Professional Documents
Culture Documents
US - Računarske Mreže
US - Računarske Mreže
, 2011.
t:
.
t:
.
.
:
, 32
www.singidunum.ac.rs
:
.
:
:
:
:
2011.
:
300
tp:
ISBN: 978-86-7912-368-8
Copyright:
2011. Univerzitet Singidunum
Izdava zadrava sva prava.
Reprodukcija pojedinih delova ili celine ove publikacije nije dozvoljena.
!
"
#$%
#$%
&
#$'( )
*'( )
$'(
+
*
#$'(
,'
-
./0' !
12
' !
3 ' 4
!50 %
!678 )
!9:;<8;
4
(-
-
,""$
,"'$
," !
,"
4
"
.
"$
="$!
- %
5
)
>
")
III
+
#$"
!>$"
1-
2 )
5
?@ABACDAEF )
="?GHIF )
1-?JEKLMAF
.?7NKDOPFQ
/
&
?@RHDAEF
1-
?MCDANCSF
!T""?UKEANCVVF
*0
4
1- 4
1 4
87WX9AEYKZCV[LCBDAE%
[W7\<W7\ %
@7] )
&'
!^KEA_KEA
48EW[
&
#$
,
`]6X<`]6^^
$
2$-
-
a
!
&
#$ %
,
$$ %
b
!)
c0
!
c !
c!
,
c!!
[@;]
($!!
!'
-4)
!>5' 4)
!^KIAEWKdDEKIHDALWCDC8ZDAEUCOA4)
4_[X' 4
IV
4;;;
4
4e0- 4
487WX?8ZDAMECDAL7AEfKOAdWKMKDCVXADNREgF4
4+'
4!
4*# %)
4 ` %)
4!h %
44a>1 %
%T-' %
%JVHADRRDPQ8iii4)%!
%_K^KQ8iii4)))
%_Kj[` )
1- )!
*
)4
.
*
)
a$-
T"/'
1--
,-%
T$
-$
-$-:
e
/
2$-?X[9F%
2$
h'$
5
$
$4
$
@8;]
0
$
'2$
'4
$
%
@8;ZM]
0
$b
'
-'
8:j;]
*
a
8:j;
k
"8:j;
%
8lj;]
#$'
*
>
&
9:;]
!
&
#$ !
.'
4
0!)
'!
.
!
.0
-!
,]
!4
*
"4)
a
4
" 4
a$/
$
4
&0
"
4
G99;]
4
/
4!
&
#$%)
T"
%
G9j\]$
%
`j\]
($%
$
#
%!
76[;]
"%!
_WW`]
"%%
!m76X]"
mCfC7OEKBD))
."))
&
#$
b$)
,")
"
)
.
( )%
a
()%
/$
7j9;]
(
;6;]
(
.
0
^9;]
0!
.'
^9; !
X^7]-0]4
:8^7]
(*0]4
.$ )
WG:;]
($b)
VI
WX7]
*
"($
>
,($
.
-4
X9;]
-'4
7Xj;]
#$-)
!.
#
!>
!77G]""#
!+"
2$:
''
41
4*0
40
""
-
3
!
,
!
5"$(0
4
3
$
3
b$
'
(
k(
'
k(
(
k(
'
)
9ECZdBRED\CSAE7AOHEKDS
9\7]
#$
&
#$#
,
'0
$
*
9\7
k(
-'
%
8ZDAEZAD;ERDRORV7AOHEKDS( )
5-
[HDPAZDKOCDKRZGACLAE
iZOCBdHVCDKZM7AOHEKDS;CSVRCL
*
8;dAO
4
8ZDAEZADoASipOPCZMA
!
h !
.$
$
!
.(0'!
[LfCZOALiZOESBDKRZ7DCZLCEL/[i7!!
VII
WCDCiZOESBDKRZ7DCZLCEL?Wi7/Wi7F!4
@7[ !%
> 4)
!+8]1-"q
.4
!,0'
04
!a
($-
4
!a
-($
"4
!aWKCV]rB-4
!1-4
! ($-'0?KUORZUKMF4!
4+88]-4%
4k 4%
42$"4%
42$-4%
4*
$-4%
42$"
-%)
42$
%)
4 2$
'
-%)
4!-$
-%
45($ %
42$"%
42$-%
4*
$-%
42$"
-%
42$
%
4 2$
'
-%
4!-$
-%
VIII
IX
F
1.
,
.
,
. ,
,
, .
.
,
.
1.1.
:
1. (),
2. ,
3.
4. .
1.1-1.
1
,
. ,
,
.
. ,
,
, .
.
.
, .
.
.
:
( patch panel),
(patch cabel),
1.2.
,
( )
. :
(source) .
(transmitter)
(.
).
(tramission sistem)
.
(receiver)
.
(destination) .
1.2-1
:
(interfacing) ;
(signal generation) , ,
.;
(synchronization) ;
(flow control) -
;
(recovery)
;
(message formatting) -
;
(security) , ;
(network management)
, . ,
, .
(exchange
management)
1.2.1.
.
, ,
,
. .
, (),
.
.
,
.
1.2.1.1.
(. circuit switched)
,
.
, PC1 PC2
.
1.2.1.1-1.
PC2
, . ,
.
4
, .
( ) .
1.2.1.2.
(. packet switched)
,
( , , , .)
. (),
.
.
.
.
.
. ,
.
1.2.1.2-1.
,
.
,
.
5
1.2.1.3.
(. virtual circuit)
. ,
.
, .
.
( ) . ,
,
.
.
1.2.1.3-1.
. ,
, ,
, , .
. ,
( ),
.
.
,
.
1.3.
.
()
.
, ,
,
.
, , . :
1. - ,
2. ,
3. .
.
() .
. .
.
,
, .
,
.
,
.
.
, ,
. ,
.
.
,
.
, .
.
7
.
.
:
, , ,
,
:
()
, ()
. , ,
. , .
,
, .
,
.
(layering).
,
:
Handshaking - ;
( );
1.3.1.
.
.
,
.
1.3.2.
.
:
1. ( )
.
2.
.
3.
.
4.
.
. , (
) .
. TCP
(Transmission Control Protocol).
.
1.4.
.
: .
.
, ,
. n
( 1 500.000). .
, ,
.
, .
1.4.1.
.
.
. :
.
:
; .
.
, , ,
.
; .
.
.
; .
, .
,
.
;
. ,
.
10
; ()
.
.
;
. ,
.
;
.
,
.
; (, ,
) .
;
( ),
.
1.4.2.
.
, .
. ,
, , .
1.4.2-1.
11
,
(Longitudinal Redundancy Checking, LRC ),
(Checksum, Cyclic Redundancy Check , CRC ).
1.4.2.1.
.
0
(even parity).
1 ( odd parity).
, .
.
1.4.2.1-1.
50% .
.
1.4.2.2.
, ,
. , .
, .
, .
,
. ,
.
.
12
1.4.2.2-1. : )
, )
1.4.2.3.
.
(Checksum)
(Cyclic Redundancy Check, CRC).
.
,
.
.
,
255 (1 )
. 95%. TCP/IP
TCP UDP 16 .
- (Cyclic Redundancy Check, CRC)
. 8, 16, 24 32 .
P. , P
G Q R/G.
. ,
:
P/G=Q+R/G
R .
G, R.
R R. ,
. CRC
13
100%
R.
.
1.4.3.
. , ,
. ,
,
.
(Automatic Repeat Request, ARQ). ARQ :
ARQ.
( Forward Error Correction)
, .
100% .
, , .
, .
. .
.
.
,
OSI TCP/IP .
ACK NACK
.
,
, .
.
, . ,
ACK NACK ,
( ).
10 20%
. .
, .
14
1.5.
.
. ,
.
.
:
1.
2. .
:
1. ,
2. ,
3. ,
4. mesh
5. .
:
1.
2. .
:
1. Personal Area Network (PAN),
2. Local Area Network (LAN),
3. Metropolitan Area Network (MAN),
4. Wide Area Network (WAN)
5. Global Network (Internet).
( ) :
1. Host-based,
15
2. -
3. Peer-to-peer.
:
16
1.6. ,
,
.
. ,
.
1.6.1.
(. Internet
Corporation for Assigned Names and Numbers, ICANN )
, ,
, .
,
, .
IANA (Internet Assigned Numbers
Authority).
(. Internet Engineering Task Force,
IETF) .
,
(
VeriSign ).
(. International Telecommunication
Union ITU) , .
.
(. European
Telecommunications Standards Institute, ETSI ) ,
, , 1988.
.
.
(. Free Software Foundation, FSF)
, .
GNU
17
,
.
1.6.2.
(. National
Security Agency, NSA). 1952.
. 2008.
.
(. U.S. Intelligence Community).
(. Central security service).
AES DES,
.
,
(.
Khufu Khafre).
(. National
Institute of Standards and Technology, NIST ),
(. National Bureau of Standards, NBS ),
1901. .
, .
AES DES.
18
1.7.
UNIX mainframe .
mainframe- ,
, -
mainframe-
mainframe- .
,
,
.
. ,
.
(. International
Organization for Standardization, ISO )
. 1984. Open
System Interconnection Basic Reference Model , , OSI .
OSI . ISO
.
OSI
.
.
OSI
.
(TCP/IP)
. ,
OSI
.
1.7.1. OSI
Open Systems Interconnection Reference Model (OSI model) 1984.
ISO . OSI ,
de facto -
(TCP/IP). OSI :
1.
( )
.
, ,
.
20
2.
.
. ,
, (
).
3.
.
( )
.
4.
. ,
.
,
,
,
, .
,
( ).
5.
,
. (
)
.
.
(. session accounting).
6.
.
. ,
.
.
21
7.
.
.
1.7.2. TCP/IP
OSI , ( TCP/IP)
de facto .
OSI .
OSI ,
,
OSI . ,
.
OSI .
.
22
1.8.
, .
.
:
1.
2.
3.
(. kernel)
:
1. (. shell) ( GUI - Graphical User
Interface) (CLI - Command Line Interface)
2.
3. (, )
.
.
(.
single-user) (. multi-user).
,
.
(. multitasking)
(. task) .
,
.
-.
, ,
. ( )
23
24
2.
OSI - . TCP/IP
, ,
.
,
.
2.1.
.
.
2.000 .
:
(. twisted pair)
,
.
( )
.
:
.
.
25
.
.
,
. ,
, .
.
, .
, , , . ,
o , .
.
.
.
20 , 70%
.
2.1.1.
,
, , , , ,
, .
(UTP) .
,
30MHz, .
100MHz, ,
88
108MHz,
. FTP STP . FTP
25
. ,
6.00MHz. STP
, .
, .
26
2.1.2.
. ,
, ,
() , , .
,
.
. , , (
),
.
.
2.1.2-1.
()
.
, . ,
.
.
.
:
1. 50 , , -58 (.
thick) RG-11 (. thin)
2. 75 , ( , ),
RG-59.
, 10Base5,
10Mb/s, RG-58,
500m, .
27
. 10Base2
RG-11,
185m, BNC T ,
50 BNC .
.
2.1.3.
(. twisted pair cable)
() .
.
( ). ,
. 2.
: (Unshielded Twisted-Pair, UTP )
(Shielded Twisted-Pair, STP) .
UTP .
.
PVC
.
.
. ,
,
. : FTP, S-FTP
STP.
FTP
. ,
28
,
() 5MHz
.
2.1.3-1.
/ FTP ,
. STP , SFTP
.
2.1.3-2. :
(. )
. RJ (Registered
Jack) , , ( RJ11)
(RJ45).
.
.
wall () .
, .
29
. ,
.
. ,
,
10 .
2.1.3-3. RJ45
PVC - - .
,
. Plenum ()
, PVC
.
RJ-45
.
- . .
568A 568B.
,
,
. TIA/EIA-568B
. ISO/IEC
, ( class).
3 (CAT3/Class C)
10Mb/s,
16MHz.
