lecture 1 – Internet Layer IP, ARP,ICMP and IGMP
Download
Report
Transcript lecture 1 – Internet Layer IP, ARP,ICMP and IGMP
CIT 742: Network Administration and
Security
DeSiaMore
www.infoposter.co.tz
1
Powered by DeSiaMore
DeSiaMore
Important Information
Lecturer name: Mr. Mohammed A. S.
Find out about my contact details from my personal
2
website http://ifm.ac.tz/staff/msaleh
For any questions regarding the course, you can write me
an email at any time. Will try to be prompt for response.
If you need to see me in my office please book an
appointment
by
writing
me
an
email
[email protected]
All notes will be uploaded on the CIT 524 web page,
http://ifm.ac.tz/staff/msaleh/CIT742.html
A hardcopy will be submitted to the class representative
Powered by DeSiaMore
DeSiaMore
Origin of TCP/IP and the Internet
The TCP/IP is like a language that computers speak
Is a set of rules that defines how two computers address each other
and send data to each other.
Multiple protocols that are grouped together form a protocol suite
and work together as a protocol stack.
What is TCP/IP?
A set of protocols that enable communication between
computers.
A network administrator can choose from many protocols, but the
TCP/IP protocol is the most widely used
3
Powered by DeSiaMore
DeSiaMore
Features of TCP/IP
1.
Support from vendors
2.
receives support from many hardware and software vendors
not tied to the development efforts of a single company
the choice to use TCP/IP on a network can be based on the
purpose of the network and not on the hardware or software that
has been purchased.
Interoperability
can be installed and used on virtually every platform
3.
For example, using TCP/IP, a Unix host can communicate and transfer data to a
DOS host or a Windows host
It eliminates the cross-platform boundaries
Flexibility
the latitude an administrator has in assigning and reassigning
addresses
Powered by DeSiaMore
4
DeSiaMore
Cont …
4.
Routability
5
An administrator can automatically or manually assign an IP
address to a host
A limitation of many protocols is their difficulty in moving data
from one segment of the network to another
TCP/IP is exceptionally well adapted to the process of routing data
from one segment of the network to another
History of the Internet
Powered by DeSiaMore
DeSiaMore
Design goals of TCP/IP
Hardware independence
Software independence
featured automatic recovery from any dropped or lost data.
Efficient protocol with low overhead
6
Could be used by different software vendors and applications.
Failure recovery and the ability to handle high error rates
Could be used on a Mac, PC, mainframe, or any other computer.
had a minimal amount of “extra” data moving with the data being
transferred.
This extra data, called overhead, functions as packaging for the
data being transferred and enables the data transmission.
Powered by DeSiaMore
DeSiaMore
Cont…
Routable Data
7
data could make its way through an internetwork of computers to
any possible destination.
For this to be possible, a single and meaningful addressing scheme
must be used
Powered by DeSiaMore
DeSiaMore
Moving Data Across the Network
Older communications used circuit-switched networks
Newer standards used packet switched networks
Moving Data on a Circuit-Switched Network
Data moves across the same path throughout the entire
communication
An example of a circuit-switched network is the telephone system
8
When you make a telephone call, a single path (also called a circuit) is
established between the caller and the recipient
For the entire conversation, the voice data keeps moving through the same
circuit.
Powered by DeSiaMore
DeSiaMore
Cont …
Circuit-switched network
9
Powered by DeSiaMore
DeSiaMore
Cont …
Moving Data on a Packet-Switched Network
Circuit-switched network was unacceptable for the
Internet.
Data had to be able to move through different routes so
that if one circuit went down, it didn’t affect
communication on the rest of the network.
10
Instead, data simply would take a different route.
The Internet uses a packet-switched network
The sending computer transmits data fragments which
are more manageable chunks.
Each packet is then individually addressed and sent to its
intended recipient
Powered by DeSiaMore
DeSiaMore
Cont …
The receiving computer reassembles the packets into the
original message
Packet-switched network
11
Powered by DeSiaMore
DeSiaMore
Cont …
12
The receiving computer reassembles the packets into the
original message
Several routes that the data packets can follow from the
source to the destination
Powered by DeSiaMore
DeSiaMore
Protocols
A protocol is a rule or a set of rules and standards for
communicating that computers use when they send data
back and forth.
A group of protocols is called a protocol suite or a protocol
stack
Protocol suites are easier-to-use and more friendly in
name.
