Introduction to TCP/IP

Introduction to TCP/IPIntroduction to TCP/IP

Frank Fang Kuo YuFrank Fang Kuo Yu

2004/02/202004/02/20

AgendaAgenda

TCP/IP Network ArchitectureTCP/IP Network Architecture

Client-Server ModelClient-Server Model

Naming and AddressingNaming and Addressing

TCP/UDP/IP/Ethernet Packet FormatTCP/UDP/IP/Ethernet Packet Format

Application Programming InterfacesApplication Programming Interfaces

Protocol AnalysisProtocol Analysis

Meet the Protocol Family in the Meet the Protocol Family in the InternetInternet

TCPUDP

IP

SNMP

ping

tracert

IPsec

Mobile IP ARP

RARPPPP

DNS

telnetftp

IP QoS

HTTP

IP telephony

IP multicast

BSD socketWinsockJava socket

ICMPIPv4IPv6

SMTP

NTCIP

DHCP

POP3

Ethernet

WAP

GPRS

r-utility

ATM

MIB

WinPcapSLIP

SMS

Internet

internet

intranet

testerdeveloper

administrator

OSPF

BGP MPLSRTP

WWW


Application LayerApplication Layer

Transport LayerTransport Layer

Network LayerNetwork Layer

Link LayerLink Layer

operating-system/computer-architecture independent

LAN/MAN/WAN applicable

physical-medium independent

host host

network network

media media

process process

client-server model

TCP/IP Protocol SuiteTCP/IP Protocol Suite

EthernetEthernet

ARPARP RARPRARP

IPv4IPv4 IPv6IPv6

TCPTCP UDPUDP

ICMPICMP

TelnetTelnetFTPFTPpingping SNMPSNMP TFTPTFTP

Serial lineSerial line

PPPPPP

SMTPSMTP POP3POP3

21 23 11025 69161 portnumber

IPaddress

Key Protocols in Transport/Network Key Protocols in Transport/Network LayersLayers

Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)

a a connection-orientedconnection-oriented, , reliablereliable, , byte-streambyte-stream service service

User Datagram Protocol (UDP)User Datagram Protocol (UDP)

a a connectionlessconnectionless, , unreliableunreliable, , datagramdatagram delivery service delivery service application-aware via port number and UDP checksumapplication-aware via port number and UDP checksum

Internet Protocol (IP)Internet Protocol (IP)

a a connectionlessconnectionless, , unreliableunreliable, , datagramdatagram delivery service delivery service network-aware via routing, fragmentation and network-aware via routing, fragmentation and

reassemblyreassembly

Encapsulation in Protocol Encapsulation in Protocol ProcessingProcessing

ApplicationApplication

TCPTCP

IPIP

EthernetEthernet

fragmentationfragmentationreassemblyreassembly

paddingpadding

Request For Comments Document Request For Comments Document SeriesSeries

http://www.rfc-editor.org/http://www.rfc-editor.org/

http://www.networksorcery.com/enp/default0501.htmhttp://www.networksorcery.com/enp/default0501.htm

TCP and UDP Client-Server TCP and UDP Client-Server ModelModel

DNSDNSclientclient

DNSDNSserverserver

DNS query (www.yahoo.com)DNS query (www.yahoo.com)

DNS response ( 216.109.125.70 )DNS response ( 216.109.125.70 )

( ( UDPUDP 172.18.8.120172.18.8.120 10271027 172.16.2.2172.16.2.2 5353 )),, ,, ,, ,,

172.18.8.120172.18.8.120 172.16.2.2172.16.2.2

( protocol( protocollocallocal

addressaddresslocallocalportport

remoteremoteaddressaddress

remoteremoteportport )),, ,, ,, ,,

well-knownwell-knownDNS port numberDNS port number

ephemeral port numberephemeral port number

32-bit IPv4 address 32-bit IPv4 address

IP Address and TCP/UDP Port IP Address and TCP/UDP Port NumberNumber

Internet Assigned Number AuthorityInternet Assigned Number Authority www.iana.orgwww.iana.org

