Xem mẫu
- IP Concepts
Security Essentials
The SANS Institute
IP Concepts - SANS ©2001 1
Hello, welcome to IP Concepts. This is one of two modules on the subject of TCP/IP. Since the
TCP/IP protocol suite is fundamental to any network that is connected to the Internet, in order to
secure TCP/IP based networks, one must understand how they work and why they work. In this
module we are going to start by looking at the IP protocol and then in the second module we will
cover the other protocols that reside in the TCP/IP protocol suite.
Lets jump in and start looking at how IP works.
2-1
- Objectives
• Protocol stacks
• Numbering systems
• Packets, how is data transmitted
• IP
• Addressing
IP Concepts - SANS ©2001 2
In this module we are going to cover various aspects of IP. We are going to start by looking at one
of the most common protocol stacks: The OSI protocol stack and look at how communications is
broken down into seven core areas. We are then going to compare the seven layer OSI stack with
the TCP/IP protocol stack. Then, we are going to cover numbering systems and see how to translate
between decimal and binary. Since humans operate on a base 10 numbering system and computers
operate on a base 2, it is important that you understand how to translate between the two systems.
Then we will cover how data is put into packets and sent across the wire. IP, which is the
fundamental protocol of TCP/IP, will then be covered in-depth, looking at various aspects of the
header. We will finish the section by looking at IP addresses and how they are broken down into two
pieces: A network and a host portion.
Now lets start by looking at what a protocol stack is.
2-2
- Protocol “Stacks”
• Divide network communications
into layers
• Each layer provides service to the
layer above and receives service
from the layer below
• Divide task of communication into
pieces for easier implementation
IP Concepts - SANS ©2001 3
Having all these protocols is nice, but how does information actually get from one place to another? In order to
understand how this happens we need to start by discussing protocol stacks. And to discuss protocol stacks, we need
a good real-life example.
Imagine, if you will, a five-story apartment building. This building, however, is very special (or very strange,
depending on your point of view). First of all, the really important things happen on the top floor, floor 5. Second, the
only way the people on the fifth floor can get anything done is by asking the people on the floors below them to do it.
For example, the people on the fifth floor want to make dinner. They tell this to the people on the fourth floor. The
people on the fourth floor figure out that dinner requires a soup, salad, main course, and dessert. They tell this to the
people on the third floor. The people on the third floor decide that the courses will be onion soup, a garden salad, beef
stew, and apple pie, and they tell this to the people on the second floor. The people on the second floor figure out what
ingredients will be needed for this dinner (for example, chicken broth, lettuce, vegetables, beef, etc.) and give this
information to the people on the first floor. The people on the first floor actually go to the store, buy all the ingredients,
and bring them back to the apartment building.
Once the ingredients are purchased, the process goes in reverse. The first floor gives the raw ingredients to the
second floor. The second floor checks that all the ingredients are there and then hands them off to the third floor. The
third floor prepares the various courses by making the soup, tossing the salad, cooking the beef, and baking the pie.
Once all this is done they hand the food off to the fourth floor. The fourth floor people package all the food up into
nice courses and bring it up to the fifth floor residents so they can eat a delicious meal.
Well, in essence, that’s how protocol stacks work. Protocol stacks divide network communications into different
layers, like the floors in the apartment building. Each layer in the stack works on the packet in different ways. Some
layers make sure the packet has all the information it needs, some layers make sure the packet is ready for an
application to work with, and some layers make sure the packet gets onto the network properly. Each layer works
directly with the layer above and below it, just as in the apartment building example. As packets are passed from one
layer to the next, each layer examines or modifies the packet in some way. Once the packet has reached the “ground
floor” of the network it is sent to its destination.
The use of protocol stacks in network communications makes the task of implementing protocols much easier. By
making communications more modular, a service, process, or application need only concern itself with the layers it
needs, leaving the other layers to someone else.
2-3
- The OSI Protocol Stack
Application Layer 7
Presentation Layer 6
Session Layer 5
Transport Layer 4
Network Layer 3
Data Link Layer 2
Physical Layer 1
IP Concepts - SANS ©2001 4
One of the most widely known protocol stacks is the International Standards Organization (ISO) Open Systems Interconnect
(OSI) model. The OSI model divides network communications into seven layers.
The Physical Layer handles transmission across the physical media. This includes such things as electrical pulses on wires,
connection specifications between hardware, voltage, and current, etc.
The Data Link Layer connects the physical part of the network (e.g. cables and electrical signals) with the abstract part (e.g.
packets and data streams). It also creates the headers and validation information that get attached to packets.
The Network Layer handles interaction with the network address scheme and connectivity over multiple network segments.
It describes how systems on different network segments find and communicate with each other.
The Transport Layer actually interacts with your information and prepares it to be transmitted across the network. It is this
layer that ensures reliable connectivity from end-to-end. The Transport Layer also handles the sequencing of packets in a
transmission.
The Session Layer handles the establishment and maintenance of connections between systems. It negotiates the connection,
sets it up, maintains it, and makes sure that information exchanged across the connection is in sync on both sides.
The Presentation Layer makes sure that the data sent from one side of the connection is received in a format that is useful to
the other side. For example, if the data is compressed by the sender prior to transmission, the Presentation Layer on the
receiving end would have to decompress it before it can be used by the receiver.
The Application Layer is responsible for interacting with the application to determine whether network services will be
required. When a program requires access to the network, the Application Layer will manage requests from the program to the
other layers down the stack.
Why is all this important, and do you really need to memorize all this for an Introduction course? Well, only sort of. You need
to have at least a passing familiarity with the OSI model because you will hear network engineers and vendors talk about
“Layer 2 Switches” or “Layer 3 Protocols.” The layers they are referring to are the OSI model layers. Understanding what
each layer does will go a long way in both understanding the conversation and securing your network services.
2-4
- The TCP/IP Protocol Stack
• Application
• Transport
• Internet
– sometimes called Network
• Network Interface
– sometimes called Data-link or Link
IP Concepts - SANS ©2001 5
In comparison to the OSI protocol stack, the TCP/IP stack is much simpler. The TCP/IP model
predates the OSI model and, as the underlying protocol of the Internet, is more widely used than OSI-
based protocols. The TCP/IP stack only has four layers: The Application Layer, the Transport Layer,
the Internet Layer, and the Network Access or Network Interface Layer.
The definition of the TCP/IP layers is as follows:
The Network Layer defines how to access a specific network topology, for example Ethernet, Token
Ring, etc. The network layer is also referred to as the Link or Data-link layer.
The Internet Layer defines how datagrams are formatted and handles the routing of data through the
network. Examples of Internet Layer protocols include IP. This layer is also referred to as the
Network layer (when the term Link layer is used for the Network layer).
The Transport Layer provides end-to-end data delivery service. This is the layer that assembles
packets and sends them to the Internet layer for processing. Examples of Transport Layer protocols
are TCP and UDP.
Finally, the Application Layer consists of application programs and serves as the network interface
into user applications. Examples of application layer services are Telnet, FTP, and DNS.
It is important to note that even though the TCP/IP protocol stack only has 4 layers as compared to
the 7 layer OSI model, it still performs the same functionality. It just means because there are less
layers that each layer has to do a little more work.
2-5
- OSI vs. TCP/IP
Application 7
Presentation 6 Application
Session 5
OSI Transport 4 Transport (TCP) TCP/IP
Network 3 Internet (IP)
Data Link 2
Network
Physical 1
IP Concepts - SANS ©2001 6
This diagram shows a comparison between the OSI model and the TCP/IP model. As you can see,
the OSI model has more granularity than the TCP/IP model. In addition, the OSI model chose to split
apart some functionality that was combined in the TCP/IP model.
For example, the Network Layer in the TCP/IP model comprises both the Physical Layer and the
Data Link Layer in the OSI model. And the Application Layer in TCP/IP encompasses the
Application, Presentation, and Session Layers of the OSI model. The OSI model is more detailed and
more granular because it was designed to encompass protocols other than just TCP/IP. By creating
more layers the designers of OSI made it easier to break down the functionality of each protocol and
build more specific interfaces and linkages between the layers.
Even though each model breaks down the functionality slightly differently, it is, however, important
to know that no matter which model you use, it must perform all the functions required to take a
piece of application data, place it into a packet, place that packet on the wire, and handle its safe and
efficient delivery to its destination.
2-6
- How TCP/IP Packets Are
Generated
“Hello There”
Application
“Hello There” Layer
TCP Transport
“Hello There”
Hdr Layer
IP TCP Internet
Hdr Hdr
“Hello There”
Layer
Eth IP TCP Network
Hdr Hdr Hdr
“Hello There”
Layer
IP Concepts - SANS ©2001 7
This slide shows how a packet is generated as it moves through the stack. To start, the Application
Layer takes information from the application itself. In this case we will be sending the phrase “Hello
There” to another computer. The application program gives the “Hello There” to the Application
Layer of the protocol stack. The Application Layer creates an empty packet and places the “Hello
There” inside of it. The Application Layer then sends the packet to the Transport Layer.
