1 Examples: those, who hold the keys to the Kingdom: Jim Allchin, Microsoft's Windows chief said in...
-
Upload
lynette-cummings -
Category
Documents
-
view
212 -
download
0
Transcript of 1 Examples: those, who hold the keys to the Kingdom: Jim Allchin, Microsoft's Windows chief said in...
1
Examples: those, who hold the keys to the Kingdom:
Jim Allchin, Microsoft's Windows chief said in Oct 2005,” I'd already been through lots of days of personal training on the tools that are used to do hacking.“ Researcher Dan Kaminsky found him to be
quite knowledgeable about Hashing. Researcher Matt Conover, while talking
about a fairly obscure type of problem called a "heap overflow”, asked the audience, made up mostly of vice presidents, whether they knew about this type of issue, 18 of 20 hands went up. (Blue Hat Conference at Redmond in Oct 2005)
2
Internship: provides learning opportunitiesInternet and/or telecom protocols
TCP/IP stack SIP (Session Initiation Protocol)
H.323 (ITU standard to allow telephones, on the public telephone network, to talk to computers, connected to Internet)
Server Message Block/Common Internet File System (CIFS),
Distributed Network Protocol (DNP3)
Ref: http://www.dnp.org/ .
3
Learning Opportunities
Working of Internet communications equipment how the communications channels,
that the Internet communication equipment use, can be modified to compromise the system.
4
Learning Opportunities
Ruby language and its use in modeling network protocol stacks. To create protocol implementations in
“our” Ruby framework and then to apply protocol mutations to test systems for robustness and security vulnerabilities using an attack surface approach.
5
Security Threats RFC 1244 identifies three distinct types
of security threats associated with network connectivity: Unauthorized access
A break-in by an unauthorized person. Break-ins may be an embarrassment that
undermine the confidence that others have in the organization.
Moreover unauthorized access one of the other threats:-- disclosure of information or
--denial of service.
6
Classification of Security Threats Reference: RFC 1244
Disclosure of information disclosure of valuable or sensitive information to
people, who should not have access to the information.
Denial of service Any problem that makes it difficult or impossible for
the system to continue to perform productive work.
Do not connect to Internet: a system with highly classified information,
or, if the risk of liability in case of disclosure is
great.
7
A secure system
Intersection of A system which is able to maintain
confidentiality of data; A system which is able to maintain
integrity of data; A system, which is available,
whenever the user require it
8
Terminology of Hacking Snooping (also called passive wire-tapping) Active wire-tapping or man-in-the middle
attack Spoofing or Masquerading of a host or a
service-provider (Distinguish it from Delegation)
Repudiation of origin or of creation of some file
Denial of receipt Usurpation: unauthorized control
9
Threats for the Internet/ISP
propagate false routing entries (“black holes”) domain name hijacking link flooding packet intercept Phishing attacks: use e-mails that often
appear to come from a legitimate e-mail address and include links to spoofed Web addresses. The receiver responds to the link, which takes the receiver to a site, other than what the receiver thinks he is going to. (announced by MS on 16 Dec 2003, as a problem with Internet Explorer).
10
Types of Security Threats: Additions• Denial of service• Illegitimate use• Authentication
• IP spoofing• Sniffing the password• Playback Attack• Bucket-brigade attack ( when Eve substitutes her
own public key for the public key of Bob in a message being sent by Bob to Alice)
• Generic threats: Backdoors, Trojan horses, viruses etc
11
TCP/IP STACK
12
RARP
IPICMP
ARP
UDP TCP
BGPRIP OSPF
FTP SMTPTELNETDNS
Data Link Layer
Physical Layer
13
Ethernet Type ARP 080616
RARP 803516
IP 080016
IP Protocol OSPF 89 UDP 17 TCP 6 ICMP 1
UDP Ports RIP 520 DNS 53
TCP Ports BGP 179 DNS 53 SMTP 25 TELNET 23 FTP 21 HTTP 80 HTTP PROXY 8080
14
TCP/IP
STACK+
15
Session Initiation Protocol (SIP) a signalling protocol used for
establishing sessions in an IP network.
A session may be a simple two-way telephone call or a collaborative multi-media
conference session.
