chapter 10 packet

Upload: calvin-ohsey

Post on 04-Apr-2018

228 views

Category:

Documents


0 download

TRANSCRIPT

  • 7/30/2019 Chapter 10 Packet

    1/28

    PACKET ANALYSIS

    Chapter

    10

  • 7/30/2019 Chapter 10 Packet

    2/28

    TCP/IP Layering

    TCP/IP architecture consists of several layersperforming certain functions.

    Each layer is responsible for different part of thecommunications and contains protocols.

    There are four general layers of the TCP/IP stack :

    1) Data-link layer

    2) Network / Internet layer

    3) Transport layer4) Application layer

    Data link layer

  • 7/30/2019 Chapter 10 Packet

    3/28

    Data-link Layer

    This layer is the lowest layer in the TCP/IP stack andimplemented within the network interface card and its

    device driver.

    It handles all the physical interfaces of the transmission

    medium.

  • 7/30/2019 Chapter 10 Packet

    4/28

    Network Layer

    This layer also known as Internet Layer. It handles thedelivery of packets around the network from source to

    destination, such as routing.

    The primary protocol involved in this layer is an Internet

    Protocol (IP).

  • 7/30/2019 Chapter 10 Packet

    5/28

    Transport Layer

    This layer provides flow of data between two computers. It provides two types of services to the Application Layer

    :

    1) connection-oriented service - provided by the TCP

    (Transmission Control Protocol) 2) connectionless service - provided by the UDP (User

    Datagram Protocol)

  • 7/30/2019 Chapter 10 Packet

    6/28

    Application Layer

    This layer is the top layer in TCP/IP stack.

    It handles the details of each user application program or

    process.

    Example of application layer protocols :

    File Transfer Protocol (FTP)

    Simple Mail Transfer Protocol (SMTP)

    Hypertext Transfer Protocol (HTTP)

  • 7/30/2019 Chapter 10 Packet

    7/28

    Encapsulation

    Encapsulation is a process that occurs whenever the data flowsdown from one layer to another. It indicates that the data is sentdown the TCP/IP protocol stack through each of the four layers. Eachlayer will append the header and trailer (if any) to the data when thedata get through it.

    Decapsulation is a process that occurs whenever the data flowsup from one layer to another. It indicates that the data is sent up theTCP/IP protocol stack through each of the four layers. Each layer willremove the header and trailer (if any) from the data when the dataget through it.

    The unit of data that TCP sends to IP is called TCP segment.

    The unit of data that UDP sends to IP is called UDP datagram.

    The unit of data that IP sends to the network interface is calledpacket or IP datagram.

    The data that flows across Ethernet is called Frame.

  • 7/30/2019 Chapter 10 Packet

    8/28

  • 7/30/2019 Chapter 10 Packet

    9/28

    Packet Filtering

    Packet filtering is a process of capturing and filteringthe traffic of TCP/IP packets that traverse in thenetwork, in a consistent way.

    Most of the packet filtering softwares displayed theTCP/IP packet structure in hexadecimal format.

    It displays the data in hexadecimal using two-bytechunks. For example, the first ten bytes would berepresented by five chunks like this :

    xxxx xxxx xxxx xxxx xxxx

    1 hex chunk = 2 bytes

  • 7/30/2019 Chapter 10 Packet

    10/28

    TCP/IP

    All TCP/IP packet structure, starts with the IP header,

    followed by TCP header or UDP header. This means that the

    structure for each of TCP and UDP packets must begin

    with the IP header structure.

    TCP Segment encapsulated in IP Datagram UDP Datagram encapsulated in IP Datagram

  • 7/30/2019 Chapter 10 Packet

    11/28

    Internet Protocol (IP)

    IP is an important protocol of the TCP/IP protocol suite. The function or purpose of this protocol is to move IP

    datagrams through an interconnected network.

    All TCP and UDP data is transmitted as an IP

    datagrams.

  • 7/30/2019 Chapter 10 Packet

    12/28

    Internet Protocol (IP) cont

    The structure of IP datagram

    4 bytes

    Structure of IP Datagram from RFC 791

  • 7/30/2019 Chapter 10 Packet

    13/28

    Internet Protocol (IP) cont

    The normal size of the IP header without options is 20bytes. If options are present, then the normal size of the

    IP header will be 60 bytes.

    The maximum size of IP datagram (the total of IP

    header + data) is 65535 bytes.

  • 7/30/2019 Chapter 10 Packet

    14/28

    Internet Protocol (IP) cont

    IP header will be followed by either TCP header or UDPheader to forms an IP datagram.

    TCP header takes up the next 20 bytes after the

    IP header, and

    UDP header takes up the next 8 bytes after the IPheader.

