Basic elements of IP and its interac2on with Ethernet

Similar documents
Donato Ba*aglino Lorenzo Bracciale

Address Resolution APPLIED SECURITY BASICS. Alberto Caponi

McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Lecture 9. Address Resolution Protocol (ARP)

IP: Addressing, ARP, Routing

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

EITF25 Internet- - Techniques and Applica8ons Stefan Höst. L6 Networking and IP

ARP Address Resolu,on Protocol

Basic Internetworking (IP)

CS 356: Computer Network Architectures. Lecture 10: IP Fragmentation, ARP, and ICMP. Xiaowei Yang

ICS 451: Today's plan

CS 43: Computer Networks Switches and LANs. Kevin Webb Swarthmore College December 5, 2017

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Department of Computer and IT Engineering University of Kurdistan. Network Layer. By: Dr. Alireza Abdollahpouri

IP Addressing and Subnetting

LANs and ARP. Networking. Sirindhorn International Institute of Technology Thammasat University. Networking. LANs and ARP.

Network layer: Overview. Network layer functions IP Routing and forwarding NAT ARP IPv6 Routing

Network layer: Overview. Network Layer Functions

CIT 380: Securing Computer Systems. Network Security Concepts

CS 348 Computer Networks. IP and Routing. Indian Institute of Technology, Bombay

Chapter 4: Network Layer

CMPE 150/L : Introduction to Computer Networks. Chen Qian Computer Engineering UCSC Baskin Engineering Lecture 12

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

Internet Protocol (IP)

CS 356: Computer Network Architectures. Lecture 14: Switching hardware, IP auxiliary functions, and midterm review. [PD] chapter 3.4.1, 3.2.

IP addressing and routing. Lorenzo Bracciale Donato Battaglino

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Auxiliary Protocols

Link layer: introduction

Network Administra0on

The Netwok Layer IPv4 and IPv6 Part 2

SIMPLE ROUTER PROJECT 2

IP addressing and routing. Lorenzo Bracciale Donato Battaglino

Chapter 4 Network Layer: The Data Plane

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 16

ECE 4450:427/527 - Computer Networks Spring 2017

Chapter 4: network layer. Network service model. Two key network-layer functions. Network layer. Input port functions. Router architecture overview

CIS 551 / TCOM 401 Computer and Network Security

CSC 401 Data and Computer Communications Networks

The Interconnection Structure of. The Internet. EECC694 - Shaaban

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

CSCI 1800 Cybersecurity and Interna4onal Rela4ons. Design and Opera-on of the Internet John E. Savage Brown University

Vorlesung Kommunikationsnetze

Missing pieces + Putting the pieces together

Module 7 Internet And Internet Protocol Suite

Lecture (03) Internet Protocol tcp/ip> OSI>

Network Layer: Router Architecture, IP Addressing

Internet Protocol Addressing and Routing. Redes TCP/IP

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

Network Layer: DHCP, ICMP, NAT, IPv6

Address and Switching in the Link Layer

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

PART X. Internetworking Part 1. (Concept, IP Addressing, IP Routing, IP Datagrams, Address Resolution)

Exercise 1 INTERNET. x.x.x.254. net /24. net /24. x.x.x.33. x.x.x.254. x.x.x.52. x.x.x.254. x.x.x.254. x.x.x.

MID II Tuesday, 1 st April 2008

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

ECE 435 Network Engineering Lecture 12

ARP, IP. Chong-Kwon Kim. Each station (or network interface) should be uniquely identified Use 6 byte long address

TSIN02 - Internetworking

Agenda L2 versus L3 Switching IP Protocol, IP Addressing IP Forwarding ARP and ICMP IP Routing First Hop Redundancy

Internetworking/Internetteknik, Examination 2G1305 Date: August 18 th 2004 at 9:00 13:00 SOLUTIONS

COMP211 Chapter 4 Network Layer: The Data Plane

CSE/ISE 311: Systems Administra5on Basic Network Organiza5on

Introduction to Internetworking

Internet Protocol (IP)

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

Chapter 4 Network Layer: The Data Plane

Switching & ARP Week 3

Homework 3 Discussion

Configuring IPv4. Finding Feature Information. This chapter contains the following sections:

