CSIT 220 (Blum)1 ICMP Based on Chapter 23 in Computer Networks and Internets, Comer.
CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A...
-
Upload
blaise-small -
Category
Documents
-
view
226 -
download
2
Transcript of CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A...
![Page 1: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/1.jpg)
CSIT 220 (Blum) 1
More Ethernet
![Page 2: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/2.jpg)
CSIT 220 (Blum) 2
Sniffer
• A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network. – One does not need new hardware, a standard NIC
can be put into promiscuous mode in which it copies all packets instead of only those sent to it.
• It can be used as a legitimate network management tool, for instance, to troubleshoot network traffic problems.
• It can also be used for stealing information off a network.
![Page 3: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/3.jpg)
CSIT 220 (Blum) 3
Good or Bad
• A sniffer is one of the hacker’s favorite tools. It can be used to intercept all sorts of data not intended to be seen by any but the destination computer. Suppose for instance that password used to log on to some remote site was sent un-encrypted
• A sniffer can be used to determine if network users are sending or receiving packets considered forbidden on the network, e.g. suppose the network administrator outlaws the use of Napster, a sniffer could be used to catch those still using it.
![Page 4: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/4.jpg)
CSIT 220 (Blum) 4
Another NIC slot type
• The PCMCIA (Personal Computer Memory Card International Association) created standards for credit-card sized cards for memory, hard drive or I/O purposes (e.g. a NIC).
• There are different types (I, II and III) having different thicknesses.
![Page 5: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/5.jpg)
CSIT 220 (Blum) 5
PCMCIA website
![Page 6: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/6.jpg)
CSIT 220 (Blum) 6
![Page 7: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/7.jpg)
CSIT 220 (Blum) 7
![Page 8: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/8.jpg)
CSIT 220 (Blum) 8
Some wireless specs
![Page 9: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/9.jpg)
CSIT 220 (Blum) 9
Standards
• IEEE 802.3 are the standards for a wired Ethernet LAN.
• IEEE 802.11 are the standards for a wireless LAN. – Varieties include 802.11a, 802.11b and
802.11g. • They differ in the carrier frequencies and encoding
(modulation schemes). • They also differ in variations on spread spextrum
(frequency hopping) they use.
![Page 10: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/10.jpg)
CSIT 220 (Blum) 10
Frames Revisited
• The data portion of a frame (a.k.a. the payload) may take on many forms (it may be intended for any number of applications) and the receiving computer must know the “type” of data coming in.
• Framing schemes fall into two categories – Explicit (self-identifying): the frame header has a
type field explicitly announcing the type of data. – Implicit (not self-identifying): there is no
information in the header, any data typing required must be contained in the payload itself.
![Page 11: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/11.jpg)
CSIT 220 (Blum) 11
General Frame Format
Frame Header Frame Data Area or Payload
Typically has fixed size
Typically varies in size
![Page 12: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/12.jpg)
CSIT 220 (Blum) 12
Ethernet Frame Format
Number of bytes
Is self-identifying
![Page 13: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/13.jpg)
CSIT 220 (Blum) 13
Ethernet Frame Format (Cont.)
• Preamble: a pattern of 64 1’s and 0’s that ensure that the transmitter and receiver are synchronized (at the bit level and the byte level).
• Destination Address: the receiver’s physical (MAC) address from its NIC card.
• Source Address: the transmitter’s physical (MAC) address (so an acknowledgement can be sent).
![Page 14: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/14.jpg)
CSIT 220 (Blum) 14
Ethernet Frame Format (Cont.)
• Frame Type: two bytes that identify the format/protocol of the data that follows (what application will deal with it).
• Data (Payload): 46 to 1500 bytes of the actual information one wanted to send in the first place.– Lower bound needed to guarantee reduce collisions.
• CRC: A 32-bit cyclic redundancy check to ensure the information was not corrupted during transmission.
