Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

Size: px
Start display at page:

Download "Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University"

Transcription

1 Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

2 Why ICMP? UDP and TDP are not designed to report errors Provide a simple way to report errors between hosts/routers and hosts

3 Layer 2 Protocol ICMP is encapsulated in IP It does not have ports. The receiving host may not response to the sender. No guarantee of delivery.

4 ICMP Packet 4byte header (type, code, and header check sum) followed by a message type code ICMP Check Sum Data

5 Messages A host may send a quench message to notify a sender to throttle down the delivery rate. A router may send ICMP to inform a sender of some problem. A router may respond unreachable ICMP message if a destination host cannot respond. ICMP sent by routers may be used for reconnaissance purpose!

6 Mapping Techniques Explore live hosts for attack target RingZero trojan scans TCP ports 3128, 80, and 8080 including inactive hosts > not very efficient ICMP echo request TCP Ack Scan (respond RST)

7 Tireless Mapper Scanner sends ICMP echo requests to each possible subnet addresses scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request IDS will not issue an alert for individual echo request IDS can examine more generic scan activity: single source to multiple destination within a period

8 Efficient Mapper Send ICMP echo request to broadcast address (BSD implementation) All live hosts in the subnet should respond. scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request

9 Clever Mapper What if class C subnet is further divided into smaller networks? Send to ICMP echo request to each of their broadcast addresses scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request scanner.net > : icmp: echo request The subnet is divided into 4 smaller networks each of which contains 64 addresses.

10 Cerebral Mapper Use ICMP address mask request Reconnoiter host address range in a subnet scanner.net > router.com: icmp: address mask request (DF) router.com > scanner.net: icmp: address mask is 0xffffff00 (DF)

11 Normal ICMP Traffic Host Unreachable Port Unreachable Admin Prohibited Need to Frag Time Exceeded In Transit Embedded Information I ICMP Error Messages

12 Host Unreachable An attempt to send traffic to a target host which may be down somehow router > sending.host: icmp: host target.host unreachable

13 Port Unreachable A target host responds to the sending host that it is not listening on a port. In the following, the target is not listening on ntp port (UDP network time protocol port): Target.host > sending.host: icmp: target.host udp port ntp unreachable (DF)

14 Admin Prohibited The router has access control and responds sender admin prohibited ICM message. router > sending.host: icmp: host target.host unreachable admin prohibited

15 Need to Frag A DF flag set on a IP packet that needs be fragmented. router > sending.host: icmp: target.host unreachable need to frag (mtu 1500)

16 Time Exceeded In Transit Packet dropped because of TTL router > sending.host: icmp: time exceeded in-transit

17 Embedded Information in ICMP Error Messages In case of errors, ICMP will include 28 bytes of the offending IP This extra information can be used for classifying OS used in nmap. Type Code Checksum Message IP header + 8 bytes payload (28 bytes totally)

18 Malicious ICMP Traffic Port/host scan DoS/dDoS Covert channels

19 Smurf Attack 1. ICMP echo request to broadcast addresses with victim s IP address 2. Router allows in ICMP echo request to broadcast addresses 3. All live hosts respond ICMP echo reply to the victim

20 Tribe Flood Network TFN attack enlists the help of many distributed hosts (daemon or zombie) to flood a victim. ICMP echo reply TFN master TFN daemon hosts Daemon hosts Flood victim Victim

21 WinFreeze Cause susceptible Windows host to attack itself (selfmutilation) In the following the victim will apply all the changes in its routing table! router > victim.com: redirect to host victim.com router > victim.com: redirect to host victim.com router > victim.com: redirect to host victim.com router > victim.com: redirect to host victim.com router > victim.com: redirect to host victim.com router > victim.com: redirect to host victim.com router > victim.com: redirect to host victim.com

22 Loki Use ICMP as a tunneling protocol for a covert channel Client/server architecture A compromised host running Loki server will respond Loki clients server information such as /etc/passwd