The Netwok Layer IPv4 and IPv6 Part 1

EC441 Fall 2018 Introduction to Computer Networking Chapter4: Network Layer Data Plane

cs144 Midterm Review Fall 2010

Putting it all together

Computer Networking Introduction

Address Resolution Protocol (ARP), RFC 826

TSIN02 - Internetworking

Chapter 7. ARP and RARP MGH T MGH C I 20

Link Layer and Ethernet

ICS 351: Networking Protocols

The Netwok Layer IPv4 and IPv6 Part 1

Chapter 4 Network Layer: The Data Plane

Link Layer and Ethernet

Network Layer: Data Plane 4-2

Cisco CCNA Basic IP Routing Part I

The Netwok 15 Layer IPv4 and IPv6 Part 3

To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at

To see how ARP (Address Resolution Protocol) works. ARP is an essential glue protocol that is used to join Ethernet and IP.

CS 457 Lecture 11 More IP Networking. Fall 2011

Chapter 4 Network Layer

Communication Networks ( ) / Fall 2013 The Blavatnik School of Computer Science, Tel-Aviv University. Allon Wagner

Master Course Computer Networks IN2097

Chapter Motivation For Internetworking

Unit C - Network Addressing Objectives Purpose of an IP Address and Subnet Mask Purpose of an IP Address and Subnet Mask

Introduction to Computer Networking. Guy Leduc. Chapter 4 Network Layer: The Data Plane. Chapter 4: Network Layer Data Plane

CS 43: Computer Networks. 21: The Network Layer & IP November 7, 2018

CS 3516: Advanced Computer Networks

The Link Layer and LANs: Ethernet and Swiches

The Network 15 Layer IPv4 and IPv6 Part 3

Router Architecture Overview

Lecture 2: Basic routing, ARP, and basic IP

Transcription:

Basic elements of IP and its interac2on with Ethernet IP addressing, Forwarding, ARP, ARP poisoning Marco Bonola, Lorenzo Bracciale Corso di Fondamen2 di Re2 e Segnali Prof. Giuseppe Bianchi A.A. 2010

What we are gong to see... Internet Protocol as a common language to interconnect Networks of different technologies Interac2on between Ethernet and IP Address Resolu2on Protocol with the help of Wireshark Some IP and ARP management with Linux A simple yet powerful aoack ARP poisoning Real deployment LINUX

Internet Protocol Basics

Internet Protocol IP What do we need it for? There are many different LAN technologies (Wifi, Ethernet ) because there are many different needs: wireless connec2vity: UMTS, WiFi, WiMax high speed cable data transfer: FDDI Cheap cable data transfer: Ethernet Low energy consump2on: bluetooth, zigbee How do different hosts on different LAN communicate with each others? Needs a common language! InterNet Protocol

Internet Protocol Mo2va2on The Internet Protocol is designed for use in interconnected systems of packetswitched computer communica2on networks. [...] The internet protocol provides for transmifng blocks of data called datagrams from sources to des)na)ons [...] hop://www.iea.org/rfc/rfc791.txt GPRS UMTS WiFi Internet WiMAX source Token Ring Ethernet des2na2on

Internet Protocol Actors Hosts Routers

IP Address Anatomy Each IPv4 host MUST have an UNIQUE 32 bit iden2fier called IP Address Example: 11010001 01010101 10000001 01100011 Humans don t like long binary string and prefer to use the dooed decimal nota2on: Example 209.85.129.99 human representa2on machine representa2on Well, also IP address expressed in dooed decimal nota2on are hard to remember. Names sounds beoer Example extra service 209.85.129.99 < DNS > www.google.it

Internet Protocol Model of Opera2on What is a ROUTER (Gateway)? A Router interconnects two or more LAN 1 " and implement IP to forward datagrams between these networks. It has one IP address for each LAN it connects 1 not 100% correct, but for our scope it's ok like this ADSL link Op2cal Fiber link WiMAX link "whatever" link WiFi LAN Source: 160.80.103.147 "Whatever" LAN... Des2na2on: 72.14.234.14 Ethernet LAN

Internet Protocol Model of Opera2on "IP datagrams are routed from one internet module to another through individual networks based on the interpreta2on of an internet address" (RFC 791) Applica2on data is encapsulated in IP datagram and sent to des2na2on (we'll se later on how...) Basically for each received datagram, IP looks at the des2na2on IP address and determines whether: 1. the packet is for us the content of the IP datagram is passed to "higher levels" 2. the packet is for someone else a. Router: IP "finds out" the next hop on the same network b. Host: the datagram is discarded This simple behavior is repeated hop by hop from SOURCE to DESTINATION