The Transport Layer takes the packet and adds a header to it. The header has all the information that
the Transport Layer on the other side of the connection needs to determine what to do with the
packet. Once the transport header is put on the packet it is given to the Internet Layer.
The Internet Layer puts another header in front of the packet. Like the Transport layer before it, this
header gives information for the Internet Layer on the other end. Once this header is attached, the
packet is sent to the Network Layer.
As you can probably guess by now, the Network Layer will want to put its own header on the packet.
This header will assist the routers and gateways between the two machines in sending the packet
along its way. Once this final header is placed on the packet it is put on the wire and sent to its final
destination.
2-7
- How Protocol Stacks
Communicate
Application Application
Presentation Presentation
Session Session
Host Host
A Transport Transport B
Network Network
Data Link Data Link
Physical Physical
IP Concepts - SANS ©2001 8
The previous slide showed how a single stack handles the movement of data from the application
program to the network. In this slide we will look at how data is passed between stacks. This slide
uses the OSI model, but the process works the same way with the TCP/IP model.
When two computers need to communicate with each other, it is actually the protocol stack on each
computer that does the talking. Each layer on the stack of a host talks only to the corresponding layer
on the remote computer. For example, in the above diagram the Application Layer on Host A
exchanges information with the Application Layer on Host B, the Session Layer on Host A
exchanges information with the Session layer on host B, etc. However, it does this by going through
each of the layers below on its own host’s stack. Each layer takes the information from the layer
above it, examines it, adds its own information to it, then sends it to the next layer down the stack.
Once the packet reaches the bottom of the stack, it travels along the network wire to the remote host,
then travels up the stack on the remote side. At each layer of the remote stack, the packet is
examined, the information that layer needs is removed and the packet is sent further up the stack.
Each layer removes only the information placed in the packet by the corresponding layer from the
sending host’s stack. For example, the Network Layer from Host B removes and examines the
information placed in the packet by the Network Layer in Host A. This is how protocol layers
communicate with each other.
Through the use of orderly flow of communications up and down the protocol stacks, packets can be
created, moved, and examined with great efficiency across large distances and multiple networks.
2-8
- Bits and Bytes
BIT= 1 OR 0
BYTE= 00010001
(OCTET)
IP Concepts - SANS ©2001 9
Now that we understand protocol stacks, lets start to look at how information is stored in a computer.
As of course you know, the atom of computing is a bit – a single storage location that has a value of
either a zero or a one. Now, that doesn’t hold a lot of information, so we clump these into groups of
eight (called bytes or octets), but that’s still very small. However, it is enough to hold a character
(such as the letter “A” or a comma) and it can hold an integer number as large as 255.
2-9
- Overview of Numbering Systems
• Decimal
– Base 10
• Binary
– Base 2
• Octal
– Base 8
• Hex
– Base 16
IP Concepts - SANS ©2001 10
Throughout our lives we have learned how to count and have done all numerical transactions with a
decimal or base 10 numbering system. Unfortunately, computers only understand 2 states, on or off,
0 or 1. So in terms of computer communications, everything is stored and communicated in a base 2
numbering system. Since having only 2 values for each number makes the resulting values very
cumbersome and hard for humans to understand, other numbering systems are used to help with the
conversion between computers and humans. Since computers use a base 2 numbering system, by
taking multiples of 2 you can easily translate to other numbering systems. Two other systems that
are most commonly used are 2 raised to the power of 3, which is a base 8 numbering system or octal,
or 2 raised to the power of 4 which is a base 16 or hex numbering system. Since bits are often
broken down into bytes and bytes consist of 8 bits, hex more cleanly maps to bytes because every 4
bits equals one hex, so two hex digits equal one byte. Since hex is base 16, that means for every
position there are 16 possibilities. These values are 0-9 and A-F, where A is 10, B is 11, C is 12, D is
13, E is 14, and F is 15.
Now that we understand the base systems, lets see how we convert between different numbering
systems.
2 - 10
- Binary Conversion
• To calculate a number, you take the
base of the numbering system and raise
it to the power of the column.
– First column is 0, next is 1, then 2, etc.
