Computer Networks
Internet Protocol Suite (TCP/IP)
What is the Internet Protocol Suite?
A framework for organizing the communication protocols used in the Internet (and similar networks)
It is commonly known as TCP/IP
Foundational protocols are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP)
Link Layer
Lowest layer in the Internet protocol suite
The link is the network component used to interconnect hosts or nodes
A link protocol is a suite of methods and standards that operate only between adjacent network nodes of a network segment.
Nodes are referenced by their media access control (MAC) address
- a unique identifier assigned to a network interface controller (NIC)
- 6 octets (bytes) represented with hex digits separated by colons
- eg.: 52:54:00:23:a4:d2
Core Protocols
Hub vs. Switch
- Ethernet hub, network hub, multiport repeater
- A network hardware device for connecting Ethernet devices
- Makes them act as a single network segment
- Network switch
- Multiport network bridge that uses MAC addresses to forward data
- The ports are network segments that can be bridged as individual pairs
| Byte | 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 0 | Destination MAC address | Source MAC address | EtherType | |||||||||||
EtherType indicates which protocol is encapsulated in the frame
| EtherType | Protocol |
|---|---|
| 0x0800 | Internet Protocol version 4 (IPv4) |
| 0x0806 | Address Resolution Protocol (ARP) |
| ... | ... |
Example: ARP
Linux command-line tool arp
Analyze ARP network traffic with Wireshark
Internet Layer
Group of methods, protocols, and specifications that are used to transport network packets from the originating host across network boundaries
The destination host is specified by an IP address
Internet layer protocols use IP-based packets
IP addresses are written and displayed in human-readable notations
- 32 bits in dot decimal notation in IPv4 (eg.: 193.171.122.146)
- 128 bits in eight groups of four hexadecimal digits (2 octets) for IPv6 addresses (eg.: fe80::5054:ff:fe23:a4d2/64)
Core Protocols
| Offset | Byte | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Byte | Bit | 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
| 0 | 0 | Version | IHL | DSCP | ECN | Total Length | |||||||||||||||||||||||||||
| 4 | 32 | Identification | Flags | Fragment Offset | |||||||||||||||||||||||||||||
| 8 | 64 | Time To Live | Protocol | Header Checksum | |||||||||||||||||||||||||||||
| 12 | 96 | Source IP Address | |||||||||||||||||||||||||||||||
| 16 | 128 | Destination IP Address | |||||||||||||||||||||||||||||||
| 20 | 160 | Options 0-40 bytes (if IHL > 5) |
|||||||||||||||||||||||||||||||
| ⋮ | ⋮ | ||||||||||||||||||||||||||||||||
| 56 | 448 | ||||||||||||||||||||||||||||||||
| Data Payload (in total |
|||||||||||||||||||||||||||||||||
Internet Control Message Protocol (ICMP)
| Offset | Byte | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Byte | Bit | 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
| 0 | 0 | Type | Code | Checksum | |||||||||||||||||||||||||||||
| 4 | 32 | content depends on the ICMP type and code | |||||||||||||||||||||||||||||||
The most common ICMP "user" application is ping
ping ${HOST_OR_IP}Example
Investigate IPv4 packet with Wireshark
Investigate ICMPv4 datagram with Wireshark
Transport Layer
The protocols of the transport layer provide end-to-end communication services for applications.
They provide services such as connection-oriented communication, reliability and flow and congestion control.
Core Protocols
- Transmission Control Protocol (TCP)
-
User Datagram Protocol (UDP)
used by (eg.) DNS and DHCP - QUIC
Ports
TCP and UDP use port numbers to identify sending and receiving application end-points on a host.
Ports are often called Internet sockets.
- Port numbers are 16-bit unsigned integers
- Ports 0-1023 are well-known ports or system ports
- Examples: SSH, SMTP, HTTP, HTTPS, POP3, IMAP, ...
| Offset | Byte | 0 | 1 | 2 | 3 | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Byte | Bit | 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
| 0 | 0 | Source port | Destination port | ||||||||||||||||||||||||||||||
| 4 | 32 | Sequence number | |||||||||||||||||||||||||||||||
| 8 | 64 | Acknowledgment number (if ACK set) | |||||||||||||||||||||||||||||||
| 12 | 96 | Data offset | Reserved 0 0 0 0 |
CWR |
ECE |
URG |
ACK |
PSH |
RST |
SYN |
FIN |
Window size | |||||||||||||||||||||
| 16 | 128 | Checksum | Urgent pointer (if URG set) | ||||||||||||||||||||||||||||||
| 20 | 160 | Options (if data offset > 5.
Padded at the end with "0" bits if necessary.) |
|||||||||||||||||||||||||||||||
| ⋮ | ⋮ | ||||||||||||||||||||||||||||||||
| 56 | 448 | ||||||||||||||||||||||||||||||||
Example
Investigate TCP with Wireshark
Application Layer
Application layer protocols provide process-to-process communications across an Internet Protocol (IP) computer network.
- Depends on the underlying transport layer
Robustness Principle (Postel's Law)
Software design guideline that states:
Be conservative in what you do, be liberal in what you accept
from others
Reworded as
"Be liberal in what you accept, and conservative in what you send"
Prominent Protocols
- Hypertext Transfer Protocol (HTTP :80, HTTPS :443)
-
Telnet (:23),
Secure Shell (SSH :22),
SSH File Transfer Protocol (SFTP :22) -
File Transfer Protocol (FTP :20 + :21, FTPS :989 + :990),
Trivial File Transfer Protocol (TFTP :69) - Simple Mail Transfer Protocol (SMTP :25, SMTPS :587 or :465)
- Domain Name System (DNS :53)
- ...
Example
Investigate HTTP with Wireshark