Networking Overview CS 161 Computer Security Profs Vern Paxson David Wagner TAs John Bethencourt Erika Chin Matthew Finifter Cynthia Sturton Joel Weinberger http inst eecs berkeley edu cs161 Feb 8 2010 1 Focus For Today s Lecture Sufficient background in networking to then explore security issues in next 4 lectures Networking the Internet Complex topic with many facets We will omit concepts details that aren t very securityrelevant We ll mainly look at IP TCP DNS and DHCP Networking is full of abstractions Goal is for you to develop apt mental models analogies ASK questions when things are unclear o but we may skip if not ultimately relevant for security or postpone if question itself is directly about security 2 Key Concept 1 Dumb Network Internet design interior nodes routers have no knowledge of ongoing connections going through them Not how you picture the telephone system works Which internally tracks all of the active voice calls Instead the postal system Each Internet message packet self contained Interior routers look at destination address to forward If you want smarts build it end to end Buys simplicity robustness at the cost of shifting complexity into end systems Today s Internet is full of hacks that violate this 3 Key Concept 2 Layering Internet design is strongly partitioned into layers Each layer relies on services provided by next layer below and provides services to layer above it Analogy Consider structure of an application you ve written and the services each layer relies on provides Code You Write Run Time Library System Calls Device Drivers Voltage Levels Magnetic Domains Fully isolated from user programs 4 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical 5 Layer 1 Physical Layer 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Encoding bits to send them over a single physical link e g patterns of voltage levels photon intensities RF modulation 6 Layer 2 Link Layer 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Framing and transmission of a collection of bits into individual messages sent across a single subnetwork one physical technology Might involve multiple physical links e g modern Ethernet Often technology supports broadcast transmission every node connected to subnet receives 7 Layer 3 Inter Network Layer Bridges multiple subnets to provide end to end internet connectivity between nodes 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Provides global addressing Works across different link technologies Different for each Internet hop 8 Layer 4 Transport Layer End to end communication between processes 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Different services provided TCP reliable byte stream UDP unreliable datagrams 9 Layer 7 Application Layer Communication of whatever you wish 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Can use whatever transport s is convenient Freely structured E g Skype SMTP email HTTP Web Halo BitTorrent 10 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Implemented only at hosts not at interior routers dumb network 11 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Implemented everywhere 12 Hop By Hop vs End to End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 Host B Router 6 Router 7 Host E Router 4 13 Hop By Hop vs End to End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 E g Ethernet Router 3 E g Wi Fi Router 5 Host B Router 6 Router 7 Host E Router 4 Different Physical Link Layers Layers 1 2 14 Hop By Hop vs End to End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 E g HTTP over TCP over IP Host B Router 6 Router 7 Host E Router 4 Same Network Transport Application Layers 3 4 7 Routers ignore Transport Application layers 15 Key Concept 3 Protocols A protocol is an agreement on how to communicate Includes syntax and semantics How a communication is specified structured o Format order messages are sent and received What a communication means o Actions taken when transmitting receiving or timer expires E g asking a question in lecture 1 Raise your hand 2 Wait to be called on 3 Or wait for speaker to pause and vocalize 4 If unrecognized after timeout vocalize w excuse me 16 Example IP Packet Header Network layer layer 3 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Payload IP Internet Protocol 20 byte header IP Best Effort Packet Delivery Routers inspect destination address locate next hop in forwarding table Address unique identifier locator for the receiving host decrements TTL Time To Live field drops packet if 0 Only provides a I ll give it a try delivery service source Packets may be lost Packets may be corrupted Packets may be delivered out of order destination IP network 18 Best Effort is Lame What to do It s the job of our Transport layer 4 protocols to build services our apps need out of IP s modest layer 3 service 1 workhorse TCP Transmission Control Protocol TCP service Connection oriented explicit set up tear down o End hosts processes can have multiple concurrent long lived dialog Reliable in order byte stream delivery o Robust detection retransmission of lost data Congestion control o Dynamic adaptation to network path s capacity o Also adaptation to receiver s ability to absorb data 19 TCP Stream of Bytes Service Host A Byte 80 Byte 3 Byte 2 Byte 1 Byte 0 Hosts don t ever see packet boundaries lost or corrupted packets retransmissions etc Host B Byte 80 Byte 3 Byte 2 Byte 1 Byte 0 20 Best Effort is Lame What to do It s the job of our Transport layer 4 protocols to build services our apps need out of IP s modest layer 3 service 1 workhorse TCP Transmission Control Protocol TCP service Connection oriented explicit set up tear down o End hosts processes can have multiple concurrent long lived dialog Reliable in order byte stream delivery o Robust detection retransmission of lost data Congestion control o Dynamic adaptation to network path s capacity o Also adaptation to receiver s ability to absorb data 21 TCP Header Source port Destination port Sequence number Acknowledgment
View Full Document
Unlocking...