Internet Protocol Basics
IP is the primary protocol in the Internet Layer of the Internet Protocol Suite and has the task of delivering datagrams (packets) from the source host to the destination host solely based on their addresses. For this purpose the Internet Protocol defines addressing methods and structures for datagram encapsulation
Data from an upper layer protocol is encapsulated as packets/datagrams (the terms are basically synonymous in IP). Circuit setup is not needed before a host may send packets to another host that it has previously not
communicated with (a characteristic of packet-switched networks), thus IP is a connectionless protocol.
Application
DNS, TFTP, TLS/SSL, FTP, Gopher, HTTP, IMAP, IRC, NNTP, POP3, SIP, SMTP, SNMP, SSH, Telnet, Echo, RTP, PNRP, rlogin, ENRP
Routing protocols like BGP and RIP which run over TCP/UDP, may also be considered part of the Internet Layer.
Transport TCP, UDP, DCCP, SCTP, IL, RUDP, RSVP
Internet
IP (Ipv4, IPv6) ICMP, IGMP, and ICMPv6
.
Link ARP, RARP, OSPF (IPv4/IPv6)
TCP and UDP uses the notion of port numbers to identify sending and receiving application end-points on a host, or Internet sockets. Each side of a TCP connection has an associated 16-bit unsigned port number (0- 65535) reserved by the sending or receiving application.
TCP data packets are identified as belonging to a specific TCP application by it destination port#. The well- known ports are assigned by the Internet Assigned Numbers Authority (IANA) and are typically used by system-level or root processes. Well-known applications running as servers and passively listening for
connections typically use these ports. Some examples include: FTP (21), SSH (22), TELNET (23), SMTP (25) and HTTP (80). Registered ports identify named services that have been registered by a third party.
Dynamic/private ports can also be used by end user applications in some applications like RPC or FTP Connections are made between source (or client) IP address and port# and destination (server) IP address and port #. Source port #’2 are considered “random” above 1024. The destination (server) port # defines the application as specified within the Internet RFC process.
For example a TELNET session might look like (output from “netstat –an” command):
10.1.1.1:1273 10.2.2.2:23 Established
Transmission Control Protocol
TCP provides a communication service between an application program and the Internet Protocol (IP). The TCP packett contains the data which IP is transmitting. When IP is transmitting data on behalf of TCP, the contents of the IP packet body is TCP payload.
TCP handles retransmission of lost packets, rearranges out-of-order packets, and even helps minimize network congestion to reduce the occurrence of the other problems. Because TCP is optimized for data integrity rather than speed, it is not suitable for real-time applications such as Voice over IP or Real-time Transport Protocol (RTP) running over the User Datagram Protocol (UDP) instead.
TCP is a reliable stream delivery service that guarantees delivery of a data stream sent from one host to another without duplication or data loss or corruption using positive acknowledgment with retransmission that requires the receiver to respond with an acknowledgment message. The sender keeps a record of each packet it sends, and and a counter for acknowledgment of # bytes sent (TCP/IP “receive” window size). The sender also keeps a timer from when the packet was sent, and retransmits a packet if the timer expires. The timer is needed in case a packet gets lost or corrupt.
TCP provides connections that need to be established before sending data. TCP connections have three phases:
1. connection establishment 2. data transfer
3. connection termination There are a few key features of TCP:
Ordered data transfer - the destination host rearranges according to sequence number
Retransmission of lost packets - any cumulative stream not acknowledged will be retransmitted
Discarding duplicate packets
Error-free data transfer using checksum
Flow control – rate limits sender data to guarantee reliable delivery preventing receiving host's buffer overflow
Congestion control - sliding window
Connection establishment
There are four connection states up to establishment of a TCP/IP sessiom.
LISTEN: waiting for a connection request
SYN-SENT: waiting for the remote TCP to send back a TCP packet with the SYN and ACK flags set SYN-RECEIVED: waiting for the remote TCP to send back an acknowledgment after having sent back a connection acknowledgment
ESTABLISHED: the port is ready to receive/send data from/to the remote TCP.