  • 7/30/2019 Chapter 10 Packet

    15/28

    Internet Protocol (IP) cont

    One hexadecimal chunkgives the value of2 bytes. The normal size of an IP header without options is 20

    bytes.

    So, IP headeris the first 10 hexadecimal chunks.

  • 7/30/2019 Chapter 10 Packet

    16/28

    Internet Protocol (IP) cont

    ..

  • 7/30/2019 Chapter 10 Packet

    17/28

    Transmission Control Protocol (TCP)

    TCP is a transport layer protocol and it provides a connection-

    oriented and reliable service to the application layer.

    Information passed by TCP to IP is called a TCP segment and it is

    encapsulated within an IP datagram as shown in Figure.

    TCP Segment encapsulated in IP Datagram

  • 7/30/2019 Chapter 10 Packet

    18/28

    TCP..cont

    TCP segment is located after the IP header. Therefore, IP header willhave a protocol number of 6 in order to indicate that the following data

    is TCP segment. TCP segment can be broken down into two parts that

    are TCP header and TCP data.The structure of TCP segment (RFC

    793) is shown below :

    TCP segment

  • 7/30/2019 Chapter 10 Packet

    19/28

    IP datagram (TCP)

    TCP segment located after the IP header

    IP header

    TCP header TCP

    Segment

    IP

    datagram

    = 6

  • 7/30/2019 Chapter 10 Packet

    20/28

    TCP..cont

    As mentioned before, the normal size of TCP header is 20 bytes. If this TCPheader is translated in the forms of a chunk of hexadecimal, then it can be seenthat, TCP header is the first 10 hexadecimal chunks, located after the IPheader, followed by the TCP data as in the figure :

    TCP Header

  • 7/30/2019 Chapter 10 Packet

    21/28

    User Datagram Protocol (UDP)

    UDP is also a transport layer service but it is simpler thanTCP.

    It provides a connectionless and unreliable service since it

    does not issue acknowledgements to the sender upon

    receipt of data nor does it inform the sender that datawas lost.

  • 7/30/2019 Chapter 10 Packet

    22/28

    UDPcont.

    As mentioned before, the information passed by UDP

    to IP is called a UDP datagram and it is encapsulated

    within an IP datagram as shown in Figure below :

    UDP Datagram encapsulated in IP Datagram

  • 7/30/2019 Chapter 10 Packet

    23/28

    UDPcont.

    UDP datagram is located after the IP header. Therefore, IP header willhave a protocol number of 17, to indicate that the following data is UDP

    datagram. UDP datagram can generally be broken down into two parts that

    are UDP header and UDP data. The UDP header is short and simple.

    The normal size of the UDP header is 8 bytes, which consists of sourceand destination port numbers, UDP length and checksum.

    UDP Datagram

  • 7/30/2019 Chapter 10 Packet

    24/28

    IP datagram (UDP)

    UDP datagram located after the IP header = IP datagram

    IP header

    UDP

    header UDPdatagram

    IP

    datagram

  • 7/30/2019 Chapter 10 Packet

    25/28

    UDPcont.

    The normal size of UDP header is 8 bytes. If this UDP header is

    translated in the forms of a chunk of hexadecimal, UDP header is the first 4

    hexadecimal chunks, located after the IP header, followed by the

    UDP data, as shown in Figure, below :

    Refer to Attachment 3

    UDP Header

  • 7/30/2019 Chapter 10 Packet

    26/28

    Port numbers and Services

    SERVICES PORTNUMBER

    File Transfer Protocol (FTP) 21

    Telnet 23

    Hypertext Transfer Protocol (HTTP) 80

    Simple Mail Transfer Protocol (SMTP) 25

    Domain Name System (DNS) 53

  • 7/30/2019 Chapter 10 Packet

    27/28

    Exercise 1

    4500 003c 0a66 4000 4006 a320 cfac 6ec5

    cf7e 7f45 04c5 0050 801e 78e3 0000 0000

    a009 3fc4 fe70 0000/ 0204 05cc 0402 080a0014 7e59 0000 0000 0103 0300

    Consider option = none.

    You need to identify :

    1) Version of IP =2) Protocol field =3) Source / Sender IP address =

    4) Destination / Receiver IP address =5) Source Port number =

    6) Destination Port number =7) Sequence number =8) Acknowledgement number =9) Reserved and Flag bits =10) Services running =

  • 7/30/2019 Chapter 10 Packet

    28/28

    Invalid PacketsHow do you know if the packet is an invalid packet?

    1) Packet too long (> 65,535 bytes) or too short ( 65,535.

    11) etc ?