Network and Security: Protocols, Sockets, and HTTP Performance

Network and Security Protocols

A protocol defines the format and the order of messages exchanged between two or more communicating entities, as well as the actions taken on the transmission and/or receipt of a message or other event. In other words, a protocol is a set of rules and conventions that govern how two parties communicate.

Types of Protocols

Human Time Protocol Lecture Question Protocol Practical Question Protocol

Probing the Internet

How do we figure out the path our packets take to another host? Packets carry a Time-To-Live (TTL): number of "hops" before being dropped by a packet switch A packet that is sent from a source host to a packet switch, another packet switch, then a destination host, has a hop count of 3 To prevent packets from endlessly looping, TTL is decremented by each packet switch When TTL reaches 0, the packet switch drops the packet and sends an error message back

Using Tracepath, Traceroute, or Tracert

1. Sends packets with increasing TTL to destination host
2. Times the interval between transmission and error message
3. Shows packet switch address and

Transport Layer Protocols

Two major protocols on the transport layer you will use in assignment 1:

Transmission Control Protocol (TCP)

• Reliable (guaranteed delivery)
• Ordered
• Connection-oriented (connect before sending data)

AF_INET, SOCK_STREAM, omit protocol number.

User Datagram Protocol (UDP)

• Unreliable
• No ordering guarantees
• Not connection-oriented (fire-and-forget, just send data)

AF_INET, SOCK_DGRAM, omit protocol number. The network is dumb, the endpoints are smart.

DNS and UDP Port 53

DNS (Domain Name System) typically uses UDP port 53 as its well-known server port. When clients make DNS requests, they use ephemeral (temporary) ports that their operating system assigns automatically. These ephemeral portsare typically in the range 32768-65535 on modern systems, though the exact range varies by operating system.

Sockets for Network Communication

Sockets are objects managed by the kernel to represent endpoints for network-ish communication. Provide access not only to TCP and UDP, but also to protocols from some of the other (generally lower) layers, and even to protocols unrelated to the internet (such as interprocess communication, bluetooth, etc .. )

Socket Behavior Determinants

The behaviour of a socket is mainly determined by: Its address family- AF_INET (6) for IP(v6) -; Its type. The two major ones are SOCK_STREAM and SOCK_DGRAM which have TCP- and UDP-like semantics, respectively. The protocol, which is usually inferred from the address family and type.

Socket Message Flow

Socket:

1. Sending process sends message using send(to)
2. Rely on the OS & transport infrastructure to get the message to socket on the other side
3. Receiving process retrieves message using recv

TCP Socket Lifecycle

A day in the life of a TCP socket For when we didn't have time for the drawing.

Server Side Socket Operations

Server SOCKET serverSocket = socket (AF_INET, SOCK_STREAM) BIND server Socket. bind ( ('', serverPort) ) LISTEN server Socket. listen (1) ACCEPT connectionSocket, addr = serverSocket. accept () RECEIVE Data (request) connectionSocket. send (echoedSentence) - SEND Data (reply) CLOSE connectionSocket. close () Note this uses two sockets on the server side!

Client Side Socket Operations

Client CONNECT clientSocket . connect ( (serverName, server Port)) sentence = connectionSocket. recv (1024) SEND clientSocket . send (sentence) echoSentence = clientSocket. recv (1024) - RECEIVE CLOSE clientSocket.close()

Application Layer Protocols and Port Numbers

Application layer protocols often have default server port numbers:

SOCKET clientSocket = socket (AF_INET, SOCK_STREAM) Connection establishment

• HTTP: 80
• HTTPS: 443
• DNS: 53
• SMTP: 25 (often blocked by residential ISPs to combat spam)
• SSH: 22

Registry is administered by IANA (Internet Assigned Numbers Authority) For security binding to ports < 1024 under Linux requires root privilege.3

HTTP Overview

HTTP overview (HTTP 1.1 - RFC 26164 / 7230-7237) HyperText Transfer Protocol Web's application layer protocol

HTTP Terminology

Some terminology: Web page consists of objects Object is simply a file: HTML file, JPEG image, Java applet, JavaScript Code snippet, Cascading Style Sheet, etc. Objects are referenced by Uniform Resource Locator (URL) a.k.a. Uniform Resource Identifier (URI). Formally, a URL is a special case of a URI, see RFC 3986, but in practise the two terms are used interchangeably by most. A basic URL consists of a scheme (http://), host part (www.example.org), and a path (/index.html). If any of these are missing, they are implied. Most Web pages consist of a base HTML (HyperText Markup Language) file and several referenced objects HTTP (HyperText Transfer Protocol) is the protocol used to retrieve these objects

Web Application Components

Components of the Web application The Web uses the client-server model: Client: browser program that requests, receives and displays objects Chromium, Firefox, qutebrowser, . .. Server: server program that sends objects in response to requests Caddy, Nginx, Apache, lighttpd, Yaws, ...

