1

Examples: those, who hold the keys to the Kingdom:

Jim Allchin, Microsoft's Windows chief said in Oct 2005,” I'd already been through lots of days of personal training on the tools that are used to do hacking.“ Researcher Dan Kaminsky found him to be

quite knowledgeable about Hashing. Researcher Matt Conover, while talking

about a fairly obscure type of problem called a "heap overflow”, asked the audience, made up mostly of vice presidents, whether they knew about this type of issue, 18 of 20 hands went up. (Blue Hat Conference at Redmond in Oct 2005)

2

Internship: provides learning opportunitiesInternet and/or telecom protocols

TCP/IP stack SIP (Session Initiation Protocol)

H.323 (ITU standard to allow telephones, on the public telephone network, to talk to computers, connected to Internet)

Server Message Block/Common Internet File System (CIFS),

Distributed Network Protocol (DNP3)

Ref: http://www.dnp.org/ .

3

Learning Opportunities

Working of Internet communications equipment how the communications channels,

that the Internet communication equipment use, can be modified to compromise the system.

4

Learning Opportunities

Ruby language and its use in modeling network protocol stacks. To create protocol implementations in

“our” Ruby framework and then to apply protocol mutations to test systems for robustness and security vulnerabilities using an attack surface approach.

5

Security Threats RFC 1244 identifies three distinct types

of security threats associated with network connectivity: Unauthorized access

A break-in by an unauthorized person. Break-ins may be an embarrassment that

undermine the confidence that others have in the organization.

Moreover unauthorized access one of the other threats:-- disclosure of information or

--denial of service.

6

Classification of Security Threats Reference: RFC 1244

Disclosure of information disclosure of valuable or sensitive information to

people, who should not have access to the information.

Denial of service Any problem that makes it difficult or impossible for

the system to continue to perform productive work.

Do not connect to Internet: a system with highly classified information,

or, if the risk of liability in case of disclosure is

great.

7

A secure system

Intersection of A system which is able to maintain

confidentiality of data; A system which is able to maintain

integrity of data; A system, which is available,

whenever the user require it

8

Terminology of Hacking Snooping (also called passive wire-tapping) Active wire-tapping or man-in-the middle

attack Spoofing or Masquerading of a host or a

service-provider (Distinguish it from Delegation)

Repudiation of origin or of creation of some file

Denial of receipt Usurpation: unauthorized control

9

Threats for the Internet/ISP

propagate false routing entries (“black holes”) domain name hijacking link flooding packet intercept Phishing attacks: use e-mails that often

appear to come from a legitimate e-mail address and include links to spoofed Web addresses. The receiver responds to the link, which takes the receiver to a site, other than what the receiver thinks he is going to. (announced by MS on 16 Dec 2003, as a problem with Internet Explorer).

10

Types of Security Threats: Additions• Denial of service• Illegitimate use• Authentication

• IP spoofing• Sniffing the password• Playback Attack• Bucket-brigade attack ( when Eve substitutes her

own public key for the public key of Bob in a message being sent by Bob to Alice)

• Generic threats: Backdoors, Trojan horses, viruses etc

11

TCP/IP STACK

12

RARP

IPICMP

ARP

UDP TCP

BGPRIP OSPF

FTP SMTPTELNETDNS

Data Link Layer

Physical Layer

13

Ethernet Type ARP 080616

RARP 803516

IP 080016

IP Protocol OSPF 89 UDP 17 TCP 6 ICMP 1

UDP Ports RIP 520 DNS 53

TCP Ports BGP 179 DNS 53 SMTP 25 TELNET 23 FTP 21 HTTP 80 HTTP PROXY 8080

14

TCP/IP

STACK+

15

Session Initiation Protocol (SIP) a signalling protocol used for

establishing sessions in an IP network.

A session may be a simple two-way telephone call or a collaborative multi-media

conference session.

16

Uses of SIP VoIP telephony voice-enriched e-commerce, web page click-to-dial, Instant Messaging with buddy lists

References: 1. RFC 3261

2.http://www.sipcenter.com/sip.nsf/html/What+Is+SIP+Introduction

17

Session Initiation ProtocolVoIP uses the following standards and

protocols: to ensure transport (RTP), to authenticate users (RADIUS, DIAMETER), to provide directories (LDAP), to be able to guarantee voice quality

(RSVP, YESSIR) and to inter-work with today's telephone

network, many ITU standards

18

H.323 and H.248 H.323 (ITU standard to allow telephones, on

the public telephone network, to talk to computers, connected to Internet) used for local area networks (LANs), but

was not capable of scaling to larger public networks.