16
Uses of SIP VoIP telephony voice-enriched e-commerce, web page click-to-dial, Instant Messaging with buddy lists
References: 1. RFC 3261
2.http://www.sipcenter.com/sip.nsf/html/What+Is+SIP+Introduction
17
Session Initiation ProtocolVoIP uses the following standards and
protocols: to ensure transport (RTP), to authenticate users (RADIUS, DIAMETER), to provide directories (LDAP), to be able to guarantee voice quality
(RSVP, YESSIR) and to inter-work with today's telephone
network, many ITU standards
18
H.323 and H.248 H.323 (ITU standard to allow telephones, on
the public telephone network, to talk to computers, connected to Internet) used for local area networks (LANs), but
was not capable of scaling to larger public networks.
H.248 also called MEGACO: Media Gateway Control Protocol (Megaco) ---
the name used by IETF H.248 – the name used by ITU-T Study Group
16
19
H.248/MEGACO MEGACO: a standard protocol for handling
the signaling and session management needed during a multimedia conference.
defines a means of communication between a media gateway, which converts data from the format required for a circuit-switched network to that required for a packet-switched network, and the media gateway controller.
References: 1.RFC 3015 2. http:// searchnetworking.techtarget.com
/ sDefinition/0,,sid7_ gci817224,00.html as of 12th Oct 2006
20
Stream Control Transmission Protocol (SCTP) SCTP: a reliable transport protocol operating on top of
IP. It offers acknowledged error-free non-duplicated
transfer of datagrams (messages). Detection of
data corruption, loss of data and duplication of data
is achieved by using checksums and sequence numbers. A selective retransmission mechanism is applied to correct loss or corruption of data.
21
Difference between SCTP and TCP difference with to TCP: multihoming and
the concept of several streams within a connection. Where in TCP a stream is referred to as a sequence of bytes, an SCTP stream represents a sequence of messages (and these may be very short or long).
References: 1. SCTP for beginners http://tdrwww.exp-math.uni-essen.de/inhalt/forschung/sctp_fb/index.html as of Oct 12/2006
2. http://www.sctp.org/ 3. RFC2960
22
DNP3 Protocols define the rules by which devices talk with each
other.
DNP3 is a protocol for transmission of data from point A to point B using serial and IP communications.
used primarily by utilities such as the electric and water companies for SCADA (Supervisory Control and Data Acquisition) applications.
provides rules for remotely located computers (at sub-stations) and master station computers (at operations center) to communicate data and control commands.
23
Server (or Sessions) Message Block (SMB):
A File-sharing protocol Windows (95, 98, NT), OS/2 and Linux
machines (running SAMBA): use SMB
Developed jointly by MS, IBM and Intel SMB: provides a method for client
applications on a computer to read and to ‘write to’: files on
servers in the network to request services from servers in the
network
24
SMB
SMB: can be used over the Internet (through the TCP/IP protocol)
or over the local network (through the
IPX and the NetBEUI/ NetBIOS protocols);
SMB: Windows equivalent to Sun's Network File System (NFS).
25
Ports used by SMB on TCP/IP UDP/137 is used for name resolution and
registration UDP/138 is used for browsing TCP/139 is used for the main file and
print sharing transactions Windows 2000 and XP: port 445 (In/Out):
Allows remote administration and monitoring using Windows Management Instrumentation (WMI).
26
SAMBAReference: Robert Eckstein, David Collier-Brown, and Peter Kelly, Using Samba , O'Reilly and Associates, 1999 "Samba is a suite of Unix applications that
speak the SMB (Server Message Block) protocol.”
Many operating systems, including Windows and OS/2, use SMB to perform client-server networking.
By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. Thus, a Samba-enabled Unix machine can masquerade as a server on your Microsoft network
27
SAMBAReference: Samba-3 by Example by John H. Terpstra http://us1.samba.org/samba/docs/man/Samba-Guide/preface.html#id2504950
an open source software can be run on a platform other than
Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.
uses the TCP/IP protocol that is installed on the host server.
help you implement Windows-compatible file and print services.
28
Using SambaReference: http://www.roseindia.net/linux/tutorial/linux-howto/SMB-HOWTO-2.html
One can use Samba to Share a Linux drive with Windows machines. Access an SMB share with Linux machines. Share a Linux printer with Windows machines. Share a Windows printer with Linux machines. allow a Linux host to interact with a Microsoft
Windows client or server as if the host were a Windows file and print server, when correctly configured.
