Networks and TCP/IPTransport ProtocolsTCPTCP – Transmission Control ProtocolSlide 5TCP HeaderUDP HeaderPorts – What and Why are They?PortsCommon PortsHandy ToolsPingSlide 13Ping – Windows exampleTrace RouteTrace Route ExamplesSlide 17Hardware SupportHub, Switch, Router, Bridge, Repeater?HubSwitchRouterGatewayBridgeProxy ServerCaching Proxy ServerWeb ProxyAnonymizing Proxy ServerHostile ProxyIntercepting Proxy ServerTransparent and Non-transparent Proxy ServersForce ProxyOpen Proxy ServerSplit Proxy ServerReverse Proxy ServerNATNetworks and TCP/IPPart 2Transport ProtocolsTCP vs. UDPTCPTransmission Control ProtocolMore complicatedEnsures deliveryUDPUser Datagram ProtocolSimpler protocolDelivery not guaranteedOthersDCCPDatagram Congestion Control ProtocolSCTPStream Control Transmission ProtocolTCPTransmission Control ProtocolTCP – Transmission Control ProtocolHow data is transmitted between addressesData broken into packetsNumberedEach packet sent most “practical” way at that momentTrafficFailuresEtc.Reassembled at destinationTCPTCP adds a great deal of functionality to the IP service it is layered over: Streams. TCP data is organized as a stream of bytes, much like a file. The datagram nature of the network is concealed. A mechanism (the Urgent Pointer) exists to let out-of-band data be specially flagged. Reliable delivery. Sequence numbers are used to coordinate which data has been transmitted and received. TCP will arrange for retransmission if it determines that data has been lost. Network adaptation. TCP will dynamically learn the delay characteristics of a network and adjust its operation to maximize throughput without overloading the network. Flow control. TCP manages data buffers, and coordinates traffic so its buffers will never overflow. Fast senders will be stopped periodically to keep up with slower receivers.TCP Header TCP Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Acknowledgment Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Checksum | Urgent Pointer | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Options | Padding | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+UDP Header 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 2 3 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Source Port | Destination Port | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Length | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Data... +-+-+-+-+-+-+-+-+-+-+-+-+-Ports – What and Why are They?Typically:There is only one network access point to the internetMultiple systems and programs want to access the internetHow do programs and systems keep their conversations straight?PortsAn extra fieldAdded to the end of the IP address16 bits 65536 valuesE.g. 192.168.1.2:8080Denotes which applicationNot all transport layers use portsTCP and UPD doICMP does notCommon PortsPort # CommonProtocol Service Port # CommonProtocol Service 7 TCP echo 80 TCP http 9 TCP discard 110 TCP pop3 13 TCP daytime 111 TCP sunrpc 19 TCP chargen 119 TCP nntp 20 TCP ftp-control 123 UDP ntp 21 TCP ftp-data 137 UDP netbios-ns 23 TCP telnet 138 UDP netbios-dgm 25 TCP smtp 139 TCP netbios-ssn 37 UDP time 143 TCP imap 43 TCP whois 161 UDP snmp 53 TCP/UDP dns 162 UDP snmp-trap 67 UDP bootps 179 TCP bgp 68 UDP bootpc 443 TCP https (http/ssl) 69 UDP tftp 520 UDP rip 70 TCP gopher 1080 TCP socks 79 TCP finger 33434 UDP tracerouteHandy ToolsPingAnswers the age old question: Is anybody out there?To use:ping 152.15.95.88Returns if found:Reply from 152.15.95.88: bytes=32 time<1ms TTL=63Confirms addressBytes sentHow long it tookTime To LiveIf not found:Request timed outCaution:Some systems will ping forever until command is terminated with something like a Ctrl-CLinux, Unix, Mac OSSome systems will not echo failed pings until command is terminatedPingMany sites will no longer answer a ping requestUses echo requestWorry it can be used by worms for reconnaissanceCan be used for DDoS attacksPing – Windows exampleExecuted: ping ctc.netNote the address can be an IP address or a DNS nameReplied it was pinging 166.82.1.97Time it took to echo (23-36 ms)TTL (Time To Live) of 122How many hops left before packet expiresRecommended default starting TTL is now 64Can be up to 255 Different systems have different defaultsC:\>ping ctc.netPinging ctc.net [166.82.1.97] with 32 bytes of data:Reply from 166.82.1.97: bytes=32 time=24ms TTL=122Reply from 166.82.1.97: bytes=32 time=23ms TTL=122Reply from 166.82.1.97: bytes=32 time=23ms TTL=122Reply from 166.82.1.97: bytes=32 time=36ms TTL=122Ping statistics for 166.82.1.97: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 23ms, Maximum = 36ms, Average = 26msTrace Route“Pings” and reports the paths takenWindows: tracert [options] target_nameLinux:traceroute [options] hostTrace Route ExamplesC:\>tracert google.comTracing route to google.com
View Full Document