cs 468: advanced unix class 7
DESCRIPTION
CS 468: Advanced UNIX Class 7. Dr. Jesús Borrego Regis University. Topics. IA Lab visit was scheduled for last week; rescheduled for next week Review of Homework 5 Networking Homework 6 Review for final Q&A. Networking. Computers connecting to other computers - PowerPoint PPT PresentationTRANSCRIPT
![Page 2: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/2.jpg)
Topics
•IA Lab visit was scheduled for last week; rescheduled for next week
•Review of Homework 5•Networking•Homework 6•Review for final•Q&A
2
![Page 3: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/3.jpg)
Networking
•Computers connecting to other computers•Computers connecting to the Internet•Network Topologies•Network Devices•Internetworking•Communicating with Users•Data distribution•NFS
3
![Page 4: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/4.jpg)
Communication model
4
CommunicationsInfrastructure
Source
Transmitter
Transmission System
Receiver
Destination
![Page 5: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/5.jpg)
OSI Model
5
Physical
Data Link
Network
Transport
Session
Presentation
Application
![Page 6: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/6.jpg)
Internet Protocol Stack
6
Transport
Physical
Data Link Control
Network/ Internet
Transport
Application
![Page 7: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/7.jpg)
OSI vs. IP
7
Physical
Data Link
Network
Transport
Session
Presentation
Application
Physical
Data Link Control
Network/ Internet
Transport
Application
![Page 8: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/8.jpg)
Ethernet
8
100 Mbps
100 Mbps
100 Mbps
1 Gbps
server
Ethernetswitch
institutionalrouter
to institution’sISP
typically used in companies, universities, etc▫ 10 Mbps, 100Mbps, 1Gbps, 10Gbps Ethernet▫ today, end systems typically connect into
Ethernet switch
![Page 9: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/9.jpg)
Bridges
•Connects separate networks▫One Ethernet network to another one▫“Bridges” two network segments together▫Makes it appear as if the two segments
were a single one•Wire length is limited due to degradation
of signal•Bridges allow extension of physical
limitation of wire
9
![Page 10: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/10.jpg)
Routers
•Bridges cannot accommodate large networks
•Routers connect two or more networks▫“Routes” incoming messages to
appropriate network•Can be used to connect a LAN to an ISP
(Internet Service Provider)•Can be used to link the different networks
in the global Internet
10
![Page 11: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/11.jpg)
Gateway
•Used to connect remote LANs to a WAN (Wide Area Network)
11
![Page 12: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/12.jpg)
Topologies
Typical LAN topologies include:•Bus
▫Single link for all computers•Ring (Token)
▫Each computer connected to at least 2 other computers
•Star▫Central server
12
![Page 13: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/13.jpg)
Internetworking – Packet Switching
13
sequence of A & B packets has no fixed timing pattern
Time Division Multiplexing (TDM)
A
B
C100 Mb/sEthernet
1.5 Mb/s
D E
statistical multiplexing
queue of packetswaiting for output
link
![Page 14: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/14.jpg)
Internet Address
IPv4 – 4 Octets•Class A: 0*.*.*.* (two reserved, all 0’s and all 1’s)•Class B: 10*.*.*.*•Class C: 110*.*.*.*•Class D: 111*.*.*.*•Class E: 1111*.*.*.*Many subnet calculators available online
14
![Page 15: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/15.jpg)
Ports and common services
15
![Page 16: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/16.jpg)
Users in your system
•users – local host users•rusers - users on local network•who – more info than users•rwho – more info than rusers•w – more information than who•whois – information about major internet
sites•hostname – displays local host name•finger – lists information about a user
16
![Page 17: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/17.jpg)
Finger utility
17
![Page 18: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/18.jpg)
User communication on a network•write – send individual lines to user•talk – interactive split screen two-way chat
•wall – send messages to all users on local host
•mail – send email messages•mesg – disables incoming messages to your terminal
18
![Page 19: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/19.jpg)
File transfer on network
•Rcp (remote copy) – copy files from one host to another
•uucp (unix-to-unix copy) – like rcp, copies files between two hosts
•ftp (file transfer protocol/program) – copy files between local host and other hosts
•Commands for ftp: UPU page 338
19
![Page 20: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/20.jpg)
Distributed access commands
•rlogin – provides login to remote servers
•rsh – execute shell commands on remote Unix hosts
•telnet – executes commands on remote telnet hosts
20
![Page 21: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/21.jpg)
Network File System (NFS)
•Public domain specification developed by Sun Microsystems
•Allows you to mount several local file systems into a single network file hierarchy
•Provides remote mount capability•Uses RPC to mount a file system on
remote machine
21
![Page 22: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/22.jpg)
![Page 23: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/23.jpg)
Internet control
•ICANN – Internet Corporation for Assigned Names and Numbers – allocates names and domains
•ISOC – Internet Society – represents Internet users, technical advisory society
•IGF – Internet Governance Forum, global forum established by the United Nations in 2005
23
![Page 24: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/24.jpg)
Network Standards
RFC: Request for Comments•RFC 114/959: A File Transfer Protocol •RFC 791: Internet Protocol•RFC 793: Transmission Control Protocol•RFC 1945: Hypertext Transfer Protocol HTTP 1.0•RFC 2251: Lightweight Directory Access Protocol•RFC 2460: Internet Protocol v6 (IPv6)•RFC 4251: Secure Shell (SSH) Protocol Architecture
24
![Page 25: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/25.jpg)
![Page 26: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/26.jpg)
Internet Protocols
26
![Page 27: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/27.jpg)
Internet Protocols
27
BGP - Border Gateway Protocol
FTP - File Transfer Protocol
HTTP - Hypertext Transfer Protocol
ICMP - Internet Control Message Protocol
IGMP - Internet Group Management Protocol
IP - Internet Protocol
MIME - Multipurpose Internet Mail Extension
Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
![Page 28: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/28.jpg)
Internet Protocols (Cont’d)
28
OSPF – Open Shortest Path FirstRSVP – Resource ReSerVation
ProtocolSMTP – Simple Mail Transfer
ProtocolSNMP – Simple Network
Management ProtocolTCP – Transmission Control
ProtocolUDP – User Datagram Protocol
Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper Saddle River, NJ: Pearson Prentice Hall.
![Page 29: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/29.jpg)
![Page 30: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/30.jpg)
![Page 31: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/31.jpg)
Sample Flow
31
Server
Application
Presentation
Session
Transport
Network
Data Link
Physical
Data
Data
Data
Data
Data
Data
Data
Server
Application
Presentation
Session
Transport
Network
Data Link
Physical Data
Data
Data
Data
Data
Data
Data
![Page 32: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/32.jpg)
IPv4
32
![Page 33: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/33.jpg)
IPv6
33
![Page 34: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/34.jpg)
Internet Addressing•Media Access Control (MAC): used by
hardware•IPv4 and IPv6 used by software to
determine source, destination, and component location (NIC, not computers)
•Hostnames used by people•Data link layer maps IPs to hardware•Hostnames can map names to IPs
34
![Page 35: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/35.jpg)
Sample subnet calculator
35
Source:http://www.subnetonline.com/pages/subnet-calculators/ip-subnet-calculator.php
![Page 36: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/36.jpg)
![Page 37: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/37.jpg)
CIDRClassless Inter-Domain Routing•Netmasks that do not end in a byte boundary•Each byte has 8 bits•To subnet 128.138.243.0 with 26 bits – not a byte boundary (8, 16, 24), we use the convention 128.138.243.0/26
37
![Page 38: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/38.jpg)
26 bits 6 bits
![Page 39: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/39.jpg)
CIDR Calculator
39Source: http://www.subnet-calculator.com/cidr.php
![Page 40: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/40.jpg)
![Page 41: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/41.jpg)
![Page 42: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/42.jpg)
NAT•Private addresses can be used
internally by an organization•NAT captures internal addresses and
prevents them from exiting the corporate environment
•NAT maintains a table of internal versus external addresses to ensure that no internal addresses escape to the global Internet
42
![Page 43: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/43.jpg)
![Page 44: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/44.jpg)
Routing•The process of determining the
output path for an incoming packet•Routing tables are maintained in the
kernel and also in routers throughout the Internet
•If the server does not know where to send it next, it uses the Address Resolution Protocol to determine next action
44
![Page 45: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/45.jpg)
Routing
45
1
23
0111
value in arrivingpacket’s header
routing algorithm
local forwarding table
header value output link
0100010101111001
3221
![Page 46: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/46.jpg)
ARP•ARP discovers the hardware address
associated with an IP address•If the destination address is not in the
same network, ARP determines the next hop router
•If address is not known, it send a broadcast message “Does anybody know where X is?”