29
Services offered by a SAMBA enabled UNIX machine Share one or more filesystems Share printers installed on both the server
and its clients Assist clients with Network Neighborhood
browsing Authenticate clients logging onto a
Windows domain Provide or assist with WINS name server
resolutionSamba: the brainchild of Andrew Tridgell, Samba development team, Canberra, Australia.
Reference: http://us1.samba.org/samba/
30
References http://us1.samba.org/samba/docs/Samb
aIntro.html http://www.rxn.com/services/faq/smb/
using_samba/html/ch03_01.htm A DNP3 Protocol Primer at
http://www.dnp.org/About/DNP3%20Primer%20Rev%20A.pdf
How to of networking http://tldp.org/HOWTO/HOWTO-INDEX/networking.html
31
Ports used by Real Time Streaming Protocol (RTSP) TCP/554 (In/Out): Used for accepting
incoming RTSP client connections and for delivering data packets to clients that are streaming by using RTSPT.
UDP/5004 (Out): Used for delivering data packets to clients that are streaming by using RTSPU.
UDP/5005 (In/Out): Used for receiving packet loss information from clients and providing synchronization information to clients that are streaming by using RTSPU.
32
IP – 5 layer DoD model
Layering – 5 layer DoD model
APPLICATION
TRANSPORT
INTERNET
NETWORK INTERFACE
PHYSICAL
33
IP and the Internet Architecture
Application
Presentation
Session
Transport
Network
Data Link
Physical
TCP UDP
IP
Network
Application
OSI Model Internet Architecture
Ethernet, Token Ring, etc.Bridging and switching
Internet addressing, routing
34
Ethernet Frame for ARP packet: Ethernet-type for ARP 080616
CRC
PADDING
IPAdd
TARGET
HA
T
A
R
G
E
T
IPAdd
SENDER
HA
SENDER
OPERATION
PSIZE
HSIZE
HADEST
HASRC
6 6 2 2 1 2
PTYPE
HTYPE
TYPE
2 1 6 4 6 4 18 4ARP message
35
IEEE 802.3 Standard
8 6 6 2 46B – 1500B 4
preambleDest add
Src add type data crc
bits 368-12,000
FRAME
16 bits
CRC – Cyclic Redundancy Check
36
Ethernet parameters
Type – Self-identifying -> e.g. 1. for an ARP message,
type=080616
2. For RARP message, type = 803516
3. For an IP message, type = 080016
37
IP Address Cl- Number of bits in available n/w addresses
ass net-ID host-ID lr-limit Upr-limitA 0 7+ 24 0.0.0.0 127.0.0.0 (1.0.0.0)* (126.0.0.0)*
B 1 0 14+ 16 128.0.0.0 191.255.0.0
C 1 1 0 21+ 8 192.0.0.0 223.255.255.0----------------------------------------------------------------------------------------------------
D 1 1 1 0 m-cast 224.0.0.0 239.255.255.255
(used only as DEST add)
E 1 1 1 1 0 reserved 240.0.0.0 255.255.255.254
* After taking into account the addresses Reserved for SPECIAL cases.
Host idNet id
38
IP Addresses (contd)
Class Max no of N/W Max no. of Hosts
A 126 networks with 16m hosts each (27-2) (224-2=16,777,214)
B 16384 networks with 64 k hosts each (64*256)=(214) (216-2=65,534)
C 2,097,152 254 (32*256*256)= (221) (28-2=254)
39
Addresses per class
Class No. of Addresses %ageA 231=2,147,483,648 50B 230=1,073,741,824 25C 229= 536,870,912 12.5D 228= 268,435,456 6.25E 228= 268,435,456
6.25
40
Special IP addresses
Net-id host-id Type PurposeAll zeroes all zeroes this comp on this n/w bootstrap (SRC add
only) specific all zeroes this n/w identifies a n/w (cant be a SRC/DST add) specific all ones directed broadcast on a specific netAll ones all ones limited broadcast to on the local net
CLASS E(Blocked by Router) all hosts on this n/w 127 any loop-back testing (Blocked by Machine)All zeroes specific specific host on this n/w(Blocked by Router) (DEST address only)127.x.y.z : loop-back address,not a n/w address. DEST add only.
Message does not leave the machine.
