TCP/IP

Networkprogramming
Dipl.-Ing. Olaf Fischer
Dipl.-Ing. Udo Willers
 course contents I

• Internet protocol basics (TCP/IP)

• Network analysis with UNIX tools (E1)
• Networkmanagement (E1/2)
• Network security (E3)
• Encryption and signing (E4)
 course contents II

• C programming in UNIX (E6,Repetitorium)

• Introduction to Socket Programming
• Example: „portscanner“ and „http-client“ (E7)
• Server programming
• Example: http-server (E8)
 Dates
• 18.10 Introduction TCP/IP

• 25.10 E1 (Protocols, RFC`s)

• 1.11

E2 (wireshark traceing)

• 8.11


E3 (SNMP, tkined)

• 15.11

Encryption, cryptool, GPG (E5)

• 22.11

Firewall (Linux firewall iptables)

• 29.11

UNIX C Programming (E6)

• 6.12


Socket programming (E7+E8)

• 20.12

Completion of E7/E8
 Kolloquium

• Attendance to all dates is mandantory!

• 30 min Kolloqium at the end of the term
 Groups

• 1-2 participants per group

• Login name: tcpip (X=1,2,..)
• Dedicated computer per group
• Select TCPIP entry in boot manager
 TCP/IP-basics
• Ethernet-Lan
• structure of the internet
• IP-Routing
• layer models (OSI - TCP)
• transport protocols
• application protocols
 Ethernet
• IEEE 802.3 standard
• 10-, 100- or 1000MBit/s broadcasting bus
technology,
• best effort delivery
• distributed acces mechanism on a shared
medium (CSMA/CD)
 Ethernet cables I
10Base5 10Base2 10BaseT
•Koax RG-8A/U(thick) •Koax RG-58(thin) •Twisted Pair cable
•10 MBit/s •10 MBit/s •10MBit/s
•Transceiver •coax plug, •RJ45-plug,
•Vampire clamp termination •Hubs, Switches
•max. 500m per •Vampire clamp max. 185m per
Segment •Repeater Segment
•max 3 Segments •max. 185m per •5-4 law
Segment (5 Segments a 100m,
•max 5 Segmente max
4 Hubs in collision
domain cascadable)
 Ethernet cabling II
100BaseT/TX ... 1000BaseT/SX... 10GBaseT/LX4 ...
•Kupfer (T) oder
•min. CAT5 cable fiber optic (SX) •copper (T) or
fiber optic (LX4,...)
•100 MBit/s •1GBit/s
•max. 205m zwischen •Modulation 5-PAM •10 GBit/s
Stationen einer Domäne •max. 100m (T) or •max. 100m (T,Cat6a)
or 300m (SX,
•max 5m zwischen Hubs! 550m (SX) per
multim.) per Segment
•max 100m zwischen Segment
•interface modules
Rechner und Hub •interface modules (GBIC)
(GBIC)
 Topology

line topology Repeater

star topology
(structured
cabling)
 Active components
Hub Switch Router

•Multiport-Repeater •Multiport-Bridge •verbindet LAN`s

•Signalregeneration •Signal regeneration •Signal regeneration +
•keine Verkehrstrennung + trafic separation traffic separation
•layer 1 •layer 2 •layer 3
 Access mechanism
• CSMA/CD (carrier sense multiple access
collision detection) with exponential backoff
• sender waits for free communication
channel, sends data and monitor its own
transmission (CSMA)
• in the case of a detected collision, the sender
generates and jam-sequence and starts
random backoff timer (CD) for
retransmission
• if first backoff produce new collision, the
backoff-intervall is enlarged
 sending procedure
sender receiver

sender waits for

free „ether“

sender receiver
ether
free,sender
starts transm.
and monitors
own transm.

sender receiver
frame is
receicesd
without
collision
 collision
sender I sender II receiver
Sender I+II
monitors the
ether

both see ether sender I sender II receiver

free and start
transmission,
while
monitoring
their own
transm.

sender I sender II receiver

sender recognize
collision, sends
jam signal and
start backoff
 ethernet-frame

0 6 12 14 max 1518 Byte

Destination Source Frame

DATA CS
Address Address Type

•6-Byte MAC-Address
•Frametype defines encapsulated protocol
•data-field with 0-1500 Bytes (eventually with
padding)
 MAC-address

