Chapter 2 Advanced TCP/IP

Similar documents
TCP /IP Fundamentals Mr. Cantu

TCP/IP Protocol Suite

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

ET4254 Communications and Networking 1

IPv6 Protocols and Networks Hadassah College Spring 2018 Wireless Dr. Martin Land

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August 1964

ETSF05/ETSF10 Internet Protocols Network Layer Protocols

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

CHAPTER-2 IP CONCEPTS

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

IPv6. IPv4 & IPv6 Header Comparison. Types of IPv6 Addresses. IPv6 Address Scope. IPv6 Header. IPv4 Header. Link-Local

Vorlesung Kommunikationsnetze

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

RMIT University. Data Communication and Net-Centric Computing COSC 1111/2061. Lecture 2. Internetworking IPv4, IPv6

TSIN02 - Internetworking

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

EE 610 Part 2: Encapsulation and network utilities

Computer Networks. Lecture 9 Network and transport layers, IP, TCP, UDP protocols

Internet Protocols (chapter 18)

Internet Protocol, Version 6

Hands-On Ethical Hacking and Network Defense

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

MODULE: NETWORKS MODULE CODE: CAN1102C. Duration: 2 Hours 15 Mins. Instructions to Candidates:

TSIN02 - Internetworking

Introduction to TCP/IP networking

User Datagram Protocol

Networking Technologies and Applications

ECE4110 Internetwork Programming. Introduction and Overview

Networking interview questions

Dongsoo S. Kim Electrical and Computer Engineering Indiana U. Purdue U. Indianapolis

Lecture Computer Networks

This talk will cover the basics of IP addressing and subnetting. Topics covered will include:

Lecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model

CCNA Exploration Network Fundamentals. Chapter 06 Addressing the Network IPv4

Packet Header Formats

ch02 True/False Indicate whether the statement is true or false.

Lecture 3. The Network Layer (cont d) Network Layer 1-1

Lecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

CSCI-1680 Network Layer:

On Distributed Communications, Rand Report RM-3420-PR, Paul Baran, August

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

OSI Network Layer. Network Fundamentals Chapter 5. Version Cisco Systems, Inc. All rights reserved. Cisco Public 1

TSIN02 - Internetworking

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

IP - The Internet Protocol

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

TSIN02 - Internetworking

1/18/13. Network+ Guide to Networks 5 th Edition. Objectives. Chapter 10 In-Depth TCP/IP Networking

SEN366 (SEN374) (Introduction to) Computer Networks

Network+ Guide to Networks 6 th Edition. Chapter 4 Introduction to TCP/IP Protocols

Module 7: Configuring and Supporting TCP/IP

Chapter 19 Network Layer: Logical Addressing 19.1

Lecture 11: IP routing, IP protocols

OSI Data Link & Network Layer

Network Layer: Internet Protocol

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Network Layer/IP Protocols

K2289: Using advanced tcpdump filters

Computer Networking: A Top Down Approach Featuring the. Computer Networks with Internet Technology, William

Lecture 8. Network Layer (cont d) Network Layer 1-1

Network+ Guide to Networks 5 th Edition. Chapter 10 In-Depth TCP/IP Networking

The Internet Protocol. IP Addresses Address Resolution Protocol: IP datagram format and forwarding: IP fragmentation and reassembly

Chapter 7. Local Area Network Communications Protocols

CSCI-GA Operating Systems. Networking. Hubertus Franke

Introduction to IPv6. IPv6 addresses

CHAPTER 18 INTERNET PROTOCOLS ANSWERS TO QUESTIONS

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

IPv6: An Introduction

CCNA Exploration Network Fundamentals. Chapter 04 OSI Transport Layer

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

TCP/IP and the OSI Model

Chapter 5 TCP/IP SUITE

IPv6 Neighbor Discovery

IPv6 Protocol & Structure. npnog Dec, 2017 Chitwan, NEPAL

Outline. IP Address. IP Address. The Internet Protocol. o Hostname & IP Address. o The Address

IPv6 Protocol Architecture

1. IPv6 is the latest version of the TCP/IP protocol. What are some of the important IPv6 requirements?


University of Toronto Faculty of Applied Science and Engineering. Final Exam, December ECE 461: Internetworking Examiner: J.

CS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).

