Network Security TCP/IP Refresher

(1)

Network Security – TCP/IP Refresher

(2)

NSHS08H8353226

ETH Zurich, Bernhard Plattner Network Security HS 2014 2

Outline

§

Network Reference Models

§

Local Area Networks

§

Internet Protocol (IP)

§

Internet-level Routing

§

IP Packet Structure

§

Transmission Control Protocol (TCP)

(3)

(4)

NSHS08H8353226

Layered view of internetworking example

(5)

(6)

NSHS08H8353226

Local Area Networks

§

Devices need to know each other’s layer 2/hardware address (MAC address)

§  6 groups of 2 hex digits: 08:00:27:0E:25:B8

(7)

The Address Resolution Protocol (ARP)

§

If MAC address is not known: Send broadcast ARP request „who has IP address x?“

§

Owner of IP address x answers with (directed) ARP

reply

§

Requestor stores (IP address/MAC address) pair in its ARP cache

§

Cache lifetime: a few/a few 10 seconds (avoiding

frequent ARP requests for the same IP address

(8)

NSHS08H8353226

Local Area Networks

ARP

S D

10.0.0.1 10.0.0.2

(9)

Local Area Networks

It’s me! It’s me!

(and this is my MAC addr)

(10)

Network Security HS 2014

(11)

Similarities and differences

§

Switches and routers are network elements, allowing for the extension of physical networks.

§

Switches:

§  Extend Local Area Networks (Ethernet)

§  Operate at layer 2

§  Forward frames, separates collision domains

§

Routers:

§  Interconnect networks

§  Operate at layer 3

§  Forward IP packets

§

Home „routers“ are actually a combination of router,

(12)

NSHS08H8353226

Routers interconnect LANs/extended LANs

§

Routers interconnect (sub)networks of the Internet

§

Layer 3 only (IP)

(13)

(14)

Network Security HS 2014

(15)

Internet Protocol

§

IP devices must be addressable via an IP address

§

The IP must be unique on the Internet

§  Public address space (assigned by regional registrars)

§  Private address space (RFC 1918)

-  10.0.0.0-10.255.255.255 -  172.16.0.0-172.31.255.255 -  192.168.0.0-192.168.255.255

§  Reserved address space (special purpose)

(16)

NSHS08H8353226

IP Addresses

§

IPv4: a.b.c.d

§  E.g, 10.1.2.3, 208.67.222.222

§  4 “octets” (4x8 = 32 bits)

§  Each octet can go from 0-28-1 or 0 – 255

§

IPv6: a:b:c:d:e:f:g:h

§  2db8:0001:0000:0000:0000:0000:c001:beef

§  2db8:1::c001:beef

§  8 “hextets” (8x16 bits = 128 bits)

(17)

(18)

NSHS08H8353226

(19)

(20)

NSHS08H8353226

IP Addresses – Network Address Translation

§

Public IP addresses can be shared among hosts on internal networks.

§

NAT devices keep track of translations that take

(21)

(22)

NSHS08H8353226

Routing

§

Devices need a way to find out where in the world a specific IP address is located

§

Routers are connected to other routers through

multiple interfaces

§

Routers keep “routing tables” that list the “next hop” for a list of destinations. If the destination is not on the list, a default hop might be used

§

Routers communicate with each other, informing

(23)

(24)

NSHS08H8353226

Internet-level routing

(25)

(26)

NSHS08H8353226

(27)

(28)

NSHS08H8353226

Format of an IPv4 packet

Version Header _length Type of service Total length

Identification Flags Fragment offset Time to live Protocol Header checksum

Source IP address Destination IP address

IP options (if any) Padding to 32 bits

(29)

Format of an IPv4 packet

(30)

NSHS08H8353226

Format of an IPv4 packet

(31)

Format of an IPv4 packet

Payload 32 Bit

TCP UDP

(32)

NSHS08H8353226

(33)

(34)

NSHS08H8353226

Transmission Control Protocol (TCP)

§

Connection-oriented

§

Error detection and correction (reliable)

§

Full-duplex connection

§

Provides a “byte pipe” §  Unstructured byte stream

§

Sliding window protocol

§

Sequence numbers are byte numbers

§

Sender window is variable, determined by the minimum of

§  Request of the receiver (receiver window size)

§  Estimation of the network load (congestion window size,

(35)

(36)

NSHS08H8353226

Conn. setup with 3-way handshake

§

Initial sequence numbers are randomly chosen, within bounds

Last Ack may contain data

(37)

(38)

NSHS08H8353226

Basic properties

§

HTTP: Text-based protocol used between web client and web server processes

§

Client issues requests, server sends responses

§

First line of request contains method, object, version:

GET /path/to/file/index.html HTTP/1.0

§

First line of response contains version, code, reason:

HTTP/1.1 200 OK

§

Subsequent lines contain parameters or content

§

HTTP is stateless: Req/Res interaction are

(39)

Methods

Method Description

GET Retrieve document identified by URL

HEAD Same as above, but only return metainformation about the document

POST Send information to server (e.g. form data)

PUT Store a resource under a specified URL (if access rights allow)

DELETE Delete a resource identified by a URL (if access rights allow) TRACE Instructs server to mirror back the client request

CONNECT Used to tunnel through a proxy server

(40)

NSHS08H8353226

Codes

Code Type Description

1xx Informational Request received, processing

2xx Success Action successfully received and accepted 3xx Redirection Further action needed to complete request 4xx Client Error Bad request by client

(41)

For probing further

§

Computer Networks: A Systems Approach

Larry L. Peterson and Bruce S. Davie, 4th edition, 2008, Morgan Kaufmann, ISBN: 0-12370-548-7 (hard cover); 0-12374-013-4 (soft cover)

§

Internetworking with TCP/IP, Vol. 1: Principles,

Protocols, and Architecture, Douglas E. Comer,

Prentice Hall International (5th ed., 2005), ISBN: 0-13187-671-6

§

TCP/IP Tutorial and Technical Overview, IBM