tcp ip ethernet ip and arp and a pgp refresher
play

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network - PowerPoint PPT Presentation

Oct 06, 2022 •11 likes •431 views

TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2 Any questions on Administrativia, organizational matters? Historical/cultural overview? Eike Ritter Network Security - Lecture 2 1 Today PGP in 6

  1. TCP/IP: Ethernet, IP, and ARP (and a PGP refresher) Network Security Lecture 2

  2. Any questions on… • Administrativia, organizational matters? • Historical/cultural overview? Eike Ritter Network Security - Lecture 2 1

  3. Today • PGP in 6 slides • IP • Ethernet • ARP • Attacks: sniffing Eike Ritter Network Security - Lecture 2 2

  4. PGP Eike Ritter Network Security - Lecture 2 3

  5. Pretty Good Privacy (PGP) • Application for data encryption and decryption created by Phil Zimmermann • Message format used by PGP is standardized (RFC 4880), so that interoperability among different programs is possible • Here we will use GnuPG Eike Ritter Network Security - Lecture 2 4

  6. Generating a key • $ gpg --gen-key • Every user has one (or more) key pairs, consisting of a private key and a public key – The private key can be encrypted using a passphrase – All keys are stored in a keyring • This command generates a new key pair and stores it in the keyring Eike Ritter Network Security - Lecture 2 5

  7. Publishing the public key • $ gpg --export –a ‘Eike Ritter (Test key)’ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.10 (GNU/Linux) mQENBE8KvXUBCADGTet/EQF0qPeaG5IkwWzGfRxc2XT7I6KvOKI4NverNxC8JijF ZKMf0RSZ5himtEVGjXTmc0hyMzuYlDzg/oVM70tygqEEC28IpppdINJVtyUfNYwu … … =aGju -----END PGP PUBLIC KEY BLOCK----- • Public key can be upload it to web site or to keyserver, such as pgp.mit.edu Eike Ritter Network Security - Lecture 2 6

  8. Encrypting a message • $ gpg -r <recipient-key> -e secret.txt • Encrypts the file secret.txt so that the recipient having public key <recipient-key> can recover its plain text content • In practice, a session key is generated randomly and is used to encrypt (symmetrically) the file • The session key is encrypted with the public key of the recipient(s) and attached to the file • Decrypting: $ gpg -d secret.gpg Eike Ritter Network Security - Lecture 2 7

  9. Signing a message • $ gpg -s -a secret.txt • Generates a signature for the given file (in ASCII format) using the private key of the user • The signature can be verified by using the public key of the signer: $ gpg --verify secret.asc gpg: Signature made Mon 09 Jan 2012 10:43:15 GMT using RSA key ID AA226670 gpg: Good signature from "Eike Ritter (Test key) <test@rittere.co.uk>" Eike Ritter Network Security - Lecture 2 8

  10. Other common operations • Generating a detached signature • Signing and encrypting a message • Web of trust: sign a public key • Revoking a key Eike Ritter Network Security - Lecture 2 9

  11. TCP/IP Eike Ritter Network Security - Lecture 2 10

  12. TCP/IP Protocol Suite • Network protocols – IP (Internet Protocol) – ICMP (Internet Control Message Protocol) • Transport protocols – TCP (Transmission Control Protocol) – UDP (User Datagram Protocol) • Application protocols – HTTP (HyperText Transfer Protocol) – SSH – DNS • Other protocols – ARP (Address Resolution Protocol) Eike Ritter Network Security - Lecture 2 11

  13. TCP/IP layering Application RPC DNS FTP HTTP SSH RPC DNS FTP HTTP SSH • Application-specific protocols Transport UDP TCP UDP TCP • Ordering, multiplexing, correctness Network IP ICMP IP ICMP • Transmission and routing across subnets Data link Network card Network card • Error control between adjacent nodes Physical Ethernet, Wireless Ethernet, Wireless • Connect to channel • Send/receive bytes Eike Ritter Network Security - Lecture 2 12

  14. IP addresses • Each host has one or more IP addresses for each network interface • IPv4 addresses are composed of 32 bit (class+netid+hostid) • Represented in dotted-decimal notation: 147.188.193.82 • Classes (up to ~1993) Class Starts with Netid bits Hostid bits # hosts A 0 7 24 16,777,21 4 B 10 14 16 65,534 C 110 21 8 254 D 1110 Multicast address E 1111 Reserved for future use Eike Ritter Network Security - Lecture 2 13

  15. Special addresses • 127.0.0.0 – 127.255.255.255: loopback interface • Private networks (RFC 1597): – 10.0.0.0 - 10.255.255.255 – 172.16.0.0 - 172.31.255.255 – 192.168.0.0 - 192.168.255.255 • Network – hostid bits set to 0 • Broadcast – All bits set to 1: local broadcast – Netid+hostid with all bits to 1: net-directed broadcast to netid (147.188.255.255) Eike Ritter Network Security - Lecture 2 14