.
4
16Mb/s.
30
5 (CAT5)
100Mb/s 100 .
5 (CAT5e/Class D)
100MHz .
Power-Sum Near-End Crosstalk (PS-NEXT),
Equal-Level Far-End Crosstalk (EL-FEXT), Power-Sum Equal-Level Far-End Crosstalk
(PS-ELFEXT). 5
100 .
6 (CAT6/Class E)
250MHz .
CAT5e. CAT6
.
6 (CAT6a/Class EA) 10 100 .
250MHz 500MHz. ,
Alien Crosstalk (ANEXT)
- . CAT6a
UTP FTP .
7 (CAT7/Class F) 10-
. 1-600MHz
100 .
7
. GG45
(GigaGate) . GG45 4 RJ45
. 2
10Gb/s.
2.1.4.
.
,
. LAN
,
.
.
31
2.1.4-1.
, ( LED
), ( ).
LED ,
-
.
.
. ,
.
2.1.4-2.
,
.
,
/ .
( singlemode)
32
(multimode)
.
( )
.
. ,
,
. ,
. ,
,
. ()
.
.
.
, SC ST
.
2.1.4-3.
:
-
.
-
, .
300m .
- .
.
33
- EMS ,
, .
.
2.1.5.
LAN .
LAN
: ,
, .
.
,
.
, ,
, .
ISO/IEC 11801 ( 1995.),
EN50173 ( 1995.), EIA/TIA 568A ( 1995.).
600MHz.
RJ45
, ( )
(
). ,
,
, .
,
.
.
.
,
. , ,
,
, ,
,
34
, .
.
. ,
90 , ,
,
,
.
.
,
.
:
1. (
).
2. ( ).
3. ( ).
. ,
.
.
1.500m.
(, )
.
.
.
.
,
. ,
RJ45 , ST
.
90m.
.
35
, , , ,
.
1.
:
-
.
.
-
.
- ,
, .
36
.
.
-
.
2.1.5.1.
.
.
TIA/EIA-568-B.1
:
patch1 .
.
.
.
.
.
.
.
.
.
.
.
. .
37
, ,
.
TIA/EIA-568-B.1 :
.
3,
CAT5e .
90
;
5 ;
( patch )
5 .
2.1.4-1.
:
2 , 50
62,5.
.
. RJ-45 T568A
T568B SC ST .
38
2.1.5.2.
.
. TIA/EIA-568-B.1
:
.
.
.
.
.
.
.
,
.
.
. .
.
.
.
.
, .
.
:
39
50 62,5 m ( TIA/EIA-568-B.3).
- (TIA/EIA-568-B.3)
. ,
,
.
2.1.5.3.
:
( ),
, , , .
.
TIA/EIA-568-B.1 :
T568A T568B
.
5 .
,
(.
6, patch
CAT5e, ).
2.1.5.4.
.
, ;
40
patch
TIA/EIA-569-B
. :
1000m2
.
2.1.5.5.
.
, , , , .
.
.
TIA/EIA-569-B :
2,4 .
14m2 .
2.1.5.6.
.
41
.
. , , ,
.
2.1.6.
.
TIA/EIA-569-B
.
, .
,
, , . ,
.
.
,
.
90 .
.
40%.
2.1.6-1.
.
, .
42
. ,
.
.
. ,
.
90.
2.1.6-2.
, (. ).
, .
. ,
. ,
,
.
2.1.6-3.
43
,
.
.
.
, ,
. TIA/EIA-568-B.1
, .
2.1.6-4.
.
.
, .
.
,
13mm.
2.1.6-5.
44
;
. UTP
4 .
8 .
,
25mm.
;
.
.
UTP 110N.
.
222N,
.
; .
.
.
2.1.6-6.
;
. RJ45
. .
.
.
,
.
, patch
.
45
2.1.6-7.
,
.
2.1.6-8. patch
.
2.1.7.
.
: (
patch )
( , .
patch ).
46
2.1.7-1.
.
( 2.). ),
,
. ,
(Network Analyzers) ( 2.).
,
. UTP
. ,
.
.
,
.
.
. ,
.
,
. .
, .
.
47
2.1.7-2.
,
,
TIA/EIA 568A ISO D E, TSB67
(Transmition Performance Specification) TSB95 5E.
(wire map)
,
(propagation delay) -
.
,
(attenuation),
(return loss) -
dB.
48
ACR
(attenuation to crosstalk ratio ). 5E PSFEXT ELFEXT.
(
), ,
.
, .
.
.
. Microtest, Fluke,
Hewlett-Packard, Datacom Agilent.
,
.
0,1 500MHz
110dB.
.
49
2.2.
. ,
.
.
2.2.1. (Repeater)
( ) .
. . ,
() .
. 3R :
(Reamply),
(Reshape),
( Retime)
.
,
. OSI .
. ,
, ().
( )
.
2.2.2. (Hub)
OSI (
). ( RJ-45 ).
,
, .
. :
.
.
UTP
. Broadcast2
50
Collision3 . ,
() . ,
.
.
2.2.2-1.
6 24
.
uplink .
. uplink
.
.
2.2.3. (Bridge)
. OSI
, . .
.
.
.
.
,
.
.
51
,
.
MAC ()
. , MAC .
. broadcast
( ),
MAC .
2.2.3-1.
80%
, 20% .
(.
), .
,
.
2.2.4. (Switch) ,
. ,
. OSI .
MAC
. , ,
, , MAC
. ,
.
.
52
, .
.
broadcast .
2.2.4-1. LAN-
.
ARQ (Automatic
Repeat Request)
. ,
,
.
, .
(
- ).
, .
, ,
.
2.2.5. (Router)
OSI , , .
()
.
IP .
,
.
53
address lookup.
(switching)
.
.
, .
. security ,
. ,
.
(. ).
(
)
.
.
( )
.
2.2.5-1.
. ,
. ,
. . ,
( )
.
: , .
.
,
.
54
.
:
1. -
. ( ,
.)
.
2. -
.
,
,
.
2.2.6. (gateway)
/
.
.
,
.
.
.
.
. ,
,
( ASCII EBCDIC , ) ,
, .
, .
OSI .
, .
:
, ,
.
,
.
55
2.2.7. (firewall)
Firewall ,
(),
(
).
.
LAN- .
firewall
.
2.2.7-1. firewall-
Firewall .
firewall-
.
firewall- .
. firewall-
IP ,
IP .
Firewall
:
56
firewall- ( )
, . , firewall
( ).
firewall ( )
, , .
57
2.3.
-
,
.
.
2.3.1.
. : ,
, NIC...
MAC
2. OSI . MAC
48- IEEE
(Institute of Electrical and Electronics Engineers )
.
.
,
, .
.
RJ-45 ( UTP ), BNC / AUI
(Attachment Unit Interface) . ,
LED .
10, 100 1.000Mb/s.
3Com, Intel, Realtek, Marvell, VIA...
2.3.2.
.
,
.
- POTS (Post Office Telephone Service).
PC (
58
2.3.4. ADSL/DSL
ADSL/DSL
ADSL (DSL)
. ADSL ADSL
ADSL .
ADSL/DSL ADSL/DSL
. ADSL
. ADSL .
256Kb/s 8Mb/s 1.500
. 64Kb/s 1.024Kb/s. ADSL
: 25,875kHz 138kHz
138kHz 1.104kHz .
PSTN (Public Switched Telephone Network ) 0
4kHz, ADSL
.
59
2.3.5. RS-232
RS-232 (Recommended Standard 232) 4
DTE
(Data Communication Equipment )
. DCE (Data Circuit Equipment )
. .
.
,
, .
, USB.
CTS .
handshaking . 25 9- DB. ,
DTE , DCE .
DTE DCE RS-232 .
DTE RS-232 (
).
2.3.6.
USB (Universal Serial Bus)
(, , , ,
, flash , , ).
.
. USB .
- USB
.
. USB USB .
5 . USB
127 .
2.3.6-1.
USB USB
. USB RESET
USB .
USB 7- .
.
. . USB
1.x 2.0 master-slave, .
. 3.0
full-dupleks .
61
2.3.6-2. USB A B
USB 2.0 1.x 5 .
USB . 5V
100mA.
5.
3.0 . USB .
: , , .
12Mb/s ( USB 1.0), 480Mb/s (USB 2.0) 4,8Gb/s (USB 3.0)
.
2.3.7. FireWire
FireWire IEEE
1394
.
USB-
. 63
. peer-to-peer ,
, RAM .
45W, 30V. 6- 9 400 800Mb/s .
. USB , USB
,
.
62
2.3.8. IrDA
IrDA (Infrared Data Association)
.
,
.
, PDA , - ,
, .
1m. 2,4 16Kb/s.
baseband5-, ( full dupleks ). IrDA
, WiFi Bluetooth,
.
63
2.4.
(Media Access Control, MAC )
OSI. MAC
.
.
,
.
, ,
.
:
1. (, , ),
2. - ( MA, CSMA, CSMA/CD,
CSMA/CA)
3. (FDMA, TDMA, CDMA).
2.4.1.
(mainframes)
. LAN
Token ring. X-ON/X-OFF
(Polling).
64
2.4.3.
(roll call polling)
.
.
, .
( ) :
, , , , , ,
. , , , , , , , , , , ..
.
.
.
2.4.4.
(token-passing)
,
. .
.
.
2.4.4-1.
, ,
. .
. ,
65
, .
.
ARCnet, FDDI, IBM- Token Ring.
2.4.5.
.
(
) . LAN-.
.
.
:
1.
2. , .
:
.
. , . ,
, ,
18.4%. 81.6%
.
2.4.5-1.
,
36.8%.
,
. ,
66
.
,
.
2.4.5-2.
, WiFi- .
. 802.11b
2-4 Mbit/s , 11 Mbit/s.
.
a
.
.
CSMA/CD (Carrier sense multiple access with
collision detection).
()
.
CSMA/CA (Carrier sense multiple access with collision
avoidance)
2.4.6.
(. Media Access Control address, MAC
address) .
IEEE
:
67
1. MAC-498,
2. EUI-48 (Extended Unique Identifier-48)
3. EUI-64.
, MAC
. IEEE 802 MAC ,
MAC-48, .
48 ,
248 281.474.976.710.656 MAC .
,
. .
. 0
, 1 . MAC48 EUI-64 .
MAC 00-78-74-4c-7f-1d. IEEE
OUI , MAC Dell Computer Corp.
. MAC-48 :
Ethernet
IEEE 802.11
IEEE 802
Bluetooth
FDDI
ATM ( )
68
2.5.
.
. ,
.
. ,
.
.
,
.
.
. ,
, , ;
. ,
. .
2.5-1.
2.5.1.
(Stop-and-Wait Flow Control)
. ,
69
(ACK), (NACK)
. ,
. ACK , .
, .
. .
, . (
y) .
, ,
.
( y) .
, .
2.5.1-1.
2.5.2.
, .
. ,
.
.
.
() ,
.
70
2.5.2-1.
2.5.3.
. ,
.
( ) (
, , .).
. 7- ASCII ,
.
70%.
. ,
, .
.
,
OSI .
,
.
71
2.5.3-1.
, ,
.
,
,
OSI TCP/IP
72
2.6.
(IEEE 802.3 ISO 80802-2)
.
MAC . DEC, Xerox Intel
IEEE IEEE 802.3.
(
). .
7
10101010....
,
. ,
. ,
. VLAN LAN-;
VLAN-, , 2
24,832 (8100). , ,
, .
(TCP/IP, IPX/SPX).
1.500 .
,
64 . ,
, , 64.
CRC-32
2.6-1.
.
.
1985. IEEE 802.3 Carrier Sense Mutiple Access with Collision Detection (CSMA/CD) Access Method and
Physical Layer Specifications.
.
( ) 10Mb/s,
73
(UTP ),
100Mb/s ( Fast Ethernet),
. 802.3
OSI .
. ()
.
