tcp/ip for engineers
DESCRIPTION
A short primer for engineers who don't have an IT/networking background on the major Internet protocols.TRANSCRIPT
TCP/IP and Ethernet TCP/IP and Ethernet FundamentalsFundamentals
(For Engineers)(For Engineers)
Leif Bloomquist P.EngLeif Bloomquist P.Eng
December 16, 2009December 16, 2009
““Dr. Seuss” meets NetworkingDr. Seuss” meets Networking
If a packet hits a pocket on a socket on a port If a packet hits a pocket on a socket on a port and the bus is interrupted at a very last resort,and the bus is interrupted at a very last resort,and the access of the memory makes your floppy disk abort, and the access of the memory makes your floppy disk abort, then the socket packet pocket has an error to report!then the socket packet pocket has an error to report!
The label on the cable on the table at your house The label on the cable on the table at your house says the network is connected to the button on your mouse,says the network is connected to the button on your mouse,but your packets want to tunnel on another protocol, but your packets want to tunnel on another protocol, that's repeatedly rejected by the printer down the hall! that's repeatedly rejected by the printer down the hall!
Course OutlineCourse Outline
1.1. The very basicsThe very basics
2.2. The TCP/IP “stack” modelThe TCP/IP “stack” model
3.3. Interfaces and interactionsInterfaces and interactions
4.4. Under the hood: TCP, UDP, ARP, netmasks, Under the hood: TCP, UDP, ARP, netmasks, broadcasting, dynamic addressesbroadcasting, dynamic addresses
5.5. TradeoffsTradeoffs
6.6. Tools and resourcesTools and resources
7.7. Code examples (Java)Code examples (Java)
8.8. Troubleshooting TCP/IP NetworksTroubleshooting TCP/IP Networks
9.9. ExercisesExercises
10.10. Wireshark Demo (Hands-on)Wireshark Demo (Hands-on)
Why TCP/IP (and Ethernet)?Why TCP/IP (and Ethernet)?
By far the most popular set of networking By far the most popular set of networking protocols – thanks to the Internetprotocols – thanks to the Internet
Finding its way into industrial/control Finding its way into industrial/control applications (including our products + systems)applications (including our products + systems)
IPN – InterPlanetary Network (NASA)IPN – InterPlanetary Network (NASA)
Internet Protocol v4 vs. v6Internet Protocol v4 vs. v6
IPv4: 192.168.1.22IPv4: 192.168.1.22
IPv6: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334IPv6: 2001:0db8:85a3:08d3:1319:8a2e:0370:7334
This course focuses on IPv4, IPv6 will This course focuses on IPv4, IPv6 will come “eventually”.come “eventually”.
IPv6 uses many of the same concepts and IPv6 uses many of the same concepts and terminology.terminology.
Much, much larger address space.Much, much larger address space.
Internet providers slow to move over to IPv6.Internet providers slow to move over to IPv6.
The BasicsThe Basics
(What the User Sees)(What the User Sees)
IP Address: 192.168.1.100IP Address: 192.168.1.100
Gateway: 192.168.1.1Gateway: 192.168.1.1
Netmask: 255.255.255.0Netmask: 255.255.255.0
What do these mean, and what goes on What do these mean, and what goes on “under the hood”?“under the hood”?
The Simplest Ethernet NetworkThe Simplest Ethernet Network
Computer #1IP: 192.168.1.101
Computer #2IP: 192.168.1.102
CrossoverCable
A Basic Ethernet NetworkA Basic Ethernet Network
Ethernet “segment”
Straight-ThroughCable
Usually a Hub or Switch
Computer #1IP: 192.168.1.101
Computer #2IP: 192.168.1.102
Exercise: “ping”Exercise: “ping”
ping 192.168.1.102
Exercise: “ping”Exercise: “ping”
1.1. How did ping know what “192.168.1.102” was?How did ping know what “192.168.1.102” was?
2.2. How did it know how to send the data?How did it know how to send the data?
3.3. How did the data get there?How did the data get there?
4.4. How did Computer #2 know where to send the reply?How did Computer #2 know where to send the reply?
5.5. How did the reply data get there?How did the reply data get there?
The TCP/IP Stack ModelThe TCP/IP Stack Model
The TCP/IP Stack ModelThe TCP/IP Stack Model
Email, WWW, FTP, etc. (Data)Email, WWW, FTP, etc. (Data)
TCP,UDP,ICMP (Connections or Paths)TCP,UDP,ICMP (Connections or Paths)
IP (Packets)IP (Packets)
Ethernet (Frames)Ethernet (Frames)
Cable (Bits / Voltages)Cable (Bits / Voltages)Physical
Data Link
Network
Transport
Application
OSI (7 layers) vs. TCP (5 layers)OSI (7 layers) vs. TCP (5 layers)
Layers “talk” to their equivalent on either endLayers “talk” to their equivalent on either end
Physical
Data Link
Network
Transport
Application
Physical
Data Link
Network
Transport
ApplicationVirtual
Connection
PhysicalConnection
Computer A Computer A
Computer B Computer B
Who Provides Which Parts?Who Provides Which Parts?
Physical
Data Link
Network
Transport
Application Your program!
Operating System
Network Card
Physical Cable
A Basic Ethernet NetworkA Basic Ethernet Network
Ethernet “segment”
Straight-ThroughCable
Usually a Hub or Switch
Computer #1IP: 192.168.1.101
MAC: 00-90-4B-1F-13-17
Computer #2IP: 192.168.1.102
MAC: 00-90-4B-14-23-65
A More Complete Ethernet NetworkA More Complete Ethernet Network
Computer #1192.168.1.101
MAC: 00-90-4B-1F-13-17
GatewayPrivate IP: 192.168.1.1
MAC: 00-40-41-14-20-61
Public IP: 216.3.6.99MAC: 00-30-44-17-95-45Computer #3
192.168.1.103MAC: 00-80-1B-34-55-16
OtherSegment
s(Internet)
Computer #2192.168.1.102
MAC: 00-90-4B-14-23-65
Exercise: “ping”Exercise: “ping”
ping www.google.ca
Exercise: “ping”Exercise: “ping”
1.1. How did ping know where How did ping know where www.google.ca was? was?
2.2. What data did it send?What data did it send?
3.3. How did it know where to send the data?How did it know where to send the data?
4.4. How did the data get there?How did the data get there?
5.5. How did Google know where to send the reply?How did Google know where to send the reply?
6.6. How did the data get here?How did the data get here?
Interfaces and InteractionsInterfaces and Interactionsbetween layersbetween layers
InterfacesInterfaces and and interactionsinteractions between layers between layers
Physical
Data Link
Network
Transport
Application
Sockets and Ports
Encapsulation and Routing
Address Resolution Protocol (ARP)
Carrier Sense Multiple Access
Sockets and PortsSockets and Ports
Provide logical endpoints for communication.Provide logical endpoints for communication.
10031004
…
…
PortsSockets
Independent ports for TCP and UDPIndependent ports for TCP and UDP
Ports can be 0-65535 but most < 1024 are definedPorts can be 0-65535 but most < 1024 are defined
1002 Application 1
Application 2
1001
Data Link
EncapsulationEncapsulation
Network
Transport
Application
All layers have a “header” followed by dataAll layers have a “header” followed by data
Higher-level layers reside inside data area of lower layer
High-level packets are broken up across lower-level packets if needed
Under the HoodUnder the Hood
Transport Control Protocol (TCP)Transport Control Protocol (TCP)““Phone call” Phone call”
Guarantees delivery and packet order.Guarantees delivery and packet order.
Heartbeats, ACKs and timeouts built-in.Heartbeats, ACKs and timeouts built-in.
More background “stuff” on network.More background “stuff” on network.
Use when the data must arrive, but timing is Use when the data must arrive, but timing is not important.not important.
User Datagram Protocol (UDP)User Datagram Protocol (UDP)
““Postcard”Postcard”
No guarantees.No guarantees.
Heartbeats, checksums, ACKs and timeouts Heartbeats, checksums, ACKs and timeouts provided by...you! (if needed)provided by...you! (if needed)
Question:Question: Which layer? Which layer?
Use when fast/predictable delivery is need, Use when fast/predictable delivery is need, but can tolerate lost or out-of order of data.but can tolerate lost or out-of order of data.
