Buffl
Buffl
Masterkurs Rechnernetze

IPv4

JJ
von Jensen J.

What is paris traceroute?

  • find different possible routes based on load balancing scheme on the route

  • -> vary header fields that are within the first 28 octets…

  • => TCP sequence number

  • => UDP checksum field (requires maniupulation of payload to ensure correctness of checksum..)

  • ICMP combination of ICMP identifier and sequence number…

=> but still fails on per packet load balancing…


What was the basic task of the network layer?

  • forward IP datagrams to destination IP subnet/host/interface

  • -> use IP address as locator and identifier

    • network part and host part


What steps are there in IP datagram delivary?

  • use network prefix to deliver IP packet to right network

  • once network is reached use L3 address to deliver to the right interface


What protocols exist in the Network layer?

  • IP protocol

    • addressing conventions

    • packet format

    • packet handling conventions

  • routing protocols

    • path selection

    • RIP, OSPF, BGP

  • ICMP protocol

    • error reporting

    • router signaling


What is a subnet?

  • device interfaces with same subnet part of IP address

  • can physically reach each other without intervening router


What parts are there to an IP address?

  • network part -> address network

  • host part -> adress interface of a host


What was the most notable fix to address space exhaustino (aside from Ipv6?)


  • private addresses

  • 10.0.0.0/8

  • 172.16.0.0/12

  • 192.168.0.0/16


How can one identify ICMP in an IP header?

  • TOS -> 0x00 for ICMP

  • Protocol -> 0x0001 for ICMP

  • Additinal fields in the optinos


  • type

  • code

  • checksum

  • type-dependent part of header

  • data (optional)


What classes of ICMP messages are there?

  • Query messages

    • only kind of ICMP message that generate another ICMP message

  • error messages

    • contain IP header and at least first 8 Byte of packet that caoused the ICMP error to be generated

    • allows receiving ICMP module to associate the message with a particular protocol and process (port number)


What is ping?

  • checks if host is reachable, alive

  • uses ICMP echo request / reply

  • copy packet data request reply


What is traceroute?

  • allows to follow path taken by pakcet

  • send UDP/TCP packets with increasing TTKL to (unlikely) port

  • ICMP replies: time exceed; last ICMP message: port unreachable


Can traceroute change? How to avoid?

  • yes -> e.g. load balancing…

  • -> hash packet headers and forward the same hash values on the same path to have the same paths for the same connection…


What further traceroute types exist?

  • yarrp

    • stateless

    • highly paralell

  • scamper

    • all in one tool

    • IPv4 and IPv6

    • built in alias resolutiontool

  • MDA

    • tries to identify all possible paths

    • crafts specific packets to find new paths

    • large overhead

  • MDA-lite

    • optimized MDA implementations

    • tradeoff between performance and completeness


Does ARP need any configuratoin?

  • no -> plug and play


What operation codes for ARP exst?

  • 01: request

  • 02: reply

  • 03: reverse request

  • 04: reverse reply (for RARP)


What is proxy arp?

  • Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks.


What are possible uses of Proxy ARP?

  • Transparent subnet gatewaying

    • Two LANs sharing same IP subnet, connected via router

  • Host joining LAN via dialup link

    • Dialup router employs Proxy ARP

  • Host joining LAN via VPN

    • Dialup router employs Proxy ARP

  • Host separated via firewall


What optimizations were done to arp?

  • build arp tables that keep IP MAC mapping of already looked up mappings…

  • -> ARP request only sent in case there is no entry for specific IP in ARP table…


How to deal wiht hosts that changes in resect to ARP caches?

  • expiration timer associated to each entry in ARP table

  • -> entry removed upon timer expiration

  • some implementations send ARP request to revalidate before removing table entry

  • some implementations remeber when ARP table entries were used to avoid removing implrtant entries…


What happens if an ARP request is made for a non-existing host?

  • Several ARP requests are made with increasing time intervals between requests

  • Eventually, ARP gives up


Whar are Gratuitous ARP Requests


  • A host sends an ARP request for its own IP address

  • Useful for detecting if an IP address has already been assigned.


What vulnerabilities exist in ARP?

  • ARP request and replies can be forged as ARP does no authentication of request and replies

  • ARP is stateless -> replies can be sent without corresponding ARP request…

  • according to proto specification -> Node receiving ARP packet must update local ARP cache with information in sender fields, even if node lareaday has entry for IP address of sender in its ARP cache (arp request and reply packets)


What are typical ARP exploitatoins?

  • ARP poisoning

  • -> redirect IP traffic from/to hosts

  • can also be performed by hosts within a WPA-2 protected wlan


How are routing and forwarding connected?

  • routing -> change forwarding table

  • forwarding -> lookup forwarding table


Beitreten
Vorschau

Author

Jensen J.

Informationen

Zuletzt geändert

Kurs melden
© 2023 Buffl GmbH