View
1
Download
0
Category
Preview:
Citation preview
1
Introduction to Networking
Pehr SödermanCSC/KTH
Pehrs@kth.se
2
General information● There will be a /lot/ of abbreviations
– Use the cheat-sheet● This is far from everything you need to know● I will try to cover the fundamentals● This will be compressed
3
What is a network?● A system to share information between nodes● This course is about computers, so we will
concentrate on computer networks● There is no magic in the computer networks● Just lots of details to get wrong...
4
Fundamental network types● Circuit based networks
– Telephone systems– Constant connection– Good guarantees for throughput and performance
● Packet based systems– Computer networks– Data is split up in packets– Good performance and scalability
● We will only speak of packet based systems today.
5
Structure of the Internet● Internet is a set of interconnected networks
running the IP protocol● There are only three relationships on Internet:
– “I pay you”, “you pay me” and “peering”● Typically you pay an ISP for an Internet
connection● If you lend your Internet connection to
somebody for free you are peering● Internet has a lose hierarchy
6
Internet standards● Internet standards are created by IETF● They are published as RFC documents● The Internet protocols are defined this way● Most of the network standards come from IEEE● They are published as IEEE 802 documents
– IEEE 802.15.4● Application standards come from many
companies today
7
Encoding and Encapsulation● Encoding is used to make the data suitable for
network transport. ● Encoding is done in layers, providing
encapsulation. For example– Radio waves (Physical layer)– IEEE 802.11b/WiFi (Data-link layer )– IP (Network layer)– TCP (Transport layer)– HTTP (Application layer)
● A protocol should not care what is around it!
8
Stacks● The ISO/OSI stack is
used to describe networks
● Each layer should fully encapsulate data from layers above
● As you live in an IP world we will often compare OSI with TCP/IP
9
Addressing● We need a way to identify computers on a
network. For this we use addresses. ● Addresses have a scope. Unicast addresses
should be unique in the scope● Different protocols use different addresses:
– IPv4: 192.71.24.10– IPv6: fe80::219:dbff:fe6b:6f71– MAC: 00-19-DB-6B-6F-71
10
Hubs/Shared lines● The most fundamental method of connecting
computers● All computers see all data on the network● All computers share a collision-domain● Many early networks were of this type● Radio networks, cable-tv networks and similar
systems are still of this model.
11
Switching● Switches are the basis of modern computer
networks. Uses only layer 2 information● Fundamental idea 1: Never replicate a packet● Fundamental idea 2: Keep a list of receivers in
each direction.● Fundamental idea 3: Store and forward● Use a protocol such as ARP to find neighbors● Limited scalability
12
Routing● Whenever data moves between networks
routing has to be done● Routing works on layer 3 in the OSI stack● Routing uses a routing protocol such as OSPF,
ISIS, RIP● Global routing uses BGPv4● We will not speak much of routing in this course
– Take IPOP, IPRO1 and IPRO2 if you want to know how the Internet works.
13
Connecting to Google● We want to search for XXX on google.com● We need to use a series of protocols:
– Ethernet– ARP– IP– UDP– DNS– TCP– HTTP
14
Fundamental setup● The computer has to look up www.google.com
and figure out how to communicate with this system
● The computer knows it has an gateway to the Internet
● The computer has IP address and MAC address.
● The computer has to know a DNS server● All of this is configured in the computer from the
start
15
How do we even talk?● We need a protocol to define how to send data
on the wire. ● This is the lowest levels in the stack (layer 1
and 2)● Layer 1 is mostly Electrical Engineering● Layer 2 is typically very simple. ● We are connected over an Ethernet network, so
we use the Ethernet protocol.
16
Physical/Data link layer: Ethernet
● Ethernet has a simple frame format
● Supports P2P and Broadcast links
● Only speaks MAC addresses
● Supports Unicast and Broadcast traffic
● Limited MTU
17
Data link layer: ARP● We need to find the MAC address to contact the
gateway. We only know the IP-address● The address resolution protocol is used to map
IP-address to MAC address● We broadcast an ARP request for the MAC
address of the interface with IP 192.168.0.1● The gateway responds with a unicast back
containing the mac address.
18
Some security issues with ARP● Anybody on the network can reply to a request
– Anybody on the network can redirect your traffic– Called ARP poisoning
● ARP storms– Can easily take down a network
19
Send a request over the Internet● Now we can send data to the internet!● We will use DNS to resolve www.google.com to
an IP address● But we can't send DNS data on its own!