IP AddressIP Address IPv4IPv4 32-bit dotted-decimal notation32-bit dotted-decimal notation e.g., 192.0.32.67e.g., 192.0.32.67

– the IPv4 address space for private internetsthe IPv4 address space for private internets10.0.0.010.0.0.0 ~ 10.255.255.255~ 10.255.255.255172.16.0.0172.16.0.0 ~ 172.31.255.255~ 172.31.255.255192.168.0.0192.168.0.0 ~ 192.168.255.255 ~ 192.168.255.255

IPv6IPv6 128-bit hexadecimal string128-bit hexadecimal string e.g., e.g., 1080:0:0:0:8:800:200C:417A1080:0:0:0:8:800:200C:417A

TCP/UDP Port NumberTCP/UDP Port Number well known portswell known ports 0 ~ 10230 ~ 1023 registered portsregistered ports 1024 ~ 491511024 ~ 49151 dynamic and/or private portsdynamic and/or private ports 49152 ~ 6553649152 ~ 65536

Host Name, IP Address, Physical Host Name, IP Address, Physical AddressAddress

TCP Connections under TCP Connections under Windows Windows netstatnetstat

show host name and service name

show IP address and port number

TCP Connections under TCP Connections under Linux Linux netstatnetstat

show host name and service name

show IP address and port number

show process id and program name

Protocol Stack and netstatProtocol Stack and netstat

Naming, Addressing, and Packet Naming, Addressing, and Packet FormatFormat

TCP SegmentTCP Segment

UDP DatagramUDP Datagram

IPv4 DatagramIPv4 Datagram

Ethernet FrameEthernet Frame

TCP Segment FormatTCP Segment Format

20 bytes

http://www.iana.org/assignments/port-numbershttp://www.iana.org/assignments/port-numbersC:\WINDOWS\system32\drivers\etc\servicesC:\WINDOWS\system32\drivers\etc\services

UDP Datagram FormatUDP Datagram Format

8 bytes

http://www.iana.org/assignments/port-numbershttp://www.iana.org/assignments/port-numbersC:\WINDOWS\system32\drivers\etc\servicesC:\WINDOWS\system32\drivers\etc\services

IPv4 Datagram FormatIPv4 Datagram Format

20 bytes

http://www.iana.org/assignments/protocol-numbershttp://www.iana.org/assignments/protocol-numbersC:\WINDOWS\system32\drivers\etc\protocolC:\WINDOWS\system32\drivers\etc\protocol

http://www.iana.org/ipaddress/ip-addresses.htmhttp://www.iana.org/ipaddress/ip-addresses.htm

Ethernet Frame FormatEthernet Frame Format

http://www.iana.org/assignments/ethernet-numbershttp://www.iana.org/assignments/ethernet-numbers

Naming, Addressing, and Naming, Addressing, and MappingMapping Mapping from Mapping from Host NameHost Name to to IP addressIP address

DNS ~ Domain Name SystemDNS ~ Domain Name System

e.g., www.yahoo.com e.g., www.yahoo.com 216.109.125.70 216.109.125.70

Mapping from Mapping from IP AddressIP Address to to Ethernet Ethernet AddressAddress

ARP ~ Address Resolution ProtocolARP ~ Address Resolution Protocol

e.g., 172.18.8.254 e.g., 172.18.8.254 00-0a-8a-d9-47-40 00-0a-8a-d9-47-40


libpcap, WinPcaplibpcap, WinPcap

Raw SocketsRaw Sockets

Sockets, WinSock, Java.net, TLI/XTISockets, WinSock, Java.net, TLI/XTI

Application LayerApplication Layer

Transport Transport LayerLayer

Network Network LayerLayer

Link LayerLink Layer

Middleware (RPC, RMI, CORBA, web Middleware (RPC, RMI, CORBA, web service,…), service,…), HTTP/SMTP/POP3/Telephony API, …HTTP/SMTP/POP3/Telephony API, …