41
Special Multicast cases -
Categories : 224.0.0.xe.g. All Routers which use a
particular category. Conferencing : 224.0.1.x
42
Free IP addresses for Intranets
Private internets : Class net-id no. of nets A 10.0.0.0 1 B 172.16.0.0 to 172.31.0.0 16 C 192.68.0.0 to 192.68.255.0 256
43
Conventions for IP addressing
From the study of special IP addresses: Net-id cannot begin with 127 First octet cannot be 255 in a net-id First octet cannot be 0 in a net id
Group computers by Types / departmets Address Routers starting with Low numbers and Hosts starting with High numbers
44
IP Address Cl- Number of bits in available n/w addresses
ass net-ID host-ID lr-limit Upr-limitA 0 7+ 24 0.0.0.0 127.0.0.0 (1.0.0.0)* (126.0.0.0)*
B 1 0 14+ 16 128.0.0.0 191.255.0.0
C 1 1 0 21+ 8 192.0.0.0 223.255.255.0----------------------------------------------------------------------------------------------------
D 1 1 1 0 m-cast 224.0.0.0 239.255.255.255
(used only as DEST add)
E 1 1 1 1 reserved 240.0.0.0 255.255.255.254
* After taking into account the addresses Reserved for SPECIAL cases.
Host idNet id
45
VERS Version of IP PROTOCOL
HLEN LENGTH of HEADER in 32 bit words
0
46
VERS version of IP 4HLEN length of header in 32 bit words
TYPE OF SERVICE 0 1 2 3 4 5 6 7
D: Minimize delay R: Maximize ReliabilityT: Maximize throughput C: Minimize Cost
PRECEDENCE 0 for Normal : : 7 for Network Control
PRECEDENCE D T R C Unused
47
Precedence and TOS bits
Precedence (3 bits ): 000 lowest priority 111 highest priority (The highest priority may be accorded to
the network management messages) If a Router is congested, it may discard
messages of lower precedence. This is not a required field in Ver.4.
TOS bits: Only one bit ( out of 4 ) can be set at a time.
48
There are 5 types of services: 0000 Normal 0001 Minimize Cost 0010 Maximize reliability 0100 Maximize throughput 1000 Minimize delay
Background activities need minimum costs. Activities that send bulk data require maximum
throughput
49
Management activities require maximum reliability.
Activities requiring immediate attention, activities requiring immediate response and
Control/Command messages like Remote Login commands
require minimum of delay IP v4 does not guarantee the TOS requested
by a host.
50
PROTOCOL
Informs about the Protocol used by the Upper Layer; tells us about the nature of data
Value of Protocol field in IP datagram: PROTOCOL VALUE ICMP 1 IGMP 2 IP in IP 4 TCP 6 EGP 8 UDP 17 IP v6 41 OS PF 89
51
ARP message format - Variable length fields(28 octets for Ethernet)
0 8 16 3124
Hardware type
HLEN
Target HA ( 0ctets 2 - 5 )
Sender HA (0ctets 4-5)
Sender HA (Octets 0-3)
Operation
Protocol type
PLEN
Sender IP (0ctets 0-1)
Sender IP (0ctets 2-3) Target HA (0ctets 0-1)
Target IP ( 0ctets 0 - 3 )
52
ARP message format - Variable length fields(28 octets for Ethernet)
0 8 16 3124
Hardware type
HLEN
Target HA ( 0ctets 2 - 5 )
Sender HA (0ctets 4-5)
Sender HA (Octets 0-3)
Operation
Protocol type
PLEN
Sender IP (0ctets 0-1)
Sender IP (0ctets 2-3) Target HA (0ctets 0-1)
Target IP ( 0ctets 0 - 3 )
53
ARP parameters
Hardware type 1 for Ethernet Protocol type 080016 for IP HLEN & PLEN – length of hardware
and protocol addresses in octets. Operation – ARP request 1 ARP response 2 RARP request 3 RARP response 4
54
TCP Segment: Format
(16 bits)
(32 bits)
(32 bits)
(6 bits)(16 bits)
(16 bits) (16 bits)
(if any)
(16 bits)
(6 bits)(4 bits)
^
u
The Header is of 20-60 bytes in size.