- ,
, LAN , LAN , , Network
Interface Card - NIC.
(driver) .
.
() .
, .
-
.
OSI CSMA/CD. Multiple
Access
. Carrier Sense
-
. (
) . Collision Detection
()
.
,
. 1518 .
101010101010. .
.
( MAC)
, . MAC
. ;
multicast
broadcast
.
broadcast multicast .
74
.
.
.
.
MAC
.
1500
.
- CRC (Cyclical Redundancy Check).
.
,
.
(CRC). ,
, . .
( ) .
2.6-2. MAC
10Mb/s
:
1.
2.
3.
4.
10Base5 - ,
10Base2 - ,
10Base-T -
10Base-F .
75
. - 10 -
10Mb/s. Base baseband .
(
).
. 5 ,
500m. T F twisted-pair
fiber optic.
, 10 100Mb/s,
802.3u, :
1. 100Base-T4 UTP 3. 100m,
2. 100Base-TX UTP 5. 100m,
3. 100Base-FX 2000m.
1998. 802.3.
. switch-,
, . IEEE 2002.
10Gb/s 802.3ae.
:
1. 1000Base-SX , , x 550m,
2. 1000Base-LX , , x 5.000m,
3. 1000Base-CX STP , , x 25m,
4. 1000Base-T UTP 5. , , 100m.
2.6.1.1.
(
)
half-duplex
.
hub.
. ,
, .
,
.
76
2.6.1.2.
,
.
-
(Switched Eternet).
w
. hub
switch
.
, .
2.6.2. ARP -
. ,
IP . ,
. ,
,
. , , .
,
. , ,
. Address Resolution
Protocol (ARP) RFC 826.
(. Address Resolution Protocol, ARP)
IP . ARP
. , ARP MAC
IP . ARP
.
IP ,
IP .
77
IP MAC
. , ARP
MAC
( IP ).
ARP , ARP (),
IP ? ,
MAC ,
ARP
MAC .
, ,
IP MAC . ,
.
( diskless workstation)
IP , .
RARP
RARP IP .
.
RARP ( )
. MAC RARP
RARP IP ?). RARP
MAC .
79
2.7.
2.7.1.
IBM. .
, .
4Mbps 16Mbps. : .
().
,
.
. ,
.
, , ,
, .
.
IBM
. , ,
.
,
.
2.8. WAN
LAN , WAN (Wide Area Netowork)
, . (
).
() , . WAN
.
(,
), WAN .
2.8-1. (WAN)
, WAN
. WAN
LAN ,
. WAN
, .
.
LAN- : E1(T1), E3(T3), ATM, ISDN, ADSL,
(Frame Relay), .
- (backbone).
2.8.1. PPP
PPP (Point-to-Point Protocol) WAN
.
.
.
. .
. PPP
1. PPP type
81
.
L3 (Layer 3 )
PPP . , OSI , PPP
( , ,
, , )
(, , , ).
2.8.1-1. PPP
( Flag),
01111110. PPP
,
(ESC flag 01111101).
(byte staffing).
,
. 11111111.
2.8.2.
.
, , ,
. ,
. ,
-,
() - , , .
, ,
, ,
. ,
, ,
xDSL .
(. International
Telecommunication Union, ITU).
191 .
. E.164 , 1997.
,
:
1. 15 ;
2. ( )
;
3.
(. national destination code, NDC);
4. (.
subscriber number, SN);
5.
.
,
. ,
83
.
,
.
.
( Public
Switched Telephone Network, PSTN ).
.
,
.
.
.
WAN .
, .
,
.
,
. ,
, .
, 3,4kHz ,
.
56Kb/s
(TCM - Trellis Coded Modulatiori),
. , . ,
/ / . ,
. ,
56Kb/s 45
50Kb/s ( ).
, dial-up
, LAN , backup
WAN WAN
.
84
, .
,
,
.
:
.
RJ-11 ( )
, ,
.
.
(RS-232) USB .
RJ-11
.
-
,
,
.
,
.
, .
2. .
.
,
/
. / .
.
ISDN- / / .
.
3. . ISDN ,
. . ISDN
.
ISDN ,
. ( )
,
. , . ISDN-
,
. -
.
2.8.3-1. ISDN
ISDN : (BRI Basic Rate Interface)
(PRI Primary Rate Interface). (
) 64Kb/s (
) 16Kb/s, 144Kb/s. 2+.
. PRI (30+)
86
64Kb/s
64Kb/s , (
2Mb/s), .
BRI (2+), PRI (30+)
. ISDN-
, ISDN 128Mb/s upsteram
downstream .
ISDN :
1.
ISDN
2.
()
3.
ISDN ( ISDN
ISDN )
4.
5.
ISDN
6.
FAX 4
7.
2.8.4.
( Digital Subscriber Line DSL)
(
144Kb/s 50Mb/s). DSL
(service providers), . ,
.
( ).
,
.
300
4.000Hz.
, .
.
DSL
87
xDSL. DSL
ISDN-. DSL
,
.
. , downstream (
), upstream (
).
download-, , e-mail-,
upload-.
2.8.4-1. ADSL-
DSL-: (ADSL), High-bit rate (HDSL),
Single Line (SDSL), Very-High-Data-Rate (VDSL) .
()
, .
DSL- . ,
(ADSL-Asymetric Digital Subscriber Line ). ,
DSL .
DSL .
( , , ,
, home shopping, .),
. ADSL
. ADSL
.
( PSTN Public Switch
Telephone Network).
88
ADSL
()
.
ISDN . ADSL
ISDN . ISDN
ADSL .
.
.
2.8.4-2. ADSL-
ADSL-
. splitter,
ADSL-.
( ),
ADSL ADSL
. (Local Loop)
.
89
, ADSL-
.
.
. .
(PSTN), DSL .
, ,
DSL access multiplexers (DSLAM)
.
2.8.5.
( )
. .
,
,
. , .
56Kb/s, 64Kb/s, 128Kb/s, 256Kb/s,
512Kb/s 2Mb/s. - ,
.
.
. -
- .
, :
1.
2. ,
, frame
relay. .
2.8.6. X.25
X.25 ITU-T , WAN
ISDN .
, ( 1 3) OSI .
X.25
.
X.25
90
. ,
Frame Relay,
WAN
.
( )
.
X.25 .
,
, ,
. , ,
, ,
,
X.25 .
X.25
:
1. ,
2. ( Transactions Processing),
3. ,
4. ,
5. (ATM - Automatic Teller Machines), .
X.25 ,
X.25 64Kb/s,
2Mb/s X.25 .
. LAN . Frame relay
ATM X.25 .
2.8.7.
X.25
Frame Relay .
,
.
. Frame Relay- LAN
.
PPP
WAN . ,
91
,
PPP . .
.
,
.
Frame Relay . Frame Relay WAN
WAN
.
. ,
10 , pointto-point 45 (109/2=45). Frame Relay
.
.
2.8.7-2. DTE
2. DTE .
.
DTE . Frame Relay
PVC (Permanent Virtual Circuit). DLCI (Data Link
Connection Identifer) Frame Relay
. PVC DTE .
PVC
point-to-point .
,
Frame Relay .
, Frame Relay CIR (Committed Information Rate).
PVC CIR,
.
Frame Relay ,
. Frame Relay DLCI .
L2 . Frame Relay
DLCI , DTE ,
DTE ,
.
DLCI . DLCI
PVC-, .
, Frame Relay
L3 (IP) .
.
Frame Relay IP .
ARP. ARP
ARP (Address Resolution Protocol) .
ARP, DTE PVC- ( DLCI
) IP
PVC-. Frame Relay DLCI
IP, DTE
.
2.8.8.
ATM (Asynchronous Transfer Mode)
WAN . ATM TDM (Time
Division Multipelxing). TDM
()
. ATM
. L2
( ).
ATM
94
.
,
, VoIP (Voice over IP)
. ATM ,
DTE
. ATM SONET/SDH
( ) ( backbone)
(PSTN) ISDN-, IP .
95
2.9.
.
. , ,
, , .
.
,
.
. ,
, :
,
.
. , ,
.
,
.
.
,
, ( ,
) .
,
.
. ,
:
:
Bluetooth
96
:
IEEE 802.11
:
Paging
IEEE 802.11 (
)
.
100mW
~100m
2,5mW
~10m
1mW
~1m
bluetooth
Bluetooth 1994.
(). 1998.
Bluetooth SIG (pecial Interest Group)
Bluetooth-. , 2000 ,
97
, , , .
1999. , 2002. IEEE 802.15.1
PAN6 Bluetooth .
bluetooth-:
1.0 - Bluetooth
(BD_ADDR) .
1.1 - 2002. IEEE 802.15.1.
. bluetooth .
1.2 .
,
.
721Kb/s.
.
2.0 0+EDR - 2004.
.
Enhanced Data Rate (EDR) .
EDR 3 Mb/s, 2.1 Mb/s. EDR
Gaussian Frequency-Shift Keying (GFSK) Phase Shift Keying
(PSK) . EDR
.
2.1 +EDR 2007.
secure simple pairing (SSP). SSP-
Bluetooth .
. sniff subrating low-power .
3.0+ HS 2009. .
24 Mb/s, bluetooth . Bluetooth
,
802.11.
,
.
4.0 2009. .
Bluetooth low energy ,
.
ISM 7. ISM ,
() ( fading
). FHSS
8.
83,5MHz 79 1MHz.
.
625ms,
. 1.600 .
,
(piconet). ( master),
.
(slave). piconet 8 ( master
slave ), piconet- ( 10, 80 )
scatternet.
. polling-. Bluetooth point-to-point point-to-multipoint
. ,
. Bluetooth
.
.
.
.
, .
,
. .
72b
54b
0-2.745b
bluetooth
,
.
bluetooth
.
Bluetooth
.
99
.
:
128 - ,
8 - 128 ,
802.11 2002.
54Mb/s,
30Mb/s. 5GHz.
802.11 1999.
11Mb/s,
1 2 Mb/s. WiFi
.
802.11 2003.
. 2,4GHz, 802.11
.
100
ka 2.9.2-1. ISM
2.9.2-2. 802.11
101
IEEE 802.11
,
. WiFi
WiFi ( )
. ( 30 m).
.
IEEE 802.11
. WLAN .
, AD-HOC (IBSS Independed Basic
Service Set) 802.11
. peer-to-peer WLAN .
( AP- Acces Point).
.
, .
(hidden node).
102
1.
(carrier sense) -
.
.
103
2.9.2-6. RTS/CTS
AP
, AP RTS ,
. CTS , AP-
AP .
.
. , . .
ACK (
). ACK,
. MAC
, ACK,
.
,
.
104
, .
. IEEE 802.11
,
. , AP 20- PS-Poll (Power Save) . AP
.
, .
, PS-Poll
.
,
.
LAN- (WLAN)
.
.
AP- ,
. -
. -
AP , AP- . beacon
AP-, .
AP .
,
. , AP AP-
-
. AP
.
AP AP-
, (
MAC ).
AP- .
AP- IP ,
.
105
2.9.3. WiMAX
WiMAX (Worldwide Interoperability for Microwave Access )
IEEE 802.16.
.
. DSL
.
.
WiFi 802.11,
WiMAX-. 50Km
5-15Km , WiFi 802.11
30-100 .
40Mb/s, IEEE 802.16
1Gb/s.
.
.
. WiMAX
VoIP, streaming, .
WiMAX-: (802.16) (802.16).
point-to-multipoint multipoint-to-multipoint
, .
106
3.
OSI TCP/IP
.
, ,
, , ,
.
.
.
3-1.
,
.
()
.
107
. , ,
(). ,
, .
, ,
,
.
3.1.
, .
, IPv4.
, www.xkcd.com
, ,
, (.
Internet Protocol version 4, IPv4, IP ).
.
( , X Window System UNIX
).
. ,
108
,
.
,
, .
, .
.
.
,
.
,
, .
