W4140 Network Laboratory Lecture 3 Sept 18 - Fall 2006 Shlomo Hershkop Columbia University

1
W4140 Network LaboratoryLecture 3Sept 18 -
Fall 2006Shlomo HershkopColumbia University
2
Announcements

• Lab division
• I will be updating the webpage with lab groups,
  if everyone in the room would like to move the
  lab around a little, that is ok
• Labs reports
• are due generally when the next lab
  startscontact me if you need more time. Single
  report per group, zipped and uploaded to TA
  through courseworks.include relevant information
  and name the files using some logical system.
  README should include everyones names and cunix
  ID
• Lab pre-work/post
• courseworks will have the prelabs, which need to
  be completed BEFORE your lab startsindividual
  work.post labs are to be submitted online
  (courseworks) by beginning of next lab (or
  earlier please).
• Lab 1 pre work was not collected, practice one.
• reading list
• lab 2
• chapter 2 (see resources)

3
The Evolution of Internet
Introductory material. An overview lecture that
covers Internet related topics, including a
definition of the Internet, an overview of its
history and growth, and standardization and
naming.
4
A Definition

• On October 24, 1995, the FNC unanimously passed a
  resolution defining the term Internet.

• RESOLUTION The Federal Networking Council (FNC)
  agrees that the following language reflects our
  definition of the term "Internet". "Internet"
  refers to the global information system that --
• (i) is logically linked together by a globally
  unique address space based on the Internet
  Protocol (IP) or its subsequent
  extensions/follow-ons
• (ii) is able to support communications using the
  Transmission Control Protocol/Internet Protocol
  (TCP/IP) suite or its subsequent
  extensions/follow-ons, and/or other IP-compatible
  protocols and
• (iii) provides, uses or makes accessible, either
  publicly or privately, high level services
  layered on the communications and related
  infrastructure described herein.

5
Internet History
1961-1972 Early packet-switching principles

• 1972
• ARPAnet demonstrated publicly
• NCP (Network Control Protocol) first host-host
  protocol
• first e-mail program
• ARPAnet has 15 nodes

• 1961 Kleinrock - queueing theory shows
  effectiveness of packet-switching
• 1964 Baran - packet-switching in military nets
• 1967 ARPAnet conceived by Advanced Research
  Projects Agency
• 1969 first ARPAnet node operational

6
Internet History
1972-1980 Internetworking, new and proprietary
nets

• Cerf and Kahns internetworking principles
• minimalism, autonomy - no internal changes
  required to interconnect networks
• best effort service model
• stateless routers
• decentralized control
• define todays Internet architecture

• 1970 ALOHAnet satellite network in Hawaii
• 1973 Metcalfes PhD thesis proposes Ethernet
• 1974 Cerf and Kahn - architecture for
  interconnecting networks
• late70s proprietary architectures DECnet, SNA,
  XNA
• late 70s switching fixed length packets (ATM
  precursor)
• 1979 ARPAnet has 200 nodes

7
Internet History
1990, 2000s commercialization, the Web, new apps

• Early 1990s ARPAnet decommissioned
• 1991 NSF lifts restrictions on commercial use of
  NSFnet (decommissioned, 1995)
• early 1990s Web
• hypertext Bush 1945, Nelson 1960s
• HTML, HTTP Berners-Lee
• 1994 Mosaic, later Netscape
• late 1990s commercialization of the Web

• Late 1990s 2000s
• more killer apps instant messaging, P2P file
  sharing
• network security to forefront
• est. 50 million host, 100 million users
• backbone links running at Gbps

8
Applications of the Internet

• Traditional core applications Email News Remot
  e Login File Transfer
• The killer application World-Wide Web (WWW),
  P2P
• Future applications Videoconferencing and
  Telephony Multimedia Services Internet Broadcast