Sockets Functions for TCP Sockets Functions for TCP Client/ServerClient/Server

socket ( )socket ( )

bind ( )bind ( )

listen ( )listen ( )

accept ( )accept ( )

read ( )read ( )

write ( )write ( )

read ( )read ( )

close ( )close ( )


connect ( )connect ( )

write ( )write ( )

read ( )read ( )

close ( )close ( )

TCP ServerTCP Server

TCP ClientTCP Client

Connection EstablishmentConnection Establishment

Connection TerminationConnection Termination

requestrequest

replyreply

Sockets Functions for UDP Sockets Functions for UDP Client/ServerClient/Server


bind ( )bind ( )

recvfrom ( )recvfrom ( )

sendto ( )sendto ( )


sendto ( )sendto ( )

recvfrom ( )recvfrom ( )

close ( )close ( )

UDP ServerUDP Server

UDP ClientUDP Client

requestrequest

replyreply


Hardware/Software Protocol Hardware/Software Protocol AnalyzerAnalyzer

Hardware Protocol Analyzer Hardware Protocol Analyzer ~ Agilent, Racal, Rohde & Schwarz ~ Agilent, Racal, Rohde & Schwarz Software Protocol Analyzer Software Protocol Analyzer ~ WinPcap and Ethereal~ WinPcap and Ethereal

WinPcap Protocol AnalyzerWinPcap Protocol Analyzer

http://winpcap.polito.it/http://winpcap.polito.it/ Pcap Pcap ~ packet capture library from Lawrence Berkeley Laboratory~ packet capture library from Lawrence Berkeley Laboratory WinPcap WinPcap ~ packet capture and network analysis for Win32 from ~ packet capture and network analysis for Win32 from

ItalyItaly

Ethereal Protocol AnalyzerEthereal Protocol Analyzer

http://www.ethereal.comhttp://www.ethereal.com

WinPcap/Ethereal Protocol Analyzer WinPcap/Ethereal Protocol Analyzer SetupSetup

Host A

Host B

WinPcap/Ethereal

Ethernet

internet

Host C

WinPcap/Ethereal

(promiscuous mode)

WinPcap Protocol AnalyzerWinPcap Protocol AnalyzerScreen LayoutScreen Layout

Ethereal Protocol AnalyzerEthereal Protocol AnalyzerScreen LayoutScreen Layout

What is “Ping”?What is “Ping”?

a program used to test whether another host is a program used to test whether another host is reachablereachable

““PingPing”” sends sends an ICMP echo request messagean ICMP echo request message to a host and expects to a host and expects an ICMP echo reply an ICMP echo reply messagemessage to be returned. to be returned.

““PingPing”” supports a set of options which can be supports a set of options which can be used by anyone who wants to maintain, used by anyone who wants to maintain, investigate, and hack TCP/IP networks. investigate, and hack TCP/IP networks.

Using “Ping” to Observe Network Using “Ping” to Observe Network TrafficTraffic

ICMP Echo Request and Echo ReplyICMP Echo Request and Echo Reply

ARP Request/Reply and ARP CacheARP Request/Reply and ARP Cache

DNS Query and ResponseDNS Query and Response

IP Fragmentation and the “Don’t IP Fragmentation and the “Don’t Fragment” flagFragment” flag

Ethernet PaddingEthernet Padding

SummarySummary


Client-Server ModelClient-Server Model

Naming and AddressingNaming and Addressing

TCP/UDP/IP/Ethernet Packet FormatTCP/UDP/IP/Ethernet Packet Format



TCPUDP

IP

SNMP

ping

tracert

IPsec

Mobile IP ARP

RARPPPP

DNS

telnetftp

IP QoS

HTTP

IP telephony

IP multicast

BSD socketWinsockJava socket

ICMPIPv4IPv6

SMTP

NTCIP

DHCP

POP3

Ethernet

WAP

GPRS

r-utility

ATM

MIB

WinPcapSLIP

SMS

Internet

internet

intranet

tester

administrator

OSPF

BGP MPLSRTP

WWW

Everything over IPEverything over IP

IP over EverythingIP over Everything

developer

ThanksThanksYouYou

Q & AQ & A

Introduction to TCP/IP

Technology