Upload
rakhi-saxena
View
122
Download
1
Embed Size (px)
DESCRIPTION
Citation preview
1
TCP/IPTransmission Control Protocol / Internet Protocol
Rakhi SaxenaAssistant Professor,
Deshbandhu College,
Delhi University
2
What is TCP/IP? TCP/IP: Transmission Control Protocol/
Internet Protocol TCP/IP is the name of a protocol suite. Applications interface with TCP layer to
communicate with other peer applications
3
History of TCP/IP TCP/IP is the brain child of ARPAnet which
was developed by the USA DoD (Department of Defense) supported project (Advanced Research Project Agency).
TCP/IP was first defined in 1974, meant to be used for geographically distant communication.
It has evolved with many improvements since then.
4
Why TCP/IP is Popular? Popularity of TCP/IP
simpler than ISO-OSI model provides an elegant solution to world wide data
communication. Open Protocol Standards, freely available,
and independent from any hardware platform. The University of Berkeley has incorporated
TCP/IP in their BSD Unix.
5
TCP/IP & OSI
In OSI reference model terminology -the TCP/IP protocol suite covers the network and transport layers.
TCP/IP can be used on many data-link layers (can support many network hardware implementations).
OSI Model Layer
Corresponding TCP/IP Layer
Application Application
Presentation
Session
Transport Transport (TCP)
Network Internet (IP)
Data Link Layer
Network Interface
Physical
6
But First ...
7
Ethernet - Data-Link Layer It will be useful to discuss a real data-link
layer. Ethernet (really IEEE 802.3) is widely
used. CSMA/CD.
8
Ethernet
Multi-access (shared medium). Every Ethernet interface has a unique 48
bit address (a.k.a. hardware address- MAC Address).
Example: C0:B3:44:17:21:17 The broadcast address is all 1’s. Addresses are assigned to vendors by a
central authority.
9
MAC address Is globally unique and is written onto the
hardware at the time of manufacture. MAC address is 48 bits (6 bytes) long The first three bytes identify the
manufacturer; are assigned by IEEE The last three bytes are assigned by the
manufacturer
10
ipconfig/ ifconfig
11
12
Back to TCP/IP
13
Internet ProtocolThe IP in TCP/IP
IP is the network layer packet delivery service (host-to-host). translation between different data-link
protocols.
14
IP Datagrams
IP provides connectionless, unreliable delivery of IP datagrams. Connectionless: each datagram is
independent of all others. Unreliable: there is no guarantee that
datagrams are delivered correctly or even delivered at all.
An IP packet is called a datagram
15
IP Addresses
IP addresses are not the same as the underlying data-link (MAC) addresses.
Why ?Why ?
Rensselaer
16
IP Addresses
IP is a network layer - it must be capable of providing communication between hosts on different kinds of networks (different data-link implementations).
The address must include information about what network the receiving host is on. This is what makes routing feasible.
17
IP Addresses
IP addresses are logical addresses (not physical)
32 bits. 64 bits Includes a network ID and a host ID. Every host must have a unique IP address. IP addresses are assigned by a central
authority (American Registry for Internet Numbers for North America).
IPv4 (version 4)
IPv6 (version 6)
18
Network and Host IDs
A Network ID is assigned to an organization by a global authority.
Host IDs are assigned locally by a system administrator.
Both the Network ID and the Host ID are used for routing.
19
IP Addresses
IP Addresses are usually shown in dotted decimal notation:
1.2.3.4 00000001 00000010 00000011 00000100 cs.rpi.edu is 128.213.1.1
10000000 11010101 00000001 00000001
CS has a class B networkCS has a class B network
20
21
Host and Network Addresses
A single network interface is assigned a single IP address called the host address.
A host may have multiple interfaces, and therefore multiple host addresses.
Hosts that share a network all have the same IP network address (the network ID).
22
Mapping IP Addresses to Hardware Addresses IP Addresses are not recognized by
hardware. If we know the IP address of a host,
how do we find out the hardware address ?
The process of finding the hardware address of a host given the IP address is called
Address ResolutionAddress Resolution
23
ARP
The Address Resolution Protocol is used by a sending host when it knows the IP address of the destination but needs the Ethernet (or whatever) address.
ARP is a broadcast protocol - every host on the network receives the request.
Each host checks the request against it’s IP address - the right one responds.
Arp Arp!
24
ARP (cont.)
ARP does not need to be done every time an IP datagram is sent - hosts remember the hardware addresses of each other.
Part of the ARP protocol specifies that the receiving host should also remember the IP and hardware addresses of the sending host.
25
ARP conversationHEY - Everyone please listen! Will 128.213.1.5 please send me his/her Ethernet address?
not me
Hi Green! I’m 128.213.1.5, and my Ethernet address is 87:A2:15:35:02:C3
26
Services provided by IP
Connectionless Delivery (each datagram is treated individually).