9
Growth of the Internet
Source Internet Software Consortium
10
Internet Infrastructure
11
Internet Infrastructure

• The infrastructure of the Internet consists of a
  federation of connected networks that are each
  independently managed (autonomous system)
• Note Each autononmous system may consist of
  multiple IP networks
• Hierarchy of network service providers
• Tier-1 nation or worldwide network (US less
  than 20)
• Tier-2 regional networks (in US less than 100)
• Tier-3 local Internet service provider (in US
  several thousand)

12
Internet Infrastructure

• Location where a network (ISP, corporate network,
  or regional network) gets access to the Internet
  is called a Point-of-Presence (POP).
• Locations (Tier-1 or Tier-2) networks are
  connected for the purpose of exchanging traffic
  are called peering points.
• Public peering Traffic is swapped in a specific
  location, called Internet exchange points (IXPs)
• Private peering Two networks establish a direct
  link to each other.

13
Tier-1 ISP e.g., Sprint
Sprint US backbone network
14
Who is Who on the Internet ?

• Internet Society (ISOC) Founded in 1992, an
  international nonprofit professional organization
  that provides administrative support for the
  Internet. Founded in 1992, ISOC is the
  organizational home for the standardization
  bodies of the Internet.
• Internet Engineering Task Force (IETF) Forum
  that coordinates the development of new
  protocols and standards. Organized into working
  groups that are each devoted to a specific topic
  or protocol. Working groups document their work
  in reports, called Request For Comments (RFCs).
• IRTF (Internet Research Task Force) The Internet
  Research Task Force is a composed of a number of
  focused, long-term and small Research Groups.
• Internet Architecture Board (IAB) a technical
  advisory group of the Internet Society, provides
  oversight of the architecture for the protocols
  and the standardization process
• The Internet Engineering Steering Group (IESG)
  The IESG is responsible for technical management
  of IETF activities and the Internet standards
  process. Standards. Composed of the Area
  Directors of the IETF working groups.

15
Internet Standardization Process

• Working groups present their work i of the
  Internet are published as RFC (Request for
  Comments).
• RFCs are the basis for Internet standards.
• Not all RFCs become Internet Standards ! (There
  are gt3000 RFCs and less than 70 Internet
  standards
• A typical (but not only) way of standardization
  is
• Internet Drafts
• RFC
• Proposed Standard
• Draft Standard (requires 2 working
  implementation)
• Internet Standard (declared by IAB)

16
Assigning Identifiers for the Internet

• Who gives University the domain name netlab.edu
  and who assigns it the network prefix
  128.143.0.0/16? Who assigns port 80 as the
  default port for web servers?
• The functions associated with the assignment of
  numbers is referred to as Internet Assigned
  Number Authority (IANA).
• Early days of the Internet IANA functions are
  administered by a single person (Jon Postel).
• Today
• Internet Corporation for Assigned Names and
  Numbers (ICANN) assumes the responsibility for
  the assignment of technical protocol parameters,
  allocation of the IP address space, management of
  the domain name system, and others.
• Management of IP address done by Regional
  Internet Registries (RIRs)
• APNIC (Asia Pacific Network Information Centre)
• RIPE NCC (Réseaux IP Européens Network
  Coordination Centre)
• ARIN (American Registry for Internet Numbers)
• Domain names are administered by a large number
  of private organizations that are accredited by
  ICANN.

17
Summary

• Layered Internet architecture
• Reduce complexity
• Higher layer views lower layer as service
  provider
• Application layer, transport layer, network
  layer, and link layer

18
IP Addressing

• Next
• IP addressing
• Data link protocols and ARP
• Notes about lab

19
IP Addressing

• Addressing defines how addresses are allocated
  and the structure of addresses
• IPv4
• Classful IP addresses (obsolete)
• Classless inter-domain routing (CIDR) (RFC 854,
  current standard)
• IP Version 6 addresses

20
What is an IP Address?

• Why Addresses?
• End-to-end argument (principle)
• Reading
• http//web.mit.edu/Saltzer/www/publications/endtoe
  nd/endtoend.pdf
• Keep it Simple, Stupid

21
What is an IP Address?

• An IP address is a unique global address for a
  network interface.
• An IP address uniquely identifies a network
  location.
• http//www.arin.net/whois
• http//www.iana.org/ipaddress/ip-addresses.htm
• Routers forwards a packet based on the
  destination address of the packet.