H.248 also called MEGACO: Media Gateway Control Protocol (Megaco) ---

the name used by IETF H.248 – the name used by ITU-T Study Group

16

19

H.248/MEGACO MEGACO: a standard protocol for handling

the signaling and session management needed during a multimedia conference.

defines a means of communication between a media gateway, which converts data from the format required for a circuit-switched network to that required for a packet-switched network, and the media gateway controller.

References: 1.RFC 3015 2. http:// searchnetworking.techtarget.com

/ sDefinition/0,,sid7_ gci817224,00.html as of 12th Oct 2006

20

Stream Control Transmission Protocol (SCTP) SCTP: a reliable transport protocol operating on top of

IP. It offers acknowledged error-free non-duplicated

transfer of datagrams (messages). Detection of

data corruption, loss of data and duplication of data

is achieved by using checksums and sequence numbers. A selective retransmission mechanism is applied to correct loss or corruption of data.

21

Difference between SCTP and TCP difference with to TCP: multihoming and

the concept of several streams within a connection. Where in TCP a stream is referred to as a sequence of bytes, an SCTP stream represents a sequence of messages (and these may be very short or long).

References: 1. SCTP for beginners http://tdrwww.exp-math.uni-essen.de/inhalt/forschung/sctp_fb/index.html as of Oct 12/2006

2. http://www.sctp.org/ 3. RFC2960

22

DNP3 Protocols define the rules by which devices talk with each

other.

DNP3 is a protocol for transmission of data from point A to point B using serial and IP communications.

used primarily by utilities such as the electric and water companies for SCADA (Supervisory Control and Data Acquisition) applications.

provides rules for remotely located computers (at sub-stations) and master station computers (at operations center) to communicate data and control commands.

23

Server (or Sessions) Message Block (SMB):

A File-sharing protocol Windows (95, 98, NT), OS/2 and Linux

machines (running SAMBA): use SMB

Developed jointly by MS, IBM and Intel SMB: provides a method for client

applications on a computer to read and to ‘write to’: files on

servers in the network to request services from servers in the

network

24

SMB

SMB: can be used over the Internet (through the TCP/IP protocol)

or over the local network (through the

IPX and the NetBEUI/ NetBIOS protocols);

SMB: Windows equivalent to Sun's Network File System (NFS).

25

Ports used by SMB on TCP/IP UDP/137 is used for name resolution and

registration UDP/138 is used for browsing TCP/139 is used for the main file and

print sharing transactions Windows 2000 and XP: port 445 (In/Out):

Allows remote administration and monitoring using Windows Management Instrumentation (WMI).

26

SAMBAReference: Robert Eckstein, David Collier-Brown, and Peter Kelly, Using Samba , O'Reilly and Associates, 1999 "Samba is a suite of Unix applications that

speak the SMB (Server Message Block) protocol.”

Many operating systems, including Windows and OS/2, use SMB to perform client-server networking.

By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. Thus, a Samba-enabled Unix machine can masquerade as a server on your Microsoft network

27

SAMBAReference: Samba-3 by Example by John H. Terpstra http://us1.samba.org/samba/docs/man/Samba-Guide/preface.html#id2504950

an open source software can be run on a platform other than

Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.

uses the TCP/IP protocol that is installed on the host server.

help you implement Windows-compatible file and print services.

28

Using SambaReference: http://www.roseindia.net/linux/tutorial/linux-howto/SMB-HOWTO-2.html

One can use Samba to Share a Linux drive with Windows machines. Access an SMB share with Linux machines. Share a Linux printer with Windows machines. Share a Windows printer with Linux machines. allow a Linux host to interact with a Microsoft

Windows client or server as if the host were a Windows file and print server, when correctly configured.

29

Services offered by a SAMBA enabled UNIX machine Share one or more filesystems Share printers installed on both the server

and its clients Assist clients with Network Neighborhood

browsing Authenticate clients logging onto a

Windows domain Provide or assist with WINS name server

resolutionSamba: the brainchild of Andrew Tridgell, Samba development team, Canberra, Australia.

