留学生考试辅导 CSE 127: Introduction to Security

CSE 127: Introduction to Security
Lecture 10: Intro to Networking
George Obaido
Spring 2022

Some material from , , ,

The Internet
the internet
ucsd.edu example.com
Original Idea:
• Networkisdumb
• Simple,robustservice
• Shiftcomplexitytoendpoints
• Actslikepostalsystem(packet-based)ratherthan traditional phone system (circuit-based)

Need protocol to actually communicate
A protocol is an agreement on how to communicate. Includes syntax and semantics.
• Syntax:Howcommunicationisspecifiedand structured.
• Format, order messages are sent and received.
• Semantics:Whatacommunicationmeans
• Actions taken when transmitting, receiving, or timer
• Example:RFC2616(HTTP/1.1)
• Section 5: Syntax of HTTP Requests
• Section 9.3: Semantics of GET Requests

Protocols are layered
• Networksuseastackoflayers
• Lowerlayersprovideservicestolayersabove • Don’t care what higher layers do
• Higherlayersuseservicesoflayersbelow
• Don’t care how lower layers implement services
• Layersdefineabstractionboundaries
• At a given layer, all layers above and below are opaque

Basic Internet Archictecture “Hourglass” Narrow waist = interoperability
Application layer Transport layer
Network layer
Link layer
Physical layer

Packet encapsulation at each layer
Source: Wikipedia

Link layer: Connecting hosts to local network Most common link layer protocol: Ethernet
• Messagesorganizedintoframes
• Everynodehasagloballyunique6-byteMACaddress Source: Wikipedia

Link layer: Connecting hosts to local network
• Originallyabroadcastprotocol:everynodeonnetwork received every packet
• Now switched: switch learns the physical port for each MAC address and sends packets to correct port if known
• WiFisimilartoEthernet,butnodescanmove

IP: Internet Protocol
• Connectionlessdeliverymodel
• “Besteffort”=noguaranteesaboutdelivery
• Noattempttorecoverfromfailure
• Packetsmightbelost,deliveredoutoforder,delivered multiple times
• Packetsmightbefragmented
• Provideshierarchicaladdressingscheme

IP: Internet Protocol
• 32-bit host addresses
• Written as 4 bytes in decimal,
• e.g. 192.168.1.1
• 128-bit host addresses
• Written as 16 bytes in hex
• :: implies zero bytes
• e.g. 2620:0:e00:b::53 = 2620:0:e00:b:0:0:0:53

ARP: Address Resolution Protocol
• Problem:HowdoesahostlearnwhatMACaddresses to send packets to?
• ARPletshostsbuildtablemappingIPaddressestoMAC addresses.

ARP: Address Resolution Protocol
• Problem:HowdoesahostlearnwhatMACaddressesto send packets to?
• ARPletshostsbuildtablemappingIPaddressestoMAC addresses.
• ARPrequest:sourceMAC,destMAC,“WhohasIP address N?”
• ARPreply:sourceMAC,destMAC,“IPaddressNisat MAC address M.”

Routing: BGP (Border Gateway Protocol)
• Internet organized into ASes (Autonomous Systems) with peer, provider, or customer relationships between them
• Roughtreeshape,withasmallnumberofbackbone ASes in a clique at the root
• BGPallowsrouterstoexchangeinformationabouttheir routing tables
• Routersmaintainglobaltableofroutes
• Eachrouterannounceswhatitcanroutetoits
• Routespropagatethroughnetwork

TCP (Transmission Control Protocol)
• Wantabstractionofastreamofbytesdeliveredreliably and in-order between applications on different hosts
• TCPprovides:
• Reliable in-order byte stream
• Connection-oriented protocol
• Explicit setup/teardown
• End hosts (processes) have multiple concurrent
long-lived dialogs
• Congestion control: adapt to network path capacity,
receiver’s ability to receive packets

September 1981 Transmission Control Protocol
01234567890123456789012345678901 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F|
| Offset| Reserved |R|C|S|S|Y|I|
| | |G|K|H|T|N|N| +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
TCP Header Format
| Window | |

TCP: Visualization using Wireshark

• Eachapplicationisidentifiedbyaportnumber
• TCP connection established between port A on host address M to port B on host address N. Ports are 16 bits, 1–65535
• Some destination ports are used for particular applications by convention
80 HTTP(web) 443 HTTPS(web) 25 SMTP(mail)
67 DHCP(hostconfiguration) 22 SSH(secureshell)