23 Unsolicited ICMP Echo Replies IP Spoofing TFN Loki

24 ICMP Messages From hosts Protocol unreachable Port unreachable IP reassembly time exceeded Parameter problem Echo reply Timestamp reply Address mask reply From routers Fragmentation needed but don t fragment bit set Admin prohibited Time exceeded in transit Host unreachable

25 ICMP Messages Admin prohibited: can assist in examining what type of traffic the site blocks Address mask reply: the subnet mask of the network on which the responding host resides Time exceeded in transit: used in traceroute to discover routers and network topology Protocol unreachable: can be used to inversely map a host s listening protocols Port unreachable: can be used to inversely map a live host s listening UDP ports Fragmentation needed but don t fragment bit set: can be used to deter4mine the MTU of links for use in attacks that use fragments

26 To Block or Not to Block Unrequited ICMP Echo Requests Blocking inbound echo request Loki and TFN used echo reply! Windows tracert not working Inbound ICMP exceeded in transit used in tracert UNIX traceroute uses UDP. Fine! Inefficiency Blocking all inbound ICMP traffic may result in a sending host to keep trying until time out if the receiver is unreachable Broken Path MTU Discovery A sending host may need to find out MTU. Blocking inbound ICMP traffic means sending packets larger than MTU with DF will be dropped silently! Bottom line : Make sure to allow host unreachable and need to frag ICMP inbound traffic to your network!

ICS 451: Today's plan

ICS 451: Today's plan ICS 451: Today's plan ICMP ping traceroute ARP DHCP summary of IP processing ICMP Internet Control Message Protocol, 2 functions: error reporting (never sent in response to ICMP error packets) network

More information

Network Layer (4): ICMP

Network Layer (4): ICMP 1 Network Layer (4): ICMP Required reading: Kurose 4.4.3, 4.4.4 CSE 4213, Fall 2006 Instructor: N. Vlajic 2 1. Introduction 2. Network Service Models 3. Architecture 4. Network Layer Protocols in the Internet

More information

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Network Security Evil ICMP, Careless TCP & Boring Security Analyses Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018 Part I Internet Control Message Protocol (ICMP) Why ICMP No method

More information

Operational Security Capabilities for IP Network Infrastructure

Operational Security Capabilities for IP Network Infrastructure Operational Security Capabilities F. Gont for IP Network Infrastructure G. Gont (opsec) UTN/FRH Internet-Draft September 1, 2008 Intended status: Informational Expires: March 5, 2009 Status of this Memo

More information

Configuring Routes on the ACE

Configuring Routes on the ACE CHAPTER2 This chapter describes how the ACE is considered a router hop in the network when it is in routed mode. In the Admin or user contexts, the ACE supports static routes only. The ACE supports up

More information

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1 Table of Contents 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1 i 1 Intrusion Detection Statistics Overview Intrusion detection is an important network

More information

ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) ABSTRACT : ICMP stands for internet control message protocol it is a vital protocol of network layer among the seven layers of OSI(open system interconnection). Here we deal with the several situations

More information

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link. Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:

More information

ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) Today s Lecture ICMP (Internet Control Message Protocol) Internet Protocols CSC / C 573 I. ICMP Overview II. ICMP rror Reporting III. ICMP Query / Response Messages IV. ICMP Message Processing Fall, 2005

More information

CS 457 Lecture 11 More IP Networking. Fall 2011

CS 457 Lecture 11 More IP Networking. Fall 2011 CS 457 Lecture 11 More IP Networking Fall 2011 IP datagram format IP protocol version number header length (bytes) type of data max number remaining hops (decremented at each router) upper layer protocol

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Internet Control Message Protocol (ICMP) 1 Overview The IP (Internet Protocol) relies on several other protocols to perform necessary control and routing functions: Control functions (ICMP) Multicast signaling

More information

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer 1 CPSC 826 Intering The Network Layer: Routing & Addressing Outline The Network Layer Michele Weigle Department of Computer Science Clemson University mweigle@cs.clemson.edu November 10, 2004 Network layer

