CSE 127: Introduction to Security
Lecture 10: Intro to Networking
George Obaido
Spring 2022
Copyright By PowCoder代写 加微信 powcoder
Some material from , , ,
The Internet
the internet
ucsd.edu example.com
Original Idea:
• Networkisdumb
• Simple,robustservice
• Shiftcomplexitytoendpoints
• Actslikepostalsystem(packet-based)ratherthan traditional phone system (circuit-based)
Need protocol to actually communicate
A protocol is an agreement on how to communicate. Includes syntax and semantics.
• Syntax:Howcommunicationisspecifiedand structured.
• Format, order messages are sent and received.
Need protocol to actually communicate
A protocol is an agreement on how to communicate. Includes syntax and semantics.
• Syntax:Howcommunicationisspecifiedand structured.
• Format, order messages are sent and received.
• Semantics:Whatacommunicationmeans
• Actions taken when transmitting, receiving, or timer
• Example:RFC2616(HTTP/1.1)
• Section 5: Syntax of HTTP Requests
• Section 9.3: Semantics of GET Requests
Protocols are layered
• Networksuseastackoflayers
• Lowerlayersprovideservicestolayersabove • Don’t care what higher layers do
• Higherlayersuseservicesoflayersbelow
• Don’t care how lower layers implement services
• Layersdefineabstractionboundaries
• At a given layer, all layers above and below are opaque
Basic Internet Archictecture “Hourglass” Narrow waist = interoperability
Application layer Transport layer
Network layer
Link layer
Physical layer
Packet encapsulation at each layer
Source: Wikipedia
Link layer: Connecting hosts to local network Most common link layer protocol: Ethernet
• Messagesorganizedintoframes
• Everynodehasagloballyunique6-byteMACaddress Source: Wikipedia
Link layer: Connecting hosts to local network
• Originallyabroadcastprotocol:everynodeonnetwork received every packet
• Now switched: switch learns the physical port for each MAC address and sends packets to correct port if known
• WiFisimilartoEthernet,butnodescanmove
IP: Internet Protocol
• Connectionlessdeliverymodel
• “Besteffort”=noguaranteesaboutdelivery
• Noattempttorecoverfromfailure
• Packetsmightbelost,deliveredoutoforder,delivered multiple times
• Packetsmightbefragmented
• Provideshierarchicaladdressingscheme
IP: Internet Protocol
• 32-bit host addresses
• Written as 4 bytes in decimal,
• e.g. 192.168.1.1
• 128-bit host addresses
• Written as 16 bytes in hex
• :: implies zero bytes
• e.g. 2620:0:e00:b::53 = 2620:0:e00:b:0:0:0:53
September 1981
01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |Version| IHL |Type of Service| Total Length | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identification |Flags| Fragment Offset | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Time t o Live | Protocol | Header Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Destination Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Example: Internet Protocol Datagrarm
Header Note that each tick mark represents one bit position.
http://www.tcpipguide.com/free/t_IPDatagramGeneralFormat.htm
Internet Protocol
ARP: Address Resolution Protocol
• Problem:HowdoesahostlearnwhatMACaddresses to send packets to?
• ARPletshostsbuildtablemappingIPaddressestoMAC addresses.
ARP: Address Resolution Protocol
• Problem:HowdoesahostlearnwhatMACaddressesto send packets to?
• ARPletshostsbuildtablemappingIPaddressestoMAC addresses.
• ARPrequest:sourceMAC,destMAC,“WhohasIP address N?”
• ARPreply:sourceMAC,destMAC,“IPaddressNisat MAC address M.”