Unreliable (delivery is not guaranteed).
Fragmentation / Reassembly (based on hardware MTU).
Routing. Error detection.
27
IP
Data Link
Physical
IP
Data Link
Physical
IP
Data Link
Physical
Application
TCP
IP
Data Link
Physical
IP-Layer Operation
XA
B
C
Y
X
A B C
Y
Application
TCP
IP
Data Link
Physical
TCP is end-to-end layer
28
Transport Layer & TCP/IP
Q: We know that IP is the network layer - so TCP must be the transport layer, right ?
A: No… well, almost.
TCP is only part of the TCP/IP transport layer - the other part is UDP (User Datagram Protocol).
29
TCP UDP
IP
802.3
Process Layer
Transport Layer
Network Layer
Data-Link Layer
Process Process
ICMP, ARP &
RARP
30
UDP User Datagram Protocol
UDP is a transport protocol communication between processes
UDP uses IP to deliver datagrams to the right host.
UDP uses ports to provide communication services to individual processes.
31
Ports
TCP/IP uses an abstract destination point called a protocol port.
Ports are identified by a positive integer.
Operating systems provide some mechanism that processes use to specify a port.
32
PortsHost AHost A Host BHost B
Process
Process
Process
Process
Process
Process
33
UDP
Datagram Delivery Connectionless Unreliable Minimal
The term datagram is also used to describe the unit of transfer of UDP!
34
TCPTransmission Control Protocol TCP is an alternative transport layer protocol
supported by TCP/IP. TCP provides:
Connection-oriented Reliable Full-duplex Byte-Stream
35
Connection-Oriented Connection oriented means that a
virtual connection is established before any user data is transferred.
If the connection cannot be established - the user program is notified (finds out).
If the connection is ever interrupted - the user program(s) is finds out there is a problem.
36
Reliable
Reliable means that every transmission of data is acknowledged by the receiver.
If the sender does not receive acknowledgement within a specified amount of time, the sender retransmits the data.
Reliable does not mean that things don't go wrong, it means that we find out when things go wrong.
37
Byte Stream
Stream means that the connection is treated as a stream of bytes.
The user application does not need to package data in individual datagrams (as with UDP).
Somebody needs to do this since IP is delivering all the data, it's just that the application layer doesn't need to do this!
38
Full Duplex
TCP provides transfer in both directions (over a single virtual connection).
To the application program these appear as 2 unrelated data streams, although TCP can piggyback control and data communication by providing control information (such as an ACK) along with user data.
39
TCP Ports
Inter-process communication via TCP is achieved with the use of ports (just like UDP).
Common ports and the services that run on them:
FTP 21 telnet 23 SMTP 25 http 80 POP3 110
40
Addressing in TCP/IP
Each TCP/IP address includes: Internet Address Protocol (UDP or TCP) Port Number
NOTE: TCP/IP is a protocol suite that includes IP, TCP and UDP.
41
TCP/IP Summary
IP: network layer protocol unreliable datagram delivery between
hosts.
UDP: transport layer protocol unreliable datagram delivery between
processes.
TCP: transport layer protocol reliable, byte-stream delivery between
processes.
42
OSI and Protocol StackOSI: Open Systems Interconnect
OSI Model TCP/IP Hierarchy Protocols
7th
Application Layer
6th
Presentation Layer
5th
Session Layer
4th
Transport Layer
3rd
Network Layer
2nd
Link Layer
1st
Physical Layer
Application Layer
Transport Layer
Network Layer
Link Layer
Link Layer : includes device driver and network interface cardNetwork Layer : handles the movement of packets, i.e. RoutingTransport Layer : provides a reliable flow of data between two hostsApplication Layer : handles the details of the particular application
43
TCP vs. UDP
Q: Which protocol is better ?
A: It depends on the application.
TCP provides a connection-oriented, reliable, byte stream service (lots of overhead).
UDP offers minimal datagram delivery service (as little overhead as possible).
44
Hmmmmm. TCP or UDP ?
Electronic commerce? Video server? File transfer? Email ? Chat groups? Robotic surgery controlled remotely over a
network?
45
Break
46
TCP Connection Establishment TCP uses a three-way handshake to open a connection:
(1) ACTIVE OPEN: Client sends a segment SYN bit set * port number of client initial sequence number (ISN) of client
(2) PASSIVE OPEN: Server responds with a segment with SYN bit set * initial sequence number of server ACK for ISN of client
(3) Client acknowledges by sending a segment ACK ISN of server (* counts as one byte)
47
Connection Creation
Active participant(client)
Passive participant(server)
48
Connection Creation
Active participant(client)
Passive participant(server)
49
Connection Creation
Active participant(client)
Passive participant(server)
50
Connection Creation
Active participant(client)
Passive participant(server)
51
Why is a two-Way Handshake not enough?
aida.poly.edu mng.poly.edu
S 15322112354:15322112354(0)win 16384 <mss 1460, ...>
S 172488586:172488586(0)
win 8760 <mss 1460>
S 1031880193:1031880193(0)win 16384 <mss 1460, ...>
The redline is adelayedduplicatepacket.
