Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security.
How do I get to www.randomsite.com? Local Network Internet Destination Network www.randomsite.com
Layer Introduction TCP/IP Stack Application (HTTP,SMTP) Transport (TCP/UDP) Network (IP, ARP, ICMP) Data Link (Ethernet, 802.11) Physical (wired, wireless) Application - communicate high level application information (Web, Email, etc) Transport - Enable communication of one process to another process across network Network host-to-host protocol, enables communication from one device to another Data Link/Physical enable communication over some transmission medium
Data Encapsulation Same if TCP used instead of UDP Source: Internet Protocol Suite, Wikimedia Foundation, Inc. http://en.wikipedia.org/wiki/internet_protocol_suite
Communicating over layers Source: Internet Protocol Suite, Wikimedia Foundation, Inc. http://en.wikipedia.org/wiki/internet_protocol_suite
TCP/IP Address TCP/IP Stack Application (HTTP,SMTP) OS Process Number Transport (TCP/UDP) Port Number [0 (2^16)-1] Network (IP, ARP, ICMP) IP Address [0.0.0.0-255.255.255.255] Data Link (Ethernet, 802.11) Physical (wired, wireless) Physical (MAC) Address (e.g., Ethernet [00:00:00:00:00:00 ff:ff:ff:ff:ff:ff])
Wireshark Examples Wireshark Obtain from https://www.wireshark.org/download.html Don t use on networks you don t own (such as WSU campus networks) as this may violate IT security/privacy policies!!!
Overview of Layers/Protocols
Data Link/Physical Layer
Data Link/Physical Layer Enables delivery of packets from one system to another within a network Covers How do we convert the data into the 0 s and 1 s on the physical media (encoding, framing) Physical transmission medium (e.g., wired, wireless) Addressing of systems How access to physical transmission medium is manage Example: Ethernet, Wifi (802.11)
Ethernet 802.3 is standard for wired Ethernet Physical connection is copper or fiber optic cable Physically connects to an Ethernet switch How packets are formatted How to schedule access to shared bus Logically bus topology Machine only reads packet if it has the packet s destination address Theoretically
Topology Packet 1. Ethernet Hub 1. Ethernet Switch Source Source Destination Destination Layer 2 - Hub Layer 2 - Switch
Ethernet Header Source: Ethernet Frame, Wikimedia Foundation, Inc. http://en.wikipedia.org/wiki/ethernet_frame Ethernet Address Called media access control (MAC) Address 6 bytes, example: 01:23:45:67:89:0a Key fields Destination Address Source Address Every Ethernet card has unique MAC address EtherType what is the network packet type IPv4, IPv6, ARP, etc..
Network Layer
Network Layer Protocols IP ICMP ARP
Internet Protocol (IP) Transport packets across routed network/internet Packets called datagrams Systems on Internet have unique IP address Enables Routing!!! Unreliable Performs best effort deliver Leaves reliability to higher level packets Data Fragments IP datagram can be large (2^16 bytes) May need to go into smaller link-layer protocols (Ethernet) Has to broken up or fragmented, before transmission and then reassembled when received
IPv4 vs IPv6 IPv4 Old (from 1980-81) Problems No built in security Small address space (2^32 or ~4 billion addresses) IPv6 Larger address space 2^128 Other improvements Slow adoption
IP Header Key fields Source Address Destination Address Protocol what higher level protocol is used (TCP, UDP) Total Length Header Checksum - verify integrity of header (not payload) Fragment Offset - Source: RFC 791 Internet Protocol https://www.ietf.org/rfc/rfc793.txt
IP Addresses IP Address: 32 bit address, range [0.0.0.0-255.255.255.255] Example: 168.192.100.35 Example in binary: 10101000 11000000 01100100 00100011 Address has two parts: Network Address First x bits of address Identifies the network of the host Host Address: Last (32-x) bits of address Identifies the host on the network Netmask determines what is Network Address and Host Address netmask is just a number the length of the Network Address
