Experiential Learning Workshop on Basics of Network Layer

Transcription

1 Experiential Learning Workshop on Basics of Network Layer July 03, 2018 Dr. Ram P Rustagi Professor, CSE Dept KSIT, Bangalore rprustagi@ksit.edu.in

2 Resources & Acknowledgements Resources Learning.html Articles in ACCS Journal Slides Example web pages, and programs Acknowledgements: Computer Networking: Kurose, Ross!2

3 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!3

4 Day 2: Basics of HTTP Overview: HTTP and Versions Request and Response Format, Basic headers Handson-1: Analyze HTTP headers, status codes HTTP persistent and non-persistent connections Apache config support for persistent connections Handson-2: Configuring persistent connections Web caching, HTTP headers for cache control Handson-3: Cachecing, E-tags HTTP cookies mechanisms Secure cookies, sub-domains, HTTP only cookies Handson-4: using cookies, secure cookies Summary!4

5 Day 3: Basics of Transport Layer Overview: Transport layer, requirements Connection less and connection oriented transport Handson-1: Analyze TCP 4-tuple and UDP 2-tuple Pseudo headers in TCP/UDP Concurrent communications : UDP and TCP Handson-2: Using data with same checksum TCP and UDP Error control, TCP flags Handson-3: Connection Mgmt, Queues, and states TCP Streaming, Reliability misnomer, UDP message boundaries Handson-4: TCP Streams and UDP messages Summary!5

6 Day 4: Basics of Web Security Overview: HTTPS protocol Server certificate and server authentication Mixed content and browser warnings Locks icons and HTTP Status Handson-1: HTTPS website with mixed content MITM attack and ARP spoofing MITM with browser and information stealing Understanding HSTS, CSP Handson-2: Implementing ARP Spoofing Summary!6

7 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!7

8 NETWORK Novel Experience of Theoretical, Working, Operational, and Realized Knowledge Acronym!8

9 The Web Today Total num of hostnames and active sites (June 2018) src: category/web-server-survey/ Number of sitenames and active sites Sitenames: 1.6+B, Active sites: 177+M Web server vendors June 2018: Apache: 25%, MS IIS : 32%, Nginx: 23% Web Clients: GUI browsers, text browsers Communication protocols HTTP, HTTPS Extension of HTTP: WebDAV, CarDAV, CalDAV!9

10 Setup Requirement Internet 1 3 Switch/ Router 2 Ha: /24 Hb: /24!10

11 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!11

12 Tools wireshark wsug_html_chunked/ Enables viewing of bytes sent/recd on network Capture and Display filters Graphical, built on tcpdump TCP session display Changing UI options tcpdump: command line capture tool -o output file -c packet count -i interface names!12

13 !13

14 !14

15 L2 L3 L4 L7!15

16 Wireshark: UI Options Color coding Time format Packet reordering (in display) Defining protocol Using display filter Following TCP Stream Capture packets with proper capture filter Needed for analyzing packet layers!16

17 Wireshark capture filters Traffic between A and either B or C host A and \( B or C\) Traffic between A any host except B host A and not B Capture web traffic port 80 Capture ICMP traffic (e.g. ping, traceroute) icmp Capture web traffic port 80 Capture traffic for a subnet net /24!17

18 Wireshark Display Filters Source IP filter ip.src == Destination IP filter ip.dst == ip.dst!= Protocol filter http icmp Port number tcp.port eq 80 TCP Seq tcp.stream eq 1!18

19 Saving file Saving selected packets Reading from file Time display format Statistics Other options Wireshark - Misc!19

20 tcpdump Command line interface ASCII content Capture full packet Capture filters Output file Ethernet frame display!20

21 tcpdump - Usage Examples To capture between two specified hosts and save $ sudo tcpdump -n -i eth0 -s 0 w file.pcap host <A> and host <B> To capture 100 packets received from host X $ sudo tcpdump -n -i eth0 -c 100 src <X> To capture first 256 bytes and display in ASII $ sudo tcpdump -n -i eth0 -s 256 -A To capture with (link level) ethernet headers $ sudo tcpdump -n -i eth0 -e!21

22 Application Software Apache Web Server ( Configurations (/etc/apache2/apache2.config) /etc/apache2/sites-available/000-default.conf Directives Logging DocumentRoot Loadable Modules Virtual Host Firefox browser Options for configurations: about:config Nginx server, IIS server.!22