Reference: http://us1.samba.org/samba/

30

References http://us1.samba.org/samba/docs/Samb

aIntro.html http://www.rxn.com/services/faq/smb/

using_samba/html/ch03_01.htm A DNP3 Protocol Primer at

http://www.dnp.org/About/DNP3%20Primer%20Rev%20A.pdf

How to of networking http://tldp.org/HOWTO/HOWTO-INDEX/networking.html

31

Ports used by Real Time Streaming Protocol (RTSP) TCP/554 (In/Out): Used for accepting

incoming RTSP client connections and for delivering data packets to clients that are streaming by using RTSPT.

UDP/5004 (Out): Used for delivering data packets to clients that are streaming by using RTSPU.

UDP/5005 (In/Out): Used for receiving packet loss information from clients and providing synchronization information to clients that are streaming by using RTSPU.

32

IP – 5 layer DoD model

Layering – 5 layer DoD model

APPLICATION

TRANSPORT

INTERNET

NETWORK INTERFACE

PHYSICAL

33

IP and the Internet Architecture

Application

Presentation

Session

Transport

Network

Data Link

Physical

TCP UDP

IP

Network

Application

OSI Model Internet Architecture

Ethernet, Token Ring, etc.Bridging and switching

Internet addressing, routing

34

Ethernet Frame for ARP packet: Ethernet-type for ARP 080616

CRC

PADDING

IPAdd

TARGET

HA

T

A

R

G

E

T

IPAdd

SENDER

HA

SENDER

OPERATION

PSIZE

HSIZE

HADEST

HASRC

6 6 2 2 1 2

PTYPE

HTYPE

TYPE

2 1 6 4 6 4 18 4ARP message

35

IEEE 802.3 Standard

8 6 6 2 46B – 1500B 4

preambleDest add

Src add type data crc

bits 368-12,000

FRAME

16 bits

CRC – Cyclic Redundancy Check

36

Ethernet parameters

Type – Self-identifying -> e.g. 1. for an ARP message,

type=080616

2. For RARP message, type = 803516

3. For an IP message, type = 080016

37

IP Address Cl- Number of bits in available n/w addresses

ass net-ID host-ID lr-limit Upr-limitA 0 7+ 24 0.0.0.0 127.0.0.0 (1.0.0.0)* (126.0.0.0)*

B 1 0 14+ 16 128.0.0.0 191.255.0.0

C 1 1 0 21+ 8 192.0.0.0 223.255.255.0----------------------------------------------------------------------------------------------------

D 1 1 1 0 m-cast 224.0.0.0 239.255.255.255

(used only as DEST add)

E 1 1 1 1 0 reserved 240.0.0.0 255.255.255.254

* After taking into account the addresses Reserved for SPECIAL cases.

Host idNet id

38

IP Addresses (contd)

Class Max no of N/W Max no. of Hosts

A 126 networks with 16m hosts each (27-2) (224-2=16,777,214)

B 16384 networks with 64 k hosts each (64*256)=(214) (216-2=65,534)

C 2,097,152 254 (32*256*256)= (221) (28-2=254)

39

Addresses per class

Class No. of Addresses %ageA 231=2,147,483,648 50B 230=1,073,741,824 25C 229= 536,870,912 12.5D 228= 268,435,456 6.25E 228= 268,435,456

6.25

40

Special IP addresses

Net-id host-id Type PurposeAll zeroes all zeroes this comp on this n/w bootstrap (SRC add

only) specific all zeroes this n/w identifies a n/w (cant be a SRC/DST add) specific all ones directed broadcast on a specific netAll ones all ones limited broadcast to on the local net

CLASS E(Blocked by Router) all hosts on this n/w 127 any loop-back testing (Blocked by Machine)All zeroes specific specific host on this n/w(Blocked by Router) (DEST address only)127.x.y.z : loop-back address,not a n/w address. DEST add only.

Message does not leave the machine.