Internet Control Message Protocol Internet Control Message Protocol (ICMP) (ICMP)
Diagnostics, errors, routingDiagnostics, errors, routing
Not typically used by end-user applications.Not typically used by end-user applications.
i.e.: pingi.e.: ping
BroadcastingBroadcasting
Ethernet: FF:FF:FF:FF:FFEthernet: FF:FF:FF:FF:FFOnly to local Ethernet segmentOnly to local Ethernet segment
IP: Bit Compliment of Netmask, OR’d with IP: Bit Compliment of Netmask, OR’d with the IP addressthe IP address
Exercise: Work out Broadcast addressExercise: Work out Broadcast address
Question:Question: This only makes sense for UDP. Why? This only makes sense for UDP. Why?
CSMA/CD CSMA/CD Prevents multiple computers accessing the physical layer Prevents multiple computers accessing the physical layer
simultaneouslysimultaneously..
Collision DetectionCollision Detection
JammingJamming
Random back-off and retryRandom back-off and retryHence, not a “true” real-time busHence, not a “true” real-time bus
Rarely an issue with modern hubs – intelligent devicesRarely an issue with modern hubs – intelligent devices
Address Resolution ProtocolAddress Resolution ProtocolMaps between IP addresses to MAC addresses.Maps between IP addresses to MAC addresses.
1.1. Sender sends a Sender sends a broadcastbroadcast, asking for the holder of the , asking for the holder of the destination IP to respond. (destination IP to respond. (QuestionQuestion: On which layer?): On which layer?)
2.2. Destination replies directly to sender to indicate that it Destination replies directly to sender to indicate that it holds the desired IP address.holds the desired IP address.
3.3. Sender sends the data, and caches that IP/MAC Sender sends the data, and caches that IP/MAC mapping for mapping for 5 minutes5 minutes (Windows default) (Windows default)
QuestionQuestion: What’s the MAC address for : What’s the MAC address for www.google.ca ? ?(Not what you might think)(Not what you might think)
Dynamic Host Control ProtocolDynamic Host Control Protocol
Assigns IP addresses dynamically.Assigns IP addresses dynamically.
Addresses are dispensed+managed by a Addresses are dispensed+managed by a DHCP ServerDHCP Server..
Computer sends a Computer sends a broadcastbroadcast, asking for an IP address. , asking for an IP address. ((QuestionQuestion: On which layer?): On which layer?)
DHCP Server replies and assigns the computer an IP DHCP Server replies and assigns the computer an IP address to begin using.address to begin using.
DHCP Server typically remembers computers by MAC DHCP Server typically remembers computers by MAC and sets same IP later, but not guaranteed.and sets same IP later, but not guaranteed.
NetmasksNetmasksUsed to filter out which IP addresses are on your segment, Used to filter out which IP addresses are on your segment,
and which are notand which are not
192.168.1.102 = 11000000 10101000 00000001 1100110192.168.1.102 = 11000000 10101000 00000001 1100110255.255.255.0 = 11111111 11111111 11111111 0000000255.255.255.0 = 11111111 11111111 11111111 0000000Boolean AND: 11000000 10101000 00000001 0000000Boolean AND: 11000000 10101000 00000001 0000000
Therefore, any IP address starting with 192.168.1.___ is on Therefore, any IP address starting with 192.168.1.___ is on the local network.the local network.
All others are external and data is sent to the router.All others are external and data is sent to the router.
Network Address Translation (NAT)Network Address Translation (NAT)
Question:Question:
From the outside, how do you send a From the outside, how do you send a packet to a specific machine on a LAN?packet to a specific machine on a LAN?
TradeoffsTradeoffsTCP vs. UDPTCP vs. UDP
DHCP vs. Static AddressingDHCP vs. Static Addressing
Blocking vs. Non-blockingBlocking vs. Non-blocking
Cable lengthsCable lengths
Understanding Latency vs. ThroughputUnderstanding Latency vs. Throughput
Special IP AddressesSpecial IP Addresses
127.0.0.x – Loopback127.0.0.x – Loopback
192.168.x.x - LANs192.168.x.x - LANs
10.x.x.x – LANs10.x.x.x – LANs
172.16.x.x to 172.31.x.x - LANs172.16.x.x to 172.31.x.x - LANs
169.254.x.x – DHCP Fall-back169.254.x.x – DHCP Fall-back
WirelessWireless
Ad-hoc vs. Access PointAd-hoc vs. Access Point
QuestionsQuestions: : What layer does this handle?What layer does this handle?What are the implications?What are the implications?