55
TCP Segment: Format (continued) Bit
(left to right)
Meaning
(if bit set to 1)
URG Urgent pointer field is valid
ACK Acknowledgement field is valid
PSH This segment requests a Push
RST Reset the Connection
SYN Synchronize Sequence Numbers (for initiating a connection)
FIN Sender has reached the end of its byte stream (for closing the connection)
Normally, out of the last 4 flags, only one may be ON at a time.
56
UDP Format
57
The PSEUDO - HEADER
PSEUDO - HEADER
58
Addressing in IPv6 128 bit addresses Dotted decimal notation, used for v4 is inappropriate
for v6. (Instead of 4, there would be 16 parts, if the same method were used to represent the addresses.)
Colon Hexadecimal notation used for represention. Ex: 21AC:00C5:3D2C:8F23:AABC:0000:89CF:8C70
64 bits for subnet and 64 bits for host. 232 = 4,294,967,296 2128 = 340,282,366,920,938,463,463,374,607,431,768,211,456Surface area of earth = 197399,019 sq. miles = 511,263,971,197,990 sq. metresSo there are 665,570,793,348,866,943,898,599 addresses per sq
m
59
Simplified Representation Simplification:
Suppress leading zeros in every 16-bit block;
Ex: Thus 00C5 may be written as C5. Compress one single contiguous
sequence of blocks of 16-bit zeros. Replace it by a double colon.
Thus the sixth block of 16 zeros may be replaced by ::.
But usable only once in a given address.
60
Types of addresses in v6 Unicast RFC 2373: multiple interfaces of a host can use
the same address, if the multiple interfaces look to be a single interface to IPv6 implementation.
Multicast No separate broadcast addresses. Broadcast
addresses are managed as multicast addresses only.
Anycast delivers messages of a multicast group to the nearest member of the group
61
Notes on v6 addressing IPv6: designed for efficient, hierarchical addressing
and routing Reserved addresses:0:0:0:0:0:0:0:0 or :: indicates absence of address;
used as a source address only; not assigned to any interface
0:0:0:0:0:0:0:1 Loopback address (like 127.x.y.z in v4) IPv4 compatible addresses: Mixed notation:0:0:0:0:0:0:w.x.y.z or ::w.x.y.zwhere w.x.y.z is an IPv4 address.For v6 and v4 to co-exist and for messages to go over
a mix of v6 and v4 infrastructure, the compatibility problem has been specified in RFCs
62
IPv6 versus IPv4some aspects
63
IPv6 and IPv4IPv6 A fixed length header of 40 bytes (20 bytes <= v4 header length =<60 bytes) Additional headers for fragmentation and
options Five (HLEN, Identification, Flags, Fragment
Offset and Header Checksum ) fields removed No of fields = 8 in v6 (v4: 12 fields (excluding Options)) Source and destination addresses:
of 16 bytes each in v6 and of 4 bytes each in v4
64
Processing at routers v6 packets vs. v4 packets
IPv6 No verification and recalculation of
header checksum No fragmentation required No processing of options, which
are not intended for routers
65
Some new field names in v6 Traffic Class in place of Type of Service in v4 Payload Length (including the length of
extension headers and higher level protocol data unit (PDU))
in place of Total Length in v4 Hop Limit in place of TTL in v4 Next Header in place of Protocol in v4
66
Class D and E in v4 Multicast in v6 CLASS E: Addresses from 240.0.0.0 to
255.255.255.254 reserved for experimental purposes.
If a node should use one of these addresses on the Internet, it may fail to communicate properly.
limited broadcast address: 255.255.255.255 for a broadcast on the local network.
Addresses from 255.0.0.0 to 255.255.255.255: reserved by IP for broadcast. Hence these addresses may not be considered part of Class E.
Class D: Addresses from 224.0.0.0 to 239.255.255.255: used for multicast.
Can be used only as a Destination address.Both Class D and Class E addresses: Not to be used as
addresses of ordinary nodes on the Internet.
67
Format Prefix (FP) for v6 addresses FP of aggregatable global unicast addresses (similar to public IP addresses in v4): 001 designed to support efficient hierarchical routing.The Aggregatable Global Unicast addresses are 1/8th of the
total v6 address space. It can assign 137,438,953,472 distinct sites.
