Network Security. Introduction to networks. Radboud University, The Netherlands. Autumn 2015

Similar documents
Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

TCP /IP Fundamentals Mr. Cantu

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Packet Header Formats

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Vorlesung Kommunikationsnetze

cs144 Midterm Review Fall 2010

Applied Networks & Security

CHAPTER-2 IP CONCEPTS

EE 610 Part 2: Encapsulation and network utilities

Interconnecting Networks with TCP/IP

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

ECE4110 Internetwork Programming. Introduction and Overview

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Network Technology 1 5th - Transport Protocol. Mario Lombardo -

TCP/IP Protocol Suite

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

IP - The Internet Protocol

Lecture 11: IP routing, IP protocols

Network Model. Why a Layered Model? All People Seem To Need Data Processing

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

TSIN02 - Internetworking

Written examination in Computer Networks

TSIN02 - Internetworking

Networking Technologies and Applications

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

Introduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Sirindhorn International Institute of Technology Thammasat University

9th Slide Set Computer Networks

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16

6.1 Internet Transport Layer Architecture 6.2 UDP (User Datagram Protocol) 6.3 TCP (Transmission Control Protocol) 6. Transport Layer 6-1

ICS 351: Networking Protocols

ECE 650 Systems Programming & Engineering. Spring 2018

Introduction to TCP/IP networking

ECE 4450:427/527 - Computer Networks Spring 2017

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

The Internet Protocol (IP)

Internet Protocols (chapter 18)

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis

ICS 451: Today's plan

ECE 358 Project 3 Encapsulation and Network Utilities

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Network layer: Overview. Network Layer Functions

University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

Networking Fundamentals

TCP/IP Networking Basics

CS 457 Lecture 11 More IP Networking. Fall 2011

Fundamentals of Computer Networking AE6382

TSIN02 - Internetworking

Network Protocols - Revision

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

SEN366 (SEN374) (Introduction to) Computer Networks

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Introduction to Networks and the Internet

CSCI-GA Operating Systems. Networking. Hubertus Franke

Hands-On Ethical Hacking and Network Defense

CIS 551 / TCOM 401 Computer and Network Security

K2289: Using advanced tcpdump filters

NWEN 243. Networked Applications. Layer 4 TCP and UDP

McGraw-Hill The McGraw-Hill Companies, Inc., 2000

network security s642 computer security adam everspaugh

Network Layer: Internet Protocol

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

IP Basics Unix/IP Preparation Course June 29, 2010 Pago Pago, American Samoa

User Datagram Protocol

Networking. Chapter How to identify machines on internet Ports

QUIZ: Longest Matching Prefix

Review of Important Networking Concepts

CCNA Exploration Network Fundamentals. Chapter 04 OSI Transport Layer

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

IPv4. Christian Grothoff.

Understanding the Network: A practical Guide to Internetworking Michael J. Martin

Computer Networks. Lecture 9 Network and transport layers, IP, TCP, UDP protocols

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

Your Name: Your student ID number:

Module 7 Internet And Internet Protocol Suite

OSI Transport Layer. objectives

TSIN02 - Internetworking

Data Communication Prof. A. Pal Department of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture 34 TCP/ IP I

TSIN02 - Internetworking

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

TCP/IP Network Essentials

Chapter 2 Advanced TCP/IP

Experiential Learning Workshop on Transport & IP Routing

Different Layers Lecture 20

Department of Computer and IT Engineering University of Kurdistan. Network Layer. By: Dr. Alireza Abdollahpouri

EXAMGOOD QUESTION & ANSWER. Accurate study guides High passing rate! Exam Good provides update free of charge in one year!

Transcription:

Network Security Introduction to networks Radboud University, The Netherlands Autumn 2015

What is a (computer) network Definition A computer network is two or more computers that are connected, so that information can be transmitted between them. Network Security Introduction to networks 2

Is X a computer network? Your WiFi at home (router, notebook, etc.)? Yes (quite obviously) Facebook? No (a network of people, not of computers) A USB harddrive connected to your laptop? Yes (a USB harddrive is actually a small computer) The World Wide Web? No (network of documents, not of computers) The Internet? Yes (probably the most famous computer network) Your laptop? Yes (many connected independent components ( computers )) The phone network? Yes (phones and backbone infrastructure are (special) computers) Network Security Introduction to networks 3

Networks and protocols Definition A network protocol is a set of rules and conventions of how computers communicate in a certain network. Typical aspects of network protocols Message format, in particular header format Data encoding Allowed messages and expected answers Session initialization and termination Synchronization of communication Network Security Introduction to networks 4