22
IPv4 Addresses
23
IP v.4 Addresses
24
IP v.4 Addressing

• An IP address is often written in dotted decimal
  notation
• Each byte is identified by a decimal number in
  the range 0..255

10001111
10000000
10001001
10010000
1st Byte 128
2nd Byte 143
3rd Byte 137
4th Byte 144
128.143.137.144
25
Structure of an IP address
31
0
network prefix
host number

• An IP address encodes both a network number
  (network prefix) and an interface number (host
  number).
• network prefix identifies a network
• the host number identifies a specific host
  (actually, interface on the network).

26
How long the network prefix is?

• Before 1993 The network prefix is implicitly
  defined (class-based addressing)
• After 1993 The network prefix is indicated by a
  netmask.

27
Before 1993 Class-based addressing

• The Internet address space was divided up into
  classes
• Class A Network prefix is 8 bits long
• Class B Network prefix is 16 bits long
• Class C Network prefix is 24 bits long
• Class D is multicast address
• Class E is reserved

28
Classful IP Adresses (Until 1993)

• Each IP address contained a key which identifies
  the class
• Class A IP address starts with 0
• Class B IP address starts with 10
• Class C IP address starts with 110
• Class D IP address starts with 1110
• Class E IP address starts wit 11110

29
The old way Internet Address Classes
30
The old way Internet Address Classes
31
The old way Internet Address Classes
Class Leading bits Start End CIDR equivalent
Class A     0     0.0.0.0 127.255.255.255 /8
Class B     10 128.0.0.0 191.255.255.255 /16
Class C     110 192.0.0.0 223.255.255.255 /24
Class D (multicast)     1110 224.0.0.0 239.255.255.255 NA
Class E (reserved)     1111 240.0.0.0 255.255.255.255 NA
32
Problems with Classful IP Addresses

• Fast growing routing table size
• Each router must have an entry for every network
  prefix
• 221 2,097,152 class C networks
• In 1993, the size of routing tables started to
  outgrow the capacity of routers

33
Other problems with classful addresses

• Address depletion for large networks
• Class A and Class B addresses were gone
• How many class A/B network prefixes can there be?
• Limited flexibility for network addresses
• Class A and B addresses are overkill (gt64,000
  addresses)
• Class C address is insufficient (256 addresses)

34
Classless Inter-domain routing (CIDR) 1993

• Full description RFC 1518 1519
• Network prefix is of variable length
• Addresses are allocated hierarchically
• Routers aggregate multiple address prefixes into
  one routing entry to minimize routing table size

35
CIDR network prefix is variable length
144
16
128
59
10001111
10000000
10001001
10010000
Addr
255
255
0
255
11111111
11111111
1111111
00000000
Mask

• A network mask specifies the number of bits used
  to identify a network in an IP address.
• How?

36
CIDR notation

• CIDR notation of an IP address
• 128.143.137.144/24
• /24 is the prefix length. It states that the
  first 24 bits are the network prefix of the
  address (and the remaining 8 bits are available
  for specific host addresses)
• CIDR notation can nicely express blocks of
  addresses
• An address block
• 128.195.0.0, 128.195.255.255
• can be represented by an address prefix
  128.195.0.0/16
• How many addresses are there in a /x address
  block?
• 2 (32-x)

37
CIDR hierarchical address allocation
128.0.0.0/8
ISP
128.59.0.0/16
128.1.0.0/16
128.2.0.0/16
University
128.59.16.150
Foo.com
Bar.com
CS
Library
128.59.16.0/24
128.59.44.0/24

• IP addresses are hierarchically allocated.
• An ISP obtains an address block from a Regional
  Internet Registry
• An ISP allocates a subdivision of the address
  block to an organization
• An organization recursively allocates subdivision
  of its address block to its networks
• A host in a network obtains an address within the
  address block assigned to the network

