Networking Basics
CS 3IS3
Ryszard Janicki
Department of Computing and Software, McMaster University, Hamilton, Ontario, Canada
Acknowledgments: Material based on Information Security by Mark Stamp (Appendix 1)
Ryszard Janicki
Networking Basics 1/27
Network
If you already had Network course, this part is redundant, but I realize many students did not take Network course yet and do not plantodoit.Essentially,ifyNouedotnwotounrdekrstandnetworkrelated term, look into this Lecture Notes or Appendix 1 in the textbook.
Includes Includes
o Computers
Computers
o Servers Servers
o Routers Wireless devices
Routers
o Wireless devices Etc.
o Etc.
Purpose is to transmit
Purpose is to transmit data
data
Appendix
Ryszard Janicki
Networking Basics 2/27
4
Network Edge
Network Edge
Network edge iNnectlwuodrkeesd…ge includes. . .
…Hosts
o Computers
…Hosts
Computers Laptops
o Laptops Servers
o Servers Cell phones
o Cell phones o Etc., etc.
Appendix 5
Etc., etc.
Ryszard Janicki
Networking Basics 3/27
Network Core
Network Edge
Network edge includes…
Network core consists of …Hosts
Interconnected mesh of
o Computers routers
o Laptops
Purpose is to move data
foromSehrovsetrtso host o Cell phones o Etc., etc.
Appendix 5
Ryszard Janicki
Networking Basics 4/27
Network Protocols
Study of networking focused on protocols
Networking protocols precisely specify “communication rules”
Details are given in RFCs (Request For Commands) – RFC is essentially an Internet standard
Stateless protocols do not “remember”
Stateful protocols do “remember”
Many security problems related to state
E.g., DoS (Denial of Service) is a problem with stateful
protocols, while stateless protocols can also have their own security issues.
Ryszard Janicki
Networking Basics 5/27
Protocol Stack
Protocol Stack
ApAplpipclaictaitoionnlalayer prrotootcoclsols HTTP, FTP, SMTP, etc.
user space
OS
NIC card
application
transport
network
link
physical
o HTTP, FTP, SMTP, etc. Transport layer protocols
Transport layer protocols TCP, UDP
o TCP, UDP
Network layer protocols
Network layer protocols IP, routing protocols
o IP, routing protocols Link layer protocols
Link layer protocols Ethernet, PPP
o Ethernet, PPP Physical layer
Physical layer Appendix
9
Ryszard Janicki
Networking Basics 6/27
Layering in Action
data router data
application
transport
host
host
network
link physical
At source, data goes “down” the protocol stack At source, data goes “down” the protocol stack
Each router processes packet “up” to network layer EoacThhraotu’stewrhepreocreosusteinsgpianfcokelitve“sup” to network layer
link physical
application
transport
network
network
link physical
RoTuhtaetr’stwhehnerpearsosuetisngpaicnkfoetlivdeoswn the protocol stack RDoeustteirntahteionnpparssoecsepsascekseptadcokwent tuhpe tporoatpopcolilcsataicokn layer
o That’s where the application data lives
Destination processes packet up to application layer
Appendix 10 That’s where the application data lives
Ryszard Janicki
Networking Basics 7/27
Layering in Action
Encapsulation
Encapsulation
X = application data at source application data at source
As X goes down protocol stack, X goes down protocol stack, each
each layer adds header information:
er adds header information:
Application layer: (H,X) Application layer: (H, X)
Transport layer: (H,(H,X)) Transport layeNr:et(wHo,rk(Hla,yXer):) (H,(H,(H,X)))
Link layer: (H,(H,(H,(H,X)))) Network layer: (H, (H, (H, X)))
Header has info required by layer
Link layer: (H, (H, (H, (H, X))))
Note that application data is on
ader hasthinef“oinsriedeq”uired by layer te that app data is on the “inside”
application
transport
network
link
physical
data X
packet (H,(H,(H,(H,X))))
11
endix
Ryszard Janicki
Networking Basics 8/27
=
s y
e o
p
Application Layer: Client-Server Model
Applications
For example, Web browsing, email, P2P, etc.
Applications run on hosts
To hosts, network details should be transparent
Application layer protocols
HTTP, SMTP, IMAP, Gnutella, etc., etc.