Compare with FP of Link-local Unicast addresses: 1111 1110 10 FP of Site-local Unicast addresses: 1111 1110 11 Format Prefix (FP) for Multicast Addresses: 1111 1111
68
Multicast for v6 Flag: 0001 a transient group; 0000 a
permanent group, with Group identity assigned by ICANN
Scope: 1 node-local: packets never leave the node 2 link-local: packets never forwarded by routers 5 site-local: packets never leave the site 8 org-local: packets never leave the organization
(handled by routing protocols) E global
FF16bit
s
Flag4bits
Scope4bits
Group ID112bits
69
Multicast Addresses All nodes address: addresses all nodes on the local
network: ff02::1 All routers address: addresses all routers on the
local network: ff02::2 Solicited-Node address: replacement for ARP: Every
node with v6 address listens at its own IP address. If the last 24 bits of its address are xyzwpq, it also
listens at ff02::1:ffxy:zwpqFor nodes on the local net, if it is assumed that the last24 bits of the IP address are the same, this may be areplacement for ARP, as a datagram with a destination address offf02::1:ffxy:zwpq will be received by every node on thelocal net.
70
ROUTING
71
Am An
N1 : 137.108.0.0
131.108.22.177
131.108.154.88
R1
131.108.0.1
78.0.0.1N2 : 78.0.0.0
B2
78.0.0.3
R3
R2
78.0.0.2
N3
223.240.129.1
N4 : 223.240.129.0Dn
223.240.129.254
A small part of internet
155.126.0.0
155.126.0.2
155.126.0.1
131.108.0.2
223.240.129.2
72
Jobs of a Router: ----Decrement TTL.
----Recompute the checksum.----Extract the netid & find out if the datagram can be delivered directly or find the next Hop address.
----send the datagram ahead after updating the IP header
It may also perform fragmentation, if required.Routing Tables: SPECIAL ROUTES :
Default route Host specific route
73
ROUTING TABLEFLAGS: U: The route is up H: Specifies whether destination
address is the address of a n/w or that of a host.
R: Specifies whether the Next Hop is a Router or a directly connected interface.
D: The route was created by a Redirect M: The route was modified by a Redirect
74
Example
75
For R3 Let 223.240.129.9 be the interface X2 and
let 151.100.0.9 be the interface X1.
.FLAGS
MASK DESTINATION
NEXTHOP
INTER-FACE
U 255.255.0.0 151.100.0.0 DirectDelivery
X1
U 255.255.255.0
223.240.129.0 DirectDelivery
X2
UR 255.0.0.0 78.0.0.0 223.240.129.5 X2
UR 255.255.0.0 131.108.0.0 223.240.129.7 X2
UR 255.255.0.0 178.080.0.0 151.100.0.1 X1
76
ARP parameters
Hardware type 1 for Ethernet Protocol type 080016 for IP HLEN & PLEN – length of hardware
and protocol addresses in octets. Operation – ARP request 1 ARP response 2 RARP request 3 RARP response 4
77
ICMP
78
Unreachable Destination
0 8 16 31
Type code checksum
Unused(must be Zero)
IP HEADER + FIRST 64
BITS OF DATAGRAM
79
Example: For an option-less IP datagram, 7 thirty-two bit words will be added after the UNUSED 32 bit field.
TYPE 3 CODE 0 – 15 Routers may not be able to detect
all unreachability errors . The sender may have no control
over the machines(s) causing the error.
80
TYPE 3 DESTINATION UNREACHABLE
CODE MEANING Message Generated by
0 Network U R 1 Host U/subnet
U R
2 Protocol U H 3 Port U H 4 Fragmentatio
n Required and DF bit set
R/H
81
Exception in Format for Code 4: A Router may place, in the low-
order 16 bits of the UNUSED 32-bit field, the MTU of its outgoing interface
82
8 CODE MEANING Message Generated by
5 Source Route Failed
-
6 Destination N/W unknown
R
7 Destination Host unknown
R
8 The source host isolated
9 Communication with n/w prohibited
R
10 Communication with HOST prohibited
R
83
CODE MEANING Message Generated by
11 N/w U for T OS R
12 Host U for T OS R 13 A Filter put on the
destination hostH
14 Requested precedence is not permitted for the destination host.
H
15 Dest Host precedence higher than the precedence specified in the datagram
H
84
CONGESTION AND FLOW CONTROL
Source Quench type 4 same Format
Code 0 as that for the Unreachable Destination case.
