Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Notes

advertisement 
IP LAYER (CHAPTER 8 TEXT)













IP Layer(Network Layer) protocols consists of IP Protocol, ARP, RARP, ICMP and
IGMP Protocols.
The main function of IP Layer protocols is Routing of Packets
It is a connectionless, unreliable service. No Acknowledgements from the Destination to
the Source.No physical connection between the source and destination. IP datagram can
arrive at destination fragmented and out of order. It makes a best effort to deliver the
packet but no guarantees. If reliability is required, IP must be paired with TCP.
These Internet packets are called IP Datagram
All TCP, UDP, ICMP and ARP packets are transmitted as IP Datagram.
Fig shows an IP datagram packet format (P 192 Text).
Let us take brief look at each field of the IP datagram.
Draw it in the space provided.
Notice that the size of the datagram could be 20-65536 bytes and the Header length could
vary from 20 to 60 bytes.
Although IP Datagram could vary from 20 to 65536 bytes, the actual transmission
depends upon the physical medium carrying it. For example if Ethernet allows a frame
size of only 1576 bytes. The IP datagram will then be broken down into smaller chunks
to fit the frame size. This process is called fragmentation and there is a field in the IP
Header to identify the fragments
VERSION: Identifies the Version #. Current version is IP Version 4. IP Version 6 is also
used by some systems.
HEADER LENGTH: Specifies the # of 32 bit words in the Header. With no options and
Padding, the Header length will be 20 bytes or 5, 32bit Words. With options and Padding
, maximum header length is 60 bytes or 15 32bit words.
Type of Service(TOS) or Differentiated Service(DS): Indicates the type of service
being provided by this datagram such as ICMP, SNMP DNS etc. Read the
description of TOS and DS on pages 193 to 195 in your Text Book).
Hyder Khoja
Page 1
2/13/2016

TOTAL LENGTH: defines the total length of the Data gram including Header in
bytes



IIDENTIFICATION: Identifies the fragments belonging to a particular datagram. It
helps the receiver rebuild the original datagram from the fragments
FRAGMENTATION OFFSET: A 13 bit field that indicates the position of this
fragment with respect to the whole datagram. It is actually the offset of the data in
the original datagram in multiples of 8 bytes. Go through the example on p201202 in your Text Book and also through examples 5,6,7,8,9 P 202-203 in your
Text. Read option field description
FLAGS: Work with fragments:
Not
Used
DF
MF
DF (Don’t Fragment): “0” means fragment, “1” means don’t fragment
MF (More Fragments): “0” means Last fragment, “1” means more fragments.





TTL (Time –To-Live): This field was originally intended to be a time stamp, which was
decremented by each visited router. When this value becomes Zero, and the datagram has
still not reached its destination, then this datagram is killed. This prevents a datagram
from wondering in the cyberspace from Router to Router endlessly. These days it is used
as a hop count i.e the number of Router it passes through.
PROTOCOL: This 8 bit field indicates the higher level protocol that is using the IP
Service. This way a datagram is delivered to the correct application Study the
table in your text book and recognize the codes currently in use to identify various
applications. (table 8.4 P 197)
Checksum: Checksum is the sum of the one’s complement of the 16 bit words of
the Header. It is used to check the integrity of the header (not data). If header is
found corrupted, it will be discarded.
Source Address: 32 bit IP Address of the Source
Destination Address: 32 bit IP address of the destination.
Hyder Khoja
Page 2
2/13/2016
ARP AND RARP (Chapter 7 Text)








ARP (Address Resolution Protocol) is used by the interior Gateways ( or Routers or
machines) to find the Physical (or MAC or Hardware Address ) of another machine in the
same Network when it knows its IP Address.
It is important to understand that IP Addresses are logical Addresses and have global
significance.
Physical or MAC or Hardware Address is the Address of the machine on the Network. It
is the Address of the Network Interface Card installed on that machine. It has only local
significance.
Thus for a packet to be delivered to the target machine correctly, two addresses are
required- it’s IP address and it’s physical Address.
ARP is used to find the physical Address of a machine given its IP Address in the same
Network.
RARP is used for a reverse process. It is used to find the IP Address given the Physical
Address.
It can be done Statically by maintaining a table of all IP Addresses and their
corresponding physical Addresses. However, this does not work well for the following
reasons (1) A machines NIC can change (2) a mobile computer can move from one
physical Network to another.
ARP uses a dynamic process to determine the physical Address, given the IP Address
ARP OPERATION:





Anytime a host or a Router wants to send an IP datagram to another host or Router, it will
first find its physical Address by ending an ARP Request Packet as a broadcast to all
machines on the Network.
Figs below shows the format of an ARP Request and Reply packets.( Fig 7.3 and 7.4 on
P172 of the Text).
Draw the ARP Request and reply packets in the space provided below.
All machines receive the Request but only the machine whose IP Address matches the IP
Address contained in the ARP Request packet will respond with an ARP Reply Packet
The target machine responds with its MAC Address by sending an ARP Reply Packet.
Hyder Khoja
Page 3
2/13/2016
DESCRIPTION OF THE ARP REQUEST PACKET FIELDS:









H Type (Hardware Type): 16 bits field. Identifies the type of network making the ARP
request. For example Ethernet code is 1, Token ring code is 4, X.25 code is 3, FR code is
15, HDLC code is 17 etc
P Type (Protocol Type): Identifies the protocol Making the ARP Request. For
example IP V4 code = o800H.ARP Protocol can be used by any higher level
Protocol
H Length ( Header Length): 8 bit field that indicates the length of the physical
Address in bytes that it is looking for. For example Ethernet Address is 48 bits (6
bytes- Remember I asked you this Question in the final Exam?). Thus the value of
this field in an Ethernet Network will be 6.
P Length (Protocol Length): 8 bit field that Indicates the length of the logical Address in
bytes. Since IP Address is 32 bits , the value of this field will be 4 in an IP based
Network.
OP CODE (Operation Code) : Identifies the operation. ARP request =1, ARP
reply=2, RARP Req+3 RARP Response = 4
SHA ( Source Hardware Address) : Specifies Source Hardware Address. For
Ethernet , it will be 6 bytes.
SPA ( Source Protocol Address): Specifies the Source protocol Address. For IP
based network it will be 4 bytes.
THA (Target Hardware Address): Specifies the Target Hardware Address. For ARP
request packet it will be ___________ (Think) Why? ___________________
TPA (Target Protocol Address): What do you think this field should contain?
_______________________________________________________________
ENCAPSULATION:
 An ARP packet is encapsulated directly into the Data Link Frame as shown below (Show
Encapsulation)



The ARP Reply will be unicast, same format as a Request with opcode set to 2.
ARP can also be used to check for a duplicate IP Address on the Network. to do that, it
can send an ARP Request for its own IP Address. If another Machine Replies, that means
there is another machine with the same IP Address. In that case, the machine will not
initialize its TCP/IP Stack
ED Tittle p118-120
Hyder Khoja
Page 4
2/13/2016
INTERNET CONTROL MESSAGE PROTOCOL (ICMP)












ICMP is a network layer protocol. It complements IP Layer
IP Layer protocol is a connectionless, unreliable protocol as mentioned earlier.
What if a packet cannot reach its destination? What if a Router kills a datagram because
TTL has expired? What if a destination discards a datagram because it cannot find all of
its fragments? What if a packet is discarded by a Router because it cannot route it
because of insufficient routing information. Etc,etc
ICMP is a companion protocol, which provides information about routing behavior,
reachability, delivery error reports and other control information. It reports errors,
congestion and other traffic reports. When it comes to diagnosing and fixing problems
with TCP/IP connectivity, ICMP does an excellent job. Error messages that you see on
your computer screen are generated by ICMP
Table below (Table 4-1 P 163-164 Text ) shows ICMP message types and their
applications
Show encapsulation of ICMP Header into IP data field and then into MAC frame.
Types of ICMP messages. (1) Error Reporting (2) Query
The Error reporting messages report problems that a Router or a host may encounter in
the delivery of the packet
The Query messages, which occur in pairs, allow nodes and Network Managers to get
important information from routers and Hosts for example hosts can discover their
neighbors or hosts can dicover and learn about routers on their network, routers can
instruct the hosts to redirect its message etc
ICMP does not correct the errors, it simply reports them. Correction is left to higher level
protocols
Study Table 9.1 P228-229 Text. Also Table 4-6 to 4-12 P177-181 Ed Tittle. Study coding
of various types of messages and the reason codes
Referring back to the ICMP Packet format, note that
Type field defines the type of message
Code field defines the reason for the particular message type
Checksum ----checks the error in the ICMP Header only. Rest of the fields are variable
and are different for different types of messages.
Hyder Khoja
Page 5
2/13/2016


We shall look in detail at only ECHO REQUEST and ECHO REPLY messages as they
are used quite extensively in Diagnostics utilities such as PING and TRACEROUTE
Read pages 230 to 249
ECHO REQUEST / ECHO REPLY ICMP PACKETS:










Echo-Request/Reply messages are designed for diagnostic purposes
It tests the reachability or connectivity of a particular host or a router
Since ICMP messages are encapsulated within the IP packet, it tests the operation of IP
Layer as well.
A Host or a Router sends an echo request to another host or a Router
The receiving Host/Router receives the Echo request and send back an Echo Reply. Type
field will be 8 for request and “0” for reply, whereas CODE field will be “0” for both.
Fig below shows the format of the Echo Request and Reply packet. Draw in the space
provided.
Identification field is used sometimes to identify a session
Sequence # field is used sometimes to keep track of messages and to match requests with
replies. Both of these fields are optional
WINDOWS 2000 PING Utility uses 256 decimal (0X100) as identification and the first
Echo Request sent will have a seq# of any multiple of 0x100 and thereafter increased by
“1”. The data field will be “abcdefghijklmnopqrstuvwabcdefghi”
Fig shows a decode of the Echo Request from 10.2.10.2 to 10.2.99.99(4.10 –4.11 p182183 Ed tittle)
TESTING AND TROUBLESHOOTING WITH ICMP:


ICMP’s most common uses are testing and troubleshooting
Two of the most commonly used Utility Programs – PING and TRACEROUTE, use
ICMP ECHO Request / Reply messages to test connectivity and Path Discovery.
PING:



PING uses a MAC Header, IP Header and ICMP Echo Request/ Reply with some
arbitary data to test connectivity.
It sends a series of several Echo Requests and receives Replies and calculates the
average Response times (See Fig 4.2 P165 E.T )
The PING Utility included with WIDOWS 2000 sends 4 ICMP Echo requests with 1
second Echo Reply timeout. It consists of 32 bytes of Data in a fragmentable IP Packet.
Hyder Khoja
Page 6
2/13/2016


Routers generally don’t respond to ICMP Echo Requests sent to muticast or broadcast
addresses.
The command line parameters used with PING allows changing the Parameters like
TTL, timeout, # of bytes etc. See appendix C E.T
TRACEROUTE:



The Traceroute Utility identifies a path from the sender to the receiver using ICMP Echo
Request and some manipulation of the time to live (TTL) value in the IP Header
It provides a list of routers along a path as well as round trip latency time to reach a
Router
Some implementation try to resolve the names of the Routers along the path
PATH DISCOVERY WITH PATH TRACE:



New to WINDOWS 2000.
Tests Routes, link latency as well as packet loss. See Appendix C E.T
PMTU discovery enables a source to learn the currently supported MTU across an entire
path without fragmentation
Hyder Khoja
Page 7
2/13/2016
Related documents
Project-2 Overview
Project-2 Overview
View File - UET Taxila
View File - UET Taxila
Document
Document
Faculty of Engineering Sheet 7 - Pharos University in Alexandria
Faculty of Engineering Sheet 7 - Pharos University in Alexandria
CIS 617 - NETWORKS & COMMUNICATION
CIS 617 - NETWORKS & COMMUNICATION
Learn TCP/IP Quiz
Learn TCP/IP Quiz
PresentationTopicARPattack
PresentationTopicARPattack
File
File
Wireshark Lab 4 – IP
Wireshark Lab 4 – IP
Chapter 8
Chapter 8
Download
advertisement