2. AgendaAgenda
TCP/IP Network ArchitectureTCP/IP Network Architecture
Client-Server ModelClient-Server Model
Naming and AddressingNaming and Addressing
TCP/UDP/IP/Ethernet Packet FormatTCP/UDP/IP/Ethernet Packet Format
Application Programming InterfacesApplication Programming Interfaces
Protocol AnalysisProtocol Analysis
3. Meet the Protocol Family in the InternetMeet the Protocol Family in the Internet
TCP
UDP
IP
SNMP
ping
tracert
IPsec
Mobile IP
ARP
RARP
PPP
DNS
telnet
ftp
IP QoS
HTTP
IP telephony
IP multicast
BSD socketWinsockJava socket
ICMP
IPv4
IPv6
SMTP
NTCIP
DHCP
POP3
Ethernet
WAP
GPRS
r-utility
ATM
MIB
WinPcap
SLIP
SMS
Internet
internet
intranet
tester
developer
administrator
OSPF
BGP MPLSRTP
WWW
4. TCP/IP Network ArchitectureTCP/IP Network Architecture
Application LayerApplication Layer
Transport LayerTransport Layer
Network LayerNetwork Layer
Link LayerLink Layer
operating-system/computer-architecture independent
LAN/MAN/WAN applicable
physical-medium independent
host host
network network
media media
process process
client-server model
5. TCP/IP Protocol SuiteTCP/IP Protocol Suite
EthernetEthernet
ARPARP RARPRARP
IPv4IPv4 IPv6IPv6
TCPTCP UDPUDP
ICMPICMP
TelnetTelnetFTPFTPpingping SNMPSNMP TFTPTFTP
Serial lineSerial line
PPPPPP
SMTPSMTP POP3POP3
21 23 11025 69161
port
number
IP
address
6. Key Protocols in Transport/Network LayersKey Protocols in Transport/Network Layers
Transmission Control Protocol (TCP)Transmission Control Protocol (TCP)
aa connection-orientedconnection-oriented,, reliablereliable,, byte-streambyte-stream serviceservice
User Datagram Protocol (UDP)User Datagram Protocol (UDP)
aa connectionlessconnectionless,, unreliableunreliable,, datagramdatagram delivery servicedelivery service
application-aware via port number and UDP checksumapplication-aware via port number and UDP checksum
Internet Protocol (IP)Internet Protocol (IP)
aa connectionlessconnectionless,, unreliableunreliable,, datagramdatagram delivery servicedelivery service
network-aware via routing, fragmentation and reassemblynetwork-aware via routing, fragmentation and reassembly
7. Encapsulation in Protocol ProcessingEncapsulation in Protocol Processing
ApplicationApplication
TCPTCP
IPIP
EthernetEthernet
fragmentationfragmentation
reassemblyreassembly
paddingpadding
8. Request For Comments Document SeriesRequest For Comments Document Series
http://www.rfc-editor.org/http://www.rfc-editor.org/
↑↑
http://www.networksorcery.com/enp/default0501.htmhttp://www.networksorcery.com/enp/default0501.htm
↑↑
9. TCP and UDP Client-Server ModelTCP and UDP Client-Server Model
DNSDNS
clientclient
DNSDNS
serverserver
DNS query (www.yahoo.com)DNS query (www.yahoo.com)
DNS response ( 216.109.125.70 )DNS response ( 216.109.125.70 )
(( UDPUDP 172.18.8.120172.18.8.120 10271027 172.16.2.2172.16.2.2 5353 )),, ,, ,, ,,
172.18.8.120172.18.8.120 172.16.2.2172.16.2.2
( protocol( protocol
locallocal
addressaddress
locallocal
portport
remoteremote
addressaddress
remoteremote
portport )),, ,, ,, ,,
well-knownwell-known
DNS port numberDNS port number
ephemeral port numberephemeral port number
32-bit IPv4 address32-bit IPv4 address
10. IP Address and TCP/UDP Port NumberIP Address and TCP/UDP Port Number
Internet Assigned Number AuthorityInternet Assigned Number Authority
www.iana.orgwww.iana.org
IP AddressIP Address
IPv4IPv4 32-bit dotted-decimal notation32-bit dotted-decimal notation e.g., 192.0.32.67e.g., 192.0.32.67
– the IPv4 address space for private internetsthe IPv4 address space for private internets
10.0.0.010.0.0.0 ~ 10.255.255.255~ 10.255.255.255
172.16.0.0172.16.0.0 ~ 172.31.255.255~ 172.31.255.255
192.168.0.0192.168.0.0 ~ 192.168.255.255~ 192.168.255.255
IPv6IPv6 128-bit hexadecimal string128-bit hexadecimal string e.g., 1080:0:0:0:8:800:200C:417Ae.g., 1080:0:0:0:8:800:200C:417A
TCP/UDP Port NumberTCP/UDP Port Number