.
.
.
.
,
. ,
,
.
, (.
Internet Control Message Protocol, ICMP )
.
,
.
109
,
. ,
.
2011.
.
,
.
3.1.1.
:
.
.
3.1.1-1.
.
160 96
( , , ,
, ) 64 . ,
()
32 . :
(. Version)
.
4.
110
(. otal Length)
( ),
(). 65.536
, 576 (64
512 )
.
(. Identification), (. Flags),
(. Fragment Offset) ,
32 ,
. , ,
, , .
,
,
, , .
,
( 64 ), ,
.
(. Time to Live)
.
,
111
, (
, . ) .
. ,
.
ICMP
.
, .
(. Hop Limit).
(. Protocol)
,
.
, 1,
ICMP , 6 TCP , .
RFC 790 .
(. Header Checksum)
,
.
.
,
. ,
.
(. Source Address)
.
, ,
.
(. Destination Address)
.
, .
112
, .
. ,
, , ,
.
3.1.1-2. , Wireshark
, .
3.1.2.
.
, ( 1.)
.
3.1.2-1.
( )
. , ,
,
.
resolver Domain Name System .
113
, ,
.
.
, , ,
.
(. Address Resolution Protocol-).
? ,
,
. ,
, , , ,
, ,
.
, 2 32
( 4.294.967.296) .
, - 1974.
- . , ,
.
3.1.2.1. ,
,
(.
exclusive dijsunction, exclusive OR, XOR ). IP
,
,
. ,
IP ,
.
( ) .
. , , , .
.
114
. ,
, .
.
3.1.2.1-1.
,
.
.
,
. , . ,
, .
( ).
.
3.1.2.1-2.
, .
115
.
,
. ,
.
3.1.2.1-3.
,
. ,
.
. ,
,
. ,
.
3.1.2.2.
32
( ). -
- - .
.
, .
3.1.2.2-1.
,
.
116
,
.
, .
3.1.2.2-2.
(. network address) (. broadcast
address).
. .
.
.
.
.
3.1.2.2-3. ,
, ,
,
.
n .
.
,
117
, , . ,
,
.
3.1.2.2-4.
(. default gateway)
,
.
, ,
.
3.1.2.2-5.
, ,
(. multihoming).
, , :
, / /?
( ). ,
, 1,
2. , /
1, / 2.
118
3.1.2.2-6.
, , DNS
.
,
.
3.1.2.3.
254 (2 8 2) 16.777.214
(224 2). ,
, ,
.
. ,
, .
1981. RFC 791
.
3.1.2.3-1.
RFC 791
A, B C D E .
119
, .
A . ,
A
. A
. 127
16.777.216 .
3.1.2.3-2. A
B 10.
, B
.
B
. 16.384 B
65.536 .
3.1.2.3-3. B
C 110.
, C
.
C
. 2.097.152
C 256 .
120
3.1.2.3-4. C
D 1110.
, D
.
,
(
multicast). D RFC 1112 .
3.1.2.3-5. D
E 1111.
, E
.
,
.
3.1.2.3-6. E
.
,
1981.
1993. . ,
.
1993.
.
121
,
.
3.1.2.4.
,
, IP
. C
( )
, 252 256
. ,
254 .
65.279 65.536 .
, , 1993. ,
1519 ,
, Classless InterDomain Routing, CIDR.
3.1.2.4-1. C
,
.
,
,
122
.
0, 128, 192, 224, 240, 248, 252, 254 255.
, , . ,
C 192.168.1.0
24 255.255.255.0.
,
. ,
192.168.1.0-255 ,
.
25 7 .
255.255.255.128
.
192.168.1.0/25
192.168.1.128/25.
.
3.1.2.4.1. C
C, 192.168.1.0/24,
140 :
1. : 80
2. : 35
3. : 15
4. : 10
,
.
n- 2 -
, ,
.
(256 ),
: 80
128 (27), 35 64 (2 6),
15 32 (2 5), 10
16 (2 4).
2.
, .
123
128 .
192.168.1.0/25, 192.168.1.127,
192.168.1.1 192.168.1.126,
255.255.255.128.
3.1.2.4.1-2. C
64 .
192.168.1.128/26, 192.168.1.191,
192.168.1.129 192.168.1.190,
255.255.255.192.
32 .
192.168.1.192/27, 192.168.1.223,
192.168.1.193 192.168.1.222,
255.255.255.224.
16 .
192.168.1.224/28, 192.168.1.239,
192.168.1.225 192.168.1.239,
255.255.255.240.
C
192.168.1.240/28 .
, , .
, ,
. ,
. ,
, ,
.
.
124
(
).
,
.
,
, .
. ,
, .
3.1.2.4.1-3. C
( 3.)
192.168.1.64 192.168.1.192
.
192.168.1.127
192.168.1.0/25, 192.168.1.128
192.168.1.128/25.
192.168.1.127/25 192.168.1.128/25
. ,
, .
3.1.2.5. ,
Internet Assigned Numbers Authority, IANA .
125
(,
)
.
.
.
.
,
,
.
.
.
:
0.0.0.0/8
. , 0.0.0.0/32
. 0.0.0.0/24 TCP
22 ALLOW TCP 22
C , 0.0.0.0/32 TCP 110
ALLOW POP3
. , 0.0.0.0
/XX
.
,
.
10.0.0.0/8 .
( ).
16.777.216
,
.
126
127.0.0.0/8 (.
loopback address) ,
. ,
,
.
, ,
127.0.0.1/32
.
169.254.0.0/16
(. link local addresses).
,
,
.
, DHCP ,
.
.
.
192.0.0.0/24
C .
IANA IETF .
.
192.0.2.0/24 TEST-NET-1
.
example.com
.
(, .)
,
, ,
.
192.88.99.0/24
127
. ,
(
).
192.168.0.0/16
, .
65.536 , , 256 C. ,
.
198.18.0.0/15
.
.
.
198.51.100.0/24 TEST-NET-2 ,
192.0.2.0/24
.
.
203.0.113.0/24 TEST-NET-3 ,
192.0.2.0/24 198.51.100.0/24,
.
.
224.0.0.0/4
D . (.
multicast).
240.0.0.0/4
.
.
RFC . ,
,
,
.
128
3.1.3. (NAT)
(. Network Address Translation, NAT )
,
,
.
- .
,
.
IP ,
.
.
,
.
3.1.3-1.
129
.
.
.
.
,
.
.
,
.
.
,
, ,
,
. (, )
.
, (
),
. ,
.
,
, .
. ,
, (. Network
Address Port Translation, NAPT ).
(. Port Address Translation)
.
(
)
130
.
.
,
.
,
.
3.1.3-2.
3.
.
,
. PAT
,
.
, .
, PAT
( ,
.).
. ,
131
, ,
.
3.1.3-3. NAPT/PAT
.
,
. , ,
,
,
. , (. IPsec)
.
3.1.4.
, ,
.
132
.
. ,
, ,
.
3.1.4-1. NAPT
,
, ,
.
.
(. port forwarding).
2.
, .
10.10.10.0/24
SSH, DNS, HTTP HTTPS .
. R1
133
3.1.4-2.
() - 203.0.113.123.
. ,
.
-
. , ,
( )
.
.
,
.
.
134
.
:
1.
2.
,
,
, ,
, . ,
.
3.1.5.
.
.
,
(. Maximum Transmission Unit, MTU).
.
.
3.1.5-1. MTU
MTU .
, 1
2.
1 2
MTU 2. , 2 3
, ,
135
3 ( MTU ).
, ,
(Identification, Flags, Fragment Offset)
.
.
.
.
.
.
. ,
,
ICMP
.
ICMP
.
, ICMP
.
,
, ,
.
, , :
.
.
136
. Teardrop UNIX,
Windows
.
ICMP
65.536 . Ping of Death
UNIX, Windows
.
.
.
,
,
.
137
3.2.
,
,
.
.
- .
.
.
3.2-1.
,
.
.
.
.
.
3.2-2.
138
.
( ).
( , 192.168.12.34
192.168.0.0/16 192.168.12.0/24)
. ,
,
, ,
, .
.
.
,
: -
, , , , .
, .
.
:
1. ,
2.
3.
.
.
.
139
.
. ,
. ,
( )
.
.
:
.
.
,
, ,
.
(. routing protocol)
(. routed protocol).
. ,
.
3.2-3. R1
3.
, ,
. R1
140
, B C
. , R1
, ,
.
(. default route)
.
R2
. R2
. ,
.
R2 ,
R1 ( ).
,
R1.
.
.
( ) .
.
.
.
.
.
.
141
3.2.1.
.
. , -
-
.
, -
-
.
.
.
.
. ,
,
, ,
.
.
-
,
. ,
:
.
.
.
,
142
.
.
,
.
. , EIGRP
, ,
.
,
,
.
, .
( )
. ,
.
.
, ,
.
3.2.1.1. RIP -
(. Routing Information
Protocol, RIP). routed
BSD UNIX ,
de facto .
1988.
. RIP 1969.
ARPANET .
144
( )
(-) ( Token-ring,
Ethternet). ,
-
-
16.
15 .
,
.
.
,
(
).
.
3.2.1.1-1. RIP
1. R1
M1 M2, R2
M3, R3 M4.
145
.
R1 R2 R3 M1 M2,
R2 R1 R3 M3 R3
R1 R2 M4.
. , ,
, .
R1 R2 M4
R3 M3, R2 R1
M4 R3 M1 M2, R3
R1 M3 R2
M1 M2. , (
),
. ,
R1 R2 R1 M3 R3
.
.
,
. 2. R1
10.10.2.0/24 -
R3 R2 R3.
R3 ( )
R2 R3 .
R1 R3 .
3.2.1.1-2. RIP
146
.
3. R1
2 .
(. load balancing),
.
3.2.1.1-3.
RIP
. ,
.
.
3.2.1.1-4. RIP
4. R1
1 R3,
( R2)
147
.
.
RIP
.
( ,
.) ,
( ,
, .).
3.2.1.1.1.
.
, (
)
.
- ,
, . RIP
,
.
.
.
,
.
3.2.1.1.1-1.
148
RIP
.
.
, .
,
.
, , RIP
-
.
( )
.
RIP
30 .
180 ,
,
. ,
.
.
, RIP .
,
16.
.
3.2.1.1.2.
1. R1
1 ( 1 ).
R1 R2 1 R2
1 2.
R2 1 , R1.
R1 1
R2 3
1.
R1
R2 R1 1. R1
149
1 . ,
R2
1 3 (
R1 1).
R1 1
.
3.2.1.1.2-1.
1
R1 R2 - R2 R1
R2... (
1) TTL
.
255 . ,
.
.
. 1
R1 R2 3. , ,
, R1
, R2. R2
1 4
R1. 16,
.
(.
150
split horizon).
.
, 1,
. ,
.
(. split horizon with poisoned reverse ).
16.
.
3.2.1.1.2-2.
2.
,
.
.
RIP .
3.2.1.1.3. RIPng -
( Routing Information
Protocol next generation, RIPng ) RIP
. , RIPng
. :
IPv6 .
151
IPv6
.
.
, UDP .
152
3.3.
2011.
.
,
. ,
.
,
.
,
.
.
.
IGMP.
3.3.1. ICMP -
.
,
.
(. Internet Control Message Protocol).
.
.
. .
153
3.3.1-2.
(. Time Exceeded
Messages)
( Time to live ,
.
(. Parameter
Problem Messages)
.
.
154
3.3.1-3.
(. Echo and Echo Reply Messages)
.
,
.
.
(. Timestamp Messages)
.
: ,
,
.
(. Information Request or
Information Reply Messages)
.
.
155
,
.
,
.
,
.
. ,
.
3.3.1.1. ICMP
ICMP
. ,
, .
ICMP ping traceroute.
ping
. IP/ICMP
,
.
$ ping -c5 192.168.55.10
PING 192.168.55.10 (192.168.55.10) 56(84) bytes of data.