– 234 base 10
• (2 x 102) + (3 x 101) + (4 x 100) = 234
– 1001 base 2
• (1 x 23) + (0 x 22) + (0 x 21) + (1 x 20) = 9 base 10
– 11111001 base 2 equals F9 base 16
IP Concepts - SANS ©2001 11
To convert between the different numbering systems is fairly straightforward if you remember the
basic rules of mathematics. The way that you calculate a number regardless of the base, is to take
the base of the numbering system, raise it to the power of the column and multiply it by the number
in that column. Start at the right side of the number being the least significant, that becomes the zero
column. Then, as you work your way from right to left, each column increments by one. Let’s look
at an example by taking the decimal number 234. Since this is a decimal number, we are dealing
with the base 10 numbering system. Starting at the right, the 4 is in the zero column, the 3 is in the
ones column, and the 2 is in the twos column. We then take two and multiply it by 10 raised to the
power of two (100) and add that to 3 multiplied by ten raised to the power of one (10) and add that to
4 multiplied by 10 raised to the power of zero (1) to arrive at our decimal number two hundred and
thirty four.
To figure out the decimal equivalent of a binary number we would go through similar steps. In this
case, the columns do not change but the base operating system is now changed to 2. So starting from
right to left the first digit is in the zeros column, the next digit is in the ones column, the second zero
is in the twos column and the last one is in the threes column. We then take 1 multiplied by two
raised to the power of three or 8 and add that to zero multiplied by two raised by the power of 2
which is 4 and add that to zero multiplied by two raised to the power of one which is 2 and add that
to 1 multiplied by two raised to the power of zero which is one. This gives you a decimal value of 9.
The last example shows us that every four binary digits converts to one hex digit. This makes sense
because the range of values for four binary bits is 0-15 or 16 possibilities and the hex numbering
system is base 16 with values ranging from 0-15. So every byte or 8 bits becomes two hex digits.
We take the first four bits 1001 and convert them to 6 and we take the second four bits 1111 and
convert that to a decimal 15 which equals F in hex.
2 - 11
- What’s in a Packet
• Header and Payload (data)
• A packet can tell you many things
• A packet can’t tell you everything
Hdr Data
IP Concepts - SANS ©2001 12
Now that we understand the numbering systems of computers, lets look at how data is broken into
packets and sent between computers. The data packet has two basic parts, the header and the
payload.
The header is the part of the packet that contains information about the packet itself – where it has
come from, where it is going, and what kind of information it contains.
The payload is the data or information the packet is carrying.
There is a lot of information in a packet. I won’t go into detail about everything contained in a
packet, but the packet can tell you many things about the information it contains. For example, by
examining a packet header you can determine:
• where a packet came from;
• where it is headed;
• the type of information contained in the packet;
• what application the packet is being used for;
• whether this packet is the start of a new transmission or the continuation of an
existing transmission;
• where in the information stream this packet belongs.
However, a packet can’t tell you everything. For example, a packet can’t tell you:
• who really sent the packet;
• whether the contents have been altered during transmission.
2 - 12
- Packets
Header Data
01001010
01000010
11001010
01001110
01001011
The header provides addressing and type information
much like the outside of a snail-mail envelope.
IP Concepts - SANS ©2001 13
We group multiple octets together for shipping across the network by putting them in packets. On
your slide you see a sample packet, and we learn one of the great truths of networking: There is a
relatively high overhead cost to slinging these packets across the network. And so we go to a lot of
trouble to package our content so that we can ship it across the network. When we get it to the other
side, we have to unwrap it and we want to make sure that it crossed the Internet safely. And so, we
have a “tamper-proof seal” which is a 16-bit cyclic redundancy checksum (CRC) that is used to let
us know that the contents of the packet (or, for that matter, the header of the packet) have not been
damaged or corrupted in transit.
Now, below you see a real IP packet, and the hexadecimal part of it begins with the 4500. This is a
quite common way for a packet to begin. It means that this is (the 4) Internet Protocol version 4, and
the 5 tells us that no IP options are set (that’s 5 32-bit words).
Now, you’ll notice that some of the characters have been changed to XXXX XXXX. This is the
location in the header where the destination address would be. We’re showing you an analogy on
your slide between the header and the outside of an envelope. I’ve also bolded some hexadecimal
characters (d823 d9ba) for you, and that would be the source address, or the sender of this
particular packet.