![Page 15: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/15.jpg)
CSIT 220 (Blum) 15
Some Ethernet Type Field Values
Value Meaning
0800 Internet IP Version 4
6559 Frame Relay
8008 AT&T Corporation
8014 Silicon Graphics Corporation network games
809B Apple Computer Corp. AppleTalk
80D5 IBM Corporation SNA
![Page 16: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/16.jpg)
CSIT 220 (Blum) 16
Non Self-Identifying Frames
• In protocols that don’t have Data Type fields, there is one of two options – Sender and receiver must agree ahead of
time on the data type. – Sender and receiver must agree to use the
first part of the payload to serve in place of the data type field, to make up for this missing data type in the protocol.
![Page 17: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/17.jpg)
CSIT 220 (Blum) 17
IEEE to the rescue
• The IEEE stepped in and set up a standard way to announce the Type in a protocol that did not have a Type field.
• LLC/SNAP Logical Link Control SubNetwork Attachment Point.
![Page 18: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/18.jpg)
CSIT 220 (Blum) 18
LLC/SNAP
Octet = byte
OUI: Organizationally Unique Identifier
![Page 19: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/19.jpg)
CSIT 220 (Blum) 19
Thick Ethernet Wiring
• Known as Thick Coax, 10Base5 or “yellow cable” (because it was usually yellow in color) about ½” in diameter.
• Not used much any more. • Pro: Less susceptible to interference, so
it can be longer, the 5 in 10Base5 means a “segment” can be up to 500 meters – Segment: the cable measured from end to
end (terminator to terminator)
![Page 20: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/20.jpg)
CSIT 220 (Blum) 20
Thick Ethernet Wiring (Cont.)
• Con: expensive• Con: not flexible, does not bend around
corners easily • Computers connected to Thick Ethernet
bus by transceivers (a transmitter and receiver combined into one unit) – In more modern ways of connecting to an
Ethernet, the transceiver is built into the NIC.
![Page 21: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/21.jpg)
CSIT 220 (Blum) 21
Thick Ethernet Wiring (Cont.)
• Typically part of the transceiver is what is known as a vampire tap, a clamp that “bites” into the wire, providing a connection to the cable but not breaking it. – So one could add computers to the
network without breaking any connections.
![Page 22: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/22.jpg)
CSIT 220 (Blum) 22
The Terminator
• A device attached to the end-points of a bus network or daisy-chain.
• It prevents a signal from reflecting when it reaches the end of the bus.
• “That’s what it does, that’s all it does.”
![Page 23: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/23.jpg)
CSIT 220 (Blum) 23
AUI cable• The cable connecting the transceiver to the
NIC is known as the Attachment Unit Interface cable.
• It has a special 15-pin connector that attaches the AUI cable to the NIC (Ethernet card). – A connector is the part of a cable that plugs into a
port or interface.– Typically categorized as
• Male (containing one or more exposed pins) • Female (containing holes in which the male
connector is inserted)
![Page 24: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/24.jpg)
CSIT 220 (Blum) 24
Thick Ethernet Wiring (Fig. 10.3)
![Page 25: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/25.jpg)
CSIT 220 (Blum) 25
Connection Multiplexor
• A connection multiplexor (many-to-one) is a device used with thick Ethernet to connect a number of computers to one transceiver.
• The device makes it seem as though each computer has its own transceiver.
• The CSMA/CD (Carrier sense multiple access with collision detect) aspect of the protocol treats the signals identically whether the computer’s share a transceiver or not.
![Page 26: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/26.jpg)
CSIT 220 (Blum) 26
Thin Ethernet Wiring
• Known as thin coax cable, 10Base2, or thinnet
• Pro: less expensive than thick• Pro: more flexible than thick• Con: more susceptible to interference
than thick (segment has to be shorter, up to 185m)
• Pro: transceivers are built onto the card
![Page 27: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/27.jpg)
CSIT 220 (Blum) 27
Thin Ethernet Wiring (Cont.)
• Con: while strictly speaking it has the bus topology and one should not have to disconnect the network to add a new computer, the way it is actually wired requires disconnecting the network.
