《TCPIP詳解》是2012年5月機械工業出版社出版的圖書,作者是KevinR.Fall、W.RichardStevens。
基本介紹
- 中文名:TCPIP詳解
- 作者:KevinR.Fall,W.RichardStevens
- ISBN:978-7-111-38228-7
- 出版日期:2012年5月
- 出版社:機械工業出版社
編輯推薦,內容簡介,作者簡介,目錄,
編輯推薦
“我認為本書之所以領先群倫、獨一無二,是源於其對細節的注重和對歷史的關注。書中介紹了計算機網路的背景知識,並提供了解決不斷演變的網路問題的各種方法。本書一直在不懈努力以獲得精確的答案和探索剩餘的問題域。對於致力於完善和保護網際網路運營或探究解決長期存在問題的可選方案的工程師,本書提供的見解將是無價的。作者對當今網際網路技術的全面闡述和透徹分析是值得稱讚的。”
—VintCerf,網際網路先驅
對本書第2版的評論:
本書第1版自1994年出版以來,深受讀者歡迎。但是時至今日,第1版的內容有些已經比較陳舊,而且沒有涉及IPv6。現在,這部世界領先的TCP/IP暢銷書已經被徹底更新,反映了新一代基於TCP/IP的網路技術。這本書仍保留了Stevens卓越的寫作風格,簡明、清晰,並且可以快速找到要點。這本書雖然超過一千頁,但是並不囉嗦,每章解釋一個協定或概念,複雜的TCP被分散到多章。我很欣賞本書的一個地方是每章都描述了已有的針對協定的攻擊方法。如果你必須自己實現這些協定,並且不希望自己和前人一樣遭受同樣的攻擊,這些信息將是無價的。這本書是日常工作中經常和TCP/IP打交道或進行網路軟體開發的人必需的,即使你的工作並不基於IP協定,這本書仍然包含很多你可以用到的好想法。”
——摘自Amazon讀者評論
對本書第1版的讚譽:
這本書必定是TCP/IP開發人員和用戶的聖經。在我拿到本書並開始閱讀的數分鐘內,我就遇到了多個曾經困擾我的同事及我本人許久的難題,Stevens清晰和明確的闡述讓我豁然開朗。他揭秘了此前一些網路專家諱莫如深的許多奧妙。我本人參與過幾年TCP/IP的實現工作,以我的觀點,這本書堪稱目前最詳盡的參考書了。
——RobertA.Ciampa,3COM公司網路工程師
《TCP/IP詳解卷1》對於開發人員、網路管理員以及任何需要理解TCP/IP技術的人來說,都是極好的參考書。內容非常全面,既能提供足夠的技術細節滿足專家的需要,同時也為新手準備了足夠的背景知識和相關註解。
——BobWilliams,NetManage公司行銷副總裁
對本書第2版的評論:
本書第1版自1994年出版以來,深受讀者歡迎。但是時至今日,第1版的內容有些已經比較陳舊,而且沒有涉及IPv6。現在,這部世界領先的TCP/IP暢銷書已經被徹底更新,反映了新一代基於TCP/IP的網路技術。這本書仍保留了Stevens卓越的寫作風格,簡明、清晰,並且可以快速找到要點。這本書雖然超過一千頁,但是並不囉嗦,每章解釋一個協定或概念,複雜的TCP被分散到多章。我很欣賞本書的一個地方是每章都描述了已有的針對協定的攻擊方法。如果你必須自己實現這些協定,並且不希望自己和前人一樣遭受同樣的攻擊,這些信息將是無價的。這本書是日常工作中經常和TCP/IP打交道或進行網路軟體開發的人必需的,即使你的工作並不基於IP協定,這本書仍然包含很多你可以用到的好想法。”
——摘自Amazon讀者評論
對本書第1版的讚譽:
這本書必定是TCP/IP開發人員和用戶的聖經。在我拿到本書並開始閱讀的數分鐘內,我就遇到了多個曾經困擾我的同事及我本人許久的難題,Stevens清晰和明確的闡述讓我豁然開朗。他揭秘了此前一些網路專家諱莫如深的許多奧妙。我本人參與過幾年TCP/IP的實現工作,以我的觀點,這本書堪稱目前最詳盡的參考書了。
——RobertA.Ciampa,3COM公司網路工程師
《TCP/IP詳解卷1》對於開發人員、網路管理員以及任何需要理解TCP/IP技術的人來說,都是極好的參考書。內容非常全面,既能提供足夠的技術細節滿足專家的需要,同時也為新手準備了足夠的背景知識和相關註解。
——BobWilliams,NetManage公司行銷副總裁
內容簡介
《TCP/IP詳解》是已故網路專家、著名技術作家W.RichardStevens的傳世之作,內容詳盡且極具權威,被譽為TCP/IP領域的不朽名著。
本書是《TCP/IP詳解》的第1卷,主要講述TCP/IP協定,結合大量實例講述TCP/IP協定族的定義原因,以及在各種不同的作業系統中的套用及工作方式。第2版在保留Stevens卓越的知識體系和寫作風格的基礎上,新加入的作者KevinR.Fall結合其作為TCP/IP協定研究領域領導者的尖端經驗來更新本書,反映了最新的協定和最佳的實踐方法。首先,他介紹了TCP/IP的核心目標和體系結構概念,展示了它們如何能連線不同的網路和支持多個服務同時運行。接著,他詳細解釋了IPv4和IPv6網路中的網際網路地址。然後,他採用自底向上的方式來介紹TCP/IP的結構和功能:從鏈路層協定(如Ethernet和Wi-Fi),經網路層、傳輸層到套用層。
書中依次全面介紹了ARP、DHCP、NAT、防火牆、ICMPv4/ICMPv6、廣播、多播、UDP、DNS等,並詳細介紹了可靠傳輸和TCP,包括連線管理、逾時、重傳、互動式數據流和擁塞控制。此外,還介紹了安全和加密的基礎知識,闡述了當前用於保護安全和隱私的重要協定,包括EAP、IPsec、TLS、DNSSEC和DKIM。
本書適合任何希望理解TCP/IP協定如何實現的人閱讀,更是TCP/IP領域研究人員和開發人員的權威參考書。無論你是初學者還是功底深厚的網路領域高手,本書都是案頭必備,將幫助你更深入和直觀地理解整個協定族,構建更好的套用和運行更可靠、更高效的網路。
本書特色:
W.RichardStevens傳奇般的TCP/IP指南,現在被頂級網路專家KevinR.Fall更新,反映了新一代的基於TCP/IP的網路技術。
展示每種協定的實際工作原理,並解釋其來龍去脈。
新增加的內容包括RPC、訪問控制、身份認證、隱私保護、NFS、SMB/CIFS、DHCP、NAT、防火牆、電子郵件、Web、Web服務、無線、無線安全等。
本書是《TCP/IP詳解》的第1卷,主要講述TCP/IP協定,結合大量實例講述TCP/IP協定族的定義原因,以及在各種不同的作業系統中的套用及工作方式。第2版在保留Stevens卓越的知識體系和寫作風格的基礎上,新加入的作者KevinR.Fall結合其作為TCP/IP協定研究領域領導者的尖端經驗來更新本書,反映了最新的協定和最佳的實踐方法。首先,他介紹了TCP/IP的核心目標和體系結構概念,展示了它們如何能連線不同的網路和支持多個服務同時運行。接著,他詳細解釋了IPv4和IPv6網路中的網際網路地址。然後,他採用自底向上的方式來介紹TCP/IP的結構和功能:從鏈路層協定(如Ethernet和Wi-Fi),經網路層、傳輸層到套用層。
書中依次全面介紹了ARP、DHCP、NAT、防火牆、ICMPv4/ICMPv6、廣播、多播、UDP、DNS等,並詳細介紹了可靠傳輸和TCP,包括連線管理、逾時、重傳、互動式數據流和擁塞控制。此外,還介紹了安全和加密的基礎知識,闡述了當前用於保護安全和隱私的重要協定,包括EAP、IPsec、TLS、DNSSEC和DKIM。
本書適合任何希望理解TCP/IP協定如何實現的人閱讀,更是TCP/IP領域研究人員和開發人員的權威參考書。無論你是初學者還是功底深厚的網路領域高手,本書都是案頭必備,將幫助你更深入和直觀地理解整個協定族,構建更好的套用和運行更可靠、更高效的網路。
本書特色:
W.RichardStevens傳奇般的TCP/IP指南,現在被頂級網路專家KevinR.Fall更新,反映了新一代的基於TCP/IP的網路技術。
展示每種協定的實際工作原理,並解釋其來龍去脈。
新增加的內容包括RPC、訪問控制、身份認證、隱私保護、NFS、SMB/CIFS、DHCP、NAT、防火牆、電子郵件、Web、Web服務、無線、無線安全等。
作者簡介
KevinR.Fall博士有超過25年的TCP/IP工作經驗,並且是網際網路架構委員會成員。他是網際網路研究任務組中延遲容忍網路研究組(DTNRG)的聯席主席,該組致力於在極端和挑戰性能的環境中探索網路。他是一位IEEE院士。
W.RichardStevens博士(1951—1999)是國際知名的Unix和網路專家,受人尊敬的技術作家和諮詢顧問。他教會了一代網路專業人員使用TCP/IP的技能,使網際網路成為人們日常生活的中心。Stevens於1999年9月1日去世,年僅48歲。在短暫但精彩的人生中,他著有多部經典的傳世之作,包括《TCP/IP詳解》(三卷本)、《UNIX網路編程》(兩卷本)以及《UNIX環境高級編程》。2000年他被國際權威機構Usenix追授“終身成就獎”。
W.RichardStevens博士(1951—1999)是國際知名的Unix和網路專家,受人尊敬的技術作家和諮詢顧問。他教會了一代網路專業人員使用TCP/IP的技能,使網際網路成為人們日常生活的中心。Stevens於1999年9月1日去世,年僅48歲。在短暫但精彩的人生中,他著有多部經典的傳世之作,包括《TCP/IP詳解》(三卷本)、《UNIX網路編程》(兩卷本)以及《UNIX環境高級編程》。2000年他被國際權威機構Usenix追授“終身成就獎”。
目錄
Forewordv
Chapter1
Introduction
1.1
ArchitecturalPrinciples2
1.1.1
Packets,Connections,andDatagrams3
1.1.2The
End-to-EndArgumentandFateSharing6
1.1.3
ErrorControlandFlowControl7
1.2Design andImplementation8
1.2.1
Layering8
1.2.2
Multiplexing,Demultiplexing,andEncapsulationinLayered Implementations 10
1.3The ArchitectureandProtocolsoftheTCP/IPSuite13
1.3.1The
ARPANETReferenceModel13
1.3.2
Multiplexing,Demultiplexing,andEncapsulationinTCP/IP16
1.3.3Port
Numbers17
1.3.4
Names,Addresses,andtheDNS19
1.4
Internets,Intranets,andExtranets19
1.5
DesigningApplications20
1.5.1
Client/Server20
1.5.2
Peer-to-Peer21
1.5.3
ApplicationProgrammingInterfaces(APIs)22
Prefaceto theSecondEditionvii
Adapted PrefacetotheFirstEditionxiii
1.6