Example Let we go on Facebook! (wireshark analysis) Traceroute

A prac2cal example Traceroute

IPv4 datagram snapshot en.wikipedia.org/wiki/ipv4

How routers find the way????? to facebook Idea! Each router knows the best next hop for all the possible des2na2ons! Not too smart there are 2^32 possible addresses Idea! We can ask for each packet! With 10 Gbps??? We need a way to group IP addresses and to allow quick lookup

The Mask A mask is a set of 32bit with some 1 followed by 0 Example: 1111.1111 1111.1111 1111.1111 0000.0000 255 255 255 0 /24 binary dooed decimal slash prefix 192.168.1.0 with mask 255.255.255.0 defines a range: from 192.168.1.0 to 192.168.1.255 if we bitwise AND of all these IP addresses with the mask, we obtain the same result: 192.168.1.0

Rou2ng Table How does IP determines the next HOP? A special table that maps a "des2na2on" to a "next hop" is looked up Major fields Des2na2on: host or network Mask: used to match the des2na2on Next Hop: IP address (on the same network of the output device) of the next IP host to which we send the packet Output device: physical device used to send the packet Des)na)on Mask Next HOP Output device 192.168.100.0 255.255.255.0 * eth0 0.0.0.0 0.0.0.0 192.168.100.1 eth0

Forwarding look up algorithm For each received packet ("non local" dest. IP address) for each Rou2ng Table entry the IP des2na2on address is ANDed with the Mask field the result of the previous opera2on is compared with the des2na2on field: if the 2 values match, the packet is passed to the resul2ng output device (and sent to the next hop... we'll see later on how) Otherwise, do nothing and consider the next entry If mul2ple entries match, choose the one with biggest mask (longest prefix match) The last entry is called the "default GW" entry it matches always, but it is the lastest entry to check according to the longest prefix match

Also host has rou2ng tables Host Rou2ng Tables why send packet to a router if the des2na2on is in my LAN?

Forwarding look up example Des)na)on Mask Next HOP Output device 8.8.8.10 255.255.255.255 100.0.0.1 eth1 192.168.1.0 255.255.255.0 * eth0 5.0.0.0 255.255.0.0 200.0.0.1 eth2 4.0.0.0 255.0.0.0 default 0.0.0.0 100.0.0.1 eth3 Example: let we see some rou2ng tables

Private IP addressing IP addresses are not as many as you might think 2^32 addresses = 4 294 967 296 Some are reserved (broadcast, network, link local, experimental, military, etc...) Think of all the devices you have that can access the internet... 3 IP address classes are reserved as "private" 10.0.0.0/8; 172.16.0.0/12; 192.168.0.0/16 Non routable addresses Network Address Transla2on NAT (BAD! BAD! BAD!)

IP and Ethernet interac2on

IP encapsula2on into L2 frames How IP datagrams are physically delivered to des2na2on? Do they fly over birds? (see RFC 1149) IP datagrams are passed to the L2 device driver and encapsulated within L2 frames The specific technology of the output depends on the output device indicated by the matching rou2ng table entry (from now on Ethernet) MAC source/des2na2on address associated to IP source/ des2na2on address of the IP datagram The specific L2 technology is used to send the frame At des2na2on, the Ethernet driver check the MAC address (and the CRC). If the frame is locally addressed, it is passed to the IP layer. Otherwise it is discarded.

MAC ADDRESSES CHANGES IN EACH HOP IP ADDRESSES REMAIN THE SAME Don t believe? Let we sniff packets from a router!

...Is there something missing? Rou2ng decision result: an IP address on this subnet How can we send data to the interfaces? Need to use physical network facili2es! Encapsulate packet in datalink frame Deliver according to local Networking Technology (e.g. Ethernet) to the des2na2on Des2na2on is NOT an IP address but an hardware address We didn't say anything about MAC address

Address Resolu2on Protocol Dynamic mapping not a concern for applica2on & user not a concern for system administrator! Any network layer protocol not IP specific Supported protocol in datalink layer not a datalink layer protocol!!!! Need datalink with broadcas2ng capability e.g. Ethernet shared bus Note: ARP NOT STRICTLY NECESSARY! May have manual IP MAC mapping Tedious, error prone, requires manual upda2ng E.g. when aoaching a new PC must touch all others 32 bit IP address ARP RARP 48 bit Ethernet Address ARP: RFC 826 Here described for Ethernet, but valid for more general networks: designed for any datalink with broadcast capabilides