•Response is received and then the protocol uses the response
46
![Page 47: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/47.jpg)
DHCP•Dynamic Host Configuration Protocol
(RFC 2131)•When a host connects to a network, it
obtains a ‘lease’ on an IP address, gateways, DNS name servers, Syslog hosts, and others.
•If the lease is not renewed, it expires
47
![Page 48: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/48.jpg)
DHCP interaction
48
DHCP server: 223.1.2.5 arriving client
time
DHCP discover
src : 0.0.0.0, 68 dest.: 255.255.255.255,67yiaddr: 0.0.0.0transaction ID: 654
DHCP offer
src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddrr: 223.1.2.4transaction ID: 654Lifetime: 3600 secs
DHCP request
src: 0.0.0.0, 68 dest:: 255.255.255.255, 67yiaddrr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs
DHCP ACK
src: 223.1.2.5, 67 dest: 255.255.255.255, 68yiaddrr: 223.1.2.4transaction ID: 655Lifetime: 3600 secs
![Page 49: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/49.jpg)
Security Issues•Default IP forwarding on a server
should be disabled to prevent the server to act as a router
•ICMP redirect (you should not send packet to me, send to XYZ) can compromise system
•Source routing can slip through firewalls▫Do not want to accept or forward
source-routed packets
49
![Page 50: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/50.jpg)
Security Issues (Cont’d)•IP spoofing means changing source or
destination in packet header▫Receiver may believe source and reply
to a malicious server (man-in-the-middle attack)
•Host-based firewalls are preferred to client-based firewalls
•VPN – allow remote uses to create ‘tunnels’ to the private network▫Requires encryption
50
![Page 51: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/51.jpg)
Virtual Private Network (VPN)•IP spoofing means changing source or
destination in packet header▫Receiver may believe source and reply
to a malicious server (man-in-the-middle attack)
•Host-based firewalls are preferred to client-based firewalls
•VPN – allow remote uses to create ‘tunnels’ to the private network▫Requires encryption
51
![Page 52: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/52.jpg)
52
VPN
![Page 53: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/53.jpg)
![Page 54: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/54.jpg)
![Page 55: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/55.jpg)
![Page 56: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/56.jpg)
![Page 57: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/57.jpg)
![Page 58: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/58.jpg)
![Page 59: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/59.jpg)
![Page 60: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/60.jpg)
![Page 61: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/61.jpg)
![Page 62: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/62.jpg)
![Page 63: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/63.jpg)
Routing•Routing has different meanings:
▫Actual forwarding packets▫Management of routing tables
•Routing consists of determining the ‘next hop’ in the route towards the destination
63
![Page 64: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/64.jpg)
![Page 65: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/65.jpg)
Routing Daemons•Routing daemons collect information
from three sources:▫Configuration files▫Existing routing tables▫Routing daemons on other systems
•Daemons collect this information to determine optimal route and new routes are added to routing tables
65
![Page 66: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/66.jpg)
![Page 67: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/67.jpg)
![Page 68: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/68.jpg)
Homework 6 (last)1. What is the difference between a bridge, a
router, and a gateway?2. Describe 3 Internet Protocols and provide
examples of where they can be used.3. What are the differences between ftp and rcp?
Which one is better and why?4. Explain how ICMP redirection can cause
vulnerabilities in a network.5. Using an IP subnet calculator of your choice,
answer the questions in E14.3 found in the USAH book. Capture the calculator screen.
68
![Page 69: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/69.jpg)
Review for Final
•Same format as Midterm▫2 hour, take home▫8 questions▫Email to [email protected] by midnight
4/26▫All material from week 4-7
•Week 8: 2 hour class, 2 hour take home final
69
![Page 70: CS 468: Advanced UNIX Class 7](https://reader036.vdocuments.net/reader036/viewer/2022062308/568130e7550346895d9700ef/html5/thumbnails/70.jpg)
Questions?
70