Protocol is only one part of an application
For example, HTTP only a part of web browsing
Client: “speaks first”
Server: responds to client’s request
Hosts are clients or servers Example: Web browsing
You are the client (request web page) Web server is the server
Ryszard Janicki
Networking Basics 9/27
Peer-to-Peer Paradigm and HTTP Example
Hosts act as clients and servers For example, when sharing music
HTTP Example
You are client when requesting a file
You are a server when someone downloads a file from you
In P2P, how does client find server? Many different P2P models for this
HTTP – Hyper Text Transfer Protocol
Client (you) requests a web page
HTTP request HTTP response
HTTP HyperText Transfer Protocol
Server responds to your request
Client (you) request Ryszard Janicki
s a web page
Networking Basics 10/27
Web Cookies Web Cookies
HTTP is stateless cookies used to add state HTTP is stateless – cookies used to add state
Initially, cookie sent from server to browser Initially, cookie sent from server to browser
Browser manages cookie, sends it to server Browser manages cookie, sends it to server
Server uses cookie database to “remember” you Server uses cookie database to “remember” you
Appendix 16 Web cookies used for. . .
Shopping carts, recommendations, etc.
A very (very) weak form of authentication Privacy concerns
Web site can learn a lot about you Multiple web sites could learn even more
cookie
initial session
cookie
later session
Cookie database
Ryszard Janicki
Networking Basics 11/27
Simple Mail Transfer Protocol (SMTP)
SMTP
SMTP used to deliver email from sender to recipient’s mail server
SMTP is used to deliver email from sender to recipient’s mail
Then POP3, IMAP or HTTP (Web mail) server
used to get messages from server
Then POP3 (Post Office Protocol 3), IMAP (Internet MeAssagweitAhccemssanPyrotaopcpol)icoartHioTnTPpr(Woteobcmoalsil,) SusMedTtoPget
mecsosamgemsafrnodmssaerverhuman readable
Appendix 18
Sender Recipient
SMTP SMTP
POP3
Ryszard Janicki
Networking Basics 12/27
Application Layer
DNS – Domain Name Service
Convert human-friendly names such as www.google.com into
32-bit IP (Internet Protocol) address A distributed hierarchical database
Only 13 “root” DNS server clusters
Essentially, a single point of failure for Internet
Attacks on root servers have succeeded. . . but, attacks did not last long enough (yet) to do any damage (distributed nature a great help).
Ryszard Janicki
Networking Basics 13/27
Transport Layer and TCP
The network layer offers unreliable, “best effort” delivery of packets
Any improved service must be provided by the hosts Transport layer: 2 protocols of interest
TCP (Transmission Control Protocol) – more service, more overhead
UDP (Used Datagram Protocol) less service, less overhead
TCP and UDP run on hosts, not routers TCP assures that packets. . .
Arrive at destination
Are processed in order
Are not sent too fast for receiver: flow control
TCP also attempts to provide. . . Network-wide congestion control
TCP is connection-oriented
TCP contacts server before sending data Orderly setup and take down of “connection” But no true connection, onlylogical “connection
Ryszard Janicki
Networking Basics 14/27
TCP Header
TCP Header
bits
0 8 16 24 31
Source Port
Offset
reserved
U
Options
Source and destination port Soeurqceueandcdesntinuamtiobneprort
Sequence Number
Acknowledgement Number
P
R
S
F
Destination Port
A
Window
Checksum
Urgent Pointer
Padding
Data (variable length)
Flags (ACK, SYN, RST, etc.) Flags (ACK, SYN, RST, etc.)
Sequence number
Header usually 20 bytes (if no options)
Header usually 20 bytes (if no options)
Appendix 23
Ryszard Janicki
Networking Basics 15/27
TCP TCP Three-Way Handshake
SYN request SYN-ACK
ACK (and data)
SYN – synchronization requested
SYN synchronization requested
SYN-ACK – acknowledge SYN request
SYN-ACK acknowledge SYN request
ACK – acknowledge SYN-ACK (send data) Then TCP “connection” established
ACK acknowledge SYN-ACK (send data Connection terminated by FIN or RST
Then TCP “connection” established
o Connection terRymszardinJanaickti
dNetwboryking FBasIicsN or R1S6/27T
TCP Three-Way Handshake
e
Denial of Service Attack
The TCP 3-way handshake makes denial of service (DoS) attacks possible
Whenever SYN packet is received, server remembers this “half-open” connection
Remembering consumes resources
Too many half-open connections and server’s resources will be exhausted, and then. . .
. . . server can’t respond to legitimate connections
This occurs because TCP is stateful
Ryszard Janicki
Networking Basics 17/27
UDP – User Datagram Protocol
UDP is minimalist, “no frills” service
No assurance that packets arrive
No assurance packets are in order, etc., etc.
Why does UDP exist?
More efficient (header only 8 bytes)
No flow control to slow down sender
No congestion control to slow down sender
If packets sent too fast, will be dropped
Either at intermediate router or at destination But in some apps this may be OK (audio/video)
Ryszard Janicki
Networking Basics 18/27
Network Layer
Core of network/Internet Interconnected mesh of routers
Purpose of network layer
Route packets through this mesh
Network layer protocol of interest is IP (Internet Protocol) Follows a best effort approach
The term “best efforts” refers to an agreement made by a service provider to do whatever it takes to fulfill the requirements of a contract.
