ch06.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 1,095 行 · 第 1/4 页

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 6 -- A Brief Primer on TCP/IP</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch05/ch05.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch07/ch07.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">6</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">A Brief Primer on TCP/IP</FONT></H1>
</CENTER>
<P>This chapter examines the Transmission Control Protocol (TCP) and the Internet
Protocol (IP). These two protocols (or networked methods of data transport) are generally
referred to together as <I>TCP/IP</I>.</P>
<P>You can read this chapter thoroughly to gain an in-depth understanding of how
information is routed across the Internet or you can use this chapter as an extended
glossary, referring to it only when encountering unfamiliar terms later in this book.</P>
<P>The chapter begins with fundamental concepts and closes with a comprehensive look
at TCP/IP. The chapter is broken into three parts. The first part answers some basic
questions you might have, including</P>

<UL>
	<LI>What is TCP/IP?<BR>
	<BR>
	
	<LI>What is the history of TCP/IP?<BR>
	<BR>
	
	<LI>What platforms support TCP/IP?
</UL>

<P>The second portion of the chapter addresses how TCP/IP actually works. In that
portion, I will focus on the most popular services within the TCP/IP suite. These
services (or modes of transport) comprise the greater portion of the Internet as
we know it today.</P>
<P>The final portion of this chapter explores key TCP/IP utilities with which each
user must become familiar. These utilities are of value in maintenance and monitoring
of any TCP/IP network.</P>
<P>Note that this chapter is not an exhaustive treatment of TCP/IP. It provides only
the minimum knowledge needed to continue reading this book. Throughout this chapter,
however, I supply links to documents and other resources from which the reader can
gain an in-depth knowledge of TCP/IP.
<H2><FONT COLOR="#000077"><B>TCP/IP: The Basics</B></FONT></H2>
<P>This section is a quick overview of TCP/IP. It is designed to prepare you for
various terms and concepts that arise within this chapter. It assumes no previous
knowledge of IP protocols.
<H3><FONT COLOR="#000077"><B>What Is TCP/IP?</B></FONT></H3>
<P><I>TCP/IP</I> refers to two network protocols (or methods of data transport) used
on the Internet. They are Transmission Control Protocol and Internet Protocol, respectively.
These network protocols belong to a larger collection of protocols, or a protocol
<I>suite</I>. These are collectively referred to as the <I>TCP/IP suite</I>.</P>
<P>Protocols within the TCP/IP suite work together to provide data transport on the
Internet. In other words, these protocols provide nearly all services available to
today's Net surfer. Some of those services include</P>

<UL>
	<LI>Transmission of electronic mail<BR>
	<BR>
	
	<LI>File transfers<BR>
	<BR>
	
	<LI>Usenet news delivery<BR>
	<BR>
	
	<LI>Access to the World Wide Web
</UL>

<P>There are two classes of protocol within the TCP/IP suite, and I will address
both in the following pages. Those two classes are</P>