TCP Sequence Numbers
• Bytesinapplicationdatastreamnumberedwith32-bitsequence
• Datasentinsegments:sequencesofcontiguousbytessentina single IP datagram
• Sequencenumberindicateswheredatabelongsinbytesequence
• Sequencenumberinpacketheaderisthesequencenumberof the first byte in the payload

TCP Sequence Numbers and Acknowledgement
• TwologicaldatastreamsinaTCPconnection:onein each direction
• Receiveracknowledgesreceiveddata: acknowledgement number is sequence number of next expected byte of stream in opposite direction
• ACKflagsettoacknowledgedata
• Senderretransmitslostdata
• Congestioncontrol:senderadaptsretransmission according to timeouts

TCP 3-Way Handshake Starting a TCP connection

FIN/RST: Closing TCP connections
• FINinitiatesacleancloseofaTCPconnection,waitsfor ACK from receiver

FIN/RST: Closing TCP connections
• FINinitiatesacleancloseofaTCPconnection,waitsfor ACK from receiver
• IfahostreceivesaTCPpacketwithRSTflag,ittears down the connection
• DesignedtohandlespuriousTCPpacketsfromprevious connections

UDP (User Datagram Protocol)
• UDPoffersnoservicequalityguarantee
• Essentiallyatransportlayerprotocolthatisawrapper around IP
• Addsportstoletapplicationsdemultiplextraffic
• Usefulforapplicationsthatonlyneedbest-effort guarantee
• e.g.DNS,NTP

RFC768 J. Postel ISI 28 August 1980
User Datagram Protocol
0 7 8 15 16 23 24 31 +——–+——–+——–+——–+ | Source | Destination | | Port | Port | +——–+——–+——–+——–+ ||| | Length | Checksum | +——–+——–+——–+——–+ |
| data octets . . . +—————- . . .
User Datagram Header Format
https://www.imperva.com/learn/ddos/udp-user-datagram-protocol/

DNS (Domain Name Service)
• Handlemappingbetweenhostnames(e.g.ucsd.edu) and IP addresses (e.g. 132.239.180.101)
• DNSisadelegatable,hierarchicalnamespace root
net edu com cn stanford ucsd princeton
cse ece music

DNS Records
$ dig cseweb.ucsd.edu
; <<>> DiG 9.10.6 <<>> cseweb.ucsd.edu
; ; global options: +cmd
; ; Got answer:
; ; ->>HEADER<<- opcode: QUERY, s t a t u s : ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ; ; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; ; QUESTION SECTION: ;cseweb.ucsd.edu. IN A ; ; ANSWER SECTION: cseweb.ucsd.edu. 3140 IN CNAMEroweb.eng.ucsd.edu. roweb.eng.ucsd.edu. 2855 IN A132.239.8.30 ; ; Query time: 57 msec ; ; SERVER: 192.168.1.254#53(192.168.1.254) ; ; WHEN: Sun Nov 03 20:49:08 PST 2019 ;; MSGSIZE rcvd:84 NOERROR, i d : 3727 DNS Details • 13mainDNSrootservers • DNSresponsesarecachedforquickerresponses • DNSauthoritiesqueriedprogressivelyaccordingto domain name hierarchy https://www.netnod.se/i-root/what-are-root-name-servers $ dig cseweb.ucsd.edu +trace ; <<>> DiG 9.10.6 <<>> cseweb.ucsd.edu +trace ; ; global options: +cmd
. 105604 IN NS d.root-servers.net.
. 105604 IN NS h.root-servers.net.
. 105604 IN NS c.root-servers.net. . 105604 IN NS j.root-servers.net.
. 105604 IN NS l.root-servers.net. . 105604 IN NS i.root-servers.net.
. 105604 IN RRSIG NS 8 0 518400 20191115050000 20191102040000 22545 . Z14B+vD/MKz0X1UBwu04kzwQNajhg1AflK7j5Jvd9NZ
; ; Received 525 bytes from 192.168.1.254#53(192.168.1.254) in 44 ms
edu. 172800 IN NS b.edu-servers.net. edu. 172800 IN NS f.edu-servers.net. edu. 172800 IN NSi.edu-servers.net.
edu. 172800 IN NS c.edu-servers.net. edu. 172800 IN NS e.edu-servers.net.
edu. 172800 IN NSd.edu-servers.net.
edu. 86400 IN DS 28065 8 2 4172496CDE85534E51129040355BD04B1FCFEBAE996DFDDE652006F6 F8B2CE76 edu. 86400 IN RRSIG DS 8 1 86400 20191116170000 20191103160000 22545 . BsoO9WI4UphacN5rL0B4f3bCzVPptbmTCKHwcMgb6e
;; Received 1174 bytes from 192.58.128.30#53(j.root-servers.net) in 20 ms
ucsd.edu. 172800 IN NSns-auth2.ucsd.edu.
ucsd.edu. 172800 IN NSns-auth3.ucsd.edu.
9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN NSEC3 1 1 0 – 9V5L4LUB1VNJ9EQQLIHEQCBREACL25O0 NS SOA RRSIG DNSKE
9DHS4EP5G85PF9NUFK06HEK0O48QGK77.edu. 86400 IN RRSIG NSEC3 8 2 86400 20191111043435 20191104032435 47252 e d u . 3FTB9RSLROQJUOPDNLJJE2I31U25M4MG.edu. 86400 IN NSEC3 1 1 0 – 4586U2HHMPSEAQHJD6R9INNA38POF8KL NS DS RRSIG 3FTB9RSLROQJUOPDNLJJE2I31U25M4MG.edu. 86400 IN RRSIG NSEC3 8 2 86400 20191111041950 20191104030950 47252 e d u . ;; Received 671 bytes from 192.41.162.30#53(l.edu-servers.net) in 9 ms
cseweb.ucsd.edu. 3600 IN CNAMEroweb.eng.ucsd.edu. roweb.eng.ucsd.edu. 3600 IN A132.239.8.30
https://linux.die.net/man/1/dig