Some are proprietary protocols that have limited use
13
Both the sender and receiver involved in data transfer must
recognize and observe the same protocols
developed for specific purposes to meet some particular need of
the hardware or software involved
Powered by DeSiaMore
DeSiaMore
Cont …
IPX/SPX
AppleTalk
This is the protocol suite that Apple has implemented with its
operating system.
TCP/IP
14
Novell has implemented with its operating system.
The acronym stands for Internetwork Packet Exchange/
Sequenced Packet Exchange.
A standard of the Internet.
Anyone who would like to use the Internet must use the TCP/IP
suite.
Powered by DeSiaMore
DeSiaMore
Recap : OSI Model
15
Powered by DeSiaMore
DeSiaMore
Recap : OSI Model Vs DoD Model
16
Powered by DeSiaMore
DeSiaMore
Recap : OSI Model Vs DoD Model
Terms to know:
17
Peer-layer communication
DoD
ISO
OSI
Layer
Protocol suite/ protocol stack
Encapsulation
Headers
Powered by DeSiaMore
DeSiaMore
Network Interface and Internet layers
Address and route packets
Protocols place headers onto the packet
18
Define how the packets are moved to and from the network
Like labels being placed on a package that is being mailed
As each packet is received at a host, it is examined to see if
it needs to be processed or discarded.
Powered by DeSiaMore
DeSiaMore
Network Interface layer
Primary responsibility is to define how a computer
connects to a network
This layer does not regulate the type of network that the
host is on
19
This is an important part of the data delivery process because data
must be delivered to a particular host through a connection to a
network
Data leaving a host has to follow the rules of the network that it is
on
but the network that the host is on dictates the driver that the
Network Interface layer uses.
The host can be on an Ethernet, Token Ring, or Fiber
Distributed Data Interface (FDDI)
Powered by DeSiaMore
DeSiaMore
Cont …
The host has to follow the rules for transmitting and
receiving data according to the topology of the network.
Used to receive packets and to send packets.
The header at the NI layer contains addressing
information
20
an address called a hardware address
Consider the graphic representation that follows:
Powered by DeSiaMore
DeSiaMore
Cont …
21
Powered by DeSiaMore
DeSiaMore
Hardware address
Comes from a physical address that is burned into every
NIC when the card is manufactured
This address will not change for the life of the card
This burned-in address can be called any of the following:
22
Hardware address
Media Access Control (MAC) address
Ethernet address
Physical address
Network Interface Card (NIC) address
It is a 12-character hexadecimal address
Powered by DeSiaMore
DeSiaMore
Cont …
It looks like this: 00:A0:C9:0F:92:A5
The first six characters represent the manufacturer and are
unique to the network card’s manufacturer
The last six characters form a unique serial number that the card’s
manufacturer has assigned to it
Note: For all TCP/IP communication to occur, the sender/builder
of the packet must know the destination hardware address.
If the target hardware address matches that of the
receiving network interface card, or if the packet was
broadcast, the packet is passed up the stack for processing
If it is different then the packet is discarded.
23
Powered by DeSiaMore
DeSiaMore
Broadcast packets
Every packet must be addressed to a host.
A broadcast packet contains the target hardware address
of FF:FF:FF:FF:FF:FF.
NI Layer analogy
24
every host will examine every packet to see if each is addressed to
that host’s unique hardware address.
Get well soon card -> Courier -> Receiving department
Powered by DeSiaMore
DeSiaMore
Internet Layer
Lies between the Network Interface layer and the
Transport layer
contains the protocols that are responsible for addressing
and routing of packets
Contains several protocols, including:
25
Internet Protocol (IP)
Address Resolution Protocol (ARP)
Internet Control Message Protocol (ICMP)
Internet Group Message Protocol (IGMP)
As the packet moves up to the Internet layer, it also needs
to contain an IP address
Powered by DeSiaMore
DeSiaMore
Cont …
26
Protocols at the Internet layer
Powered by DeSiaMore
DeSiaMore
Internet Protocol
Responsible for determining the source and destination IP
addresses of every packet.
every host on a network is assigned a unique IP address
IP address refers to a logical address
An example of an IP address is: 192.168.5.1
A portion of the IP address describes the network that
the host is on, and a portion describes the unique host
address on that network.
IP layer analogy
27
Street address -> person receiving the letter
Powered by DeSiaMore
DeSiaMore
Cont …
IP determines whether the destination is local or remote
as compared to the source host
IP can make this determination based on the IP address of
the target and the subnet mask of the source host.