41

Special Multicast cases -

Categories : 224.0.0.xe.g. All Routers which use a

particular category. Conferencing : 224.0.1.x

42

Free IP addresses for Intranets

Private internets : Class net-id no. of nets A 10.0.0.0 1 B 172.16.0.0 to 172.31.0.0 16 C 192.68.0.0 to 192.68.255.0 256

43

Conventions for IP addressing

From the study of special IP addresses: Net-id cannot begin with 127 First octet cannot be 255 in a net-id First octet cannot be 0 in a net id

Group computers by Types / departmets Address Routers starting with Low numbers and Hosts starting with High numbers

44

IP Address Cl- Number of bits in available n/w addresses

ass net-ID host-ID lr-limit Upr-limitA 0 7+ 24 0.0.0.0 127.0.0.0 (1.0.0.0)* (126.0.0.0)*

B 1 0 14+ 16 128.0.0.0 191.255.0.0

C 1 1 0 21+ 8 192.0.0.0 223.255.255.0----------------------------------------------------------------------------------------------------

D 1 1 1 0 m-cast 224.0.0.0 239.255.255.255

(used only as DEST add)

E 1 1 1 1 reserved 240.0.0.0 255.255.255.254

* After taking into account the addresses Reserved for SPECIAL cases.

Host idNet id

45

VERS Version of IP PROTOCOL

HLEN LENGTH of HEADER in 32 bit words

0

46

VERS version of IP 4HLEN length of header in 32 bit words

TYPE OF SERVICE     0 1 2 3 4 5 6 7

 

D: Minimize delay R: Maximize ReliabilityT: Maximize throughput C: Minimize Cost

PRECEDENCE 0 for Normal :  :  7 for Network Control

PRECEDENCE D T R C Unused

47

Precedence and TOS bits

Precedence (3 bits ): 000 lowest priority 111 highest priority (The highest priority may be accorded to

the network management messages) If a Router is congested, it may discard

messages of lower precedence. This is not a required field in Ver.4.

TOS bits: Only one bit ( out of 4 ) can be set at a time.

48

There are 5 types of services: 0000 Normal 0001 Minimize Cost 0010 Maximize reliability 0100 Maximize throughput 1000 Minimize delay

Background activities need minimum costs. Activities that send bulk data require maximum

throughput

49

Management activities require maximum reliability.

Activities requiring immediate attention, activities requiring immediate response and

Control/Command messages like Remote Login commands

require minimum of delay IP v4 does not guarantee the TOS requested

by a host.

50

PROTOCOL

Informs about the Protocol used by the Upper Layer; tells us about the nature of data

Value of Protocol field in IP datagram: PROTOCOL VALUE ICMP 1 IGMP 2 IP in IP 4 TCP 6 EGP 8 UDP 17 IP v6 41 OS PF 89

51

ARP message format - Variable length fields(28 octets for Ethernet)

0 8 16 3124

Hardware type

HLEN

Target HA ( 0ctets 2 - 5 )

Sender HA (0ctets 4-5)

Sender HA (Octets 0-3)

Operation

Protocol type

PLEN

Sender IP (0ctets 0-1)

Sender IP (0ctets 2-3) Target HA (0ctets 0-1)

Target IP ( 0ctets 0 - 3 )

52

ARP message format - Variable length fields(28 octets for Ethernet)

0 8 16 3124

Hardware type

HLEN

Target HA ( 0ctets 2 - 5 )

Sender HA (0ctets 4-5)

Sender HA (Octets 0-3)

Operation

Protocol type

PLEN

Sender IP (0ctets 0-1)

Sender IP (0ctets 2-3) Target HA (0ctets 0-1)

Target IP ( 0ctets 0 - 3 )

53

ARP parameters

Hardware type 1 for Ethernet Protocol type 080016 for IP HLEN & PLEN – length of hardware

and protocol addresses in octets. Operation – ARP request 1 ARP response 2 RARP request 3 RARP response 4

54

TCP Segment: Format

(16 bits)

(32 bits)

(32 bits)

(6 bits)(16 bits)

(16 bits) (16 bits)

(if any)

(16 bits)

(6 bits)(4 bits)

^

u

The Header is of 20-60 bytes in size.

55

TCP Segment: Format (continued) Bit

(left to right)

Meaning

(if bit set to 1)

URG Urgent pointer field is valid

ACK Acknowledgement field is valid

PSH This segment requests a Push

RST Reset the Connection

SYN Synchronize Sequence Numbers (for initiating a connection)

FIN Sender has reached the end of its byte stream (for closing the connection)

Normally, out of the last 4 flags, only one may be ON at a time.