23 Tools wget: wget [options] <url> Options -d # to debug headers -O <file> # to save with different name -i <urlsfile> # list of urls in a file -c # to resume to broken download -b # run in background --limit-rate=500k --header=<headers> --http-user=user --http-password=.. -mk # mirroring with local link conversion!23

24 Tools - nc nc (netcat) Works as both layer client & server Supports both TCP and UDP Supports both IPv4 and IPv6 Common use Simple TCP/UDP based data transfer Shell script based HTTP clients and servers Network daemon testing SOCKS or HTTP ProxyCommand for ssh!24

25 Tools - nc nc usage -l acting as server -u use UDP -i for interval based transmission (lines) -k for keeping server up after connection close Examples nc <servername> <server port> # client nc -l port # server To transfer files Server: nc -l <port> >file.dat Client: cat <file> nc <servername> <port>!25

26 Usage: nc Terminating connection after idle time nc -w 10 <server> <port> # timeout 10s Don t use with server option Providing remote shell access on server to a client Create a FIFO file rm -f /tmp/f; mkfifo /tmp/f run nc on server by executing the shell cat /tmp/f /bin/bash -i 2>&1 nc -l 2222 > /tmp/f!26

27 Tools - ping ping (Packet Inter Network Groper) Checking reachability ping hostname -i changing packet interval -c packet count -f flooding the network -q quite mode -s change packet size -W response timeout!27

28 Usage: ping $ ping -c 10 PING ( ): 56 data bytes 64 bytes from : icmp_seq=0 ttl=47 time= ms 64 bytes from : icmp_seq=1 ttl=47 time= ms 64 bytes from : icmp_seq=2 ttl=47 time= ms 64 bytes from : icmp_seq=3 ttl=47 time= ms 64 bytes from : icmp_seq=4 ttl=47 time= ms 64 bytes from : icmp_seq=5 ttl=47 time= ms 64 bytes from : icmp_seq=6 ttl=47 time= ms 64 bytes from : icmp_seq=7 ttl=47 time= ms 64 bytes from : icmp_seq=8 ttl=47 time= ms 64 bytes from : icmp_seq=9 ttl=47 time= ms ping statistics packets transmitted, 10 packets received, 0.0% packet loss round-trip min/avg/max/stddev = / / / ms!28

29 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!29

30 Hands-On 1 nc : chat between two systems Using both UDP and TCP ping: understand delay and response. check google and yahoo reachability. check your favourite website reachability wget: Downline contents of a website for offline use. wireshark Access smvdu.ac.in and check capture. chat (nc) and analyze capture traceroute a site and analyze capture!30

31 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!31

32 Network layer service models: Network Architecture Service Model Bandwidth Guarantees? Loss Order Timing Congestion feedback Internet best effort none no no no no (inferred via loss) Source: Kurose, Ross: Computer Networking, A Top Down Approach!32

33 message segment datagram frame H l H n H n H t H t H t M M M M source application transport network link physical Encapsulation Source: Kurose, Ross: Computer Networking, A Top Down Approach Source: Kurose, Ross: Computer Networking, A Top Down Approach link physical switch H l H n H n H t H t H t M M M M destination application transport network link physical H l H n H n H t H t M M network link physical H n H t Source: Kurose, Ross: Computer Networking, A Top Down Approach M router!33

34 TCP segment structure URG: urgent data (generally not used) ACK: ACK # valid PSH: push data now (generally not used) RST, SYN, FIN: connection estab (setup, teardown commands) Internet checksum (as in UDP) head len 32 bits source port # dest port # sequence number acknowledgement number not used checksum U A P R S F application data (variable length) receive window Urg data pointer options (variable length) counting by bytes of data (not segments!) # bytes rcvr willing to accept Source: Kurose, Ross: Computer Networking, A Top Down Approach!34

35 Wireshark Capture Filters Connection setup tcp[tcpflags] & (tcp-syn)!= 0 Connection teardown only tcp[tcpflags] & (tcp-fin)!= 0 Connection reset only tcp[tcpflags] & (tcp-rst)!= 0!35

36 UDP: segment header source port # dest port # length 32 bits application data (payload) checksum UDP segment format length, in bytes of UDP segment, including header includes pseudo header no connection establishment (which can add delay) simple: no connection state at sender, receiver small header size no congestion control: UDP can blast away as fast as desired Source: Kurose, Ross: Computer Networking, A Top Down Approach!36