<UL>
	<LI>The network-level protocol<BR>
	<BR>
	
	<LI>The application-level protocol
</UL>

<H4><FONT COLOR="#000077"><B>Network-Level Protocols</B></FONT></H4>
<P>Network-level protocols manage the discrete mechanics of data transfer. These
protocols are typically invisible to the user and operate deep beneath the surface
of the system. For example, the IP protocol provides packet delivery of the information
sent between the user and remote machines. It does this based on a variety of information,
most notably the IP address of the two machines. Based on this and other information,
IP guarantees that the information will be routed to its intended destination. Throughout
this process, IP interacts with other network-level protocols engaged in data transport.
Short of using network utilities (perhaps a sniffer or other device that reads IP
datagrams), the user will never see IP's work on the system.
<H4><FONT COLOR="#000077"><B>Application-Level Protocols</B></FONT></H4>
<P>Conversely, application-level protocols are visible to the user in some measure.
For example, File Transfer Protocol (FTP) is visible to the user. The user requests
a connection to another machine to transfer a file, the connection is established,
and the transfer begins. During the transfer, a portion of the exchange between the
user's machine and the remote machine is visible (primarily error messages and status
reports on the transfer itself, for example, how many bytes of the file have been
transferred at any given moment).</P>
<P>For the moment, this explanation will suffice: TCP/IP refers to a collection of
protocols that facilitate communication between machines over the Internet (or other
networks running TCP/IP).
<H3><FONT COLOR="#000077"><B>The History of TCP/IP</B></FONT></H3>
<P>In 1969, the Defense Advanced Research Projects Agency (DARPA) commissioned development
of a network over which its research centers might communicate. Its chief concern
was this network's capability to withstand a nuclear attack. In short, if the Soviet
Union launched a nuclear attack, it was imperative that the network remain intact
to facilitate communication. The design of this network had several other requisites,
the most important of which was this: It had to operate independently of any centralized
control. Thus, if 1 machine was destroyed (or 10, or 100), the network would remain
impervious.</P>
<P>The prototype for this system emerged quickly, based in part on research done
in 1962 and 1963. That prototype was called <I>ARPANET</I>. ARPANET reportedly worked
well, but was subject to periodic system crashes. Furthermore, long-term expansion
of that network proved costly. A search was initiated for a more reliable set of
protocols; that search ended in the mid-1970s with the development of TCP/IP.</P>
<P>TCP/IP had significant advantages over other protocols. For example, TCP/IP was
lightweight (it required meager network resources). Moreover, TCP/IP could be implemented
at much lower cost than the other choices then available. Based on these amenities,
TCP/IP became exceedingly popular. In 1983, TCP/IP was integrated into release 4.2
of Berkeley Software Distribution (BSD) UNIX. Its integration into commercial forms
of UNIX soon followed, and TCP/IP was established as the Internet standard. It has
remained so (as of this writing).</P>
<P>As more users flock to the Internet, however, TCP/IP is being reexamined. More
users translates to greater network load. To ease that network load and offer greater
speeds of data transport, some researchers have suggested implementing TCP/IP via
satellite transmission. Unfortunately, such research has thus far produced dismal
results. TCP/IP is apparently unsuitable for this implementation.</P>
<P>Today, TCP/IP is used for many purposes, not just the Internet. For example, intranets
are often built using TCP/IP. In such environments, TCP/IP can offer significant
advantages over other networking protocols. One such advantage is that TCP/IP works
on a wide variety of hardware and operating systems. Thus, one can quickly and easily
create a heterogeneous network using TCP/IP. Such a network might have Macs, IBM
compatibles, Sun Sparcstations, MIPS machines, and so on. Each of these can communicate
with its peers using a common protocol suite. For this reason, since it was first
introduced in the 1970s, TCP/IP has remained extremely popular. In the next section,
I will discuss implementation of TCP/IP on various platforms.
<H3><FONT COLOR="#000077"><B>What Platforms Support TCP/IP?</B></FONT></H3>
<P><I>Most</I> platforms support TCP/IP. However, the quality of that support can
vary. Today, most mainstream operating systems have native TCP/IP support (that is,
TCP/IP support that is built into the standard operating system distribution). However,
older operating systems on some platforms lack such native support. Table 6.1 describes
TCP/IP support for various platforms. If a platform has native TCP/IP support, it
is labeled as such. If not, the name of a TCP/IP application is provided.
<H4><FONT COLOR="#000077"><B>Table 6.1. Platforms and their support for TCP/IP.</B></FONT></H4>
<P>
<TABLE BORDER="1">
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP"><I>Platform</I></TD>
