Network

Transcript

1. Network Lawliet

2. Outline • OSI Layers • Packet Format • Wireshark Overview

3. OSI Layers • Application • Presentation • Session • Transport

   • Network • Data Link • Physical IP Packets are encapsulated in Ethernet Frames.

4. Application Socket Transport TCP/UDP Segment Port Network IP Packet IP

   Network Interface (eth0 / wlan0) Data Link Ethernet Frame MAC Physical Application Socket Transport Network Network Interface Data Link Physical Data Data TCP Header Data TCP Header IP Header Data TCP Header IP Header Ethernet Header Ethernet Tail OSI Layers

5. Application Transport Network Data Link UDP TCP IP ARP RARP

   ICMP RTSP SMTP DHCP SSH FTP RTP TFTP RTMP POP PPP Ethernet

6. TCP v.s. UDP Connection Oriented v.s. Connectionless

7. TCP Header Format TCP Segment Header : 20 bytes

8. UDP Header Format UDP Segment Header : 8 bytes

9. TCP

10. UDP

11. Port : 0 ~ 65535 1.well-known ports : 0 ~

    1023 2.registered ports : 1024 ~ 49151 3.dynamic / private ports : 49152 ~ 65535

12. IP Packet IP Packet Header : 20 bytes

13. IP Class

14. Private IP

15. Destination IP Source IP Subnet Mask Destination Domain Source Domain

    compare Different : to Router Same : 1.ARP table 2.to ARP

16. ARP table : IP Address <-> MAC

17. Ethernet II Frame ** Physical Layer : Synchronize Ethernet Frame

    Header/Tail : 14 bytes + 4 bytes

18. Data Link • HUB copy to every ports • Switch

    table : MAC Address <-> ports Broadcast or Multicast
19. None

20. Data Link Ethernet Card receives Frames : • if ((Destination

    MAC Address) == (MACAddress) ) • Broadcast or Multicast • Promiscuous Mode

21. Application Socket Transport TCP/UDP Segment Port Network IP Packet IP

    Network Interface (eth0 / wlan0) Data Link Ethernet Frame MAC Physical Application Socket Transport Network Network Interface Data Link Physical Data Data TCP Header Data TCP Header IP Header Data TCP Header IP Header Ethernet Header Ethernet Tail 14 20 20 ? 4 MTU = MSS + TCP/UDP Header + IP Header Ethernet Default :1500 1460 + 20 (TCP) + 20 1472 + 8 (UDP) + 20 • MTU : Maximum Transmission Unit • MSS : Maximum Segment Size • Ethernet Frame Range : 64 ~ 1518 • Data : Payload

22. Wireshark capture the packets Where ?

23. None
24. None
25. None
26. None

27. Wireshark start to capture How ?

28. None
29. None
30. None

31. Wireshark TCP 3-way handshaking

32. TCP Header Format 1 2 3 4 5 6 7

    8 9
33. None
34. None
35. None
36. None

37. TCP Header Format 1 2 3 4 5 6 7

    8 9

38. 1 2 3 4 5 6 7 8

39. 9

40. None
41. None
42. None

43. RTSP • OPTIONS • DESCRIBE • SETUP • PLAY •

    TEARDOWN
44. None
45. None
46. None
47. None
48. None
49. None
50. None
51. None

52. Expert Information • Out-of-Order Segment (packet arrives < 3 ms)

    • Packet loss Recovery - Duplicate ACK Fast Retransmission (packet arrives < 20 ms of a Duplicate ACK) - Retransmission (packet arrive > 3 ms and not related to Duplicte ACK) (packet arrives >= 20 ms of Duplicate ACK)

53. Fast Retransmission

54. Retransmission

55. Expert Information

56. Thanks for attending this presentation.