More information

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1 Internet Protocol Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1 Internet Protocol Runs on all hosts in the Internet and enables packets to be routed between systems

More information

CS519: Computer Networks. Lecture 2: Feb 2, 2004 IP (Internet Protocol)

CS519: Computer Networks. Lecture 2: Feb 2, 2004 IP (Internet Protocol) : Computer Networks Lecture 2: Feb 2, 2004 IP (Internet Protocol) A hypothetical service You want a mail delivery service You have two choices: Acme Guaranteed Mail Delivery Service We never fail Rocko

More information

Module 7 Internet And Internet Protocol Suite

Module 7 Internet And Internet Protocol Suite Module 7 Internet And Internet Protocol Suite Lesson 22 IP addressing. ICMP LESSON OBJECTIVE General The lesson will continue the discussion on IPv4 along with the idea of ICMP. Specific The focus areas

More information

Problems of IP. Unreliable connectionless service. Cannot acquire status information from routers and other hosts

Problems of IP. Unreliable connectionless service. Cannot acquire status information from routers and other hosts Chapter 09 ICMP Problems of IP Unreliable connectionless service Best effort service IP datagrams are discarded If destination is not found If TTL becomes 0 If reassembly timer expires Cannot acquire status

More information

Master Course Computer Networks IN2097

Master Course Computer Networks IN2097 Chair for Network Architectures and Services Prof. Carle Department for Computer Science TU München Master Course Computer Networks IN2097 Prof. Dr.-Ing. Georg Carle Christian Grothoff, Ph.D. Chair for

More information

Topics for This Week

Topics for This Week Topics for This Week Routing Protocols in the Internet OSPF, BGP More on IP Fragmentation and Reassembly ICMP Readings Sections 5.6.4-5.6.5 1 Hierarchical Routing aggregate routers into regions, autonomous

More information

TSIN02 - Internetworking

TSIN02 - Internetworking Lecture 2: Internet Protocol Literature: Forouzan: ch (4-6), 7-9 and ch 31 2004 Image Coding Group, Linköpings Universitet Lecture 2: IP Goals: Understand the benefits Understand the architecture IPv4

More information

Configuring attack detection and prevention 1

Configuring attack detection and prevention 1 Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack

More information

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition ELEC / COMP 177 Fall 2011 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Topics This week: Network layer (IP, ARP, ICMP) Next week: More network layer (Routers and routing protocols)

More information

Network Layer: Internet Protocol

Network Layer: Internet Protocol Network Layer: Internet Protocol Motivation Heterogeneity Scale Intering IP is the glue that connects heterogeneous s giving the illusion of a homogenous one. Salient Features Each host is identified by

More information

DDoS Testing with XM-2G. Step by Step Guide

DDoS Testing with XM-2G. Step by Step Guide DDoS Testing with XM-G Step by Step Guide DDoS DEFINED Distributed Denial of Service (DDoS) Multiple compromised systems usually infected with a Trojan are used to target a single system causing a Denial

More information

Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields.

Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields. IP address ICMP Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields. The TYPE field identifies the ICMP message, the CODE field

More information

(ICMP), RFC

(ICMP), RFC Internet et Control o Message Protocol (ICMP), RFC 792 http://icourse.cuc.edu.cn/networkprogramming/ linwei@cuc.edu.cn Nov. 2009 Overview The IP (Internet Protocol) relies on several other protocols to

More information

To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at

To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at the data link layer. To describe how the mapping of a

More information

MESSAGES error-reporting messages and query messages. problems processes IP packet specific information

MESSAGES error-reporting messages and query messages. problems processes IP packet specific information ICMP ICMP ICMP is mainly used by operating systems of networked computers to send error messages indicating that a requested service is not available or that host/ router could not be reached. ICMP MESSAGES