HTTP Request and Response Example

GET /index.html HTTP/1.1 Host: cs.ru.nl HTTP Request HTTP/1.1 200 OK Date: Wed, 31 Jan 2018 12:51:31 GMT Server: Apache/2.4.7 (Ubuntu) Last-Modified: Thu, 07 Jan 2016 14:12:37 GMT ETag: "14a-528bf10117f40" Accept-Ranges: bytes Content-Length: 330 Content-Type: text/html Web browser Web server HTTP response <html> </html> Actual webpage in HTML

Improving HTTP Performance

Improving the performance of HTTP

HTTP and Round-Trip Time (RTT)

HTTP and Round-trip time (RTT) RTT: time it takes for a message to travel from client to server & back HTTP uses TCP for its RDT; TCP is connection-oriented. Building a connection takes an additional round-trip. Initiate TCP connection RTT TCP handshake Request file (HTTP) UL RTT HTTP File received time 4 time

Application Layer and DMS

20

Persistence of HTTP Connections

Persistence of HTTP connections Non-persistent: each object suffers a delivery of 2 RTTs Persistent: only one RTT is required to transfer HTTP HTTP HTTP Persistent connection Non-persistent connection

DNS Lookup Resolution

In this way, a DNS lookup may be resolved recursively, instead of iteratively. A name server is said to be authoritative for a domain or certain records, when they appear in one of its zones.

Name Server Categories

Many name servers can be put in one of the following two categories: Authoritative name servers, that answer only queries pertaining to their zones. DNS resolvers, nameservers that need not have any zones of their own, but only aim to resolve recursive DNS queries as quickly as possible, e.g. Google's 8.8.8.8 or Cloudflare's 1.1.1.1. When you connect to an access network, your OS usually obtains a suitable local DNS resolver (via e.g. DHCP or NDP) often running on (or via) the local router. But you can also configure the DNS resolver manually.

TCP Connection Identification

TCP is always bidirectional A TCP connection always has a source IP, source port, destination IP, and destination port. A TCP socket is therefore identified by the combination of source IP, source port, destination IP, and destination port. or rather: local IP, local port, remote IP, andremote port. Two TCP segments from different source endpoints with the same destination IP and destination port will not end up at the same socket! .. . . except at the start! (listening for new connections)

Three-Way Handshake

Three-Way handshake: step-by-step

1. Client sends TCP SYN to server "Synchronise sequence numbers" Client specifies initial Seq # and some other parameters Client allocates buffers No data connect() listen() SYN- SYN_RECVD state Server allocates buffers Client TCP ESTABLISHED ACK- Server TCP ESTABLISHED Server specifies initial Seq # and some other parameters No data
2. Server receives SYN, replies SYNJACK
3. Client receives SYN|ACK, replies ACK Last control segment of the handshake Client adjusts buffers May contain data (piggybacking)

TCP Segment Structure

A TCP segment 0 1 2 3 01234567890123456789012345678901 Source Port Destination Port Sequence Number Acknowledgement Number (if ACK set) Data Res- N CEUAPRSF Offset erved S W C R CS SY Window Size 000 REGKHTNN Checksum Urgent pointer (if URG set) Options Application layer message (payload / data) 4

Classless Inter-Domain Routing (CIDR)

Classless Inter-Domain Routing Better way: flexibly determine the network part by specifying the number of network bits: Variable-Length Subnet Masking

CIDR Notation Addresses

Addresses with network prefix in CIDR notation: 223.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 223.1.1.0/24 ... Also in IPv6: fe80 :: /64

Subnet Mask Notation

Subnet mask notation: set all network bits to 1, all host bits to 0, use octet notation: 255.0.0.0, 255.192.0.0, 255.255.0.0 etc. Not usually used nowadays, never for IPV6.

Using Subnet Masks

How to use subnet masks? Hosts with identical network parts are in the same (link-layer) network Determining this: compare only the network part bits, just ignore the host part bits. The same, but in software terms:

1. Set all network bits in the mask to 1
2. Set all host bits in the mask to 0
3. Perform binary & with mask and addresses
4. If results are equal: identical network part

Boundaries do not have to fall on octet boundaries; e.g .: 200.23.16.0/23 200. 23. 16. 5 11001000.00010111.00010000.00000101 Network Host

Special Host Parts in IPv4 and IPv6

IPv4 Special Addresses

Within each IPv4 prefix, two addresses are special: The host-part set to all-ones (e.g. 192.168.1.255/23) Subnet broadcast address: traffic gets sent to all hosts in the prefix Sometimes you just need this (you'll see why in a bit) Exactly how depends on the link layer May be forwarded by routers if appropriate There's also the link-local broadcast address 255.255.255.255 which should never be forwarded The host-part set to all-zeroes (e.g. 192.168.0.0/23) 'Network identifier' (RFC919) often not used for historic reasons.

IPv6 Special Addresses and Multicast

In IPv6: Only the host-part set to all-zeroes has a special meaning (you'll probably never use: the subnet-router anycast address.) IPv6 doesn't do broadcasts Instead, it has something called link-local multicast What is multicast?

IP Addressing Hierarchy

How does each network know what address to use? IP addressing is hierarchical: The whole IP space is divided up by ICANN, again through IANA Each Regional Internet Registry gets /8 blocks (IPv4) Afrinic (Africa) ARIN (North America) APNIC (Asia and the Pacific) LACNIC (Latin America) RIPE NCC (Europe) For IPV6, mostly /22 and /23 blocks are used Organizations (like ISPs, but basically anyone) can request allocations from the RIRs The blocks are subdivided as needed to allocate for these requests ISPs then allocate smaller blocks to their customers, either statically or dynamically Customers can further subdivide as needed to run multiple link-layer networks