Network Security TCP/IP Refresher What you (at least) need to know about networking! Dr. David Barrera Network Security HS 2014
Outline Network Reference Models Local Area Networks Internet Protocol (IP) Internet-level Routing IP Packet Structure Transmission Control Protocol (TCP) Hypertext Transfer Protocol (HTTP) ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 2
TCP/IP and OSI Reference Models ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 3
Layered view of internetworking example Source: Peterson/Davie:^, Computer Networks ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 4
Local Area Networks ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 5
Local Area Networks Devices need to know each other s layer 2/hardware address (MAC address) 6 groups of 2 hex digits: 08:00:27:0E:25:B8 Hosts use Address Resolution Protocol to find the hardware address of a host on the same LAN given an IP address. ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 6
The Address Resolution Protocol (ARP) If MAC address is not known: Send broadcast ARP request who has IP address x? Owner of IP address x answers with (directed) ARP reply Requestor stores (IP address/mac address) pair in its ARP cache Cache lifetime: a few/a few 10 seconds (avoiding frequent ARP requests for the same IP address Note: The ARP protocol is only executed between neighboring nodes (e.g. host and next router, host and host) ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 7
Local Area Networks ARP Who has 10.0.0.2? S D 10.0.0.1 10.0.0.2 ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 8
Local Area Networks It s me! It s me! (and this is my MAC addr) S D ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 9
Switch vs. Router Network Security HS 2014
Similarities and differences Switches and routers are network elements, allowing for the extension of physical networks. Switches: Extend Local Area Networks (Ethernet) Operate at layer 2 Forward frames, separates collision domains Routers: Interconnect networks Operate at layer 3 Forward IP packets Home routers are actually a combination of router, switch, wireless access point, NAT device, firewall, DHCP server ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 11
Routers interconnect LANs/extended LANs Routers interconnect (sub)networks of the Internet Layer 3 only (IP) ARP requests and other MAC broadcasts don t go across routers! ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 12
Interconnection of Heterogeneous Networks Host Host Host Host R Host Host Wireless LAN R R Router Host Host R Host network@home Internet = network of networks, interconnected by routers Ethernet ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 13
Internet Protocol (IP) Network Security HS 2014
Internet Protocol IP devices must be addressable via an IP address The IP must be unique on the Internet Public address space (assigned by regional registrars) Private address space (RFC 1918) - 10.0.0.0-10.255.255.255-172.16.0.0-172.31.255.255-192.168.0.0-192.168.255.255 Reserved address space (special purpose) - 224.0.0.0-239.255.255.255 (multicast) - 240.0.0.0-255.255.255.254 (reserved) ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 16
IP Addresses IPv4: a.b.c.d E.g, 10.1.2.3, 208.67.222.222 4 octets (4x8 = 32 bits) Each octet can go from 0-2 8-1 or 0 255 IPv6: a:b:c:d:e:f:g:h 2db8:0001:0000:0000:0000:0000:c001:beef 2db8:1::c001:beef 8 hextets (8x16 bits = 128 bits) Each hextet can go from 0-2 16-1 or 0-65535 ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 17
ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 18
ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 19
ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 20
IP Addresses Network Address Translation Public IP addresses can be shared among hosts on internal networks. NAT devices keep track of translations that take place to forward the packet to the right destination ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 21
Routing Network Security HS 2014
Routing Devices need a way to find out where in the world a specific IP address is located Routers are connected to other routers through multiple interfaces Routers keep routing tables that list the next hop for a list of destinations. If the destination is not on the list, a default hop might be used Routers communicate with each other, informing neighbors which destinations are reachable through them ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 23
Internet-level routing ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 24
Internet-level routing Backbone routers currently store around 500k entries ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 25
Packet Structure Network Security HS 2014
ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 27
ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 29
Format of an IPv4 packet Version Header length Type of service 32 Bit Total length Identification Flags Fragment offset Time to live Protocol Header checksum Source IP address Destination IP address IP options (if any) Padding to 32 bits Payload ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 30
Format of an IPv4 packet Version Header length Type of service 32 Bit Total length Identification Flags Fragment offset Time to live Protocol Header checksum Source IP address Destination IP address IP options (if any) Padding to 32 bits Payload ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 32
Format of an IPv4 packet Version Header length Type of service 32 Bit Total length Identification Flags Fragment offset Time to live Protocol Header checksum Source IP address Destination IP address IP options (if any) Padding to 32 bits Payload ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 33
Format of an IPv4 packet Version Header length Type of service 32 Bit Total length Identification Flags Fragment offset Time to live Protocol Header checksum Source IP address Destination IP address IP options (if any) Padding to 32 bits ICMP UDP Payload TCP ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 34
Format of an IPv6 packet ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 36
Transmission Control Protocol (TCP) Network Security HS 2014
Transmission Control Protocol (TCP) Connection-oriented Error detection and correction (reliable) Full-duplex connection Provides a byte pipe Unstructured byte stream Sliding window protocol Sequence numbers are byte numbers Sender window is variable, determined by the minimum of Request of the receiver (receiver window size) Estimation of the network load (congestion window size, slow start algorithm) ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 47
Format of a TCP Segment 0 4 10 16 31 SrcPort DstPort SequenceNum Acknowledgment HdrLen 0 Flags Checksum AdvertisedWindow UrgPtr Options (variable) Data ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 48
Conn. setup with 3-way handshake Initial sequence numbers are randomly chosen, within bounds Active participant (client) Passive participant (server) SYN, SequenceNum = x SYN + ACK, SequenceNum = y, Acknowledgement = x + 1 Last Ack may contain data ACK, Acknowledgement = y + 1 ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 49
Hypertext Transfer Protocol (HTTP) Network Security HS 2014
Basic properties HTTP: Text-based protocol used between web client and web server processes Client issues requests, server sends responses First line of request contains method, object, version: GET /path/to/file/index.html HTTP/1.0 First line of response contains version, code, reason: HTTP/1.1 200 OK Subsequent lines contain parameters or content HTTP is stateless: Req/Res interaction are independent from each other à how do we maintain session state (e.g. the fact that a user is logged in)? ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 51
Methods Method GET HEAD POST PUT DELETE TRACE CONNECT OPTIONS Description Retrieve document identified by URL Same as above, but only return metainformation about the document Send information to server (e.g. form data) Store a resource under a specified URL (if access rights allow) Delete a resource identified by a URL (if access rights allow) Instructs server to mirror back the client request Used to tunnel through a proxy server Determine options and facilities a resource supports, e.g. a server ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 52
Codes Code Type Description 1xx Informational Request received, processing 2xx Success Action successfully received and accepted 3xx Redirection Further action needed to complete request 4xx Client Error Bad request by client 5xx Server Error Server failed to execute apparently valid request ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 53
For probing further Computer Networks: A Systems Approach Larry L. Peterson and Bruce S. Davie, 4th edition, 2008, Morgan Kaufmann, ISBN: 0-12370-548-7 (hard cover); 0-12374-013-4 (soft cover) Internetworking with TCP/IP, Vol. 1: Principles, Protocols, and Architecture, Douglas E. Comer, Prentice Hall International (5th ed., 2005), ISBN: 0-13187-671-6 TCP/IP Tutorial and Technical Overview, IBM Redbooks, Dec. 2006, available on-line: http:// www.redbooks.ibm.com/redbooks/pdfs/gg243376.pdf ETH Zurich, Bernhard Plattner Network Security HS 2014 NSHS08H8353226 54