Routing: BGP (Border Gateway Protocol)
• Internet organized into ASes (Autonomous Systems) with peer, provider, or customer relationships between them
• Roughtreeshape,withasmallnumberofbackbone ASes in a clique at the root
Routing: BGP (Border Gateway Protocol)
• Internet organized into ASes (Autonomous Systems) with peer, provider, or customer relationships between them
• Roughtreeshape,withasmallnumberofbackbone ASes in a clique at the root
• BGPallowsrouterstoexchangeinformationabouttheir routing tables
• Routersmaintainglobaltableofroutes
• Eachrouterannounceswhatitcanroutetoits
• Routespropagatethroughnetwork
TCP (Transmission Control Protocol)
• Wantabstractionofastreamofbytesdeliveredreliably and in-order between applications on different hosts
• TCPprovides:
• Reliable in-order byte stream
• Connection-oriented protocol
• Explicit setup/teardown
• End hosts (processes) have multiple concurrent
long-lived dialogs
• Congestion control: adapt to network path capacity,
receiver’s ability to receive packets
September 1981 Transmission Control Protocol
01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F|
| Offset| Reserved |R|C|S|S|Y|I|
| | |G|K|H|T|N|N| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TCP Header Format
| Window | |
TCP: Visualization using Wireshark
• Eachapplicationisidentifiedbyaportnumber
• TCP connection established between port A on host address M to port B on host address N. Ports are 16 bits, 1–65535
• Some destination ports are used for particular applications by convention
80 HTTP(web) 443 HTTPS(web) 25 SMTP(mail)
67 DHCP(hostconfiguration) 22 SSH(secureshell)
TCP Sequence Numbers
• Bytesinapplicationdatastreamnumberedwith32-bitsequence
• Datasentinsegments:sequencesofcontiguousbytessentina single IP datagram
• Sequencenumberindicateswheredatabelongsinbytesequence
• Sequencenumberinpacketheaderisthesequencenumberof the first byte in the payload
TCP Sequence Numbers and Acknowledgement
• TwologicaldatastreamsinaTCPconnection:onein each direction
• Receiveracknowledgesreceiveddata: acknowledgement number is sequence number of next expected byte of stream in opposite direction
• ACKflagsettoacknowledgedata
• Senderretransmitslostdata
• Congestioncontrol:senderadaptsretransmission according to timeouts
TCP 3-Way Handshake Starting a TCP connection
TCP 3-Way Handshake Starting a TCP connection
FIN/RST: Closing TCP connections
• FINinitiatesacleancloseofaTCPconnection,waitsfor ACK from receiver
FIN/RST: Closing TCP connections
• FINinitiatesacleancloseofaTCPconnection,waitsfor ACK from receiver
• IfahostreceivesaTCPpacketwithRSTflag,ittears down the connection
• DesignedtohandlespuriousTCPpacketsfromprevious connections
UDP (User Datagram Protocol)
• UDPoffersnoservicequalityguarantee
• Essentiallyatransportlayerprotocolthatisawrapper around IP
• Addsportstoletapplicationsdemultiplextraffic
• Usefulforapplicationsthatonlyneedbest-effort guarantee
• e.g.DNS,NTP
RFC768 J. Postel ISI 28 August 1980
User Datagram Protocol
0 7 8 15 16 23 24 31 +——–+——–+——–+——–+ | Source | Destination | | Port | Port | +——–+——–+——–+——–+ ||| | Length | Checksum | +——–+——–+——–+——–+ |
| data octets . . . +—————- . . .
User Datagram Header Format
https://www.imperva.com/learn/ddos/udp-user-datagram-protocol/
DNS (Domain Name Service)
• Handlemappingbetweenhostnames(e.g.ucsd.edu) and IP addresses (e.g. 132.239.180.101)
• DNSisadelegatable,hierarchicalnamespace root
net edu com cn stanford ucsd princeton
cse ece music
DNS Records
$ dig cseweb.ucsd.edu
; <<>> DiG 9.10.6 <<>> cseweb.ucsd.edu
; ; global options: +cmd
; ; Got answer:
; ; ->>HEADER<<- opcode: QUERY, s t a t u s :
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
; ; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096 ; ; QUESTION SECTION:
;cseweb.ucsd.edu. IN A
; ; ANSWER SECTION:
cseweb.ucsd.edu. 3140 IN CNAMEroweb.eng.ucsd.edu. roweb.eng.ucsd.edu. 2855 IN A132.239.8.30
; ; Query time: 57 msec
; ; SERVER: 192.168.1.254#53(192.168.1.254) ; ; WHEN: Sun Nov 03 20:49:08 PST 2019
;; MSGSIZE rcvd:84
NOERROR, i d : 3727
DNS Details
• 13mainDNSrootservers
• DNSresponsesarecachedforquickerresponses
• DNSauthoritiesqueriedprogressivelyaccordingto domain name hierarchy
https://www.netnod.se/i-root/what-are-root-name-servers
$ dig cseweb.ucsd.edu +trace
; <<>> DiG 9.10.6 <<>> cseweb.ucsd.edu +trace ; ; global options: +cmd
. 105604 IN NS d.root-servers.net.