Sirindhorn International Institute of Technology Thammasat University

Objectives. Chapter 10. Upon completion you will be able to:

TSIN02 - Internetworking

TSIN02 - Internetworking

Interconnecting Networks with TCP/IP

Networks. an overview. dr. C. P. J. Koymans. Informatics Institute University of Amsterdam. February 4, 2008

Chapter 7: IP Addressing CCENT Routing and Switching Introduction to Networks v6.0

Planning for Information Network

Configuring IPv6 for Gigabit Ethernet Interfaces

Networking Potpourri: Plug-n-Play, Next Gen

COMMON LOWER-LAYER PROTOCOLS

Network+ Guide to Networks 6 th Edition. Chapter 9 In-Depth TCP/IP Networking

TCP/IP Protocol Suite and IP Addressing

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

Internet Control Message Protocol

Transcription:

Tactical Perimeter Defense 2-1 Chapter 2 Advanced TCP/IP At a Glance Instructor s Manual Table of Contents Overview Objectives Teaching Tips Quick Quizzes Class Discussion Topics Additional Projects Additional Resources Key Terms

Tactical Perimeter Defense 2-2 Lecture Notes Overview Chapter 2 introduces you to the fundamentals of TCP/IP networking. To secure a network, understanding the TCP/IP protocol suite is vital. You review IP addressing briefly, revisit the TCP life cycle, and review how TCP communications sessions work. Then you move on to learn about Internet Protocol version 6 (IPv6), the next generation of IP. Even if you re familiar with TCP/IP and IPv4, IPv6 involves some new protocols and functions you need to know. In this chapter, you examine the core protocols of IPv6 and learn about IPv6 addressing and utilities. Chapter Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe Internet Protocol version 6 (IPv6) Teaching Tips TCP/IP Fundamentals Review 1. Define Transmission Control Protocol/Internet Protocol (TCP/IP) as a suite of many protocols for transmitting information from point to point on a network. Teaching Tip Read more about the Internet protocol suite at: http://en.wikipedia.org/wiki/internet_protocol_suite. The OSI Model and TCP/IP Protocols 1. Mention that TCP/IP protocols correspond roughly to OSI layers. Use Figure 2-1 to illustrate your explanation. TCP/IP Addressing 1. Explain that IPv4 addressing calls for 32 bits (4 octets) of data. An IPv4 address contains two parts: a. Network address: shared among computers in network b. Host address: unique to a computer in its subnet 2. Mention that subnet mask distinguishes between network and host address for other computers.

Tactical Perimeter Defense 2-3 3. Explain that network address translation (NAT) hides internal addresses of network. 4. Mention that IPv4 allows five address classes based on the number of networks compared to the number of hosts. Use Table 2-1 to illustrate your explanation. 5. Explain that subnetting logically segments internal networks. It borrows bits from host portion of IP address to create subset of networks with network IDs. Use Table 2-2 to illustrate your explanation. 6. Mention that subnetting makes network management easier and optimizes security, performance, and access. 7. Describe the following additional purposes of subnetting: a. Mirror organization s physical layout b. Mirror organization s administrative structure c. Plan for future growth d. Reduce and control network traffic 8. Explain that you should select the mask that most meets your needs. To do this, find usable IP addresses for the host and broadcast addresses. Next, convert the last masking octet to binary. Then, determine the block size from the binary place value of the last masking digit. Finally, you need to assign the mask to your network. Use Table 2-4 to show a subnetting example. 9. Describe the formula for calculating subnets a. 2 y 2 = number of usable subnets (y is the number of borrowed bits) b. 2 x - 2 = number of usable hosts per subnet (x is the number of unborrowed bits) 10. Explain that variable length subnet masking (VLSN) involves applying masks of varying sizes to the same network. VLSN allows more efficient use of address spaces. 11. Step through Activity 2-1: Determining your computer s IP address. Objective: Determine the IP address of your computer using the ipconfig command. 12. Explain that classless interdomain routing (CIDR) specifies the number of masked bits in an IP address/subnet mask combination. CIDR overcomes the limits of default subnet masks in that unused addresses don t go to waste. 13. In addition, CIDR helps you to exchange subnet mask information between routers and allows VLSM and supernetting to work. Example: 255.255.255.224 becomes 192.168.6.0/27 in CIDR notation. Teaching Tip Supernetting, also known as summarization, is used to summarize multiple routing table entries into one entry.

