Documentos de Académico
Documentos de Profesional
Documentos de Cultura
Internetworking
Path
Server
Host
Client
Host
Trunk Link
Access
Link
Mobile Client
Host
Server
Host
Frame Organization
Frame
Trailer
Data Field
Header
Other
Destination
Header
Address
Field
Message Structure
Field
Switching Decision
Switch
1 2 3 4 5 6
Station
A
Station
B
Station
C
Switch receives
A frame, sends
It back out
Based on
Destination
Address
Station
D
Switched
Network 1
Switched Network 3
Router
Switched
Network 2
An Internet
Multiple Networks
Connected by Routers
Path of a Packet is its Route
Single Network
Routers
Packet
Single Network
Route
The global
Internet has
thousands of
networks
The Internet
Browser
Webserver
Software
Network
Packet
Router
Packet
Route
Router
Router
Packet
Packet
Switch
Client PC
Packet
Server
Frame 3
Carrying Packet
in Network 3
Switch
Router
A
Frame 2
Carrying Packet
in Network 2
Router B
Shipper
Same
Shipment
Truck
Airport
Receiver
Airport
Truck
Airplane
Origins
TCP/IP
Application
OSI
Application
Hybrid TCP/IP-OSI
Application
Presentation
Session
Transport
Transport
Transport
Internet
Network
Internet
Data Link
Data Link
Physical
Physical
11
OSI Layers
Frame
Switched
Network 1
Data Link
12
Internet Layer
Switched
Network 1
Route
Switched Network 3
Router
Switched
Network 2
13
Transport Layer
End-to-End (Host-to-Host)
TCP is Connection-Oriented, Reliable
UDP is Connectionless Unreliable
Client PC
Internet Layer
(Usually IP)
Hop-by-Hop (Host-Router or Router-Router)
Connectionless, Unreliable
Router 1
Router 2
Server
Router 3
15
Purposes
16
17
Webserver
60.168.47.47
19
Application Layer
OSI
Application
Hybrid TCP/IP-OSI
Application
Presentation
Session
Transport
Transport
Transport
Internet
Network
Internet
Data Link
Data Link
Physical
Physical
21
0100
Header
Version
Length
(4 bits)
(4 bits)
IP Version 4 Packet
Diff-Serv
(8 bits)
Bit 31
Total Length
(16 bits)
22
Version
Protocol Field
IP Data Field
TCP Segment
IP Header
Protocol=1
IP Header
Protocol=6
IP Data Field
UDP Datagram
IP Header
Protocol=17
24
Address Fields
Encapsulation of HTTP
message in data field of
a TCP segment
Application
Process
HTTP
Message
Transport
Process
HTTP
Message
TCP
Hdr
Internet
Process
HTTP
Message
TCP
Hdr
Encapsulation of TCP
segment in data field
of an IP packet
IP
Hdr
26
Internet
Process
Data Link
Process
Physical
Process
DL
Trlr
HTTP
Message
TCP
Hdr
IP
Hdr
HTTP
Message
TCP
Hdr
IP
Hdr
Encapsulation
of IP packet in
data field of
a frame
DL
Hdr
27
Note: The following is the final frame for supervisory TCP segments:
DL
Trlr
TCP
Hdr
IP
Hdr
DL
Hdr
28
Decapsulation of HTTP
message from data field of
a TCP segment
Application
Process
HTTP
Message
Transport
Process
HTTP
Message
TCP
Hdr
Internet
Process
HTTP
Message
TCP
Hdr
Decapsulation of TCP
segment from data field
of an IP packet
IP
Hdr
29
Internet
Process
Data Link
Process
Physical
Process
DL
Hdr
HTTP
Message
TCP
Hdr
IP
Hdr
HTTP
Message
TCP
Hdr
IP
Hdr
Decapsulation of IP
packet from data
field of a frame
DL
Hdr
30
Frame
Switch X2
Port 2
DL
Port 3
DL
Port 4
DL
PHY
PHY
PHY
PHY
Router R1
Notes:
A.
Router R1 receives frame from Switch X2
in Port 1.
Port 1 DL process decapsulates packet.
Port 1 DL process passes packet to
internet process.
31
B.
Port 2
DL
Port 3
DL
Port 4
DL
PHY
PHY
PHY
PHY
Packet
Encapsulation
Frame
Router 2
32
1.
Frame for This
Data Link
ISP
Packet
Packet
Packet
3.
Packet Carried
in Site Frame
Internet
Backbone
4.
Data Link
Between
Site and ISP
(Difficult to Attack)
ISP
Router
2.
Packet Carried
in ISP
Carrier Frame
33
Basic Characteristics
34
IP is connectionless
35
IP Packet
PC
Internet Process
IP Packet
First Router
Internet Process
Connectionless
Packets Sent in Isolation
Like Postal Letters
Unreliable
No Error Correction
Discarded by Receiver if Error is Detected
Leaves Error Correction to Transport Layer
Reduces the Cost of Routers
36
37
Hierarchical IP Addresses
38
128.171.17.13
The Internet UH Network
(128.171)
CBA Subnet
(17)
Host 13
128.171.17.13
39
Hierarchical IP Addresses
Hierarchical IP Addresses
41
Subnet Masking
Mask Represents
255
255
Masking gives
42
Network Masking
Subnet Masking
IP Address
128.171.17.13
128.171.17.13
Mask
255.255.0. 0
255.255.255.0
Result
128.171.0. 0
128.171.17.0
Meaning
Example 2
IP Address
60.47.123.7
60.47.123.7
Mask
255.0.0.0
255.255.0.0
Result
60.0.0.0
60.47.0.0
Meaning
43
1. Trust Relationship
3. Server Accepts Attack Packet
Trusted Server
60.168.4.6
Victim Server
60.168.47.47
2.