A simple example: netcat Command on tyrion: netcat -lp 51966 Command on arya: echo "Hi tyrion" netcat tyrion 51966 Behind the scenes How/why does arya know tyrion? (or, what does tyrion mean from arya s perspective?) What s the magic value 51966? Could we use another one? Does it have to be the same on tyrion and arya? How does arya know that information should go through the cable? Does it actually go through the cable? What information (sequence of bits) goes through the cable? Network Security Introduction to networks 5

The lowest level: Ethernet Simple case: place bits on a cable, all computers connected to this cable can see the bits Ethernet specifies what cables and bits look like More interesting for us: Ethernet has unique identifiers for network interfaces MAC address: 48 bit physical address MAC stands for media access control Specified in IEEE 802, not only used by Ethernet Ethernet ensures that bits are correctly transmitted Transmit data in frames Detect and recover from collisions Ethernet uses a 32-bit checksum Network Security Introduction to networks 6

The Ethernet frame Preamble Start of Destination Source 802.1Q tag Ethertype Payload Frame check sequence Interpacket Delimiter MAC address MAC address (optional) or Length (32-bit CRC) gap 7 Bytes 1 Byte 6 Bytes 6 Bytes (4 Bytes) 2 Bytes 46 1500 Bytes 4 Bytes 12 Bytes (42 1500 Bytes) Most interesting for us: MAC addresses (and payload) Minimal payload size is 46 bytes (without 802.1Q tag) or 42 bytes (with 802.1Q tag) Gigabit Ethernet defines Jumbo Frames with payload >1500 bytes Network Security Introduction to networks 7

From physical to logical addresses: IP MAC addresses are (more or less) fixed Not very flexible for logical configuration of networks: Imagine replacing a computer Imagine replacing just a network card Want some hierarchy in addresses for large networks Higher-level, logical addresses provided by the Internet Protocol (IP) Multiple versions of IP, most important: IPv4 and IPv6 For the moment, only consider IPv4: 32-bit addresses (typically written in dotted decimal) Hostnames, such as tyrion or arya are aliases for such an IP address Multiple mechanisms to map hostnames to IP addresses, easiest one: /etc/hosts Entry in /etc/hosts on tyrion: 192.168.42.2 arya Entry in /etc/hosts on arya: 192.168.42.1 tyrion Network Security Introduction to networks 8

IP networks and addresses IP addresses have a network part and a host part Hosts with the same network part are directly reachable Access to hosts with a different network part needs to go through gateway (later in this lecture) Beginning of IP: First byte for network, last three bytes for host More flexible: Classes A,B,C for different splitting of network and host part Today: variable-length subnet masks (VLSM): Specify how far the network part reaches through a bitmask Example: Netmask 255.255.255.0 means that the first 3 bytes are network part Example 2: Netmask 255.224.0.0 means that the first 11 bits are network part Specify network together with mask, e.g: Example: 192.168.42.0/24 Network Security Introduction to networks 9

Assigning an IP address to a network interface Network interfaces in Linux have logical names First ethernet interface: eth0 First WiFi interface (typically): wlan0 Configuration of IP address on tyrion: root@tyrion# ip addr add 192.168.42.1/24 dev eth0 Configuration of IP address on arya: root@arya# ip addr add 192.168.42.2/24 dev eth0 Network Security Introduction to networks 10

Some special IP address ranges 10.0.0.0/8: Private network (not reachable from the Internet) 172.16.0.0/12: Private network 192.168.0.0/16: Private network 169.254.0.0/16: Link local (direct physical connection) 127.0.0.0/8: Loopback, important host: 127.0.0.1 (localhost) Picture source: http://ars.userfriendly.org/cartoons/?id=20010523 Network Security Introduction to networks 11

The IP header 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Version IHL DSCP ECN Total Length Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source IP Address Destination IP Address Options... Network Security Introduction to networks 12

Address mapping from IP to MAC: ARP arya knows the IP address of tyrion (192.168.42.1) arya knows that she s on the same network as tyrion Needs to find out the MAC address of tyrion Solution: Address resolution protocol (ARP) arya sends ARP who has 192.168.42.1 to MAC broadcast address ff:ff:ff:ff:ff:ff All other computers in the network check whether they have this IP address tyrion answers with ARP reply 192.168.42.1 is at 28:d2:44:54:88:02 arya remembers this information in the ARP cache Network Security Introduction to networks 13

