Course Contents PART 1 Overview and Introduction PART 2 Communication Reference Models PART 3 Data Communication Fundamentals and Physical Layer PART 4 Datalink Layer and Emerging Network Technologies PART 5 The Network Layer and The Internet Protocol Suite Page 5a-1 The TCP/IP protocol Stack Page 5a-2
Ethernet and IEEE 802.x LANs & TCP/IP (1) TCP/IP, as an internetwork protocol suite, can operate over a large number of physical networks. The most common and widely used of these protocols is Ethernet. As discussed in the previous chapter, two frame formats can be used on the Ethernet networks: The Ethernet (or DIX Ethernet or Ethernet V2.). The international IEEE 802.3 standard. The difference between the two standards is in the use of one of the header fields, which contains a protocol-type number for Ethernet and the length of the data in the frame for IEEE 802.3. Page 5a-3 Ethernet and IEEE 802.x LANs & TCP/IP (2) In Ethernet frame a data field length is up to 1500 bytes, and Ether type is greater than 1500. In the 802.3 MAC frame, the length of the data field is indicated in the 802.3 header (>1500). The type of protocol it carries is then indicated in the 802.2 header. Page 5a-4
Ethernet and IEEE 802.x LANs & TCP/IP (3) For all practical purposes, the Ethernet physical layer and the IEEE 802.3 physical layer are compatible. However, the Ethernet data link layer and the IEEE 802.3/802.2 data link layer are incompatible. The 802.2 Logical Link Control (LLC) layer above IEEE 802.3 uses a concept known as link service access point (LSAP), which uses a 3-byte header, where DSAP and SSAP stand for destination and source service Access Point respectively. Numbers for these fields are assigned by an IEEE committee. In the evolution of TCP/IP, three standards were established that describe the encapsulation of IP, ARP and RARP frames on these networks. Page 5a-5 Ethernet and IEEE 802.x LANs & TCP/IP (4) Standard for the Transmission of IP datagrams over Ethernet Networks specifies only the use of Ethernet type of networks. The values assigned to the type field are: a. 2048 (hex 0800), for IP datagrams b. 2054 (hex 0806), for ARP datagrams c. 32821 (hex 8035), for RARP datagrams Page 5a-6
Ethernet Packet Decoding (1) Decoding means understanding the fields of the headers of a packet to determine the information needed to process the packet in correct way. For example from the packet segment shown we need to determine: 1. the Destination and Source Hardware (MAC) addresses, 2. the type of packet frame (Ethernet or IEEE 802.3), 3. the length of data or the type of protocol encapsulated. Page 5a-7 Ethernet Packet Decoding (1) Sol: DA (6 bytes)= 00:11:09:C1:10:08 SA (6 bytes)= 00:10:7B:47:BB:D3 Type or Length? (2 bytes)= 0x0800 (2048 > 1500) Protcol Type Packet Type Ethernet So, Protocol Type Encapsulated =2048 IP Page 5a-8
Internet Layer Protocols Protocols associated with the IP network layer are: The Internet Protocol The Internet Control Message Protocol (ICMP) and The Address Resolution Protocol (ARP)/RARP. The (IP) protocol operates at the network layer and provides a best effort network layer service for connecting computers to form a computer network. The (ARP) isusedtomapipnetworkaddressestothe hardware addresses used by a data link protocol such as IPto-MAC mapping in Ethernet networks. The (ICMP) protocol is used to report problems with delivery of IP datagrams within an IP network. Page 5a-9 IP Packet Header Decoding (1) The IP datagram header consists of 20 bytes of data. An option exists within the header, which allows further optional bytes to be added. Page 5a-10
IP Packet Header Decoding (2) Flags (a sequence of three flags): used to control whether a packet is allowed to fragment or not and to indicate the last part of a packet to the receiver. Fragmentation Offset: This is used to aid the reassembly of the full datagram. The value in this field contains the number of 64-bit segments (header bytes are not counted) contained in earlier fragments. If this is the first (or only) fragment, this field contains a value of zero. TTL: Time To Live: (Number of hops/links which the packet may be routed over. Protocol: It indicates the type of the higher-level protocol to which IP being carried by this datagram. Here we include some examples of protocol types. Examples: - 0: Reserved, 1: Internet Control Message Protocol (ICMP), 4: IP (IP encapsulation), 6: Transmission Control Protocol (TCP), 17: User Datagram Protocol (UDP), 89: Open Shortest Path First Page 5a-11 IP Packet Header Decoding (3) Page 5a-12