Attack Packet
Spoofed Source IP Address
60.168.4.6
Attackers Client PC
Attackers Identity is
1.34.150.37
Not Revealed
44
45
46
Attacker
1.34.150.37
From: 60.168.47.47:23
To: 60.168.47.47:23
Victim
60.168.47.47
Port 23 Open
Crashes
47
48
Time-to-Live field
49
Time-to-Live field
51
Length Field
53
Attacker
1.34.150.37
IP Packet Containing
ICMP Echo Message
That is Illegally Long
Victim
60.168.47.47
Crashes
54
Fragmentation
Routers may fragment IP packets (really,
packet data fields) en route
All fragments have same Identification field
value
Fragment offset values allows fragments
to be ordered
More fragments is 0 in the last fragment
55
Fragmentation
56
Attacker
1.34.150.37
4. TCP Data IP
Field
Header
No
TCP Header
2. First
Fragment
TCP Data
Field
IP
Header
3. TCP Header
Only in First
Fragment
5. Firewall
60.168.47.47
Can Only
Filter TCP
Header in First
Fragment
57
Fragmentation
58
Overlap
Attacker
1.34.150.37
Attack Pretends to be Fragmented
IP Packet When Reassembled,
Packet does not Make Sense.
Gaps and Overlaps
Victim
60.168.47.47
Crashes
59
Bit 31
IP Header (Usually 20 Bytes)
Source Port Number (16 bits)
Reserved
(6 bits)
Flag Fields
(6 bits)
Window Size
(16 bits)
Urgent Pointer (16 bits)
60
Header
Length
(4 bits)
Reserved
(6 bits)
Flag Fields
(6 bits)
Window Size
(16 bits)
61
Reliable
PC
Transport Process
TCP Segment
Webserver
Transport Process
62
63
1. SYN (Open)
Webserver
Transport Process
3-Way Open
64
1. SYN (Open)
Webserver
Transport Process
65
Webserver
Transport Process
66
Close
(4)
Webserver
Transport Process
Note: An ACK may be combined with the next message if the next message
is sent quickly enough
67
Close
(1)
Abrupt Close
Webserver
Transport Process
RST
68
1. Probe
60.168.47.47
2. No Connection:
Makes No Sense!
SYN/ACK Segment
Attacker
1.34.150.37
5.
60.168.47.47
is Live!
3. Go Away!
Victim
60.168.47.47
Crashes
69
70
Port Number
71
Port Number
72
Port Number
128.171.17.13:80
Webserver
60.171.17.13
Port 80
From: 60.171.18.22:50047
To: 60.171.17.13:80
SMTP Server
123.30.17.120
Port 25
74
Webserver
60.171.17.13
Port 80
From: 60.171.18.22:50047
To: 60.171.17.13:80
From: 60.171.17.13:80
To: 60.171.18.22:50047
SMTP Server
123.30.17.120
Port 25
75
Webserver
60.171.17.13
Port 80
From: 60.171.18.22:60003
To: 123.30.17.120:25
SMTP Server
123.30.17.120
Port 25
76
Webserver
60.171.17.13
Port 80
From: 60.171.18.22:50047
To: 60.171.17.13:80
77
Bit 0
Bit 31
IP Header (Usually 20 Bytes)
Source Port Number (16 bits)
78
79
ICMP and IP
Router
Host Unreachable
Error Message
ICMP Message
Echo
Reply
IP Header
Echo
81
Bit 31
IP Header (Usually 20 Bytes)
Type (8 bits)
Code (8 bits)
82
85
Control Codes
Control Codes
Topics Covered
Network Elements
Applications
Messages (frames)
88
Topics Covered
Topics Covered
Internets
90
Topics Covered
TCP/IP Standards
OSI Standards
Topics Covered
TCP/IP
Application
OSI
Application
Hybrid TCP/IP-OSI
Application
Presentation
Session
Transport
Transport
Transport
Internet
Network
Internet
Data Link
Data Link
Physical
Physical
92
Topics Covered
Internetworking Layers
Internet layer
Internet Protocol (IP)
Governs packet organization
Governs hop-by-hop router forwarding
(routing)
Transport layer
Governs end-to-end connection between the
two hosts
TCP adds reliability, flow control, etc.
UDP is simpler, offers no reliability, etc.
93
Topics Covered
94
Topics Covered
IP Packet
Version 4
Header checksum
Data field
95
Topics Covered
IP Packet
Version 4
Data field
Version 6
128-bit addresses to allow more addresses
96
Topics Covered
Topics Covered
98
Topics Covered
99
Topics Covered
IP
Hierarchical IP addresses
Network part
Subnet part
Host part
Part lengths vary
100
Topics Covered
IP
Masks
Topics Covered
IP address spoofing
LAND attack
102
Topics Covered
TCP Messages
103
Topics Covered
TCP Messages
104
Topics Covered
Port Numbers
Topics Covered
ICMP
106
Topics Covered
ICMP