37 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) ver head. len 16-bit identifier time to live type of service upper layer 32 bits flgs length 32 bit source IP address fragment offset header checksum total datagram length (bytes) for fragmentation/ reassembly upper layer protocol to deliver payload to how much overhead? 20 bytes of TCP 20 bytes of IP = 40 bytes + app layer overhead 32 bit destination IP address options (if any) data (variable length, typically a TCP or UDP segment) e.g. timestamp, record route taken, specify list of routers to visit. Source: Kurose, Ross: Computer Networking, A Top Down Approach!37

38 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!38

39 TCP Data Computation of TCP payload length IP packet length (2 bytes from offset of 2 bytes) IP header length (LSB 4 bits, first byte, *4) TCP header length (12th byte, MSB 4 bits, *4) HTTP connections with some data 'port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2))!= 0) TCP Conncetion analysis UDP communication analysis!39

40 The Internet network layer host, router network layer functions: transport layer: TCP, UDP routing protocols path selection RIP, OSPF, BGP forwarding table ICMP protocol error reporting router signaling network layer IP protocol addressing conventions datagram format packet handling conventions link layer Source: Kurose, Ross: Computer Networking, A Top Down Approach physical layer

41 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!41

42 Handson 2: Analysis of TCP/IP Layers Use wireshark to analyze TCP/IP layers Transport layer: Use nc to communicate between two hosts Analyse TCP headers IP Layer: Analyze IP headers in web packets & nc chat!42

43 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!43

44 IP fragmentation, reassembly network links have MTU (max.transfer size) - largest possible link-level frame different link types, different MTUs large IP datagram divided ( fragmented ) within net one datagram becomes several datagrams reassembled only at final destination IP header bits used to identify, order related fragments reassembly fragmentation: in: one large datagram out: 3 smaller datagrams Source: Kurose, Ross: Computer Networking, A Top Down Approach!44

45 IP fragmentation, reassembly example: 4000 byte datagram MTU = 1500 bytes length =4000 ID =x fragflag =0 one large datagram becomes several smaller datagrams offset = bytes in data field length =1500 ID =x fragflag =1 offset =0 offset = 1480/8 length =1500 ID =x fragflag =1 offset =185 length =1040 ID =x fragflag =0 offset =370 Source: Kurose, Ross: Computer Networking, A Top Down Approach!45

46 Example : Re-fragmentation Re-fragmentation? Src: Forouzan - Data Communication and Networking!46

47 Example : Re-fragmentation Re-fragmentation Src: Forouzan - Data Communication and Networking!47

48 IP fragmentation, reassembly Questions A pkt has arrived with an M bit of 0. Is this the first, last of middle segment? Can we say if pkt was fragmented? A pkt has arrived with an M bit of 1. Is this the first, last of middle segment? Can we say if pkt was fragmented? A pkt has arrived with an M bit of 1 and offset value 0. Is this the first, last of middle segment? Can we say if pkt was fragmented? A pkt has arrived with offset value 100, and HLEN value of 5, value of total length field is 100. What are the numbers of the first byte and last byte?!48

49 Path MTU Discovery It is a mechanism It is not a protocol Mechanism Intermediate router informs the sender error : destination not reachable code : Fragmentation required!49

50 IP Fragmentation IP Fragmentation is avoided in general Path MTU (PMTU) discovery is used to find the max segment size for a given path Fragment is a costly process especially for NAT address is configured by default in any enterprise!50

51 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!51

52 ICMP: internet control message protocol used by hosts & routers to communicate networklevel information error reporting: unreachable host, network, port, protocol echo request/reply (used by ping) network-layer above IP: ICMP msgs carried in IP datagrams ICMP message: type, code plus first 8 bytes of IP datagram causing error Source: Kurose, Ross: Computer Networking, A Top Down Approach Query Messages: Type Code description 0/8 0 Echo reply/request (ping) 13/14 0 Timestamp request/reply 10/9 0 Router solicitation/advt Error Reporting Messages 3 0 dest. network unreachable 3 1 dest host unreachable 3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 5 0 Redirect 11 0 TTL expired 12 0 bad IP header!52

