IP addresses

Download Report

Transcript IP addresses

BCIS 4630 Fundamentals of IT Security
NETWORKING (2)
Dr. Andy Wu
Internet Control Message Protocol
• Internet Control Message Protocol (ICMP) is a control and
information protocol, which is used to determine:
– Remote network’s availability.
– Length of time to reach a remote network.
– The best route for packets to reach a remote network.
• ICMP can handle the flow of traffic, telling other network
devices to “slow down” transmission speeds if packets are
coming in too fast.
• ICMP is not connection-oriented (uses UDP).
– Designed to carry small messages quickly.
– Has minimal overhead.
– Has minimum impact to bandwidth.
2
ICMP Message Types
• ICMP messages are used to exchange information
about network host status, traffic condition, etc. Two
important fields in an ICMP message are:
– Type: A one-byte field to indicate the kind of ICMP
message.
– Code: For message of certain types, a one-byte Code field
may have a value to further identify a message.
• For example, a ping command goes from one host to
another and receive a response from the latter. Two
types of ICMP messages are involved in this process:
– Echo Request
– Echo Reply
3
ICMP Messages
Type
Description
0
Echo Reply
3
Destination Unreachable
4
Source Quench
5
Redirect Message
8
Echo Request
Code
Description
0
Network unreachable
1
Host unreachable
3
Port unreachable
6
Destination network
unknown
7
Destination host unknown
4
Address Translation
5
Types of Addresses
• Communications between network computers (hosts) would be
impossible without unique addresses for each host.
• Computers on a local network use MAC addresses to
communicate with each other.
• To access hosts on remote networks, such as those on the
Internet, a computer needs to know their IP addresses.
– Routers will route the packets to the destination network by looking
up those IP addresses in the routers’ routing tables.
• IP addresses are difficult for humans to memorize, so DNS
Names (e.g., www.unt.edu) are used by humans.
6
Address Resolution
• Therefore, two types of address translation (resolution)
are essential to network communications.
– DNS Name-IP Address Resolution
• When a person uses a human-readable address like
www.unt.edu, that address must be resolved into an IP address.
– IP-MAC Address Resolution
• Scenario 1: If that IP address is local, the resolution of the IP
address into MAC address takes place right away.
• Scenario 2: If that IP address is remote, the packet is routed to
the remote network first. Then, once the packet gets to the
remote network, it is resolved into a MAC address on that
network.
• In both scenarios, the host owning that MAC address will take
care of the packet.
7
DNS-IP Resolution
• Domain Name Service (DNS) translates user friendly names
(called Fully Qualified Domain Names, or FQDNs) into IP
addresses.
– For example, www.unt.edu = 129.120.188.44
• The DNS server handles DNS queries by examining its local
records to see if it knows the answer.
• If it does not, the DNS server queries higher level domain
servers. They check records or query the server above them
and so on until a match is found.
• A domain’s DNS servers maintain a database that records all
DNS name-IP mappings inside the domain, including those for
web servers, directory servers, email servers, hosts, etc.
8
Layer 3: IP Addresses
• It is common to express the 32-bit IP addresses in
a decimal form (dotted decimal notation).
– The address is divided from the high-order bit to the
low-order bit into four 8-bit units called octets.
– IP addresses are normally written as four separate
decimal octets delimited by a period (a dot).
– Each octets has eight bits and each bit has two
possible values: 0 and 1.
– Thus, in decimal terms, an octet can have 28 or 256
possible values, ranging from 0 to 255.
9
Layer 3: IP Addresses
• An IP address is broken down into two portions: Network ID and Host
ID.
– Without subnetting, the end of the network ID falls on a 8-bit boundary
(e.g., the 16th bit in a Class B subnet).
– The network ID, or network address, identifies the nodes that are located
on the same logical network.
– The host ID, or host address, identifies a node within a network.
• An address with a host ID of all zeros is not assigned to any host. It
is reserved to define the network itself (network address, e.g., “the
132.170.0.0 network”).
• If the host ID is all 1s, the address is a broadcast address (e.g.,
132.170.255.255). It is used to send a packet to all hosts on a
specific network. It can only be a destination address; no host can be
assigned this address.
10
IP Addresses
Class A
Class B
Class C
11
Source: Davies and Lee, Windows Server 2003 TCP/IP Protocols and Services.
CIDR Notation
• A shorthand for subnet masks (n.n.n.n
stands for an IP address). It indicates the
number of bits that are set to 1 in the mask.
– n.n.n.n/8 for class A default mask, equivalent
to 255.0.0.0
– n.n.n.n/16 for class B default mask, equivalent
to 255.255.0.0
– n.n.n.n/24 for class C default mask, equivalent
to 255.255.255.0
12
Private Addresses
• An organization can use any IP addresses for its
network, as long as it is not connected to the Internet.
• If it wants to use the addresses on the Internet,
however, it has to apply for them from Internet
Corporation for Assigned Names and Numbers
(ICANN).
• Three blocks of addresses are reserved for private
networks.
Class A: 10.0.0.0 – 10.255.255.255
Class B: 172.16.0.0 – 172.31.255.255
Class C: 192.168.0.0 – 192.168.255.255
• Private addresses are not routable on the Internet.
13
Layer 2: MAC Addresses
• MAC address is a unique, 48-bit hardware address
assigned to a device by the manufacturer.
– Each manufacturer is assigned a specific block of MAC
addresses (the first 24 bits).
– The manufacturer assigns the device a unique address (the
second 24 bits).
– No two devices can share the same MAC address.
– For one system to send data to another on the local
network, it must first find out the destination system’s MAC
address.
14
IP-MAC Address Resolution
• To find a MAC address, the Address
Resolution Protocol (ARP) is used.
• Using an ARP request, the sending system
will broadcast a query – “who is
129.120.188.44”?
• This broadcast query is examined by every
host on the local network, but only the system
whose IP address is 129.120.188.44 will
respond.
15
IP-MAC Address Resolution
• That system will send back a response that says “I’m
129.120.188.44 and my MAC address is
00:07:e9:7c:c8:aa.”
• The sending system will then format the packet for
delivery and drop it on the network media, with the
MAC address of the destination host.
• If a host cannot find the destination host in this way, the
packet is forwarded to the default gateway, which is the
computer/router that knows how to route those packets.
• What happens if the receiving “host” is
129.120.255.255?
– The broadcast MAC address is all Fs.
16
Broadcast
• Used in one-to-everyone communications.
• A broadcast IP address is designed to be processed by every
IP node on the same network segment.
• It is in the format of
– Class A: nnn.255.255.255
– Class B: nnn.nnn.255.255
– Class C: nnn.nnn.nnn.255
• The broadcast IP packet is addressed at the Data Link layer
using the network technology's broadcast address.
– For example, for Ethernet and Token Ring networks, all IP
broadcasts are sent using the Ethernet and Token Ring broadcast
address 0xFF-FF-FF-FF-FF-FF.
17
Unicast
• Used in one-to-one communications.
• A packet is sent from an individual source
to an individual destination.
• In a hub-connected network, all hosts on
the network segment see the packet.
• In normal mode, however, all hosts except
the intended receipt will pick up and
process the packet.
18