  16. Classless Inter-Domain Routing (CIDR) • Classes lead to inefficient use of IP space and to large routing tables – Not enough class B – Little opportunity for route aggregation (many class C networks geographically dispersed) • Solution: variable-length subnet masking, i.e., the netid/hostid boundary can be placed on arbitrary bit • Notation: /N gives the number of bits interpreted as network number (“prefix”) – /24: legacy class C – /16: legacy class B – /8: legacy class A Eike Ritter Network Security - Lecture 2 15

  17. Internet Protocol (IP) • Transmissions of blocks of data (datagrams) from source to destination • Standardized in RFC 791 • Transmission properties – Connectionless – Unreliable, best-effort • delivery, integrity, ordering, non-duplication are not guaranteed • IP does handle fragmentation and reassembly of long datagrams • For direct communication, IP relies on lower level protocols (e.g., Ethernet) Eike Ritter Network Security - Lecture 2 16

  18. IP datagram 24 28 8 12 16 20 31 0 4 Version HL ToS Total length Identifier Flags Fragment offset Time To Live Protocol Header checksum Source IP address Destination IP address Options Padding Data Eike Ritter Network Security - Lecture 2 17

  19. IP header • Normal size: 20 bytes • Version (4 bits): 4 (IPv4) • Header length (4 bits): number of 32-bit words in the header, including options (max header size: 60 bytes) • Type Of Service (8 bits): – Used to be: priority (3 bits), quality of service (4 bits), unused bit – Now: Differentiated Services Code Point (6 bits), Explicit Congestion Notification (2 bits) • Total length (16 bits): datagram length in bytes (max size: 65,535 bytes) • ID (16 bits): datagram identifier Eike Ritter Network Security - Lecture 2 18

  20. IP header • Flags (3 bits) and Offset (13 bits): to support fragmentation • Time To Live (8 bits): max number of hops in the delivery process • Protocol (8 bits): specifies the protocol encapsulated in the datagram data (e.g., TCP, UDP) • Header checksum (16 bits): checksum calculated over the IP header – Recomputed at each hop (TTL, fragmentation) • Source and destination address (32 bits each): IP addresses of the source and destination of the datagram Eike Ritter Network Security - Lecture 2 19

  21. IP options • Present if header length > 5 • Variable length • Type is identified by first byte – Record route – Source route – Timestamp – … • Not often used Eike Ritter Network Security - Lecture 2 20

  22. IP encapsulation • How are IP datagrams transferred over a LAN? • RFC 894 explains IP over Ethernet – Encapsulation + direct delivery IP header IP data IP header IP data Frame header Frame data Frame header Frame data Eike Ritter Network Security - Lecture 2 21

  23. IP direct delivery • Sender forwards a packet to the final destination on a directly attached network 147.188.193.6 From: 00:19:D1:80:AE:45 To: 00:04:96:1D:6B:20 00:04:96:1D:6B:20 From: 147.188.193.82 To: 147.188.193.6 147.188.193.82 147.188.193.15 147.188.193.80 00:19:D1:80:AE:45 Eike Ritter Network Security - Lecture 2 22

  24. Ethernet • Widely-used link layer protocol • Uses CSMA/CD (Carrier Sense, Multiple Access with Collision Detection) Dest Src Ethertype Payload CRC 6 bytes 6 bytes 2 bytes 46-1500 bytes 4 bytes 0800 IP datagram 0800 IP datagram 0806 ARP 0806 ARP Eike Ritter Network Security - Lecture 2 23

  25. Address Resolution Protocol (ARP) • Used to map an IP address to the link-level addresses associated with the peer’s hardware interface (e.g., Ethernet) • ARP messages are encapsulated in the underlying link-level protocol Eike Ritter Network Security - Lecture 2 24

  26. Address Resolution Protocol (ARP) • Host A wants to know the hardware address associated with IP address I b of host B • A broadcasts a special message to all the hosts on the same physical link • Host B answers with a message containing its own link- level address • A keeps the answer in its cache (for some time, e.g., 20 minutes) • When A sends its request, A includes its own IP address in the request - As an optimization, the receiver of the ARP request may cache the requester mapping Eike Ritter Network Security - Lecture 2 25

  27. ARP messages Proto Proto Sender Sender Target Target Hw type Hw size Op type size Ether IP Ether IP Mapping information • – Hardware (2 bytes) [Typically: Ethernet] – Protocol (2 bytes) [Typically: IP] – Hardware size (1 byte) – Protocol size (1 byte) Typically: 0x0001, 0x0800, 6, 4 Op: type of message (1: request; 2: response) • Sender Ethernet/IP: sender data • Target Ethernet/IP: target data • - Target Ethernet is all 0s in request Eike Ritter Network Security - Lecture 2 26

