packet should be given to UDP or TCP. User process ICMP ARP TCP User process IP Ethernet driver Demultiplexing UDP User process IGMP RARP User process demultiplexing based on destination port in TCP or UDP header demultiplexing based on protocol value in IP header demultiplexing based on frame type in Ethernet header Introduction (c) Jouni Ikonen / Incoming frame Introduction (c) Jouni Ikonen / 3

4 Client-server model Server provides some services for clients. Most applications follow this model. Two flavors: Iterative, wait for request, serve it, wait for a next Concurrent, serve multiple request at a time, may fork an own process for all requests Port numbers TCP and UDP identifies applications using 16-bit port numbers. Reserved ports Well known port numbers /etc/services Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / Programming interfaces sockets (Berkeley sockets) TLI (Transport Layer Interface, also known as XTI) Internet standards Standards published as Request for Comments (RFCs). (All of them are NOT standards). ftp://ftp.funet.fi/rfc rfc-index.txt shows status of the standards: Standard, proposed standard, obsolete, experimental, informational, Internet Official Protocol Standards. May RFC5000 (Check that it is still valid!). ftp://ftp.funet.fi/rfc/rfc5000.txt Introduction (c) Jouni Ikonen / Introduction (c) Jouni Ikonen / Summary Link, Network, Transport and application layers Network layer provides hop-by-hop service (IP) Transport layer provides end-to-end service (UDP and TCP) Internet is a collection of networks DNS mapping between names and addresses Introduction (c) Jouni Ikonen / 4

5 TCP/IP illustrated Vol. 1 The Protocols Chapter 2 - Link Layer Link Layer Purpose for link layer is to send and receive IP datagrams for the IP module ARP requests and replies for the ARP module RARP requests and replies for the RARP module TCP/IP supports many different link layers, depending on the type of networking hardware being used : Ethernet, token ring, FDDI, RS-232 serial lines, and the like Link Layer - (c) Jouni Ikonen / Link Layer - (c) Jouni Ikonen / Ethernet and IEEE 802 Encapsulation Ethernet standard was published 1982 by Digital Equipment Corp., Intel Corp. and Xerox Corp. It defined communication with CSMA/CD (Carrier Sense, Multiple Access with Collision Detection) algorithm. Later IEEE published set of 802-standards (CSMA/CD), (Token Ring), 802 standards use same Logical Link Control (LLC) layer. Link Layer - (c) Jouni Ikonen / destination addr Ethernet Encapsulation (RFC 894) source addr bytes type data CRC type IP datagram type 0806 ARP request /reply 2 28 type 0835 RARP request /reply PAD 18 PAD Link Layer - (c) Jouni Ikonen / IEEE 802.2/802.3 Encapsulation (RFC1042) destination addr MAC LLC SNAP source addr length DSAP SSAP AA AA cntl 03 org code 00 Link Layer - (c) Jouni Ikonen / type data CRC SNAP Sub-Network Access Protocol DSAP Destination Service Access Point SSAP Source Serving Access Point type type type IP datagram ARP request /reply 28 RARP request /reply 28 PAD 10 PAD 10 Encapsulation Both frame formats use 48 bit destination and source addresses 802 length field says how many bytes follow, not including CRC Ethernet type field identifies the type of data that follows 802 type field is same as in Ethernet frames Ethernet Type and Length fields can be distinguish by the value and Ethernet frames have minimum size. Link Layer - (c) Jouni Ikonen / 1