To establish a connection, TCP uses a three-way handshake. Before a client attempts to connect with a server, the server must first bind to a port to open it up for connections: this is called a passive open. Once the passive open is established, a client may initiate an active open. To establish a connection, the three-way (or 3-step) handshake occurs:
1) The active open is performed by the client sending a SYN to the server.
2) In response, the server replies with a SYN-ACK.
3) Finally the client sends an ACK back to the server.
At this point, both the client and server have received an acknowledgment of the connection.
Data transfer
There are 7 states (represented by flags) that occur during data transfer:
CWR: Congestion Window Reduced (CWR)
ECE (ECN-Echo): indicates that the TCP peer is ECN capable during 3-way handshake. URG (1 bit): indicates that the URGent pointer field is significant
ACK (1 bit): indicates that the ACKnowledgment field is significant PSH (1 bit): Push function
RST (1 bit): Reset the connection
SYN (1 bit): Synchronize sequence numbers FIN (1 bit): No more data from sender
Connection Termination
The connection termination phase uses, at most, a four-way handshake, with each side of the connection terminating independently. When an endpoint wishes to stop its half of the connection, it transmits a FIN packet, which the other end acknowledges with an ACK. Therefore, a typical tear-down requires a pair of FIN and ACK segments from each TCP endpoint.
A connection can be "half-open", in which case one side has terminated its end, but the other has not. The side that has terminated can no longer send any data into or receive any data from the connection, but the other side can (but generally if it tries, this should result in no acknowledgment and therefore a timeout, or else result in a positive RST, and either way thereby the destruction of the half-open socket).
It is possible to terminate the connection by a 3-way handshake (similar to connection establishment), when host A sends a FIN and host B replies with a FIN & ACK (merely combines 2 steps into one) and host A replies with an ACK This is the most common method of session termintation.
It is possible for both hosts to send FINs simultaneously then both just have to ACK. This could possibly be considered a 2-way handshake since the FIN/ACK sequence is done in parallel for both directions.
Some UNIX host TCP stacks implement a "half-duplex" close sequence. A host actively closes a connection but still has not read all the incoming data the stack already received from the link, this host will send a RST instead of a FIN. This allows a TCP application to be sure that the remote application has read all the data the former sent - waiting the FIN from the remote side when it will actively close the connection. Unfortunately, the remote TCP stack cannot distinguish between a Connection Aborting RST and this Data Loss RST - both will cause the remote stack to throw away all the data it received, but the application still didn't read.
There are seven states during session termination:
FIN-WAIT-1: FIN/ACK#1
FIN-WAIT-2: FIN/ACK#2 …. Or FIN-WAIT in case of 3-way session termnation CLOSE-WAIT: Waiting for session CLOSE
CLOSING: Closing session, waiting response LAST-ACK: of session
TIME-WAIT:represents waiting for enough time to pass to be sure the remote TCP received the acknowledgment of its connection termination request.
CLOSED: Session closed, terminating
User Datagram Protocol
User Datagram Protocol (UDP) Internet Protocol Suite sends messages, sometimes known as datagrams, to other hosts on an Internet Protocol (IP) network without requiring communications set up on special
transmission channels or data paths.
UDP uses a simple transmission model without hand-shaking session establishment, packet reliability, packet ordering, or data integrity. UDP provides an unreliable service; datagrams may arrive out of order, appear duplicated, or go missing without notice.
UDP assumes that error checking and correction is either not necessary or performed in the application, avoiding the overhead of such processing at the network interface level.
UDP is compatible with packet broadcast (sending to all on local network) and multicasting (send to all subscribers). A few key network applications use UDP, including: DNS, SNMP, DHCP/BOOTP and RIP UDP applications use Datagram Sockets to establish host-to-host communications. Sockets bind the application to service ports that act as the endpoints of data transmission (see IP section).