StandardizationProcess22
1.6.1
RequestforComments(RFC)23
1.6.2
OtherStandards24
1.7
ImplementationsandSoftwareDistributions24
1.8
AttacksInvolvingtheInternetArchitecture25
1.9
Summary26
1.10
References28
Chapter2
TheInternetAddressArchitecture3
2.1
Introduction31
2.2
ExpressingIPAddresses32
2.3Basic
IPAddressStructure34
2.3.1
CLASSFULAddressing34
2.3.2
SubnetAddressing36
2.3.3
SubnetMasks39
2.3.4
Variable-LengthSubnetMasks(VLSM)41
2.3.5
BroadcastAddresses42
2.3.6IPv6
AddressesandInterfaceIdentifiers43
2.4CIDR
andAggregation46
2.4.1
Prefixes47
2.4.2
Aggregation48
2.5
Special-UseAddresses50
2.5.1
AddressingIPv4/IPv6Translators52
2.5.2
MulticastAddresses53
2.5.3IPv4
MulticastAddresses54
2.5.4IPv6
MulticastAddresses57
2.5.5
ANYCASTAddresses62
2.6
Allocation62
2.6.1
unicast62
2.6.2
Multicast65
2.7
UnicastAddressAssignment65
2.7.1
SingleProvider/NoNetwork/SingleAddress66
2.7.2
SingleProvider/SingleNetwork/SingleAddress67
2.7.3
SingleProvider/MultipleNetworks/MultipleAddresses67
2.7.4
MultipleProviders/MultipleNetworks/MultipleAddresses (Multihoming)68
Contents xvii
2.8
AttacksInvolvingIPAddresses70
2.9
Summary71
2.10
References72
Chapter3
LinkLayer79
3.1
Introduction79
3.2
EthernetandtheIEEE802LAN/MANStandards80
3.2.1The
IEEE802LAN/MANStandards82
3.2.2The
EthernetFrameFormat84
3.2.3
802.1p/q:VirtualLANsandQoSTagging89
3.2.4
802.1AX:LinkAggregation(Formerly802.3ad)92
3.3Full
Duplex,PowerSave,Autonegotiation,and802.1XFlowControl94
3.3.1
Duplexmismatch96
3.3.2
Wake-onLAN(WoL),PowerSaving,andMagicPackets96
3.3.3
Link-LayerFlowControl98
3.4
BridgesandSwitches98
3.4.1
SpanningTreeProtocol(STP)102
3.4.2
802.1ak:MultipleRegistrationProtocol(MRP)111
3.5
WirelessLANs—IEEE802.11(Wi-Fi)111
3.5.1
802.11Frames113
3.5.2
PowerSaveModeandtheTimeSyncFunction(tsf)119
3.5.3
802.11MediaAccessControl120
3.5.4
Physical-LayerDetails:Rates,Channels,andFrequencies123
3.5.5
Wi-FiSecurity129
3.5.6
Wi-FiMesh(802.11s)130
3.6
Point-to-PointProtocol(PPP)130
3.6.1Link
ControlProtocol(LCP)131
3.6.2
MultilinkPPP(MP)137
3.6.3
CompressionControlProtocol(CCP)139
3.6.4PPP
Authentication140
3.6.5
NetworkControlProtocols(NCPs)141
3.6.6
HeaderCompression142
3.6.7
Example143
3.7
Loopback145
3.8MTU
andPathMTU148
3.9
TunnelingBasics149
3.9.1
UnidirectionalLinks153
xviii Contents
3.10
AttacksontheLinkLayer154
3.11
Summary156
3.12
References157
Chapter4
ARP:AddressResolutionProtocol165
4.1
Introduction165
4.2An
Example166
4.2.1
DirectDeliveryandARP167
4.3ARP
Cache169
4.4ARP
FrameFormat170
4.5ARP
Examples171
4.5.1
NormalExample171
4.5.2ARP
RequesttoaNonexistentHost173
4.6ARP
CacheTimeout174
4.7Proxy
ARP174
4.8
gratuitousARPandAddressConflictDetection(ACD)175
4.9Thearp Command177
4.10Using ARPtoSetanEmbeddedDevice’sIPv4Address178
4.11
AttacksInvolvingARP178
4.12
Summary179
4.13
References179
Chapter5
TheInternetProtocol(IP)18
5.1
Introduction181
5.2IPv4 andIPv6Headers183
5.2.1IP HeaderFields183
5.2.2The InternetChecksum186
5.2.3DS FieldandECN(FormerlyCalledtheToSByteorIPv6TrafficClass)188
5.2.4IP Options192
5.3IPv6 ExtensionHeaders194
5.3.1IPv6 Options196
5.3.2
RoutingHeader200
5.3.3
FragmentHeader203
5.4IP Forwarding208
5.4.1
ForwardingTable208
5.4.2IP ForwardingActions209
Contents xix
5.4.3
Examples210
5.4.4
Discussion215
5.5Mobile IP215
5.5.1The BasicModel:BidirectionalTunneling216
5.5.2
RouteOptimization(RO)217
5.5.3Discussion 220
5.6Host
ProcessingofIPDatagrams220
5.6.1Host Models220
5.6.2
AddressSelection222
5.7
AttacksInvolvingIP226
5.8
Summary226
5.9
References228
Chapter6
SystemConfiguration:DHCPandAutoconfiguration233
6.1
Introduction233
6.2Dynamic HostConfigurationProtocol(DHCP)234
6.2.1
AddresspoolsandLeases235
6.2.2DHCP andBOOTPMessageFormat236
6.2.3DHCP andBOOTPOptions238
6.2.4DHCP ProtocolOperation239
6.2.5
DHCPv6252
6.2.6
UsingDHCPwithRelays267
6.2.7DHCP Authentication271
6.2.8
ReconfigureExtension273
6.2.9
RapidCommit273
6.2.10
LocationInformation(LCIandLoST)274
6.2.11
MobilityandHandoffInformation(MoSandANDSF)275
6.2.12
DHCPSnooping276
6.3
statelessAddressAutoconfiguration(slaac)276
6.3.1
DynamicConfigurationofIPv4Link-LocalAddresses276
6.3.2IPv6 SLAACforLink-LocalAddresses276
6.4DHCP andDNSInteraction285
6.5PPP overEthernet(PPPoE)286
6.6
AttacksInvolvingSystemConfiguration292
6.7
Summary292
6.8References
293
xx Contents
Chapter7
FirewallsandNetworkAddressTranslation(NAT)299
7.1
Introduction299
7.2
Firewalls300
7.2.1
Packet-FilteringFirewalls300
7.2.2
ProxyFirewalls301
7.3
NetworkAddressTranslation(NAT)303
7.3.1
TraditionalNAT:BasicNATandNAPT305
7.3.2
AddressandPortTranslationBehavior311
7.3.3
FilteringBehavior313
7.3.4
ServersbehindNATs314
7.3.5
HairpinningandNATLoopback314
7.3.6NAT Editors315
7.3.7
ServiceProviderNAT(SPNAT)andServiceProviderIPv6 Transition 315
7.4NAT Traversal316
7.4.1
PinholesandHolePunching317
7.4.2
unilateralSelf-AddressFixing(UNSAF)317
7.4.3
SessionTraversalUtilitiesforNAT(STUN)319
7.4.4
TraversalUsingRelaysaroundNAT(TURN)326
7.4.5
InteractiveConnectivityEstablishment(ICE)332
7.5
ConfiguringPacket-FilteringFirewallsandNATs334
7.5.1
FirewallRules335
7.5.2NAT Rules337
7.5.3
DirectInteractionwithNATsandFirewalls:UPnP,NAT-PMP, andPCP 338
7.6NAT forIPv4/IPv6coexistenceandTransition339
7.6.1
Dual-StackLite(DS-Lite)339
7.6.2
IPv4/IPv6TranslationUsingNATsandALGs340
7.7
AttacksInvolvingFirewallsandNATs345
7.8
Summary346
7.9
References347
Chapter8
ICMPv4andICMPv6:InternetControlMessageProtocol353
8.1
Introduction353
8.1.1
EncapsulationinIPv4andIPv6354
8.2ICMP Messages355
8.2.1
ICMPv4Messages356
Contents xxi
8.2.2
ICMPv6Messages358
8.2.3
ProcessingofICMPMessages360
8.3ICMP ErrorMessages361
8.3.1
ExtendedICMPandMultipartMessages363
8.3.2
DestinationUnreachable(ICMPv4Type3,ICMPv6Type1) andPacket TooBig(ICMPv6Type2)364
8.3.3
Redirect(ICMPv4Type5,ICMPv6Type137)372
8.3.4ICMP
TimeExceeded(ICMPv4Type11,ICMPv6Type3)375
8.3.5
ParameterProblem(ICMPv4Type12,ICMPv6Type4)379
8.4ICMP Query/InformationalMessages380
8.4.1Echo Request/Reply(ping)(ICMPv4Types0/8,ICMPv6Types 129/128) 380
8.4.2
RouterDiscovery:RouterSolicitationandAdvertisement (ICMPv4 Types9,10)383
8.4.3Home AgentAddressDiscoveryRequest/Reply(ICMPv6Types 144/145) 386
8.4.4
MobilePrefixSolicitation/Advertisement(ICMPv6Types146/147)387
8.4.5
MobileIPv6FastHandoverMessages(ICMPv6Type154)388
8.4.6
MulticastListenerQuery/Report/Done(ICMPv6Types 130/131/132) 388
8.4.7
Version2MulticastListenerDiscovery(MLDv2)(ICMPv6 Type143) 390
8.4.8
MulticastRouterDiscovery(MRD)(IGMPTypes48/49/50, ICMPv6 Types151/152/153)394
8.5
neighborDiscoveryinIPv6395
8.5.1
ICMPv6RouterSolicitationandAdvertisement(ICMPv6Types 133,134) 396
8.5.2
ICMPv6NeighborSolicitationandAdvertisement(IMCPv6Types 135,136) 398
8.5.3
ICMPv6InverseNeighborDiscoverySolicitation/Advertisement (ICMPv6 Types141/142)401
8.5.4
NeighborUnreachabilityDetection(NUD)402
8.5.5
SecureNeighborDiscovery(SEND)403
8.5.6
ICMPv6NeighborDiscovery(ND)Options407
8.6
TranslatingICMPv4andICMPv6424
8.6.1
TranslatingICMPv4toICMPv6424
8.6.2
TranslatingICMPv6toICMPv4426
8.7
AttacksInvolvingICMP428
xxii Contents
8.8
Summary430
8.9
References430
Chapter9
BroadcastingandLocalMulticasting(IGMPandMLD)435
9.1
Introduction435
9.2
Broadcasting436
9.2.1
UsingBroadcastAddresses437
9.2.2
SendingBroadcastDatagrams439
9.3
Multicasting441
9.3.1
ConvertingIPMulticastAddressesto802MAC/EthernetAddresses442
9.3.2
Examples444
9.3.3
SendingMulticastDatagrams446
9.3.4
ReceivingMulticastDatagrams447
9.3.5Host
AddressFiltering449
9.4The
InternetGroupManagementProtocol(IGMP)andMulticastListener Discovery Protocol(MLD)451
9.4.1IGMP andMLDProcessingbyGroupMembers(“Group Member Part”)454
9.4.2IGMP andMLDProcessingbyMulticastRouters(“Multicast Router Part”)457
9.4.3
Examples459
9.4.4
LightweightIGMPv3andMLDv2464
9.4.5IGMP andMLDRobustness465
9.4.6IGMP andMLDCountersandVariables467
9.4.7IGMP andMLDSnooping468
9.5
AttacksInvolvingIGMPandMLD469
9.6
Summary470
9.7
References471
Chapter10
UserDatagramProtocol(UDP)andIPFragmentation473
10.1Introduction 473
10.2UDP
Header474
10.3UDP
Checksum475
10.4
Examples478
10.5UDP
andIPv6481
10.5.1
teredo:TunnelingIPv6throughIPv4Networks482
Contents xxiii
10.6
UDP-Lite487
10.7IP Fragmentation488
10.7.1
Example:UDP/IPv4Fragmentation488
10.7.2
ReassemblyTimeout492
10.8Path MTUDiscoverywithUDP493
10.8.1
Example493
10.9
InteractionbetweenIPFragmentationandARP/ND496
10.10
MaximumUDPDatagramSize497
10.10.1
ImplementationLimitations497
10.10.2
DatagramTruncation498
10.11UDP ServerDesign498
10.11.1IP AddressesandUDPPortNumbers499
10.11.2
RestrictingLocalIPAddresses500
10.11.3
UsingMultipleAddresses501
10.11.4
RestrictingForeignIPAddress502
10.11.5
UsingMultipleServersperPort503
10.11.6
SpanningAddressFamilies:IPv4andIPv6504
10.11.7
LackofFlowandCongestionControl505
10.12
TranslatingUDP/IPv4andUDP/IPv6Datagrams505
10.13UDP intheInternet506
10.14
AttacksInvolvingUDPandIPFragmentation507
10.15
Summary508
10.16
References508
Chapter11
NameResolutionandtheDomainNameSystem(DNS)51
11.1
Introduction511
11.2The DNSNameSpace512
11.2.1DNS NamingSyntax514
11.3Name ServersandZones516
11.4
Caching517
11.5The DNSProtocol518
11.5.1DNS MessageFormat520
11.5.2The DNSExtensionFormat(EDNS0)524
11.5.3UDP orTCP525
11.5.4
Question(Query)andZoneSectionFormat526
11.5.5
Answer,Authority,andAdditionalInformationSectionFormats526
11.5.6
ResourceRecordTypes527
xxiv Contents
11.5.7
DynamicUpdates(DNSUPDATE)555
11.5.8
ZoneTransfersandDNSNOTIFY558
11.6Sort Lists,Round-Robin,andSplitDNS565
11.7Open DNSServersandDynDNS567
11.8
TransparencyandExtensibility567
11.9
TranslatingDNSfromIPv4toIPv6(DNS64)568
11.10
LLMNRandmdns569
11.11LDAP 570
11.12
AttacksontheDNS571
11.13
Summary572
11.14
References573
Chapter12
TCP:TheTransmissionControlProtocol(Preliminaries)579
12.1
Introduction579
12.1.1ARQ andRetransmission580
12.1.2
WindowsofPacketsandSlidingWindows581
12.1.3
VariableWindows:FlowControlandCongestionControl583
12.1.4
SettingtheRetransmissionTimeout584
12.2
IntroductiontoTCP584
12.2.1The
TCPServiceModel585
12.2.2
ReliabilityinTCP586
12.3TCP HeaderandEncapsulation587
12.4
Summary591
12.5
References591
Chapter13
TCPConnectionManagement595
13.1
Introduction595
13.2TCP ConnectionEstablishmentandTermination595
13.2.1TCP Half-Close598
13.2.2
SimultaneousOpenandClose599
13.2.3
InitialSequenceNumber(ISN)601
13.2.4
Example602
13.2.5
TimeoutofConnectionEstablishment604
13.2.6
ConnectionsandTranslators605
13.3TCP Options605
13.3.1
MaximumSegmentSize(MSS)Option606
Contents xxv
13.3.2
SelectiveAcknowledgment(SACK)Options607
13.3.3
WindowScale(WSCALEorWSOPT)Option608
13.3.4
TimestampsOptionandProtectionagainstWrapped Sequence Numbers(PAWS)608
13.3.5
UserTimeout(UTO)Option611
13.3.6
AuthenticationOption(TCP-AO)612
13.4Path MTUDiscoverywithTCP612
13.4.1Example 613
13.5TCP StateTransitions616
13.5.1TCP StateTransitionDiagram617
13.5.2
TIME_WAIT(2MSLWait)State618
13.5.3
QuietTimeConcept624
13.5.4
FIN_WAIT_2State625
13.5.5
SimultaneousOpenandCloseTransitions625
13.6Reset Segments625
13.6.1
ConnectionRequesttoNonexistentPort626
13.6.2
AbortingaConnection627
13.6.3
Half-OpenConnections628
13.6.4
TIME-WAITAssassination(TWA)630
13.7TCP ServerOperation631
13.7.1TCP PortNumbers632
13.7.2
RestrictingLocalIPAddresses634
13.7.3
RestrictingForeignEndpoints635
13.7.4
incomingConnectionQueue636
13.8
AttacksInvolvingTCPConnectionManagement640
13.9
Summary642
13.10
References643
Chapter14
TCPTimeoutandRetransmission647
14.1
Introduction647
14.2
SimpleTimeoutandRetransmissionExample648
14.3
SettingtheRetransmissionTimeout(RTO)651
14.3.1The ClassicMethod651
14.3.2The StandardMethod652
14.3.3The LinuxMethod657
14.3.4RTT EstimatorBehaviors661
14.3.5
RTTMRobustnesstoLossandReordering662
xxvi Contents
14.4
Timer-BasedRetransmission664
14.4.1
Example665
14.5Fast Retransmit667
14.5.1
Example668
14.6
RetransmissionwithSelectiveAcknowledgments671
14.6.1
SACKReceiverBehavior672
14.6.2
SACKSenderBehavior673
14.6.3
Example673
14.7
spuriousTimeoutsandRetransmissions677
14.7.1
DuplicateSACK(DSACK)Extension677
14.7.2The EifelDetectionAlgorithm679
14.7.3
Forward-RTORecovery(F-RTO)680
14.7.4The EifelResponseAlgorithm680
14.8
PacketReorderingandDuplication682
14.8.1
Reordering682
14.8.2
Duplication684
14.9
DestinationMetrics685
14.10
Repacketization686
14.11
AttacksInvolvingTCPRetransmission687
14.12
Summary688
14.13
References689
Chapter15
TCPDataFlowandWindowManagement69
15.1
Introduction691
15.2
InteractiveCommunication692
15.3
DelayedAcknowledgments695
15.4Nagle Algorithm696
15.4.1
DelayedACKandNagleAlgorithmInteraction699
15.4.2
DisablingtheNagleAlgorithm699
15.5Flow ControlandWindowManagement700
15.5.1
SlidingWindows701
15.5.2
ZeroWindowsandtheTCPPersistTimer704
15.5.3
SillyWindowSyndrome(SWS)708
15.5.4
LargeBuffersandAuto-Tuning715
15.6
UrgentMechanism719
15.6.1
Example720
15.7
AttacksInvolvingWindowManagement723
Contentsxxvii
15.8
Summary723
15.9
References724
Chapter16
TCPCongestionControl727
16.1
Introduction727
16.1.1
DetectionofCongestioninTCP728
16.1.2
SlowingDownaTCPSender729
16.2The ClassicAlgorithms730
16.2.1
SlowStart732
16.2.2
CongestionAvoidance734
16.2.3
SelectingbetweenSlowStartandCongestionAvoidance736
16.2.4
Tahoe,Reno,andFastRecovery737
16.2.5
StandardTCP738
16.3
EvolutionoftheStandardAlgorithms739
16.3.1
Newreno739
16.3.2TCP CongestionControlwithSACK740
16.3.3
ForwardAcknowledgment(FACK)andRateHalving741
16.3.4
LimitedTransmit742
16.3.5
CongestionWindowValidation(CWV)742
16.4
HandlingSpuriousRTOs—theEifelResponseAlgorithm744
16.5An ExtendedExample745
16.5.1
SlowStartBehavior749
16.5.2
SenderPauseandLocalCongestion(Event1)750
16.5.3
StretchACKsandRecoveryfromLocalCongestion754
16.5.4
FastRetransmissionandSACKRecovery(Event2)757
16.5.5
AdditionalLocalCongestionandFastRetransmitEvents759
16.5.6
Timeouts,Retransmissions,andundoingcwndChanges762
16.5.7
ConnectionCompletion766
16.6
SharingCongestionState767
16.7TCP Friendliness768
16.8TCP inHigh-SpeedEnvironments770
16.8.1
HighSpeedTCP(HSTCP)andLimitedSlowStart770
16.8.2
BinaryIncreaseCongestionControl(BICandCUBIC)772
Chapter1
Introduction
1.1
ArchitecturalPrinciples2
1.1.1
Packets,Connections,andDatagrams3
1.1.2The
End-to-EndArgumentandFateSharing6
1.1.3
ErrorControlandFlowControl7
1.2Design andImplementation8
1.2.1
Layering8
1.2.2
Multiplexing,Demultiplexing,andEncapsulationinLayered Implementations 10
1.3The ArchitectureandProtocolsoftheTCP/IPSuite13
1.3.1The
ARPANETReferenceModel13
1.3.2
Multiplexing,Demultiplexing,andEncapsulationinTCP/IP16
1.3.3Port
Numbers17
1.3.4
Names,Addresses,andtheDNS19
1.4
Internets,Intranets,andExtranets19
1.5
DesigningApplications20
1.5.1
Client/Server20
1.5.2
Peer-to-Peer21
1.5.3
ApplicationProgrammingInterfaces(APIs)22
Prefaceto theSecondEditionvii
Adapted PrefacetotheFirstEditionxiii
1.6
StandardizationProcess22
1.6.1
RequestforComments(RFC)23
1.6.2
OtherStandards24
1.7
ImplementationsandSoftwareDistributions24
1.8
AttacksInvolvingtheInternetArchitecture25
1.9
Summary26
1.10
References28
Chapter2
TheInternetAddressArchitecture3
2.1
Introduction31
2.2
ExpressingIPAddresses32
2.3Basic
IPAddressStructure34
2.3.1
CLASSFULAddressing34
2.3.2
SubnetAddressing36
2.3.3
SubnetMasks39
2.3.4
Variable-LengthSubnetMasks(VLSM)41
2.3.5
BroadcastAddresses42
2.3.6IPv6
AddressesandInterfaceIdentifiers43
2.4CIDR
andAggregation46
2.4.1
Prefixes47
2.4.2
Aggregation48
2.5
Special-UseAddresses50
2.5.1
AddressingIPv4/IPv6Translators52
2.5.2
MulticastAddresses53
2.5.3IPv4
MulticastAddresses54
2.5.4IPv6
MulticastAddresses57
2.5.5
ANYCASTAddresses62
2.6
Allocation62
2.6.1
unicast62
2.6.2
Multicast65
2.7
UnicastAddressAssignment65
2.7.1
SingleProvider/NoNetwork/SingleAddress66
2.7.2
SingleProvider/SingleNetwork/SingleAddress67
2.7.3
SingleProvider/MultipleNetworks/MultipleAddresses67
2.7.4
MultipleProviders/MultipleNetworks/MultipleAddresses (Multihoming)68
Contents xvii
2.8
AttacksInvolvingIPAddresses70
2.9
Summary71
2.10
References72
Chapter3
LinkLayer79
3.1
Introduction79
3.2
EthernetandtheIEEE802LAN/MANStandards80
3.2.1The
IEEE802LAN/MANStandards82
3.2.2The
EthernetFrameFormat84
3.2.3
802.1p/q:VirtualLANsandQoSTagging89
3.2.4
802.1AX:LinkAggregation(Formerly802.3ad)92
3.3Full
Duplex,PowerSave,Autonegotiation,and802.1XFlowControl94
3.3.1
Duplexmismatch96
3.3.2
Wake-onLAN(WoL),PowerSaving,andMagicPackets96
3.3.3
Link-LayerFlowControl98
3.4
BridgesandSwitches98
3.4.1
SpanningTreeProtocol(STP)102
3.4.2
802.1ak:MultipleRegistrationProtocol(MRP)111
3.5
WirelessLANs—IEEE802.11(Wi-Fi)111
3.5.1
802.11Frames113
3.5.2
PowerSaveModeandtheTimeSyncFunction(tsf)119
3.5.3
802.11MediaAccessControl120
3.5.4
Physical-LayerDetails:Rates,Channels,andFrequencies123
3.5.5
Wi-FiSecurity129
3.5.6
Wi-FiMesh(802.11s)130
3.6
Point-to-PointProtocol(PPP)130
3.6.1Link
ControlProtocol(LCP)131
3.6.2
MultilinkPPP(MP)137
3.6.3
CompressionControlProtocol(CCP)139
3.6.4PPP
Authentication140
3.6.5
NetworkControlProtocols(NCPs)141
3.6.6
HeaderCompression142
3.6.7
Example143
3.7
Loopback145
3.8MTU
andPathMTU148
3.9
TunnelingBasics149
3.9.1
UnidirectionalLinks153
xviii Contents
3.10
AttacksontheLinkLayer154
3.11
Summary156
3.12
References157
Chapter4
ARP:AddressResolutionProtocol165
4.1
Introduction165
4.2An
Example166
4.2.1
DirectDeliveryandARP167
4.3ARP
Cache169
4.4ARP
FrameFormat170
4.5ARP
Examples171
4.5.1
NormalExample171
4.5.2ARP
RequesttoaNonexistentHost173
4.6ARP
CacheTimeout174
4.7Proxy
ARP174
4.8
gratuitousARPandAddressConflictDetection(ACD)175
4.9Thearp Command177
4.10Using ARPtoSetanEmbeddedDevice’sIPv4Address178
4.11
AttacksInvolvingARP178
4.12
Summary179
4.13
References179
Chapter5
TheInternetProtocol(IP)18
5.1
Introduction181
5.2IPv4 andIPv6Headers183
5.2.1IP HeaderFields183
5.2.2The InternetChecksum186
5.2.3DS FieldandECN(FormerlyCalledtheToSByteorIPv6TrafficClass)188
5.2.4IP Options192
5.3IPv6 ExtensionHeaders194
5.3.1IPv6 Options196
5.3.2
RoutingHeader200
5.3.3
FragmentHeader203
5.4IP Forwarding208
5.4.1
ForwardingTable208
5.4.2IP ForwardingActions209
Contents xix
5.4.3
Examples210
5.4.4
Discussion215
5.5Mobile IP215
5.5.1The BasicModel:BidirectionalTunneling216
5.5.2
RouteOptimization(RO)217
5.5.3Discussion 220
5.6Host
ProcessingofIPDatagrams220
5.6.1Host Models220
5.6.2
AddressSelection222
5.7
AttacksInvolvingIP226
5.8
Summary226
5.9
References228
Chapter6
SystemConfiguration:DHCPandAutoconfiguration233
6.1
Introduction233
6.2Dynamic HostConfigurationProtocol(DHCP)234
6.2.1
AddresspoolsandLeases235
6.2.2DHCP andBOOTPMessageFormat236
6.2.3DHCP andBOOTPOptions238
6.2.4DHCP ProtocolOperation239
6.2.5
DHCPv6252
6.2.6
UsingDHCPwithRelays267
6.2.7DHCP Authentication271
6.2.8
ReconfigureExtension273
6.2.9
RapidCommit273
6.2.10
LocationInformation(LCIandLoST)274
6.2.11
MobilityandHandoffInformation(MoSandANDSF)275
6.2.12
DHCPSnooping276
6.3
statelessAddressAutoconfiguration(slaac)276
6.3.1
DynamicConfigurationofIPv4Link-LocalAddresses276
6.3.2IPv6 SLAACforLink-LocalAddresses276
6.4DHCP andDNSInteraction285
6.5PPP overEthernet(PPPoE)286
6.6
AttacksInvolvingSystemConfiguration292
6.7
Summary292
6.8References
293
xx Contents
Chapter7
FirewallsandNetworkAddressTranslation(NAT)299
7.1
Introduction299
7.2
Firewalls300
7.2.1
Packet-FilteringFirewalls300
7.2.2
ProxyFirewalls301
7.3
NetworkAddressTranslation(NAT)303
7.3.1
TraditionalNAT:BasicNATandNAPT305
7.3.2
AddressandPortTranslationBehavior311
7.3.3
FilteringBehavior313
7.3.4
ServersbehindNATs314
7.3.5
HairpinningandNATLoopback314
7.3.6NAT Editors315
7.3.7
ServiceProviderNAT(SPNAT)andServiceProviderIPv6 Transition 315
7.4NAT Traversal316
7.4.1
PinholesandHolePunching317
7.4.2
unilateralSelf-AddressFixing(UNSAF)317
7.4.3
SessionTraversalUtilitiesforNAT(STUN)319
7.4.4
TraversalUsingRelaysaroundNAT(TURN)326
7.4.5
InteractiveConnectivityEstablishment(ICE)332
7.5
ConfiguringPacket-FilteringFirewallsandNATs334
7.5.1
FirewallRules335
7.5.2NAT Rules337
7.5.3
DirectInteractionwithNATsandFirewalls:UPnP,NAT-PMP, andPCP 338
7.6NAT forIPv4/IPv6coexistenceandTransition339
7.6.1
Dual-StackLite(DS-Lite)339
7.6.2
IPv4/IPv6TranslationUsingNATsandALGs340
7.7
AttacksInvolvingFirewallsandNATs345
7.8
Summary346
7.9
References347
Chapter8
ICMPv4andICMPv6:InternetControlMessageProtocol353
8.1
Introduction353
8.1.1
EncapsulationinIPv4andIPv6354
8.2ICMP Messages355
8.2.1
ICMPv4Messages356
Contents xxi
8.2.2
ICMPv6Messages358
8.2.3
ProcessingofICMPMessages360
8.3ICMP ErrorMessages361
8.3.1
ExtendedICMPandMultipartMessages363
8.3.2
DestinationUnreachable(ICMPv4Type3,ICMPv6Type1) andPacket TooBig(ICMPv6Type2)364
8.3.3
Redirect(ICMPv4Type5,ICMPv6Type137)372
8.3.4ICMP
TimeExceeded(ICMPv4Type11,ICMPv6Type3)375
8.3.5
ParameterProblem(ICMPv4Type12,ICMPv6Type4)379
8.4ICMP Query/InformationalMessages380
8.4.1Echo Request/Reply(ping)(ICMPv4Types0/8,ICMPv6Types 129/128) 380
8.4.2
RouterDiscovery:RouterSolicitationandAdvertisement (ICMPv4 Types9,10)383
8.4.3Home AgentAddressDiscoveryRequest/Reply(ICMPv6Types 144/145) 386
8.4.4
MobilePrefixSolicitation/Advertisement(ICMPv6Types146/147)387
8.4.5
MobileIPv6FastHandoverMessages(ICMPv6Type154)388
8.4.6
MulticastListenerQuery/Report/Done(ICMPv6Types 130/131/132) 388
8.4.7
Version2MulticastListenerDiscovery(MLDv2)(ICMPv6 Type143) 390
8.4.8
MulticastRouterDiscovery(MRD)(IGMPTypes48/49/50, ICMPv6 Types151/152/153)394
8.5
neighborDiscoveryinIPv6395
8.5.1
ICMPv6RouterSolicitationandAdvertisement(ICMPv6Types 133,134) 396
8.5.2
ICMPv6NeighborSolicitationandAdvertisement(IMCPv6Types 135,136) 398
8.5.3
ICMPv6InverseNeighborDiscoverySolicitation/Advertisement (ICMPv6 Types141/142)401
8.5.4
NeighborUnreachabilityDetection(NUD)402
8.5.5
SecureNeighborDiscovery(SEND)403
8.5.6
ICMPv6NeighborDiscovery(ND)Options407
8.6
TranslatingICMPv4andICMPv6424
8.6.1
TranslatingICMPv4toICMPv6424
8.6.2
TranslatingICMPv6toICMPv4426
8.7
AttacksInvolvingICMP428
xxii Contents
8.8
Summary430
8.9
References430
Chapter9
BroadcastingandLocalMulticasting(IGMPandMLD)435
9.1
Introduction435
9.2
Broadcasting436
9.2.1
UsingBroadcastAddresses437
9.2.2
SendingBroadcastDatagrams439
9.3
Multicasting441
9.3.1
ConvertingIPMulticastAddressesto802MAC/EthernetAddresses442
9.3.2
Examples444
9.3.3
SendingMulticastDatagrams446
9.3.4
ReceivingMulticastDatagrams447
9.3.5Host
AddressFiltering449
9.4The
InternetGroupManagementProtocol(IGMP)andMulticastListener Discovery Protocol(MLD)451
9.4.1IGMP andMLDProcessingbyGroupMembers(“Group Member Part”)454
9.4.2IGMP andMLDProcessingbyMulticastRouters(“Multicast Router Part”)457
9.4.3
Examples459
9.4.4
LightweightIGMPv3andMLDv2464
9.4.5IGMP andMLDRobustness465
9.4.6IGMP andMLDCountersandVariables467
9.4.7IGMP andMLDSnooping468
9.5
AttacksInvolvingIGMPandMLD469
9.6
Summary470
9.7
References471
Chapter10
UserDatagramProtocol(UDP)andIPFragmentation473
10.1Introduction 473
10.2UDP
Header474
10.3UDP
Checksum475
10.4
Examples478
10.5UDP
andIPv6481
10.5.1
teredo:TunnelingIPv6throughIPv4Networks482
Contents xxiii
10.6
UDP-Lite487
10.7IP Fragmentation488
10.7.1
Example:UDP/IPv4Fragmentation488
10.7.2
ReassemblyTimeout492
10.8Path MTUDiscoverywithUDP493
10.8.1
Example493
10.9
InteractionbetweenIPFragmentationandARP/ND496
10.10
MaximumUDPDatagramSize497
10.10.1
ImplementationLimitations497
10.10.2
DatagramTruncation498
10.11UDP ServerDesign498
10.11.1IP AddressesandUDPPortNumbers499
10.11.2
RestrictingLocalIPAddresses500
10.11.3
UsingMultipleAddresses501
10.11.4
RestrictingForeignIPAddress502
10.11.5
UsingMultipleServersperPort503
10.11.6
SpanningAddressFamilies:IPv4andIPv6504
10.11.7
LackofFlowandCongestionControl505
10.12
TranslatingUDP/IPv4andUDP/IPv6Datagrams505
10.13UDP intheInternet506
10.14
AttacksInvolvingUDPandIPFragmentation507
10.15
Summary508
10.16
References508
Chapter11
NameResolutionandtheDomainNameSystem(DNS)51
11.1
Introduction511
11.2The DNSNameSpace512
11.2.1DNS NamingSyntax514
11.3Name ServersandZones516
11.4
Caching517
11.5The DNSProtocol518
11.5.1DNS MessageFormat520
