Network Basics

Version: immer 4 bzw 100

IHL: Internet Header Length, gibt in Vielfachen von 32 Bit wie lange der Header ist

Type of Service (ToS): 0-5 DSCP (Differentiated Services Code Point) 6-7 ECN (Explicit Congestion Notification)

Total Length: Größe des Gesamten Pakets mit Header

Fragment Identification: Steuert Zusammensetzung nach Fragmentierung, mit Source Address, Fragment Offest und Flags kann Empfänger diese wieder zusammenbauen

Flags: 0 immer 0, 1: Do Not Fragment (DF), 2: More Fragment (MF)

Fragment Offset: bei fragmentierten Paketen, ab welcher Position innerhalb des Paketes das Fragment anfängt, bezieht sich auf Daten-Blöcke von 64 Bit bzw. 8 Byte Größe

TTL: Hat dieses Feld den Wert null, so wird das Paket verworfen, mit jedem Hop (Router) wird diese verringert um Loops zu erkennen

Protocol: bezeichnet das Folgeprotokoll, IP-Paket zum Beispiel ein TCP-Paket, steht hier der Wert 6, für ein UDP-Paket 17, werden von IANA vergeben

Header Checksum: Dieser Wert wird bei jeder Station neu verifiziert und – weil sich die TTL pro Hop verändert – neu berechnet, alle 16-Bit-Halbwörter des Kopfdatenbereichs nach den Regeln des Einerkomplements addiert (Übertrag auf das LSB addieren) und von der Summe das Einerkomplement gebildet. Das Ergebnis sollte 1111 1111 1111 1111 (Hex: 0xFFFF) sein, denn sonst ist ein Fehler im Header.

IP Options: maximale Anzahl der mit Optionen belegbaren Byte im konkreten Paket ergibt sich aus (IHL*4)-20

Padding: Da die Gesamtlänge des IP-Headers durch das Feld IHL nur in Vielfachen von 4 Byte festgelegt wird, werden unbenutzte Byte mit Nullen aufgefüllt

puts strain on routers

gateways, firewalls, hosts might need to reassemble fragment (eg judge by firewall)

packets can be up to 64Kb in size

might arrive in different order

does not prohibit overlapping

only first fragment contains higher layer header

whole packet size needs to be allocated when first fragment arrives

one fragment lost, whole packet needs be retransmissed

Transmission Control Protocol

Sequence number: How many bits where already transmissoned in this stream

Acknowledgment number: How many bits where already received in this stream

Data offset: size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words

Reserved: size of the TCP header in 32-bit words. The minimum size header is 5 words and the maximum is 15 words

CWR: Congestion window reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism.

ECE: If the SYN flag is set (1), the TCP peer is ECN capable. If the SYN flag is unset (0), a packet with the Congestion Experienced flag set (ECN=11) in its IP header was received during normal transmission. This serves as an indication of network congestion (or impending congestion) to the TCP sender.

URG: Indicates that the Urgent pointer field is significant

ACK: Indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set.

PSH: Push function. Asks to push the buffered data to the receiving application.

RST: Reset the connection

SYN: Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid when it is set, and others when it is clear.

FIN: Last packet from sender

Window: The size of the receive window, which specifies the number of window size units[b] that the sender of this segment is currently willing to receive

Checksum: The 16-bit checksum field is used for error-checking of the TCP header, the payload and an IP pseudo-header. The pseudo-header consists of the source IP address, the destination IP address, the protocol number for the TCP protocol (6) and the length of the TCP headers and payload (in bytes).

Urgent Pointer: If the URG flag is set, then this 16-bit field is an offset from the sequence number indicating the last urgent data byte.

Options: The length of this field is determined by the Data Offset field. The TCP header padding is used to ensure that the TCP header ends, and data begins, on a 32-bit boundary. The padding is composed of zeros.

Find maximum MTU of the path, so no fragmenting is needed

TCP Slow Start

How much data can be “in transit” without acknowledgement – e.g., on high latency links such as cell networks or satellite links

User Datagram Protocol

no connection

no gurantees

low latency

Stream Control Transmission Protoco

wie TCP aber mehere Streams

Part of SIGTRANS, i.e., often found in Telco and Cellular Core Networks

Generic routing encapsulation

Found with VPNs and point-to-point connections

Either on top of IP, or encapsulated into UDP for compatibility

Reliable multi-streaming protocol with TLS encryption

Runs on top of UDP

Connects multiple (similar or identical) networks on a physical level

“same signal on all ports”

Frames can collide because multiple stations could decide to send frames and not sense each other because of speed of light restrictions

Extends a network

Boosts a signal, e.g., on long cables

Connects multiple (similar) Networks

Separates collision domains, with twisted-pair cabling (TP) no collisions

Still connects broadcast domains

Manages a MAC address table

Forwards only to the port it knows the address is reachable

For (yet) unknown addresses forwards to all ports

Separates network flows, increases capacity

Connects two different media

Both Networks use the same Layer 3 protocol stack, but different (but translatable) layer 2

Switch is a special form of a Bridge

Relay Packets to target networks

Might need to determine the shortest/optimal path through a network of networks

Packets might need to take multiple hops to the target

Selectively blocks incoming and outgoing network traffic

Ideally only allows selected well-defined network traffic (e.g., HTTP and eMail)

Classification not easy – missing industry-wide nomenclature

By placement, Implementation, Functionality

Accepts connection requests from the LAN and then makes its own connections

LAN clients relay all traffic through the proxy, never directly with the Internet

Not transparent – typically requires protocol support

Can be combined with a cache (caching proxy)

Connects networks with different protocol

Gateways come in all forms and sizes, and operate on multiple OSI layers – typically layer 3 and above

Originally “Modulator-Demodulator”

Today loosely used for anything provided by the ISP, but actually is a composite of all kinds of interconnection technologies

Router, Switch, Bridge, Access Point, Modem

Larger address space

Despite different offered transition mechanisms (e.g., tunneling, Teredo, 6in4, 6to4), usually happens in one of two ways:

• Dual-Stack: Machine has IPv4 and IPv6 addresses

• Default configuration is: IPv6 has precedence

• NAT64: IPv6 connections are native, IPv4 is NATed

Link-local addreses allow instant communication on the local LAN

No broadcast addresses, but multiple multicast addresses for special purpose

Neighbor Discovery Protocol (NDP) replaces ARP

Stateless Address Autoconfiguration (SLAAC) uses MAC address (modified EUI-64 format) to generate network addresse

DHCPv6 seldom used – but exists