Time-sensitive applications use UDP because dropping packets is preferable to using delayed packets. Some applications such as TFTP may add rudimentary data integrity using UDP checksum. Most UDP applications do not require reliability mechanisms - streaming media, real-time multiplayer games and voice over IP (VoIP).
Since UDP senders cannot detect congestion, network-based elements such as routers using packet queuing and dropping techniques will often be the only tool available to slow down excessive UDP traffic. This may
conflict with reliable delivery techniques like TCP. QOS is used to workaround these limitations.
IP Overhead functions
Port Scanning, PING, TRACEROUTE, TCP/UDP ECHO,
PORTSCAN
Port scanning is a technique for probing what ports are open on a particular IP address. There are a lot ofutilities that do it but the simplest approach is to open a TCP session for a series of ports Here is a simple portscan program:
Exercise147:
#!/usr/bin/perl -w use strict;
use IO::Socket;
my ($target,$remote,$results,$port,@ports);
unless (@ARGV > 0) { die "usage: $0 [ip]" }
$target = shift(@ARGV);
for ($port = 0; $port<65536; $port++){
$remote = IO::Socket::INET->new(
Proto => "tcp", PeerAddr => $target, PeerPort => $port, );
if ($remote) {print "$port is open\n" }; }
PING
is a utility that tests reachability of a IP address. On some UNIX systems this command requires ROOT authority due to the –f (flood) flag.
A simple PING Program:
Exercise148:
#!/usr/bin/perl -w use Net::Ping;
use Time::HiRes qw( gettimeofday tv_interval );
$bytes = 1024;
$timeout = 30;
$pingtype = "icmp";
$ping = Net::Ping->new($pingtype , $timeout , $bytes);
while (true) {
if ($ping->ping($ARGV[0],5)) { $t0 = [gettimeofday];
$elapsed = 1000 * tv_interval( $t0, [gettimeofday]);
print "Pinging $ARGV[0] with $bytes bytes of data rtt=$elapsed mSecs\n"
} else {
print "Host Could Not be Reached\n" } }
TRACEROUTE:
Uses UDP ports 33434 33523 to trace gatways thru a path to a host. Is not currently implemented as a separate Socket method under Perl and so must be called directly from the OS using a system() call..
Echo
The echo service (port 7) is used to determine if a server is up and functioning (IP address only, not on specific ports). When dealing with the echo service, you only need to make the connection in order to determine that the server is up and running. As soon as the connection is made, you can close the socket.
You might not immediately realize what return statement in the middle of the echo() function does:
return(print("echo: $host could not be found, sorry.\n"), 0) if ! defined($serverAddr);
The statement uses the comma operator to execute two statement where normally you would see one. The last statement to be evaluated is the value for the series of statements. In this case, a zero value is returned.
The return statement could also be done written like this:
if (! defined($serverAddr) {
print("echo: $host could not be found, sorry.\n") return(0); }
Exercise149: Echo Program:
use Socket;
use strict;
sub echo {
my($host) = shift;
my($timeout) = shift || 5;
my($proto) = getprotobyname("tcp") || 6;
my($port) = getservbyname("echo", "tcp") || 7;
my($serverAddr) = (gethostbyname($host))[4];
# See above comment
return(print("echo: $host could not be found, sorry.\n"), 0) if ! defined($serverAddr);
$status = 1; # assume the connection will work.
socket(ECHO, AF_INET(), SOCK_STREAM(), $proto) or die("socket: $!");
$packFormat = 'S n a4 x8'; # Windows 95, SunOs 4.1+
#$packFormat = 'S n c4 x8'; # SunOs 5.4+ (Solaris 2)
connect(ECHO, pack($packFormat, AF_INET(), $port, $serverAddr)) or $status = 0;
close(ECHO);
return($status); }
print "www.oakton.edu \n" if &echo('www.oakton.edu”');
IP Sockets
Internet Protocol conversations are done with sockets. Sockets are the low-level links that enable Internet conversations. A table of Perl socket functions can be found here. You only have to learn about a small subset of the socket functionality in order to use the high-level protocols in a Perl program. Programs that use sockets inherently use the client-server paradigm. One program creates a socket (the server) and another connects to it (the client).