Tactical Perimeter Defense 2-4 14. Describe unicasting, multicasting, and broadcasting. With unicasting, a packet is sent from a server to each client that requests a file or application. Multicasting means a packet is sent from server to all requesting clients as a group in one transmission. It reduces network traffic. A broadcast communication is sent to all network points. There are two types of broadcast: flooded and directed. Examining Internet Protocol Version 4 1. Explain that TCP/IP is packet-based; it gives computers a fairly simple framework for transmitting information in small packages called packets or datagrams. 2. Mention that attackers may intercept packets and falsify or manipulate information. These attacks can disable servers and make networks vulnerable. IP Datagrams 1. Mention that each complete message is separated into multiple datagrams. Each IP datagram is divided into the following sections: a. Header b. Data c. Optional footer d. Optional CRC (Cyclic Redundancy Check): error-checking algorithm 2. Explain that the header section is used to communicate across network. Use Figure 2-3 to describe the IP header structure. IP header holds the following fields: a. Header version: IP version b. Header length: describes length in 32-bit words c. Type of service: four options for quality of service d. Total length: 16-bit field e. Identification: used to reassemble packets in order f. Flags: indicate whether packet is fragment or last fragment g. Fragment offset: indicates where fragment fits in data stream h. Time to live (TTL): max time before packet is dropped i. Protocol: type of transport packet j. Header checksum: sum of header packet values calculated by CRC k. Source IP address: address of device sending packet l. Destination IP address: address of device receiving packet m. Options: security; routing information ICMP Messages 1. Explain that Internet Control Message Protocol (ICMP) is designed to assist TCP/IP networks with troubleshooting communication problems. ICMP indicates whether another host can be reached through a ping signal. Use Table 2-5 to list some common ICMP types.

Tactical Perimeter Defense 2-5 Teaching Tip For more information about ICMP, refer to the following Web site: http://www.faqs.org/rfcs/rfc792.html. TCP Headers 1. Explain that TCP headers contain the following six flags to filter packets: a. URG (urgent) b. ACK (acknowledgement) c. PSH (forces forward and delivery of packet) d. RST (reset the connection) e. SYN (synchronize sequence numbers) f. FIN (no more data from sender) 2. Mention that there are two new flags for congestion notification: ECN, CWR. UDP Headers 1. Explain that User Datagram Protocol (UDP) provides a datagram transport service for IP, but this protocol is considered unreliable because it is connectionless. UDP is faster than TCP and good for real-time and multimedia, broadcast messages, and some protocols (SNTP, TFTP). 2. Explain that attackers can scan for open UDP services to exploit by sending empty UDP datagrams to a suspected open port. If the port is closed, the system sends back an ICMP Destination Unreachable message (type 3). 3. Use Figure 2-5 to describe the UDP header structure. Activity 2-2: Using Wireshark 1. Objective: Download, install, and explore software for monitoring and analyzing network traffic. Packet Fragmentation 1. Mention that packet fragmentation was originally created to allow large packets to pass through routers. 2. Explain that packet fragmentation creates security problems. Only fragment number 0 has a port number; all others pass through the filter. As a solution, you should configure firewall to drop fragmented packets or allow only reassembled packets to pass through. The TCP Life Cycle 1. Explain that before a client initiates a TCP session, it must determine the port number that identifies the session and the starting sequence number.

Tactical Perimeter Defense 2-6 2. Explain that the TCP three-way handshake (see Figure 2-11) establishes a reliable connection between two points. Three methods are used to control the flow of data: a. Buffering b. TCP sliding windows c. Congestion avoidance Domain Name System 1. Explain that the Domain Name System (DNS) translates fully qualified domain names (FQDNs) to IP addresses. DNS helps administrators block unwanted communications. 2. Describe how DNS can be exploited by attackers, including: a. Buffer overflow: long DNS name b. Zone transfer: list of DNS-configured hosts on network c. Cache poisoning: stored DNS addresses Encryption 1. Mention that encryption protects data by converting plain text to encoded cipher text. 2. Explain that encryption is often used with digital certificates. Digital certificates use a digital signature to authenticate identity and key to encrypt/decrypt. 3. Mention that for high security, you should use a Public Key Infrastructure (PKI) for public and private key distribution. Teaching Tip Digital signatures and PKI are crucial to security on the Internet. For more information on these topics, do an Internet search or consult related RFCs. Activity 2-3: Examining a Digital Certificate 1. Objective: Examine a default digital certificate on a Windows XP computer. Quick Quiz 1 1. The tells another computer which part of the IP address is the network address and which part is the host address. Answer: subnet mask 2. involves applying masks of varying sizes to the same network. Answer: Variable length subnet masking (VLSM) Variable length subnet masking VLSM 3. is an address notation scheme that specifies the number of masked bits in an IP address/subnet mask combination. Answer: Classless Interdomain Routing (CIDR)

