Académique Documents
Professionnel Documents
Culture Documents
Topology Ethernet and Token Ring, FDDI ATM, Frame Relay and X.25
Interface network interface card (NIC), a switch Modem (cable or DSL) and a router
s and a hub
Protocol Ethernet and Token Ring, ARCNET ATM, Frame Relay and X.25,
MPLS
Introduction to LAN
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oZjI4MWYyYWQtOTlkYi00MzMxLWJhNGUtMzg3NGZkYjczZmYy&hl=en
Router -
A node that sends network packets in one of many possible directions to get them to their
destination. It can also take decision in which route the information should take. It operates at
network layer.
Gateways
It is a generic term that refers to an entity used to interconnect two or more networks
that have different rules of communication.
Introduction to WAN
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oMzY5YThmOTAtYmFmMC00NmFlLWJlMTItODVhMGEwNzYzYzU5&hl=en
OSI
Describe the following characteristics of OSI Layers:
Information format, Addressing, Flow control and
error checking
Data Link Layer A data link layer address uniquely identifies each physical network
connection of a network device. Data-link addresses sometimes are
referred to as physical or hardware addresses
1. End systems generally have only one physical network
connection and thus have only one data-link address.
2. Routers and other internetworking devices typically have
multiple physical network connections and therefore have multiple data-
link addresses.
Network Layer A network layer address identifies an entity at the network layer of the
OSI layers.
1. Network addresses usually exist within a hierarchical address
space and sometimes are called virtual or logical addresses.
2. Routers and other internetworking devices require one network
layer address per physical network connection for each network layer
protocol supported. E.g. for TCP/IP Protocol, the network layer address
is IP
OSI Layer Flow Control & Error Checking
Data Link Layer 1. One common error-checking scheme is the cyclic redundancy
check (CRC), which detects and discards corrupted data.
2. Error-correction functions (such as data retransmission) are left to
higher-layer protocols.
3. Sliding window protocol for Flow control
2. The OSI reference model is a conceptual model composed of seven layers, each
specifying particular network functions. The model was developed by the International
Organization for Standardization (ISO) in 1984, and it is now considered the primary
architectural model for inter-computer communications.
3. The basic idea of a layered architecture is to divide the design into small pieces. Each
layer adds to the services provided by the lower layers in such a manner that the
highest layer is provided a full set of services to manage communications and run the
applications.
5. The basic elements of a layered model are services, protocols and interfaces. A
service is a set of actions that a layer offers to another (higher) layer. Protocol is a
set of rules that a layer uses to exchange information with a peer entity. These rules
concern both the contents and the order of the messages used. Between the layers
service interfaces are defined. The messages from one layer to another are sent
through those interfaces.
Internet protocol suite is the set of communications protocols that implements the protocol
stack on which the Internet and many commercial networks run. It is part of the TCP/
IP protocol suite, which is named after two of the most important protocols in it: the
Transmission Control Protocol (TCP) and the Internet Protocol (IP), which were also the first
two networking protocols defined.
The Internet protocol suite - like many protocol suites - can be viewed as a set of layers
and can be compared to the OSI model. Each layer solves a set of problems involving the
transmission of data, and provides a well-defined service to the upper layer protocols based
on using services from some lower layers. Upper layers are logically closer to the user and
deal with more abstract data, relying on lower layer protocols to translate data into forms that
can eventually be physically transmitted. The original TCP/IP reference model consists (see
Figure 5.1, “The TCP/IP protocol stack”) of 4 layers, but has evolved into a 5-layer model.
Figure 5.1. The TCP/IP protocol stack
TCP (6 Marks)
b. When two hosts on the same network are communicating with each other, it is the
MTU of the network that is important. But when two hosts are communicating across
multiple networks, each link can have a different MTU. The important numbers are not
the MTUs of the two networks to which the two hosts connect, but rather the smallest
MTU of any data link that packets traverse between the two hosts. This is called the
path MTU.
1. Ethernet was developed by Xerox Corporation’s Palo Alto Research Center (PARC) in
the 1970s.
2. Ethernet was the technological basis for the IEEE 802.3 specification, which was
initially released in 1980.
b. IEEE 802.3 specifies several different physical layers, whereas Ethernet defines
only one.
d. In the case of Ethernet, the upper-layer protocol is identified in the type field.
In the case of IEEE 802.3, the upper-layer protocol must be defined within the
data portion of the frame, if at all.
e. Note:- In IEEE 802.3 frames, the 2-byte field following the source address is a
length field, which indicatescthe number of bytes of data that follow this field
and precede the frame check sequence (FCS) field.