Using the internet: A worked example
You connect your laptop to a cafe wifi network and type ucsd.edu into your browser’s URL bar. What happens?

Using the internet: A worked example
1. Your laptop uses DHCP (Dynamic Host Configuration Protocol) to bootstrap itself on the local network.

Using the internet: A worked example
1. Your laptop uses DHCP (Dynamic Host Configuration Protocol) to bootstrap itself on the local network.
• New host has no IP address, doesn’t know who to ask

Using the internet: A worked example
1. Your laptop uses DHCP (Dynamic Host Configuration Protocol) to bootstrap itself on the local network.
• New host has no IP address, doesn’t know who to ask
• Broadcasts DHCPDISCOVER to 255.255.255.255 with its MAC address
• DHCP server responds with config: lease on host IP address, gateway IP address, DNS server information

Using the internet: A worked example
2. Your laptop makes an ARP request to learn the MAC address of the local router.
• Every connection outside the local network will be encapsulated in a link-layer frame with the local router’s MAC address as the desination.
• Your laptop encapsulates each IP packet in a WiFi Ethernet frame addressed to the local router.
• The local router decapsulates these Ethernet frames and re-encodes them to forward them on its fiber connection to its upstream ISP, or to another part of the network.
• Each hop re-encodes the link layer for its own network.

Using the internet: A worked example
3. Your laptop does a DNS lookup on ucsd.edu.
• It learned the IP address of a local DNS server from DHCP, or had a server (like 9.9.9.9) already hard-coded.

Using the internet: A worked example
3. Your laptop does a DNS lookup on ucsd.edu.
• It learned the IP address of a local DNS server from DHCP, or had a server (like 9.9.9.9) already hard-coded.
• Each request is a DNS query encapsulated in one or more UDP packets encapsulated in one or more IP packets.
• Each response tells the laptop what authority to query, until it learns the final IP address (75.2.44.127) for ucsd.edu

Using the internet: A worked example
4. Your laptop opens a TCP connection to 75.2.44.127.
• Each packet of the TCP triple handshake is encoded in an IP packet that is encoded as Ethernet frames that are decoded and re-encoded as they pass through the network.
• The local router has a routing table that contains IP prefixes that it matches against the IP address that tells it what address to forward the packets to.

Using the internet: A worked example
5. Your laptop sends a HTTP GET request inside the TCP connection.
6. Based on the HTTP response, the laptop performs a new DNS lookup, TCP handshake, and HTTP GET requests for every resource in the HTML as it renders.

程序代写 CS代考加微信: powcoder QQ: 1823890830 Email: powcoder@163.com

Related Posts