Packet Protocols - University of Sunderland

volleyballbeginnerNetworking and Communications

Oct 27, 2013 (3 years and 7 months ago)

104 views

Packet Protocols

University of Sunderland

CSEM02

Harry R. Erwin, PhD

Resources


Zwicky, et al., 2000,
Building Internet
Firewalls,
2nd edition, O’Reilly


Tittel, et al., 2004,
CISSP Study Guide,

2nd
edition, SYBEX.

OSI (Seven Layer) Model

Application (7)

Presentation (6)

Session (5)

Transport (4)

Network (3)

Data Link (2)

Physical (1)

Encapsulation

Deencapsulation

OSI Elements

Application (7)

Presentation (6)

Session (5)

Transport (4)

Network (3)

Data Link (2)

Physical (1)

Bits

Frame

Packet or Datagram

Segment

Message

What Does a Packet Look Like?


Onion skins by layer


At each layer, a packet consists of a header
and a body.


The header contains protocol information


The body is the data at that layer.


Higher layers provide data to lower layers


This process is called encapsulation.

Physical Layer


Typical standards include:


EIA/TIA
-
449


X.21


HSSI


SONET


V.24


V.35

Data Link Layer


Typical standards include:


SLIP


PPP


ARP


RARP


L2F


L2TP


PPTP


ISDN

Data Link Protocol Elements


Hardware source and destination addresses
(MAC address in six bytes)


Switches and bridges function at this layer.


Transfer frames

Network Layer


Typical standards include:


ICMP


RIP


OSPF


BGP


IGMP


IP


IPSec


IPX


NAT


SKIP

Network Layer Responsibilities


Routing and delivery information (IP
addresses, e.g.)


Error detection and traffic control


Not
reliable delivery


Handled by routers

Transport Layer


Also known as message layer


Responsible for reliable delivery of
messages.


Typical standards include:


TCP


UDP


SPX


Managed by handshakes

Session Layer


Responsible for establishing, maintaining, and
terminating sessions.


Operates in simplex, half
-
duplex, and full
-
duplex
control modes


Protocols include


SSL


TLS


NFS


SQL


RPC

SYN/ACK Three
-
Way
Handshake


Used to initiate communications sessions


Client sends a SYN packet to the server


Server responds with a SYN/ACK packet


Client then responds with an ACK packet.


To close a session, use FIN, FIN/ACK,
ACK


Can you see the potential for a Denial of
Service attack?

Presentation Layer


Transforms data from/to the formats used
by layers 1
-
5.


Decompression


Encryption


Standards include:


ASCII, EBCDIC, TIFF, JPEG, MPEG,
MIDI, etc.

Applications Layer


Protocols include:


HTTP


FTP


SMTP


TELNET


EDI


POP3


IMAP


SNMP


NNTP


SET

TCP/IP Model

Application (7)

Presentation (6)

Session (5)

Transport (4)

Network (3)

Data Link (2)

Physical (1)

Process Application

Host
-
to
-
Host

Internet

Network Access

OSI

TCP/IP

History of TCP/IP


Prior to OSI (OSI was designed based on
TCP/IP)


The

internet standard


Network access controls physical
transmission; internet, packet transmission;
host
-
to
-
host, message transmission; and
process application, connections.

TCP and UDP


TCP is connection
-
oriented, full duplex, reliable
virtual circuits. Segments are sequenced, allowing
retransmission upon request.


UDP is connectionless, best effort. No error
detection or correction, no sequencing. Fast.


Uses ports (0
-
65535).


Ports 0
-
1023 are the service ports, providing
more
-
or
-
less standard services.


Ports 1024
-
65535 are allocated as needed.

TCP Guarantees

1.
The destination will receive the application data
in the order it was sent.

2.
The destination will receive all the application
data.

3.
The destination will not receive duplicated data.


TCP will drop a connection if it must violate any
of these guarantees.


All you need to do is block the first packet of the
connection.

Network Layer


IP, ICMP, IGMP, and NAT


IP alone does not provide guaranteed packet
delivery or ordering. It must be used with TCP for
that.


ICMP is used for network management and health
monitoring.


IGMP is used for multicasting


NAT (Network Address Translation) is used to
allow private use of IP addresses without colliding
with the public use. Incompatible with IPSec.

Data Link Protocols


TELNET on port 23


FTP on ports 20 and 21


SMTP on port 25


POP3 on port 110


SNMP on port 161


Etc.

TCP/IP/Ethernet Example


At the Ethernet layer, you have a header and
a body


The header contains the Ethernet (or MAC)
address of the local source and local
destination.


Other protocols can be used instead of
Ethernet. See RFC 1149, dated 1 April
1990, which defines the ATP.

IP Layer


Four
interesting

pieces of information:


IP source address (4 bytes)


IP destination address (4 bytes)


IP protocol type (type of packet)


IP options field

usually empty. Used for break
-
in
attempts and network debugging (very rarely).


Header occupies six bytes, followed by the packet
data. Most networks have a length limit, so IP
packets can be subdivided into fragments, each
with a copy of the header.

TCP Layer


Three interesting pieces of information:


TCP source port


TCP destination port


TCP flags


SYN (set in the first and second packets of a connection)


FIN (finish, i.e., close gracefully)


ACK (unset only in the first packet of a connection)


URG (urgent)


PSH (push, i.e., flush buffer)


RST (reset, i.e., close ungracefully, or simply ‘go away’)

IPv6


The internet is running out of IP addresses.


New version of IP to address this and other
problems, including:


Encryption


Cryptographic authentication


Source routing


Dynamic configuration


Implies packet filters will have to be smarter.