Net Mask Example Example: IP: 168.192.100.35 In binary: 10101000 11000000 01100100 00100011 Netmask : 16 11111111 11111111 00000000 00000000 Network Addr: 168.192.0.0 Host Addr: 100.35 Netmask : 24 Network Addr: 168.192.100.0 Host Addr:.35
Routing Systems use Network Address to know where to send packets If Destination Address!= Current Network Addr. Send to router Else Delver to host on local network Systems/routers have route table which contains either: Known Network Addresses and direction Default route path for everything
Local Network Routing Example 1.2.3.4 1.2.3.0 4.2.0.0 Internet 4.2.1.0 4.3.1.0 4.3.0.0 4.3.2.0 Destination Network 4.3.2.1 www.randomsite.com
IP Addresses continued Other weirdness Private (non-routable) addresses For use on private/internal networks 10.X.X.X, 192.168.X.X, 172.16.X.X-172.31.X.X Localhost (127.0.0.1) So system can communicate with self
Address Resolution Protocol (ARP) Problem: Know we need to send message to IP: 1.2.3.4 But don t know what MAC address to send to ARP Asks Who has IP address: 1.2.3.4??? Machine with IP 1.2.3.4, should respond MAC address 00:11:22:33:44:55, for 1.2.3.4 Then can craft packet with correct MAC address Also does reverse (called RARP)
ICMP Protocol to support network diagnosis Defines numerous error messages to support IP communications Destination host unreachable Packet reassembly failed Checksum incorrect Ping (or ICMP Echo Request) Receiver sends acknowledgement
Transport Layer
Transport Layer Protocols TCP UDP Introduces client and server Server always running, waits for connection Client initiates connection
User Datagram Protocol (UDP) Transport layer protocol Disadvantages Connectionless, unreliable Advantages Simple No overhead (e.g. connection setup) Common Uses DNS, NTP Streaming media
UDP Header Fields Source port (0-65355) Dest. port (0-65355) Length - # total bytes Checksum 16 bits Source: RFC 768 User Datagram Protocol, https://www.ietf.org/rfc/rfc768.txt
Transmission Control Protocol (TCP) Reliable delivery of packets Used to carry HTTP (web), SMTP (email), etc. Reliability though the development of a connection Detects and retransmits lost packets
TCP Header Key Fields Seq. number Ack. number Flags Syn Ack Fin Rst Source: RFC 793 Transmission Control Protocol. https://www.ietf.org/rfc/rfc793.txt
Connection (simplified) syn syn-ack ack ack ack Handshake Established fin ack fin ack Tear Down
Connection Reliability Sender/receiver use sequence number and acknowledgement number to keep track of all data sent and received Sequence number: represents number of bytes sent Incremented as data is sent Acknowledgement number: represents the next byte expected by receiver Incremented as data is received If sender notices acknowledgement number not incremented, knows to resend that packet
Flow/Congestion Control Flow Control Receiver sets receive window to be how much data it is willing to buffer Prevents sender from overwhelming receiver by sending too much data Congestion Control Algorithms that attempt to minimize data lost
Application Layer
Applications Examples DNS - HTTP SMTP
Domain Name System (DNS) Problem Want to go to www.google.com, but don t know the IP address Solution DNS queries Name Servers to get correct IP address
MORE DNS Terminology Name server Domain hierarchy Zone Resource record Record types NS, A, MX, CNAME
Root Server has zone of entire tree dns Generally delegates authority to other servers 13 across world (still?) Primary Server stores information about a zone Maintain zone files Secondary Server - Remove?
DNS Hierarchy net com gov edu org jp cn de google wsu www mail eecs www mail
Resolution Types Recursive initial resolver responsible for finding correct response Iterative - client chases down own DNS response by querying additional servers
How do find randomsite s IP? Local Network Internet Destination Network www.randomsite.com
DNS Resolution Example Local Network 6 1 Local Name Server 2 3 Internet Root Name Server 5 4 RandomSite Network RandomSite Name Server
Record Types A IP address AAAA IPv6 address NS Name server MX Mail server CNAME canonical name (alias/nickname)
Example