Recommend

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and

Ethernet broadband or baseband signalling Hub and repeaters Ethernet switches and bridges: Ethernet packets Ethernet topologies Bus, star, tree. Carrier-Sense Multiple Access with Collision Detection (CSMA/CD) All nodes

499 views • 27 slides
Any questions on Administrativia, organizational matters? TCP/IP: Ethernet, IP, and ARP

Any questions on Administrativia, organizational matters? TCP/IP: Ethernet, IP, and ARP

Any questions on Administrativia, organizational matters? TCP/IP: Ethernet, IP, and ARP Historical/cultural overview? (and a PGP refresher) Network Security Lecture 2 Eike Ritter Network Security - Lecture 2 1 Today PGP in 6

234 views • 7 slides
EthERNet Role of EthERNet in Making GIS Resources More accessible in Ethiopian Academic and

EthERNet Role of EthERNet in Making GIS Resources More accessible in Ethiopian Academic and

EthERNet Role of EthERNet in Making GIS Resources More accessible in Ethiopian Academic and Research Institutions Zelalem A Agenda What are RENs and NREN ? What is EthERNet Regional RENs Services &amp; Activities by EthERNet

502 views • 25 slides
GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that all staff and volunteers have GDPR refresher training on an annual basis. Logistically, it makes sense to offer refresher training electronically

682 views • 39 slides
Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course

Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course

Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry standards and current EPA and OSHA

522 views • 30 slides
Ethernet The LAN Killer 2005/03/11 (C) Herbert Haas Ethernet works in practice but not in

Ethernet The LAN Killer 2005/03/11 (C) Herbert Haas Ethernet works in practice but not in

Ethernet The LAN Killer 2005/03/11 (C) Herbert Haas Ethernet works in practice but not in theory. Robert Metcalfe History (1) Late 1960s: Aloha protocol University of Hawaii Late 1972: Robert Metcalfe developed first Ethernet

618 views • 29 slides
Ethernet The LAN Killer (C) Herbert Haas 2005/03/11 Ethernet works in Robert Metcalfe

Ethernet The LAN Killer (C) Herbert Haas 2005/03/11 Ethernet works in Robert Metcalfe

Ethernet The LAN Killer (C) Herbert Haas 2005/03/11 Ethernet works in Robert Metcalfe practice but not in theory. History (1) Late 1960s: Aloha protocol University of Hawaii Late 1972: Robert Metcalfe developed first Ethernet

937 views • 67 slides
Ethernet OAM and Protection Ethernet OAM and Protection Switching Switching Hiroshi Ohta

Ethernet OAM and Protection Ethernet OAM and Protection Switching Switching Hiroshi Ohta

I nternational Telecom m unication Union ITU-T Ethernet OAM and Protection Ethernet OAM and Protection Switching Switching Hiroshi Ohta Senior Research Engineer, NTT I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1

547 views • 17 slides
Fibre Channel over Ethernet Robert Love Chris Leech 1 What is Fibre Channel over Ethernet?

Fibre Channel over Ethernet Robert Love Chris Leech 1 What is Fibre Channel over Ethernet?

Fibre Channel over Ethernet Robert Love Chris Leech 1 What is Fibre Channel over Ethernet? An encapsulation protocol to carry Fibre Channel frames over Ethernet Standardized in T11 Focused on SCSI FCP Not interested in IP over

317 views • 20 slides
Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher

Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher

Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher Training Training Course Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry

425 views • 40 slides
Ethernet POWERLINK (DRAFT) David Herzog-Botzenhart June 16 th , 2011 Ethernet POWERLINK (DRAFT)

Ethernet POWERLINK (DRAFT) David Herzog-Botzenhart June 16 th , 2011 Ethernet POWERLINK (DRAFT)

Ethernet POWERLINK (DRAFT) Ethernet POWERLINK (DRAFT) David Herzog-Botzenhart June 16 th , 2011 Ethernet POWERLINK (DRAFT) Introduction History Real time computing? The idea of a synchronous protocol. What is the benefit of using PowerLink?