When aida initiates the data transfer (starting with SeqNo=15322112355), mng will reject all data.
Will be discarded as a duplicate
SYN
52
Connection Teardown
Active participant(client)
Passive participant(server)
53
Connection Teardown
Active participant(client)
Passive participant(server)
54
Connection Teardown
Active participant(client)
Passive participant(server)
55
Connection Teardown
Active participant(client)
Passive participant(server)
56
Connection Teardown
Active participant(client)
Passive participant(server)
57
Two-Army Problem
Red army Red army
Blue army
58
Two-Army Problem
A B
59
Two-Army Problem
A B
60
Two-Army Problem
A B
61
Two-Army Problem
A B
62
Two-Army Problem
A B
63
Two-Army Problem
A B
So how many acks of acks are enough??
64
Connection Teardown
Active participant(client)
Passive participant(server)
Connection close is treated as two separate “close’s” of each simplex connection
65
Sockets Server process multiplexes streams with same
source port numbers according to source IP address
Socket = (IP address, port number) Each stream (“flow”) is uniquely identified by
a socket pair For example: 10.1.1.2:80
66
Packet Exchange for TCP Connection
socket() socket()bind()
listen()connect()
write()
read()
read()write()Data reply, ack
Data request
ack of reply
close()
close()
SYN j
SYN k, ack j+1
ack k+1
FIN M
ack M+1
FIN Nack N+1
CLIENT SERVER
accept()
67
netstat –n Lists all active sockets with the address/port number pair
68
netstat –rDisplays the routing table
69
netstat –sDisplays network statistics
70
pingsends a test packet to a given address and reports the round trip time
71
traceroutediscovers the route from a source to a destination
72
TCP/IP Hacks and Attacks Think like Hacker, to stop the intrusion in
your own Network Protect your Network, before they(evil
hacker) attack the vulnerabilities in your Network
73
Some common attacks
74
Denial of Service Attacks Denial of Service attacks attempt to negate service
by exhausting the resources at the victim side (such as
network bandwidth, CPU, memory, etc.) , forcing victim equipment into non operational state hijacking victim equipment/resources for malicious goals.
Distributed Denial of Service (DDoS) attack is a special case of the DoS when multiple distributed network nodes (zombies) are used to multiply DoS effect.
75
Early DOS attacks
ping of death Simple network flood either single very large ping packet, or a flood of
large or small ping packets smurf attack
Amplified network flood widespread pings with faked return address
(broadcast address)
76
TCP SYN Flood
SYN RQST
SYN ACKclient
server
Spoofed SYN RQST
zombie victim
Waiting buffer
overflowsZombies
SYN ACK
77
Distributed Denial of ServiceZombies on innocent computers
Server-level DDoS attacks
Infrastructure-level DDoS attacks
Bandwidth-level DDoS attacks
78
Spoofing
X Y Z
Mr. Z is that you?
Yes I’m here!
79
ARP Cache Poisoning
IP -> 192.168.51.36MAC -> 00:00:00:BB:BB:BB
Internal ARP Cache192.168.51.35 – 00:00:00:CC:CC:CC
System B
IP -> 192.168.51.35MAC -> 00:00:00:AA:AA:AA
Internal ARP Cache192.168.51.36 – 00:00:00:CC:CC:CC
System A
IP -> 192.168.51.37MAC -> 00:00:00:CC:CC:CC
Internal ARP Cache192.168.51.36 – 00:00:00:BB:BB:BB192.168.51.35 – 00:00:00:AA:AA:AA
Attacker
192.168.51.36 is at 00:00:00:CC:CC:CC 192.168.51.35 is at
00:00:00:CC:CC:CC
80
More DoS attacks
ARP Redirect ARPLocal IP address hijack
Middleman attack
Land TCP SYN
Source and destination IP addresses are the same causing the response to loop
SQL/Application server attack
HTTP
Continuous requests for a heavy computational dynamic page
81
Mitigation Techniques
82
ACL – Access Control List Layer 4 filtration rules:
<protocol,srcIP,dstIP,srcPort,dstPort> SQL Slammer prevention ACL:
access-list 101 deny udp any any eq 1434 access-list 101 permit ip any any
83
TCP Intercept
84
References
“TCP/IP Illustrated, Volume 1 The Protocols “
by W. Richard Stevens
“Internet Working with TCP/IP Volume 1”
by Douglas E. Comer
85
THANK YOU!