SLIP
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oY2RiZWQ2NGYtZjdhNC00YTg5LTk4MzEtMjRjMWQ0M2E3NjFi&hl=en
1. The Serial Line Internet Protocol (SLIP) is a mostly obsolete encapsulation of the
Internet Protocol designed to work over serial ports and modem connections.
4. SLIP has been largely replaced by the Point-to-Point Protocol (PPP), which is better
engineered, has more features and does not require its IP address configuration to be
set before it is established.
PPP
1. The Point-to-Point Protocol (PPP) originally emerged as an encapsulation protocol for
transporting IP traffic over point-to-point links.
3. PPP provides a method for transmitting datagrams over serial point-to-point links,
which include the following three components:
a. A method for encapsulating datagrams over serial links
b. An extensible LCP to establish, configure, and test the connection
c. A family of NCPs for establishing and configuring different network layer
protocols
4. Six fields make up the PPP frame.
IP Layer (7 Marks)
Internet Protocol
https://docs.google.com/viewer?a=v&pid=explorer&chrome=true&srcid=0B2-
XZEBhe99oMzRjMjJjODEtYjk0NS00ZTJkLTk2MTAtYjAxOTY3MzU1MmU3&hl=en
The Internet protocols consist of a suite of communication protocols, of which the two
best known are the Transmission-Control Protocol (TCP) and the Internet Protocol
(IP).
● The current and most popular network layer protocol in use today is
IPv4;
● IPv4 RFC-791
● Hosts and routers have a routing table used for all routing decisions.
● Addressing and
§ The internet modules use the addresses carried in the internet header
to transmit internet datagrams toward their destinations. The selection of a
path for transmission is called routing.
● Fragmentation
Data @ IP layer: = Given user data: 2000 bytes + UDP header length: 8 bytes = 2008 bytes
IP header - 20 byte
So, we have an IP message 2028 bytes (including the 20 bytes of IP header) that needs to be sent
over a link with MTU 1,500 bytes
MF Offset Data
0 0 2,008 bytes
MF Offset Data
0 0 1480 bytes
MF Offset Data
MF Offset Data
0 0 11,980 bytes
1 0 3,280 bytes
MF Offset Data
MF Offset Data
MF Offset Data
Reference:
http://www.tcpipguide.com/free/t_IPMessageFragmentationProcess-2.htm
http://www.tcpipguide.com/free/t_IPMessageFragmentationProcess-3.htm
What is MTU
Each device on an IP internetwork, must know the capacity of its immediate data link layer
connection to other devices. This capacity is called the maximum transmission unit (MTU) of the
network.
If an IP layer receives a message to be sent across the internetwork, it looks at the size of
the message and then computes how large the IP datagram would be after the addition of the
20 or more bytes needed for the IP header. If the total length is greater than the MTU of the
underlying network, the IP layer will fragment the message into multiple IP fragments. So, if a
host is connected using an Ethernet LAN to its local network, it may use an MTU of 1,500 for
IP datagrams, and will fragment anything larger. Figure 88 shows an example of differing MTUs
and fragmentation.
References
http://www.tcpipguide.com/free/t_IPDatagramSizetheMaximumTransmissionUnitMTUandFrag-
2.htm
IPv4 Address
o Data
References:
· http://www.consultants-online.co.za/pub/itap_101/html/ch05s03.html#tcp_ip.sec_3.2
ICMP
1. Internet Control Message Protocol (ICMP) is a network-layer Internet protocol
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet
protocol suite. It is chiefly used by networked computers' operating systems to send error
messages - indicating, for instance, that a requested service is not available or that
2. a horeachedst or router could not be
3. Acted on by IP or higher layer TCP, UDP
a. Destination Unreachable
i. When an ICMP destination-unreachable message is sent by a router,
it means that the router is unable to send the package to its final
destination. The router then discards the original packet.
c. Redirect
i. An ICMP Redirect message is sent by the router to the source host to
stimulate more efficient routing.
d. Time Exceeded
i. An ICMP Time-exceeded message is sent by the router if an IP packet’s
Time-to-Live field (expressed in hops or seconds) reaches zero
8. ICMP differs in purpose from TCP and UDP in that it is usually not used directly by user
network applications. One exception is the ping tool, which sends ICMP Echo Request
messages
b. The related ping utility is implemented using the ICMP "Echo request"
and "Echo reply" messages.
ARP
1. Address Resolution Protocol (ARP) is a link-layer Internet protocol
2. (rfc 826)
4. An ARP cache is maintained on each host. ARP cache is maintained to store recent
mappings. Normal expiration time is 20 min
5. We can examine the ARP cache with the arp command. The -a option displays all
entries in the cache: % arp-a
6. For two machines on a given network to communicate, they must know the other
machine’s physical (or MAC) addresses. By broadcasting Address Resolution
Protocols (ARPs), a host can dynamically discover the MAC-layer address
corresponding to a particular IP network-layer address. After receiving a MAC-
layer address, IP devices create an ARP cache to store the recently acquired IP-to-
MAC address mapping, thus avoiding having to broadcast ARPS when they want to
recontact a device. If the device does not respond within a specified time frame, the
cache entry is flushed.