		<TD ALIGN="LEFT" VALIGN="TOP"><I>TCP/IP Support</I></TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">UNIX</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Native</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">DOS</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Piper/IP By Ipswitch</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Windows</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">TCPMAN by Trumpet Software</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Windows 95</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Native</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Windows NT</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Native</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">Macintosh</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">MacTCP or OpenTransport (Sys 7.5+)</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">OS/2</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Native</TD>
	</TR>
	<TR ALIGN="LEFT" rowspan="1">
		<TD ALIGN="LEFT" VALIGN="TOP">AS/400 OS/400</TD>
		<TD ALIGN="LEFT" VALIGN="TOP">Native</TD>
	</TR>
</TABLE>
</P>
<P>Platforms that do not natively support TCP/IP can still implement it through the
use of proprietary or third-party TCP/IP programs. In these instances, third-party
products can offer varied functionality. Some offer very good support and others
offer marginal support.</P>
<P>For example, some third-party products provide the user with only basic TCP/IP.
For most users, this is sufficient. (They simply want to connect to the Net, get
their mail, and enjoy easy networking.) In contrast, certain third-party TCP/IP implementations
are comprehensive. These may allow manipulation of compression, methods of transport,
and other features common to the typical UNIX TCP/IP implementation.</P>
<P>Widespread third-party support for TCP/IP has been around for only a few years.
Several years ago, for example, TCP/IP support for DOS boxes was very slim.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B>There is actually a wonderful product
	called <I>Minuet</I> that can be used in conjunction with a packet driver on LANs.
	Minuet derived its name from the term <I>Minnesota Internet Users Essential Tool</I>.
	Minuet offers quick and efficient access to the Net through a DOS-based environment.
	This product is still available free of charge at many locations, including <A HREF="ftp://minuet.micro.umn.edu/pub/minuet/"><TT>ftp://minuet.micro.umn.edu/pub/minuet/</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>One interesting point about non-native, third-party TCP/IP implementations is
this: Most of them do not provide servers within their distributions. Thus, although
a user can connect to remote machines to transfer a file, the user's machine cannot
accept such a request. For example, a Windows 3.11 user using TCPMAN cannot--without
installing additional software--accept a file-transfer request from a remote machine.
Later in this chapter you'll find a list of a few names of such additional software
for those who are interested in providing services via TCP/IP.
<H2><FONT COLOR="#000077"><B>How Does TCP/IP Work?</B></FONT></H2>
<P>TCP/IP operates through the use of a protocol <I>stack</I>. This stack is the
sum total of all protocols necessary to complete a single transfer of data between
two machines. (It is also the path that data takes to get out of one machine and
into another.) The stack is broken into layers, five of which are of concern here.
To grasp this layer concept, examine Figure 6.1.</P>
<P><A NAME="01"></A><A HREF="01.htm"><B>Figure 6.1.</B></A><B><BR>
</B><I>The TCP/IP stack.</I></P>
<P>After data has passed through the process illustrated in Figure 6.1, it travels
to its destination on another machine or network. There, the process is executed
in reverse (the data first meets the physical layer and subsequently travels its
way up the stack). Throughout this process, a complex system of error checking is
employed both on the originating and destination machine.</P>
<P>Each layer of the stack can send data to and receive data from its adjoining layer.
Each layer is also associated with multiple protocols. At each tier of the stack,
these protocols are hard at work, providing the user with various services. The next
section of this chapter examines these services and the manner in which they are
associated with layers in the stack. You will also examine their functions, the services
they provide, and their relationship to security.
<H2><FONT COLOR="#000077"><B>The Individual Protocols</B></FONT></H2>
<P>You have examined how data is transmitted via TCP/IP using the protocol stack.
Now I want to zoom in to identify the key protocols that operate within that stack.
I will begin with network-level protocols.
<H3><FONT COLOR="#000077"><B>Network-Level Protocols</B></FONT></H3>
<P>Network protocols are those protocols that engage in (or facilitate) the transport
process transparently. These are invisible to the user unless that user employs utilities
to monitor system processes.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B><I>Sniffers</I> are devices that
	can monitor such processes. A sniffer is a device--either hardware or software--that
	can read every packet sent across a network. Sniffers are commonly used to isolate
	network problems that, while invisible to the user, are degrading network performance.
	As such, sniffers can read all activity occurring between network-level protocols.