Tactical Perimeter Defense 2-7 Classless Interdomain Routing CIDR 4. TCP/IP is transmitted along networks as discrete chunks called packets or. Answer: datagrams Examining Internet Protocol Version 6 1. Describe the advantages of IPv6 over IPv4, including: a. Larger address space of 128 bits b. Backbone routing table only need entries of directly connected routers since the header contains remaining routing information c. Integrated support for IPSec d. Autoconfiguration capabilities i. Stateful: improved version of DHCP requiring updates ii. Stateless: determine own IP address based on MAC address IPv6 Core Protocols 1. Explain that IPv6 is a connectionless, unreliable datagram protocol used mainly for addressing and routing packets between hosts. IPv6 relies on higher layers for acknowledgement and recovery of lost packets. 2. Explain that an IPv6 datagram consists of the IPv6 header and the IPv6 payload. The IPv6 header is made up of the IPv6 base header and IPv6 optional extension headers. 3. Explain that IPv4 and IPv6 are not interoperable. Use Figure 2-12 to illustrate your explanation. 4. Describe the fields found in the IPv6 header, including: a. Version: 6 b. Traffic class: priority field c. Flow label: specifies handling of connections d. Payload length: payload length in octets e. Next header: specifies next extension field or transport protocol f. Hop limit: max number of hops before dropped packet g. Source address h. Destination address 5. Describe the IPv6 extension header fields, including: a. Routing: lists intermediary nodes b. Fragment: sends packets larger than MTU allows c. Authentication: verifies the packet s source d. Encapsulating: ESP extension headers for datagram confidentiality and integrity e. Destination options: optional information for destination node only f. Hop by hop: information for every node

Tactical Perimeter Defense 2-8 6. Explain that ICMPv6, an integral component of IPv6 communications, is used by IPv6 nodes for reporting errors and for diagnostic purposes. As in ICMPv4, ICMPv6 uses the Ping and Tracert commands as well as other diagnostics you already know. 7. Mention that an ICMPv6 message is preceded by an IPv6 header and sometimes by extension headers. Use Table 2-6 and Figure 2-13 to illustrate your explanation. 8. Explain that multicasts are used to deliver information to multiple subscribers at once. IP multicast traffic is sent to a single address but processed by all members of multicast group. The address can be permanent or transient and the group membership is dynamic. 9. Explain that Multicast Listener Directory (MLD) allows IPv6 routers to discover multicast listeners on a direct link. MLD determines which listeners are of interest and tracks membership with ICMPv6 messages. 10. Use Table 2-8 to describe various MLD message types. 11. Explain that Neighbor Discovery (ND) locates neighboring routers and redirects hosts to better routes. Use Table 2-9 to describe various ND functions. 12. Describe the following five different types of ICMP functions defined by ND: a. Router Solicitation: sent by hosts b. Router Advertisement: informs hosts about router presence c. Neighbor Solicitation: sent by node to determine link-layer of neighbor; duplicate address detection d. Neighbor Advertisements: response to Neighbor Solicitation; update neighbors of link-layer address e. Redirect: sent by routers to inform hosts of better first-hop addresses IPv6 addressing 1. Explain that an IPv6 address is 128 bits long. To make IPv6 addresses manageable, the hexadecimal numbering format known as base 16 (or just hex ) is used. 2. Explain that an IPv6 address consists of eight hex groups separated by colons. Each digit is a 4-bit value. Leading zeros can be compressed with double colon. Example: 0:0:0:0:0:FFFF:131.123.2.8 or ::FFFF:131.123.2.8. 3. Step through Activity 2-4: Viewing Your IPv6 IP Address with Ipconfig. Objective: View your IPv6 address with Ipconfig. 4. Describe the following three types of addresses used by IPv6: a. Unicast b. Multicast c. Anycast

Tactical Perimeter Defense 2-9 Teaching Tip You can find additional information about IPv6 specifications and implementations at http://www.ipv6.org/. IPv6 configuration 1. Explain that Microsoft OSs since Windows XP SP 1 have IPv6 support built in. By default, a link-local address is assigned to every Ethernet interface during startup. IPv6 addresses, such as site-local addresses or global addresses, are assigned automatically based on the receipt of IPv6 Router Advertisement messages. 2. Mention that manual configuration is necessary for advanced features. IPv6 Utilities 1. Describe the following IPv6 utilities: a. Net.exe b. Ipv6.exe c. Ipsec6.exe 2. Use Table 2-13 to describe other IPv6 utilities, including: a. ttcp.exe b. 6to4cfg.exe c. checkv4.exe 3. Explain that nonrepudiation is provided through encryption. Encryption protects integrity, confidentiality, and authentication of digital information. Quick Quiz 2 1. IPv4 addresses are now in short supply, so Internet Protocol version 6 (IPv6), which has a larger address space of bits, is under development to allow an almost endless supply of IP addresses. Answer: 128 2. is basically an improved version of DHCP, referred to as stateful because the DHCP client and server must keep their information updated to prevent addressing conflicts. Answer: Stateful autoconfiguration 3. allows the computer attempting to connect to determine its own IP address based on its Media Access Control (MAC) address. Answer: Stateless autoconfiguration 4. addresses are not assigned a specific range; instead, they are created automatically when a unicast address is assigned to more than one interface. Answer: Anycast