All TCP/IP protocols all have the same basic pattern:
Start a Conversation - Your computer (the client) starts a conversation with another computer (the server).
Hold a Conversation - During the conversation, commands are sent and acknowledged.
End a Conversation - The conversation is terminated.
Server Side
Perl socket server programs use the following calls:
- socket() to create a socket;
- bind() to give the socket an address so that it can be found;
- listen() to see if anyone wants to talk;
- accept() to start the conversation.
- send() and recv(), read() and write(), or print() and <>are used to hold the conversation.
- And finally, the socket is closed with the close() funtion.
-
The socket() call will look something like this::
$tcpProtocolNumber = getprotobyname('tcp') || 6;
socket(SOCKET, PF_INET(), SOCK_STREAM(), $tcpProtocolNumber) or die("socket: $!");
The first line gets the TCP protocol number using the getprotobyname() function.
Tthe socket is created with socket(). The socket name is SOCKET and is used just like a file handle.
When creating your own sockets, the first parameter is the only thing that you should change. The rest of the function call will always use the same last three parameters shown above.
Socket names exist in their own namespace called protocol families because the namespace controls how a socket connects to the world outside your process.There are several pre-defined namespaces - for example, PF_INET namespace used in the socket() function call above is used for the Internet.
Once the socket is created, it is bound it to an IP address with the bind() function like this:
$port = 5000;
$internetPackedAddress = pack('Sna4x8', AF_INET(), $port, "\0\0\0\0");
bind(SOCKET, $internetPackedAddress) or die("bind: $!");
The server's name in conjunction with a port number makes up a socket's address: www.water.com:20001.
Symbolic names have a IP address equivalent number: 145.56.23.1. Port numbers determine which socket at www.water.com you'd like to connect to. All port numbers below 1024 (or the symbolic constant,
IPPORT_RESERVED) are reserved for special sockets.
The second line creates a full Internet socket address using the pack() function. As long as you know the port number and the server's address, you can plug those values into the example.. The important part of the example is the "\0\0\0\0" string. This string holds the four numbers that make up the dotted decimal Internet address. If you already know the dotted decimal address, convert each number to octal and replace the appropriate \0 in the string.
As an alternative to the second line abnove is to use symbolic name of the server instead of the dotted decimal address as follows:
$internetPackedAddress = pack('S n A4 x8', AF_INET(), $port, gethostbyname('www.remotehost.com'));
After the socket has been created and an address has been bound to it, create a queue for the socket with the listen() function like this: listen(SOCKET, 5) or die("listen: $!");
listen() creates a queue that can handle 5 remote attempts to connect. The sixth attempt will fail with an appropriate error code.
Now that the socket exists, has an address, and has a queue, your program is ready to begin a conversation using the accept() function. The accept() function makes a copy of the socket and starts a conversation with the new socket. The original socket is still available and able to accept connections. You can use the fork() function, in UNIX, to create child processes to handle multiple conversations. The normal accept() function call looks like this: $addr = accept(NEWSOCKET, SOCKET) or die("accept: $!");
Now the conversation has been started, use print() and <>, send() and recv(), or read() and write() to hold the conversation until a condition arises to call the close() function: close(SOCKET).
Client Side Client programs use:
- socket() to create a socket
- connect() to initiate a connection to a server's socket
- input/output functions print(), <>, send(), recv(), read(), or write() to hold the conversation - close() function closes the socket.