64 bytes from 192.168.55.10: icmp_req=1 ttl=128 time=0.302 ms
64 bytes from 192.168.55.10: icmp_req=2 ttl=128 time=0.366 ms
64 bytes from 192.168.55.10: icmp_req=3 ttl=128 time=0.295 ms
64 bytes from 192.168.55.10: icmp_req=4 ttl=128 time=0.313 ms
64 bytes from 192.168.55.10: icmp_req=5 ttl=128 time=0.487 ms
--- 192.168.55.10 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.295/0.352/0.487/0.074 ms
3.3.1.1-1. ping
ping
. ,
156
. ,
. ,
ICMP firewall
.
ping
. ,
( 2.)
-
.
$ ping www.google.com
PING www.google.com (209.85.148.103) 56(84) bytes of data.
64 bytes from www.google.com (209.85.148.103): icmp_req=1 ttl=53 time=42.8 ms
$
3.3.1.1-2. ping
, ping ( 3.).
, ,
DNS .
$ ping www.google.com
ping: unknown host www.google.com
$
3.3.1.1-3. ping
traceroute
, .
ping
ICMP .
4. traceroute
www.google.com.
6 .
157
$ traceroute www.google.com
traceroute to www.google.com (209.85.148.103), 30 hops max, 60 byte packets
1
192.168.60.12 (192.168.60.12)
79-101-159-1.isp.telekom.rs (79.101.159.1)
0.419 ms
0.813 ms
7.641 ms
212.200.15.221 (212.200.15.221)
12.343 ms
212.200.6.238 (212.200.6.238)
79.101.106.2 (79.101.106.2)
209.85.242.228 (209.85.242.228)
72.14.232.102 (72.14.232.102)
www.google.com (209.85.148.103)
11.424 ms
14.789 ms
0.972 ms
9.040 ms
13.793 ms
16.188 ms
25.807 ms
17.430 ms
26.674 ms
29.042 ms
28.063 ms
23.735 ms
30.110 ms
13.664 ms
31.517 ms
38.252 ms
9.957 ms
39.190 ms
37.913 ms
40.196 ms
3.3.1.1-4. traceroute
,
.
GeoIP
,
.
3.3.1.1-1. traceroute
ICMP Nmap.
,
, , .
.
158
# nmap -O 192.168.1.1
Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-25 09:20 CEST
Nmap scan report for 192.168.1.1
Host is up (0.0028s latency).
Not shown: 997 closed ports
PORT
STATE SERVICE
21/tcp open
ftp
23/tcp open
telnet
80/tcp open
http
3.3.1.1-5. nmap
ICMP
.
3.3.1.2. ICMP
ICMP ,
, , .. ,
.
:
1. ICMP
;
2. ICMP
;
ICMP
159
.
1. ICMP
192.168.1.0/24 .
nmap, 256
3 , 192.168.1.12, 192.168.1.15
192.168.1.20 .
-
, ,
..
$ nmap -sP 192.168.1.*
Starting Nmap 5.51 ( http://nmap.org ) at 2011-06-24 11:00 CEST
Nmap scan report for 192.168.1.12
Host is up (0.0020s latency).
Nmap scan report for 192.168.1.15
Host is up (0.00079s latency).
Nmap scan report for 192.168.1.20
Host is up (0.0018s latency).
Nmap done: 256 IP addresses (3 hosts up) scanned in 3.07 seconds
3.3.1.2-1. nmap
2. ICMP
.
ping : 1)
( -f) 1
; 2) 64
65.535 ; 3) 10.000
.
.
2. 10.000
4.736,
147,658 .
33,5Mb/s, 17,8Mb/s. 47 ,
15,7Mb/s ,
,
.
160
3.3.1.2-2. ping
,
.
(. denial of service)
.
3.3.2. IGMP -
(. unicast) (. broadcast).
,
( ).
.
, ,
,
.
(.
multicast), .
(. Internet Group Management Protocol, IGMP ).
,
,
( 1.).
, , .
.
- ,
161
3.3.2-1.
.
D
.
3.3.2-2.
.
. ,
162
.
:
1. ,
2.
3. (
).
. TTL ,
.
.
163
4.
OSI TCP/IP
. .
- (
).
,
.
,
.
4-1.
.
164
:
1. .
2. ( ) .
3.
.
4.
.
5.
.
IANA.
(
) .
, .
4.1.
,
.
16-
/ ()
, .
, (
). 0 1023
.
( FTP, SSH, Telnet, DNS ).
1024 49151
.
49152 65535
/ .
165
4.2.
(. socket)
4.2 BSD UNIX ,
.
. :
1. IP
2.
3.
4.
5. IP
.
Berkeley socket UNIX Winsock
.
.
, X Window System UNIX
.
166
4.3. TCP -
(. Transmission Control Protocol, TCP)
.
( full-duplex).
.
.
. RFC793
.
(
, MTU 536
)
.
.
de facto
. (,
) .
4.3.1.
.
:
1. SYN
ISN- .
2. SYN ACK
ISN- .
SYN ISN.
3. SYN ACK
ISN .
167
(. handshake)
, .
(. active open)
(.
passive open).
(.
).
(
).
.
,
. FIN TCP
:
1. TCP FIN
.
2. ACK .
3. FIN
.
4. ACK
.
(. active
close)
(. passive close). (
FIN ACK )
- (. halfclose) .
4.3.2.
. ,
.
. .
,
168
.
.
.
. (
) ( / ).
(
).
4.3.2-1.
. 32 ,
.
( )
.
4.3.2-2. TCP IP
169
. 32 .
32 ,
. TCP MSS (Maximum Segment
Size), WSOPT (Window Scale Option), SACK (Selective ACK) SACK Permitted.
( TCP checksum).
4.3.2.1.
. , broadcasting multicasting
. ,
TCP . IP
( ) , TCP
:
TCP
.
.
TCP .
.
, .
TCP
.
TCP
.
TCP
.
,
.
TCP
(
) .
(.
) TCP .
( MSS, Maximum
Segment Size), .
170
MSS SYN
( ) ,
, 536 .
TCP ( ) MSS-
536 556 . IP
576 (556 TCP + 20 IP ). ,
IP MSS- 536 (93%)
40 (7%) TCP IP .
100Mb/s
93Mb . MSS-
3.960 IP 4.000
( TCP IP ).
99:1. MSS-
100Mb/s 99Mb .
MSS-
. . ,
.
( )
MSS-
. MSS TCP
.
.
ACK
. , SACK permitted
SACK -
.
.
. SACK (Selective ACK)
.
SACK Permitted
.
171
4.4.
(. User Datagram Protocol, UDP)
.
,
, ,
.
,
.
,
,
.
( , ,
).
,
.
.
.
UDP
.
4.4-1.
UDP 16
:
172
(. Length) - .
(. Checksum) - .
UDP ,
,
. UDP (
TFTP ). , UDP
.
173
5.
.
.
5-1.
.
(, - )
.
5-2.
174
, ,
,
.
( , top
)
. ,
( )
( ).
5-3.
UNIX (.
daemon). 1963. ,
MAC IBM.
. UNIX
d, httpd,
mysqld...
$ ps -A
USER
VSZ
RSS TTY
STAT START
TIME CMD
...
root
2146
0.0
0.0
6060
1484 ?
Ss
Jun19
0:11 cupsd
root
2151
0.0
0.0
2076
416 ?
Ss
Jun19
0:00 crond
root
2175
0.0
0.0
2840
184 ?
Jun19
0:00 mysqld
root
2325
0.0
0.0
64836
564 ?
Ss
Jun19
0:13 httpd
...
5-1.
(
) -
- . Rootkit UNIX
.
175
5.1.
.
.
- . host-based
-
. -
.
,
(. cloud computing).
5.1-1. -
. -
,
.
,
.
- . .
176
5.1-2. -
(. peer-to-peer)
. ,
,
.
.
5.1-3.
.
.
177
5.1.1. -
-
.
.
. , ,
. -
, -
, ,
. , -
. ,
.
5.1.1-1. -
- -
( 1.). -
,
. , -
.
-
178
. ,
-
,
, ,
( 2.).
, ,
, .
5.1.1-2. -
,
, ,
. , ,
( )
- . ,
,
- .
-
,
.
179
5.1.1.1.
,
. .
, :
.
.
5.1.1.1-1.
.
, . ,
(
,
), .
.
180
.
.
( ,
) .
5.1.1.1-2.
(
) .
. ,
.
.
5.1.2.
(. peer-to-peer, P2P)
(. node) .
P2P
( ) (
181
).
.
. ,
, , ,
...
. -
(
)
.
:
1.
2.
3.
. peer
.
( broadcast ).
- .
,
.
,
.
. .
.
182
5.2.
(. World Wide Web)
. 1991.
, .
,
(. hyperlink)
.
5.2-1. -
.
, ,
.
,
( , ,
...).
, .
( 1.0).
,
.
183
,
. ,
, .
5.2.1. ,
. http
https,
- mailto, ftp, rtsp...
- HTTP.
SSL .
SOAP, XML-RPC, .
,
.
,
- HTML.
, .
5.2.1.1.
(. Uniform Resource Locator, URL)
.
,
, ,
.
,
,
, , ..
.
.
.
.
184
,
.
5.2.1.1-1. HTTP
,
(HTTP HTTPS ) (
).
.
( 80 HTTP
443 HTTPS ).
,
.
-
(: mod_rewrite
Apache ). , ,
GET HTTP
.
,
. ,
.
,
.
HTTP
( 2.).
, @,
(:@).
HTTP
,
.
185
5.2.1.1-2. HTTP
. ,
.
.
,
( , )
.
, ,
.
,
(. Uniform Resource Identified, URI).
(.
Uniform Resource Name, URN).
5.2.1.2. HTTP -
(. HyperText Transfer Protokol, HTTP)
.
-
- -
.
,
.
186
.
(TCP)
.
80, ,
(HTTPS) 443.
5.2.1.2.1. ,
. : , - . ,
.
5.2.1.2.1-1.
,
(. Content-Length)
(. Transfer-Encoding).
,
. ,
.
.
.
GET POST.
OPTIONS, HEAD, PUT, DELETE, TRACE CONNECT.
. (
) .
(
)
187
()
.
5.2.1.2.1-2.
GET
.
.
.
GET /Studije/Poslediplomske
HOST: www.singidunum.ac.rs
POST. , GET,
( ,
.) . ,
GET, .
, HTML
GET :
<form method=GET action=prijava.php>
: <input type=text name=korisnik />
:
</form>
188
, , GET
.
.
( input password)
.
5.2.1.2.1-3.
POST
. , GET ,
.
, a
:
http://adresa.servera/prijava.php?korisnik=petar&lozinka=abc123
GET
.
,
8.192 .
( )
.
.
.
5.2.1.2.1-4. POST
189
HEAD GET
.
,
.
,
.
, :
-
;
-
;
-
;
-
,
;
-
, .
,
.
,
.
5.2.1.2.2.
(. stateless),
.
,
( ,
) .
(
)
, . ,
.
190
,
, .
.
,
.
,
.
.
, .
.
.
. ,
,
.
(. cookies)
.
, ().
, ,
.
Set-Cookie ,
Cookie. .
,
-
.
.
( ,
)
( ,
), .
,
191
5.2.1.2.1-5.
. :
( , 1.440
Apache PHP ).
(. session
hijacking),
.
, (,
),
. ,
/ .
, ,
(, , .
192
),
/ (
).
5.2.1.2.1-6.
1.1
(. persistent connection),
.
:
3. ,
, ;
4.
;
5. ,
,
;
6.
.
193
1.1 ,
,
.
Connection .
,
.
5.2.1.2.3.
.
SSL ,
(. Transport Layer Security, TLS).
, .
(
, ).
443.
(. Content
Management System, CMS)
, . ,
.
.
(HTTPS) ,
.