Routers send one Source Quench message for every datagram they discard. IP has no flow control Routers and (destination) host have a limited
buffer size
85
A source Quench message means a datagram has been discarded warns the source
The sources has no clue when the congestion ends. It should reduce the rate as long as long it
continues to receive the SQ messages Then it may gradually increase the rate as
long as no SQ message is received.The above decision has a validity if congestion is
caused by one-to-one communication, and not by many-to-one communication. In the later case, the SQ message my even go to the slowest source.
86
Time Exceeded Error Message
When a Router discards a datagram because TTL has reached zero or Reassembly timer timed out, while waiting for
fragments of a datagram,
the message format same as that of the Unreachable Destination case
TYPE 11 CODE 0 TTL exceeded or 1 Reassembly timer timed out.
87
Parameter Problem
OTHER Problems When a datagram has to be
discarded, because some header fields are incorrect, a parameter problem message is sent to the Sender.
0 8 16 31
Type code checksum
pointer Unused(must be Zero)
IP HEADER + FIRST 64
BITS OF DATAGRAM
88
TYPE 12 CODE 0 Pointer points to the octet in the
datagram header, which caused the problem.
89
Missing Option
To Report a Missing Option: Nearly the above format is used to
report a missing option, which is required. The only changes are:
code 1 (type remains 12) Pointer is not there. Instead
unused is extended to 32 bits
90
Redirect Request
Route change Request from Routers
Redirect: Routers: assumed to know correct
routes. Host begins with a small routing table.
(It is initialized using a system configuration file at system startup.)
Then the Host learns about new Routes from Routers.
91
Redirect Request (Contd.)
0 8 16 31
Type code checksum
Routers Internet Address 32 bits
Internet Header + first
64 BITS OF DATAGRAM
92
Redirect Request (Contd.) TYPE 5 CODE 0 to 3 Router Internet address is the address of the
Router that the host is to use to reach the destination in the header.
0 is not used now.
TYPE REDIRECT 1 Redirect for the
Host 2 Redirect for the NET
and TOS
3 Redirect for the HOST and TOS
93
ECHO REQUEST AND REPLY
0 8 16 31
Type code checksum
Identifier 16 bits Sequence No 16 bits
Optional data
94
Type 8 ( REQUEST) OR 0 (REPLY) CODE 0
Identifier and Seq No: To match replies to requests
An Identifier may define a class of messages. The sequence number specifies a particular message of the class.
95
Optional data: If it is sent in the Request, the Reply
contains exactly the same data
Ping sends a series of echo requests with specified length of data and interval between requests. It provides statistical data about datagram loss and Transit Time.
96
Transit Time Estimation and Clock Synchronization
0 8 16 31
Type code checksum
Identifier 16 bits Sequence No 16 bits
ORIGINATE TIME STAMP
RECEIVE TIME STAMP
TRANSMIT TIME STAMP
97
TYPE 13 (REQUEST) OR 14 (REPLY) CODE 0
Originate time stamp Filled in by the sender Just Before the datagram is send
Receive Timestamp Filled in by the receiver Immediately upon receipt of the
Request
98
Transmit Timestamp Filled by the ‘receiver’ before the Reply is
transmitted Time is in ms starting from midnight at
universal time prime maridian. The largest number that can be
accommodated is 2 32 - 1 = 4, 294, 967, 295
During a day , the number of milliseconds is 24 X 60 X 60 X 1000 = 86, 400, 000
If a system uses a nonstandard timestamp(ie if it does not provide ms after UTC midnight), it turns on the highest-order bit of the 32-bit time stamp.
99
EXAMPLE: ORIGINATE Timestamp = 1285 RECEIVE Timestamp = 1299 Transmit Timestamp = 1300 The message is received back at 1307 Time taken for forward path = 1299 – 1285 =
14ms Time taken for return path = 1307 – 1300 = 7ms Round Trip time (RTT) = 21 ms Difference in the clock = 1299 – (1285 + RTT/
2) = 3.5 ms DISADVANTAGE: It does not specify the date.
100
TCP Segment: Format (continued)
•Checksum is calculated by:(I) Using TCP Header;(II) Using Pseudo-Header;(III) Using the Data.
