Experiential Learning Workshop on Network Layer · 2018-07-17 · Experiential Learning Workshop on...

Experiential Learning Workshop on

Network Layer

July 17, 2018

Dr. Ram P Rustagi [email protected] [email protected] +91-89700-00559

Experiential Learning - Network Layer RPR

mailto:[email protected]

mailto:[email protected]

Day 1:Understanding Network Layer• Overview• Networking tools: wireshark, nc, wget, ssh• Review of IP and TCP headers• HO1: wireshark, IP and TCP headers• Routing & Forwarding, Subnetting, Unicast/BCast• HO2: Routing, subnetting, traceroute analysis • IP fragmentation, PMTU discovery• Understanding ICMP, NAT• HO3: ICMP errors: Fragmentation, TTL expiry• Unerstanding ARP, Proxy ARP, DHCP, GARP• HO4: Static ARP, Proxy ARP, GARP• Summary

!2Experiential Learning - Network Layer RPR

Day 2:Understanding Web Security• Overview of HTTP/HTTPS• SSL certificate management• HTTPS deployment challenges• HO1: Deploying SSL, click thru browser

warnings• HTTP mixed content, lock icons• HO2: Using mixed content • MITM challenges, and ARP spoofing• HO3: Implementing MITM with sslstrip• Understanding HSTS protocol, CSP• HO4: implementing CSP and HSTS• Summary

!3Experiential Learning - Basics of Web Security RPR

NITA01:Understanding Network Layer• Overview• Networking tools: wireshark, nc, wget, ssh• Review of IP and TCP headers• HO1: wireshark, IP and TCP headers• Routing & Forwarding, Subnetting, Unicast/BCast• HO2: Routing, subnetting, traceroute analysis • IP fragmentation, PMTU discovery• Understanding ICMP, NAT• HO3: ICMP errors: Fragmentation, TTL expiry• Unerstanding ARP, Proxy ARP, DHCP, GARP• HO4: Static ARP, Proxy ARP, GARP• Summary


NETWORK

Acronym• Novel• Experience of• Theoretical,• Working,• Operational, and• Realized• Knowledge


Resources & Acknowledgements

• Resources– https://rprustagi.com/ELNT/Experiential-Learning.html

– Articles in ACCS Journal• https://acc.digital/experiential-learning-of-

networking-technologies-4/•www.github.com/rprustagi

– https://www.rprustagi.com/workshops/ieee/nita• Slides

– https://www.rprustagi.com/workshops/programs• Example web pages, and programs

!6Experiential Learning - Basics of Web Security RPR

https://rprustagi.com/ELNT/Experiential-Learning.html

https://rprustagi.com/ELNT/Experiential-Learning.html

http://www.github.com/rprustagi

http://www.rprustagi.com/workshops/ieee/nita

http://www.rprustagi.com/workshops/programs

References

❖ Computer Networks: A Top Down Approach 7th/6th ed- Kurose, Ross

• http://www.iana.org/assignments/media-types/index.html

• RFCs– https://tools.ietf.org/rfc/index

• Linux man pages– https://www.kernel.org/doc/man-pages/


http://www.iana.org/assignments/media-types/index.html

http://www.iana.org/assignments/media-types/index.html

https://tools.ietf.org/rfc/index

The Internet Today• Total num of hostnames and active sites (June 2018)– src: http://news.netcraft.com/archives/category/web-server-survey/

– Number of sitenames and active sites• Sitenames: 1.6B, Active sites: 171+M

– Web server vendors • June 2018: Apache: 25% , MS IIS : 32%, Nginx: 23% • Mar 2017: Apache: 21% , MS IIS : 43%, Nginx: 19%