Getting to the right process: TCP Need to be able to distinguish bits that shall go to netcat and bits that go to, e.g, my browser Solution: Transport Control Protocol (TCP) TCP introduces port numbers An end-to-end connection is characterized by Source IP address, destination IP address Source port, destination port Low port numbers (<1024) are well-known ports Examples: 22 (SSH), 25 (SMTP), 80 (HTTP), 443 (HTTPS) Low ports can typically only be opened (used by an application) with root rights TCP does much more than offering ports; e.g: Creates a reliable connection Takes care of retransmissions Congestion control Network Security Introduction to networks 14

The TCP header 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Source Port Destination Port Sequence Number Acknowledgement Number (if ACK set) Data Re- N C E U A P R S F Offset served S W C R C S S Y I Window Size 0 0 0 R E G K H T N N Checksum Urgent pointer (if URG set) Options... Network Security Introduction to networks 15

TCP sessions Before sending data, create TCP connection with three-way handshake: Client sends SYN, SEQ=X Server answers with SYN, ACK, SEQ=Y, ACK=X + 1 Client answers with ACK, SEQ=X + 1, ACK=Y + 1 Negative answer to a SYN is an RST During data transmission, each correctly received byte is acknowledged: Sequence numbers increase with payload bytes sent Acknowledgement numbers are the next expected sequence number Termination of a connection uses a 4-way handshake: Each side terminates independently (through a FIN) Each side acknowledges the FIN of the other side Network Security Introduction to networks 16

Short recap: putting it together tyrion s netcat listens on TCP port 51966 arya looks up the IP address of tyrion: 192.168.42.1 arya sends an ARP request (ARP who has 192.168.42.1) to the broadcast MAC address ff:ff:ff:ff:ff:ff tyrion answers with ARP reply 192.168.42.1 is at 28:d2:44:54:88:02 arya establishes a TCP/IP connection to tyrion (TCP port 51966) arya sends "Hi tyrion" through the established TCP connection TCP segment with destination port 51966 IP packet with source IP addr: 192.168.42.2 and dest. IP addr: 192.168.42.1 Ethernet frame with source MAC addr: 00:1e:68:b8:c7:eb, and dest. MAC addr: 28:d2:44:54:88:02 arya sends all the bits of the Ethernet frame through the cable tyrion receives frame, opens it up, hands payload of TCP segment to the application listening on port 51966 (netcat) tyrion confirms receipt of the TCP segment (ACK) arya closes the session, tyrion closes the session Network Security Introduction to networks 17

Network sockets Berkeley sockets are a network and inter-process communication API Most important functionalities of Berkeley sockets: socket(): creates a new socket bind(): binds a socket to an address and port (typically on the server) listen(): go into listen state, announce size of input buffer (server side) accept(): block until connection then create new communication socket (server side) connect(): Connect to remote listening socket send(): Send data through connected socket recv(): Receive data from connected socket close(): Close the connection, release resources allocated to socket Network Security Introduction to networks 18

netcat client in Python #!/usr/bin/env python import socket host = tyrion port = 51966 s = socket.socket(socket.af_inet, socket.sock_stream) s.connect((host,port)) s.send( Hi tyrion\n ) s.close() Network Security Introduction to networks 19

netcat -l in Python #!/usr/bin/env python import socket host = port = 51966 backlog = 5 bufsize = 1024 s = socket.socket(socket.af_inet, socket.sock_stream) s.bind((host,port)) s.listen(backlog) client, address = s.accept() data = client.recv(bufsize) if data: print data client.close() Network Security Introduction to networks 20

The Internet protocol suite The Internet protocol suite knows four layers: The link layer: Communication of directly connected nodes Physical channel, media access control Examples: Ethernet (IEEE 802.3), WiFi (IEEE 802.11) The internet layer: Connect hosts across networks Host identification and routing Most importantly: IP, ICMP, ARP, DHCP The transport layer: Provides end-to-end communication Can provide a reliable connection (retransmission etc.) Most importantly: TCP, UDP The application layer: Process-to-Process communication Examples: HTTP, SSH, SMTP Network Security Introduction to networks 21

Lightweight communication: UDP For some messages you do not have to ensure that they arrive A TCP session for sending Hi tyrion is like cracking nuts with a sledgehammer Solution: User Datagram Protocol (UDP): No session initialization No session termination No acknowledgements No guaranteed transmission Send your data and hope for the best Network Security Introduction to networks 22

The UDP header 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Source Port Length Destination Port Checksum 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 Source Port Length Destination Port Checksum The Source Port and the Checksum are even optional Network Security Introduction to networks 23

Control messages: ICMP ICMP stands for Internet Control Message Protocol Provides diagnostics and control on the internet layer ICMP messages are in the IP payload (protocol number 1) Most important ICMP messages: Echo request and Echo reply ( ping ) Destination unreachable Redirect message Source quench Network Security Introduction to networks 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback