Packet Protocols University of Sunderland CSEM02 Harry R. Erwin, PhD
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Packet Protocols
University of Sunderland
CSEM02
Harry R. Erwin, PhD
Resources
• Zwicky, et al., 2000, Building Internet Firewalls, 2nd edition, O’Reilly
• Tittel, et al., 2004, CISSP Study Guide, 2nd edition, SYBEX.
OSI (Seven Layer) Model
Application (7)
Presentation (6)
Session (5)
Transport (4)
Network (3)
Data Link (2)
Physical (1)
Encapsulation Deencapsulation
OSI Elements
Application (7)
Presentation (6)
Session (5)
Transport (4)
Network (3)
Data Link (2)
Physical (1) Bits
Frame
Packet or Datagram
Segment
Message
What Does a Packet Look Like?
• Onion skins by layer
• At each layer, a packet consists of a header and a body.
• The header contains protocol information
• The body is the data at that layer.
• Higher layers provide data to lower layers
• This process is called encapsulation.
Physical Layer
• Typical standards include:– EIA/TIA-449– X.21– HSSI– SONET– V.24– V.35
Data Link Layer
• Typical standards include:– SLIP
– PPP
– ARP
– RARP
– L2F
– L2TP
– PPTP
– ISDN
Data Link Protocol Elements
• Hardware source and destination addresses (MAC address in six bytes)
• Switches and bridges function at this layer.
• Transfer frames
Network Layer
• Typical standards include:– ICMP– RIP– OSPF– BGP– IGMP– IP– IPSec– IPX– NAT– SKIP
Network Layer Responsibilities
• Routing and delivery information (IP addresses, e.g.)
• Error detection and traffic control
• Not reliable delivery
• Handled by routers
Transport Layer
• Also known as message layer• Responsible for reliable delivery of
messages.• Typical standards include:
– TCP– UDP– SPX
• Managed by handshakes
Session Layer
• Responsible for establishing, maintaining, and terminating sessions.
• Operates in simplex, half-duplex, and full-duplex control modes
• Protocols include– SSL– TLS– NFS– SQL– RPC
SYN/ACK Three-Way Handshake
• Used to initiate communications sessions• Client sends a SYN packet to the server• Server responds with a SYN/ACK packet• Client then responds with an ACK packet.• To close a session, use FIN, FIN/ACK,
ACK• Can you see the potential for a Denial of
Service attack?
Presentation Layer
• Transforms data from/to the formats used by layers 1-5.
• Decompression
• Encryption
• Standards include:
• ASCII, EBCDIC, TIFF, JPEG, MPEG, MIDI, etc.
Applications Layer
• Protocols include:– HTTP– FTP– SMTP– TELNET– EDI– POP3– IMAP– SNMP– NNTP– SET
TCP/IP Model
Application (7)
Presentation (6)
Session (5)
Transport (4)
Network (3)
Data Link (2)
Physical (1)
Process Application
Host-to-Host
Internet
Network Access
OSI TCP/IP
History of TCP/IP
• Prior to OSI (OSI was designed based on TCP/IP)
• The internet standard
• Network access controls physical transmission; internet, packet transmission; host-to-host, message transmission; and process application, connections.
TCP and UDP
• TCP is connection-oriented, full duplex, reliable virtual circuits. Segments are sequenced, allowing retransmission upon request.
• UDP is connectionless, best effort. No error detection or correction, no sequencing. Fast.
• Uses ports (0-65535).• Ports 0-1023 are the service ports, providing
more-or-less standard services.• Ports 1024-65535 are allocated as needed.
TCP Guarantees
1. The destination will receive the application data in the order it was sent.
2. The destination will receive all the application data.
3. The destination will not receive duplicated data.• TCP will drop a connection if it must violate any
of these guarantees.• All you need to do is block the first packet of the
connection.
Network Layer
• IP, ICMP, IGMP, and NAT• IP alone does not provide guaranteed packet
delivery or ordering. It must be used with TCP for that.
• ICMP is used for network management and health monitoring.
• IGMP is used for multicasting• NAT (Network Address Translation) is used to
allow private use of IP addresses without colliding with the public use. Incompatible with IPSec.
Data Link Protocols
• TELNET on port 23
• FTP on ports 20 and 21
• SMTP on port 25
• POP3 on port 110
• SNMP on port 161
• Etc.
TCP/IP/Ethernet Example
• At the Ethernet layer, you have a header and a body
• The header contains the Ethernet (or MAC) address of the local source and local destination.
• Other protocols can be used instead of Ethernet. See RFC 1149, dated 1 April 1990, which defines the ATP.
IP Layer
• Four interesting pieces of information:– IP source address (4 bytes)– IP destination address (4 bytes)– IP protocol type (type of packet)– IP options field—usually empty. Used for break-in
attempts and network debugging (very rarely).
• Header occupies six bytes, followed by the packet data. Most networks have a length limit, so IP packets can be subdivided into fragments, each with a copy of the header.
TCP Layer
• Three interesting pieces of information:– TCP source port
– TCP destination port
– TCP flags• SYN (set in the first and second packets of a connection)
• FIN (finish, i.e., close gracefully)
• ACK (unset only in the first packet of a connection)
• URG (urgent)
• PSH (push, i.e., flush buffer)
• RST (reset, i.e., close ungracefully, or simply ‘go away’)
IPv6
• The internet is running out of IP addresses.• New version of IP to address this and other
problems, including:– Encryption
– Cryptographic authentication
– Source routing
– Dynamic configuration
• Implies packet filters will have to be smarter.
Related Documents