5.2.1.3. HTML -
(. Hyper Text Markup Languagem, HTML )
(. markup language).
, .
. :
<u> </u>.
<u> </u> (. tag) .
194
- .
(
)
(. ).
:
.
, , ,
.
(
).
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
.
</body>
</html>
5.2.1.3-1.
.
5.2.1.3-1.
- , / ,
, .
195
5.2.1.4. XML -
(. Extensible Markup Language, XML)
. ,
. XML-
, W3 .
- - XML
- ,
, , .. XML-
. OSI TCP/IP ,
, HTTP
.
, XML-
.
C :
int sabiranje (int a, int b) { return a+b; }
,
.
:
c = sabiranje(2, 3);
XML
(, ):
<naredba>
<pokrenuti>sabiranje</pokrenuti>
<argument tip='int'>2</argument>
<argument tip='int'>3</argument>
</naredba>
, ( , ,
)
XML , C
, ( , . XML )
XML :
196
<odgovor>
<rezultat tip='int'>5</rezultat>
</odgovor>
, XML
. () - XML-RPC,
SOAP WDDX - XML-.
5.2.1.4.1.
XML-RPC (.
Remote Procedure Call, RPC ) XML
HTTP .
:
array - ,
base64 -
boolean -
date/time -
double -
integer -
string - XML
struct -
, XML-RPC
SOAP .
5.2.1.5. SOAP -
SOAP (Service Oriented Arhitecture Protocol Simple Object Access Protocol)
XML (
HTTP ).
, (. Web
services stack)
OSI TCP/IP .
(. Remote Procedure Call, RPC ), SOAP
197
. SOAP XMLRPC
() . SOAP :
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<getStudentData xmlns="http://studenti.unis.local/ws">
<Student_ID>2704</Student_ID>
</getStudentData>
</soap:Body>
</soap:Envelope>
SOAP
.
198
5.2.1.6. WDDX -
(. Web Distributed Data eXchange, WDDX )
XML .
, , , , .
, WDDX
PHP, Ruby, Python, Java, C++, .Net, Flash, Lisp, Haskell ...
WDDX :
<wddxPacket version='1.0'>
<header comment='UNIS'/>
<data>
<struct>
<var name='ID'>
<number>2704</number>
</var>
<var name='Ime'>
<string>Petar</string>
</var>
<var name='Fakultet'>
<array length='2'>
<number>2</number>
<string>FPI</string>
</array>
</var>
</struct>
</data>
</wddxPacket>
WDDX ,
. SOAP
(
WDDX-),
WDDX
. , WDDX
1998. ( XML-RPC)
(Allaire ).
199
1. JSON
JavaScript JSON-,
,
ActionScript, C, C++, C#, Java, Perl, PHP, Python, Ruby , .
5.2.2.
, .
.
200
,
, , ,
, ,
. - (
) -
( ).
5.2.2-1.
. ,
. ,
1996. , (. Apache Web server)
. 1995.
HTTP -
(. National Center for Supercomputing Applications )
. ,
.
201
.
(. Apache Tomcat), Java Servlet JavaServer
Pages (JSP) .
IIS
, iPlanet ( Sun
ONE ), - (. engine x, nginx)
, ( ,
,
).
- lighttpd,
Hiawatha, Jetty, tHTTPd, Zeus .
. , ,
.
5.2.2-2. ()
5.2.2.1.
- ,
.
.
,
202
,
.
, ,
.
.
,
, ,
.
, ,
.
.
5.2.2-1. -
,
.
(. load balancing) .
- - -
.
203
5.2.2-2.
, .
. ,
( , IIS
). ,
, UNIX .
, 2011.
:
1 Datapipe
FreeBSD
00:00:00
0,004%
2 INetU
FreeBSD
00:00:00
0,004%
FreeBSD
00:00:00
0,004%
4 Hosting 4 Less
Linux
00:00:00
0,008%
5 www.logicworks.net
Linux
00:00:00
0,012%
6 www.micfo.com
Linux
00:00:00
0,019%
7 ReliableServers.com
FreeBSD
00:00:00
0,023%
8 aruba.it
00:00:00
0,023%
Linux
00:00:00
0,023%
Linux
00:00:00
0,031%
10 www.qubenet.net
5.2.2-1. 2011.
204
,
,
. ,
(. Active Server Pages, ASP)
IIS .
5.2.3.
. ,
( ) (
).
,
.
.
. ,
,
.
5.2.3-1.
205
. ,
, JavaScript .
.
.
, (
),
.
,
JavaScript .
5.2.4.
- .
-
-. ,
,
.
,
.
.
(. Content Management
System, CMS). ,
,
.
,
.
206
5.2.4-1.
,
:
4. -
,
;
5. -
;
6. -
;
, .
PHP
MySQL
.
, .
, .
207
5.2.4-2.
,
.
208
5.3.
, ,
.
( host-based ),
- .
.
1 2010.
1,88 e , 294
, 107
.
,
.
, , - 89,1
2010. (. spam).
5.3.1.
.
-
:
(. Message Store, MS) .
.
.
(. Message User Agent, MUA)
1
209
.
.
,
.
5.3.1-1.
(. Message Submission Agent, MSA )
,
.
.
(. Post Office
Protocol version 3, POP3)
(. Internet Message Access Protocol, IMAP).
.
.
,
.
5.3.1-2.
(. Webmail).
,
.
(Google Mail, Hotmail, Yahoo),
(Roundcube, Horde/IMP, Squirrel Mail, AtMail ).
5.3.2. ,
(. envelope)
.
, .
.
1.000
, .
211
127 ASCII ,
. ,
.
(.
Multipurpose Internet Mail Extensions, MIME ).
.
.
.
. @.
.
64
255 .
()
.
, ,
, ., _ -.
5.3.2.1. SMTP -
(.
Simple Mail Transfer Protocol, SMTP )
.
,
, TCP.
.
,
.
, .
.
. ,
,
212
.
MAIL FROM: "Adam Jones" <adam@jones.tld>
RCPT TO: "Danny Carrey" <danny@carrey.tld>
DATE: Fri 18 Feb 2005 16:27:01 GMT
SUBJECT: New song
Message-ID: 000a01c76701$b2a25600$f601f0d5@server
DATA
Danny, I believe that two notes would be enugh for entire song.
QUIT
5.3.2-1. SMTP
SMTP
.
()
,
.
5.3.2.2. POP3 -
(. Post Office Protocol version 3, POP3 )
. ,
.
: ,
.
.
.
USER PASS
.
.
,
. :
STAT - ,
;
LIST - ;
213
RETR -
;
DELE -
;
;
RSET - ;
NOOP -
;
QUIT - , .
. ,
.
214
5.4.
()
.
,
-. -
,
,
. -
.
. ,
.
-
- . - Extented
filesysem ( 2, 3 4), Reiserfs, XFS, JFS, Btrfs, NTFS, VFAT, ISO 9660
- .
5.4-1.
.
215
- ,
,
(, ).
- .
-
-
,
.
5.4-2. -
.
( FTP). , -
- (NFS) UNIX .
216
5.4.1. FTP -
(. File Transfer Protokol, FTP)
TCP/IP
. FTP -
.
.
FTP :
FTP :
(, ,
, ) TCP/IP
firewall-.
"" 3.
xy .
FTP
.
md5 .
5.4.1.1. FTP
FTP :
1. .
2. .
. ,
217
FTP (.
) :
1. .
2. FTP
( ).
3. .
FTP-,
FTP-:
1. SFTP (SSH File Transfer Protocol) - FTP SSH (Secure SHell)
.
2. FTPS (File Transfer Protocol over SSL) - FTP SSL TLS
.
5.4.2. NFS - -
- (. Network File System, NFS)
- UNIX .
.
- - .
,
.
5.4.3. CIFS - -
SMB (Server Messages Block) OSI
,
. MS
Windows . SMB
IBM- DOS- "Interrupt 33"
. , SMB-
. 1998.
SMB- CIFS (Common Internet
File System) SMB :
,
, NetBios-.
218
SMB NetBios (
NetBEUI, IPX/SPX NBT ) MS Windows 2000
SMB TCP/IP .
MS Windows , SMB
Unix Samba . ,
, SMB
.
CIFS (Common Internet File System) SMB-
,
SMB- TCP/IP NetBios .
1996. SMB
SMB CIFS. 1.0
CIFS IETF
. NetBios TCP/IP CIFS
DNS .
CIFS
.
219
5.5.
- ,
- ,
,
, .
,
.
.
.
(. Dynamic Host Configuration
Protocol, DHCP).
.
(. Domain Name System, DNS).
5.5.1. DHCP -
(. Dynamic Host
Configuration Protocol, DHCP )
.
:
( ) DHCP
;
(
,
, DNS )
;
220
.
, .
- ,
.
5.5.2. DNS -
(. Domain Name System, DNS)
,
- . DNS-
.
(, , .)
DNS . ,
DNS-
.
DNS-
.
5.5.2.1.
, ( )
.
( ,
www.dir.singidunum.ac.rs 212.62.45.222).
hosts .
,
:
1. N .
2. N N hosts
:
1. 192.168.1.1 1.-
2. 192.168.1.2 2.-
3. 192.168.1.N N.-
221
3. 1: N
hosts
hosts
4. 2: N
hosts
5. 3: N 1 hosts
hosts
DNS- DNS .
,
.
hosts ( hosts
)
1983.
.
#
# hosts This file describes a number of hostnametoaddress
# mappings for the TCP/IP subsystem. It is mostly
# used at boot time, when no name servers are running.
# On small systems, this file can be used instead of a
# "named" name server. Just add the names, addresses
# and any aliases to this file...
#
# By the way, Arnt Gulbrandsen <agulbra@nvg.unit.no> says that 127.0.0.1
# should NEVER be named with the name of the machine.
# It causes problems
# for some (stupid) programs, irc and reputedly talk. :^)
#
# For loopbacking.
127.0.0.1 localhost
192.168.1.1 tool.local tool
# End of hosts.
5.5.2.1-1. hosts
Hosts DNS-.
DNS- .
hosts
222
DNS .
. , DNS .
-
0.0.0.0 ad.doubleclick.net hosts
ad.doubleclick.net.
. , ,
. , DNS .
:
1. X.X.X.X -
www.google.com - Y.Y.Y.Y.
2. X.X.X.X
www.google.com
www.google.com.
3. www.google.com Y.Y.Y.Y
.
4.
hosts : X.X.X.X
www.google.com.
,
www.google.com X.X.X.X Y.Y.Y.Y
.
5.5.2.2.
DNS-
. DNS (. authoritative DNS
nameserver)
DNS -.
(. domain name).
.
dir.singidunum.ac.rs:
(.
223
5.5.2.2-1.
.
DNS
. DNS
.
DNS (. root
servers) -
.
. 13
[A-M]. root-servers.net.
224
-
dir.singidunum.ac.rs rs.
:
1. -
: rs -
, ru - , cn - ;
2. -
: com - , org , edu - ;
3. -
arpa .
,
,
. ,
.
, ,
-,
, .
2011. .
DNS (. resolver).
DNS
.
, .
DNS .
DNS :
1. ( , )
http://www.dir.singidunum.ac.rs/index.php
(http),
(www.dir.singidunum.ac.rs) (/index.php).
2.
.
3. DNS
: "
www.dir.singidunum.ac.rs?"
225
4. DNS
(dir.singidunum.ac.rs)
DNS : " DNS
rs ?"
5. : "147.91.8.6".
6. DNS 147.91.8.6 : " DNS
ac.rs ?".
7. DNS 147.91.8.6 : "147.91.8.21".
8. DNS 147.91.8.21 : "
DNS singidunum.ac.rs?"
9. 147.91.8.21 : "212.62.48.42".
10. DNS 212.62.48.42 : "
DNS dir.singidunum.ac.rs?".
11. 212.62.48.42 : "212.62.45.222".
12. DNS 212.62.45.222 : "
www.dir.singidunum.ac.rs?".