6 Host requirements (RFC1042) CSMA/CD Carrier sense multiple access with collision detection Send frame Retransmission counter N = 0 Every Internet host connected to 10 Mbit/s Ethernet should MUST be able send and receive packets using RFC894 (Ethernet) encapsulation. Should be able to receive RFC 1042 (IEEE 802) packets intermixed with RFC 894 packets. May be able send packets using RFC 1042 encapsulation. Link Layer - (c) Jouni Ikonen / Packet ready? Yes Channel busy? No Transmit Collision detected? No Done Link Layer - (c) Jouni Ikonen / No Yes Transmit jamming signal Increase retransmission counter, N = N +1 Delay R * 51.2 micro seconds Select random integer between R = [0, 2 K ] K = N K = 10 Yes N<=10 No Yes N <15 No Abort Collision detection Serial Interfaces Point in minimum frame size is that sending host realizes that collision has happened during it s transmission. If packet is short the sender might not detect a collision and believe that transmission was successful. Link Layer - (c) Jouni Ikonen / There are two specialized link layers for serial interfaces: SLIP (Serial Line IP) PPP (Point to Point Protocol) CSLIP and PPP can reduce number of bytes/frame transmitted over the link! Many header fields do not change. PPP is more modern and correct many deficiencies of SLIP. Link Layer - (c) Jouni Ikonen / SLIP : Serial Line IP SLIP is simple form of encapsulation for IP datagrams on serial lines Rules for the framing in SLIP : IP datagram is terminated by the special character called END (0xc0) if byte in datagram equals the END character, the 2- byte sequence 0xdb, 0xdc is transmitted instead 0xdb is called SLIP ESC character if byte in datagram equals the ESC character, the 2-byte sequence 0xdb, 0xdd is transmitted instead Link Layer - (c) Jouni Ikonen / Deficiencies in SLIP Each end must know the others IP address. There is no method for one end to inform other of its IP address. There is not type field. If a serial line is used for SLIP, it can t be used for some other protocol at the same time. There is no checksum added by SLIP. Upper layers must detect corrupted messages. Link Layer - (c) Jouni Ikonen / 2

7 SLIP Encapsulation PPP : Point to Point Protocol END c0 1 IP datagram c0 db 1 1 ESC db dc 1 1 ESC db 1 dd 1 END c0 1 Three components A way to encapsulate IP datagrams asynchronous links with 8-bit data and no parity, or bit oriented synchronous links A link control protocol (LCP) to establish, configure, and test the data-link connection A family of network control protocols (NCPs) to differentiate network layer protocols. IP, OSI network layer, DECnet, AppleTalk Link Layer - (c) Jouni Ikonen / Link Layer - (c) Jouni Ikonen / Format of PPP frames PPP frame format flag 7E 1 addr FF 1 control 03 1 protocol 2 protocol protocol c021 2 protocol information up to 1500 bytes IP datagram link control data network control data Link Layer - (c) Jouni Ikonen / CRC 2 flag 7E 1 Begins and ends with flag byte (0x7e) If 0x7e appears in data, byte is transmitted as the 2-byte sequence 0x7d, 0x5e. This is the escape of the flag byte The byte 0x7d is transmitted as the 2-byte sequence 0x7d, 0x5d. This is the escape of the escape byte Link Layer - (c) Jouni Ikonen / Loopback Interface Allows client and server on the same host to communicate with each other using TCP/IP The class A network ID 127 is reserved for the loopback interface Link Layer - (c) Jouni Ikonen / place on IP input queue loopback driver Ethernet Processing of IP datagrams by loopback interface IP output function YES YES destination IP address equal broadcast address or multicast address? NO destination IP address equal interface IP address? no, use ARP to get destination Ethernet address ARP ARP send Link Layer - (c) Jouni Ikonen / IP input function place on IP input queue IP demultiplex based on Ethernet frame type receive Ethernet driver 3

8 Loopback key points Everything sent to the loopback address appears as IP input Datagrams sent to a broadcast address or a multicast address are copied to the loopback interface and sent out on the Ethernet. This is because the definition of broadcasting or multicasting includes the sending host Anything sent to one of the host s own IP MTU : Maximum Transmission Unit There is limit (MTU) on the size of the frame for both Ethernet encapsulation and encapsulation (1500 or 1492) IP performs fragmentation, breaking the datagram up into smaller pieces (fragments) so that every piece is smaller than the MTU Different types of networks have different sizes of MTUs address is sent to the loopback interface Link Layer - (c) Jouni Ikonen / Link Layer - (c) Jouni Ikonen / MTU When two hosts are communicating across multiple networks, each link can have a different MTU The smallest MTU between the two host is called the path MTU How about interaction? NETWORK MTU (bytes) Hyperchannel Mbits/sec token ring Mbits/sec token ring 4464 FDDI 4352 Ethernet 1500 IEEE 802.3/ X Point to point (low level) 296 Link Layer - (c) Jouni Ikonen / 4