•At the Receiver-end, the IP layer passes the segment and the two IP addresses to the TCP software for processing. •The pseudo-Header
(32 bits)
(32 bits)
(8 bits) (8 bits) (16 bits)
101
TCP Segment: Format (continued)
• Protocol: For IP datagrams carrying TCP, the value is 6
• TCP Length (in octets): Specifies the total length of the TCP segment including the TCP header.
• Urgent Pointer: When URG bit is set, it defines the number that
must be added to the SEQUENCE NUMBER to obtain the number of the last urgent byte in the data section of the segment.
102
TCP OPTIONS
• Every option has an 8 bit KIND field. • The format of an option can be of two types:
• Type 1: A Single Octet of KIND • Type 2: An Octet of KIND + an octet of
field OPTION - LENGTH + Option - Data octets.
• OPTION - LENGTH counts the two octets of KIND and OPTION - LENGTH as well as the Data octets.
• All options are included in the Checksum.
103
TCP OPTIONS (continued)
•An 8-bit KIND field is always the first field in an Option and is the only field in Single Byte Options.
104
TCP OPTIONS (continued)
A few options are as follows: KIND Length Meaning
(I) 0 - End of options list
(II) 1 - No Operation
(III) 2 4 Maximum Segment Size
(IV) 3 3 Window Scale Factor
(V) 8 10 Timestamp for Round Trip Time Measurement
105
TCP OPTIONS (continued)
(I) End-of-Options: Used at the end of ALL options; to be used onlyif the end of options does not make the TOTAL
number of ALL option bits a multiple of 32. (Shown as ZEROS in the figure of segment
format) End of Options means:
1. No more Options in the Header. 2. The remainder of the 32 bit word is garbage. 3. Data starts at the beginning of the next 32 bit
word.
106
TCP OPTIONS (continued)
(II) No Operation: May be used BETWEEN options if it is desired to
align the beginning of the next option at a (16-bit) word boundary.
0 0 0 0 0 0 0 1
107
TCP OPTIONS (continued)
(III)Max Segment Size:• Performance of the network can be poor for either
extremely large or extremely small sizes. • If the two end-points lie on the same physical
network, the maximum segment size may be equal to the Network MTU. Or the maximum data size may be the default size of IP datagram(576) minus the size of the IP and TCP Headers.
• The option is used along with SYN=1 at start.
108
TCP OPTIONS (continued)
• Format of MSS Option:
KIND 8 bits LENGTH 8 bits
MAX SEG SIZE 16 bits
KIND = 2 LENGTH = 4
109
TCP OPTIONS (continued)
(IV) Window Scale Factor:
•Actual Window size = (Window size in header)* 2Scale factor •In 8 bits a value of up to 255 can be there. But TCP/IP allows a MAX VALUE of 16 .•Window Scale Factor is fixed during connection set-up phase only.•During data transfer, the size of specified window may change. But it is always multiplied by the same scale factor.
110
TCP OPTIONS: Window Scale Factor continued
KIND
8bits
LENGTH = 3,
Kind =3
LENGTH
8bits
SCALE FACTOR
8bits
111
TCP OPTIONS (continued)
(V) TIMESTAMP Option:
•TS Value: Current Clock time of the TCP sending the option •TS Echo: Valid only if ACK bit is sent. It echoes the TS value sent by the remote TCP. Otherwise its value must be zero. KIND = 8; LENGTH = 10.
112
TCP OPTIONS (continued)
(V) TIMESTAMP Option (continued):
•To confirm availability of TS option: A TCP may send TS Option in the SYN segment. It may send TS option in other segments only if it receives a TS Option in SYN segment.
•Format:Kind (8 bits) Length (8 bits)
TS Value (32 bits)
TS Echo (32 bits)
113
Establishing a Connection (continued)
•Thus let ISN at the sending end = X ISN at the receiving end = Y
Segment1
Segment2
Segment3
Figure Establishing the Connection
114
Closing a TCP connection (continued)
Segment 1
Segment 2
Segment 3
Segment 4REC ACK
REC ACK
Application Closes
Send FIN, SEQ=P
Active Close Passive Close
SENDERA
RECEIVER BREC FIN
Inform Application by delivering EOF
SEND ACK=P+1
Application Closes connection
Send FIN, SEQ=Q, ACK=P+1REC FIN + ACK
Inform Application by delivering EOF, Time-Wait
SEND ACK=Q+1
Fig: Closing the Connection