““Tunneling”Tunneling”
Encapsulate one protocol inside another – Encapsulate one protocol inside another – at an equal or higher layerat an equal or higher layer
FirewallsFirewalls
Filter out packets by port and typeFilter out packets by port and type
Allows incoming packets in response to an Allows incoming packets in response to an outgoing packet throughoutgoing packet through
Often used in conjunction with NATOften used in conjunction with NAT
ToolsTools
OS tools – ping, netstat, i[p|f]config, OS tools – ping, netstat, i[p|f]config, traceroute, nslookuptraceroute, nslookup
““Packet sniffer” software – puts network Packet sniffer” software – puts network card into card into promiscuous modepromiscuous mode – all packets – all packets visible - visible - EtherealEthereal WiresharkWireshark
ResourcesResources
IETF – IETF – www.ietf.org
Wikipedia (with caution)Wikipedia (with caution)
Sending UDP in JavaSending UDP in Java try try
{{ String host = "www.host.com"; String host = "www.host.com"; int port = 3000; int port = 3000;
byte[] message = “Hello World".getBytes(); byte[] message = “Hello World".getBytes();
// Get the internet address of the specified host // Get the internet address of the specified host InetAddress address = InetAddress.getByName(host); InetAddress address = InetAddress.getByName(host);
// Initialize a datagram packet with data and address // Initialize a datagram packet with data and address DatagramPacket packet = new DatagramPacket(message, message.length DatagramPacket packet = new DatagramPacket(message, message.length
, address, port);, address, port);
// Create a datagram socket, send the packet through it, close it. // Create a datagram socket, send the packet through it, close it. DatagramSocket dsocket = new DatagramSocket(); DatagramSocket dsocket = new DatagramSocket(); dsocket.send(packet); dsocket.send(packet); dsocket.close(); dsocket.close(); } }
catch (Exception e) catch (Exception e) {{
System.err.println(e); System.err.println(e); } }
Receiving UDP in JavaReceiving UDP in Java trytry
{{ int port = 3000; int port = 3000; DatagramSocket socket = new DatagramSocket(port); DatagramSocket socket = new DatagramSocket(port);
// Create a packet object. // Create a packet object. DatagramPacket packet = new DatagramPacket(new byte[256],256);DatagramPacket packet = new DatagramPacket(new byte[256],256);
// Loop Forever, waiting for packets.// Loop Forever, waiting for packets. while (true) while (true)
{{ socket.receive(packet); // This blocks! socket.receive(packet); // This blocks! // Handle it// Handle it handlePacket(packet);handlePacket(packet); }} }} catch (SocketException ex)catch (SocketException ex) {{ ex.printStackTrace();ex.printStackTrace(); System.exit(1);System.exit(1); }}
Debugging TCP/IP NetworksDebugging TCP/IP Networks
Bugs in your program?Bugs in your program?
Protocols, ports, match? Any firewalls in the way? Is Protocols, ports, match? Any firewalls in the way? Is routing set up properly?routing set up properly?
Are all IP addresses, netmasks set correctly?Are all IP addresses, netmasks set correctly?
Ethernet send/receive? (need sniffer)Ethernet send/receive? (need sniffer)
Are the cables undamaged and plugged in? Are hubs Are the cables undamaged and plugged in? Are hubs powered? Do you have Link lights?powered? Do you have Link lights?Physical
Data Link
Network
Transport
Application
Recommended approach: Recommended approach: Start at the lowest layer and work “up”.Start at the lowest layer and work “up”.
Other TopicsOther Topics
WindowingWindowing
Domain Name SystemDomain Name System
RoutingRouting
SpoofingSpoofing
StreamingStreaming
ExercisesExercises
1.1. Devise a method for measuring the latency of Devise a method for measuring the latency of a TCP/IP and Ethernet link.a TCP/IP and Ethernet link.
2.2. Devise a method for measuring the throughput Devise a method for measuring the throughput of a TCP/IP and Ethernet link.of a TCP/IP and Ethernet link.
3.3. Debugging: Computer cannot be accessed or Debugging: Computer cannot be accessed or pinged, but ARP is functioning. Why?pinged, but ARP is functioning. Why?
Wireshark DemoWireshark Demo