Tactical Perimeter Defense 2-10 Class Discussion Topics 1. What are the differences between IPv4 addresses and IPv6 addresses? 2. What are the advantages of anycast addresses? Justify your answers. Additional Projects 1. Ask your students to read more about ICMP and create a diagram of the message sequences for the ping and trace route commands. 2. Ask your students to read the following article at http://www.schneier.com/paperpki.html about the risk of using a PKI and write a report summarizing the most important points. Additional Resources 1. Introduction to TCP/IP http://www.yale.edu/pclt/comm/tcpip.htm 2. Internet Control Message Protocol http://en.wikipedia.org/wiki/internet_control_message_protocol 3. Public key infrastructure http://en.wikipedia.org/wiki/public_key_infrastructure 4. IPv4 http://en.wikipedia.org/wiki/ipv4 5. IPv6 http://en.wikipedia.org/wiki/ipv6 Key Terms anycast An address created automatically when a unicast address is assigned to more than one interface. Anycast addresses are assigned from unicast address ranges and have the same scopes as unicast addresses. broadcast A communication sent to all points on a specific network. Classless Interdomain Routing (CIDR) An IP address notation method that uses a slash (/) followed by the number of masked bits for an address for example, 192.168.6.5/27 instead of 192.168.6.5 255.255.255.224. datagrams Discrete chunks of information; each datagram contains source and destination addresses, control settings, and data. Also called packets. footer A section sometimes added to a TCP/IP packet that tells a computer it s the end of the packet.

Tactical Perimeter Defense 2-11 fully qualified domain names (FQDNs) Complete DNS names of computers that include the computer name, domain name, and domain name extension, such as www.course.com. header The part of a packet containing source and destination information and general information about the packet. host address The part of an IP address that s unique to a computer in its subnet. Internet Control Message Protocol (ICMP) A protocol that reports network communication errors to support IP communications. The Ping command is a common troubleshooting utility based on ICMP. Internet Protocol version 4 (IPv4) The IP addressing system currently in widespread use on the Internet, in which addresses are created with 32 bits (4 bytes) of data. Internet Protocol version 6 (IPv6) A new version of IP that s gaining support among software and hardware manufacturers and that will eventually replace IPv4; this version calls for 128-bit IP addresses. multicast A transmission used for one-to-many communication, in which a single host can send packets to a group of recipients. Multicast Listener Discovery (MLD) A core IPv6 protocol that enables IPv6 routers to discover multicast listeners on a directly connected link and to decide which multicast addresses are of interest to those nodes. Neighbor Discovery (ND) A core IPv6 protocol used to resolve addresses, locate neighboring routers, and redirect hosts to better routes to reach destination addresses. ND uses ICMPv6 messages to manage node-to-node communications. network address The part of an IP address that a computer has in common with other computers in its subnet. scopes Unicast addresses used in IPv6 to identify the application suitable for the address; scopes include global unicast, site-local unicast, and link-local unicast. stateful autoconfiguration In IPv6, this feature is basically an improved version of DHCP. It s referred to as stateful because the DHCP client and server must keep their information updated to prevent addressing conflicts. stateless autoconfiguration A feature of IPv6 that allows the computer attempting to connect to determine its own IP address based on the addressing of neighboring nodes. subnet mask A value that tells another computer which part of a computer s IP address is its network address and which part is the host address. Transmission Control Protocol/Internet Protocol (TCP/IP) A suite of protocols for transmitting information from point to point on a network. unicast A transmission in which one packet is sent from a server to each client that requests a file or application. User Datagram Protocol (UDP) A core transport protocol of the TCP/IP suite. UDP is connectionless, meaning it doesn t ensure delivery or provide ordering, as TCP does. UDP is much faster and is useful for transmissions that require speed over reliability. UDP relies on upper-level protocols for error-checking and sequencing services. variable length subnet masking (VLSM) A means of allocating IP addressing according to the network s needs that involves applying masks of varying sizes to the same network. This method creates subnets within subnets and multiple divisions of an IP network.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback