BCIS 4630 Fundamentals of IT Security
NET
Dr. Andy Wu

• Internet Control Message Protocol (ICMP) is a control and information protocol, which is used to determine:
– Remote network’s availability.
– Length of time to reach a remote network.
– The best route for packets to reach a remote network.
• ICMP can handle the flow of traffic, telling other network devices to “slow down” transmission speeds if packets are coming in too fast.
• ICMP is not connection-oriented (uses UDP).
– Designed to carry small messages quickly.
– Has minimal overhead.
– Has minimum impact to bandwidth.
2

• ICMP messages are used to exchange information about network host status, traffic condition, etc. Two important fields in an ICMP message are:
– Type: A one-byte field to indicate the kind of ICMP message.
– Code: For message of certain types, a one-byte Code field may have a value to further identify a message.
• For example, a ping command goes from one host to another and receive a response from the latter. Two types of ICMP messages are involved in this process:
– Echo Request
– Echo Reply
3

Type
0
3
Description
Echo Reply
Destination Unreachable
3
6
0
1
7
Code Description
Network unreachable
Host unreachable
Port unreachable
Destination network unknown
Destination host unknown
4
5
8
Source Quench
Redirect Message
Echo Request
4

5

• Communications between network computers (hosts) would be impossible without unique addresses for each host.
• Computers on a local network use MAC addresses to communicate with each other.
• To access hosts on remote networks, such as those on the
Internet, a computer needs to know their IP addresses .
– Routers will route the packets to the destination network by looking up those IP addresses in the routers’ routing tables.
• IP addresses are difficult for humans to memorize, so
DNS
Names (e.g., www.unt.edu
) are used by humans.
6

• Therefore, two types of address translation (resolution) are essential to network communications.
– DNS Name-IP Address Resolution
• When a person uses a human-readable address like www.unt.edu
, that address must be resolved into an IP address.
– IP-MAC Address Resolution
• Scenario 1: If that IP address is local, the resolution of the IP address into MAC address takes place right away.
• Scenario 2: If that IP address is remote, the packet is routed to the remote network first. Then, once the packet gets to the remote network, it is resolved into a MAC address on that network.
• In both scenarios, the host owning that MAC address will take care of the packet.
7

• Domain Name Service (DNS) translates user friendly names
(called Fully Qualified Domain Names, or FQDNs) into IP addresses.
– For example, www.unt.edu = 129.120.188.44
• The DNS server handles DNS queries by examining its local records to see if it knows the answer.
• If it does not, the DNS server queries higher level domain servers. They check records or query the server above them and so on until a match is found.
• A domain’s DNS servers maintain a database that records all
DNS name-IP mappings inside the domain, including those for web servers, directory servers, email servers, hosts, etc.
8

• It is common to express the 32-bit IP addresses in a decimal form (dotted decimal notation).
– The address is divided from the high-order bit to the low-order bit into four 8-bit units called octets.
– IP addresses are normally written as four separate decimal octets delimited by a period (a dot).
– Each octets has eight bits and each bit has two possible values: 0 and 1.
– Thus, in decimal terms, an octet can have 28 or 256 possible values, ranging from 0 to 255.
9

• An IP address is broken down into two portions: Network ID and Host
ID.
– Without subnetting, the end of the network ID falls on a 8-bit boundary
(e.g., the 16th bit in a Class B subnet).
– The network ID, or network address, identifies the nodes that are located on the same logical network.
– The host ID, or host address, identifies a node within a network.
• An address with a host ID of all zeros is not assigned to any host. It is reserved to define the network itself (network address, e.g., “the
132.170.0.0 network”).
• If the host ID is all 1s, the address is a broadcast address (e.g.,
132.170.255.255). It is used to send a packet to all hosts on a specific network. It can only be a destination address; no host can be assigned this address.
10

Class A
Class B
Class C
Source: Davies and Lee, Windows Server 2003 TCP/IP Protocols and Services.
11

• A shorthand for subnet masks (n.n.n.n
stands for an IP address). It indicates the number of bits that are set to 1 in the mask.
– n.n.n.n/8 for class A default mask, equivalent to 255.0.0.0
– n.n.n.n/16 for class B default mask, equivalent to 255.255.0.0
– n.n.n.n/24 for class C default mask, equivalent to 255.255.255.0
12

• An organization can use any IP addresses for its network, as long as it is not connected to the Internet.
• If it wants to use the addresses on the Internet, however, it has to apply for them from Internet
Corporation for Assigned Names and Numbers
(ICANN).
• Three blocks of addresses are reserved for private networks.
Class A: 10.0.0.0 – 10.255.255.255
Class B: 172.16.0.0 – 172.31.255.255
Class C: 192.168.0.0 – 192.168.255.255
• Private addresses are not routable on the Internet.
13

• MAC address is a unique, 48-bit hardware address assigned to a device by the manufacturer.
– Each manufacturer is assigned a specific block of MAC addresses (the first 24 bits).
– The manufacturer assigns the device a unique address (the second 24 bits).
– No two devices can share the same MAC address.
– For one system to send data to another on the local network, it must first find out the destination system’s MAC address.
14

• To find a MAC address, the Address
Resolution Protocol (ARP) is used.
• Using an ARP request, the sending system will broadcast a query – “who is
129.120.188.44”?
• This broadcast query is examined by every host on the local network, but only the system whose IP address is 129.120.188.44 will respond.
15

• That system will send back a response that says “I’m
129.120.188.44 and my MAC address is
00:07:e9:7c:c8:aa.”
• The sending system will then format the packet for delivery and drop it on the network media, with the
MAC address of the destination host.
• If a host cannot find the destination host in this way, the packet is forwarded to the default gateway, which is the computer/router that knows how to route those packets.
• What happens if the receiving “host” is
129.120.255.255?
– The broadcast MAC address is all Fs.
16

• Used in one-to-everyone communications.
• A broadcast IP address is designed to be processed by every
IP node on the same network segment.
• It is in the format of
– Class A: nnn.255.255.255
– Class B: nnn.nnn.255.255
– Class C: nnn.nnn.nnn.255
• The broadcast IP packet is addressed at the Data Link layer using the network technology's broadcast address.
– For example, for Ethernet and Token Ring networks, all IP broadcasts are sent using the Ethernet and Token Ring broadcast address 0xFF-FF-FF-FF-FF-FF.
17

• Used in one-to-one communications.
• A packet is sent from an individual source to an individual destination.
• In a hub-connected network, all hosts on the network segment see the packet.
• In normal mode, however, all hosts except the intended receipt will pick up and process the packet.
18