– We need to use several more protocols● First we will have to use IP to get the data to the
right system on the internet.
20
Network layer: Internet Protocol● IP is used to transport
data over the Internet● It contains
– Source– Destination– Timeout– Fragmentation– Protocol Identifier– Housekeeping data
21
A common issue● IP lets us send a packet to a machine and
define a protocol. There are 255 possible protocol values
● How do we keep track of multiple sessions?● How do we offer several versions of the same
service?● How we make sure the data is correctly
decoded in all cases?
22
Ports● Ports are an endpoint in a computer, allowing
several programs using the same protocol to use the network at the same time
● Some ports are well known: 80, 23, 25 etc.● Some ports are used dynamically. ● Ports under 1024 are typically used for services● There is no port support in IP. They are at the
transport layer. ● Note that any protocol can run over any port,
even if they have a well known port assigned.
23
Transport layer: UDP● UDP is a simple protocol providing ports and a
checksum● There is no reliable transport when using UDP● You won't know if you lose a packet on the
way
24
The Domain Name Service tree● DNS is a tree
structure of servers. ● At the root of the tree
is ROOT servers● Then comes top
domains● Then domains● We resolve from the
root, recursively, asking each server.
25
DNS queries● We send an UDP packet asking our name
server for www.google.com● The nameserver replies with a set of addresses
– It does the recursion for us!– DNS is complicated, read IPOP if you want to
understand how it actually works● We choose one of them as the address for
www.google.com● Now we only have to connect!
26
Attacking DNS● DNS is a caching system● If you can poison the cash you can redirect
traffic● All you have to do is to answer a query before
the DNS servers does– Spoofing UDP is trivial
● You need to guess the port number (2^16)– Unless you can monitor the traffic
27
Transport Layer: Transport Control Protocol
● A HTTP session is too large to fit in an UDP packet
● We do not want to use fragmentation (losing a single packet would destroy everything)
● We need a reliable protocol to transport large amounts of data
● That protocol is TCP.● TCP is the most common transport protocol on
the Internet (over 90% of the traffic is TCP)
28
The TCP header● Ports are familiar● Seq/Ack number
– Used to prevent loss● Control flags
– Controls the state● Window
– Speed control● We will ignore the rest
29
Setup a TCP connection
30
Send data over TCP
31
Retransmission over TCP
32
Flow control
33
Closing down TCP
34
TCP and network load● TCP increases the speed until it loses data● Then it slows down a bit● This means that packet loss causes low TCP
performance● TCP on its own will never overload a network
– Unless you are doing insane stuff.● Unlike UDP that can easily bring a network
down
35
Security issues with TCP● SYN Flooding● Data injection● Connection stealing/Man in the Middle● Blind data injection● Security is often implemented on higher layers
– SSH, SSL/TLS, ktelnet etc.– But they have to work around TCP limitations– Some critical protocols break encapsulation and
secure TCP headers
36
Application Layer: Hyper Text Transfer Protocol
● HTTP is the most common protocol for web pages on the net.
● HTTP defines a few commands (known as verbs) that a client to request and manipulate data on a server. The most common are:– GET – Fetch data from the server– POST – Send form data to to the server– OPTIONS – Get options the server uses
● Several requests can be made in the same TCP session
37
Putting it all together● 1: ARP to get the MAC address of the GW● 2: DNS over UDP to get the IP address● 3: HTTP over TCP to get the data
38
Network layer: Internet Control Message Protocol
● ICMP is the glue that keeps Internet together● It has basic control functionality such as
– Check if a host is reachable (Ping)● Echo/Echo reply
– Tell the sender the target is unreachable ● Destination Host unreachable
– Tell the sender the packet timed out ● Time Limit Exceeded
● There are several more rarely used messages.
39
Critical tools● Ping● Traceroute● Tcpdump● Wireshark● Nmap● Dig● Whois● arping
40
Wireshark● Lets have a look at the protocols we have
covered in wireshark
41
What you should know now● The protocols involved client side when loading
a web page● Have some idea of security issues for the
protocols● Know some useful commands● Know the general structure of the Internet● Know some of the standard organizations
42
Recommended Reading● All related RFC documents (IETF)
– 791-793, 768, 826 and 1087 are a good start● Data and computer communications (Stallings)
– Good book for low level stuff● TCP/IP Protocol Suite (Behrouz)
– Good book for high level stuff● Uplink: Hacker elite (Introversion Software)
– It gives a nice view of how hackers think and work
Recommended