More information

The Internetworking Problem. Internetworking. A Translation-based Solution

The Internetworking Problem. Internetworking. A Translation-based Solution Cloud Cloud Cloud 1 The Internetworking Problem Internetworking Two nodes communicating across a network of networks How to transport packets through this heterogeneous mass? A B The Internetworking Problem

More information

Internet Control Message Protocol (ICMP), RFC 792. Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC

Internet Control Message Protocol (ICMP), RFC 792. Prof. Lin Weiguo Copyleft 2009~2017, School of Computing, CUC Internet Control Message Protocol (ICMP), RFC 79 Prof Lin Weiguo Copyleft 009~07, School of Computing, CUC Oct 07 Overview } The IP (Internet Protocol) relies on several other protocols to perform necessary

More information

Configuring IP Services

Configuring IP Services Configuring IP Services Last Updated: December 16, 2011 This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the

More information

Subnets. IP datagram format. The Internet Network layer. IP Fragmentation and Reassembly. IP Fragmentation & Reassembly. IP Addressing: introduction

Subnets. IP datagram format. The Internet Network layer. IP Fragmentation and Reassembly. IP Fragmentation & Reassembly. IP Addressing: introduction The Network layer Host, network layer functions: Network layer Routing protocols path selection R, OSPF, BGP Transport layer: TCP, forwarding table Link layer physical layer protocol addressing conventions

More information

Configuring attack detection and prevention 1

Configuring attack detection and prevention 1 Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack

More information

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition ELEC / COMP 177 Fall 2011 Some slides from Kurose and Ross, Computer Networking, 5 th Edition One of the core protocols in the Internet Primarily used to communicate errors among routers and hosts IP datagram

More information

inside: THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN

inside: THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 inside: SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN & The Advanced Computing Systems Association & The System Administrators

More information

Internet Protocols (chapter 18)

Internet Protocols (chapter 18) Internet Protocols (chapter 18) CSE 3213 Fall 2011 Internetworking Terms 1 TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol

More information

ICS 351: Networking Protocols

ICS 351: Networking Protocols ICS 351: Networking Protocols IP packet forwarding application layer: DNS, HTTP transport layer: TCP and UDP network layer: IP, ICMP, ARP data-link layer: Ethernet, WiFi 1 Networking concepts each protocol

More information

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking 1 Review of TCP/IP working Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path Frame Path Chapter 3 Client Host Trunk Link Server Host Panko, Corporate

More information

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang CS 356: Computer Network Architectures Lecture 10: IP Fragmentation, ARP, and ICMP Xiaowei Yang xwy@cs.duke.edu Overview Homework 2-dimension parity IP fragmentation ARP ICMP Fragmentation and Reassembly

More information

Attack Prevention Technology White Paper

Attack Prevention Technology White Paper Attack Prevention Technology White Paper Keywords: Attack prevention, denial of service Abstract: This document introduces the common network attacks and the corresponding prevention measures, and describes

More information

internet technologies and standards

internet technologies and standards Institute of Telecommunications Warsaw University of Technology 2017 internet technologies and standards Piotr Gajowniczek Andrzej Bąk Michał Jarociński Network Layer The majority of slides presented in

More information

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi INF5290 Ethical Hacking Lecture 3: Network reconnaissance, port scanning Universitetet i Oslo Laszlo Erdödi Lecture Overview Identifying hosts in a network Identifying services on a host What are the typical

More information

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Lecture 3. The Network Layer (cont d) Network Layer 1-1 Lecture 3 The Network Layer (cont d) Network Layer 1-1 Agenda The Network Layer (cont d) What is inside a router? Internet Protocol (IP) IPv4 fragmentation and addressing IP Address Classes and Subnets

More information

Firewall Stateful Inspection of ICMP

Firewall Stateful Inspection of ICMP The feature categorizes Internet Control Management Protocol Version 4 (ICMPv4) messages as either malicious or benign. The firewall uses stateful inspection to trust benign ICMPv4 messages that are generated