. 105604 IN NS h.root-servers.net.
. 105604 IN NS c.root-servers.net. . 105604 IN NS j.root-servers.net.
. 105604 IN NS l.root-servers.net. . 105604 IN NS i.root-servers.net.
. 105604 IN RRSIG NS 8 0 518400 20191115050000 20191102040000 22545 . Z14B+vD/MKz0X1UBwu04kzwQNajhg1AflK7j5Jvd9NZ
; ; Received 525 bytes from 192.168.1.254#53(192.168.1.254) in 44 ms
edu. 172800 IN NS b.edu-servers.net. edu. 172800 IN NS f.edu-servers.net. edu. 172800 IN NSi.edu-servers.net.
edu. 172800 IN NS c.edu-servers.net. edu. 172800 IN NS e.edu-servers.net.
edu. 172800 IN NSd.edu-servers.net.
edu. 86400 IN DS 28065 8 2 4172496CDE85534E51129040355BD04B1FCFEBAE996DFDDE652006F6 F8B2CE76 edu. 86400 IN RRSIG DS 8 1 86400 20191116170000 20191103160000 22545 . BsoO9WI4UphacN5rL0B4f3bCzVPptbmTCKHwcMgb6e
;; Received 1174 bytes from 192.58.128.30#53(j.root-servers.net) in 20 ms
ucsd.edu. 172800 IN NSns-auth2.ucsd.edu.
ucsd.edu. 172800 IN NSns-auth3.ucsd.edu.
9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN NSEC3 1 1 0 – 9V5L4LUB1VNJ9EQQLIHEQCBREACL25O0 NS SOA RRSIG DNSKE
9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN RRSIG NSEC3 8 2 86400 20191111043435 20191104032435 47252 e d u . 3FTB9RSLROQJUOPDNLJJE2I31U25M4MG.edu. 86400 IN NSEC3 1 1 0 – 4586U2HHMPSEAQHJD6R9INNA38POF8KL NS DS RRSIG 3FTB9RSLROQJUOPDNLJJE2I31U25M4MG.edu. 86400 IN RRSIG NSEC3 8 2 86400 20191111041950 20191104030950 47252 e d u . ;; Received 671 bytes from 192.41.162.30#53(l.edu-servers.net) in 9 ms
cseweb.ucsd.edu. 3600 IN CNAMEroweb.eng.ucsd.edu. roweb.eng.ucsd.edu. 3600 IN A132.239.8.30
https://linux.die.net/man/1/dig
Using the internet: A worked example
You connect your laptop to a cafe wifi network and type ucsd.edu into your browser’s URL bar. What happens?
Using the internet: A worked example
1. Your laptop uses DHCP (Dynamic Host Configuration Protocol) to bootstrap itself on the local network.
Using the internet: A worked example
1. Your laptop uses DHCP (Dynamic Host Configuration Protocol) to bootstrap itself on the local network.
• New host has no IP address, doesn’t know who to ask
Using the internet: A worked example
1. Your laptop uses DHCP (Dynamic Host Configuration Protocol) to bootstrap itself on the local network.
• New host has no IP address, doesn’t know who to ask
• Broadcasts DHCPDISCOVER to 255.255.255.255 with its MAC address
• DHCP server responds with config: lease on host IP address, gateway IP address, DNS server information
Using the internet: A worked example
2. Your laptop makes an ARP request to learn the MAC address of the local router.
• Every connection outside the local network will be encapsulated in a link-layer frame with the local router’s MAC address as the desination.