38
Hierarchical address allocation
128.59.16.0 255
128.59.16.150
128.59.0.0 128.59.255.255
128.0.0.0 - 128.255.255.255

• ISP obtains an address block 128.0.0.0/8 ?
  128.0.0.0, 128.255.255.255
• ISP allocates 128.59.0.0/16 (128.59.0.0,
  128.59.255.255) to the university.
• University allocates 128.59.16.0/24
  (128.59.16.0, 128.59.16.255) to the CS
  departments network
• A host on the CS departments network gets one IP
  address 128.59.16.150

39
CIDR allows route aggregation
You can reach 128.0.0.0/8 via ISP1
128.0.0.0/8
ISP3
ISP1
128.1.0.0/16
128.2.0.0/16
128.59.0.0/16
University
Foo.com
Bar.com
CS
Library

• ISP1 announces one address prefix 128.0.0.0./8 to
  ISP2
• ISP2 can use one routing entry to reach all
  networks connected to ISP1

40
CIDR summary

• A network prefix is of variable length
  a.b.c.d/x
• Addresses are hierarchical allocated
• Routers aggregate multiple address prefixes into
  one routing entry to minimize routing table
  size.
• Security is still an issue
• Secure Routing Path validation

41
What problems CIDR does not solve (I)
You can reach 128.0.0.0/8 And 204.1.0.0/16 via
ISP1
ISP3
ISP1
ISP2
128.0.0.0/8
204.0.0.0/8
204.1.0.0/16
Mutil-home.com
204.1.0.0/16

• An multi-homing site still adds one entry into
  global routing tables

42
What problems CIDR does not solve (II)
You can reach 128.0.0.0/8 And 204.1.0.0/16 via
ISP1
ISP3
ISP1
ISP2
128.0.0.0/8
204.0.0.0/8
128.0.0.0/8 ISP1
204.1.0.0/16
Switched.com
204.1.0.0/16

• A site switches provider without renumbering
  still adds one entry into global routing tables

43
Global routing tables continue to grow
Source http//bgp.potaroo.net/as4637/
44
Special IPv4 Addresses

• Reserved or (by convention) special addresses
• Loopback interfaces
• all addresses 127.0.0.1-127.255.255.255 are
  reserved for loopback interfaces
• Most systems use 127.0.0.1 as loopback address
• loopback interface is associated with name
  localhost
• Broadcast address
• Host number is all ones, e.g., 128.143.255.255
• Broadcast goes to all hosts on the network
• Often ignored due to security concerns
• Test / Experimental addresses
• 10.0.0.0 - 10.255.255.255
• 172.16.0.0 - 172.31.255.255
• 192.168.0.0 - 192.168.255.255
• Convention (but not a reserved address)
• Default gateway has host number set to 1, e.g.,
  128.195.4.1

45
Special IPv4 Addresses (RFC 3330)
Addresses CIDR Equivalent Purpose RFC Class of addresses
0.0.0.0 - 0.255.255.255 0.0.0.0/8 Zero Addresses RFC 1700 A 16,777,216
10.0.0.0 - 10.255.255.255 10.0.0.0/8 Private IP addresses RFC 1918 A 16,777,216
127.0.0.0 - 127.255.255.255 127.0.0.0/8 Localhost Loopback Address RFC 1700 A 16,777,216
169.254.0.0 - 169.254.255.255 169.254.0.0/16 Zeroconf RFC 3330 B 65,536
172.16.0.0 - 172.31.255.255 172.16.0.0/12 Private IP addresses RFC 1918 B 1,048,576
192.0.2.0 - 192.0.2.255 192.0.2.0/24 Documentation and Examples RFC 3330 C 256
192.88.99.0 - 192.88.99.255 192.88.99.0/24 IPv6 to IPv4 relay Anycast RFC 3068 C 256
192.168.0.0 - 192.168.255.255 192.168.0.0/16 Private IP addresses RFC 1918 C 65,536
198.18.0.0 - 198.19.255.255 198.18.0.0/15 Network Device Benchmark RFC 2544 C 131,072
224.0.0.0 - 239.255.255.255 224.0.0.0/4 Multicast RFC 3171 D 268,435,456
240.0.0.0 - 255.255.255.255 240.0.0.0/4 Reserved RFC 1700 E 268,435,456
46
IP Addressing (Summary)