More information

Outline. SC/CSE 3213 Winter Sebastian Magierowski York University. ICMP ARP DHCP NAT (not a control protocol) L9: Control Protocols

Outline. SC/CSE 3213 Winter Sebastian Magierowski York University. ICMP ARP DHCP NAT (not a control protocol) L9: Control Protocols SC/CSE 3213 Winter 2013 L9: Control Protocols Sebastian Magierowski York University 1 Outline ICMP ARP DHCP NAT (not a control protocol) 2 1 Control Protocols IP is used to transfer data Network layer

More information

Using ICMP to Troubleshoot TCP/IP Networks

Using ICMP to Troubleshoot TCP/IP Networks Laura Chappell Using ICMP to Troubleshoot TCP/IP Networks Illustration: Norman Felchle Editor s Note: This article is based on Laura Chappell s upcoming book TCP/IP Analysis and Troubleshooting, which

More information

IP : Internet Protocol

IP : Internet Protocol 1/20 IP : Internet Protocol Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last updated: July 30, 1999 Agenda 2/20 IP functions IP header format Routing architecture IP layer 3/20 defines

More information

Lecture 4 The Network Layer. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it

Lecture 4 The Network Layer. Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Lecture 4 The Network Layer Antonio Cianfrani DIET Department Networking Group netlab.uniroma1.it Network layer functions Transport packet from sending to receiving hosts Network layer protocols in every

More information

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet

More information

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled

More information

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 10-4-17 KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r From the

More information

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 1-11-17 KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r From the

More information

Computer Networks ICS 651. IP Routing RIP OSPF BGP MPLS Internet Control Message Protocol IP Path MTU Discovery

Computer Networks ICS 651. IP Routing RIP OSPF BGP MPLS Internet Control Message Protocol IP Path MTU Discovery Computer Networks ICS 651 IP Routing RIP OSPF BGP MPLS Internet Control Message Protocol IP Path MTU Discovery Routing Information Protocol DV modified with split horizon and poisoned reverse distance

More information

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on IP Version 4 (IPv4) Header (Continued) Identification (16 bits): One of the parameters of any network is the maximum transmission unit (MTU) parameter. This parameter specifies the maximum size of the

More information

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia IP - The Internet Protocol Based on the slides of Dr. Jorg Liebeherr, University of Virginia Orientation IP (Internet Protocol) is a Network Layer Protocol. IP: The waist of the hourglass IP is the waist

More information

Packet Header Formats

Packet Header Formats A P P E N D I X C Packet Header Formats S nort rules use the protocol type field to distinguish among different protocols. Different header parts in packets are used to determine the type of protocol used

More information

TSIN02 - Internetworking

TSIN02 - Internetworking Lecture 2: The Internet Protocol Literature: Forouzan: ch 4-9 and ch 27 2004 Image Coding Group, Linköpings Universitet Outline About the network layer Tasks Addressing Routing Protocols 2 Tasks of the

More information

Denial of Service. EJ Jung 11/08/10

Denial of Service. EJ Jung 11/08/10 Denial of Service EJ Jung 11/08/10 Pop Quiz 3 Write one thing you learned from today s reading Write one thing you liked about today s reading Write one thing you disliked about today s reading Announcements

More information

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis Session 8. TCP/IP Dongsoo S. Kim (dskim@iupui.edu) Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis IP Packet 0 4 8 16 19 31 Version IHL Type of Service Total Length Identification

More information

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local 1 v4 & v6 Header Comparison v6 Ver Time to Live v4 Header IHL Type of Service Identification Protocol Flags Source Address Destination Address Total Length Fragment Offset Header Checksum Ver Traffic Class

More information

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing Network layer: Overview Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing 1 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every

More information

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods Ping of death Land attack Teardrop Syn flood Smurf attack DOS Attack Methods Ping of Death A type of buffer overflow attack that exploits a design flaw in certain ICMP implementations where the assumption