Using the internet: A worked example
2. Your laptop makes an ARP request to learn the MAC address of the local router.
• Every connection outside the local network will be encapsulated in a link-layer frame with the local router’s MAC address as the desination.
• Your laptop encapsulates each IP packet in a WiFi Ethernet frame addressed to the local router.
• The local router decapsulates these Ethernet frames and re-encodes them to forward them on its fiber connection to its upstream ISP, or to another part of the network.
• Each hop re-encodes the link layer for its own network.
Using the internet: A worked example
3. Your laptop does a DNS lookup on ucsd.edu.
• It learned the IP address of a local DNS server from DHCP, or had a server (like 9.9.9.9) already hard-coded.
Using the internet: A worked example
3. Your laptop does a DNS lookup on ucsd.edu.
• It learned the IP address of a local DNS server from DHCP, or had a server (like 9.9.9.9) already hard-coded.
• Each request is a DNS query encapsulated in one or more UDP packets encapsulated in one or more IP packets.
Using the internet: A worked example
3. Your laptop does a DNS lookup on ucsd.edu.
• It learned the IP address of a local DNS server from DHCP, or had a server (like 9.9.9.9) already hard-coded.
• Each request is a DNS query encapsulated in one or more UDP packets encapsulated in one or more IP packets.
• Each response tells the laptop what authority to query, until it learns the final IP address (75.2.44.127) for ucsd.edu
Using the internet: A worked example
3. Your laptop does a DNS lookup on ucsd.edu.
• It learned the IP address of a local DNS server from DHCP, or had a server (like 9.9.9.9) already hard-coded.
• Each request is a DNS query encapsulated in one or more UDP packets encapsulated in one or more IP packets.
• Each response tells the laptop what authority to query, until it learns the final IP address (75.2.44.127) for ucsd.edu
• This address is cached, along with the authorities for the hierarchy in the hostname.
Using the internet: A worked example
4. Your laptop opens a TCP connection to 75.2.44.127.
• Each packet of the TCP triple handshake is encoded in an IP packet that is encoded as Ethernet frames that are decoded and re-encoded as they pass through the network.
Using the internet: A worked example
4. Your laptop opens a TCP connection to 75.2.44.127.
• Each packet of the TCP triple handshake is encoded in an IP packet that is encoded as Ethernet frames that are decoded and re-encoded as they pass through the network.
• The local router has a routing table that contains IP prefixes that it matches against the IP address that tells it what address to forward the packets to.
Using the internet: A worked example
4. Your laptop opens a TCP connection to 75.2.44.127.
• Each packet of the TCP triple handshake is encoded in an IP packet that is encoded as Ethernet frames that are decoded and re-encoded as they pass through the network.
• The local router has a routing table that contains IP prefixes that it matches against the IP address that tells it what address to forward the packets to.
• The packet passes through a series of Autonomous Systems (ASes).
Using the internet: A worked example
4. Your laptop opens a TCP connection to 75.2.44.127.
• Each packet of the TCP triple handshake is encoded in an IP packet that is encoded as Ethernet frames that are decoded and re-encoded as they pass through the network.
• The local router has a routing table that contains IP prefixes that it matches against the IP address that tells it what address to forward the packets to.
• The packet passes through a series of Autonomous Systems (ASes).
• From cafe network (ATT), go through sbcglobal.net → att.net → level3.net → cenic.net → ucsd.edu.
Using the internet: A worked example
5. Your laptop sends a HTTP GET request inside the TCP connection.
6. Based on the HTTP response, the laptop performs a new DNS lookup, TCP handshake, and HTTP GET requests for every resource in the HTML as it renders.
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com