56

UDP Format

57

The PSEUDO - HEADER

PSEUDO - HEADER

58

Addressing in IPv6 128 bit addresses Dotted decimal notation, used for v4 is inappropriate

for v6. (Instead of 4, there would be 16 parts, if the same method were used to represent the addresses.)

Colon Hexadecimal notation used for represention. Ex: 21AC:00C5:3D2C:8F23:AABC:0000:89CF:8C70

64 bits for subnet and 64 bits for host. 232 = 4,294,967,296 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456Surface area of earth = 197399,019 sq. miles = 511,263,971,197,990 sq. metresSo there are 665,570,793,348,866,943,898,599 addresses per sq

m

59

Simplified Representation Simplification:

Suppress leading zeros in every 16-bit block;

Ex: Thus 00C5 may be written as C5. Compress one single contiguous

sequence of blocks of 16-bit zeros. Replace it by a double colon.

Thus the sixth block of 16 zeros may be replaced by ::.

But usable only once in a given address.

60

Types of addresses in v6 Unicast RFC 2373: multiple interfaces of a host can use

the same address, if the multiple interfaces look to be a single interface to IPv6 implementation.

Multicast No separate broadcast addresses. Broadcast

addresses are managed as multicast addresses only.

Anycast delivers messages of a multicast group to the nearest member of the group

61

Notes on v6 addressing IPv6: designed for efficient, hierarchical addressing

and routing Reserved addresses:0:0:0:0:0:0:0:0 or :: indicates absence of address;

used as a source address only; not assigned to any interface

0:0:0:0:0:0:0:1 Loopback address (like 127.x.y.z in v4) IPv4 compatible addresses: Mixed notation:0:0:0:0:0:0:w.x.y.z or ::w.x.y.zwhere w.x.y.z is an IPv4 address.For v6 and v4 to co-exist and for messages to go over

a mix of v6 and v4 infrastructure, the compatibility problem has been specified in RFCs

62

IPv6 versus IPv4some aspects

63

IPv6 and IPv4IPv6 A fixed length header of 40 bytes (20 bytes <= v4 header length =<60 bytes) Additional headers for fragmentation and

options Five (HLEN, Identification, Flags, Fragment

Offset and Header Checksum ) fields removed No of fields = 8 in v6 (v4: 12 fields (excluding Options)) Source and destination addresses:

of 16 bytes each in v6 and of 4 bytes each in v4

64

Processing at routers v6 packets vs. v4 packets

IPv6 No verification and recalculation of

header checksum No fragmentation required No processing of options, which

are not intended for routers

65

Some new field names in v6 Traffic Class in place of Type of Service in v4 Payload Length (including the length of

extension headers and higher level protocol data unit (PDU))

in place of Total Length in v4 Hop Limit in place of TTL in v4 Next Header in place of Protocol in v4

66

Class D and E in v4 Multicast in v6 CLASS E: Addresses from 240.0.0.0 to

255.255.255.254 reserved for experimental purposes.

If a node should use one of these addresses on the Internet, it may fail to communicate properly.

limited broadcast address: 255.255.255.255 for a broadcast on the local network.

Addresses from 255.0.0.0 to 255.255.255.255: reserved by IP for broadcast. Hence these addresses may not be considered part of Class E.

Class D: Addresses from 224.0.0.0 to 239.255.255.255: used for multicast.

Can be used only as a Destination address.Both Class D and Class E addresses: Not to be used as

addresses of ordinary nodes on the Internet.

67

Format Prefix (FP) for v6 addresses FP of aggregatable global unicast addresses (similar to public IP addresses in v4): 001 designed to support efficient hierarchical routing.The Aggregatable Global Unicast addresses are 1/8th of the

total v6 address space. It can assign 137,438,953,472 distinct sites.