More information

TCP/IP Protocol Suite

TCP/IP Protocol Suite TCP/IP Protocol Suite Computer Networks Lecture 5 http://goo.gl/pze5o8 TCP/IP Network protocols used in the Internet also used in today's intranets TCP layer 4 protocol Together with UDP IP - layer 3 protocol

More information

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land IPv6 1 IPv4 & IPv6 Header Comparison IPv4 Header IPv6 Header Ver IHL Type of Service Total Length Ver Traffic Class Flow Label Identification Flags Fragment Offset Payload Length Next Header Hop Limit

More information

4. Basic IP Support Protocols

4. Basic IP Support Protocols 4. Basic IP Support Protocols There are a number of protocols that support the operation of IP. This section will only discuss the most basic three: ICMP, RARP, and ARP. Other more sophisticated protocols

More information

Network layer: Overview. Network Layer Functions

Network layer: Overview. Network Layer Functions Network layer: Overview Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing 1 Network Layer Functions Transport packet from sending to receiving hosts Network layer protocols in every

More information

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. R (2) N (5) Oral (3) Total (10) Dated Sign Experiment No: 1 Problem Definition: Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing. 1.1 Prerequisite:

More information

Computer Network Fundamentals Spring Week 4 Network Layer Andreas Terzis

Computer Network Fundamentals Spring Week 4 Network Layer Andreas Terzis Computer Network Fundamentals Spring 2008 Week 4 Network Layer Andreas Terzis Outline Internet Protocol Service Model Addressing Original addressing scheme Subnetting CIDR Fragmentation ICMP Address Shortage

More information

Network Layer. The Network Layer. Contents Connection-Oriented and Connectionless Service. Recall:

Network Layer. The Network Layer. Contents Connection-Oriented and Connectionless Service. Recall: Network Layer The Network Layer Recall: The network layer is responsible for the routing of packets The network layer is responsible for congestion control 1 2 Contents 4.1.1 Connection-Oriented and Connectionless

More information

Network Layer. Recall: The network layer is responsible for the routing of packets The network layer is responsible for congestion control

Network Layer. Recall: The network layer is responsible for the routing of packets The network layer is responsible for congestion control The Network Layer 1 Network Layer Recall: The network layer is responsible for the routing of packets The network layer is responsible for congestion control 2 Contents Connection-Oriented (virtual circuit)

More information

Configuring Advanced Firewall Settings

Configuring Advanced Firewall Settings Configuring Advanced Firewall Settings This section provides advanced firewall settings for configuring detection prevention, dynamic ports, source routed packets, connection selection, and access rule

More information

CIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1

CIS-331 Final Exam Spring 2016 Total of 120 Points. Version 1 Version 1 1. (25 Points) Given that a frame is formatted as follows: And given that a datagram is formatted as follows: And given that a TCP segment is formatted as follows: Assuming no options are present

More information

Lecture 8. Network Layer (cont d) Network Layer 1-1

Lecture 8. Network Layer (cont d) Network Layer 1-1 Lecture 8 Network Layer (cont d) Network Layer 1-1 Agenda The Network Layer (cont d) What is inside a router Internet Protocol (IP) IPv4 fragmentation and addressing IP Address Classes and Subnets Network

More information

LECTURE 8. Mobile IP

LECTURE 8. Mobile IP 1 LECTURE 8 Mobile IP What is Mobile IP? The Internet protocol as it exists does not support mobility Mobile IP tries to address this issue by creating an anchor for a mobile host that takes care of packet

More information

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition ELEC / COMP 177 Fall 2016 Some slides from Kurose and Ross, Computer Networking, 5 th Edition Presentation 2 Security/Privacy Presentations Nov 3 rd, Nov 10 th, Nov 15 th Upload slides to Canvas by midnight

More information

EP2120 Internetworking/Internetteknik IK2218 Internets Protokoll och Principer

EP2120 Internetworking/Internetteknik IK2218 Internets Protokoll och Principer EP2120 Internetworking/Internetteknik IK2218 Internets Protokoll och Principer Homework Assignment 1 (Solutions due 20:00, Mon., 10 Sept. 2018) (Review due 20:00, Wed., 12 Sept. 2018) 1. IPv4 Addressing

More information

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer SE 4C03 Winter 2003 Final Examination Answer Key Instructor: William M. Farmer (1) [2 pts.] Both the source and destination IP addresses are used to route IP datagrams. Is this statement true or false?