11.5.2The DNSExtensionFormat(EDNS0)524
11.5.3UDP orTCP525
11.5.4
Question(Query)andZoneSectionFormat526
11.5.5
Answer,Authority,andAdditionalInformationSectionFormats526
11.5.6
ResourceRecordTypes527
xxiv Contents
11.5.7
DynamicUpdates(DNSUPDATE)555
11.5.8
ZoneTransfersandDNSNOTIFY558
11.6Sort Lists,Round-Robin,andSplitDNS565
11.7Open DNSServersandDynDNS567
11.8
TransparencyandExtensibility567
11.9
TranslatingDNSfromIPv4toIPv6(DNS64)568
11.10
LLMNRandmdns569
11.11LDAP 570
11.12
AttacksontheDNS571
11.13
Summary572
11.14
References573
Chapter12
TCP:TheTransmissionControlProtocol(Preliminaries)579
12.1
Introduction579
12.1.1ARQ andRetransmission580
12.1.2
WindowsofPacketsandSlidingWindows581
12.1.3
VariableWindows:FlowControlandCongestionControl583
12.1.4
SettingtheRetransmissionTimeout584
12.2
IntroductiontoTCP584
12.2.1The
TCPServiceModel585
12.2.2
ReliabilityinTCP586
12.3TCP HeaderandEncapsulation587
12.4
Summary591
12.5
References591
Chapter13
TCPConnectionManagement595
13.1
Introduction595
13.2TCP ConnectionEstablishmentandTermination595
13.2.1TCP Half-Close598
13.2.2
SimultaneousOpenandClose599
13.2.3
InitialSequenceNumber(ISN)601
13.2.4
Example602
13.2.5
TimeoutofConnectionEstablishment604
13.2.6
ConnectionsandTranslators605
13.3TCP Options605
13.3.1
MaximumSegmentSize(MSS)Option606
Contents xxv
13.3.2
SelectiveAcknowledgment(SACK)Options607
13.3.3
WindowScale(WSCALEorWSOPT)Option608
13.3.4
TimestampsOptionandProtectionagainstWrapped Sequence Numbers(PAWS)608
13.3.5
UserTimeout(UTO)Option611
13.3.6
AuthenticationOption(TCP-AO)612
13.4Path MTUDiscoverywithTCP612
13.4.1Example 613
13.5TCP StateTransitions616
13.5.1TCP StateTransitionDiagram617
13.5.2
TIME_WAIT(2MSLWait)State618
13.5.3
QuietTimeConcept624
13.5.4
FIN_WAIT_2State625
13.5.5
SimultaneousOpenandCloseTransitions625
13.6Reset Segments625
13.6.1
ConnectionRequesttoNonexistentPort626
13.6.2
AbortingaConnection627
13.6.3
Half-OpenConnections628
13.6.4
TIME-WAITAssassination(TWA)630
13.7TCP ServerOperation631
13.7.1TCP PortNumbers632
13.7.2
RestrictingLocalIPAddresses634
13.7.3
RestrictingForeignEndpoints635
13.7.4
incomingConnectionQueue636
13.8
AttacksInvolvingTCPConnectionManagement640
13.9
Summary642
13.10
References643
Chapter14
TCPTimeoutandRetransmission647
14.1
Introduction647
14.2
SimpleTimeoutandRetransmissionExample648
14.3
SettingtheRetransmissionTimeout(RTO)651
14.3.1The ClassicMethod651
14.3.2The StandardMethod652
14.3.3The LinuxMethod657
14.3.4RTT EstimatorBehaviors661
14.3.5
RTTMRobustnesstoLossandReordering662
xxvi Contents
14.4
Timer-BasedRetransmission664
14.4.1
Example665
14.5Fast Retransmit667
14.5.1
Example668
14.6
RetransmissionwithSelectiveAcknowledgments671
14.6.1
SACKReceiverBehavior672
14.6.2
SACKSenderBehavior673
14.6.3
Example673
14.7
spuriousTimeoutsandRetransmissions677
14.7.1
DuplicateSACK(DSACK)Extension677
14.7.2The EifelDetectionAlgorithm679
14.7.3
Forward-RTORecovery(F-RTO)680
14.7.4The EifelResponseAlgorithm680
14.8
PacketReorderingandDuplication682
14.8.1
Reordering682
14.8.2
Duplication684
14.9
DestinationMetrics685
14.10
Repacketization686
14.11
AttacksInvolvingTCPRetransmission687
14.12
Summary688
14.13
References689
Chapter15
TCPDataFlowandWindowManagement69
15.1
Introduction691
15.2
InteractiveCommunication692
15.3
DelayedAcknowledgments695
15.4Nagle Algorithm696
15.4.1
DelayedACKandNagleAlgorithmInteraction699
15.4.2
DisablingtheNagleAlgorithm699
15.5Flow ControlandWindowManagement700
15.5.1
SlidingWindows701
15.5.2
ZeroWindowsandtheTCPPersistTimer704
15.5.3
SillyWindowSyndrome(SWS)708
15.5.4
LargeBuffersandAuto-Tuning715
15.6
UrgentMechanism719
15.6.1
Example720
15.7
AttacksInvolvingWindowManagement723
Contentsxxvii
15.8
Summary723
15.9
References724
Chapter16
TCPCongestionControl727
16.1
Introduction727
16.1.1
DetectionofCongestioninTCP728
16.1.2
SlowingDownaTCPSender729
16.2The ClassicAlgorithms730
16.2.1
SlowStart732
16.2.2
CongestionAvoidance734
16.2.3
SelectingbetweenSlowStartandCongestionAvoidance736
16.2.4
Tahoe,Reno,andFastRecovery737
16.2.5
StandardTCP738
16.3
EvolutionoftheStandardAlgorithms739
16.3.1
Newreno739
16.3.2TCP CongestionControlwithSACK740
16.3.3
ForwardAcknowledgment(FACK)andRateHalving741
16.3.4
LimitedTransmit742
16.3.5
CongestionWindowValidation(CWV)742
16.4
HandlingSpuriousRTOs—theEifelResponseAlgorithm744
16.5An ExtendedExample745
16.5.1
SlowStartBehavior749
16.5.2
SenderPauseandLocalCongestion(Event1)750
16.5.3
StretchACKsandRecoveryfromLocalCongestion754
16.5.4
FastRetransmissionandSACKRecovery(Event2)757
16.5.5
AdditionalLocalCongestionandFastRetransmitEvents759
16.5.6
Timeouts,Retransmissions,andundoingcwndChanges762
16.5.7
ConnectionCompletion766
16.6
SharingCongestionState767
16.7TCP Friendliness768