• A T-connector is used in conjunction with a BNC connector.
![Page 28: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/28.jpg)
CSIT 220 (Blum) 28
Thin Ethernet Wiring (Cont.) T connector
Connected to bus Connected
to bus
Connected to computer
![Page 29: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/29.jpg)
CSIT 220 (Blum) 29
Thinnet (Fig. 10.5)
![Page 30: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/30.jpg)
CSIT 220 (Blum) 30
BNC Connector• Short for British Naval Connector or Bayonet Nut
Connector or Bayonet Neill Concelman, the connector used with thin coaxial cable such as the RG-58 A/U cable used with the 10Base-2 Ethernet system.
• A (male) BNC connector is mounted at both ends of a cable.
• The connector has a center pin connected to the cable’s center wire and a metal tube connected to the cable’s outer shield.
• A rotating ring outside the tube locks the cable to any female connector.
![Page 31: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/31.jpg)
CSIT 220 (Blum) 31
BNC Connector (Cont.)
• BNC T-connectors are female devices for connecting two cables to a NIC.
• A BNC barrel connector is used to connect two cables together.
• BNC connectors are sometimes used to connect monitors, which increases the accuracy of the signals sent from the video adapter.
![Page 32: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/32.jpg)
CSIT 220 (Blum) 32
UTP Ethernet Wiring• Uses Unshielded Twisted Pair (twisting
reduces interference but not as well as coaxial cable’s shielding)
• Pro: Even cheaper than thinnet• Pro: More flexible than thinnet• Con: Even more susceptible to interference
than thinnet, a segment can only stretch 100 m
• The T in 10BaseT means twisted
![Page 33: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/33.jpg)
CSIT 220 (Blum) 33
RJ-45
• Registered Jack-45, an eight-wire connector used to connect computers to an Ethernet LAN using UTP wire.
• RJ-45 connectors look similar to the RJ-11 connectors that are used for phones, but they are wider
![Page 34: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/34.jpg)
CSIT 220 (Blum) 34
RJ-45 (LAN) and RJ-11 (phone)
![Page 35: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/35.jpg)
CSIT 220 (Blum) 35
Hub
• A common connection point for devices in a network.
• Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports.
• When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.
![Page 36: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/36.jpg)
CSIT 220 (Blum) 36
Hub (Fig. 10.6)
![Page 37: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/37.jpg)
CSIT 220 (Blum) 37
Segment
• With the introduction of a hub, the definition of segment changes somewhat.
• It is a section of a network that is bounded by bridges, routers, hubs, or switches. (More on that another day.)
• Having multiple segments allows a network to uses more fully the bandwidth it has available (i.e. makes it faster)
![Page 38: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/38.jpg)
CSIT 220 (Blum) 38
Patch panel • A patch panel is a mounted hardware unit
holding a collection of port locations in a network.
• Often the connection goes through a patch panel before getting to the hub.
• Is more permanent than a hub and often higher quality (faster speed, etc.)
• There may be more connections coming into the patch panel than go on to the hub, providing flexibility in which computers belong to the LAN at any one time
![Page 39: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/39.jpg)
CSIT 220 (Blum) 39
Patch panel
![Page 40: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/40.jpg)
CSIT 220 (Blum) 40
Logical Topology
• The Ethernet protocol was designed for a bus topology, but the UTP wiring uses a hub which is part of the star topology
• UTP Ethernet is thus physically a star (has the physical topology of a star) and is logically a bus (has the logical topology of a bus)
![Page 41: CSIT 220 (Blum)1 More Ethernet. CSIT 220 (Blum)2 Sniffer A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network.](https://reader035.fdocuments.us/reader035/viewer/2022062406/56649eaa5503460f94baee3d/html5/thumbnails/41.jpg)
CSIT 220 (Blum) 41
References
• Computer Networks and Internets (Comer)
• Networking for Dummies (Doug Lowe)
• A+ Certification Training Kit (Microsoft)
• http://www.webopedia.com
• http://www.whatis.com