Compare with FP of Link-local Unicast addresses: 1111 1110 10 FP of Site-local Unicast addresses: 1111 1110 11 Format Prefix (FP) for Multicast Addresses: 1111 1111

68

Multicast for v6 Flag: 0001 a transient group; 0000 a

permanent group, with Group identity assigned by ICANN

Scope: 1 node-local: packets never leave the node 2 link-local: packets never forwarded by routers 5 site-local: packets never leave the site 8 org-local: packets never leave the organization

(handled by routing protocols) E global

FF16bit

s

Flag4bits

Scope4bits

Group ID112bits

69

Multicast Addresses All nodes address: addresses all nodes on the local

network: ff02::1 All routers address: addresses all routers on the

local network: ff02::2 Solicited-Node address: replacement for ARP: Every

node with v6 address listens at its own IP address. If the last 24 bits of its address are xyzwpq, it also

listens at ff02::1:ffxy:zwpqFor nodes on the local net, if it is assumed that the last24 bits of the IP address are the same, this may be areplacement for ARP, as a datagram with a destination address offf02::1:ffxy:zwpq will be received by every node on thelocal net.

70

ROUTING

71

Am An

N1 : 137.108.0.0

131.108.22.177

131.108.154.88

R1

131.108.0.1

78.0.0.1N2 : 78.0.0.0

B2

78.0.0.3

R3

R2

78.0.0.2

N3

223.240.129.1

N4 : 223.240.129.0Dn

223.240.129.254

A small part of internet

155.126.0.0

155.126.0.2

155.126.0.1

131.108.0.2

223.240.129.2

72

Jobs of a Router: ----Decrement TTL.

----Recompute the checksum.----Extract the netid & find out if the datagram can be delivered directly or find the next Hop address.

----send the datagram ahead after updating the IP header

It may also perform fragmentation, if required.Routing Tables: SPECIAL ROUTES :

Default route Host specific route

73

ROUTING TABLEFLAGS: U: The route is up H: Specifies whether destination

address is the address of a n/w or that of a host.

R: Specifies whether the Next Hop is a Router or a directly connected interface.

D: The route was created by a Redirect M: The route was modified by a Redirect

74

Example

75

For R3 Let 223.240.129.9 be the interface X2 and

let 151.100.0.9 be the interface X1.

.FLAGS

MASK DESTINATION

NEXTHOP

INTER-FACE

U 255.255.0.0 151.100.0.0 DirectDelivery

X1

U 255.255.255.0

223.240.129.0 DirectDelivery

X2

UR 255.0.0.0 78.0.0.0 223.240.129.5 X2

UR 255.255.0.0 131.108.0.0 223.240.129.7 X2

UR 255.255.0.0 178.080.0.0 151.100.0.1 X1

76

ARP parameters

Hardware type 1 for Ethernet Protocol type 080016 for IP HLEN & PLEN – length of hardware

and protocol addresses in octets. Operation – ARP request 1 ARP response 2 RARP request 3 RARP response 4

77

ICMP

78

Unreachable Destination

0 8 16 31

Type code checksum

Unused(must be Zero)

IP HEADER + FIRST 64

BITS OF DATAGRAM

79

Example: For an option-less IP datagram, 7 thirty-two bit words will be added after the UNUSED 32 bit field.

TYPE 3 CODE 0 – 15 Routers may not be able to detect

all unreachability errors . The sender may have no control

over the machines(s) causing the error.

80

TYPE 3 DESTINATION UNREACHABLE

CODE MEANING Message Generated by

0 Network U R 1 Host U/subnet

U R

2 Protocol U H 3 Port U H 4 Fragmentatio

n Required and DF bit set

R/H

81

Exception in Format for Code 4: A Router may place, in the low-

order 16 bits of the UNUSED 32-bit field, the MTU of its outgoing interface

82

8 CODE MEANING Message Generated by

5 Source Route Failed

-

6 Destination N/W unknown

R

7 Destination Host unknown

R

8 The source host isolated

9 Communication with n/w prohibited

R

10 Communication with HOST prohibited

R

83

CODE MEANING Message Generated by

11 N/w U for T OS R

12 Host U for T OS R 13 A Filter put on the

destination hostH

14 Requested precedence is not permitted for the destination host.

H

15 Dest Host precedence higher than the precedence specified in the datagram

H

84

CONGESTION AND FLOW CONTROL

Source Quench type 4 same Format

Code 0 as that for the Unreachable Destination case.

