EFE_net

By Wolfgang Keller
Originally written 2019-12-15
Last modified 2020-01-05

Table of contents

Ressources

Acronyms

Network engineering is full of acronyms. Here are some important ones:

Layering

Overview

For the naming of the layers, we refer to RFC 1122 - Requirements for Internet Hosts -- Communication Layers [published 1989-10; visited 2019-12-16T21:33:51Z]; specifically section 1.1.3:

Keep in mind that this “four layer abstraction” is an idealization of the reality. You will soon see examples where this idealized abstraction breaks down. Also keep in mind that in the literature, there exists different names for the layers and models with a different number of layers (e.g. textbooks that are more oriented towards the so-called OSI stack). We don't want to dive into these details.

Let us list some important protocols for the layers:

Link Layer:

Internet Layer:

Transport Layer:

Two additional transport layer protocols that have been standardized, but are only rarely used in the home customer sector, are

Application Layer:

The protocols

Link Layer

Ethernet

TODO

Internet Layer

IPv4

TODO

IPv6

TODO

ARP

TODO

Transport Layer

UDP

TODO

TCP

TODO

ICMP

TODO

ICMPv6

TODO

Some dumps

Example 1

For the coloring of the hexdump:

Under https://raw.githubusercontent.com/jwbensley/Ethernet-CRC32/bd2c6234ec78e5b9e7cc0b58795c84d4f2989184/P1.txt [visited 2020-01-03T18:22:18Z], you can find the following dump of an Ethernet frame:

08 00 27 27 1a d5 52 54 00 12 35 02 08 00 45 00
00 54 1e 49 40 00 40 01 04 50 0a 00 02 02 0a 00
02 0f 00 00 59 d6 0f af 00 01 fd b5 f5 5a 00 00
00 00 e1 95 03 00 00 00 00 00 10 11 12 13 14 15
16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25
26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35
36 37 e6 4c b4 86

Example 2

For the coloring of the hexdump:

Under checksum - Calculate the FCS number from a frame ethernet - Network Engineering Stack Exchange [visited 2020-01-03T19:50:36Z], you can find the following dump of an Ethernet frame:

08 00 20 0A 70 66 08 00 20 0A AC 96 08 00 45 00
00 28 A6 F5 00 00 1A 06 75 94 C0 5D 02 01 84 E3
3D 05 00 15 0F 87 9C CB 7E 01 27 E3 EA 01 50 12
10 00 DF 3D 00 00 20 20 20 20 20 20 5A 05 DE FA

Example 3

Under https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode.html [visited 2019-12-08T18:59:04Z], one can find packet dumps of the following activities:

  1. TCP connection set-up and clear-down
  2. Transmission of a single UDP packet

There is also a packet dump of ICMP ECHO messages, but there is a mistake in this dump; thus, we do not consider it here.

For the coloring of the hexdumps:

TCP connection set-up and clear-down

Endpoints for the directions:

Packet 1: TCP Connect Request

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode3.html [visited 2019-12-08T22:31:58Z]

           0: 00 e0 f7 26 3f e9 08 00 20 86 35 4b 08 00 45 00
          16: 00 2c 08 b8 40 00 ff 06 99 97 8b 85 d9 6e 8b 85
          32: e9 02 90 05 00 17 72 14 f1 14 00 00 00 00 60 02
          48: 22 38 a9 2c 00 00 02 04 05 b4 ?? ?? ?? ?? ?? ??

Direction: Client → Server

Packet 2: TCP ACK

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode4.html [visited 2019-12-08T22:38:43Z]

           0: 08 00 20 86 35 4b 00 e0 f7 26 3f e9 08 00 45 00
          16: 00 28 aa fd 00 00 fc 06 3a 56 8b 85 e9 02 8b 85
          32: d9 6e 00 17 90 05 94 31 10 28 72 14 f1 30 50 10
          48: 22 38 1c 65 00 00 00 00 00 10 00 00 0e 1a cb b3

Direction: Server → Client

Packet 3: TCP (Telnet) Established

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode5.html [visited 2019-12-08T22:39:20Z]

           0: 00 e0 f7 26 3f e9 08 00 20 86 35 4b 08 00 45 00
          16: 00 28 08 b9 40 00 ff 06 99 9a 8b 85 d9 6e 8b 85
          32: e9 02 90 05 00 17 72 14 f1 15 94 31 10 28 50 10
          48: 22 38 1c 80 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ??