– Web Clients: GUI browsers, text browsers


http://news.netcraft.com/archives/category/web-server-survey/



Experimental Setup-1 Web Security


S1

Ha: 10.1.1.1/24 Hb: 10.1.1.2/24

1 2 2

3

Internet

Experimental Setup-2 MITM Attacks


S1Ha: 10.1.1.1/24

Hb: 10.1.1.2/24

1 2 2

Hc: 10.1.1.3/24

3

Internet

Experimental Setup-3 Network Layer


R1

Ha: 10.1.1.1/24

Hb: 10.1.2.1/24

E1 E2

R1(E1) 10.1.1.254/24

R1(E2) 10.1.2.254/24

S1

Internet

Networking Tools• Why needed

– To efficiently debug things which aren’t working• e.g. TCP conn fails, web does not work, …

– To analyze and understand concepts of CN– To monitor network traffic, eval performance

• Linux/Windows– wireshark/tcpdump, nc, netstat, ssh– wget, curl, iproute2– ping, traceroute, spray, nslookup/dig,:– ipconfig, netsh, route, netstat, …


Tools - ping

�ping (Packet Inter Network Groper) �Checking reachability

�ping hostname • -i changing packet interval • -c packet count • -f flooding the network • -a audible indication • -q quite mode • -s change packet size • -W response timeout • -b broadcast packets (require sudo)


Usage: ping


$ ping -c 10 www.google.com PING www.google.com (74.125.203.104): 56 data bytes 64 bytes from 74.125.203.104: icmp_seq=0 ttl=47 time=93.346 ms 64 bytes from 74.125.203.104: icmp_seq=1 ttl=47 time=94.300 ms 64 bytes from 74.125.203.104: icmp_seq=2 ttl=47 time=99.392 ms 64 bytes from 74.125.203.104: icmp_seq=3 ttl=47 time=140.457 ms 64 bytes from 74.125.203.104: icmp_seq=4 ttl=47 time=168.882 ms 64 bytes from 74.125.203.104: icmp_seq=5 ttl=47 time=218.813 ms 64 bytes from 74.125.203.104: icmp_seq=6 ttl=47 time=270.833 ms 64 bytes from 74.125.203.104: icmp_seq=7 ttl=47 time=312.594 ms 64 bytes from 74.125.203.104: icmp_seq=8 ttl=47 time=263.280 ms 64 bytes from 74.125.203.104: icmp_seq=9 ttl=47 time=309.129 ms

--- www.google.com ping statistics --- 10 packets transmitted, 10 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 93.346/197.103/312.594/84.298 ms MacBook-Pro:EL-Understanding-Network-Delays ramrustagi$

Reliability of Ping

• If ping response fails, does it mean that destination is not reachable?– Destination firewall could block it– Intermediate firewalls could block it

• If ping response succeeds, does it mean that destination is reachable?– Response could be from some redirect server– Response could be from proxy (in LAN)

• IP spoofing?


Tools: Wireshark�wireshark

�https://www.wireshark.org/docs/wsug_html_chunked/

�Capture and Display filters �Graphical, built on tcpdump �TCP session display �Changing UI options

�tcpdump: command line capture tool �-o output file �-c packet count �-i interface names


!20Experiential Learning - Network Layer

L2 L3 L4 L7

Tools: Wireshark

RPR

Wireshark: UI Options


�Color coding �Time format �Packet reordering (in display) �Defining protocol �Using display filter �Following TCP Stream �Capture packets with proper capture filter

�needed for analyzing packet layers

Wireshark capture filters

• Capture just SYN or FIN pktstcp[tcpflags] & (tcp-syn) != 0

• High capture rate from a source could imply attack or virus infection

• Ping sweep attack–net 10.0.0.0/16 and icmp – Could imply network scan

• Port sweep scanning –port > 10 and port < 65535 – Port scanning attack


Wireshark - Misc

!24Experiential Learning - Network Layer

�Saving file �Saving selected packets

�Reading from file �Time display format �Statistics �Other options

RPR

tcpreplay, tcprewrite

• tcprewrite : change the network field values– Destination IP and destination MAC– Source IP and source MAC– Fix the checksum