well known portswell known ports 0 ~ 10230 ~ 1023
registered portsregistered ports 1024 ~ 491511024 ~ 49151
dynamic and/or private portsdynamic and/or private ports 49152 ~ 6553649152 ~ 65536
11. Host Name, IP Address, Physical AddressHost Name, IP Address, Physical Address
12. TCP Connections underTCP Connections under Windows netstatWindows netstat
show host name and service name
show IP address and port number
13. TCP Connections underTCP Connections under Linux netstatLinux netstat
show host name and service name
show IP address and port number
show process id and program name
19. Ethernet Frame FormatEthernet Frame Format
http://www.iana.org/assignments/ethernet-numbershttp://www.iana.org/assignments/ethernet-numbers
20. Naming, Addressing, and MappingNaming, Addressing, and Mapping
Mapping fromMapping from Host NameHost Name toto IP addressIP address
DNS ~ Domain Name SystemDNS ~ Domain Name System
e.g., www.yahoo.come.g., www.yahoo.com →→ 216.109.125.70216.109.125.70
Mapping fromMapping from IP AddressIP Address toto Ethernet AddressEthernet Address
ARP ~ Address Resolution ProtocolARP ~ Address Resolution Protocol
e.g., 172.18.8.254e.g., 172.18.8.254 →→ 00-0a-8a-d9-47-4000-0a-8a-d9-47-40
24. Protocol AnalysisProtocol Analysis
Hardware/Software Protocol AnalyzerHardware/Software Protocol Analyzer
Hardware Protocol AnalyzerHardware Protocol Analyzer ~ Agilent, Racal, Rohde & Schwarz~ Agilent, Racal, Rohde & Schwarz
Software Protocol AnalyzerSoftware Protocol Analyzer ~ WinPcap and Ethereal~ WinPcap and Ethereal
WinPcap Protocol AnalyzerWinPcap Protocol Analyzer
http://winpcap.polito.it/http://winpcap.polito.it/
PcapPcap ~ packet capture library from Lawrence Berkeley Laboratory~ packet capture library from Lawrence Berkeley Laboratory
WinPcapWinPcap ~ packet capture and network analysis for Win32 from~ packet capture and network analysis for Win32 from ItalyItaly
Ethereal Protocol AnalyzerEthereal Protocol Analyzer
http://www.ethereal.comhttp://www.ethereal.com
25. WinPcap/Ethereal Protocol Analyzer SetupWinPcap/Ethereal Protocol Analyzer Setup
Host A
Host B
WinPcap/Ethereal
Ethernet
internet
Host C
WinPcap/Ethereal
(promiscuous mode)
28. What is “Ping”?What is “Ping”?
a program used to test whether another host isa program used to test whether another host is
reachablereachable
““PingPing”” sendssends an ICMP echo request messagean ICMP echo request message to ato a
host and expectshost and expects an ICMP echo reply messagean ICMP echo reply message toto
be returned.be returned.
““PingPing”” supports a set of options which can be usedsupports a set of options which can be used
by anyone who wants to maintain, investigate, andby anyone who wants to maintain, investigate, and
hack TCP/IP networks.hack TCP/IP networks.
29. Using “Ping” to Observe Network TrafficUsing “Ping” to Observe Network Traffic
ICMP Echo Request and Echo ReplyICMP Echo Request and Echo Reply
ARP Request/Reply and ARP CacheARP Request/Reply and ARP Cache
DNS Query and ResponseDNS Query and Response
IP Fragmentation and the “Don’t Fragment” flagIP Fragmentation and the “Don’t Fragment” flag
Ethernet PaddingEthernet Padding
30. SummarySummary
TCP/IP Network ArchitectureTCP/IP Network Architecture
Client-Server ModelClient-Server Model
Naming and AddressingNaming and Addressing
TCP/UDP/IP/Ethernet Packet FormatTCP/UDP/IP/Ethernet Packet Format
Application Programming InterfacesApplication Programming Interfaces
Protocol AnalysisProtocol Analysis
31. TCP
UDP
IP
SNMP
ping
tracert
IPsec
Mobile IP
ARP
RARP
PPP
DNS
telnet
ftp
IP QoS
HTTP
IP telephony
IP multicast
BSD socketWinsockJava socket
ICMP
IPv4
IPv6
SMTP
NTCIP
DHCP
POP3
Ethernet
WAP
GPRS
r-utility
ATM
MIB
WinPcap
SLIP
SMS
Internet
internet
intranet
tester
administrator
OSPF
BGP MPLSRTP
WWW
Everything over IPEverything over IP
IP over EverythingIP over Everything
developer
ThanksThanks
YouYou
Q & AQ & A