Routers send one Source Quench message for every datagram they discard. IP has no flow control Routers and (destination) host have a limited

buffer size

85

A source Quench message means a datagram has been discarded warns the source

The sources has no clue when the congestion ends. It should reduce the rate as long as long it

continues to receive the SQ messages Then it may gradually increase the rate as

long as no SQ message is received.The above decision has a validity if congestion is

caused by one-to-one communication, and not by many-to-one communication. In the later case, the SQ message my even go to the slowest source.

86

Time Exceeded Error Message

When a Router discards a datagram because TTL has reached zero or Reassembly timer timed out, while waiting for

fragments of a datagram,

the message format same as that of the Unreachable Destination case

 TYPE 11 CODE 0 TTL exceeded or 1 Reassembly timer timed out.

87

Parameter Problem

OTHER Problems When a datagram has to be

discarded, because some header fields are incorrect, a parameter problem message is sent to the Sender.

 

0 8 16 31

Type code checksum

pointer Unused(must be Zero)

IP HEADER + FIRST 64

BITS OF DATAGRAM

88

TYPE 12 CODE 0 Pointer points to the octet in the

datagram header, which caused the problem.

89

Missing Option

To Report a Missing Option: Nearly the above format is used to

report a missing option, which is required. The only changes are:

code 1 (type remains 12) Pointer is not there. Instead

unused is extended to 32 bits

90

Redirect Request

Route change Request from Routers

Redirect: Routers: assumed to know correct

routes. Host begins with a small routing table.

(It is initialized using a system configuration file at system startup.)

Then the Host learns about new Routes from Routers. 

91

Redirect Request (Contd.)

 0 8 16 31

Type code checksum

Routers Internet Address 32 bits

Internet Header + first

64 BITS OF DATAGRAM

92

Redirect Request (Contd.) TYPE 5 CODE 0 to 3 Router Internet address is the address of the

Router that the host is to use to reach the destination in the header.

0 is not used now.

TYPE REDIRECT 1 Redirect for the

Host 2 Redirect for the NET

and TOS

3 Redirect for the HOST and TOS

93

ECHO REQUEST AND REPLY

0 8 16 31

Type code checksum

Identifier 16 bits Sequence No 16 bits

Optional data

94

Type 8 ( REQUEST) OR 0 (REPLY) CODE 0

Identifier and Seq No: To match replies to requests

An Identifier may define a class of messages. The sequence number specifies a particular message of the class.

95

Optional data: If it is sent in the Request, the Reply

contains exactly the same data

Ping sends a series of echo requests with specified length of data and interval between requests. It provides statistical data about datagram loss and Transit Time.

96

Transit Time Estimation and Clock Synchronization

0 8 16 31

Type code checksum

Identifier 16 bits Sequence No 16 bits

ORIGINATE TIME STAMP

RECEIVE TIME STAMP

TRANSMIT TIME STAMP

97

TYPE 13 (REQUEST) OR 14 (REPLY) CODE 0 

Originate time stamp Filled in by the sender Just Before the datagram is send

Receive Timestamp Filled in by the receiver Immediately upon receipt of the

Request

98

Transmit Timestamp Filled by the ‘receiver’ before the Reply is

transmitted Time is in ms starting from midnight at

universal time prime maridian. The largest number that can be

accommodated is 2 32 - 1 = 4, 294, 967, 295

During a day , the number of milliseconds is 24 X 60 X 60 X 1000 = 86, 400, 000

If a system uses a nonstandard timestamp(ie if it does not provide ms after UTC midnight), it turns on the highest-order bit of the 32-bit time stamp.

99

EXAMPLE: ORIGINATE Timestamp = 1285 RECEIVE Timestamp = 1299 Transmit Timestamp = 1300 The message is received back at 1307 Time taken for forward path = 1299 – 1285 =

14ms Time taken for return path = 1307 – 1300 = 7ms Round Trip time (RTT) = 21 ms Difference in the clock = 1299 – (1285 + RTT/

2) = 3.5 ms DISADVANTAGE: It does not specify the date.

100

TCP Segment: Format (continued)

•Checksum is calculated by:(I) Using TCP Header;(II) Using Pseudo-Header;(III) Using the Data.