More information

IPv4. Christian Grothoff.

IPv4. Christian Grothoff. IPv4 christian@grothoff.org http://grothoff.org/christian/ Sites need to be able to interact in one single, universal space. Tim Berners-Lee 1 The Network Layer Transports datagrams from sending to receiving

More information

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Janno< Administrivia IP out today. Your job: Find partners and tell us Implement

More information

Configuring IP Services

Configuring IP Services This module describes how to configure optional IP services. For a complete description of the IP services commands in this chapter, refer to the Cisco IOS IP Application Services Command Reference. To

More information

Aside: Interaction with Link Layer Computer Networking. Caching ARP Entries. ARP Cache Example

Aside: Interaction with Link Layer Computer Networking. Caching ARP Entries. ARP Cache Example Aside: Interaction with Link Layer 15-441 Computer Networking Lecture 8 Addressing & Packets How does one find the Ethernet address of a? ARP Broadcast search for address E.g., who-has 128.2.184.45 tell

More information

K2289: Using advanced tcpdump filters

K2289: Using advanced tcpdump filters K2289: Using advanced tcpdump filters Non-Diagnostic Original Publication Date: May 17, 2007 Update Date: Sep 21, 2017 Topic Introduction Filtering for packets using specific TCP flags headers Filtering

More information

IPv4 and IPv6 Commands

IPv4 and IPv6 Commands This module describes the Cisco IOS XR software commands used to configure the IPv4 and IPv6 commands for Broadband Network Gateway (BNG) on the Cisco ASR 9000 Series Router. For details regarding the

More information

THE "TRIBE FLOOD NETWORK 2000" DISTRIBUTED DENIAL OF SERVICE ATTACK TOOL

THE TRIBE FLOOD NETWORK 2000 DISTRIBUTED DENIAL OF SERVICE ATTACK TOOL TFN2K - An Analysis Jason Barlow and Woody Thrower AXENT Security Team February 10, 2000 (Updated March 7, 2000) Revision: 1.3 Abstract This document is a technical analysis of the Tribe Flood Network

More information

Telecom Systems Chae Y. Lee. Contents. Overview. Issues. Addressing ARP. Adapting Datagram Size Notes

Telecom Systems Chae Y. Lee. Contents. Overview. Issues. Addressing ARP. Adapting Datagram Size Notes Internetworking Contents Overview Functions Issues Basic Delivery Unit Addressing Datagram Delivery ARP IPv4 Header Adapting Datagram Size Notes 2 Overview - Example 3 Direct Delivery 4 Indirect Delivery

More information

Introduction to Internetworking

Introduction to Internetworking Introduction to Internetworking Introductory terms Communications Network Facility that provides data transfer services An internet Collection of communications networks interconnected by bridges and/or

More information

Table of Contents 1 System Maintaining and Debugging 1-1

Table of Contents 1 System Maintaining and Debugging 1-1 Table of Contents 1 System Maintaining and Debugging 1-1 System Maintaining and Debugging 1-1 Ping 1-1 Introduction 1-1 Configuring Ping 1-1 Ping Configuration Example 1-2 Tracert 1-4 Introduction 1-4

More information

History Page. Barracuda NextGen Firewall F

History Page. Barracuda NextGen Firewall F The Firewall > History page is very useful for troubleshooting. It provides information for all traffic that has passed through the Barracuda NG Firewall. It also provides messages that state why traffic

