Session 1: IPv4 Flashcards
What are the different broadcast types supported by IPv4?
IP distinguishes three types of addresses:
Unicast which is a one-to-one communication, i.e., there is only one recipient. Here we only use a specific IP address to identify the target host, e.g., 1.2.3.4
Broadcast addresses a group of hosts via a broadcast address. Therefore, a broadcast address will include several destination addresses. It will target all systems in a specific subnet. The number of target addresses depends on the netmask (as it determines the size of the subnet). The broadcast address is defined as the largest address in any subnet. If the netmask of the subnet is 1.2.3.0/24, then the broadcast address is 1.2.3.255 as all bits not defined by the netmask is flipped to one, consequently generting the largest IP address in the subnet.
Multicast is a connectionless method of communication allowing a single host to send packets to several recipients using UDP. Multicast har recieved the addresses in the range 224.0.0.0 to 239.255.255.255.
What is a netmask?
A netmask is a method used for defining a subnet. We often see IP addresses such as 1.2.3.0/24. The /24 signifies that the last 8 bytes (25 to 32) is the subnet. Thus, this IP address covers all addresses from 1.2.3.0 to 1.2.3.255 as we have a 8-byte subnet with 256 different IP-addresses.
What is fragmentation of IP packets and why does it occur?
Any IP packet is encapsulated in a data link layer protocol header before being transmitted to the next switch/router on the path to the end point. As there are different types of data link protocols, we might find that the packet is too large to fit into a single frame. A possible scenario is when a packet is first sent over wifi before being transmitted using ethernet. As ethernet frames are typically smaller than wifi frames, we quickly find ourselves in a situation in which a single IP packet must be broken into fragments and be sent over several ethernet frames. The fragmented IP packet will always be reconstructed at the destination node since every fragment is considered its own datagram during transmission. A fragmented IP packed is denoted as fragmented by setting a special bit/flag and defining the offset from the first byte of the original fragmented packet. The only exception is the final fragment which does not have this special flag in the header set, but only shows the offset.
Why is fragmentation often considered undesirable?
Firstly, fragmentation leads to a reduction in performance due to increased bandwidth utilization. This is due to the fact that we need more frames which consequently requires more metadata/header information to be sent. Such data is not part of the payload and should ideally be kept as low as possible. In addition, more packets lead to a quicker build up in the transmission que at the different routers and switches in the network, thus fragmentation leads to a build up of packets which contribute to congestion and potential packet loss.
Aside from the performance concerns there are also issues regarding security. There exist two possible fragmentation attacks:
Overlapping fragments is a technique exploiting the lack of a mechanism enforcing the ordering of disjointed packets. Consequently, fragments can come in any order and even be repeated. This enables attackers to surpass firewalls and IDS since they have a different order of packets and will therefore end up with a different result which makes detection challenging.
Fragmentation buffer is another technique utilizing fragmentation where the goal is to overload the usually limited fragmentation buffer found in hosts and IDS. This is accomplished through deliberately holding back fragments thereby allowing the buffer to grow.