16.8TCP inHigh-SpeedEnvironments770
16.8.1
HighSpeedTCP(HSTCP)andLimitedSlowStart770
16.8.2
BinaryIncreaseCongestionControl(BICandCUBIC)772
16.9 Delay-BasedCongestionControl777
16.9.1
Vegas777
16.9.2
FAST778
xxviii Contents
16.9.3TCP WestwoodandWestwood+779
16.9.4
CompoundTCP779
16.10
Bufferbloat781
16.11
ActiveQueueManagementandECN782
16.12
AttacksInvolvingTCPCongestionControl785
16.13
Summary786
16.14
References788
Chapter17
TCPKeepalive793
17.1
Introduction793
17.2
Description795
17.2.1
KeepaliveExamples797
17.3
AttacksInvolvingTCPKeepalives802
17.4
Summary802
17.5
References803
Chapter18
Security:EAP,IPsec,TLS,DNSSEC,andDKIM805
18.1
Introduction805
18.2Basic PrinciplesofInformationSecurity806
18.3
ThreatstoNetworkCommunication807
18.4Basic cryptographyandSecurityMechanisms809
18.4.1
Cryptosystems809
18.4.2
Rivest,Shamir,andAdleman(RSA)PublicKeyCryptography812
18.4.3
Diffie-Hellman-MerkleKeyAgreement(akaDiffie-HellmanorDH)813
18.4.4
SigncryptionandEllipticCurveCryptography(ECC)814
18.4.5Key DerivationandPerfectForwardSecrecy(PFS)815
18.4.6
PseudorandomNumbers,Generators,andFunctionFamilies815
18.4.7
NoncesandSalt816
18.4.8
CryptographicHashFunctionsandMessageDigests817
18.4.9
MessageAuthenticationCodes(MACs,HMAC,CMAC,andGMAC)818
18.4.10Cryptographic SuitesandCipherSuites819
18.5
Certificates,CertificateAuthorities(CAs),andPKIs821
18.5.1
PublicKeyCertificates,CertificateAuthorities,andX.509822
18.5.2
ValidatingandRevokingCertificates828
18.5.3
AttributeCertificates831
Contents xxix
18.6
TCP/IPSecurityProtocolsandLayering832
18.7
NetworkAccessControl:802.1X,802.1AE,EAP,andPANA833
18.7.1EAP MethodsandKeyDerivation837
18.7.2The EAPRe-authenticationProtocol(ERP)839
18.7.3
ProtocolforCarryingAuthenticationforNetworkAccess(PANA)839
18.8Layer 3IPSecurity(IPsec)840
18.8.1
InternetKeyExchange(IKEv2)Protocol842
18.8.2
AuthenticationHeader(AH)854
18.8.3
EncapsulatingSecurityPayload(ESP)858
18.8.4Multicast 864
18.8.5
L2TP/IPsec865
18.8.6
IPsecNATTraversal865
18.8.7
Example867
18.9
TransportLayerSecurity(TLSandDTLS)876
18.9.1TLS 1.2877
18.9.2TLS withDatagrams(DTLS)891
18.10DNS Security(DNSSEC)894
18.10.1
DNSSECResourceRecords896
18.10.2
DNSSECOperation902
18.10.3
TransactionAuthentication(TSIG,TKEY,andSIG(0))911
18.10.4
DNSSECwithDNS64915
18.11
DomainKeysIdentifiedMail(DKIM)915
18.11.1
DKIMSignatures916
18.11.2
Example916
18.12
AttacksonSecurityProtocols918
18.13
Summary919
18.14
References922
Glossary ofAcronyms933
Index963
16.9.1
Vegas777
16.9.2
FAST778
xxviii Contents
16.9.3TCP WestwoodandWestwood+779
16.9.4
CompoundTCP779
16.10
Bufferbloat781
16.11
ActiveQueueManagementandECN782
16.12
AttacksInvolvingTCPCongestionControl785
16.13
Summary786
16.14
References788
Chapter17
TCPKeepalive793
17.1
Introduction793
17.2
Description795
17.2.1
KeepaliveExamples797
17.3
AttacksInvolvingTCPKeepalives802
17.4
Summary802
17.5
References803
Chapter18
Security:EAP,IPsec,TLS,DNSSEC,andDKIM805
18.1
Introduction805
18.2Basic PrinciplesofInformationSecurity806
18.3
ThreatstoNetworkCommunication807
18.4Basic cryptographyandSecurityMechanisms809
18.4.1
Cryptosystems809
18.4.2
Rivest,Shamir,andAdleman(RSA)PublicKeyCryptography812
18.4.3
Diffie-Hellman-MerkleKeyAgreement(akaDiffie-HellmanorDH)813
18.4.4
SigncryptionandEllipticCurveCryptography(ECC)814
18.4.5Key DerivationandPerfectForwardSecrecy(PFS)815
18.4.6
PseudorandomNumbers,Generators,andFunctionFamilies815
18.4.7
NoncesandSalt816
18.4.8
CryptographicHashFunctionsandMessageDigests817
18.4.9
MessageAuthenticationCodes(MACs,HMAC,CMAC,andGMAC)818
18.4.10Cryptographic SuitesandCipherSuites819
18.5
Certificates,CertificateAuthorities(CAs),andPKIs821
18.5.1
PublicKeyCertificates,CertificateAuthorities,andX.509822
18.5.2
ValidatingandRevokingCertificates828
18.5.3
AttributeCertificates831
Contents xxix
18.6
TCP/IPSecurityProtocolsandLayering832
18.7
NetworkAccessControl:802.1X,802.1AE,EAP,andPANA833
18.7.1EAP MethodsandKeyDerivation837
18.7.2The EAPRe-authenticationProtocol(ERP)839
18.7.3
ProtocolforCarryingAuthenticationforNetworkAccess(PANA)839
18.8Layer 3IPSecurity(IPsec)840
18.8.1
InternetKeyExchange(IKEv2)Protocol842
18.8.2
AuthenticationHeader(AH)854
18.8.3
EncapsulatingSecurityPayload(ESP)858
18.8.4Multicast 864
18.8.5
L2TP/IPsec865
18.8.6
IPsecNATTraversal865
18.8.7
Example867
18.9
TransportLayerSecurity(TLSandDTLS)876
18.9.1TLS 1.2877
18.9.2TLS withDatagrams(DTLS)891
18.10DNS Security(DNSSEC)894
18.10.1
DNSSECResourceRecords896
18.10.2
DNSSECOperation902
18.10.3
TransactionAuthentication(TSIG,TKEY,andSIG(0))911
18.10.4
DNSSECwithDNS64915
18.11
DomainKeysIdentifiedMail(DKIM)915
18.11.1
DKIMSignatures916
18.11.2
Example916
18.12
AttacksonSecurityProtocols918
18.13
Summary919
18.14
References922
Glossary ofAcronyms933
Index963