•At the Receiver-end, the IP layer passes the segment and the two IP addresses to the TCP software for processing. •The pseudo-Header

(32 bits)

(32 bits)

(8 bits) (8 bits) (16 bits)

101

TCP Segment: Format (continued)

• Protocol: For IP datagrams carrying TCP, the value is 6

• TCP Length (in octets): Specifies the total length of the TCP segment including the TCP header.

• Urgent Pointer: When URG bit is set, it defines the number that

must be added to the SEQUENCE NUMBER to obtain the number of the last urgent byte in the data section of  the segment.

102

TCP OPTIONS

• Every option has an 8 bit KIND field. • The format of an option can be of two types:

• Type 1: A Single Octet of KIND • Type 2: An Octet of KIND + an octet of

field OPTION - LENGTH + Option - Data octets.

• OPTION - LENGTH counts the two octets of KIND and OPTION - LENGTH as well as the Data octets.

• All options are included in the Checksum.

103

TCP OPTIONS (continued)

•An 8-bit KIND field is always the first field in an Option and is the only field in Single Byte Options.

104

TCP OPTIONS (continued)

A few options are as follows:  KIND Length Meaning

(I) 0 - End of options list

(II) 1 - No Operation

(III) 2 4 Maximum Segment Size

(IV)          3             3 Window Scale Factor

(V) 8 10 Timestamp for Round Trip Time Measurement

105

TCP OPTIONS (continued)

(I) End-of-Options: Used at the end of ALL options; to be used onlyif the end of options does not make the TOTAL

number of ALL option bits a multiple of 32. (Shown as ZEROS in the figure of segment

format)   End of Options means:

 1. No more Options in the Header. 2. The remainder of the 32 bit word is garbage. 3. Data starts at the beginning of the next 32 bit

word.

106

TCP OPTIONS (continued)

(II) No Operation: May be used BETWEEN options if it is desired to

align the beginning of the next option at a (16-bit) word boundary.

0 0 0 0 0 0 0 1

107

TCP OPTIONS (continued)

(III)Max Segment Size:• Performance of the network can be poor for either

extremely large or extremely small sizes. • If the two end-points lie on the same physical

network, the maximum segment size may be equal to the Network MTU. Or the maximum data size may be the default size of IP datagram(576) minus the size of the IP and TCP Headers.

• The option is used along with SYN=1 at start.

108

TCP OPTIONS (continued)

• Format of MSS Option:

KIND 8 bits LENGTH 8 bits

MAX SEG SIZE 16 bits

KIND = 2 LENGTH = 4

109

TCP OPTIONS (continued)

(IV) Window Scale Factor:

•Actual Window size = (Window size in header)* 2Scale factor •In 8 bits a value of up to 255 can be there. But TCP/IP allows a MAX VALUE of 16 .•Window Scale Factor is fixed during connection set-up phase only.•During data transfer, the size of specified window may change. But it is always multiplied by the same scale factor.

110

TCP OPTIONS: Window Scale Factor continued

KIND

8bits

LENGTH = 3,

Kind =3

LENGTH

8bits

SCALE FACTOR

8bits

111

TCP OPTIONS (continued)

(V) TIMESTAMP Option:

•TS Value: Current Clock time of the TCP sending the option •TS Echo: Valid only if ACK bit is sent. It echoes the TS value sent by the remote TCP. Otherwise its value must be zero. KIND = 8; LENGTH = 10.

112

TCP OPTIONS (continued)

(V) TIMESTAMP Option (continued):

•To confirm availability of TS option: A TCP may send TS Option in the SYN segment. It may send TS option in other segments only if it receives a TS Option in SYN segment.

•Format:Kind (8 bits) Length (8 bits)

TS Value (32 bits)

TS Echo (32 bits)

113

Establishing a Connection (continued)

•Thus let ISN at the sending end = X ISN at the receiving end = Y

Segment1

Segment2

Segment3

Figure Establishing the Connection

114

Closing a TCP connection (continued)

Segment 1

Segment 2

Segment 3

Segment 4REC ACK

REC ACK

Application Closes

Send FIN, SEQ=P

Active Close Passive Close

SENDERA

RECEIVER BREC FIN

Inform Application by delivering EOF

SEND ACK=P+1

Application Closes connection

Send FIN, SEQ=Q, ACK=P+1REC FIN + ACK

Inform Application by delivering EOF, Time-Wait

SEND ACK=Q+1

Fig: Closing the Connection