Chapter 23 ARP ICMP DHCP IS 333 Spring

  • Slides: 39
Download presentation
Chapter 23: ARP, ICMP, DHCP IS 333 Spring 2016

Chapter 23: ARP, ICMP, DHCP IS 333 Spring 2016

Role of ARP Q: What role does ARP play in the TCP/IP protocol stack?

Role of ARP Q: What role does ARP play in the TCP/IP protocol stack? A: See Figure 23. 5 on p 389. ARP bridges the Layer 2 / Layer 3 addressing boundary, allowing IP to be agnostic about layer 2’s addressing, and yet still use layer 2 to deliver packets. Note that ARP is designed to work with not just IP and Ethernet, but any pair of protocols.

Who does a machine ARP for? Q: Does a machine ARP for a machine

Who does a machine ARP for? Q: Does a machine ARP for a machine that is not on its local LAN? A: No! It is trying to find the MAC address – which means layer 2. So, it is trying to get the packet to its next-hop (which might be the ultimate destination). If the destination address is not on the local network, then the packet is sent to the router, which is on the local network. So, if it needs to, it will ARP for the router’s IP address on the local network.

ARP Request/Response Q: How does a machine send a request to another machine to

ARP Request/Response Q: How does a machine send a request to another machine to get its MAC if it doesn’t know the MAC of the machine? A: The requesting machine broadcasts the request at layer 2, asking for a certain IP address. All machines on the LAN accept that packet, but only the machine with that IP address responds, using layer 2 to deliver the packet back directly to the requester. (Note: ARP is not carried in an IP packet. It is carried directly on layer 2. )

ARP question Q: Would it be possible that if computer A sends an ARP

ARP question Q: Would it be possible that if computer A sends an ARP request for computer B out to the network, that an entity other than another host, such as a switch or a router, or a DHCP server, could send back an ARP response? A: Yes, it is possible! It could be a real security problem. If some malevolent machine responds to ARPs saying its own MAC is the MAC for every IP address, then it will receive all packets and be able to snoop them.

Cache? Q: What is a “cache”? A: A cache is a small “database” of

Cache? Q: What is a “cache”? A: A cache is a small “database” of information. The information in the database can be retrieved elsewhere, but much more slowly. The cache stores the information for much faster retrieval. Entries in the cache are typically timed out because the information found remotely might change.

ARP cache size Q: Storing IP addresses accessed from ARP requests take memory. Does

ARP cache size Q: Storing IP addresses accessed from ARP requests take memory. Does the usage of this memory slow down switches/routers as the number of hosts grows? A: I suppose theoretically it could. A cache, however, typically has a max size, and when that size is hit, old entries are removed. So, the memory usage won’t grow too large.

What if… Q: A machine does not answer ARP requests? A: No one talks

What if… Q: A machine does not answer ARP requests? A: No one talks to it. Q: Two machines answer an ARP request, with their own different MAC addresses? A: Houston, we have a problem! Probably the second response will stay in the cache and the first machine won’t be talked to.

ICMP Q: What layer is ICMP at? It is carried in IP packets, so

ICMP Q: What layer is ICMP at? It is carried in IP packets, so does that make it layer 4? A: The protocol definition says that ICMP must be implemented if IPv 4 is implemented. So, it is a part of IP at layer 3. Also, it is not a transport protocol, which is what is at layer 4.

DHCP review Q: What kind of information does a DHCP response carry? A: Usually

DHCP review Q: What kind of information does a DHCP response carry? A: Usually at least 4 things: • IP address • Subnet mask • Default router IP address • DNS server IP address

DHCP Servers Q: Do you always need a dedicated DHCP server if you want

DHCP Servers Q: Do you always need a dedicated DHCP server if you want to use DHCP? It seems like it would not take a lot of processing power to hand out addresses. Could this functionality be rolled up with other services on one server? A: DHCP servers typically run on routers or some machine that runs lots of services. Q: Do you need a DHCP server on every LAN? A: Yes, unless you use a relay agent.