13. 212.62.48.222 : "212.62.45.222"
14. DNS :
" www.dir.singidunum.ac.rs
212.62.45.222".
/index.php. DNS-.
DNS
DNS .
5.5.2.3.
DNS DNS-
. , ,
DNS DNS
.
DNS DNS .
.
226
DNS- DNS
DNS
.
DNS ,
, ,
DNS
.
DNS
-
DNS ,
?
(. Time To Live, TTL)
.
DNS
.
86.400 , .
( DNS )
DNS .
:
Serial: ,
.
227
5.6.
.
.
.
:
.
5.6.1. NTP -
(,
, ) ,
.
,
,
.
:
1. ,
,
2.
3.
.
(. Network Time Protocol, NTP )
.
bash3.1# /usr/sbin/ntpdate ntp.nasa.gov
15 Mar 12:02:46 ntpdate[]: step time server 198.123.30.132 offset 1.914867 sec
bash3.1# /sbin/hwclock systohc
bash3.1#
5.6.1-1.
228
UDP , 123.
NTP
. NTP
1984.
.
2.
NTP NTP
NTP ( ,
ntp.nasa.gov). ,
.
,
,
,
. ,
,
.
bash3.1# cat /sys/devices/system/clocksource/clocksource0/
available_clocksource
current_clocksource
5.6.1-2.
.
( )
.
,
.
http://www.cse.ucsd.edu/users/marzullo
229
5.6.2. SNMP -
. ,
, , ,
. (. Simple
Network Management Protocol)
,
.
SNMP
. SNMP
: SNMP- (.
managed device), SNMP (. Network
Management System, NMS).
SNMP
SNMP .
.
( NMS) SNMP .
SNMP
SNMP NMS
. NMS
SNMP
. SNMP NMS .
, SNMP ,
SNMP NMS.
SNMP
.
SNMP
SNMP-.
230
5.7.
, .
,
, Secure Shell .
X Window System UNIX .
(. Virtual Network Computing, VNC).
5.7.1.
( UNIX ).
-
.
- .
(. )
.
.
.
. (
)
.
231
5.7.2. SSH -
SSH (Secure Shell)
[RFC4251]. UNIX
.
,
.
,
TCP/IP
.
.
.
.
.
.
,
X11 . SSH
, , ,
.
.
.
SSH
() .
SSH .
SSH .
.
.
232
5.7.3. C
C
- DISTCC (Distributed C Compiler).
.
, ,
C .
,
,
.
.
233
5.8.
. ,
, .
.
5.8.1.
.
(. Voice over IP,
VoIP).
( )
.
.
H.323, ITU-T 1996. .
-. H.323
Session Initiation Protocol (SIP)
.
IP
. IP
.
5.8.2.
-
.
.
.
234
.
.
( )
.
.
/ .
.
/ : H.320, .323 MPEG-2.
.
Webcasting.
/ , . /
. -
-
.
235
6.
. ,
,
. ,
-
.
, ,
.
, -
, ,
, .
,
,
. ,
,
, .
.
.
:
1.
.
2.
.
3.
.
4.
236
/ ,
()
.
,
.
.
6.1.
.
()
,
.
- ,
.
6.1.1.
(,
.) .
( )
. .
.
,
.
,
.
RSA
de facto
.
.
,
, .
237
6.1.2.
( ,
.) . (. brute force
attack).
.
6.1.2-1.
,
( ).
( )
.
.
UNIX ,
.
,
( )
( )
/etc/passwd. ,
.
/etc/shadow
.
238
su
.
,
( ) .
.
MS Windows
.
.
PIN . ,
,
.
,
.
.
,
, :
National Security Agency (NSA)
ECC
Secret
128
256
256
Top Secret
256
384
6.1.2-1. NSA
384
ECRYPT
ECC
32
239
tag size
64
816
128
816
128
128
72
1008
144
1008
144
144
80
1248
160
1248
160
160
96
1776
192
1776
192
192
Medium-term protection
Use of 3-key 3DES,
protection from 2008 to 2028
112
2432
244
2432
244
244
Long-term protection
Generic application-independent
recommendation,
protection from 2008 to 2038
128
3248
256
3248
256
256
"Foreseeable future"
Good protection against quantum
computers
256
15424
512
15424
512
512
6.1.2-2. ECRYPT
ECC
2008
1280
160
1280
180
SHA-1*
RIPEND-160
SHA-224
SHA-256
SHA-384
SHA-512
2009
1536
160
1536
180
SHA-1*
RIPEND-160
SHA-224
SHA-256
SHA-384
SHA-512
240
2010
1728
224
2048
224
SHA-1**
RIPEND-160
SHA-224
SHA-256
SHA-384
SHA-512
2011
...
2015
1967
224
2048
224
SHA-224
SHA-256
SHA-384
SHA-512
(*) .
(**)
20 .
6.1.2-3. BSI
(
) .
2 N-1
N .
6.1.2-1. , COPACOBANA
241
,
.
COPACOBANA Bochum
Kiel.
64 . DES
. ,
127 COPACOBANA
. 43
2006.
22.865 Pentium 4 . 2006.
8.980 .
,
,
,
. ,
- .
6.1.3.
(. Man in
the middle attack).
(, .),
.
, ,
() .
.
( )
.
, , .
242
6.1.3-1.
, , ,
.
.
:
PKI , , ,
.
.
.
6.1.4.
(. Denial of Service, DoS)
, , ( ).
( )
.
.
.
. .
. (
)
( )
.
.
6.1.4-1.
243
(. Distributed Denial
of Service, DDoS).
.
6.1.4-2.
( ).
.
,
, .
.
2008.
.
.
:
1. IP
IP TCP
( ).
2.
- TCP
.
3.
.
244
.
. , ,
20. 2008.
. ,
http://mfa.gov.ge
. .
( , , - .).
( ,
.).
6.2.
.
,
. ,
.
:
OSI TCP/IP
. ,
,
.
6.2.1.
.
245
,
.
/
.
6.2.1-1.
,
/. ,
.
6.2.1.1.
.
.
.
.
OpenPGP.
246
OpenPGP
, ,
Radix/64 [RFC 4880]. ,
. OpenPGP
.
,
. ()
, . OpenPGP
:
1. ,
2. OpenPGP ()
,
3. OpenPGP
,
4. OpenPGP
,
5.
,
6.
.
,
.
,
,
.
:
1. ,
2. ,
3.
,
4. ,
5. ,
6.
.
247
OpenPGP .
,
.
:
ID
BZip2
100-110
6.2.1.1-1. OpenPGP
( ):
ID
MD5
SHA-1
RIPE-MD/160
SHA256
SHA384
10
SHA512
11
SHA224
100-110
6.2.1.1-2. OpenPGP
:
ID
0
248
IDEA
3DES (168bit)
Blowfish (128bit)
AES (128bit)
AES (192bit)
AES (256bit)
10
Twofish (256bit)
100-110
6.2.1.1-3. OpenPGP
:
ID
RSA ( )
RSA ( )
RSA ( )
16
Elgamal ( )
17
DSA
18
19
20
21
100-110
6.2.1.1-4. OpenPGP
OpenPGP
() ,
.
.
249
.
64 128,
OpenPGP-CFB .
DSA
3072.
OpenPGP IETF
.
6.2.2.
OSI TCP/IP , ,
.
6.2.2-1.
, TCP
. , TCP
.
, TCP ,
(. ),
250
TCP
(. ).
TLS (. Transport Layer Security). 3.0
SSL (. Seure Sockets Layer) . SSL
( 2.0 )
, Man-in-the-middle .
,
40 .
TLS Record
, TCP .
:
TLS
- .
TLS Handshake . TLS Record
.
-
(. SHA-1).
TLS Record
.
Handshake
251
, (
) .
, ,
. TLS Handshake TLS
Record . TLS
Handshake :
(. RSA, DSA .).
, .
TLS .
:
-
.
-
TLS
.
-
.
.
-
TLS
.
. ,
.
TLS
.
TLS , .
,
252
.
.
6.2.2.1.1. TLS-
TLS
( TLS Record ),
, . TLS
Handshake
:
4. -
,
5. - X509v3
,
6. -
,
7. - ,
,
,
8. master secret - 48 ,
9. .
, TLS Record ,
. , ,
.
Change Cipher Spec ,
.
( ).
, ,
. ,
, TLS
Record , .
Change Cipher Spec
,
.
253
Alert TLS
.
,
. Alert
:
-
.
.
,
, .
.
-
,
, .
.
:
bad_record_mac,
decryption_failed_RESERVED, record_overflow, decompression_failure,
handshake_failure,
no_certificate_RESERVED,
bad_certificate,
unsupported_certificate,
certificate_revoked,
certificate_expired,
certificate_unknown, illegal_parameter, unknown_ca, access_denied,
decode_error,
decrypt_error,
export_restriction_RESERVED,
protocol_version, insufficient_security, internal_error, user_canceled,
no_renegotiation, unsupported_extension .
RFC TLS
.
TLS Handshake
, - ,
, , master secret .
:
1. hello , ()
, .
2.
premaster secret .
3.
.
254
TLS Record
,
TLS Handshake .
master secret
:
MAC
master secret
.
6.2.2.1.3.
TLS Record
, master secret ,
() .
, ,
,
. , master secret ,
. .
255
master secret pre master secret .
pre master secret
master secret . master secret
:
1. master secret
2. ()
3. ()
RSA ,
master secret :
1. pre master secret 48 .
2. pre master secret
.
3. pre master secret .
4. master secret pre master
secret .
Diffie-Hellman ,
pre master secret . ,
, . Diffie-Hellman
. pre master secret master
secret .
6.2.2.1.4. TLS
TLS .
: GnuTLS , OpenSSL NSS.
yaSSL.
GnuTLS
LGPLv2.1+ .
( Free Software Foundation).
: SSL 3.0, SSL
3.0, TLS 1.0, TLS 1.1, TLS 1.2. 2.0 SSL
.
UNIX , MS Windows
.
256
OpenSSL , OpenSSL ,
SSLeay ,
Cryptosft. OpenSSL
, Apache ,
SSLeay .
NSS (Network Security Services)
SSL TLS , PKCS#5, PKCS#7, PKCS#11, PKCS#12,
S/MIME, X.509v3 ,
.
Netscape SSL .
AOL, Red Hat, Sun
Microsystems, Google ,
Mozilla.
PKCS#11 .
Smart
.
RSA, DSA, ECDSA, Diffie-Hellman, EC Diffie-Hellman, AES, Triple DES, DES, RC2, RC4,
SHA-1, SHA-256, SHA-384, SHA-512, MD2, MD5, HMAC
.
yaSSL .
GPL ,
. SSL/TLS
MySQL .
, ,
, .
( GnuTLS
2.8, OpenSSL 0.9.8, NSS 3.12.4, yaSSL 1.9.6). 2 SSL
, ,
.
SSL 2.0
SSL 3.0
TLS 1.0
TLS 1.1
TLS 1.2
GnuTLS
OpenSSL
257
NSS
yaSSL
6.2.2.1.4-1.
Anon
RSA
RSA
RSA
expor
t
DHE
RSA
DHE
DSS
SRP
DSS
SRP
RSA
SRP
PSK
DHE
PSK
ECC
GnuTLS
OpenS
SL
NSS
yaSSL
6.2.2.1.4-2.
3DES
CBC
RC4 40
CBC
RC2 40
CBC
Cammeli
a
GnuTLS
OpenSSL
NSS
yaSSL
6.2.2.1.4-3.
ZLIB
LZO
GnuTLS
OpenSSL
NSS
yaSSL
6.2.2.1.4-4.
258
OpenPGP
SRP
PSK
TLS/IA
Supp.
data
RFC 5077
RFC 5705
GnuTLS
OpenSSL
NSS
yaSSL
6.2.2.1.4-5.
6.2.3.
OSI
. :
,
.
6.2.3-1.
