Transcript PowerPoint File - Regis University: Academic Web Server for Faculty

CS 468: Advanced UNIX
Class 7
Dr. Jesús Borrego
Regis University
1
scis.regis.edu ● [email protected]
Topics
• IA Lab visit was scheduled for last week;
rescheduled for next week
• Review of Homework 5
• Networking
• Homework 6
• Review for final
• Q&A
2
Networking
•
•
•
•
•
•
•
•
3
Computers connecting to other computers
Computers connecting to the Internet
Network Topologies
Network Devices
Internetworking
Communicating with Users
Data distribution
NFS
Communication model
Source
Transmitter
Transmission System
Communications
Infrastructure
Receiver
Destination
4
OSI Model
Application
Presentation
Session
Transport
Network
Data Link
Physical
5
Internet Protocol Stack
Application
Transport
Network/
Internet
Data Link
Control
Physical
6
OSI vs. IP
Application
Presentation
Application
Session
Transport
Network
Data Link
Physical
7
Transport
Network/
Internet
Data Link
Control
Physical
Ethernet
100 Mbps
Ethernet
switch
institutional
router
to institution’s
ISP
100 Mbps
1 Gbps
100 Mbps
 typically
server
used in companies, universities, etc
▫ 10 Mbps, 100Mbps, 1Gbps, 10Gbps Ethernet
▫ today, end systems typically connect into Ethernet
switch
8
Bridges
• Connects separate networks
▫ One Ethernet network to another one
▫ “Bridges” two network segments together
▫ Makes it appear as if the two segments were a
single one
• Wire length is limited due to degradation of
signal
• Bridges allow extension of physical limitation of
wire
9
Routers
• Bridges cannot accommodate large networks
• Routers connect two or more networks
▫ “Routes” incoming messages to appropriate
network
• Can be used to connect a LAN to an ISP
(Internet Service Provider)
• Can be used to link the different networks in the
global Internet
10
Gateway
• Used to connect remote LANs to a WAN (Wide
Area Network)
11
Topologies
Typical LAN topologies include:
• Bus
▫ Single link for all computers
• Ring (Token)
▫ Each computer connected to at least 2 other
computers
• Star
▫ Central server
12
Internetworking – Packet Switching
100 Mb/s
Ethernet
A
B
statistical multiplexing
1.5 Mb/s
queue of packets
waiting for output
link
D
 sequence
C
E
of A & B packets has no fixed timing pattern
 Time Division Multiplexing (TDM)
13
Internet Address
IPv4 – 4 Octets
• Class A: 0*.*.*.* (two reserved, all 0’s and all 1’s)
• Class B: 10*.*.*.*
• Class C: 110*.*.*.*
• Class D: 111*.*.*.*
• Class E: 1111*.*.*.*
Many subnet calculators available online
14
Ports and common services
15
Users in your system
•
•
•
•
•
•
•
•
16
users – local host users
rusers - users on local network
who – more info than users
rwho – more info than rusers
w – more information than who
whois – information about major internet sites
hostname – displays local host name
finger – lists information about a user
Finger utility
17
User communication on a network
• write – send individual lines to user
• talk – interactive split screen two-way chat
• wall – send messages to all users on local
host
• mail – send email messages
• mesg – disables incoming messages to
your terminal
18
File transfer on network
• Rcp (remote copy) – copy files from one host to
another
• uucp (unix-to-unix copy) – like rcp, copies files
between two hosts
• ftp (file transfer protocol/program) – copy files
between local host and other hosts
• Commands for ftp: UPU page 338
19
Distributed access commands
• rlogin – provides login to remote servers
• rsh – execute shell commands on remote
Unix hosts
• telnet – executes commands on remote
telnet hosts
20
Network File System (NFS)
• Public domain specification developed by Sun
Microsystems
• Allows you to mount several local file systems
into a single network file hierarchy
• Provides remote mount capability
• Uses RPC to mount a file system on remote
machine
21
Internet control
• ICANN – Internet Corporation for Assigned
Names and Numbers – allocates names and
domains
• ISOC – Internet Society – represents Internet
users, technical advisory society
• IGF – Internet Governance Forum, global forum
established by the United Nations in 2005
23
Network Standards
RFC: Request for Comments
• RFC 114/959: A File Transfer Protocol
• RFC 791: Internet Protocol
• RFC 793: Transmission Control Protocol
• RFC 1945: Hypertext Transfer Protocol HTTP 1.0
• RFC 2251: Lightweight Directory Access Protocol
• RFC 2460: Internet Protocol v6 (IPv6)
• RFC 4251: Secure Shell (SSH) Protocol
Architecture
24
Internet Protocols
26
Internet Protocols

BGP - Border Gateway Protocol

FTP - File Transfer Protocol

HTTP - Hypertext Transfer Protocol

ICMP - Internet Control Message Protocol

IGMP - Internet Group Management Protocol

IP - Internet Protocol

MIME - Multipurpose Internet Mail Extension
Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
27
Internet Protocols (Cont’d)