9 TCP/IP illustrated Vol. 1 The Protocols Chapter 3 - IP: Internet Protocol IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Introduction Internet Protocol is the workhorse of the TCP/IP Suite (i.e. all TCP, UDP, ICMP and IGMP packets gets transmitted as IP datagramms) Internet Protocol provides an unreliable, connectionless datagram delivery service best-effort, no guarantees, (-->ICMP), independent handling of datagramms, no ordering of datagrams IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Summary of Chapter IP Header IP Routing Subnet Addressing Subnet Mask Special Case IP Addresses Ifconfig and Netstat commands IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. 20 bytes 0 4-bit version 4-bit header length IP Header 8-bit TOS 16 bit identification 8-bit TTL 8-bit protocol DATA 16-bit total length 3-bit flags Options (if any) 13-bit fragment offset 16-bit header checksum 32-bit source IP address 32-bit destination IP address 31(32bits) IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. As defined by RFC791 Network byte order IP header values The most significant bit is numbered 0 at the left and the least significant bit of a 32-bit value is numbered 31 on the right. The 4 bytes in the 32-bit value are transmitted in the order: first bits 0-7, then 8-15, and Previous ordering is called big endian byte ordering, which is the byte ordering required for all binary integers in the TCP/IP headers as they traverse in a network. I.e. this is network byte order. Version: current dominant IP version is 4 (we are looking IPv4 headers!) Header length: number of 32-bit words in the header (including the options). Normal value is 5. TOS - type-of-service: Composed of 3 precedence bits (ignored) (RFC1340) 4 TOS bits (RFC1349) 1 unused bit (which must be zero) IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. 1

10 IP header: TOS TOS => Diffserv 4 TOS bits are for: Minimize delay Maximize throughput Maximize reliability Minimize monetary cost Only one of 4 bits can be turned on. TOS is not supported by all (or most) of TCP/IP implementations. Some routing protocols like OSPF and IS-IS are capable of making routing decisions based on TOS. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Differientiated services field RFC 2474 The Addition of Explicit Congestion Notification (ECN) RFC New Terminology and Clarifications for Diffserv. RFC 3260 Renaming of TOS field to DS field IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP header: more fields Total length: Total length of IP datagram (=> max. IP datagram size is 2 16 ). Identification: uniquely identifies each datagram sent by a host. Normally incremented by one each time datagram is sent. Flags Do not fragment & more fragments TTL time-to-live: upper limit on number of routers which datagram can pass. Protocol: used for demultiplexing protocols What the heck is one s complement? IP header: checksum Header checksum is calculated over IP header. It does not include any data that follows the header. Sending host: Set checksum field to zero. Calculated as 16-bit one s complement sum of the header and places the result to the checksum field. Receiving end calculates the 16-bit one s complement sum of the header. If the result is a ones transmission is treated as successful. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP header: the options Options are rarely used and all hosts/routers do not support all the options. Options defined: Security and handling restrictions Record route Timestamp Loose source routing Strict source routing IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP Routing As a concept : Simple, if the destination is directly connected to a host (P2P, shared network) then the datagram is sent directly to the destination. Otherwise the datagram is send to a default router. IP Layer has a routing table in memory that it searches each time it receives a datagram to send IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. 2

11 IP Routing IP Routing This routing table contains : destination IP address IP address of a next-hop router flags specification of a network interface IP Routing is done on a hop-by-hop basis, i.e it does not know the complete route, it just does know the next hop IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP Routing performs actions like : Search through the routing table for an entry that matches the complete IP address (router, network interface) Search through the routing table for an entry that matches just the destination network IP address (router, network interface) Search through the routing table for an entry labeled default and sending the datagram to the next-hop IP: Internet Protocol router - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Route command route or route print jumi:~> /sbin/route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface localnet * U eth0 default lty-gw.cc.lut.f UG eth0 destination network= bsdi sun Ethernet, Eth hdr IP hdr dest IP = dest Enet = Enet of Delivery of IP datagram from BSDI to SUN IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Subnet Addressing IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. From bsdi to Internet [ TCP/IP Illustrated Vol. 1, Stevens, AW] A and B class networks have generally more host addresses available than they have hosts ( and ) In subnetting IP addresses host portion is divided into subnet ID and host ID. Class B 16 bit 8 bit 8 bit Netid = Subnet id IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. hostid 3