• Addressing defines how addresses are allocated
  and the structure of addresses
• IPv4
• Classful IP addresses (obsolete)
• Classless inter-domain routing (CIDR) (current
  standard)
• IP Version 6 addresses

47
IPv6 - IP Version 6

• IP Version 6
• Designed to be the successor to the currently
  used IPv4
• Specification completed in 1994
• Makes improvements to IPv4 (no revolutionary
  changes)
• One (not the only !) feature of IPv6 is a
  significant increase in of the IP address to 128
  bits (16 bytes)
• IPv6 will solve for the foreseeable future
  the problems with IP addressing
• 1024 addresses per square inch on the surface of
  the Earth.

48
IPv6 Header
49
Notation of IPv6 addresses

• Convention The 128-bit IPv6 address is written
  as eight 16-bit integers (using hexadecimal
  digits for each integer)
• CEDFBP7632454464FACE2E503025DF12
• Short notation
• Abbreviations of leading zeroes
• CEDFBP7600000000009E00003025DF12 ?
  CEDFBP76009E 03025DF12
• 000000000000 can be written as
• CEDFBP7600FACE03025DF12 ?
  CEDFBP76FACE03025DF12

50
IPv4 address in IPv6

• IPv6 addresses derived from IPv4 addresses have
  96 leading zero bits.
• Convention allows to use IPv4 notation for the
  last 32 bits.
• 808F8990 ? 128.143.137.144

51
IPv6 vs. IPv4 Address Comparison

• IPv4 has a maximum of
• 232 ? 4 billion addresses
• IPv6 has a maximum of
• 2128 (232)4 ? 4 billion x 4 billion x 4
  billion x 4 billion addresses
• Is IPv6 widely deployed?

52
Data Link Layer

• The main tasks of the data link layer are
• Transfer data from the network layer of one
  machine to the network layer of another machine
• Convert the raw bit stream of the physical layer
  into groups of bits (frames)

53
TCP/IP Protocol Stack

• The TCP/IP protocol stack runs on top of multiple
  data link layers.
• Two data link layer technologies
• Broadcast
• Point-to-Point

54
Two types of networks at the data link layer

• Broadcast Networks All stations share a single
  communication channel
• Point-to-Point Networks Pairs of hosts (or
  routers) are directly connected
• Typically, local area networks (LANs) are
  broadcast and wide area networks (WANs) are
  point-to-point

55
Local Area Networks

• Local area networks (LANs) connect computers
  within a building or a enterprise network
• Almost all LANs are broadcast networks
• Typical topologies of LANs are bus or ring or
  star
• We will work with Ethernet LANs. Ethernet has a
  bus or star topology.

56
MAC and LLC

• In any broadcast network, the stations must
  ensure that only one station transmits at a time
  on the shared communication channel
• The protocol that determines who can transmit on
  a broadcast channel are called Medium Access
  Control (MAC) protocol
• The MAC protocol are implemented in the MAC
  sublayer which is the lower sublayer of the
  data link layer
• The higher portion of the data link layer is
  often called Logical Link Control (LLC)

57
IEEE 802 Standards

• IEEE 802 is a family of standards for LANs, which
  defines an LLC and several MAC sublayers

Higher layer issues
LLC
CSMA/CS
Token bus
Token ring
Wireless lan
58
Ethernet

• Speed 10Mbps -10 Gbps
• Standard 802.3, Ethernet II (DIX)
• Most popular physical layers for Ethernet
• 10Base5 Thick Ethernet 10 Mbps coax cable
• 10Base2 Thin Ethernet 10 Mbps coax cable
• 10Base-T 10 Mbps Twisted Pair
• 100Base-TX 100 Mbps over Category 5 twisted pair
• 100Base-FX 100 Mbps over Fiber Optics
• 1000Base-FX 1Gbps over Fiber Optics
• 10000Base-FX 1Gbps over Fiber Optics (for wide
  area links)

