Tag: IP address

Say Goodbye to IPv4 … it has served as well

We have a survey on IPv6, please complete it here.

Introduction

Well, when they created ARPAnet, which eventually become the Internet, they had a network of 15 nodes and 23 hosts. It basically connected nine DEC PDP-10’s and five System/360’s. At the time the concept of the PC or even computers in the home was a long way off. So along come the concept of a layered model for networking, where we give each layer a specific role, such as for the physical layer which is responsible for the electrical characters of the cables, and the 1s and 0s which travel along the line. The level above, named the Data Link layer, focuses on defining an orderly way for the data to get from one host to another, and introduces the concept of a hardware address. It is in the layer above that we get the concept of inter-networking, using the concept of an network address. So let’s look at IPv4, and it’s role, and see if we can look to the future.

Let’s take an example

ip2
Figure 1

We will create a simple network, and watch the data packets are they travel over the network (Figure 1).  Let’s say that the node at 192.168.1.3 wants to communicate with 10.0.0.1. As they are on different networks, we cannot just send the data packet to the remote computer, so we need routers to be able to take packets from one network and find the best way to send them to their destination. First the host, let’s call in HOSTA, must find out the physical address of the gateway port. In this case it is the port on the router that the host connects to. So HOSTA sends out an ARP request for the physical address (typically known as the MAC address in an Ethernet network) of 192.168.1.254. This is sent to all the hosts and network connection which are contained within the area bounded by the router port. The only network connection to respond back is the gateway port (at 192.168.1.254) which will send back its MAC address to HOSTA. HOSTA then adds this to its ARP cache, so that is does not have to ask for the MAC address for a while. Now HOSTA will send out a data packet with the destination network address (10.0.0.1) and with a source address of its own network address (192.168.1.2). The physical addresses using in the Ethernet frame will be the destination MAC address of the router (1:2:3:4:5:5) with a source MAC address of the host ((1:2:3:4:5:1). The router will then pick this up and examine the destination network address. It knows that it can pass onto the next router, as this router has told it that it can reach that network in 1 hop. The network addresses will stay the same in the network packet, but the MAC addresses will now change to a destination MAC of 1:2:3:4:5:7 and a source MAC of 1:2:3:4:5:6. The next router picks it up, and actually knows that 10.0.0.x is connected to one of its ports. So it sends out an ARP address to that network asking “Who has 10.0.0.1?”, and the destination host (HOSTB) will respond with its MAC address, after which the router can then send the data packet to the destination.

And to IP

ip
Figure 2: IP, TCP and Ethernet

We can see that the key to the data moving over the interconnected networks is the network address, and the most popular address is the one used on the Internet: IP (Internet Protocol), or more specifically IP Version 4.  Figure 2 shows the basic format for IP, and also for the layer above: TCP, and for Ethernet. The first four bits of the IP header is key, as it these bits which actually define the IP version, which in most cases is Version 4. The key element of the address is the 32-bit source and destination address. At the time the Internet was created this size of address made sense, as it gave over 4 billion unique addresses. Unfortunately the number of devices which connect to the Internet has risen massively, and just last year, we ran out of IP address which can be given out. So we are at a cross-roads. What shall we do now? If the number of devices, from laptops to mobile devices, to sensors, increases by the day, all of which want a unique IP address.

Figure
Figure 3: NAT

The first solution is to use NAT (Network Address Translation), where the IP addresses on one network can be mapped to global IP addresses. So in the most efficient method, many addresses can be overloaded into a single address. In fact, if you are at home on a wireless network, there’s a good chance you are using overloaded NAT, where many addresses on the wireless will map to a single global IP address. So if you run “ipconfig” and see an address such as 192.168.0.1, which does not existing on the Internet, then your connection to the Internet will translate this address to a publicly available IP address. If you are interested it typically does this by mapping to TCP ports. All this is fine, but it makes for a fairly private network infrastructure, which is difficult to give each host on the Internet the full rights to exist in its own space.

And so to IPv6

The solution to this problem, and eventually it will be a major problem, and one which will hold back the future of the Internet is IPv6. Let’s look at a world in which we could connect every single electronic device directly on the Internet, and for it to be seen by all the other nodes. The main change is the move toward a 128-bit address, which gives up to 115,792,089,237,316,195, 423,570,985,008,687,907,853,269, 984,665,640,564,039,457,584,007,913, 129,639,936 different address … which should be enough to go round for a long time.

In IPv4 with have four groups of decimal values, each representing 8 bits. With IPv6 addresses there are eight groups of four hexadecimal digits, separated by colons, for example:

2001:0630:0012:0600:0001:0000:0000:0107

We can compress the zeros to give:

2001:630:12:600:1::107

where the :: replaces a series of 0s.

So how do we generate an IPv6 address? Well we can do it based on the MAC address of the computer from:

C8-F7-33-4B-82-37

and using the EUI-64 format will generate an address of:

::CAF7:33FF:FE4B:8237

We can also define an IPv6 address with a network part and a host part. For example:

2001:630:12:600:1::107/64

gives a network part of:

2001:630:12:600::/24

and a host part of:

::1:0:0:107

Here’s a sample for defining IPv6 on a Cisco router:

http://www.asecuritysite.com/cisco/router?chall=1ccna%2FChallenge_146

Ode to ARP and Ethernet … the plumbing of the Internet

Introduction

Layered model
Layered model

Sometimes in life there are things that are so important and part of our every day existence, but no-one knows about them. It happens with great corporations such as Cisco Systems, where a few years ago few people actually knew about the company, but they had basically built most of the infrastructure for the Internet. So it is to ARP, the most amazing little protocol that deserves some credit for actually building the Internet too, along with Ethernet which provides the plumbing.

At one time in the computing industry it was often difficult to interconnect systems, typically because a certain vender had their own protocol and interface, which made it difficult to connect to. So, in networking, a layered approach is typically used, which allows for different hardware and software to be interconnected. This has supported a great drive for convergence and standardization, and one of the best examples of this is the seven-layered model, which is shown in the diagram above. Overall this defines the protocols which are used at each of the layer, each of which has their own function.

ARP

ARP
ARP

TCP  and IP  have made the interconnection of the world possible, but Ethernet must be given a silver medal for building up the network from the ground up. Without Ethernet we would have never have evolved organizational networks, create the Internet so quickly. Before we go on I must explain what “The Internet” actually is, so that we do no confuse it with “The Web”. Well “The Internet” is a collection of publicly registered computer systems which have registered their IP address range, and can thus be contacted within the public address space. Whereas “The Web” is a collection of Web servers, who provide Web-based content. Anyone can create “An internet”, if they want, but that will contain a private address space, whereas “The Internet”, is publicly defined addresses.

For anyone who has used a modem from home, and had to make a dial-up connection, will know how annoying this can be. But, with Ethernet, plug-in the cable, or connect through wireless, and it all works. You don’t even have to know what the physical address of the computer is. So how does it work? Well the key is ARP, as ARP allows a computer to broadcast  a message to the rest of the network, asking for the MAC (Media Access Code) address of a given network address. Thus computers can quickly determine the physical addresses of all the devices on their network segment, simply by broadcasting an ARP request.

So what if the destination is outside the network segment,, such as on the Internet? Well with this the computer sends our an ARP request for the MAC address of the gateway. The computer will normally now its gateway address, as it’s one of the key setting that we create for the network. After this the gateway will then send back it’s MAC address, and the computer is then able to communicate with it, as it knows both its network address (required in the IP packet header) and the MAC address (which is contained in the Ethernet frame). The computer will then create the data it wants to sent, and segments it up with TCP, it takes the segments and address an IP destination address with IP, and then frames it up with Ethernet. The destination IP address will be the remote node that the computer wants to communicate with, but the destination MAC address will be the gateway MAC address, and thus we have created the first link of the connection.

After this routers will guide the data packet through the Internet, until it gets to the last segment, where the last gateway node will send out an ARP request on network segment that the destination node is on, for the MAC address of the node which has the destination address contained in the IP packet — Pweh! Are you getting this? — for which, if it is on, it will respond with its MAC address, and the gateway can then deliver the data. So ARP has to be thanked for the first part and the last part of the journey. Without it we would have to register all the MAC addresses of connected computers on a large database, and have to query it every time we wanted to communicate.

Mechanics of the ARP protocol

If you would like to see examples of network protocols, there are whole lots of examples at:

http://www.asecuritysite.com/information/pcap

where you will see ARP in action. Typically it is the first part of a network connection, where a node must discover the gateway, or a node on the same network.

For example here’s the first network packet for a Web connection, where the node is sending out a broadcast to find the MAC address of the node at 192.168.75.132 (you can see that we are at 192.168.75.1):

No.     Time        Source                Destination           Protocol Info
      1 0.000000    Vmware_c0:00:08       Broadcast             ARP      Who has 192.168.75.132? 
                                                                           Tell 192.168.75.1

and then the next, the node at 192.168.75.132 responds back with its MAC address (00:0c:29:0f:71:a3):

No.     Time        Source                Destination           Protocol Info
      2 0.000339    Vmware_0f:71:a3       Vmware_c0:00:08       ARP      192.168.75.132 is at 
                                                                          00:0c:29:0f:71:a3

followed by the standard three-way handshake, were we can now communicate with the gateway, where the destination MAC is in the Ethernet destination MAC address field:

No.     Time        Source                Destination           Protocol Info
      3 0.000362    192.168.75.1          192.168.75.132        TCP      mgcp-gateway > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2 TSV=344415 TSER=0
No.     Time        Source                Destination           Protocol Info
      4 0.000602    192.168.75.132        192.168.75.1          TCP      http > mgcp-gateway [SYN, ACK] Seq=0 Ack=1 Win=64240 Len=0 MSS=1460 WS=0 TSV=0 TSER=0
No.     Time        Source                Destination           Protocol Info
      5 0.000681    192.168.75.1          192.168.75.132        TCP      mgcp-gateway > http [ACK] Seq=1 Ack=1 Win=66608 Len=0 TSV=344415 TSER=

If you are interested in learning about network protocols, there is a presentation at:

Ethernet

IP, TCP and Ethernet
IP, TCP and Ethernet

Until recently, it seemed unlikely that Ethernet would survive as a provider of network backbones and for campus networks, and its domain would stay, in the short-term, with connections to local computers. If you are interested the diagram on the right-hand side shows the three main protocols that are involved on most of the communications on the Internet: IP, TCP and Ethernet. Each of them have information that they add to the data, so that it can be delivered correctly and within a good time period.

As a computing professor, I have seen networking standards come and go, and it seemed for a while that ATM was the solution for integrated networks, as it was the true integrator of real-time and non real-time data. This was due to Ethernet’s lack of support for real-time traffic and that it does not cope well with traffic rates that approach the maximum bandwidth of a segment (as the number of collisions increases with the amount of traffic on a segment). ATM seemed to be the logical choice as it analyses the type of data being transmitted and reserves a route for the given quality of service. It looked as if ATM would migrate down from large-scale networks to the connection of computers, telephones, and all types of analogue /digital communications equipment. But, remember, not always the best technological solution wins the battle for the market – a specialist is normally always trumped by a good all-rounder.

Ethernet is the best poker player in town. It knows all the tricks. It’s a heavyweight prize fighter. It’ll slug it out with anyone, and win. I took Token Ring on, head to head, and thrashed it. So what would you choose for your corporate network? Would it be a technology that was cheap, and could give you 10Mbps , 100Mbps for your connections to workstations and server , and, possibly, 1Gbps for your backbone . Ethernet always makes a sensible choice, as it’s cheap and it’s going to be around for a lot longer, yet. Any problems within an Ethernet network can be solved by segmenting the network, and by relocating servers . And for cable , it supports twisted-pair , coaxial and fiber. Who would have believed that you could get 1Gbps down a standard Cat-5 , twisted-pair cable. Amazing!

Ethernet also does not provide for quality of service and requires other higher-level protocols, such as IEEE 802.1p. These disadvantages are often outweighed by its simplicity, its upgradeability, its reliability and its compatibility . One way to overcome the contention problem is to provide a large enough bandwidth so that the network is not swamped by sources which burst data onto the network. For this, the gigabit Ethernet standard is likely to be the best solution for most networks.

Whatever bandwidth you want

A key method of increasing the bandwidth of a network is to replace hubs with switches, as switches allow simultaneous transmission between connected ports. Thus if the bandwidth of a single port on a switch is 100Mbps, then a multi-port switch can give a throughput of several times this. But, switches have the potential of improving the configuration of networks.

Many workers are now used to open-plan offices, where the physical environment can be changed as workgroup evolve. This is a concept which is now appearing in networking, where virtual networks are created. With this computers connect to switches. The switch then tags data frames for destination virtual networks and puts the tagged data frame onto the backbone . Other switches then read the tag, and, if the destination is connected to one of their ports, they remove the data tag, and forward the data frame to the required port. This technique is now standardized with IEEE 802.1q, an important step in getting any networking technique accepted. Imagine if whole countries were setup like this. What we would have is a programmable network, where system administrators could connect any computer to any network. Presently we are constrained by the physical location of nodes.

Virtual networks will also bring enhanced security, where it will be possible to constrain the access to sensitive data. For example a server which contains data which must be kept secret can be located in a safe physical environment and only users which a valid MAC address would be allowed access to the data.

Hats off to the IEEE who have carefully developed the basic technology, after its initial conception by DEC , Intel and the Xerox Corporation.

