TELE3118 extras For week 4
TELE3118 extras For week 4. IPv4 header in Wireshark.
Mar 31, 2015
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
TELE3118 extrasFor week 4
IPv4 header in Wireshark
3
Assigning IP addresses
• Need enough host bits to identify all host & router interfaces + .0 and broadcast– e.g. 200 hosts + 1 router + 2 =
203 => /24
• Can pinch spare addresses– e.g. /30 from /24 for interfaces
between routers
223.1.1.1
223.1.1.3
223.1.1.4
223.1.2.2223.1.2.1
223.1.2.6
223.1.3.2223.1.3.1
223.1.3.27
223.1.1.2
223.1.7.2
223.1.7.1223.1.8.2223.1.8.1
223.1.9.1
223.1.9.2
Figure based on one from Kurose and Ross
4
Passage of a packetEach node• has 2 addresses: link + network• knows mask (255.0) & default routerEach packet has 4 addresses:
(source+dest)*(network+link†)A to B:1. A: Net prefix length => B is local2. A: Lookup B.link (by ARP)3. Transmit (AA,BB,1.1,1.2)4. B: BB=mine =>receive5. R: BBmine => ignore
A to F:6. A: Net prefix length => F is external, via router R7. A: Transmit (AA,CC,1.1,2.3)8. R: CC=mine => receive & pass to IP
– 2.3 on interface 2.1 & local– lookup 2.3’s link address (through ARP if not already stored)– transmit (DD,FF,1.1,2.3)
Note: Link addresses change for each hop
A B E F
RAA BB
CCEE FF
DD
1.1 1.2
1.3
2.2 2.3
2.1
† link layer “destination” is where the frame is destined on this link, not the link layer address of the final destination.
Slide from Kurose and Ross
6
src: 0.0.0.0, 68 dest:: 255.255.255.255, 67yiaddr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs
DHCP client-server scenarioDHCP server: 223.1.2.5 arriving
client
time
DHCP discover
src : 0.0.0.0, 68 dest.: 255.255.255.255,67yiaddr: 0.0.0.0transaction ID: 654
DHCP offer
src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddr: 223.1.2.4transaction ID: 654Lifetime: 3600 secs
DHCP request
DHCP ACK
src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs
67 = IP protocol number for DHCP servers68 = IP protocol number for DHCP clientsyiaddr = your internet address
Slide from Kurose and Ross
DHCP (BOOTP) in Wireshark
Request retransmitted
ARP in Wireshark
9
IP Fragmentation and ReassemblyID=x
offset=0
fragflag=0
length=4000
ID=x
offset=0
fragflag=1
length=1500
ID=x
offset=1480
fragflag=1
length=1500
ID=x
offset=2960
fragflag=0
length=1040
One large datagram becomesseveral smaller datagrams
Example• 4000 byte
datagram• MTU = 1500
bytes
IP length field includes 20B IP header3980B payload 1480 + 1480 + 10204000B IP packet 1500 + 1500 + 1040
Slide from Kurose and Ross
Fragmentation in Wiresharkping -l 6000Ethernet can carry 1500B data, IP header = 20B => 1480B ICMP/frame6000B = 3x1480 + 1x80
+ 8B ICMP header in first fragment:Frame 10: 8B ICMP header + 1472 ICMP dataFrames 11, 12, 13: 1480B ICMP dataFrame 14: 88B ICMP data
Traceroute in WiresharkTTL (outer, inner)
IPv6 header in Wireshark
Extension material follows
MPLS appearing in Linux traceroute(IP addresses have been removed to save clutter/space. Note route changes)$ traceroute www.ietf.orgtraceroute to www.ietf.org, 30 hops max, 38 byte packets 1 eebu4s2.uwn.unsw.EDU.AU.92.171.149.in-addr.arpa 1.176 ms 0.717 ms 0.454 ms 2 libcr1-po-6.gw.unsw.edu.au 0.657 ms 0.466 ms ombcr1-po-6.gw.unsw.edu.au 0.407 ms 3 unswbr1-te-8-1.gw.unsw.edu.au 0.565 ms unswbr1-te-7-1.gw.unsw.edu.au 0.769 ms 0.894 ms 4 bfw1-ea-1-3053.gw.unsw.edu.au 0.461 ms 0.799 ms 0.639 ms 5 unswbr1-vl-3054.gw.unsw.edu.au 0.749 ms 1.119 ms 0.773 ms 6 tengigabitethernet2-2.er1.unsw.cpe.aarnet.net.au 1.145 ms 1.135 ms 1.077 ms 7 ge-4-1-0.bb1.a.syd.aarnet.net.au 1.206 ms 1.219 ms 1.241 ms 8 ae9.pe2.brwy.nsw.aarnet.net.au 1.252 ms 1.315 ms 1.299 ms 9 xe-0-0-0.bb1.b.sea.aarnet.net.au 143.794 ms 143.774 ms 143.815 ms10 xe-0-6-0-23.r05.sttlwa01.us.bb.gin.ntt.net 152.582 ms 144.315 ms 144.346 ms11 ae-0.level3.sttlwa01.us.bb.gin.ntt.net 143.860 ms 143.665 ms 143.985 ms12 ae-31-51.ebr1.Seattle1.Level3.net 168.354 ms 168.093 ms 168.122 ms MPLS Label=1909 CoS=3 TTL=1 S=013 ae-7-7.ebr2.SanJose1.Level3.net 162.011 ms 162.081 ms 161.907 ms MPLS Label=1174 CoS=3 TTL=1 S=014 ae-92-92.csw4.SanJose1.Level3.net 163.372 ms 163.174 ms ae-72-72.csw2.SanJose1.Level3.net (4.69.153.22) 161.534 ms MPLS Label=1024 CoS=3 TTL=1 S=015 ae-2-70.edge8.SanJose1.Level3.net 161.208 ms 161.290 ms ae-3-80.edge8.SanJose1.Level3.net (4.69.152.148) 185.910 ms16 ASSOCIATION.edge8.SanJose1.Level3.net 168.199 ms 162.042 ms 162.041 ms17 * * *18 * * *19 * * *
How low is IP’s LCD?
Frame formats. (a) Ethernet (DIX). (b) IEEE 802.3.
Ethernet:
Ethernet services vs IP’s needs• Preamble -> Framing: Ethernet knows frame length, but not padding
length => data. IP independently determines length of data. • Addresses: IP can work over point-to-point links without addresses.• Type: 0x0800 = IPv4. but IPv4 checks anyhow with version field.• Checksum: Ethernet protects all data, but IP protects (again) its header &
TCP/UDP protect data.
Figures 4-14 and 5-46 From Tanenbaum & Wetherall
IPv4:
16
NAT: Operation
10.0.0.1
10.0.0.2
10.0.0.3
S: 10.0.0.1, 3345D: 128.119.40.186, 80
1
10.0.0.4
138.76.29.7
1: host 10.0.0.1 sends datagram to 128.119.40, 80
NAT translation tableWAN side addr LAN side addr
138.76.29.7, 5001 10.0.0.1, 3345…… ……
S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4
S: 138.76.29.7, 5001D: 128.119.40.186, 802
2: NAT routerchanges datagramsource addr from10.0.0.1, 3345 to138.76.29.7, 5001,updates table
S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3
3: Reply arrives dest. addr.: 138.76.29.7, 5001
4: NAT routerchanges datagramdest addr from138.76.29.7, 5001 to 10.0.0.1, 3345
Slide from Kurose and Ross
Related Documents