7. Proxy ARP - Proxy ARP lets a router answer ARP requests on one of its networks for a host on
another of its networks. This fools the sender of the ARPrequest into thinking that the router
is the destination host, when in fact the destination host is "on the other side" of the router.
The routeris acting as a proxy agent for the destination host, relaying packets to it from other
hosts.
RARP
1. Link Layer Protocol
2. In addition to the Reverse Address Resolution Protocol (RARP) is used to map MAC-
layer addresses to IP addresses. RARP, which is the logical inverse of ARP, might be
used by diskless workstations that do not know their IP addresses when they boot.
RARP relies on the presence of a RARP server with table entries of MAC-layer-to-IP
address mappings.
3. RFC 903
6. RARP req. is broadcast asking for sender’s IP address, MAC address provided.
The primary limitations of RARP are that RARP is now obsoleted by BOOTP and
each MAC must be manually configured the more modern DHCP, which both
on a central server, and that the protocol support a much greater feature set than
only conveys an IP address and this RARP.
leaves configuration of subnetting,
gateways, and other information to other
protocols or the user
IPv6:
IPv6: IPv4 Conversion OR What are the modifications
required to port the IPv4 applications to work on IPv6
network?
Why and where we need the change
● Numerical addresses – IPv4, 32 bit address / IPv6, 128 bit address
● Typical IPv4 & IPv6 code sequence from server side and client side is exactly same
● The size of the IP address is visible to an application through the socket interface
● Changes required to:
○ Parts of the API that exposes the size of the IP address (new data structures
required)
○ Parts of the application that manipulates the IP address
IPV4 Tunneling
Two IPv6 nodes are separated by an IPv4 network.
The dual-stack router on one end of the communication takes IPv6 packets from
the sender, encapsulates them within IPv4 packets, then forwards the packets
across the IPv4 packets, extracts the IPv6 packets inside and forwards the IPv6
packets to their proper destination.
Dual Stack
Node has both IPv4 and IPv6 stacks and addresses
• DNS resolver
– Returns IPv6, IPv4 or both to application
• IPv6 application can use IPv4 mapped addresses to communicate with IPv4
nodes
Routing
IP Routing
IP routing is simple, especially for a host. If the destination is directly connected
to the host or on a shared network, then the IP datagram is sent directly to the
destination. Otherwise the host sends the datagram to a default router, and lets
the router deliver the datagram to its destination. This simple scheme handles most
host configurations.
IP performs following steps when it searches its routing table.
● Search for a matching host address.
● Search for a matching network address.
● Search for a default entry.
IP performs the routing mechanism while a routing daemon normally provides the routing policy.
● Routing mechanism (Done by IP)-
● Searching the routing table and decide which interface to send a packet out.
● Routing policy (provided by routing daemon) - A set of rules that decides which routes go into the routing table
● IP performs following steps when it searches its routing table.
● Search for a matching host address.
● The information contained in the routing table drives all the routing decisions made by IP.
● Initialize at boot time
● Simple route table: Flags-U, G, H, D, M
● Search for a matching network address.
● Search for a default entry.
● ICMP redirect error for route table update
Normal Operation
Initialization - When the daemon starts it determines all the interfaces that are
up and sends a request packet out each interface, asking for the other router's
complete routing table. On a point-to-point link this request is sent to the other
end. The request is broadcast if the network supports it. The destination UDP port
is 520
Response received - The response is validated and may update the routing table.
New entries can be added, existing entries can be modified, or existing entries can
be deleted.
Regular routing updates - Every 30 seconds, all or part of the router's entire routing
table is sent to every neighbor router.
•Triggered updates. These occur whenever the metric for a route changes. The
entire routing table need not be sent -only those entries that have changed must
be transmitted.
RIP1.0 problems
● RIP has no knowledge of subnet addressing.
● RIP takes a long time to stabilize after the failure of a router or a link.
● The use of the hop count as the routing metric omits other variables that
should be taken into consideration.
● A maximum of 15 for the metric limits the sizes of networks on which RIP
can be used.
· Each router actively tests the status of its link to each of its neighbors, sends
this information to its other neighbors, which then propagate it throughout the
autonomous system. Each router takes this link-state information and builds a
complete routing table.
OSPF Features
Routing Table
Each entry in the routing table contains the following information:
1. Destination IP address
2. IP address of a next-hop router
3. Flags
4. Specification of which network interface the datagram should be passed to for
transmission.