Boot file name Q: In the DHCP message format, if the BOOT FILE NAME

Boot file name Q: In the DHCP message format, if the BOOT FILE NAME field is filled with a Linux OS, is it ever able to boot on a windows or different OS? A: The boot file name is typically used for systems which boot into a very primitive OS that is only capable to sending a DHCP request and getting a response. When the response comes in, the tiny OS uses TFTP (trivial ftp) to download the actual OS from a TFTP server, and boot into it.

BOOTP vs DHCP Q: I’m confused about the relationship between BOOTP and DHCP. A:

BOOTP vs DHCP Q: I’m confused about the relationship between BOOTP and DHCP. A: BOOTP came first and was OK. Then DHCP came along and was specified as being backward compatible with BOOTP. But, it has more capabilities, like offering subnet masks, default routes, etc. So, DHCP is really a superset of the BOOTP functionality. BOOTP is not used anymore.

DHCP back-off Q: On page 394, the author says that in order to avoid

DHCP back-off Q: On page 394, the author says that in order to avoid synchronized flooding, DHCP requires each host to delay a random time before transmitting or retransmitting a request. Is this the same or similar to binary exponential backoff used in ethernet? A: It is a little similar. If a whole network goes down (power outage) and comes back up, and all machines do a DHCP request at the same time, there will be collisions, etc. So, it is a way to reduce collisions.

DHCP relay agent Q: How does a DHCP relay agent work? A: A relay

DHCP relay agent Q: How does a DHCP relay agent work? A: A relay agent listens on a LAN for a DHCP request. When it receives that request, it encapsulates the information in the request in a special message it sends to the (remote) DHCP server. The server responds to it, and then the agent sends out a DHCP reply, as if it were the actual server. (There are similar servers out there called proxy ARP servers…)

Old Slides

Old Slides

IP vs MAC addresses Q: What is the point of IP addresses if they

IP vs MAC addresses Q: What is the point of IP addresses if they are just resolved to the computers MAC address? A: An IP address is unique across the entire universe, and so uniquely identifies a destination. A MAC address only identifies a machine on the local network (so it only has to be unique on the local network, although MAC addresses are universally unique).

2 ARP replies? Q: If a computer receives two ARP replies for a single

2 ARP replies? Q: If a computer receives two ARP replies for a single request, and the first reply claims that the MAC address is M 1, and the second reply claims that the MAC address is M 2, how does ARP handle the replies? A: I think it treats each reply independently and updates the cache to have M 2 <--> IP address.

ARP Caching Q: Can you explain ARP Caching a bit more? Does it do

ARP Caching Q: Can you explain ARP Caching a bit more? Does it do this mainly because it expects to send the same datagram over again or is it more for when the datagram gets split up? I guess I’m still a bit fuzzy on why caching improves performance. A: ARP caching is remembering the results of previous ARPs – so, remembering the binding between MAC address and IP address. This is done purely for efficiency. If you send a packet to one IP address on your network, you will probably send one again.

ARP problems Q: Can a network have problems related to address resolution? If so,

ARP problems Q: Can a network have problems related to address resolution? If so, would the problems mostly arise from the protocol or can there be external factors that cause those problems? A: The only problems I can think of: 1) a machine doesn’t answer ARP requests no one can talk to it; 2) multiple machines answer an ARP request some machines might talk to one machine and some to another, thinking they are talking to the one machine with the unique IP address.

ICMP Q: If ICMP is used to report errors, why is it used to

ICMP Q: If ICMP is used to report errors, why is it used to handle pings and traceroutes? A: ICMP is used for network debugging. That’s what pings are for. traceroute makes use of ICMP error messages by setting the TTL too low in the messages it generates. That way the routers will send errors back and traceroute will learn the IP addresses of the routers on the path to the destination.

“Destination unreachable” Q: About the destination unreachable error on page 390; would that be

“Destination unreachable” Q: About the destination unreachable error on page 390; would that be referring to a computer on a remote network? A: This is reported when either your host machine has no route to the destination network/machine, or, a remote router (a “nexthop” router) has no route to the destination network/machine.

DHCP overview Q: Could you explain DHCP a bit more (perhaps with a drawing)?

DHCP overview Q: Could you explain DHCP a bit more (perhaps with a drawing)? A: Sure. 1) Machine boots up and finds it has no IP address. 2) It broadcasts a DHCP request. 3) The DHCP server allocates an IP address and sends it. 4) The machine receives it and installs the IP address. - The response also typically includes a network mask, default route, and DNS server IP hostname/address.

DHCP details Q: What is the "recommended" or "normal" time of a DHCP lease?

DHCP details Q: What is the "recommended" or "normal" time of a DHCP lease? A: 24 hours, I think. Q: From what I can gather, DHCP is not a necessity. Is that correct? A: Not necessary, but awfully useful. Otherwise, the user has to set the IP address every time the machine is rebooted.

Configuration Q: Can DHCP be configured any way that the admin wants? Can selective

Configuration Q: Can DHCP be configured any way that the admin wants? Can selective leasing be used to give a specific computer a specific address when the computer boots, even if another computer has that IP address - can the DHCP server take the address back to give to the new computer? A: DHCP can be configured in many different ways. We’ll do this in lab. A server can force a machine to give up an IP address, I think.

Fixed addresses? Q: Although DHCP is used extensively, what are the advantages of setting

Fixed addresses? Q: Although DHCP is used extensively, what are the advantages of setting a fixed address assignment - are there any? A: I have used fixed IP addresses when I want some network service running on a certain machine with a certain IP address always. E. g. , you typically hardcode a router’s interface to be x. y. z. 1. Or, maybe you have some license server software and you want to configure all your machines to always to go a certain IP address to get some license for the software.

BOOTP vs DHCP Q: Since BOOTP was extended to become DHCP, can you boot

BOOTP vs DHCP Q: Since BOOTP was extended to become DHCP, can you boot a BOOTP client on a DHCP server or vice-versa? A: You can use a BOOTP server with a DHCP client, but not vice versa, I think. The BOOTP server will send out a message a client can understand, but won’t contain all the data the client could receive… I think…

“Parameterized” software Q: Could you explain what is meant by "binary image" in this

“Parameterized” software Q: Could you explain what is meant by "binary image" in this statement: In essence, protocol software consists of a binary image that is parameterized, and initialization fills in a set of parameters. A: What this means is that the software components (IP, ARP, DHCP, etc. ) have to be configured to work on each machine, somehow.

Old Slides

Old Slides

How does ARP work? Q: How does ARP work? A: IP hands a packet

How does ARP work? Q: How does ARP work? A: IP hands a packet and a next-hop IP address to layer 2 to forward for it. Layer 2 has to figure out how to get the MAC address for this IP address. It checks its ARP cache for a resolution. If not found, it sends an ARP request and waits for a response. Then, it caches the results and sends to the MAC delivered in the response.

ARP Request/Response Q: How does a machine send a request to another machine to

ARP Request/Response Q: How does a machine send a request to another machine to get its MAC if it doesn’t know the MAC of the machine? A: The requesting machine broadcasts the request at layer 2, asking for a certain IP address. All machines on the LAN accept that packet, but only the machine with that IP address responds, using layer 2 to deliver the packet back directly to the requester. (Note: ARP is not carried in an IP packet. It is carried directly on layer 2. )

Details • The ARP responder caches the MAC/IP of the requester in its ARP

Details • The ARP responder caches the MAC/IP of the requester in its ARP cache. • Although all machines on the LAN could update their ARP cache from an ARP request, they don’t. Why? – Because they will fill up their cache with bindings they may never need.

ICMP • Internet Control Message Protocol • Mostly not implemented these days. • Only

ICMP • Internet Control Message Protocol • Mostly not implemented these days. • Only echo request/responses are implemented/enabled often. – Many others are security liabilities. • Designed to handle reporting errors/misconfigurations in an IP network. • Layer 4 protocol (carried by IP).

DHCP • Not necessary to implement to get a working network, but awfully convenient.

DHCP • Not necessary to implement to get a working network, but awfully convenient. • What is its role? – Allows a computer to “automatically” get an IP address. – And, subnet mask. – And, default route. – And, DNS server IP address(es). • All of these can be done by hand configuration. • Initially was called BOOTP.

DHCP problem… Q: How does a machine without an IP address request an IP

DHCP problem… Q: How does a machine without an IP address request an IP address over an IP network? A: Sends a (layer 2 and 3) broadcast message, filling in the src IP address as 0. 0 (“this computer”). Layer 4 is UDP, port 67, indicating a DHCP message. All machines receive the broadcast and forward up through IP to UDP. Only the machine listening on port 67 accepts and responds – that’s the DHCP server. The server responds directly to the MAC address used in the request.

DHCP Server Configuration Q: How do you configure a DHCP Server? A: You typically

DHCP Server Configuration Q: How do you configure a DHCP Server? A: You typically edit a file that specifies a range of addresses to be leased dynamically, and/or specific MAC <--> IP address bindings. You also configure the default route and DNS server IP addresses to send out. Note: only one DHCP server must be running per LAN, or chaos ensues. . .

DHCP Relay Agents Q: Do you have to run a DHCP server on each

DHCP Relay Agents Q: Do you have to run a DHCP server on each LAN? A: Without some special provisions, yes. DHCP requests use limited bcast (all 1 s), so don’t get forwarded across routers. But, you can implement a DHCP relay agent to forward requests/responses to/from the DHCP server. Still must be on relay agent on each LAN.

ARP Spoofing ARP A 0963328 ARP ARP requestARP Spoofing ARP A 0963328 ARP ARP request
ARP Spoofing ARP A 0963328 ARP ARP requestARP Spoofing ARP A 0963328 ARP ARP request
ARP 1 ARP 2 ARP 3 ARP 4ARP 1 ARP 2 ARP 3 ARP 4
Internet Control Message Protocol ICMP ICMP ICMP hasInternet Control Message Protocol ICMP ICMP ICMP has
ICMP ICMP Internet Control Message Protocol Each ICMPICMP ICMP Internet Control Message Protocol Each ICMP
Chapter 23 ARP ICMP DHCP CS 332 FallChapter 23 ARP ICMP DHCP CS 332 Fall
Exercises ARP ICMP DNS HTTPTCP Trace analysis ARPExercises ARP ICMP DNS HTTPTCP Trace analysis ARP
ARP A 0943309 ARP ARP TABLE ROUTER MACARP A 0943309 ARP ARP TABLE ROUTER MAC
ARP RequestARP Reply ARP RequestARP Reply ARP RequestARP RequestARP Reply ARP RequestARP Reply ARP Request
ARP RARP Vclav Ddek ARP RARP Obsah ARPARP RARP Vclav Ddek ARP RARP Obsah ARP
ARP SPOOFING What is ARP Spoofing ARP nARP SPOOFING What is ARP Spoofing ARP n
3 1 1 arp 1 ARP 2 arp3 1 1 arp 1 ARP 2 arp
RequestReply 10 Open Flow Controller ARP DHCP ARPRequestReply 10 Open Flow Controller ARP DHCP ARP
LOS SERVIDORES DHCP Acerca del protocolo DHCP DHCPLOS SERVIDORES DHCP Acerca del protocolo DHCP DHCP
Microsoft Official Course DHCP DHCP DHCP Server 2Microsoft Official Course DHCP DHCP DHCP Server 2
DHCP HZMET DHCP Nedir DHCP Dynamic Host ConfigurationDHCP HZMET DHCP Nedir DHCP Dynamic Host Configuration
Dynamic Host Configuration Protocol DHCP DHCP DHCP DiscoverDynamic Host Configuration Protocol DHCP DHCP DHCP Discover
DHCP 20051535 20062453 20062584 DHCP 1 DHCP DISCPVERDHCP 20051535 20062453 20062584 DHCP 1 DHCP DISCPVER
Service DHCP Rle dun service DHCP Serveur DHCPService DHCP Rle dun service DHCP Serveur DHCP
Network Monitoring and Management ICMP and SNMP ICMPNetwork Monitoring and Management ICMP and SNMP ICMP
ICMP UDP 1 ICMP Internet Control Message ProtocolICMP UDP 1 ICMP Internet Control Message Protocol
ICMP ICMP Sequence Number 2 Bytes Sequence NumberICMP ICMP Sequence Number 2 Bytes Sequence Number
ICMP LOGO v ICMP v v v vICMP LOGO v ICMP v v v v
ICMP Redirection Introduction ICMP route redirect message isICMP Redirection Introduction ICMP route redirect message is