Networking Overview CS 161 Computer Security Prof Vern Paxson TAs Devdatta Akhawe Mobin Javed Matthias Vallentin http inst eecs berkeley edu cs161 February 1 2011 1 Focus For Today s Lecture Sufficient background in networking to then explore security issues in next 3 lectures Networking the Internet Complex topic with many facets We will omit concepts details that aren t very securityrelevant We ll mainly look at IP TCP DNS and DHCP Networking is full of abstractions Goal is for you to develop apt mental models analogies ASK questions when things are unclear o but we may skip if not ultimately relevant for security or postpone if question itself is directly about security 2 Key Concept 1 Protocols A protocol is an agreement on how to communicate Includes syntax and semantics How a communication is specified structured o Format order messages are sent and received What a communication means o Actions taken when transmitting receiving or timer expires E g asking a question in lecture 1 Raise your hand 2 Wait to be called on 3 Or wait for speaker to pause and vocalize 4 If unrecognized after timeout vocalize w excuse me 3 Example IP Packet Header 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Payload IP Internet Protocol 20 byte header Key Concept 2 Dumb Network Original Internet design interior nodes routers have no knowledge of ongoing connections going through them Not how you picture the telephone system works Which internally tracks all of the active voice calls Instead the postal system Each Internet message packet self contained Interior routers look at destination address to forward If you want smarts build it end to end Buys simplicity robustness at the cost of shifting complexity into end systems Today s Internet is full of hacks that violate this 5 Key Concept 3 Layering Internet design is strongly partitioned into layers Each layer relies on services provided by next layer below and provides services to layer above it Analogy Consider structure of an application you ve written and the services each layer relies on provides Code You Write Run Time Library System Calls Device Drivers Voltage Levels Magnetic Domains Fully isolated from user programs 6 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical 7 Layer 1 Physical Layer 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Encoding bits to send them over a single physical link e g patterns of voltage levels photon intensities RF modulation 8 Layer 2 Link Layer 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Framing and transmission of a collection of bits into individual messages sent across a single subnetwork one physical technology Might involve multiple physical links e g modern Ethernet Often technology supports broadcast transmission every node connected to subnet receives 9 Layer 3 Inter Network Layer Bridges multiple subnets to provide end to end internet connectivity between nodes 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Provides global addressing Works across different link technologies Different for each Internet hop 10 Layer 4 Transport Layer End to end communication between processes 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Different services provided TCP reliable byte stream UDP unreliable datagrams 11 Layer 7 Application Layer Communication of whatever you wish 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Can use whatever transport s is convenient Freely structured E g Skype SMTP email HTTP Web Halo BitTorrent 12 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Implemented only at hosts not at interior routers dumb network 13 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Implemented everywhere 14 Internet Layering Protocol Stack 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Same for each Internet hop Different for each Internet hop 15 Hop By Hop vs End to End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 Host B Router 6 Router 7 Host E Router 4 16 Hop By Hop vs End to End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 E g Ethernet Router 3 E g Wi Fi Router 5 Host B Router 6 Router 7 Host E Router 4 Different Physical Link Layers Layers 1 2 17 Hop By Hop vs End to End Layers Host A communicates with Host D Host C Host D Host A Router 1 Router 2 Router 3 Router 5 E g HTTP over TCP over IP Host B Router 6 Router 7 Host E Router 4 Same Network Transport Application Layers 3 4 7 Routers ignore Transport Application layers 18 Layer 3 Inter Network Layer Bridges multiple subnets to provide end to end internet connectivity between nodes 7 Application 4 Transport 3 Inter Network 2 Link 1 Physical Provides global addressing Works across different link technologies 19 IP Packet Structure 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Options if any Payload IP Packet Structure 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Options if any Payload IP Packet Header Fields Version number 4 bits Indicates the version of the IP protocol Necessary to know what other fields to expect Typically 4 for IPv4 and sometimes 6 for IPv6 Header length 4 bits Number of 32 bit words in the header Typically 5 for a 20 byte IPv4 header Can be more when IP options are used Type of Service 8 bits Allow packets to be treated differently based on needs E g low delay for audio high bandwidth for bulk transfer 22 IP Packet Structure 4 bit 8 bit 4 bit Version Header Type of Service Length TOS 3 bit Flags 16 bit Identification 8 bit Time to Live TTL 16 bit Total Length Bytes 8 bit Protocol 13 bit Fragment Offset 16 bit Header Checksum 32 bit Source IP Address 32 bit Destination IP Address Options if any Payload IP Packet
View Full Document
Unlocking...