28
The target is local if IP determines that the target is on the same
network
it is remote if the target is on another network
subnet mask is a required parameter of every TCP/IP address that
is used to separate the network and host portions of that address.
Powered by DeSiaMore
DeSiaMore
Determining Whether the Destination Is
Local or Remote
If the destination is addressed to a host on the local
network
If the host is on a remote network
TCP/IP needs to send the packet through the default gateway.
A default gateway, also called a router, is the address of a
host on the network that offers a route off of the network
Mail package analogy
29
TCP/IP can communicate directly with the destination host
Same street (you can do it) -> Different city (post office)
Powered by DeSiaMore
DeSiaMore
Cont …
30
Powered by DeSiaMore
DeSiaMore
Cont …
The IP protocol in Harry’s TCP/IP stack will examine the
destination address (Sally’s) and determine that Sally is
local to Harry.
How do you determine that the destination is local?
If the target host is local, IP needs to get the hardware
address for the target.
If the target host is remote, IP looks in its routing table for
an explicit route to that network
31
If there is an explicit route, IP needs to get the hardware address
of the gateway listed in the routing table
If there is no explicit route, IP needs to get the hardware address
for the default gateway.
Powered by DeSiaMore
DeSiaMore
Determining the Hardware Address
32
Powered by DeSiaMore
DeSiaMore
Cont
…
If a packet
needs to be sent to a remote host, the
destination hardware address will be for the default
gateway and the destination IP will be for the host
The gateway then determines whether the target IP
address is on one of its other interfaces or whether the
default gateway needs to forward the packet to another
router
Airport analogy - > direct or indirect flight
33
If the target is on one of the other interfaces, IP can send the
packet through that interface onto the destination network. IP on
the gateway strips off the original IP header and puts a new IP
header on the packet.
The gateway is now the source, and the destination of the packet
is either the actual target
Powered by DeSiaMore
DeSiaMore
Cont …
IP uses the Address Resolution Protocol (ARP) to get the
hardware address of the destination host
34
Finds the hardware address of the destination host based on the
IP address that the Internet Protocol is asking for.
Powered by DeSiaMore
DeSiaMore
Address Resolution Protocol (ARP)
It is a protocol that can resolve an IP address to a
hardware address
Before translating a logical to a physical address ARP will
look at its ARP cache
35
After the hardware address is resolved
ARP maintains that information for a short time
ARP cache is an area in RAM where ARP keeps the IP and
hardware addresses that have been resolved
If the IP address is not in ARP cache, ARP will initiate an ARP
request broadcast
Once the resolution is done the hardware address will be stored in
the ARP cache for 120 seconds
Powered by DeSiaMore
DeSiaMore
Address Resolution Protocol (ARP)
36
ARP cache
An entry in ARP cache is dynamic when an address has
been discovered through broadcast, and static when the
address has been manually added
Powered by DeSiaMore
DeSiaMore
Cont …
Using Broadcast to Resolve a Hardware Address
When does an ARP protocol initiate an ARP request?
This request is broadcast on the local network
Harry’s ARP is trying to get resolution for the IP address of
209.132.94.101
ARP broadcasts a packet onto the network that basically says:
The ARP broadcast is addressed to every host by setting the
destination hard- ware address to FF:FF:FF:FF:FF:FF
The ARP broadcast also contains the source’s hardware address.
37
“HEY, WHOEVER IS 209.132.94.101, I NEED YOUR HARDWARE ADDRESS!”
Including the source’s hardware address expedites the reply from the
destination host
Powered by DeSiaMore
DeSiaMore
ARP Operation
38
Powered by DeSiaMore
DeSiaMore
Cont …
39
Powered by DeSiaMore
DeSiaMore
Cont …
As the ARP packet is received at each host
40
the network interface card takes the packet off of the wire and
passes it up through the Network Interface layer to the Internet
layer and ARP
When the hardware address is found an ARP reply is packaged
and sent back, including the source and destination hardware
addresses
An ARP reply is sent out as a unicast whereas the ARP request is a
broadcast.
Powered by DeSiaMore
DeSiaMore
Cont …
41
Powered by DeSiaMore
DeSiaMore
Cases using ARP
There are four cases that use ARP:
1. Same LAN
Here the ARP request is broadcast on the LAN if not already available in
the ARP table of the sender.
2.
Host to Router
A host wants to send a packet to another host on another network. It
must first be delivered to a router.
3.