12 More on subnets All hosts are required to support subnetting (RFC950) Local administrator decides if subnetting is needed Subnetting efficiently reduces the size of routing tables as they are invisible to Internet routers. Subnet division does not have to be on byte boundary IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. [ TCP/IP Illustrated Vol. 1, Stevens, AW] IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Subnet Mask A host must also know how many bits are used for the subnet ID and host ID This is specified using subnet mask, where 32-bit value contains network ID (1), subnet ID (1) and host ID (0) 16 bit 8 bit 8 bit Class B netid subnetid hostid mask = 0xFFFFFF IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Subnet mask calculation 16 bit 10 bit 6 bit Class B netid subnetid hostid = 0xFFFFFFc B class IP address, 6 bits reserved for hosts in a subnet. How many hosts? Mathematics 1*2 7 +1*2 6 +0*2 5 +0*2 4 +0*2 3 +0*2 2 +0*2 1 +0*2 0 = 1*128+1*64+0*32+0*16+0*8+0*4+0*2+0*1=192=c0 IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Subnet comparison example Assume that host address is and subnet mask is If destination address is is the host in the same (sub) network? How about ? (C class address)? Class B Subnet mask = Network IDs equal non equal subnet IDs Class B end of class B network ID end of specified subnet ID IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. Net ID Special Case IP Addresses IP address subnet ID host ID Can appear as Source? destin ation? Description 0 0 OK never this host in this network 0 host ID OK never spesified host in this network 127 anything OK OK loopback address -1-1 never OK limited broadcast (not forwarded) netid -1 never OK net-directed broadcast to netid netid subnetid -1 never OK net-directed broadcast to netid, subnetid netid -1-1 never OK all-subnets-directed broadcast to netid 0 means all bitsip: zero Internet Protocol - (c) Jouni Ikonen / Lappeenranta -1 means univ. of Tech. all bits ones 4

13 Special IP addresses Source address network id 0 can appear only when host is booting up and determining it s IP address. Ifconfig & Netstat Ipconfig and Ifconfig is used to configure and query information of the devices Netstat gives information of devices attached to the networks (i.e addresses, MTU etc.) IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IPv6 New IP Address Space (defined by RFC 4291) New IP Architecture extendibility interoperability with version 4 through tunneling IPv6 IPv6 will use 128-bit addressing instead of 32-bit addressing used in version 4. Therefore IP-address will contain 8 parts instead of 4 and each part has 16-bit value ( ). Then maximum address space would be 4 millions power two. Example address of a host : 1080:0:0:0:8:800:200C:417A If one or more four-digit group is 0000, the zeros may be omitted and replaced with two colons(::) IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IPv6 IPv6 header IPv6 routers do not fragment IP packets Mobile IP Jumbograms optional support for 4 GB Tunneling used to connect IPv6 islands Unicast, multicast and anycast addresses DHCPv6 IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. 5

14 IPv6 Extra RFC 2460: Internet Protocol, Version 6 (IPv6) Specification (obsoletes RFC 1883) (updated by rfc5095) RFC 2461/RFC 4311: Neighbor Discovery for IP Version 6 (IPv6) 4862 (obsoletes RFC 2462): IPv6 Stateless Address Autoconfiguration RFC 4443: Internet Control Message Protocol (ICMPv6) for the IPv6 Specification (obsoletes RFC 2463) (Updated by 4884) RFC 2464: Transmission of IPv6 Packets over Ethernet Networks RFC 4291: Internet Protocol Version 6 (IPv6) Addressing Architecture (obsoletes RFC 3513) [ TCP/IP Illustrated Vol. 1, Stevens, AW] IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. IP: Internet Protocol - (c) Jouni Ikonen / Lappeenranta univ. of Tech. 6

15 TCP/IP illustrated Vol. 1 The Protocols User process TCP/IP layering User process User process User process Application (Sovellus) TCP UDP Transport (Kuljetus) Chapter 4 - ARP: Address Resolution Protocol Chapter 5 - RARP: Reverse Address Resolution Protocol ARP and RARP - (c) Jouni Ikonen / ICMP ARP IP Hardware interface IGMP RARP ARP and RARP - (c) Jouni Ikonen / Media Network (Verkko) Link (Linkki) ARP: Address Resolution Protocol IP addresses can be only used with TCP/IP suite. Data link has its own addressing (like Ethernet and Token Ring) ARP provides mapping between 32-bit IP address and whatever type of address the data link uses. ARP and RARP - (c) Jouni Ikonen / ARP & RARP 32-bit Internet address ARP RARP 48-bit Ethernet address ARP provides dynamic mapping between addresses. RARP (Reverse address resolution protocol) used normally in systems without a disk drive. ARP and RARP - (c) Jouni Ikonen / resolver ARP example ARP request (Ethernet broadcast) ARP Ethernet driver hostname IP address ARP ARP and RARP - (c) Jouni Ikonen / FTP TCP IP ARP Ethernet driver Ethernet driver IP TCP ftp host.lut.fi Establish connection with IP address Send IP datagram to IP address Example Application calls gethostbyname() to convert hostname into 32-bit IP address. Application asks TCP to establish a connection with that IP address. ARP sends an Ethernet frame called an ARP request to every host on the network. Request contains IP address of the destination host and request to respond with hardware address. ARP and RARP - (c) Jouni Ikonen / 1