Example: 00:20:30:F1:13:03
vendor serial
•worldwide unique
•each vendor has its own vendor-code and
controls its own serials

• upper 2-Bit = classification

(Bit 0 = unicast/multicast, Bit 1= global/local)
•broadcast-Address FF:FF:FF:FF:FF:FF
 Internet-architecture

• net of nets, each local net may have use

diferent LAN-technology(Ethernet, token
ring,Wlan,...)
• local networks are connected through
routers/gateways
• inner net structure is transparent for the
user. LAN-Technology is superseeded by an
universal communication protocol => TCP/IP
 Internet-architecture
72.10.7.210

GW Provider C
Provider B

G
W net 3
net 2 72.0.0.0
Host B
139.13.17.200
Provider A

Netz1
Host A 139.13.0.0
 Internet address

• 32-bit-address (IPV4, IPV6 = 128 bit)

• doted decimal notation
aaa.bbb.ccc.ddd (z.B. 139.13.17.140)
• globally unique address ( except priv.
networks)
 translating MAC to IP
Address Resolution Protocoll (ARP)

ARP Request (broadcast)

Who has 139.13.17.140

IP: 139.13.17.141 IP: 139.13.17.140

MAC: 00:10:31:40:A0:01 MAC: 00:20:31:A0:20:01

ARP Reply
139.13.17.140 is
00:20:31:A0:20:01

IP: 139.13.17.141 IP: 139.13.17.140

MAC: 00:10:31:40:A0:01 MAC: 00:20:31:A0:20:01
 IP-networks
• effective routing requires definition of
networks
• different network sizes must be possible
• network must be managed locally

=> division of addresses in network-/host-part

=> network-classes ref. RFC 791 (until 1993)
=> since 1993 CIDR (classless inter domain
routing) ref. RFC 1518 and 4632
 network classes
0




8


16


24


32

Class A 0 net host

Class B 10 net host
Class C 110 obsolete! net host

class networks
>>> CIDR
hosts mask range
A 128 16.777.214 255.0.0.0 0.0.0.0-127.255.255.255
B 16.384 65.535 255.255.0.0 128.0.0.0-191.255.255.255
C 2.097.152 256 255.255.255.0 192.0.0.0-223.255.255.255
 CIDR

• classless adresses
• each address hast an associated mask as its suffix
• Example: 192.168.2.7/24 => 255.255.255.0
• many former class-A and B-nets are allocated to
smaller networks
special IP-addresses
address range description RFC
0.0.0.0/8 current network 3232
10.0.0.0/8 private network 1918
14.0.0.0/8 public data net 3232
39.0.0.0/8 reserved 1797
127.0.0.0/8 localnet 3330
128.0.0.0/16 reserved
169.254.0.0/16 zeroconf 3927
172.16.0.0/12 private network 1918
191.255.0.0/16 reserved by IANA
192.0.0.0/24 reserved by IANA
192.0.2.0/24 documentation and examples 3330
192.88.99.0/24 6to4-anycast-prefix 3068
192.168.0.0/16 private network 1918
198.18.0.0/15 benchmark network 2544
223.255.255.0/24 reserved 3330
224.0.0.0/4 multicasts 3171
240.0.0.0/4 reserved 3232
255.255.255.255 broadcast
 network address
• the IP-address bitwise-AND-conjuncted
with the network mask results in the
networks address
• IP-address bitwise-OR-conjuncted with
the inverted network mask results in the
broadcast address

139. 13. 17.135/20
139. 13. 17.135/20
AND 255.255.240. 0 OR 0. 0. 15. 255
= 139. 13. 16. 0 = 139. 13. 31.255
Netzwerkadresse Broadcastadresse
 Internet routing
local net -> direct routing

FH-WHV-I
139.13.16.0

139.13.17.135 139.13.17.141

outside local net -> indirect routing

FH-WHV-I FH-WHV-II
139.13.16.0 139.13.32.0

139.13.26.233 139.13.44.124

139.13.17.240 139.13.44.35
 bitwise AND
destination IP with
own netmask

ARP
own net? (translation IP to
MAC)

host

Routing
in deliver frame to
Routing- resulting MAC
table?

algorithm
send to next
hop

net in
Routing-
table?

send to next
hop

Default
Route
in table?