10:14:16.509362 216.35.217.186.telnet > PC.edu.1153: S
1472583541:1472583541(0) ack 219629 win 8736 (DF) (ttl
115, id 14349)
4500 002c 380d 4000 7306 f308 d823 d9ba
XXXX XXXX 0017 0481 57c5 d775 0003 59ed
6012 2220 0b7d 0000 0204 05b4 0000
2 - 13
- Packets Have Addresses
MAC IP
01001011
01001011
11001010
0826Cf1541f2
0826C1f45231
172.20.31.28
172.20.31.25
Internet Protocol (IP) Addresses are like your name and
Media Access Controllers (MAC) are like your street address
in the envelope analogy
(Packet shown is notional, IP Packets don’t have MAC addresses, however Ethernet frames do)
IP Concepts - SANS ©2001 14
As you will see, it turns out that packets have multiple levels of addresses. Right now, I’d like to
have you think about the hardware address and the software address. We can compare that to the
address that your house has (that would be the hardware address). If your house was 1218 Parsell
Street, Fredericksburg, Virginia, that would be its hardware address. But, various people might live
in a house over a house’s lifetime, and that can be thought of as a software address: Joe Smith at
Parsell Street. And so we have this binding between the two.
We have the same situation in IP communications. In this case the MAC address is 48 bits long.
This is a really, really large number and we’re going to see that that matters, as we go further into the
course. At this point it is important to remember that computers have two addresses, a MAC address
which hardly ever changes and an IP address that could change as the computer moves to different
locations. We will cover the relationship between the two addresses in the routing module.
2 - 14
- Frames and Packets
Frames are packets on the media
Frame Header Frame Trailer
Data
14 Bytes 4 Bytes
IP Concepts - SANS ©2001 15
Now, in some sense, we can compare a software view of the world, where we talk about assembling
packets for transmission, and an electrical engineer or physical view of the world, which is when
they [the packets] are actually being transmitted. When the packets are transmitted, we call them
frames, and they’re going to need to have a frame header and a frame trailer, which adds to the
overhead of our packet. This is additional overhead to the packet overhead.
One of the most important things that a frame header does is that it synchronizes. This is
particularly important as we’re going faster and faster. This tells the computer’s network interface
card (NIC) when a particular frame begins. That way the NIC knows, when it sees that pattern, to
start pulling in that data so it can check it out. Respectively, the trailer tells the NIC when the packet
ends so it can stop pulling the data off of the network.
2 - 15
- One Layer’s Header
is Another Layer’s Data
TCP Header Data
IP Datagram Header Data
Frame Header Data
Data
Headers are prepended as packet descends the stack
IP Concepts - SANS ©2001 16
This is a very important concept. All of IP communications is an exercise in multiplexing and
demultiplexing. So we begin with some message or some content that we want to send, perhaps
through telnet or electronic mail. And as we pass it down through the IP stack, each of the layers is
going to have to wrap its header information around our message that we want to send.
The process of adding header information as a packet is passed down the TCP/IP stack, and reading
and removing header information as the packet is passed up the stack, is also referred to as
encapsulation and decapsulation.
I want to introduce a term at this point, called TCP segment. The message with the TCP headers
passed down to the IP layer is called the TCP segment.
2 - 16
- Network Protocols
• The rules of the road that computers
use to communicate
• Determines format of communication
• Determines order of communication
• Determines meaning of communication
IP Concepts - SANS ©2001 17
In real life, there are all kinds of rules for giving and receiving information. In school you must raise
your hand and wait for the teacher to call on you before speaking. When you mail a letter there is a
particular format for placing the address and postage on the envelope. And when you make a phone
call you traditionally wait for the person you are calling to say “Hello” before speaking. All the rules
serve to make communications easier. Break one of these rules (talk out of turn in class or put the
stamp on the backside of the envelope) and the communication gets confused. These rules are called
“protocols.” A protocol is a formal specification (or the rules of the road) for communicating.
Computers and networks are no different. If two computers want to communicate they need to follow
a specific set of protocols in order for each computer to receive and understand the message. There
are a lot of different protocols. Some protocols concern themselves with making sure that each
packet has the proper information in the proper sequence. Some protocols make sure that information
gets copied from your computer to the network cable properly. Still others make sure that packets all
get to the right place in the proper order. There are three basic purposes for communications
protocols:
1. Determining the format of a communication.
2. Determining the order of a communication.
3. Determining the meaning of a communication.
As long as both sides of the communication are using the same protocol, and using it properly, the
communication will be successful.