• tcpreplay: replay the traffic with changed values


Tools• wget: wget [options] <url>‣ Options ‣ -d # to debug headers‣ -O <file> # to save with different name‣ -i <urlsfile> # list of urls in a file‣ -c # to resume to broken download‣ -b # run in background‣ --limit-rate=500k‣ --header=<headers>‣ --http-user=user --http-password=..‣ -mk # mirroring with local link conversion


Tools - nc

�nc (netcat) �Works as both layer client & server �Supports both TCP and UDP �Supports both IPv4 and IPv6 �Common use

�Simple TCP/UDP based data transfer �Shell script based HTTP clients and servers �Network daemon testing �SOCKS or HTTP ProxyCommand for ssh


Tools - nc�nc usage

�-l :acting as server �-u :use UDP �-6 :to use IPv6 �-i :for interval based transmission (lines) �-k : keep server up on connection close

�Examples �nc <servername> <server port> # client �nc -l <port> # server �to transfer files

�Server: nc -l <port> >file.dat �Client: cat file.dat | nc <server> <port>


Usage: nc

�Terminating connection after idle time �nc -w 10 <server> <port> # timeout 10s

�Don’t use with server option �Providing remote shell access on server to client

�Create a FIFO file �rm -f /tmp/f; mkfifo /tmp/f

�run nc on server by executing the shell �cat /tmp/f | /bin/bash -i 2>&1 | nc -l 2222 > /tmp/f


IP datagram format


ver length

32 bits

data (variable length, typically a TCP

or UDP segment)

16-bit identifier

header checksum

time to live

32 bit source IP address

head. len

type of service

flgsfragment offset

upper layer

32 bit destination IP address

options (if any)

IP protocol version number

header length (bytes)

upper layer protocol to deliver payload to

total datagram length (bytes)

“type” of data for fragmentation/ reassembly

max number remaining hops

(decremented at each router)

e.g. timestamp, record route taken, specify list of routers to visit.

Minimum Data overhead? ❖ 20 bytes of TCP ❖ 20 bytes of IP ❖ = 40 bytes + app layer

overhead

Transport Layer Protocol Characteristics

• Connection less – If Packets are not numbered, can’t provide the

order – May arrive out of order – No acknowledgement, Packets may be lost – No prior handshake

• Connection oriented – Setup, data xfer and teardown phase – Provides reliability, ordered delivery – Handles error control in a better way


*

UDP: segment header

source port # dest port #

32 bits

application data

(payload)

UDP segment format

length checksum

length, in bytes of UDP segment,

including header

includes pseudo header


Internet checksum: example RFC 1071

• Consider 3 words0110 0110 0110 0000 - 0x6660 0101 0101 0101 0101 - 0x5555 1000 1111 0000 1100 - 0x8F0C

----------------------------------------------------- 10100 1010 1100 0001 -0x14AC1

– Wrapping around the overflow bit makes it0100 1010 1100 0010 - 0x4AC2

– 1’s complement will be 1011 0101 0011 1101 - 0xB53D


TCP Characteristics

• Point-to-point: One sender, one receiver • Reliable, in-order byte steam: No “message boundaries”• Pipelined: TCP congestion and flow control• Full duplex data: Bi-directional data flow

– MSS: maximum segment size– Determined from link/frame size

• Connection-oriented: Handshaking (exchange of control msgs) before data exchange

• Flow controlled: Sender will not overwhelm receiver


*

TCP segment structure

source port # dest port #

32 bits

application data

(variable length)

sequence number

acknowledgement numberreceive window

Urg data pointerchecksum

FSRPAUhead len

not used

options (variable length)

URG: urgent data (generally not used)

ACK: ACK # valid

PSH: push data now (generally not used)

RST, SYN, FIN: connection estab (setup, teardown

commands)

# bytes rcvr willing to accept

counting by bytes of data (not segments!)

Internet checksum

(as in UDP)


Hands-On 1

• nc : chat between two systems– Using both UDP and TCP

• ping: understand delay and response.– check google and yahoo reachability.– check your favourite website reachability

• wget:– Downline contents of a website for offline use.

• wireshark – Access www.nita.ac.in and check capture.– chat (nc) and analyze capture– traceroute a site and analyze capture

!39RPR/Experiential Learning - Network Basics

http://www.nita.ac.in

Network service modelExample services for individual datagrams:• Guaranteed delivery

– e.g.: Guaranteed delivery with less than 40 msec delay


Q: What service model for “channel” transporting datagrams from sender to receiver? • Can transport layer rely on n/w layer? • Will the packets be in order? • Will the time gap between two pkts be maintained? • Will network provide any congestion information? • Will network provide any time gurantees? • will network provide any BW guarantees?

Address Types

• Unicast• Multicast• Broadcast• Anycast


IP addressing: CIDR

• CIDR: Classless InterDomain Routing• subnet portion of address of arbitrary length• address format: a.b.c.d/x, where x is # bits in subnet

portion of address


11001000 00010111 00010000 00000000

subnet part

host part

200.23.16.0/23

Forwarding Table• Needs at least 4 entries in forwarding table

–Network Address–Network Mask–Next Hop Address–Interface

• Forwarding table principles–Each routers makes its decision independently –Different routers may have different information–Tells how to reach destination, not how to get back

• Effect of Forwarding Table principles–Pkts are forwarded on hop by hop basis–Pkts from A to B go via path X but return via path Y


Design the subnetting/routing


N/w given: 192.168.0.0/24 - Each LAN has 10 hosts - serial link n/w needs two addresses - LAN of R3-R7-R6 needs 3 addresses

Subnets• Few terms to understand

– Network portion and host portion– Network number

• Apply subnet mask to IP address (bitwise AND)– Broadcast address

• Set all bits to 1 in host portion– Network mask

• Set all bits to 0 in host portion– First available address in the block

• Value of host portion = 1– Last available address in the block

• Value of host portion = 2n-2


Hands On 2: Setup


R1

Ha: 10.1.1.1/24

Hb: 10.1.2.1/24

E1 E2

R1(E1) 10.1.1.254/24

R1(E2) 10.1.2.254/24

S1

Internet

Hands On 2a

• R1 (Middle machine with 2 interfaces)– Convert into a router– sudo sysctl -w net.ipv4.ip_forward=1

• Ha: Define routing table for N2 (10.1.2.0/24)sudo ip route add 10.1.2.0/24 via 10.1.1.254

• Hb: Define routing table for N1 (10.1.1.0/24)sudo ip route add 10.1.1.0/24 via 10.1.2.254

• Why no routing table for R1?


Hands On 2b

• R1 (Middle machine with 2 interfaces)– Convert into a router– sudo sysctl -w net.ipv4.ip_forward=1

• Ha:– Define routing table for N2 (10.1.2.0/24)sudo ip route add 10.1.2.0/24 via 10.1.1.254

• Hb:– Define routing table for N1 (10.1.1.0/24)sudo ip route add 10.1.1.0/24 via 10.1.2.254


IP fragmentation, reassembly▪ network links have MTU

(max.transfer size) - largest possible link-level frame• different link types,

different MTUs ▪ large IP datagram divided

(“fragmented”) within net• one datagram becomes

several datagrams• “reassembled” only at

final destination• IP header bits used to

identify, order related fragments


fragmentation: in: one large datagram out: 3 smaller datagrams

reassembly

…

…

ID =x

offset =0

fragflag =0

length =4000

ID =x

offset =0

fragflag =1

length =1500

ID =x

offset =185

fragflag =1

length =1500

ID =x

offset =370

fragflag =0

length =1040

one large datagram becomes several smaller datagrams

example: ❖ 4000 byte datagram ❖ MTU = 1500 bytes

1480 bytes in data field

offset = 1480/8

IP fragmentation, reassembly


Example : Re-fragmentation

!54Experiential Learning - Network Layer RPRSrc: Forouzan - Data Communication and Networking

Re-fragmentation ?

