ch01 - Eurotherm Windows Industry

hardsweetlipsNetworking and Communications

Oct 28, 2013 (3 years and 9 months ago)

87 views

INFO 46206

Intrusion Detection and
Prevention

2

Housekeeping



Download this presentation


Course outline


Textbook

Chapter 1

IP Concepts

4

TCP/IP Internet Model


Application Layer: Stream


TCP/UDP: Segments


IP: IP packets (or IP datagrams)


Ethernet: frames

5

Packaging


Encapsulation takes place as data
moves down the protocol stack of the
sender (application
-
> ethernet)


De
-
encapsulation takes place as data
moves up the protocol stack or the
receiver (ethernet
-
> application)


Every protocol header has a specific
header format

6

Packaging

7

Addresses: MAC address


MAC addresses are layer 2 addresses


Locally significant: used for sending frames
between hosts on the SAME LAN/network.


ARP is used to resolve an IP address to a
MAC address


Hardcoded into the NIC


48 bits/6 bytes long. First 3 bytes is the OUI
and the last 3 bytes are random

8

Addresses: IP address


IP addresses are universally significant:
used to communicate between any two
hosts on the Internet


32 bits/4 bytes long


A host can get an IP address using:


Static addressing, or


DHCP

9

Addresses: IP address


IP addresses are divided into classes:


(50%) Class A: 1.x.x.x


126.x.x.x


(25%) Class B: 128.x.x.x


191.x.x.x


(12.5%) Class C: 192.x.x.x


223.x.x.x


(6.25%) Class D: 224.x.x.x


239.x.x.x


Class E: 240.x.x.x


247.x.x.x

10

Addresses: IP address

11

Addresses: Subnet Masks


Used to tell the host where the network
prefix ends and the host id begins


Example: 255.255.255.192 contains 26
1’s followed by 6 0’s. This means the IP
address is made of a 26 bit network
prefix (Network id + subnet id) followed
by a 6
-
bit host id.

12

Addresses: CIDR


CIDR notation is used to summarize several
network entries into one


Reduces size of routing tables


Example:

192.168.4.0 / 24

192.168.5.0 / 24

192.168.6.0 / 24

192.168.7.0 / 24

---------------------

192.168.4.0 / 22


Summarized entry

13

Service Ports


Well known ports: 1
-
1023


Ephemeral (random) ports: >1024


/etc/services file in UNIX


c:
\
WINDOWS
\
system32
\
drivers
\
etc
\
services


Well known ports are used by servers for listening to
incoming connections


Ephemeral ports are used by client to connect to the
well
-
known port of a server


Usually a server listens only for TCP or only for UDP
segments. There are exceptions (like DNS)

14

IP Protocols


TCP is:


Reliable


Connection
-
oriented (ACKs, sequence numbers)


Slower


UDP is:


Unreliable


Connectionless


Faster

15

Domain Name System


Hostnames must be resolved to IP
addresses:


/etc/hosts in Unix


c:
\
WINDOWS
\
system32
\
drivers
\
etc
\
hosts
in Windows


DNS servers

16

17

Routing


DNS is used to resolve hostnames to IP
addresses


ARP is used to resolve IP addresses to MAC
addresses


Routing tables are used to route packets


Routing tables are built using:


Static routing, or


Dynamic routing (RIP, IGRP, OSPF, BGP, …etc)

18

Preparing your laptop


Install Ubuntu on your laptop, or use
VMware Player to run an Ubuntu virtual
machine


Install TCPdump


Install Snort