1.09k views • 89 slides
Ethernet Addresses ITS323: Introduction to Data Communications Sirindhorn International

Ethernet Addresses ITS323: Introduction to Data Communications Sirindhorn International

ITS323 Ethernet IEEE 802 Switched Ethernet Frames &amp; Ethernet Addresses ITS323: Introduction to Data Communications Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 11 November 2014

422 views • 13 slides
M12 X-coded 10Gb/s M12 X-Coded Field installable for Rail D4 Industrial Ethernet, Ethernet/IP

M12 X-coded 10Gb/s M12 X-Coded Field installable for Rail D4 Industrial Ethernet, Ethernet/IP

M12 X-coded 10Gb/s M12 X-Coded Field installable for Rail D4 Industrial Ethernet, Ethernet/IP for Railway Applications A5 Actuator-sensor plug M12 X-coded series acc IEC 61076-2-109 connections for Devicenet, A8 IO link and Profibus

784 views • 20 slides
Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the

Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the

Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet Ethernet and the Heart of the Internet TEF 2012: The End Users Speak! February 16, 2012 I ntroductions I ntroductions I

307 views • 5 slides
Shared Access Networks Outline Bus (Ethernet 802.2/3) Token ring Wireless (802.11) 1 Ethernet

Shared Access Networks Outline Bus (Ethernet 802.2/3) Token ring Wireless (802.11) 1 Ethernet

Shared Access Networks Outline Bus (Ethernet 802.2/3) Token ring Wireless (802.11) 1 Ethernet Overview The most successful Local Area Networks Bandwidth: 10Mbps, 100Mbps (Fast), 1Gbps Avoid Simultaneous on a Shared Line: CSMA/CD

121 views • 8 slides
Ethernet Services over Transport Ethernet Services over Transport MPLS (T- -MPLS) MPLS) MPLS

Ethernet Services over Transport Ethernet Services over Transport MPLS (T- -MPLS) MPLS) MPLS

I nternational Telecom m unication Union ITU-T Ethernet Services over Transport Ethernet Services over Transport MPLS (T- -MPLS) MPLS) MPLS (T Italo Busi Alcatel (Editor of G.8110.1) I TU-T W orkshop NGN and its Transport Netw orks

319 views • 12 slides
Ethernet Port Evolution Joel Halpern Joel.halpern@ericsson.com First though An Input Ethernet

Ethernet Port Evolution Joel Halpern Joel.halpern@ericsson.com First though An Input Ethernet

Ethernet Port Evolution Joel Halpern Joel.halpern@ericsson.com First though An Input Ethernet Port and and Output Ethernet Input PortPort IPv4 and IPv6 Information Ethernet Port VLAN Information Put all the interface information in

374 views • 6 slides
Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7 R3 H8 Network 4 (point-to-point) R1 R2 Kameswari Chebrolu H4 Network 3 (FDDI) Router Dept. of Electrical Engineering, IIT Kanpur H6 H5

543 views • 4 slides
Laney Business Office College Flex Day March 30, 2020 Training/Refresher LBO Training/Refresher

Laney Business Office College Flex Day March 30, 2020 Training/Refresher LBO Training/Refresher

Laney Business Office College Flex Day March 30, 2020 Training/Refresher LBO Training/Refresher Agenda Timesheets electronic Personnel Action Forms (ePAFs) Independent Contractor/Consultant services contract (ICC) Resources

473 views • 29 slides
Ultra-Low Latency Ethernet Ethernet Everywhere Network Technology Lab of 2012 Labs

Ultra-Low Latency Ethernet Ethernet Everywhere Network Technology Lab of 2012 Labs

Ultra-Low Latency Ethernet Ethernet Everywhere Network Technology Lab of 2012 Labs www.huawei.com James.huang@huawei.com HUAWEI TECHNOLOGIES CO., LTD. What is Required for 5G X-Haul Network? Integra rated Fronthaul / Backhaul Unified

249 views • 11 slides
Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz

Gigabit Ethernet Gigabit Ethernet implementation for implementation for FPGAs FPGAs Grzegorz Korcyl - Jagiellonian University, Krakw Grzegorz Korcyl PANDA TDAQ Workshop, Giessen April 2010 Outline Motivation 1. 2. General structure

292 views • 16 slides
Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar

Ethernet CS/ECE 438: Spring 2014 Instructor: Matthew Caesar http://courses.engr.illinois.edu/cs438/ Some History Ethernet was invented as a broadcast technology Each packet received by all attached hosts Easy to set up, cheap to

1.57k views • 123 slides
Compliance Verification Process for Ethernet ECUs Automotive Ethernet Congress 2015 Munich,

Compliance Verification Process for Ethernet ECUs Automotive Ethernet Congress 2015 Munich,

Compliance Verification Process for Ethernet ECUs Automotive Ethernet Congress 2015 Munich, February 4, 2015 Dr.-Ing. Terezia Toth Head of Compliance Laboratory / Senior Consultant Engineer www.ruetz-system-solutions.com experts in automotive

488 views • 20 slides
Developing Standards for Metro Ethernet Networks Stephen Haddock shaddock@extremenetworks.com

Developing Standards for Metro Ethernet Networks Stephen Haddock shaddock@extremenetworks.com

Developing Standards for Metro Ethernet Networks Stephen Haddock shaddock@extremenetworks.com Chief Technology Officer Agenda Metro Ethernet Networks Metro Ethernet Forum Services Model and Definitions Traffic Management IEEE 802.1ad

898 views • 44 slides

More recommend