IP Packet Header Decoding (4) Example: We need to get the header information according the definitions above. Page 5a-13 IP Packet Header Decoding (5) Sol.: Ethernet Header: DA (6 bytes)= 00:11:09:C1:10:08 SA (6 bytes)= 00:10:7B:47:BB:D3 Type or Length? (2 bytes)= 0x0800 (2048 > 1500) Protcol Type Packet Type Ethernet So, Protocol Type Encapsulated =2048 IP Not passed to D.L Page 5a-14
IP Packet Header Decoding (6) Sol. continued: IP header Info.: * IP Ver. (4-bits): 4 IPver.4 * IP Header Length (IHL) = 5 x 4 bytes =20 bytes. (no padding) * The type of service field is the next byte, which is 0x00 * Thetotal length field, the next 2 bytes=0x0028=40 bytes Data length = total length - header length = 40 20 = 20 bytes Page 5a-15 IP Packet Header Decoding (8) Sol. continued: Next, The IP Identification number (2bytes), 0x0025 It is used in conjunction with the next two bytes (flags and offset) to control fragmentation The flags field, the next 3-bits =0x4000 (010000000..0) means No fragmentation, The fragmentation offset (13-bits) = 0 (means the first packet in the data) Page 5a-16
IP Packet Header Decoding (9) Sol. continued: Looking for the next byte to get the TTL (1-byte) which gives TTL= 0x27 = 32+7=39 (This means the packet travel for (64-39=25 hops). * Theprotocol field is the next byte, which is 0x06, means that the encapsulated higher level protocol is the TCP. *Theheader checksum field, the next 2 bytes=0xfdd3 Page 5a-17 IP Packet Header Decoding (9) Sol. continued: Looking for the next 4-bytes to get the IP source address: which gives IP source = C1.71.A0.0D = 193.113.160.13 Looking for the next 4-bytes to get the IP source address: which gives IP destination = C1.E3.32.75 = 193.227.50.117 There is no options or padding, so the next header of TCP will start. 00 19 F3 01 42 40 CC C2 90 9F EE 8C Page 5a-18
TCP Segment Format (1) Page 5b-19 TCP Segment Decoding (1) For the following Ethernet packet find: i) The IP addresses of sender and receiver, ii) Type of the transport protocol, iii) The used ports and application layer protocol type, iv) Is it request or replay packet?, and v) The available window size. Sol. * Type of transport protocol = 0x06 TCP IP addresses Source = C1.71.A0.0D = 193.113.160.13 Destination = C1.E3.32.75 = 193.227.50.117 Source port = 0x19 = 25 Destination port = 0xF301= Header length = 4*4=16 byte * Flags = 010000 ACK = 1 Replay packet. * Windows size = 0xFD5C = 64860 Page 5b-20
UDP datagram Decoding (1) Each UDP datagram is sent within a single IP datagram. Although, the IP datagram may be fragmented during transmission, the receiving IP implementation will reassemble it before presenting it to the UDP layer. The UDP datagram has a 16-byte header: Source Port: Indicates the port of the sending process. Destination Port: the port of the destination process on the dest. host Length: The length (in bytes) of this user datagram, including the header. Checksum: check sum for the UDP header, and the UDP data. Bit 1 0 Bit 15 Bit 16 Bit 31 Source port (16) Destination port (16) Length (16) Checksum (16) 8 Bytes Data (if any) Page 5b-21 UDP datagram Decoding (2) For the following Ethernet packet segment find: i) The IP addresses of sender and receiver, ii) Type of the transport protocol, iii) The used ports and application layer protocol type, FF FF FF FF FF FF 00 0C DB 56 7C 00 08 00 45 00 01 19 74 6C 00 00 7E 11 BD 67 0A 11 0F F5 EF FF FF FA 07 6C 07 6C 01 05 14 E8 4E 4F 54 49 46 59 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A 48 4F 53 Sol.: DA (6 bytes)= FF:FF:FF:FF:FF:FF SA (6 bytes)= 00:0C:DB:56:7C:00 Protocol Type Encapsulated =2048 IP IP Ver. (4-bits): 4 IPver.4 IP Header Length (IHL) = 5 x 4 bytes =20 bytes. (no padding) The type of service field is the next byte, which is 0x00 The total length field, the next 2 bytes=0x0119=281 bytes Data length = total length-header length= 281 20 = 261 bytes The IP Identification number (2bytes), 0x746C The flags field, the next 3-bits =0x0000 (000000000..0) No fragment., Page 5b-22
