1. No category

Lecture 10

CS197U: A Hands on Introduction to Unix
Lecture 10: Security Issues and Traffic Monitoring
Yung-Chih Chen
University of Massachusetts Amherst – Department of Computer Science
1
Friday, October 11, 13
Reminders
2
Friday, October 11, 13
Reminders
• Assignment 5 is due tomorrow (Oct. 17)
• Part 1 (tracking webpage update): Hints
• cronbab -e for editing cron table, default editor is emacs
• make sure there is one new empty line at the bottom of cron table
• Crtl+X then S to save, Ctrl+X then C to quit (for non-MAC users)
• In the script, save command output string to a variable update=`COMMAND`
• Check the inequality of two strings: “$update” and “” (no changes)
• You get full points when you and I (the $CC email) receive emails from edlab server
2
Friday, October 11, 13
Reminders
• Assignment 5 is due tomorrow (Oct. 17)
• Part 1 (tracking webpage update): Hints
• cronbab -e for editing cron table, default editor is emacs
• make sure there is one new empty line at the bottom of cron table
• Crtl+X then S to save, Ctrl+X then C to quit (for non-MAC users)
• In the script, save command output string to a variable update=`COMMAND`
• Check the inequality of two strings: “$update” and “” (no changes)
• You get full points when you and I (the $CC email) receive emails from edlab server
• Assignment 6 will be posted late today!
• Due next Wed (Oct. 24)
• You will need A LOT of piping and awk in a line (mostly the same format)
• <COMMAND> | grep <KEYWORD>| awk –F”:” ‘{print $n }’
• prints out your target answer/string
2
Friday, October 11, 13
Reminders
• Assignment 5 is due tomorrow (Oct. 17)
• Part 1 (tracking webpage update): Hints
• cronbab -e for editing cron table, default editor is emacs
• make sure there is one new empty line at the bottom of cron table
• Crtl+X then S to save, Ctrl+X then C to quit (for non-MAC users)
• In the script, save command output string to a variable update=`COMMAND`
• Check the inequality of two strings: “$update” and “” (no changes)
• You get full points when you and I (the $CC email) receive emails from edlab server
• Assignment 6 will be posted late today!
• Due next Wed (Oct. 24)
• You will need A LOT of piping and awk in a line (mostly the same format)
• <COMMAND> | grep <KEYWORD>| awk –F”:” ‘{print $n }’
• prints out your target answer/string
field separator - : , ; (default is space)
2
Friday, October 11, 13
Last time
Friday, October 11, 13
Last time
• Your network configurations : your own machine
Friday, October 11, 13
Last time
• Your network configurations : your own machine
• ifconfig, iwconfig, iwlist, dhclient
• Can not connect to a remote site?
Friday, October 11, 13
Last time
• Your network configurations : your own machine
• ifconfig, iwconfig, iwlist, dhclient
• Can not connect to a remote site?
• ping, host
• The site seems to be alive, but the connection is slow
Friday, October 11, 13
Last time
• Your network configurations : your own machine
• ifconfig, iwconfig, iwlist, dhclient
• Can not connect to a remote site?
• ping, host
• The site seems to be alive, but the connection is slow
• traceroute
Friday, October 11, 13
IP addressing
32-bit identifier
for host, router interface
• IP address:
223.1.1.1
223.1.2.1
223.1.1.2
connection
between host/router and
physical link
• interface:
• router’s typically have
multiple interfaces
223.1.1.4
223.1.3.27
223.1.1.3
223.1.2.2
• host typically has one or
two interfaces (e.g., wired
Ethernet, wireless 802.11)
• IP addresses associated
with each interface
Friday, October 11, 13
223.1.2.9
223.1.3.1
223.1.3.2
223.1.1.1 = 11011111 00000001 00000001 00000001
223
1
1
1
Local Area Networks (LANs)
• bus topology popular through mid 90s
• today: star topology prevails
• active switch in center
• each “spoke” runs a (separate) Ethernet protocol
• wireless LANS: 802.11
bus: coaxial cable
Friday, October 11, 13
switch
star
shared RF
(e.g., 802.11 WiFi)
LAN Addresses
Each adapter on LAN has unique LAN address (also has an IP address)
LAN (or MAC or physical) address:
q
used to get data from one interface
to another physically-connected
interface (same network)
q 48-bit MAC address (for most LANs)
burned in the adapter hardware
Friday, October 11, 13
LAN Addresses
Each adapter on LAN has unique LAN address (also has an IP address)
LAN (or MAC or physical) address:
q
used to get data from one interface
to another physically-connected
interface (same network)
q 48-bit MAC address (for most LANs)
burned in the adapter hardware
Question: why separate
MAC and IP addresses?
Friday, October 11, 13
LAN Addresses
Each adapter on LAN has unique LAN address (also has an IP address)
LAN (or MAC or physical) address:
q
used to get data from one interface
to another physically-connected
interface (same network)
q 48-bit MAC address (for most LANs)
burned in the adapter hardware
Question: why separate
MAC and IP addresses?
- MAC: your identity
IP: your role(s)
Friday, October 11, 13
ARP: Address Resolution Protocol
Question: how to determine
MAC address of B
knowing B’s IP address?
137.196.7.78
1A-2F-BB-76-09-AD
137.196.7.23
137.196.7.14
LAN
71-65-F7-2B-08-53
137.196.7.88
Friday, October 11, 13
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
ARP: Address Resolution Protocol
Question: how to determine
MAC address of B
knowing B’s IP address?