53 NAT: network address translation Motivation: local network uses just one IP address as far as outside world is concerned: range of addresses not needed from ISP: just one IP address for all devices can change addresses of devices in local network without notifying outside world can change ISP without changing addresses of devices in local network devices inside local net not explicitly addressable, visible by outside world (a security plus)!53

54 NAT: network address translation NAT router must: outgoing datagrams: replace (source IP address, port #) of every outgoing datagram to (NAT IP address, new port #)... remote clients/servers will respond using (NAT IP address, new port #) as destination addr remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table!54

55 Address Allocation for private networks RFC 1918 One Class A network (2 24 ) 16 Class B Networks (2 20 ) 256 Class C Networks (2 16 )!55

56 NAT: network address translation 2: NAT router changes datagram source addr from , 3345 to , 5001, updates table 2 NAT translation table WAN side addr LAN side addr , , 3345 S: , 5001 D: , Protocol 1: host sends datagram to , 80 S: , 3345 D: , S: , 80 D: , : reply arrives dest. address: , 5001 S: , 80 D: , : NAT router changes datagram dest addr from , 5001 to , 3345 Source: Kurose, Ross: Computer Networking, A Top Down Approach !56

57 NAT: network address translation 16-bit port-number field: simultaneous connections on one NAT address! 65,535 NAT is controversial: routers should only process up to layer 3 violates end-to-end argument NAT possibility must be taken into account by app designers, e.g., P2P applications address shortage should instead be solved by IPv6 gets complicated with IP fragmentation!57

58 NAT traversal problem Client wants to connect to server with address server address local to LAN (client can t use it as destination addr) only one externally visible NATed address: solution1: statically configure NAT to forward incoming connection requests at given port to server e.g., ( , port 2500) always forwarded to port client? NAT router Source: Kurose, Ross: Computer Networking, A Top Down Approach!58

59 ICMP Msg format ICMP Query Msg ICMP Error Msg Type Code Checksum Identifier Sequence Number RFC 792 Src: Forouzan - Computer Networking!59

60 ICMP Messages Few points to note No ICMP error msg will be generated for Response to datagram carrying an ICMP error message Fragmented datagram that is not the first fragment Datagram having multicast address Datagram having special address e.g , or !60

61 ICMP Redirect Src: Forouzan - Computer Networking!61

62 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!62

63 Handson-3: ICMP Redirect Ha: 10.x.1.1/ Switch Hc: 10.x.1.201/24 lo:10.x.3.201/24 Hb:10.x.1.101/24 lo:10.x.2.101/24 On Ha sudo ip route add 10.x.2.0/24 via 10.x sudo ip route add 10.x.3.0/24 via 10.x On Hb sudo ip route add 10.x.3.0/24 via 10.x On Hc sudo ip route add 10.x.3.0/24 via 10.x.1.101!63

64 Handson-3: PMTU Discovery Ha: 10.x.1.1/24 Hc: 10.x.3.201/ Router Hb-e1:10.x.1.101/24 Hb-e2:10.x.3.1/24 On Hb sudo ip link set dev eth2 mtu 1000 sudo sysctl -w net.ipv4.ip_forward=1 On Ha ping -c 2 s p !64

65 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!65

66 ARP - Address Resolution Protocol Packet delivery to a host requires two addresses Logical address - IP Address Physical address - MAC address Need to find mapping from logical to physical ARP is used - RFC 826 Src: Forouzan - Computer Networking!66

67 ARP - 4 cases MAC MAC Src: Forouzan - Computer Networking!67

68 ARP ARP Request and Reply ARP Request is broadcast ARP Reply is Unicast Other forms of ARP Proxy ARP (RFC 1027) Reverse ARP (RFC 903) Gratuitous ARP!68

69 Proxy ARP Router (Proxy ARP Server) replied to all requests Used when Splitting a network w/o changing hosts netmask Mobile IP Src: Forouzan - Computer Networking!69

70 Reverse ARP Reverse ARP (RARP) : RFC 903 Used for diskless stations Organization does not have enough IP Address Target as MAC Bcast does not cross the router Needs one RARP server for each subnet BOOTP Improvement over RARP Has a relay agent to forward across network Static mapping of MAC to IP Manageability issues DHCP - replaces BOOTP!70

71 Gratuitous ARP Ref: Gratuitous ARP Request Both src and dstn IP is set to that of m/c Dstn MAC is broadcast i.e. ff:ff:ff:ff:ff:ff Ordinarily, no reply will occur normally if a m/c exists, it may respond Gratuitous ARP Reply (for HA, LB, Spoofing) A reply to which no request has occurred!71