259
- ,
.
Internet Protocol Security.
6.2.3.1-1. IPsec
IPsec
, , ,
, ,
. IPsec :
.
IPsec IETF . IPsec
ISO NLSP (Network Layer Security
Protocol) SP3 ,
NIST
(NSA). IPsec
.
260
6.2.3.1-2. IPsec
IPsec
(SSL, TLS...) OSI
TCP/IP .
.
IPsec
IP .
RFC .
IPsec
,
.
261
6.2.3.1.1.
IPsec
: .
IP .
6.2.3.1.1-1.
IP IP
IP .
(. Network Address
Translation) (. Virtual Private
Network).
6.2.3.1.1-2.
IPsec,
, ,
262
,
.
6.2.3.1.2. Authentication Header
6.2.3.1.2-1. AH
263
AH ESP
ESP
IP ,
( ). IP
AH IPsec
.
6.2.3.1.2-2. AH
AH 24 . Next Header.
.
AH
264
IP , IP
NAT .
IP Next Header
4. Next Header
6. IPsec
NAT-Traversal NAT
.
SPI (Security Parameters Index) 32 .
.
Sequence Number reply . Authentication
Data HMAC (hash message authentication data) 96 .
(
) IP .
265
6.2.3.1.3-1. ESP
ESP
. ESP
IP IPsec
. , ESP ,
(, )
reply .
ESP .
,
( ESP AH
266
). ,
.
6.2.3.1.3-2. ESP
.
ESP reply .
. SPI
ESP . 0
.
Sequence Number , , 32
.
reply . 0
.
ESP Payload,
.
(. .).
6.2.3.1.4. IPsec
IPsec de facto
IP ,
, , .
(ISAKMP/IKE) .
IPsec
.
IPsec
2.6.
FreeS/WAN, Openswan
strongSwan
.
IPsec
2000. . ,
Windows Vista, Windows Server 2008, Windows Server 2003, Windows XP,
Windows 2000. , IPsec Active
Directory .
BSD (FreeBSD, NetBSD, OpenBSD)
KAME . Mac OS X
. OpenBSD NRL (United States Naval
Research Laboratory) , ,
.
268
Cisco IOS
. IBM (AIX, z/OS)
. Solaris, Sun,
.
KAME
KAME
IPsec
BSD Unix . 1998.
7. 2005.
2006. .
, Karigome.
:
6.
7.
8.
9.
10.
11.
12.
13.
14.
2.5.47 IPsec
. ,
. , , 2002.
IPsec
2.6.
6.2.3.1.4-1. IPsec
IPsec
:
1. ,
2. ( )
3. (GPL).
,
( 1).
(
) .
, ,
.
. , netfilter
iptables .
, , IPsec
,
270
. ,
, C. C,
,
.
,
.
6.2.3.1.5. Internet Key Exchange
IKE (. Internet Key Exchange) IPsec
( ,
. Security Associations, SA). 2
(IKEv2).
IKE .
ESP AH , ,
.
IKE - .
(. exchange).
-
. IKE
(IKE_SA_INIT)
, Diffie-Hellman .
(IKE_AUTH) ,
.
IKE
( ESP, AH)
.
() .
(.
).
IKE
, .
.
,
.
rekeying.
,
.
6.2.4.
.
.
, ,
.
.
,
.
( ) (
).
().
.
( ) (
). .
272
6.2.4-1.
, (
)
.
,
.
,
,
/ .
TCP/IP
.
:
273
1.
TCP/IP
. ,
.
2.
statefull .
.
(. )
(.
).
.
3.
. y
.
.
.
.
.
.
.
6.2.5.
,
(. Intrusion Prevention System, IPS )
274
()
( )
.
, IPS
(Host based IPS, HIPS) (Network based IPS, NIPS).
,
. ,
, .
,
. .
(. )
.
( ,
)
.
(. Intrusion Detection System, IDS )
,
. IDS
.
. IDS
. IDS IDS
, ,
. , IDS
.
275
6.3.
:
.
( ) .
.
.
AES, DES, RC4
Blowfish.
.
,
,
. .
n-1 (n
).
.
1976.
.
. ,
e ( ) d ( ).
.
. ,
,
.
.
-
RSA .
(, ). ,
,
.
276
DES
S ,
NSA .
.
3DES .
278
6.3.3. RSA
RSA ,
( Rivest-Shamir-Adleman).
, ,
.
RSA -
. -
. RSA :
( ),
- , , CRT (Chinese Remainder
Theorem) , CRT , CRT , i-
, i- CRT , i- CRT .
RSA .
, ,
.
,
,
.
279
6.4.
,
.
:
1. ,
2.
3. .
, . ,
,
.
2004. CSO
CERT-,
.
.
.
2009.
.
,
2009.
. .
, ,
.
.
280
. ,
OSI TCP/IP
.
.
281
Davidson J., Peters J.: "Voice over IP Fundamentals", Cisco Press, 2000.
Leiner B., Cerf V., Clark D., Kahn R., Kleinrock L., Lynch D., Postel J.,
Roberts L., Wolff S.: "A Brief History of the Internet", Internet Society, 2002.
Stevens R.: "TCP/IP Illustrated, vol. 1", Addison-Wesley Longman, Inc., 1999.
Robin Burk, David B Horvath, CCP i drugi, Unix do kraja, izdanje za sistem
administratora, Kompjuter biblioteka, 1999.
David Barnett, David Groth, Jim McBee: Cabling: The Complete Guide to
Network Wiring, Sybex, 2004.
Lydia Parziale, David T. Britt, Chuck Davis, Jason Forrester, Wei Liu, Carolyn
Matthews, Nicolas Rosselot: TCP/IP Tutorial and Technical Overview, IBM
2006.
282
7. I -
UNIX
, . UNIX
( Slackware
). :
.
. ,
.
, OSI
. ( PPP, TCP, IP...)
. (SMB, HTTP, FTP)
( ).
. ,
.
.
MS Windows
.
7.1.1.
/etc/HOSTNAME - .
283
/etc/resolv.conf - :
DNS
localhost
127.0.0.0
lokalnamreza 192.168.1.0
7.1.2.
ifport -
() .
ifconfig - .
. ,
, broadcast, .
284
route - .
.
usernetctl -
.
arp - ARP .
7.1.3.
ping - ICMP echo request
echo reply. ping echo reply
:
Ping
.
traceroute - ping
, traceroute
.
.
host, nslookup, dig - DNS .
( )
(. ). dig
host .
nstat -
.
SNMP daemon-. /proc/net/snmp .
netstat - /proc/net
nstat . Netstat
,
, routing .
snmp - SNMP (snmpget, snmpnext...)
SNMP. , snmp
daemon SNMP .
285
tcpdump - sniffer-,
.
tcpdump
.
7.1.4. Dial-Up
pppd - daemon
.
DialUp-.
sliplogin - pppd
SLIP PPP .
diald -
Dial-Up .
7.1.5.
inetd tcpd - inetd
/etc/inetd.conf
. , inetd
() tcpd /etc/hosts.allow
/etc/hosts.deny IP
.
, inetd
(ftpd, telnetd...). tcpd
firewall
tcpdchk tcpdmatch - / etc/hosts.allow
/etc/hosts.deny . tcpdchk
. tcpdmatch
daemon/ , ,
.
sendmail - sendmail MTA UNIX
.
qmail postfix.
ssh - Secure Shell (SSH) UNIX .
ssh sshd
.
286
7.1.6. (ifconfig)
(
) ().
,
, ifconfig.
.
C :
: 192.168.1.0
: 255.255.255.0
Gateway: 192.168.1.1
: 192.168.1.10
ifconfig :
ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255
ifconfig :
bash# ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:25:AA:0E:59
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:132492645 errors:0 dropped:0 overruns:0 frame:0
TX packets:154256707 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:32797966 (31.2 Mb) TX bytes:1679866715 (1602.0 Mb)
Base address:0x2000 Memory:d0120000-d0140000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:3240825 errors:0 dropped:0 overruns:0 frame:0
TX packets:3240825 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2704771622 (2579.4 Mb) TX bytes:2704771622 (2579.4 Mb)
ifconfig gateway ,
287
route:
/sbin/route add default gw 192.168.1.1 metric 1
.
10 up down :
ifconfig eth0 down && sleep 600 && ifconfig eth0 up
,
, gateway- .
288
8. II -
.
8.1.
8.1.1.
:
01000001001000000010111101000001
10101101001100110011001001111101
00101000001100001101010101001110
11000100110100110101000101000111
11011100111111001110001000111011
8.1.2.
:
55.35.108.251
17.144.31.124
154.250.210.69
216.222.117.32
171.67.203.240
194.35.19.238
176.160.153.144
177.122.22.200
38.137.109.67
7.31.65.35
8.1.3.
:
158.58.66.195/16
211.83.131.189/10
234.182.152.159/20
156.20.9.106/17
80.192.90.239/22
289
8.1.4.
:
255.255.224.0
255.255.255.128
255.255.192.0
255.255.254.0
255.255.255.240
255.255.255.0
255.255.255.248
255.255.248.0
255.255.255.192
255.255.252.0
8.1.5.
:
242.151.184.226/30
95.247.184.153/30
204.14.100.245/30
88.164.168.73/30
125.71.7.118/30
167.163.146.163/30
15.226.239.51/30
233.86.212.60/30
151.218.200.101/30
135.187.4.129/30
8.1.6.
:
1
135.113.217.108
2
135.113.216.84
255.255.255.0
100.40.128.21
218.134.163.120
100.40.128.24
218.134.165.16
255.255.255.192
255.255.248.0
171.139.237.44
165.225.14.143
171.139.239.158
165.224.202.143
255.255.240.0
255.255.0.0
290
8.1.7.
206.227.220.0/24.
.
.
..
73
22
10
13
6
8.2.
8.2.1.
:
01000001001000000010111101000001
10101101001100110011001001111101
65.32.47.65
173.51.50.125
00101000001100001101010101001110
11000100110100110101000101000111
40.48.213.78
196.211.81.71
11011100111111001110001000111011
220.252.226.59
8.2.2.
:
55.35.108.251
17.144.31.124
154.250.210.69
216.222.117.32
B
C
171.67.203.240
194.35.19.238
B
C
176.160.153.144
177.122.22.200
B
B
38.137.109.67
7.31.65.35
A
A
291
8.2.3.
:
158.58.66.195/16
158.58.0.0
158.58.255.255
211.83.131.189/10
234.182.152.159/20
211.64.0.0
234.182.144.0
211.127.255.255
234.182.159.255
156.20.9.106/17
80.192.90.239/22
156.20.0.0
80.192.88.0
156.20.127.255
80.192.91.255
8.2.4.
:
255.255.224.0
8190
255.255.192.0
16382
255.255.255.128
255.255.255.240
126
14
255.255.254.0
255.255.255.248
510
6
255.255.255.0
255.255.255.192
254
62
255.255.248.0
255.255.252.0
2046
1022
8.2.5.
:
242.151.184.226/30
204.14.100.245/30
95.247.184.153/30
125.71.7.118/30
88.164.168.73/30
15.226.239.51/30
167.163.146.163/30
151.218.200.101/30
233.86.212.60/30
135.187.4.129/30
292
8.2.6.
:
1
135.113.217.108
2
135.113.216.84
255.255.255.0
100.40.128.21
218.134.163.120
100.40.128.24
218.134.165.16
255.255.255.192
255.255.248.0
171.139.237.44
165.225.14.143
171.139.239.158
165.224.202.143
255.255.240.0
255.255.0.0
8.2.7.
206.227.220.0/24.
.
.
..
73
22
206.227.220.0 255.255.255.128
206.227.220.128 255.255.255.224
206.227.220.127
206.227.220.159
10
13
206.227.220.160 255.255.255.240
206.227.220.176 255.255.255.240
206.227.220.175
206.227.220.191
206.227.220.192 255.255.255.248
206.227.220.199
293