ARP idea 131.175.15.8 131.175.15.12 131.175.15.124???? Not me!???? That's me! Who has IP address 131.175.15.124?? Send broadcast request

ARP idea 131.175.15.8 131.175.15.12 131.175.15.124 That s me! 0:0:a2:32:5a:3 Receive unicast response

ARP Cache Avoids arp request for every IP datagram! Entry life2me defaults to 20min deleted if not used in this 2me 3 min for incomplete cache entries (arp requests to non existent host) it may be changed in some implementa2ons in par2cularly stable (or dynamic) environments Upda2ng the cache ARP requests carry requestor IP/MAC pair ARP requests are broadcast thus, they MUST be read by everyone Therefore, it comes for free, for every computer, to update its cache with requestor pair Cannot do this with ARP reply, as it is unicast!

Sample ARP request/reply Wireshark capture Arp cache

ARP request/reply Encapsula2on in Ethernet Frame 6 bytes 6 bytes 2B 28 bytes (for IP) 4 bytes Ethernet des2na2on address Ethernet source address type ARP Request / Reply Ethernet Destination Address ff:ff:ff:ff:ff:ff (broadcast) for ARP request Ethernet Source Address of ARP requester CRC Frame Type ARP request/reply: 0x0806 RARP request/reply: 0x8035 IP datagram: 0x0800 Protocol demul2plexing codes!

ARP request/reply format 0 7 8 15 16 31 Hardware Type Protocol Type Hardware len Protocol len ARP opera2on Sender MAC address (bytes 0 3) Sender MAC address (bytes 4 5) Sender IP address (bytes 2 3) Dest MAC address (bytes 2 5) Dest IP address (bytes 0 3) Sender IP address (bytes 0 1) Dest MAC address (bytes 0 1) 28 bytes Hardware type: 1 for ethernet Protocol type: 0x0800 for IP (0000.1000.0000.0000) the same of Ethernet header field carrying IP datagram! Hardware len = 6 bytes (for ethernet) Protocol len = 4 bytes for IP ARP opera2on: 1=request; 2=reply; 3/4=RARP req/reply

Sample ARP request/reply IP: 131.175.15.8 MAC: 0:0:8c:3d:54:1 IP: 131.175.15.24 MAC: 0:4f:33:3:ee:67 Ethernet Packet: ARP REQUEST Ethernet Packet: ARP reply FF:FF:FF:FF:FF:FF 00:00:8c:3d:54:01 0x0806 0x0001 0x0800 0x06 0x04 0x0001 00:00:8c:3d:54:01 131.175.15.8 00:00:00:00:00:00 131.175.15.24 checksum dest MAC src MAC ARP frame type Ethernet / IP MAC=6 / IP=4 / rq=1,rpl=2 src MAC src IP dest MAC dest IP Ethernet checksum 00:00:8c:3d:54:01 00:4f:33:03:ee:67 0x0806 0x0001 0x0800 0x06 0x04 0x0002 00:4f:33:03:ee:67 131.175.15.24 00:00:8c:3d:54:01 131.175.15.8 checksum

ARP Cache Linux ip neighbor arp tables management

ARP poisoning Theory

ARP Poisoning Weaknesses: ARP does not involve any authen2ca2on mechanism Many OS accept unsolicited ARP replies How: Spoof ARP replies Spoof ICMP packet to solicit an ARP request then spoof ARP replay (against smart OS) This aoack is safer in a switched LAN, where only the vic2ms see ARP replies, rather then on HUB

Arp poisoning I m 10.0.0.1 SWITCH 00:00:00:00:00:44 STA2 10.0.0.2 00:00:00:00:00:22 STA3 10.0.0.3 00:00:00:00:00:33 STA1 10.0.0.1 00:00:00:00:00:11

Arp poisoning Destination MAC Address IP address 00:00:00:00:00:44 10.0.0.1 00:00:00:00:00:33 10.0.0.3 SWITCH 00:00:00:00:00:44 SWITCH STA2 10.0.0.2 00:00:00:00:00:22 STA3 10.0.0.3 00:00:00:00:00:33 STA1 10.0.0.1 00:00:00:00:00:11

ARP poisoning Prac2ce

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback