Network/Internet Background 

Internet History 101

DARPA – Defense Advanced Research Projects Agency

ARPANET

  • World’s first operational packet switching network
  • Predecessor of global Internet

Started in 1969 with 4 routers @ UCLA, Stanford, UC Santa Barbara, Utah

TCP/IP in 1983

What is the Internet?

A collection of independently operated autonomous systems (ASes)

A network of networks!

Goals of the Internet

Fundamental goal: Inter-connect multiple networks of different types (wired and wireless) via store-and-forward gateways

Second-level goals:

  • Robust in face of failures 
  • Support multiple types of services
  • Support a variety of networks
  • Allow distributed management
  • Cost effective

Internet communication via sockets

The image below shows two computers, labeled HostA and HostB, involved in a simple communication scenario. The message has the following details:

  • Source: HostA (client), SrcPort=1234
  • Destination: HostB (server), DestPort=80
  • Content: “Hello world”

In the first image, a message is being sent from HostA to HostB, where HostA is the client sending data from port 1234.

In the second image, HostB is receiving the message on port 80 (typically used for HTTP). The content of the message is “Hello world.”

The structure of the Internet: The ISO/OSI Architecture

ISO/OSI architecture describes functions of communication systems

ISO: International Standards Organization

OSI: Open System Interface

Breaks communication systems into layers, with each layer serving as an abstraction to layer above

Who Does What?

Lower three layers are implemented everywhere

Next four layers are implemented only at hosts

Physical Communication

Communication goes down to physical network, then to peer, then up to relevant layer

Switched Network

  • End-hosts connected to switches
  • Switches:
    • Forwarding nodes 
    • At least two links 
    • Also known as bridges or routers

Datagram Packet Switching

  • Packets – discrete blocks of data
  • Each packet is independently switched
  • Each packet header contains destination address
  • Routing protocol is used to compute next hop

Internet Communication

Network Security: The high bits

The Internet is a huge open system …which adheres to the end-to-end principle

smart end-points, dumb network

(easy to exploit!)

The network is …

… a collection of interconnected computers

… with resources that must be protected 

… from unwanted inspection or modification

… while maintaining adequate quality of service.

Transport Layer (4) 

Service:

  • Process-to-process channels
  • Demultiplexing (via ports) to different processes
  • Optional: error-free and flow-controlled delivery

Interface:  send message to specific destination (address and port)

Protocol:  implements reliability and flow control

  • Examples:  
    • TCP (reliable) 
    • UDP (unreliable)

Ports are for multiplexing

  • Destination port tells OS to which application (service) it should send incoming message
  • Internet Assigned Numbers Authority (IANA) defines list of reserved ports
  • Look at /etc/services on your computer
  • In reality, program can listen to any port in [1,216)
  • Ports below 1024 require admin privileges
  • For new apps, best to choose a high-numbered port (e.g., 9999)
Port NumberService
22ssh (secure terminal)
25Email server
80Web server (HTTP)
443Secure web server (HTTPS)
Standard port numbers for various protocols

User Datagram Protocol (UDP)

  • Unreliable transport
  • Provides integrity protection
  • Doesn’t handle:
    • out of order delivery
    • lost packets
    • duplication

Transmission Control Protocol (TCP)

  • Handles loss, duplication, and out-of-order delivery
    • relies on ACKnowledgements
  • Provides flow control: prevent congestion
  • Provides congestion control: handle congestion

TCP’s “three-way handshake”

Network Layer (3)

  • Service: 
    • Deliver a packet to specified network destination
    • Perform segmentation/reassembly 
  • Interface: send a packet to a specified destination
    (network address)
  • Protocol: define global unique addresses;
    construct routing tables

Example:  IP 

Internet Protocol (IP)

  • IP allows networks to interoperate (IP is what allows internet to be multiple independent networks)
  • Any network technology that supports IP can exchange packets
  • Allows applications to function on all networks
  • Applications that can run on IP can use any network

Network Address Translation (NAT)

Problem: There are a fixed number of IPv4 addresses (232), so they are managed by dedicated authorities

Solution: Private IPv4 address ranges

RFC1918 nameIP address rangeLargest CIDR block (subnet mask)
24-bit block10.0.0.0 – 10.255.255.25510.0.0.0/8 (255.0.0.0)
20-bit block172.16.0.0 – 172.31.255.255172.16.0.0/12 (255.240.0.0)
16-bit block192.168.0.0 – 192.168.255.255192.168.0.0/16 (255.255.0.0)

Internet Control Message Protocol (ICMP)

  • ICMP is used as a control plane for IP messages
    • Ping (connectivity probe) 
    • Destination unreachable (error notification)
    • Time-to-live exceeded (error notification)

Datalink Layer (2)

  • Service: 
    • Combine stream of bits into frames (attach frame separators) 
    • Send data frames between peers
  • Interface: send a data unit (frame) to a machine (MAC address) connected to the same physical media
  • Protocol: Medium Access Control (MAC)
    • Examples:  
      • Ethernet (LAN)
      • 802.11 (wireless)

Address Resolution Protocol

  • ARP locates a host’s link-layer (MAC) address
  • Problem:  How does Alice communicate with Bob over a LAN?
  • Assume Alice (10.0.0.1) knows Bob’s (10.0.0.2) IP
  • LANs operate at layer 2 (there is no router inside of the LAN)
  • Messages are sent to the switch, and addressed by a host’s link-layer (MAC) address

Protocol:

  • Alice broadcasts:  “Who has 10.0.0.2?”
  • Bob responses:  “I do!  And I’m at MAC f8:1e:df:ab:33:56.”

ARP Spoofing

  • Each ARP response overwrites the previous entry in ARP table 
  • last response wins!
  • Attack:  Forge ARP response
  • Effects:
    • Middle-person attacks
    • Denial-of-service
  • Also called ARP Poisoning or ARP Flooding

Do this at home (safely): http://try.cybersecurity.ieee.org/trycybsi/

Dynamic Host Configuration Protocol

  • DHCP is the canonical protocol for dynamically assigning IP addresses to hosts in a network
  • Also configures gateway and DNS info
  • Many networks use static DHCP, which always gives the same IP address to a MAC address

Virtual LANs (VLANs)

  • VLANs provide flexible network segmentation without the need to run multiple physical networks
  • IEEE 802.1Q: Ethernet packet to specify 12-bit VLAN ID (VID)
  • Each port on a switch can be assigned either
  • A specific VID (also known as an “access” port)
  • Or propagate received VID (also known as a “trunk” port)
  • Can also specify a set of allowed VIDs

VLAN Hopping

  • Switch spoofing: attacker pretends to be a trunking switch
    • This works if the switch port is configured to negotiate a trunk (vs. access port)
  • Double tagging: works when port configured as a trunk with a “native” tag, which don’t apply a VLAN tag when sending
  • Attacker prepends two VLAN tags to a frame
    • Outer tag: attackers VLAN
    • Inner tag: target VLAN
  • The next switch uses the inner VLAN tag
  • Reply traffic does not reach the attacker