59
Bus Topology

• 10Base5 and 10xBase2 Ethernets has a bus topology

60
Star Topology

• Starting with 10Base-T, stations are connected to
  a hub in a star configuration

61
Ethernet Hubs vs. Ethernet Switches

• An Ethernet switch is a packet switch for
  Ethernet frames
• Buffering of frames prevents collisions.
• Each port is isolated and builds its own
  collision domain
• An Ethernet Hub does not perform buffering
• Collisions occur if two frames arrive at the same
  time.

Hub
Switch
62
Ethernet and IEEE 802.3 Any Difference?

• There are two types of Ethernet frames in use,
  with subtle differences
• Ethernet (Ethernet II, DIX (Digital-Intel-Xerox)
  
• An industry standards from 1982 that is based on
  the first implementation of CSMA/CD by Xerox.
• Predominant version of CSMA/CD in the US.
• 802.3
• IEEEs version of CSMA/CD from 1985.
• Interoperates with 802.2 (LLC) as higher layer.
• Difference for our purposes Ethernet and 802.3
  use different methods to encapsulate an IP
  datagram.

63
Ethernet II, DIX Encapsulation (RFC 894)
64
IEEE 802.2/802.3 Encapsulation (RFC 1042)
65
Point-to-Point (serial) links

• Many data link connections are point-to-point
  serial links
• Dial-in or DSL access connects hosts to access
  routers
• Routers are connected by high-speed
  point-to-point links
• Here, IP hosts and routers are connected by a
  serial cable
• Data link layer protocols for point-to-point
  links are simple
• Main role is encapsulation of IP datagrams
• No media access control needed

66
Data Link Protocols for Point-to-Point links

• SLIP (Serial Line IP)
• First protocol for sending IP datagrams over
  dial-up links (from 1988)
• Encapsulation, not much else
• PPP (Point-to-Point Protocol)
• Successor to SLIP (1992), with added
  functionality
• Used for dial-in and for high-speed routers
• HDLC (High-level Data Link Control)
• Widely used and influential standard (1979)
• Default protocol for serial links on Cisco
  routers
• Actually, PPP is based on a variant of HDLC

67
PPP - IP encapsulation

• The frame format of PPP is similar to HDLC and
  the 802.2 LLC frame format
• PPP assumes a duplex circuit
• Note PPP does not use addresses
• Usual maximum frame size is 1500

68
Additional PPP functionality

• In addition to encapsulation, PPP supports
• multiple network layer protocols (protocol
  multiplexing)
• Link configuration
• Link quality testing
• Error detection
• Option negotiation
• Address notification
• Authentication
• The above functions are supported by helper
  protocols
• LCP
• PAP, CHAP
• NCP

69
PPP Support protocols

• Link management The link control protocol (LCP)
  is responsible for establishing, configuring, and
  negotiating a data-link connection. LCP also
  monitors the link quality and is used to
  terminate the link.
• Authentication Authentication is optional. PPP
  supports two authentication protocols Password
  Authentication Protocol (PAP) and Challenge
  Handshake Authentication Protocol (CHAP).
• Network protocol configuration PPP has network
  control protocols (NCPs) for numerous network
  layer protocols. The IP control protocol (IPCP)
  negotiates IP address assignments and other
  parameters when IP is used as network layer.

70
Address Resolution Protocol(ARP)
71
Overview
72
ARP and RARP

• Note
• The Internet is based on IP addresses
• Data link protocols (Ethernet, FDDI, ATM) may
  have different (MAC) addresses
• The ARP and RARP protocols perform the
  translation between IP addresses and MAC layer
  addresses
• We will discuss ARP for broadcast LANs,
  particularly Ethernet LANs

73
Processing of IP packets by network device
drivers
74
Address Translation with ARP

• ARP Request Argon broadcasts an ARP request to
  all stations on the network What is the
  hardware address of 128.143.137.1?