Router to Router
A router receives a packet to be sent to a host on another network . It
must first be delivered to the appropriate router
4.
Router to Host
Router receives a packet to be sent to a host on the same network.
42
Powered by DeSiaMore
DeSiaMore
Case 1: Same LAN
43
Powered by DeSiaMore
DeSiaMore
Case 2: Host to Router
44
Powered by DeSiaMore
DeSiaMore
Case 3: Router to Router
45
Powered by DeSiaMore
DeSiaMore
Case 4: Router to Host
46
Powered by DeSiaMore
DeSiaMore
Summary
Each router/host maintains an ARP table
The table is empty on boot up
An ARP request is a broadcast while an ARP reply is a
unicast.
Each time an ARP request is answered, it is entered in the
table for the future
The computer receiving the request can add the source
computer’s details to its own ARP table.
47
Powered by DeSiaMore
DeSiaMore
Internet Control Message Protocol (ICMP)
Used primarily for sending error messages, performing
diagnostics, and controlling the flow of data.
Types of ICMP messages
Destination unreachable
may be sent from the host or from a router -
unknown/unavailable/prohibited network/host/service.
Source quench
message informs the source that a datagram has been discarded due
to congestion in a router or the destination host
The source must slow down the sending of datagram until the
congestion is relieved.
48
Powered by DeSiaMore
DeSiaMore
Cont …
Time Exceeded
Whenever a router receives a datagram with a TTL value of zero, it
discards the datagram and sends a time-exceeded message ICMP
message to the original source.
Redirection
This is an ICMP message generated due to inefficiency of the initial
routes chosen to send packets.
49
Powered by DeSiaMore
DeSiaMore
Performing Diagnostics with ICMP and Ping
Using ICMP as a diagnostic tool is with the Ping utility
Four ICMP echo request packets to the destination host
for them to be replied.
If the data returns, the admin can assume successful
connectivity to the destination.
If the ICMP packet does not return, then a connectivity
problem exists.
A ping command can be executed at the command prompt
(win) or the terminal in an (Ix)
50
ping [ip address] or [dns name]
Powered by DeSiaMore
DeSiaMore
Examining ping packets
51
The source host (209.132.94.100) pinged the destination
host (209.132.94.101).
Figure shows a screenshot of the result obtained.
Powered by DeSiaMore
DeSiaMore
Screenshot shows:
1.
2.
3.
4.
5.
52
(Frame 1) An ARP request is broadcast for the target
209.132.94.101.
(Frame 2) An ARP reply is sent to the source at
209.132.94.100 with the target’s hardware address.
(Frame 3) An ICMP packet is sent from the source
209.132.94.100 to the destination 209.132.94.101
requesting an “echo.”
(Frame 4) An ICMP echo reply is sent from the destination
209.132.94.101 to the source 209.132.94.100.
(Frames 5–10) Steps 3 and 4 are repeated three more
times.
Powered by DeSiaMore
DeSiaMore
Cont …
It takes virtually no overhead for the destination to
respond with an ICMP reply.
Some websites will not reply to ICMP request packets.
Example websites include www.microsoft.com
and
www.ebay.com
Enormous amount of ping- request traffic Microsoft was
receiving caused the overhead to get excessive
Their servers no longer reply to such requests
53
ICMP echo packets are filtered or dropped at the fire- wall for
security purposes
A company may not want outsiders pinging or “groping” inside
their network.
Powered by DeSiaMore
DeSiaMore
Cont …
It takes virtually no overhead for the destination to
respond with an ICMP reply.
Some websites will not reply to ICMP request packets.
Example websites include www.microsoft.com
and
www.ebay.com
Enormous amount of ping- request traffic Microsoft was
receiving caused the overhead to get excessive
Their servers no longer reply to such requests
54
ICMP echo packets are filtered or dropped at the fire- wall for
security purposes
A company may not want outsiders pinging or “groping” inside
their network.
Powered by DeSiaMore
DeSiaMore
Internet Group Management Protocol
(IGMP)
Enables one host to send one stream of data to many hosts
55
at the same time.
The destination IP address used by IGMP is called a
multicast address
Multicast addresses contain reserved IP’s, which are not
assigned to hosts.
Devices on a network use IGMP packets to exchange data
Some routing protocols use IGMP to exchange routing
tables
Across the Internet, many sites are using IGMP packets to
move streams of data to many hosts concurrently
Powered by DeSiaMore
DeSiaMore
Questions
DeSiaMore
Powered by
DeSiaMore