-
The socket() call for the client program is the same as that used in the server:
$tcpProtocolNumber = getprotobyname('tcp') || 6; # Default if no socket as win WIN 95 socket(SOCKET, PF_INET(), SOCK_STREAM(), $tcpProtocolNumber) or die("socket: $!");
After the socket is created, connect() is called:
$port = 5000;
$internetPackedAddress = pack('Sna4x8', AF_INET(), $port, "\0\0\0\0");
connect(SOCKET, $internetPackedAddress) or die("connect: $!");
The SOCKET parameter has no relation to the name used on the server machine. SOCKET is used on both sides for convenience of reference. connect() is a blocking function; meaning it will wait until the connection is completed. An alternative is to use the select() function to set non-blocking mode; it’s complicated and requires research into UNIX documentation
After the connection is made, you use the normal input/output functions: print() and <>, or read() and write() or send() and recv() functions to talk with the server until a condition arises to call the close() function:
close(SOCKET).
Exercise150 - A client / server example:
Server.pl
#!/usr/bin/perl -w
# server.pl use strict;
use Socket; # The basic IP Interface Method
# $port is assigned the first command-line argument or port 7890 as the default.
my $port = shift || 7890;
my $proto = getprotobyname('tcp');
# The socket function "openss" the port # like a file handle
# It is read from, written to or both.
# setsockopt ensures that the port will be immediately reusable (i.e. R/W).
socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, 1) or die "setsock: $!";
# sockaddr_in obtains a port on the server.
# INADDR_ANY chooses one of the server's virtual IP addresses.
# or replace INADDR_ANY with inet_aton("192.168.1.1") or gethostbyname ('localhost') my $paddr = sockaddr_in($port, INADDR_ANY);
# bind function binds the socket to the port, the equivalent to "tie" for files.
bind(SERVER, $paddr) or die "bind: $!";
# listen causes the server to listen for connection requests at the port#.
# The value SOMAXCONN is the maximum queue length for the machine being used.
listen(SERVER, SOMAXCONN) or die "listen: $!";
my $client_addr;
# The server accepts client connections using the accept function.
# When the client is accepted, a new socket is created named CLIENT which can be used as a file handle.
# Reading from the socket reads the client's output# and printing to the socket sends data to the client.
# The return value of the accept function is the IP address of the client in a packed format.
while ($client_addr = accept(CLIENT, SERVER)) {
my ($client_port, $client_ip) = sockaddr_in($client_addr);
# The function sockaddr_in takes the packed format and returns the client's port number and the client's numeric Internet address in a packed format.
# The packed numeric Internet address can be converted to a text string representing the numeric IP using inet_ntoa (numeric to ASCII).
# To convert the packed numeric address to a host name, the function gethostbyaddr is used.
my $client_ipnum = inet_ntoa($client_ip);
my $client_host = gethostbyaddr($client_ip, AF_INET);
print "got a connection from: $client_host","[$client_ipnum] ";
print CLIENT "Smile from the server";
close CLIENT; }
Client.pl
#!/usr/bin/perl -w
# client1.pl use strict;
use Socket;
#Takes the command-line arguments of host name and port number
# or if no arguments are passed initializes variables with the default values localhost and 7890.
my $host = shift || 'localhost';
my $port = shift || 7890;
my $proto = getprotobyname('tcp');
# The host name and the port number are used to generate the port address
# using inet_aton (ASCII to numeric) and sockaddr_in.
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($port, $iaddr);
# A socket is created using socket and the client connects the socket to the port address using connect.
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(SOCKET, $paddr) or die "connect: $!";
my $line;
# The while loop then reads the data the server sends to the client until the end-of-file is reached
# printing this input to STDOUT. Then the socket is closed.
while ($line = <SOCKET> ) { print $line; } close SOCKET or die "close: $!";
Note you can get the same results on the client side by using the old network engineer trick for connecting to a random TCP port/socket: telnet <IP address> <port#>
An alternative to both programs is to use a general network utility like “netcat”.