More information

ROUTING INTRODUCTION TO IP, IP ROUTING PROTOCOLS AND PROXY ARP

ROUTING INTRODUCTION TO IP, IP ROUTING PROTOCOLS AND PROXY ARP IP ROUTING INTRODUCTION TO IP, IP ROUTING PROTOCOLS AND PROXY ARP Peter R. Egli 1/37 Contents 1. IP Routing 2. Routing Protocols 3. Fragmentation in the IP Layer 4. Proxy ARP 5. Routing and IP forwarding

More information

Lab Two Using Wireshark to Discover IP NAME:

Lab Two Using Wireshark to Discover IP NAME: Lab Two Using Wireshark to Discover IP NAME: In this lab, we ll investigate the IP protocol, focusing on the IP datagram. We ll do so by analyzing a trace of IP datagrams sent and received by an execution

More information

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management CSE/EE 461 Lecture 13 Connections and Fragmentation Tom Anderson tom@cs.washington.edu Peterson, Chapter 5.2 TCP Connection Management Setup assymetric 3-way handshake Transfer sliding window; data and

More information

Department of Computer Science and Engineering. COSC 4213: Computer Networks II (Fall 2005) Instructor: N. Vlajic Date: November 3, 2005

Department of Computer Science and Engineering. COSC 4213: Computer Networks II (Fall 2005) Instructor: N. Vlajic Date: November 3, 2005 Department of Computer Science and Engineering COSC 4213: Computer Networks II (Fall 2005) Instructor: N. Vlajic Date: November 3, 2005 Midterm Examination Instructions: Examination time: 75 min. Print

More information

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet

More information

Computer Networks Security: intro. CS Computer Systems Security

Computer Networks Security: intro. CS Computer Systems Security Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication

More information

CSc 466/566. Computer Security. 18 : Network Security Introduction

CSc 466/566. Computer Security. 18 : Network Security Introduction 1/81 CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:57:28 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg

More information

Information Network Systems The network layer. Stephan Sigg

Information Network Systems The network layer. Stephan Sigg Information Network Systems The network layer Stephan Sigg Tokyo, November 1, 2012 Error-detection and correction Decoding of Reed-Muller codes Assume a second order (16, 11) code for m = 4. The r-th order

More information

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents Table of Contents Table of Contents... 1-1 1.1 IP Addressing Overview... 1-1 1.1.1 IP Address Classes... 1-1 1.1.2 Special Case IP Addresses... 1-2 1.1.3 Subnetting and Masking... 1-2 1.2 Configuring IP

More information

CMPE 80N: Introduction to Networking and the Internet

CMPE 80N: Introduction to Networking and the Internet CMPE 80N: Introduction to Networking and the Internet Katia Obraczka Computer Engineering UCSC Baskin Engineering Lecture 17 CMPE 80N Spring'10 1 Announcements Next class: Presentation of fun projects

More information

CSCD58 WINTER 2018 WEEK 6 - NETWORK LAYER PART 1. Brian Harrington. February 13, University of Toronto Scarborough

CSCD58 WINTER 2018 WEEK 6 - NETWORK LAYER PART 1. Brian Harrington. February 13, University of Toronto Scarborough CSCD58 WINTER 2018 WEEK 6 - NETWORK LAYER PART 1 Brian Harrington University of Toronto Scarborough February 13, 2018 ADMIN Assignments Midterm after reading week (Feb 27) In class Covering everything

More information

Configuring IP Services

Configuring IP Services CHAPTER 8 Configuring IP Services This chapter describes how to configure optional IP services supported by the Cisco Optical Networking System (ONS) 15304. For a complete description of the commands in

More information

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP) Chapter 9 Internet Control Message Protocol (ICMP) مترجم : دکتر محمد حسین یغمایی 1 TCP/IP Protocol Suite CONTENTS TYPES OF MESSAGES MESSAGE FORMAT ERROR REPORTING QUERY CHECKSUM ICMP PACKAGE مترجم : دکتر

More information