to default-
router
routing error
example
 summary of routing
• direct/indirect routing by means of the
network address
• indirect routing by means of a routing table
• next-hop-delivery (only directly reachable
routers in the routing table)

=> packets follow the same path over time

=> packets can have separate route on their
way back
=> router must signal connection problems
(=> ICMP)
 IP-datagramm
0
4 8


16
19




31
VERS HLEN TOS TOTAL LENGTH

IDENTIFICATION FLAGS FRAGMENT OFFSET

TIME TO LIVE (TTL) PROTOCOL HEADER CHECKSUM

Header SOURCE IP

DESTINATION IP

OPTIONS (if any)

data
DATA
 IP-datagramm transport
via ethernet

Eth-Header Eth-Data
D-Mac S-Mac 0800 IP-Header IP-Data CS
Internet Control Message
Protocoll (ICMP)

• enables routers to signal errors to other

routers or hosts
• is transportet in IP-datagrams
• TCP/IP
• meldet Fehlerzustände, behebt sie aber nicht
 ICMP-Transport

ICMP-Header ICMP-Data

IP-Header IP-Data

Frame-Header Frame-Data CS

„Encapsulation“
 layer models
layer ISO/OSI TCP/IP protocol examples

7 application
telnet, ssh,ftp,
Applikations
6 presentation http,imap,nfs,
Protokolle pop,smtp
communication
5 control
Transport
4 transport Protokolle TCP,UDP
Internetwork
3 internetwork Protokolle IP,ICP,ARP,RARP
2 data link Network Ethernet,
Access 802.11g,
1 physical Protokolle
Token Ring
 layers and data units
application message application

transport segment transport

internetwork datagramm / packet internetwork

data link / physical

frame data link / physical

LAN
 example „Router“

application Message application

transport Segment transport

internetwork Datagramm internetwork Datagramm internetwork

data link / physical Frame data link / physical Frame data link / physical

LAN LAN
transport protocol UDP

• connectionless, unsafe protocol

• transportet via IP datagrams
• introduces the port mechanism to address
applications
 UDP-packet

0



16





31
SOURCE PORT DESTINATION PORT

LENGTH CHECKSUM

DATA
 port-mechanism
139.13.17.200 139.13.17.144
Port: 16200 Port: 123

ntp-client UDP-packets ntp-Server

„well known ports“
(selection)
Port Name Beschreibung

7 Echo reflects received data

13 daytime returns date and time

19 chargen char generator

37 time time

42 named DNS service

69 tftp simple ftp-client

111 Sun RPC Remote Procedure Call

123 ntp Network Time Protocol

transport protocol TCP

• connection based transport protocol

• buffered datatransfer with push-mechanism
• bidirectional, unstructured data stream
• secured transmission with positive
acknowledge und retransmission-feature
• port mechanism
 TCP-segment
0
4 10

16
24


31
Source Port Destination Port

Sequence Number

Acknowledge Number

Header HLEN Reserved Code Bits Window

Checksum Urgent Pointer

OPTIONS (if any) Padding

Daten DATA
 transmission
send 1 send 1 send 1
lost
send 2
rcv 1 rcv 1
send 3
ack 1 ack 1
rcv 1
timer ack 1
rcv ack 1 expired rcv ack 1 rcv 1
rcv ack 2 ack 1
retransmit 1
send 2 rcv ack 3
rcv 1

pos. ack. retransmission sliding window

 sliding window
window Seq.No=1

1. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

2. rcv ack , Ack. Number=3 data stream

window Seq.No=4

3. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22

There are always windowsize Bytes on the way.

The windowsize can be modified by the receiver
(flow control)
 establish/release of an
TCP connection

• signaling via the code bits in the TCP header

• establish:

SYN = 1
• release:

FIN = 1
• reset:


Reset =1
 three-way-handshake
SYN FIN
SEQ=0 SEQ=x

SYN , ACK ACK

SEQ=0, ACK=1 SEQ=y, ACK=x+1

FIN
ACK SEQ=y+1
SEQ=1, ACK=1
ACK
SEQ=y+2

establish connection release connection

 example
139.13.17.200 139.13.17.144
Port: 16200 Port: 80

Opera TCP-Conn. 1

http-Server
Firefox TCP-Conn. 2

139.13.17.200 139.13.17.144
Port: 16205 Port: 80