75
Address Translation with ARP

• ARP Reply Router 137 responds with an ARP Reply
  which contains the hardware address

76
ARP Packet Format
77
Example

• ARP Request from Argon
• Source hardware address 00a02471e444Sourc
  e protocol address 128.143.137.144Target
  hardware address 000000000000Target
  protocol address 128.143.137.1
• ARP Reply from Router137
• Source hardware address 00e0f923a820
  Source protocol address 128.143.137.1 Target
  hardware address 00a02471e444Target
  protocol address 128.143.137.144

78
ARP Cache

• Since sending an ARP request/reply for each IP
  datagram is inefficient, hosts maintain a cache
  (ARP Cache) of current entries. The entries
  expire after a time interval.
• Contents of the ARP Cache
• (128.143.71.37) at 00104BC5D115 ether on
  eth0
• (128.143.71.36) at 00B0D0E117D5 ether on
  eth0
• (128.143.71.35) at 00B0D0DE70E6 ether on
  eth0
• (128.143.136.90) at 00053C062735 ether on
  eth1
• (128.143.71.34) at 00B0D0E117DB ether on
  eth0
• (128.143.71.33) at 00B0D0E117DF ether on
  eth0

79
Proxy ARP

• Proxy ARP Host or router responds to ARP Request
  that arrives from one of its connected networks
  for a host that is on another of its connected
  networks.

80
Things to know about ARP

• What happens if an ARP Request is made for a
  non-existing host?
• Several ARP requests are made with increasing
  time intervals between requests. Entually, ARP
  gives up (timeout).
• On some systems (including Linux) a host
  periodically sends ARP Requests for all addresses
  listed in the ARP cache. This refreshes the ARP
  cache content, but also introduces traffic.
• Gratuitous ARP Requests A host sends an ARP
  request for its own IP address
• Useful for detecting if an IP address has already
  been assigned.

81
Vulnerabilities of ARP

1. Since ARP does not authenticate requests or
   replies, ARP Requests and Replies can be forged
2. ARP is stateless ARP Replies can be sent without
   a corresponding ARP Request
3. According to the ARP protocol specification, a
   node receiving an ARP packet (Request or Reply)
   must update its local ARP cache with the
   information in the source fields, if the
   receiving node already has an entry for the IP
   address of the source in its ARP cache. (This
   applies for ARP Request packets and for ARP Reply
   packets)

82
Vulnerabilities of ARP

• Typical exploitation of these vulnerabilities
• A forged ARP Request or Reply can be used to
  update the ARP cache of a remote system with a
  forged entry (ARP Poisoning)
• This can be used to redirect IP traffic to other
  hosts

83
Some notes on Lab 2
84
What is a single-segment network?
128.59.2.0/24
128.59.2.100
128.59.1.0/24
128.59.1.100
128.59.2.1
128.59.1.1
128.59.1.200
128.59.3.1
128.59.1.300
128.59.2.200
128.59.3.0/24
128.59.3.200
128.59.3.100

• A single-segment network consists of interfaces
  connected by a single physical link, either a
  point-to-point link or a broadcast link.
• Interfaces on the same single-segment network
  have the same network prefix.

85
How to identify a single segment IP network
128.59.2.100
128.59.1.100
128.59.2.1
128.59.1.1
128.59.1.200
128.59.3.1
128.59.1.300
128.59.2.200
128.59.3.200
128.59.3.100

• Detach interfaces from routers or hosts
• Each isolated island is a single segment IP
  network
• Each interface on the same single segment IP
  network must have the same network address prefix

86
Protocol specification vs implementation

• According to the ARP protocol specification, a
  node receiving an ARP packet (Request or Reply)
  must update its local ARP cache with the
  information in the source fields, if the
  receiving node already has an entry for the IP
  address of the source in its ARP cache. (This
  applies for ARP Request packets and for ARP Reply
  packets)
• Implementation may differ from the specification
• What you observe in the lab may not be
  universally true.