16 Example (cont.) Destination host s ARP layer receives the broadcast and replies directly to the requesting host with ARP reply (contains host s IP & HW addresses). Now the IP datagram can be send. ARP packet format Ethernet header 28 byte ARP request /reply Ethernet destination address Ethernet source address frame type hard prot hard prot sender sender target target type type size size op Ethernet address IP addr Ethernet address IP addr ARP and RARP - (c) Jouni Ikonen / ARP and RARP - (c) Jouni Ikonen / ARP header fields Frame type specifies data which will follow (e.g. 0x0806 for ARP reply). Hard type specifies hardware type (1 for Ethernet). Prot type specifies the protocol being mapped (0x0800 for IP addresses). Size fields specify used address sizes (Ethernet address 6 bytes and IP 4 bytes). Op field specifies if operation is ARP request, ARP reply, RARP request or RARP reply. ARP cache Hosts maintain ARP caches for efficiency. Normal expiration time 20 minutes C:\>arp -a Interface: on Interface 0x Internet Address Physical Address Type c-ce-0a dynamic e-1c-4d-a2 dynamic f2-98-c1 dynamic ARP and RARP - (c) Jouni Ikonen / ARP and RARP - (c) Jouni Ikonen / Proxy ARP A router answers to ARP request in one of it networks for a host another of its networks. Router relays the packet send to it. Useful if e.g. device supports only 1 MAC address Called also promiscuous ARP and ARP hack ARP and RARP - (c) Jouni Ikonen / Proxy ARP example is at 00:0c:xx:xx:xx: is at 00:0c:xx:xx:xx:00 ARP and RARP - (c) Jouni Ikonen / who has who has

17 ARP live capture Gratuitous ARP Frame 24 (60 bytes on wire, 60 bytes captured) Ethernet II, Src: 00:01:02:f2:98:c1, Dst: ff:ff:ff:ff:ff:ff Address Resolution Protocol (request) Hardware type: Ethernet (0x0001) Protocol type: IP (0x0800) Hardware size: 6 Protocol size: 4 Opcode: request (0x0001) Sender MAC address: 00:01:02:f2:98:c1 (3com_f2:98:c1) Sender IP address: ( ) Target MAC address: 00:00:00:00:00:00 (00:00:00_00:00:00) Target IP address: ( ) ARP and RARP - (c) Jouni Ikonen / Host send an ARP request looking for its own IP address. To detect somebody already using the same IP address. If host changed its hardware address it can update other hosts ARP caches by sending ARP request for its own IP address. ARP and RARP - (c) Jouni Ikonen / RARP: Reverse address resolution protocol Network device without local storage system needs a boot image and IP address also. Device can read it s unique MAC address and send RARP query to receive IP address. RARP packet almost identical ARP (type 0x8035). RARP reply is (normally) unicast RARP server RARP server is system dependent (and complex). It is realized as user process as it has to read and parse disk for IP addresses. It needs a way to receive and send RARP messages (skip transport layer) which is system dependent. RARP messages are not forwarded by the routers. Redundant servers can be needed. (How could collisions be avoided?) ARP and RARP - (c) Jouni Ikonen / ARP and RARP - (c) Jouni Ikonen / 3

