Figure 324 RIP

TView full size image]

SüíT-p- I^Kí), UliiLUlíl ÍUlLC ijHWdai Mil : |i' ijHh I |»n !■■ In¡mek máDff CdptliDV --l-cii



TView full size image]


r™^5|iff] nii inirtiimi iMiTriJB i i fcmjür,: ilr.u-i IjtLI [

r™^5|iff] nii inirtiimi iMiTriJB i i fcmjür,: ilr.u-i IjtLI [

LcourJ ■ 2 I fwi=.¡"ziri=n j TflJSlOD ■ 2 QnuM>d ■ tf ftcuis&a diila 1 roui L

ir Irffcr«H - [1Í3 L6I 4 D| Edwi V+aU - [HS Itt ZES-d]

Ünt lcp * £Ú Ú Cl í"| í rcuLir-n vi« ormiB Mntrie - 1

SwLMfrf d4Í4 iFMfl 2

J? lünsi - [33J LEÉ L L¡¡ íiubtrdL Kmak ■ [íií Q]

da La l:un 3 Idlna IflaiJy i-imi L Ll swr tniíi T'ng

You are correct if you said Figure 3-24 displays RIPv2 because the destination is the multicast address rather than a local broadcast.

Now look at another application that is common in a day-to-day environment; Hypertext Transport Protocol (HTTP) uses TCP port 80 to provide web services. It also uses clear-text data transmission. Obviously this is a very big issue with purchasing items over the Internet. Ecommerce application s make use of more secures protocols such as HTTPS over TCP port 443. If Cou com pare a Sniffer trace of1 HTTP and HTTPS tra ffic, the HTTP S data i s encrypted. Figure 3-25 shows you what exople can sniff when you use H TTP to access a swi tch. I had to tu on port monitoring on for this to work. "Those details a re uovered m ore depth in the switch chapters, Chapter 6, "Shooting TroaWe with CatOS and IOS," and Chapter 7, "Shooting Trouble with VLANs on Routers and Switches." For now, analyze the layered approach to HTTP as you have done with the other applications.

Figure 3-25. HTTP to a 1900 Switch

[View full size image!

. "S« — r5-*,..M tut*«— - '.«J ii/whirii, .■ I.H^I.H i-



Mli L IS 3

■H^TC :Jj U),J ill -.12 IID ■He^-TC UJ Llf 3 ll] LU 1 111


vra&dzti l

DCSHBUJFiHe l^i^lfcl 1 HI

1 1 Lil

F Ft'MiJ 163 7 10! MiHIDiTIHatl Pm-[F d-tlj 1-1mt 51)1 sffi.jifllstlto ieikl v; ¡¡-.: lj i l-.uhv -.-.■■" sli-jin lsi j ii aaj-iutt . ■

[>-t5 S-15J7 Lilt"?! 51 flF'BItO : IVirt-Hi; SET llTttV] ]_

P-tO 5^15)7 ICI-1 i Li "73Tf.| V rK" t"tD R J^rf l(1j7 liTriL hi. e r :i ■. ■ lqi r in nr.

HP S-llrti m-13IiJ7tE6l frH-f:7(D .. fccHU hi ML loll ■ itirL^frli DTVL IVLn

Hi S"i}W7 -I"! Li771iH fi R=n.L5h.' HTHL bin " Ifert-LQh.1 IITHT Zj i *

D»HJ >io(7 iL~T'Ui»nih MtM-rriiri W Atari-L«7 riiHL

55.55 gg u



55 55

51 55

55 55

CI 55 qq

50 05

51 55

5 50?0C? llllllrl DDDDDdt 7

00000IC5 HtnUdU

005551(5 05555115





Tt'-.' i r.-' a'h lr I ■ ivri^i:. " r'm^r hrji-. 4nc|HtLpd *■> Ai.P ■ IT.I-JT'1 I I. Htk OEfMl FLm t LC Z7W _:

ec ;mi-irnpi in4J

nWnfai liwiIHi

■: |l= in '/r'. |>.'I:ELdj; TT.f i ITi 71 Th" r^ih; (W JH411 (Ha 5fff) (Ha FtHi til

't so ti to fi"VF ii i: iii ri n ;o t": ti

:(l >t iL lc lh ii ¡0 H li t! lm is T. 20 u ii Lh 2* Cc E* IP 11 TE E7 td il 71 71 CL -L«

j? n !i ii II bHta 73 ,„■ n pj ;a it '.I 41 1-0 ti it tc ir !l U ill hi '.r. .5

?o is -1 ¡5 t: t:- 35 -0 7h ii- 1l aa t5 b! tt l! l.j ii !l t! 11 i! lb is Eo n j ej .0 VJ ::M;I ■-;

71 liib.ii

4- "Thr .fiir.ii b i"! If t-l oi Mt q*Li i





HTTP 1.0 open s a new TCP conuection for ea ch ftem! but HTTP 1.1 d oes not:, as you can verify at wwWiW3i0rg/Protocols/Activity■lrtme mn addi(ion| this Sniffm d ecode offers a good opportunity to point out the default behavior of most TCPs, to acknowledge every othe r packet.

Now thaty have touched mn all tlce layers of mhe TCP/IP suite to lead mto the addressing soction| I will discuss DHCP. Ffrst there was RARPs then BOOTP, and now DHCP. The yasic cffncept is the samei "Pal^e RARP, for example. It i s used to resolve M AC addresses to IP addresses. It is the opposite of ARP, with which I know you have become pretty comfortable by now. The Bootstrap Protocol (BOO^e wa s developed to a llow diskless workstation s tu obtain I Is information upon bootup. BOO^ spawned DHCP, which is widely used today.

DHCP is not fa^ antomatic becauye someone must configure the server w^h a range of IP Hddrnsses )hcope) and other optional pa-ameters s uch as the mask, gatewa y, DNS server, WINS perverf and so on. Clients request DHCP parameters via Layer 2 and Layer 3 broadcasts to UDP port 637. The server sends messages to the cliert o n U DP port 6b1 However it wo uld defeat the ^rpose of a touter i f it were Pllowed to forward all broadcasts. On the other hand, it is possible for you to open up certain ports for routers to forward via the ip helper-address [ ipaddrsss] command. Request forwarding is also possible via DHCP proxy agents. Figure 3-26 provides examples of the ip helper command. Helpers in effect change the local broadcast destination to a unicast or directed broadcast to reach the DHCP server. Table 3-8 shows DHCP frames that you should capture sometime with a protocol analyzer.

0 0

Post a comment