IP runs in every host and every router
Routers also run routing protocols
Used to determine the path to send packets Routing protocols: RIP, OSPF, BGP,
Ryszard Janicki
Networking Basics 19/27
IP Address and Socket
IP address is 32 bits
Every host has an IP address
Big problem – Not enough IP addresses!
Lots of tricks used to extend address space IP addresses given in dotted decimal notation
For example: 195.72.180.27
Each number is between 0 and 255
Usually,a host’s IP address can change Each host has a 32 bit IP address
But, many processes can run on one host
E.g., you can browse web, send email at same time How to distinguish processes on a host?
Each process has a 16 bit port number
Numbers below 1024 are “well-known” ports (HTTPis port 80, POP3is port 110, etc.)
Port numbers above 1024 are dynamic (as needed)
IP address + port number = socket
Socket uniquely identifies process, Internet-wide
Ryszard Janicki
Networking Basics 20/27
Network Address Translation
Network Address Translation (NAT) Trick to extend IP address space
Use oneIP address (different port numbers) for multiple hosts “Translates” outside IP address (based on port number) to
inside IP address
Ryszard Janicki
Networking Basics 21/27
NAT-less Example:
Web server
IP: 12.0.0.1 Port: 80
source 11.0.0.1:1025 destination 12.0.0.1:80
source 12.0.0.1:80 destination 11.0.0.1:1025
NAT Example
Alice
IP: 11.0.0.1 Port: 1025
NAT Example:
src 11.0.0.1:4000 dest 12.0.0.1:80
src 12.0.0.1:80 dest 11.0.0.1:4000
Web server
IP: 12.0.0.1
src 10.0.0.1:1025 dest 12.0.0.1:80
src 12.0.0.1:80 dest 10.0.0.1:1025
Appendix
31
Firewall IP: 11.0.0.1
Alice IP: 10.0.0.1
NAT Table
4000
10.0.0.1:1025
Ryszard Janicki
Networking Basics 22/27
NAT: Properties
Advantage(s)?
Extends IP address space
One (or a few) IP address(es) can be shared by many users
Disadvantage(s)?
End-to-end securityis more difficult
Might make IPSec less effective (IPSec discussed in Chapter 10)
Ryszard Janicki
Networking Basics 23/27
Link Layer
Link layer sends
packet from one
Link layer sends packet
node to next
from one node to next
Links can be Links can be different
diWffiredrent Wireless
o Wired Ethernet
o Wireless Point-to-point. . .
Link Layer
o Ethernet
o Point-to-point…
Appendix 38
Ryszard Janicki
Networking Basics 24/27
Link Layer and Ethernet
On host, implemented in adapter: Network Interface Card (NIC)
Ethernet card, wireless 802.11 card, etc. NIC is “semi-autonomous” device
NIC is (mostly) out of host’s control Implements both link and physical lay
Ethernet is a multiple access protocol Many hosts access a shared media
On a Local Area Network, or LAN
With multiple access, packets can “collide”
Data is corrupted and packets must be resent
How to efficiently deal with collisions in distributed environment?
Many possibilities, ethernet is most popular We won’t discuss details here
Ryszard Janicki
Networking Basics 25/27
Link Layer Addressing
IP addresses live at network layer
Link layer also needs addresses
MAC address (also known as LAN address, physical
address)
MAC (Media Access Control) address 48 bits, globally unique
Used to forward packets over one link
Analogy. . .
IP address is like your home address
MAC address is like a social security number
Ryszard Janicki
Networking Basics 26/27
ARP – Another Link Layer Protocol
Address Resolution Protocol (ARP)
Used by link layer – given IP address, find corresponding MAC address
Each host has ARP table, or ARP cache
GeneratedautomaticAallRyP
Entries expire after some time (about 20 min)
ARP is stateless ARP is stateless
ARP used to find ARP table entries
ARP can send request and receive reply ARP can send request and receive reply
Reply msgs used to fill/update ARP cache Reply messages used to fill/update ARP cache
LAN
111.111.111.002
BB-BB-BB-BB-BB-BB
111.111.111.001
AA-AA-AA-AA-AA-AA
Ryszard Janicki
Networking Basics 27/27
IP: 111.111.111.001 IP: 111.111.111.002
MAC: AA-AA-AA-AA-AA-AA MAC: BB-BB-BB-BB-BB-BB
Alice’s ARP cache
Bob’s ARP cache
Appendix