2 - 17
- IP – The Internet Protocol
• Deals with transmission of packets
between end points
• The fundamental protocol of the
Internet
IP Concepts - SANS ©2001 18
The Internet Protocol (IP) is the protocol by which information is sent from one computer to another on
the Internet. Each computer on the Internet has at least one IP address that uniquely identifies it from all
other computers on the Internet. When you send or receive data (for example, an e-mail note or a web
page), the message gets divided into little chunks called packets. Each of these packets contains both the
sender's Internet address and the receiver's address. Any packet is sent first to a gateway computer that
understands a small part of the Internet. The gateway computer reads the destination address and forwards
the packet to an adjacent gateway that in turn reads the destination address and so forth across the Internet
until one gateway recognizes the packet as belonging to a computer within its immediate neighborhood or
domain. That gateway then forwards the packet directly to the computer whose address is specified.
Because a message is divided into a number of packets, each packet can, if necessary, be sent by a different
route across the Internet. Packets can arrive in a different order than the order they were sent in. The
Internet Protocol just delivers them. It's up to another protocol, the Transmission Control Protocol (TCP), to
put them back in the right order.
IP is a connectionless protocol, which means that there is no established connection between the end points
that are communicating. Each packet that travels through the Internet is treated as an independent unit of
data without any relation to any other unit of data. (The reason the packets do get put in the right order is
because of TCP, the connection-oriented protocol keeps track of the packet sequence in a message.)
The most widely used version of IP today is Internet Protocol Version 4 (IPv4). However, IP Version 6
(IPv6) is also beginning to be supported. IPv6 provides for much longer addresses and therefore the
possibility of many more Internet users. IPv6 includes the capabilities of IPv4 and any server that can
support IPv6 packets can also support IPv4 packets.
2 - 18
- Packets are Sort of Positional
0 15 31
VER IHL TOS Length in Bytes
ID Field Frag offset
TTL Protocol Header Checksum
Source IP Address
Destination IP Address
IP Header with no options shown, 20 bytes total
IP Concepts - SANS ©2001 19
So, we’re looking at a big pile of zeros and ones. How do we know how to interpret them? We do
this by their position in the header. As you can see on your slide, a certain number of bits is allocated
for each field in the header. There are options flags that can be set in the headers that change how it
is processed or the expected length. Also, the protocols themselves are each handled differently. For
the purposes of this course, the primary protocols that we’re going to talk about are the User
Datagram Protocol (UDP), Transmission Control Protocol (TCP), and the Internet Control
Message Protocol (ICMP). But we will touch on other very important protocols that you will need
to learn as you continue to move through the course.
Now, let’s take an exercise. It’s your turn! Please take a minute and calculate how many bytes into
the header we need to count in order to find the beginning of the protocol field.
(Pause)
Did you come up with nine? If you came up with a different number, it’s important to realize that in
“IP header math,” we generally start counting with zero. That’s something we have to remember.
2 - 19
- IP Header Identifies Protocol
Protocol Header Data
Protocol Field Protocol
1 0000 0001 ICMP
6 0000 0110 TCP
17 UDP
IP Datagram Header Data
Headers provide information needed to parse the packet
IP Concepts - SANS ©2001 20
Now that we’ve counted our way to the protocol ID field, what is it, and what does it do? The value
in this field tells us what protocol the packet was constructed by. We’re going to need that
information when we demultiplex this layer from the packet.
On your slide you see values for common protocols: 1 for ICMP, 6 for TCP, and 17 for UDP. Now,
how long was the protocol field? It was eight bits. So, what is the maximum value we can display
with eight bits? If every bit is set to 1 and we start counting at zero, we have 255 of course. What
would the bit pattern in the packet be if it was a TCP packet? From left to right, it would be 0000
0110, which equates to a decimal value of 6.
Now, remember how to convert from binary. We have a 0 in the 20 place, and so the most that could
be would be one; but that’s a zero, we can ignore it and keep going. We have a 1 in the 21 place, and
we have a 1 in the 22 place. 22 would be a 4, 21 would be a 2, so 2 + 4 is 6.
Okay, that’s great! Now we have time for one more student exercise. Please write down the bit
pattern you would see for UDP (17 in decimal).
(Pause)
From left to right, you should have…
0001 0001, which gives you 1 in the 16 position and 1 in the 1 position, which when added together
gives you a value of 17.
2 - 20
nguon tai.lieu . vn