Example : Re-fragmentation


Src: Forouzan - Data Communication and Networking

Re-fragmentation

ICMP: internet control message protocol

• RFC 792• used by hosts & routers to

communicate network-level information• error reporting: unreachable

host, network, port, protocol• echo request/reply (used by

ping)

• network-layer “above” IP:• ICMP msgs carried in IP

datagrams

• ICMP message: type, code plus first 8 bytes of IP datagram causing error


Query Messages: Type Code description 0/8 0 Echo reply/request (ping) 13/14 0 Timestamp request/reply 10/9 0 Router solicitation/advt

Error Reporting Messages 3 0 dest. network unreachable 3 1 dest host unreachable 3 2 dest protocol unreachable 3 3 dest port unreachable 3 6 dest network unknown 3 7 dest host unknown 4 0 source quench (congestion control - not used) 5 0 Redirect 11 0 TTL expired 12 0 bad IP header

ICMP Msg format


ICMP Query Msg

ICMP Error Msg

0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Type | Code | Checksum | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Identifier | Sequence Number | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

ICMP Messages• Few points to note

– No ICMP error msg will be generated for• Response to datagram carrying an ICMP error message• Fragmented datagram that is not the first fragment• Datagram having multicast address• Datagram having special address e.g.

–127.0.0.1, or 0.0.0.0


ICMP Redirect


Src: Forouzan - Data Communication and Networking

PMTU Discovery

• PMTU Discovery – source finds out the max fragment size on the

path to destination– it is actually a misnomer

• no actual discovery packet is sent from source– source sets ‘D’ (don’t fragment) bit in IP

header– when a router is required to fragment

• i.e. MTU of o/g link is small• packet is dropped and ICMP error is sent to

source– with the supported fragment size


PMTU Discovery

• Implementation on Linux machines• enabled by default•$ sysctl net.ipv4.ip_no_pmtu_disc •net.ipv4.ip_no_pmtu_disc = 0

• no PMTU discovery is disabled i.e. • PMTU discovery is enabled

• To disable PMTU discovery•$sudo sysctl -w net.ipv4.ip_no_pmtu_disc=1


NAT: network address translation


10.0.0.1

10.0.0.2

10.0.0.3

10.0.0.4

138.76.29.7

local network (e.g., home network)

10.0.0/24

rest of Internet

datagrams with source or destination in this network have 10.0.0/24 address for source, destination (as usual)

all datagrams leaving local network have same single

source NAT IP address: 138.76.29.7,different source

port numbers


• motivation: local network uses just one IP address as far as outside world is concerned:

• range of addresses not needed from ISP: just one IP address for all devices

• can change addresses of devices in local network without notifying outside world

• can change ISP without changing addresses of devices in local network

• devices inside local net not explicitly addressable, visible by outside world (a security plus)


NAT: network address translation• implementation: NAT router must: • outgoing datagrams: replace (source IP address,

port #) of every outgoing datagram to (NAT IP address, new port #)

• . . . remote clients/servers will respond using (NAT IP address, new port #) as destination addr

• remember (in NAT translation table) every (source IP address, port #) to (NAT IP address, new port #) translation pair

• incoming datagrams: replace (NAT IP address, new port #) in dest fields of every incoming datagram with corresponding (source IP address, port #) stored in NAT table


Address Allocation for private networks


RFC 1918 • One Class A network

• 10.0.0.0 - 10.255.255.255 (224) • 16 Class B Networks

• 172.16.0.0 - 172.31.255.255 (220) • 256 Class C Networks

• 192.168.0.0 - 192.168.255.255 (216)

Private addresses without NAT


Special purpose addresses


Loopback address

10.0.0.1

10.0.0.2

10.0.0.3

S: 10.0.0.1, 3345 D: 128.119.40.186, 80

1

10.0.0.4

138.76.29.7

1: host 10.0.0.1 sends datagram to 128.119.40.186, 80

NAT translation table WAN side addr LAN side addr

138.76.29.7, 5001 10.0.0.1, 3345 …… ……

S: 128.119.40.186, 80 D: 10.0.0.1, 3345 4

S: 138.76.29.7, 5001 D: 128.119.40.186, 802

2: NAT router changes datagram source addr from 10.0.0.1, 3345 to 138.76.29.7, 5001, updates table