137.196.7.78
1A-2F-BB-76-09-AD
137.196.7.23
137.196.7.14
• Each IP node (host, router)
on LAN has ARP table
• ARP table: IP/MAC
address mappings for
some LAN nodes
< IP address; MAC address; TTL>
•
LAN
71-65-F7-2B-08-53
137.196.7.88
Friday, October 11, 13
58-23-D7-FA-20-B0
0C-C4-11-6F-E3-98
TTL (Time To Live): time after
which address mapping will be
forgotten (typically 20 min)
ARP protocol: Same LAN (network)
• A wants to send datagram to B,
and B’s MAC address not in A’s
ARP table.
• A broadcasts ARP query packet,
containing B's IP address
• dest MAC address = FF-FFFF-FF-FF-FF
• all machines on LAN receive
ARP query
• B receives ARP packet, replies
to A with its (B's) MAC address
• frame sent to A’s MAC address
(unicast)
Friday, October 11, 13
ARP protocol: Same LAN (network)
• A wants to send datagram to B,
and B’s MAC address not in A’s
ARP table.
• A broadcasts ARP query packet,
containing B's IP address
• dest MAC address = FF-FFFF-FF-FF-FF
• all machines on LAN receive
ARP query
• B receives ARP packet, replies
to A with its (B's) MAC address
• frame sent to A’s MAC address
(unicast)
Friday, October 11, 13
• A caches (saves) IP-to-MAC
address pair in its ARP table until
information becomes old (times
out)
• soft state: information that
times out (goes away) unless
refreshed
• ARP is “plug-and-play”:
• nodes create their ARP tables
without intervention from net
administrator
Addressing: routing to another LAN
88-B2-2F-54-1A-0F
74-29-9C-E8-FF-55
A
E6-E9-00-17-BB-4B
1A-23-F9-CD-06-9B
111.111.111.111
222.222.222.220
111.111.111.110
R
111.111.111.112
222.222.222.221
222.222.222.222
B
49-BD-D2-C7-56-2A
CC-49-DE-D0-AB-7D
walkthrough: send data from A to B via R
assume A knows B’s IP address
• two ARP tables in router R, one for each IP network
(LAN)
Friday, October 11, 13
88-B2-2F-54-1A-0F
74-29-9C-E8-FF-55
A
E6-E9-00-17-BB-4B
1A-23-F9-CD-06-9B
111.111.111.111
222.222.222.220
111.111.111.110
111.111.111.112
R
222.222.222.221
222.222.222.222
B
49-BD-D2-C7-56-2A
CC-49-DE-D0-AB-7D
• A creates IP packet with source A, destination B
• A uses ARP to get R’s MAC address for 111.111.111.110
• A adds a frame with R's MAC address as dest, frame contains A-to-B IP data
• A’s NIC sends frame
• R’s NIC receives frame
• R removes IP from Ethernet frame, sees its destined to B
• R uses ARP to get B’s MAC address
• R creates frame containing A-to-B IP datagram sends to B
Friday, October 11, 13
Traffic Monitoring
Friday, October 11, 13
Traffic Monitoring
• Command line tools
• Check from time to time when the connection is slow
• Malicious software/virus may piggyback on your network connections
• Measure how fast is your download/upload
• ifstat: real-time throughput of each interface
• Uplink and downlink
• ifstat –t : with timestamps
Friday, October 11, 13
Traffic Monitoring
• Command line tools
• Check from time to time when the connection is slow
• Malicious software/virus may piggyback on your network connections
• Measure how fast is your download/upload
• ifstat: real-time throughput of each interface
• Uplink and downlink
• ifstat –t : with timestamps
• iftop: more detailed information about current connections
• source and destination
• Port number
• Throughput
Friday, October 11, 13
Demo
• arp – address resolution protocol
• Broadcast your own address when first joining the network/LAN
• arp –n : list the table of all IP addresses ßà hardware MAC mapping
• arp –d <hostname> : delete a host’s hardware address from ARP table
• arp –s <hostname> <HW> : add an mapping of an IP/MAC
• Wireshark
• Sniffing all the packets passing through the “shared” media
• Ethernet LANs or wireless LANs
• Various of TCP and UDP connections
• Packet headers and the contents
Friday, October 11, 13
Security Issues
Friday, October 11, 13
Security Issues
• LAN is based on a broadcast system
• Know who your neighbors are
• Know their MAC/IP addresses mapping
• When a packet arrives your LAN
• Look at the destination IP address of the packet header
• If not your packets, dump them
• Otherwise, receive and respond to the packet
BUT
• Can I take a look at someone else’s packet in my LAN?
• Their emails, their passwords, and their conversations
Friday, October 11, 13
Bad guys can sniff packets
packet “sniffing”:
• broadcast media (shared ethernet, wireless)
• promiscuous network interface reads/records all packets (e.g., including
passwords!) passing by
C
A
src:B dest:A
payload
B
Friday, October 11, 13
Wireshark – Packet Sniffer
• Capture packets being sent/received from/to your computer
• Need to install it as a sudoer
• “sudo get-apt install wireshark”, then type “ sudo wireshark “
Friday, October 11, 13
Wireshark
Friday, October 11, 13
Wireshark
Friday, October 11, 13
Unsecure vs. Secure Network Connections
• ssh vs. telnet
• Secure Shell (SSH) for secure remote login vs. plain text interaction
• scp vs. ftp
• Secure CoPy based on SSH vs. File Transfer Protocol
• https:// vs. http://
• Secure HyperText Transfer Protocol
Friday, October 11, 13
Summary
Command
Description
arp
Address resolution protocol (IP vs. MAC)
ifstat Real time bandwidth monitoring on all interfaces
iftop
Monitoring details of specific interface
ftp/scp
(Un)secure file transport
wireshark
Packet sniffing
Friday, October 11, 13

 Download  Report

Paperzz.com

Your Paperzz

© Copyright 2026 Paperzz