72 Gratuitous ARP Why Gratuitous ARP Help detect IP conflicts if a m/c receives G-ARP req which is its own, implies IP conflict Helps in updating other m/cs ARP tables Used in clustering solutions, when IP is moved Helps inform the switch to update its port table Each time an i/f comes up (after down), sends G-ARP!72

73 Life of Packet in Internet DNS Record: -> Q: User at host A types ping -c1 What is the packet flow?!73

74 DHCP Goal: allow host to dynamically obtain its IP address Renew its lease on address in use, on lease expiry Preferably gets the same address, not guaranteed Support for mobile users who join network Guarantee: only one address to only one client Retain DHCP client address across reboots not guaranteed Retain DHCP client configs across server reboot Must coexist with statically assigned addresses Should work with DHCP server failovers Interoperate with BOOTP relay agents!74

75 DHCP: more than IP addresses DHCP can return more than just allocated IP address on subnet: Address of first-hop router for client Name and IP address of DNS sever Network mask (indicating network versus host portion of address)!75

76 DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP UDP IP Eth Phy DHCP UDP IP Eth Phy Source: Kurose, Ross: Computer Networking, A Top Down Approach DHCP: example router with DHCP server built into router connecting laptop needs its IP address, addr of firsthop router, addr of DNS server: use DHCP vdhcp request encapsulated in UDP, encapsulated in IP, encapsulated in Ethernet v Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running DHCP server v Ethernet demuxed to IP demuxed, UDP demuxed to DHCP

77 DHCP: example DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP DHCP UDP IP Eth Phy DHCP UDP IP Eth Phy Source: Kurose, Ross: Computer Networking, A Top Down Approach router with DHCP server built into router DHCP server formulates DHCP ACK containing client s IP address, IP address of first-hop router for client, name & IP address of DNS server v encapsulation of DHCP server, frame forwarded to client, demuxing up to DHCP at client v client now knows its IP address, name and IP address of DSN server, IP address of its first-hop router!77

78 DHCP: Dynamic Host Configuration Protocol DHCP overview: An extension of BOOTP mechanism Host broadcasts DHCP Discover msg [optional] DHCP server responds with DHCP Offer msg more than one server can make the offer client can choose which server to send request to Host requests IP address: DHCP Request msg DHCP server sends address: DHCP Ack msg Renewal happens with DHCP Request/ack On completion, client sends DHCP Release msg Practically not seen!78

79 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!79

80 Handson-4: ARP Understand ARP working. Know current ARP working arp -an ping H x (where H x is not in ARP table) but live See the ARP table to have Hx entry ping H y (where H y is not live) What does ARP table shows Create state ARP entry for H z not in ARP table sudo arp -s <IP Addr> <MAC Addr> ping H z No ARP Request should be transmitted. ping -b -c5 <Broadcast address>!80

81 Handson-4: Proxy ARP Ha: /22 Hc: / Router Hb-e1: /24 Hb-e2: /24 Enable proxy ARP, and routing on Hb sudo sysctl -w net.ipv4.conf.all.proxy_arp=1 sudo sysctl -w net.ipv4.ip_forward=1 Ping Hc from Ha Note down the ARP table of Ha and Hc. It should show MAC addresses of Hb!81

82 Handson-4: Gratuituos ARP Ha: /24 Hc: /24 Hb: /24 Switch Use arping to issue gratuituous ARP On Ha, assign IP of Hc sudo ip addr del /24 dev eth0 sudo ip addr add /24 dev eth0 sudo arping -A -I eth Analyze ARP table of Hb 2!82

83 Day 1: Basics of Networking Overview Introduction to basic networking Tools Handson 1: using networking tools IP and TCP Headers Analysis of layers in IP, TCP/UDP Handson-2: Analyze IP and TCP headers Fragementation and PMTU Discovery ICMP Errors, NAT Handson-3: ICMP errors, NAT, PMTU ARP, DHCP, Proxy, Gratuituous ARP Handson-4: ARP protocol Summary!83

84 Summary Networking tools Wireshark, nc, wget, ping Network and transport layer headers IP, TCP, UDP headers ICMP Errors ICMP redirect PMTU discovery NAT DHCP ARP!84

85 Thank You!85