OSPF – Open Shortest Path First

RSVP – Resource ReSerVation Protocol

SMTP – Simple Mail Transfer Protocol

SNMP – Simple Network Management
Protocol

TCP – Transmission Control Protocol

UDP – User Datagram Protocol
Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper
Saddle River, NJ: Pearson Prentice Hall.
28
Sample Flow
Application
Presentation
Session
Transport
Server
Network
Data Link
Physical
31
Data
Data
Data
Data
Data
Data
Data
Data
Data
Application
Presentation
Data
Session
Data
Server
Transport
Data
Network
Data
Data Link
Data
Physical
IPv4
32
IPv6
33
Internet Addressing
• Media Access Control (MAC): used by
hardware
• IPv4 and IPv6 used by software to
determine source, destination, and
component location (NIC, not computers)
• Hostnames used by people
• Data link layer maps IPs to hardware
• Hostnames can map names to IPs
34
Sample subnet calculator
Source:
http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php
35
CIDR
Classless Inter-Domain Routing
• Netmasks that do not end in a byte
boundary
• Each byte has 8 bits
• To subnet 128.138.243.0 with 26 bits – not
a byte boundary (8, 16, 24), we use the
convention 128.138.243.0/26
37
26 bits
6 bits
CIDR Calculator
Source: http://www.subnet-calculator.com/cidr.php
39
NAT
• Private addresses can be used internally by
an organization
• NAT captures internal addresses and
prevents them from exiting the corporate
environment
• NAT maintains a table of internal versus
external addresses to ensure that no
internal addresses escape to the global
Internet
42
Routing
• The process of determining the output path
for an incoming packet
• Routing tables are maintained in the kernel
and also in routers throughout the Internet
• If the server does not know where to send it
next, it uses the Address Resolution
Protocol to determine next action
44
Routing
routing algorithm
local forwarding table
header value
0100
0101
0111
1001
output link
3
2
2
1
value in arriving
packet’s header
0111
1
3 2
45
ARP
• ARP discovers the hardware address
associated with an IP address
• If the destination address is not in the same
network, ARP determines the next hop
router
• If address is not known, it send a broadcast
message “Does anybody know where X is?”
• Response is received and then the protocol
uses the response
46
DHCP
• Dynamic Host Configuration Protocol (RFC
2131)
• When a host connects to a network, it
obtains a ‘lease’ on an IP address, gateways,
DNS name servers, Syslog hosts, and
others.
• If the lease is not renewed, it expires
47
DHCP interaction
DHCP server: 223.1.2.5
DHCP discover
src : 0.0.0.0, 68
dest.: 255.255.255.255,67
yiaddr: 0.0.0.0
transaction ID: 654
DHCP offer
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 654
Lifetime: 3600 secs
DHCP request
time
src: 0.0.0.0, 68
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
DHCP ACK
48
src: 223.1.2.5, 67
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
transaction ID: 655
Lifetime: 3600 secs
arriving
client
Security Issues
• Default IP forwarding on a server should be
disabled to prevent the server to act as a
router
• ICMP redirect (you should not send packet
to me, send to XYZ) can compromise
system
• Source routing can slip through firewalls
▫ Do not want to accept or forward sourcerouted packets
49
Security Issues (Cont’d)
• IP spoofing means changing source or
destination in packet header
▫ Receiver may believe source and reply to a
malicious server (man-in-the-middle attack)
• Host-based firewalls are preferred to clientbased firewalls
• VPN – allow remote uses to create ‘tunnels’
to the private network
▫ Requires encryption
50
Virtual Private Network (VPN)
• IP spoofing means changing source or
destination in packet header
▫ Receiver may believe source and reply to a
malicious server (man-in-the-middle attack)
• Host-based firewalls are preferred to clientbased firewalls
• VPN – allow remote uses to create ‘tunnels’
to the private network
▫ Requires encryption
51
VPN
52
Routing
• Routing has different meanings:
▫ Actual forwarding packets
▫ Management of routing tables
• Routing consists of determining the ‘next
hop’ in the route towards the destination
63
Routing Daemons
• Routing daemons collect information from
three sources:
▫ Configuration files
▫ Existing routing tables
▫ Routing daemons on other systems
• Daemons collect this information to
determine optimal route and new routes are
added to routing tables
65
Homework 6 (last)
1. What is the difference between a bridge, a
router, and a gateway?
2. Describe 3 Internet Protocols and provide
examples of where they can be used.
3. What are the differences between ftp and rcp?
Which one is better and why?
4. Explain how ICMP redirection can cause
vulnerabilities in a network.
5. Using an IP subnet calculator of your choice,
answer the questions in E14.3 found in the
USAH book. Capture the calculator screen.
68
Review for Final
• Same format as Midterm
▫
▫
▫
▫
2 hour, take home
8 questions
Email to [email protected] by midnight 4/26
All material from week 4-7
• Week 8: 2 hour class, 2 hour take home final
69
Questions?
70