UDP datagram Decoding (3) FF FF FF FF FF FF 00 0C DB 56 7C 00 08 00 45 00 01 19 74 6C 00 00 7E 11 BD 67 0A 11 0F F5 EF FF FF FA 07 6C 07 6C 01 05 14 E8 4E 4F 54 49 46 59 20 2A 20 48 54 54 50 2F 31 2E 31 0D 0A 48 4F 53 Sol.: TTL=0x7E=126, Protocol code =0x11=17 UDP The header checksum field, the next 2 bytes=0xbd67 S. IP (4 bytes)= 0A.11.0F.F5 = 10.17.15.245 D.IP (4 bytes) = EF.FF.FF.FA = 239.255.255.250 There is no options or padding, so the next header of UDP will start. Source Port = 0x076C = 1900 Dest. Port = 0x076C = 1900 P. Length = 0x0105 = 261 Checksum = 0x14E8 Data 4E 4f 54 49 46 59.... Bit 1 0 Bit 15 Bit 16 Bit 31 Source port (16) Destination port (16) Length (16) Checksum (16) 8 Bytes Data (if any) Page 5b-23 Ports and Sockets (2) Ex.2.For the following Ethernet packet, find the local and foreign half associations as well as the full association of the connection. 00 16 EC 00 03 A8 00 0C DB 56 7C 00 08 00 45 00 00 93 39 AC 00 00 69 11 76 E8 52 F0 59 7E C1 E3 32 74 FF FA 12 45 00 7F 02 0F E4 28 CB 77 EA 04 Sol. (UDP,82.240.89.126,65530) (UDP,193.227.50.116,4677) (UDP, 82.240.89.126,65530, 193.227.50.116,4677) Page 5b-24
Ports and Sockets (1) Ex.1. For the following Ethernet packet, find the local and foreign half associations as well as the full association of the connection. 00 11 09 C1 10 08 00 10 7B 47 BB D3 08 00 45 00 00 28 00 25 40 00 27 06 FD D3 C1 71 A0 0D C1 E3 32 75 00 19 F3 01 42 40 CC C2 90 9F EE 8C 50 10 FD 5C DB 55 00 00 00 00 00 00 00 00 Sol. (TCP,193.113.160.13,25) & (TCP,193.227.50.117, 62209) (TCP,193.113.160.13,25,193.227.50.117, 62209) Page 5b-25 Address Resolution Protocol (ARP) Header Decoding (1) There are four types of ARP messages that may be sent by the ARP protocol. These are identified by four values in the "operation" field of an ARP message. The types of message are: 1. ARP request 2. ARP reply 3. RARP request 4. RARP reply Page 5a-26
Address Resolution Protocol (ARP) Header Decoding (2) Hardware Type: indicates the physical address type (for Ethernet is 1). Protocol Type: contains the protocol address type (for IP is 0x800). Hardware Address Length: the physical address length (for Ethernet is 6). Protocol Address Length: the protocol address length (for IPv4 is 4). Operation: is the command; in our case we'll see ARP Request and ARP Replay Sender HA, IP: the H/W and IP address of the sender Target HA, IP: the H/W and IP address of the target Page 5a-27 Address Resolution Protocol (ARP) Header Decoding (3) Determine the header information of the following packet. FF FF FF FF FF FF 00 0C DB 56 7C 00 08 06 00 01 08 00 06 04 00 01 00 0C DB 56 7C 00 C1 E3 33 C1 00 00 00 00 00 00 C1 E3 33 D1 00 Sol. -DA=FF:FF:FF:FF:FF:FF -SA= 00:0C:DB:56:7C:00 -Protocol: 0x806 ARP -Hardware Type: 0x0001 -Protocol Type: 0x800 (IP protocol) -HLEN=0x06=6 bytes -PLEN=0x04=4 -Operation=0x01 ARP Query H/W SA= 00:0C:DB:56:7C:00 IP SA=C1.E3.33.C1=193.227.51.193 H/W DA= 00:00:00:00:00:00 IP DA = C1 E3 33 D1 = 193.227.51.206 Page 5a-28
ICMP Header Decoding (1) It is the responsibility of the network layer (IP) protocol to ensure that the ICMP message is sent to the correct destination by: Setting the destination address of the IP packet Setting the source address of the computer generating the ICMP ECHO request The IP protocol type is set to "ICMP" (01) The format of an ICMP message is shown Page 5b-29 ICMP Header Decoding (2) ICMP Message Types Echo Request (8) Echo Replay (0) Destination Unreachable (3) Time Exceeded (11) Redirect (route change) (5) Traceroute (30) there are more... http://www.iana.org/assignments/icmp-parameters Many of these ICMP types have a "code" field that indicates the reason of the error message. The "ping and Traceroute programs contain client interface to ICMP. Page 5b-30
ICMP Header Decoding (3) 00 0C DB 56 7C 00 00 30 4F 11 72 98 08 00 45 00 00 3C 70 07 00 00 80 01 E1 21 C1 E3 33 CE C1 E3 32 03 08 00 4A 14 01 00 02 48 61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 Sol.: IP header (0x800) - Protocol type = 01 ICMP - source IP = C1.E3.33.CE = 193.227.51.206 - Dest. IP = C1.E3.32.03 = 193.227.50.3 ICMP header - Type= 0x08 Echo Request - Operation Code = 0x00 = Page 5b-31