S: 128.119.40.186, 80 D: 138.76.29.7, 5001 3

3: reply arrives dest. address: 138.76.29.7, 5001

4: NAT router changes datagram dest addr from 138.76.29.7, 5001 to 10.0.0.1, 3345



+Protocol


• 16-bit port-number field: • simultaneous connections on one NAT address!

• 65,535

• NAT is controversial:• routers should only process up to layer 3• violates end-to-end argument

• NAT possibility must be taken into account by app designers, e.g., P2P applications

• address shortage should instead be solved by IPv6• gets complicated with IP fragmentation


Handson-3: ICMP Redirect


Ha: 10.x.1.1/24 Hc: 10.x.1.201/24

1 2

Hb:10.x.1.101/24

Switch

lo:10.x.2.101/24

lo:10.x.3.201/24

On Ha sudo ip route add 10.x.2.0/24 via 10.x.1.201 sudo ip route add 10.x.3.0/24 via 10.x.1.101

On Hb sudo ip route add 10.x.3.0/24 via 10.x.1.201

On Hc sudo ip route add 10.x.3.0/24 via 10.x.1.101

Handson-3: PMTU Discovery


On Hb sudo ip link set dev eth2 mtu 1000 sudo sysctl -w net.ipv4.ip_forward=1

On Ha ping -c 2 —s 1200 -p 50515253 10.1.3.201

Ha: 10.x.1.1/24 Hc: 10.x.3.201/24

1 2

Hb-e1:10.x.1.101/24

Router

Hb-e2:10.x.3.1/24

ARP - Address Resolution Protocol

• Packet delivery to a host requires two addresses

• Logical address - IP Address• Physical address - MAC address

• Need to find mapping from logical to physical• ARP is used - RFC 826


Fig Src: Forouzan - Data Communication and Networking, SIE

ARP - 4 cases

!76Experiential Learning - Network Layer RPRSrc: Forouzan

ARP

• ARP Request and Reply– ARP Request is broadcast– ARP Reply is Unicast

• Other forms of ARP– Proxy ARP (RFC 1027)– Reverse ARP (RFC 903)– Gratuitous ARP


Proxy ARP

• Router (Proxy ARP Server) replied to all requests

• Used when– splitting a network w/o changing hosts netmask– Taking care of statically configured m/c– Mobile IP


Src: Forouzan

Reverse ARP

• Reverse ARP (RARP)– RFC 903– Used for diskless stations– Organization does not have enough IP Address– Target as MAC Bcast does not cross the router– Needs one RARP server for each subnet

• BOOTP– Improvement over RARP– Has a relay agent to forward across network– has static mapping of MAC to IP

• manageability issues• DHCP - replaces BOOTP


Gratuitous ARP

• Ref: http://wiki.wireshark.org/Gratuitous_ARP

• Gratuitous ARP Request– both src and dstn IP is set to that of m/c – dstn MAC is broadcast i.e. ff:ff:ff:ff:ff:ff – Ordinarily, no reply will occur normally

• if a m/c exists, it may respond

• Gratuitous ARP Reply– a reply to which no request has occurred

•


Gratuitous ARP

• Why Gratuitous ARP– help detect IP conflicts

• if a m/c receives G-ARP req which is its own, implies IP conflict

– helps in updating other m/cs ARP tables• used in clustering solutions, when IP is moved

– helps inform the switch to update its port table– each time an i/f comes up (after down), sends G-ARP

• Practice: use send_arp to perform gratuitous arp


DHCP: Dynamic Host Configuration Protocol• goal: allow host to dynamically obtain its IP address

from network server when it joins network• renew its lease after lease expiry

• preferably gets the same address• client can reuse its address• support for mobile users who want to join • guarantee one address will be assigned to only one• retain DHCP client address across reboots