18 TCP/IP illustrated Vol. 1 The Protocols Chapter 6 - ICMP: Internet Control Message Protocol ICMP Error messages Conditions that require attention Transmitted within IP datagrams IP datagram IP header ICMP message ICMP - (c) Jouni Ikonen / 20 bytes ICMP - (c) Jouni Ikonen / ICMP message 8-bit type 8-bit code 16-bit checksum (contents depends on type and code) More than 15 different types (Query/Error) codes to further specify the condition checksum covers the entire ICMP message ICMP - (c) Jouni Ikonen / ICMP message types (MT)- ECHO Type Name Reference 0 Echo Reply[RFC792] (Code 0 no code) 8 Echo [RFC792] (Code 0 no code) Also knows as PING sent by a host to test node reachability across a network. Pings are readily traceable using a Sniffer or Network Monitor by viewing ICMP Type 8 (request) and ICMP Type 0 (reply). ICMP - (c) Jouni Ikonen / ICMP - Destination Unreachable Type 3 - Destination Unreachable [RFC792] The destination specified in the datagram is unreachable, generating an ICMP type 3 response. Codes 0 Net Unreachable 1 Host Unreachable 2 Protocol Unreachable 3 Port Unreachable 4 Fragmentation Needed and Don't Fragment was Set 5 Source Route Failed 6 Destination Network Unknown 7 Destination Host Unknown ICMP - Destination Unreachable More codes 8 Source Host Isolated 9 Communication with Destination Network is Administratively Prohibited 10 Communication with Destination Host is Administratively Prohibited 11 Destination Network Unreachable for Type of Service 12 Destination Host Unreachable for Type of Service 13 Communication Administratively Prohibited [RFC1812] 14 Host Precedence Violation [RFC1812] 15 Precedence cutoff in effect [RFC1812] ICMP - (c) Jouni Ikonen / ICMP - (c) Jouni Ikonen / 1

19 Error message ICMP Port Unreachable Error Destination port is unreachable e.g. in FTP type (3) code (3) checksum Unused (must be 0) IP header (including options) + first 8 bytes of original IP datagramm data 8bytes ICMP Source Quench Type 4 [RFC792] Messages are an effort to request to the host to cut back the rate at which it is sending traffic to the Internet destination. The ICMP may be sent when a device does not have buffer space needed to queue the datagrams for output, or if datagrams are arriving too fast to be processed. Code 0 ICMP - (c) Jouni Ikonen / ICMP - (c) Jouni Ikonen / ICMP - Redirect ICMP Redirect example Type 5 [RFC792] Redirect is sent by a router to the source to stimulate more efficient routing, and is also accompanied by a code to further define the cause for the ICMP (network, service, or host). Redirect messages are often not allowed at edge routers to protect against hostile actions to redirect key traffic. Codes 0 Redirect Datagram for the Network (or subnet) 1 Redirect Datagram for the Host 2 Redirect Datagram for the Type of Service and Network 3 Redirect Datagram for the Type of Service and Host T R1 Route redirect S R2 Default router R2 ICMP - (c) Jouni Ikonen / ICMP - (c) Jouni Ikonen / Alternate Host Address Type 6 [Jon Postel, <postel@isi.edu>, September ] Codes 0 Alternate Address for Host ICMP - (c) Jouni Ikonen / ICMP - Router Advertisement Type 9 [RFC1256] Codes 0 Normal router advertisement 16 Does not route common traffic [RFC2002] RFC1256 specifies an extension of the Internet Control Message Protocol (ICMP) to enable hosts attached to multicast or broadcast networks to discover the IP addresses of their neighboring routers. ftp://ftp.funet.fi/rfc/rfc1256.txt ICMP - (c) Jouni Ikonen / 2

20 ICMP Router solicitation Type 10 [RFC1256] No codes ICMP Time exceeded Type 11 [RFC792] Codes 0 Time to Live exceeded in Transit 1 Fragment Reassembly Time Exceeded ICMP - (c) Jouni Ikonen / ICMP - (c) Jouni Ikonen / ICMP Parameter problem Type 12 [RFC792] Codes 0 Pointer indicates the error 1 Missing a Required Option [RFC1108] 2 Bad Length ICMP - Timestamp Type 13 Timestamp [RFC792] Type 14 Timestamp reply No codes ICMP - (c) Jouni Ikonen / ICMP - (c) Jouni Ikonen / Query messages ICMP Timestamp Request and Reply Allows system to query for the current time Returned value is the number of milliseconds since midnight type (13/14) code (0) checksum ICMP Information Request Type 15 Information Request [RFC792] Type 16 Information Reply No codes identifier sequence number 32-bit originate timestamp 32-bit receive timestamp 20bytes 32-bit transmit timestamp ICMP - (c) Jouni Ikonen / ICMP - (c) Jouni Ikonen / 3