Flags
1. U The route is up.
2. G The route is to a gateway (router).
3. H The route is to a host
4. D The route was created by a redirect.
5. M The route was modified by a redirect.
Initializing a Routing Table
5. Execute the route command
6. Run a routing daemon
7. Use the newer router discovery protocol
SNMP
What is SNMP
SNMP is a standard for managing Internet Protocol (IP) devices (e.g. routers,
switches)
A firewall is a secure and trusted machine that sits between a private network and
a public network. The firewall machine is configured with a set of rules that
determine which network traffic will be allowed to pass and which will be blocked
or refused.
Types of Firewalls
A stateless firewall is one which does not keep any state information between
packets. Each packet is examined and handled based only on the information
contained within that packet.
· "statefulpacket inspection"
· "protocol inspection“
In the case of FTP, a stateful firewall would monitor the control channel, and look
for the PASV or PORT commands used to open the TCP connection for the data
channel. It would then allow that TCP connection through as well.
3. If it is not destined for this machine, a search is made of the routing table for
an appropriate route and the datagram is forwarded to the appropriate interface or
dropped if no more can be found. (3)
4. Datagrams from local processes are sent to the routing software for forwarding
to the appropriate interface. (4)
Malicious Programs
Explain the following malicious program - Trojan
Viruses
The software threats or malicious programs can be divided into two categories
· That need a host program
· That are independent
Trojans
A Trojan horse is an unauthorized program contained within a legitimate program. A
Trojan horse is a static entity: malicious code nested within an otherwise harmless
program.
Trojans cannot travel from machine to machine unless the file that contains the
Trojan also travels with it. Trojans are created strictly by programmers. The
majority of Trojans are nested within compiled binaries.
Trojans represent a very high level of risk, mainly for reasons stated:
· Difficult to detect.
· In most cases, Trojans are found in binaries, which remain largely in non-
human-readable form.
Viruses
A computer virus is a program, sometimes (but not necessarily) destructive, that
is designed to travel from machine to machine, "infecting" each one along the way.
This infection usually involves the virus attaching itself to other files.
Anti-virus approaches
· Do not allow
· Detection
· Identification
· Removal
Worm
A worm actively seeks out more machines to infect and each machine that is
infected serves as a launching pad for attacks on other machines.
A worm does not perform any destructive actions, and instead, only consumes system
resources to bring it down.
IPSec
Differentiate SSL with SET Protocol
The SET (Secure Electronic Transaction) protocol is an open encryption and security
specification designed for protecting credit card transactions on the Internet.
SET Vs SSL
SSL and SET are both used for facilitating secure exchange of information, their
purposes are quite different.
4. Finish
Record protocol
It takes an application message as input. First it fragments it into smaller blocks,
optionally compresses each block, adds MAC, encrypts it, adds a header and gives
it to the transport layer. This protocol provides two services to an SSL connection
as follows:
Confidentiality: This is achieved by using the secret key that is defined by the
handshake protocol.
Integrity: The handshake protocol defines a shared secret key (MAC) that is used
for assuring the message integrity.
Alert protocol
When either the client or the server detects an error, the decrypting party sends
an alert message to the other party. Action taken
· Immediately close the SSL connection.
· Destroy the session identifiers, secrets and keys associated with this
connection before it is terminated.
· Each alert message consists of two bytes.
o 1st byte - The type of error.
o 2nd byte - The actual error.
· IPSec can protect any protocol that runs on top of IP, for instance TCP, UDP,
and ICMP.
Goals
Architecture
1. Security Protocols --Authentication Header (AH) and Encapsulating Security
Payload (ESP)
2. Security Associations --what they are and how they work, how they are
managed, associated processing
3. Key Management --manual and automatic (The Internet KeyExchange (IKE))
4. Algorithms for authentication and encryption
Encryption
State the two problems in symmetric key encryption?
(5 marks)
Appendix
MAC Address
OSI Services
IPV6
Basics
Features (IPv6)
· RRFC 2460
· Increase of address size from 32 bits to 128 bits
· Simplified Header
· Improved Support for Extensions and Options
· Flows
· Authentication and privacy
Example
IPv6 represented by 16bit hex separated by colon. For example FF02:0:0:0:0:1:200E:8C6C
Traffic Class
Ver (4 Bit) (8 Bit) Flow Level (20 Bit)
Next Header
Payload length (16 Bit) (8 Bit) Hop Limit (8 Bit)
Source Address
(128 Bit)
Destination Address
(128 Bit)
RFC2732 states that IPv6 addresses in URIs should be delimited by square brackets [ ].–
http://[3ffe:0b00::1]/index.html