• not guaranteed• retain DHCP client configs across server reboots• must coexist with statically assigned addresses• interoperate with BOOTP relay agents


DHCP: Dynamic Host Configuration Protocol

• DHCP overview:– an extension of BOOTP mechanism– host broadcasts “DHCP discover” msg– DHCP server responds with “DHCP offer”

• more than one server can make the offer• client can choose which server to use

– host requests IP address: “DHCP request” msg– DHCP server sends address: “DHCP ack” msg– Renewal happens with DHCP request/ack– On completion, client sends DHCP release

• practically not seen


DHCP: more than IP addresses• DHCP can return more than just allocated IP

address on subnet:• address of first-hop router for client• name and IP address of DNS sever• network mask (indicating network versus host

portion of address)


DHCP: example

• connecting laptop needs its IP address, addr of first-hop router, addr of DNS server: use DHCP


router with DHCP server built into router

v DHCP request encapsulated in UDP, encapsulated in IP, encapsulated in 802.1 Ethernet

v Ethernet frame broadcast (dest: FFFFFFFFFFFF) on LAN, received at router running DHCP server

v Ethernet demuxed to IP demuxed, UDP demuxed to DHCP

168.1.1.1

DHCP UDP

IP Eth Phy

DHCP

DHCP

DHCP

DHCP

DHCP

DHCP UDP

IP Eth Phy

DHCP

DHCP

DHCP

DHCPDHCP

DHCP: example• DCP server formulates DHCP ACK

containing client’s IP address, IP address of first-hop router for client, name & IP address of DNS server


v encapsulation of DHCP server, frame forwarded to client, demuxing up to DHCP at client

router with DHCP server built into router

DHCP

DHCP

DHCP

DHCP

DHCP UDP

IP Eth Phy

DHCP

DHCP UDP

IP Eth Phy

DHCP

DHCP

DHCP

DHCP

v client now knows its IP address, name and IP address of DSN server, IP address of its first-hop router

Handson-4: ARP• Understand ARP working.

– Know current ARP working•arp -an

• ping Hx (where Hx is not in ARP table) but live– See the ARP table to have Hx entry

• ping Hy (where Hy is not live)– What does ARP table shows

• Create state ARP entry for Hz not in ARP table– sudo arp -s <IP Addr> <MAC Addr>– ping Hz – No ARP Request should be transmitted.

• ping -b -c5 <Broadcast address>


Handson-4: Proxy ARP

• Enable proxy ARP, and routing on Hb– sudo sysctl -w net.ipv4.conf.all.proxy_arp=1 – sudo sysctl -w net.ipv4.ip_forward=1

• Ping Hc from Ha

– Note down the ARP table of Ha and Hc.– It should show MAC addresses of Hb


Ha: 10.1.1.1/22 Hc: 10.1.3.201/22

1 2

Hb-e1:10.1.1.101/24

Router

Hb-e2:10.1.3.1/24

Handson-4: Gratuituos ARP

• Use arping to issue gratuituous ARP• On Ha, assign IP of Hc

– sudo ip addr del 10.1.1.1/24 dev eth0 – sudo ip addr add 10.1.1.201/24 dev eth0 – sudo arping -A -I eth0 10.1.1.101

– Analyze ARP table of Hb


Ha: 10.1.1.1/24 Hc: 10.1.1.201/242

Hb:10.1.1.101/24

Switch

Summary

• Networking Tools: wireshark, wget, nc, ssh• Protocol headers: IP, TCP, UDP• IP routing and subnetting• IP Fragmentation and PMTU discovery• ICMP errors: TTL expired, Dstn not reachable• ARP, Proxy ARP, Gratuituous ARP


Thank You


Experiential Learning Workshop on Network Layer · 2018-07-17 · Experiential Learning Workshop on...

Documents

Transcript of Experiential Learning Workshop on Network Layer · 2018-07-17 · Experiential Learning Workshop on...