Route Summarization

Route Summarization is one of the more challenging areas of networking, so I thought I would outline my calculator, in order that you can check your solutions. The key thing is to determine the bits that are common in the bit sequences (starting from the left-hand side). All the examples given here are included on this Web page.

Example 1

For example:

172.16.128.0-172.16.159.255

gives:

10101100.00010000.10000000.00000000 (172.16.128.0)
10101100.00010000.10000001.00000000 (172.16.129.0)
10101100.00010000.10000010.00000000 (172.16.130.0)
... 
10101100.00010000.10011111.11111111 (172.16.159.255)

where the common part is:

10101100.00010000.100

where 10101100 is 172
where 00010000 is 16
where 100xxxxx is 128

which gives:

172.16.128.0

and since we using 19 bits (8+8+3) to give a route summarization of:

172.16.128.0/19

Example 2

For example: 192.168.98.0 192.168.99.0 192.168.100.0 192.168.101.0 192.168.102.0 192.168.105.0 we get:

11000000.10101000.01100010.00000000 (192.168.98.0)
11000000.10101000.01100011.00000000 (192.168.99.0)
11000000.10101000.01100100.00000000 (192.168.100.0)
11000000.10101000.01100101.00000000 (192.168.101.0)
11000000.10101000.01100110.00000000 (192.168.102.0)
11000000.10101000.01101001.00000000 (192.168.105.0)

We can see that the first part is common to all the bit sequences:

11000000.10101000.0110

where 1100 0000 is 192
where 1010 1000 is 168
where 0110 0xxx is 96

giving: 192.168.96.0

and we have 20 bits shared, thus the result is 192.168.96.0/20

Example 3

In this example we have:

172.1.4.0 172.1.4.128 172.1.5.0 172.1.6.0 172.1.7.0

which gives:

10101100.00000001.00000100.00000000 (172.1.4.0)
10101100.00000001.00000100.10000000 (172.1.4.128)
10101100.00000001.00000101.00000000 (172.1.5.0)
10101100.00000001.00000110.00000000 (172.1.6.0)
10101100.00000001.00000111.00000000 (172.1.7.0)

which gives a common part of:

10101100.00000001.000001

where 10101100 is 174
where 00000001 is 1
where 000001xx is 4

which gives 174.1.4.0

and we have used 22 common bits to give:

172.1.4.0/22

Example 4

For example:

100.16.0.0 100.17.0.0 100.18.0.0 100.19.0.0

which gives:

01100100.00010000.00000000.00000000 (100.16.0.0)
01100100.00010001.00000000.00000000 (100.17.0.0)
01100100.00010010.00000000.00000000 (100.18.0.0)
01100100.00010011.00000000.00000000 (100.19.0.0)

The common part is:

01100100.000100

Where 01100100 is 100
Where 000100xx is 16

to give: 100.16.0.0/14

Other examples

There are other examples at:

http://www.asecuritysite.com/IP/routesum

Napier Cloud

We have setup a fairly advanced Cloud infrastructure within Edinburgh Napier University, and this is used to virtualise a range of desktop and server environments. To connect you use:

http://napiercloud.com

or use the vCentre Client. The following shows how you connect and enable the IP addresses for the VMs:

The Linux VM should get its address automatically from the DHCP server, and be mounted onto 10.200.0.x, where as the Backtrack instance will need you to refresh the Ethernet interface. To do this use these commands:

$ ip link show
$ dhclient eth4
$ startx

If you need any other VM setup, please say, and we’ll try and add it. We’re just refreshing the VMs, so there will be more appearing soon. EnCase should be setup soon, too.

Apples4U Pen Test

With the module CSN11123/4 we perform a pen test on the Apples4U server. The following shows how to setup the connection of your VM to the Apples server (Coursework definition):

If you need to access the Apples server for a stand-alone assessment:

Note the following:

  • You should get approval for all your pen tests from apples@billatnapier.com, and do not download any software or perform the test, until you have approval from apples. Please be business-like in your emails, and try and outline the scope of the tests, and the times that you are likely to perform them.
  • If you crash the server, or change anything on it, please try and mitigate it, or email apples@billatnapier.com to get a reboot.
  • The username/password for the Apples4U server is secret. If you want to crack it, you must get approval from apples@billatnapier.com, as part of your pen test requirements.

Current location of servers

The IP address of the Apples4U server is 10.200.0.4, with a backup server 10.200.0.72. For the Backtrack instances, the login is root, with a password of toor or napier_toor. If you are interested, the Metasploitable instance is at 10.200.0.47.

 

Bill/Richard.