Direction: Client → Server

Packet 4: TCP (Telnet) Established

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode6.html [visited 2019-12-08T22:44:06Z]

           0: 00 e0 f7 26 3f e9 08 00 20 86 35 4b 08 00 45 00
          16: 00 43 08 ba 40 00 ff 06 99 7e 8b 85 d9 6e 8b 85
          32: e9 02 90 05 00 17 72 14 f1 15 94 31 10 28 50 18
          48: 22 38 9d 0f 00 00 ff fd 03 ff fb 18 ff fb 1f ff
          64: fb 20 ff fb 21 ff fb 22 ff fb 27 ff fd 05 ff fb
          80: 23 59 88 71 bf

Direction: Client → Server

What does the “strange-looking” sequence mean that the client sends? We won't teach you the obscure details of the Telnet protocol, but we want to give a short explanation. The ff16 means IAC (“Interpret as Command”); see RFC 854 - Telnet Protocol Specification [visited 2019-12-16T01:25:27Z]. The byte that follows the ff16 has the following meaning:

What do these option codes refer to? The subsequent byte tells:

For a list of all the option codes cf. Telnet Options [visited 2019-12-19T20:17:07Z].

So the payload means:

Packet 5: TCP (Telnet) ACK

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode7.html [visited 2019-12-08T22:44:39Z]

           0: 08 00 20 86 35 4b 00 e0 f7 26 3f e9 08 00 45 00
          16: 00 28 aa fd 00 00 fc 06 3a 56 8b 85 e9 02 8b 85
          32: d9 6e 00 17 90 05 94 31 10 28 72 14 f1 30 50 10
          48: 22 38 1c 65 00 00 00 00 00 10 00 00 0e 1a cb b3

Direction: Server → Client

Packet 6: TCP Disconnect Request

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-decode8.html [visited 2019-12-08T22:45:16Z]

           0: 00 e0 f7 26 3f e9 08 00 20 86 35 4b 08 00 45 00
          16: 00 28 08 bb 40 00 ff 06 99 98 8b 85 d9 6e 8b 85
          32: e9 02 90 05 00 17 72 14 f1 30 94 31 10 28 50 11
          48: 22 38 1c 64 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ??

Direction: Client → Server

Packet 7: TCP ACK

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-dec9.html [visited 2019-12-08T22:22:38Z]

           0: 08 00 20 86 35 4b 00 e0 f7 26 3f e9 08 00 45 00
          16: 00 28 aa fe 00 00 fc 06 3a 55 8b 85 e9 02 8b 85
          32: d9 6e 00 17 90 05 94 31 10 28 72 14 f1 31 50 10
          48: 22 38 1c 64 00 00 00 00 00 10 00 00 1e 5c d1 75

Direction: Server → Client

Packet 8: TCP ACK + Data

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-dec10.html [visited 2019-12-08T22:21:56Z]

           0: 08 00 20 86 35 4b 00 e0 f7 26 3f e9 08 00 45 00
          16: 00 37 aa ff 00 00 fc 06 3a 45 8b 85 e9 02 8b 85
          32: d9 6e 00 17 90 05 94 31 10 28 72 14 f1 31 50 18
          48: 22 38 c1 0c 00 00 ff fd 18 ff fd 1f ff fd 23 ff
          64: fd 27 ff fd 24 b5 61 83 28

Direction: Server → Client

For the interpretation of the payload:

Packet 9: TCP Reset Connection

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-dec11.html [visited 2019-12-08T22:21:17Z]

           0: 00 e0 f7 26 3f e9 08 00 20 86 35 4b 08 00 45 00
          16: 00 28 08 bc 40 00 ff 06 99 97 8b 85 d9 6e 8b 85
          32: e9 02 90 05 00 17 72 14 f1 31 00 00 00 00 50 04
          48: 22 38 c0 c9 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ??

Direction: Client → Server

Transmission of a single UDP packet

Packet 1: UDP Unit Data Transmission

Source: https://erg.abdn.ac.uk/users/gorry/course/inet-pages/packet-dec12.html [visited 2019-12-08T19:24:22Z]:

           0: 00 e0 f7 26 3f e9 08 00 20 86 35 4b 08 00 45 00
          16: 00 26 ab 49 40 00 ff 11 f7 00 8b 85 d9 6e 8b 85
          32: e9 02 99 d0 04 3f 00 12 72 28 68 65 6c 6c 6f 68
          48: 65 6c 6c 6f ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ??

Endpoints:

Layer Protocol Endpoint Type Source Endpoint Destination Endpoint
Link LayerEthernetMAC address08:00:20:86:35:4b00:e0:f7:26:3f:e9
Internet LayerIPv4IPv4 address139.133.217.110139.133.233.2
Transport LayerUDPUDP port393761087

The UDP payload 68 65 6c 6c 6f 68 65 6c 6c 6f interpreted as ASCII characters is hellohello.