TCP Ip

-
.... lsao lns S08wa
lill:S:UtJ
• nfil1nnl'J'Vhnw'llD-J11.1'J1V1l"1flfl TCP/IP, UDP, ICMP, ARP LLfil~~'W1 • ~~€lfl'W~mmLne],1111m ,
1-nhaJ~ -
Network & Port scan,
Fragmented Packet, DoS / DDoS, Trojan / BackOrifice, etc.

• 'J~1JlJ{I1';id'V<;)1Jn1'JlJfi1n (Intrusion Detection System - IDS)
"
• n1';iU1lJ~-J1~1JlJiJD-Jn'W~htJ1yJ{dDfil~
,,
(Firewall) bbfil~ Router
itO ..
iiiJ U D iJi)Iu sIn n iJa II a :5id iJi) liu
ISiJiJlns
s"aUla
liJl:S:UU TCP/IP
b1il\llm Project Editor lAti
1\1~'V'l1il al.JbrhJ'J~ ~\lb1il\l~(;11 , hl'ili'W .;l1r'(;1
b~l.J'Vl1'V'lii
a,rJ'wm'1J~'Vl~(;11l.J'V'l1:::'il'1JU'l!~&i~'1J~'Vl~ ViI."!. 25371(;1tJ1J~';'Vl 'I11l.J~Dm~1.J'W Vhfllb'Wl oEflN ~~Jl fi:!.J~l'lf\lii 'Jl1'11 : 'VI1mhmDnal1
13J':h 1'W11.l J1J 1(;11 'Wiln"nn"l:::1Ill1'1Jfl'WqJll'l biJ'W1illtJ~n'I::m15m~1liJln'Vll\11J~';'Vlbv11,x'W m
"
wi u1il::: 'VI:!.Jl1.J bl'l~il\l n1'J~

1: 2951J1'Vl
ll1il\l1~Bl\1
13J111ih'W1(;1~1'W'VIit\l'1Jfl\l'VIU\lam~l.Ji1
0\1 biJ'W'1Jfl\l1J~';'Vl,x'W 1
~.
b1fl\llm
f\l~'V'l1il 2544, 288 'VI'lh I. .:EDb~D-.l.
b"ll:::'J:::1J1JTCP/IP.-- m\lb'VlW't 1tJ'Jli'W, 1. hh1MI'lD1il'lh1.J\ll'WI'I~l.JVllbMfl~ 004.62 ISBN: 974-7822-679
iiilUiJl'luililiJlln laUlJiJil [USlUU
luII uUiJiJulau1cin
www.thai.com/provision
amiufi iJllmau
... ~(;1~\l'Vll\lltJ1BrlhJ 1tin~j~(;1!ii\l~nitiMf)'W ... 1'1Jilj:::b~ti~ltJUMjbAj~~ ... lill'ljlAlfibI'lH'Vlm~l.J , 'W1I'il~(;1!ii\l 1(;1tJ'OJ:::~D~11.J1N~n'Wnj:::~'Vlnfl~l\1~ ... 1J11'OJi1uvlmblil :::~(;1 i.'1'\liil'W~h)~I\1VltiVl tl'W 1~l.Jll'l1=il'W f
--
D' nil' lin liiuui
b ~B\l'lJB\lL1.ld bVlr1B~
TCP liP
u ~:':S'WbVl 1 b VlbU '111'11 VilJi'1Jr111lJ~'W BU 'W B bb[;Jn~uin:JJl,nmrn~

...
hntw
~h\lnl1\l'lJl1\l 1nnT'J it\l
:i1",tT\lffB-;jl'W1tUJ1nBfilJ1£Jfi\lnTl1o]ju~n1d~1\l1 Yll\ll'W'lJB\ld:':lJU nl~\ln~l
b~1:.:~n~\l1tlfi\ln~
bb~:':~\li1B £J~\l1tlB nvi~:':'WVlfi\l1 'Wu-im dVlu ~'nl!llr111l-ltl~
'"
BVln tI'lJe-neuu
U dJ'Wb~f)\l~:i1U'VlUl'Vldl~ru';'WlJlf)cil\lb~
VU1
~ruBl~
''"
1~1111 'Wbb~~ :;1'W,j\Jd:':UU
b UVlbifn'I!B\l~\lB\l~mbBn'1!'Wbb~:':'\-4'l.h£J\ll'Wdl'1!n1d di111.lih\lr111l-J~U ltlul\1
1'W1.l'l":':b'Vlrl1 nunn unn bnf)1~lnlJl-l1V1'llf)\l
"
Ien
hl-J&i
lJl\lViil1~b ~£J\lbojh11.Jdldl~~l'11\I11nB'W
"'~El ~\I bBl-ii1m~ 1tl1t1l1V1t1~:.: n "'~BU1\1Vi 1'1 rum~ 1Jiu'Wvi1.ld:':b Vll 'Vlrll-J111rll'Wl'l b ~l-J1.ld:': f)\lfh&'\ln'W ~
"
n~l1ff)\lmd~:.:lJin~Ul-ll
"
b'W~\ll'1dllJ 1'1!bU[)1 LVl£J biJVlQlnlin1m-iil11.llb111'll-ii[)~~ c;il\1~lrJc;il\l ~~\l1
b'Wb 1'1!'I'l'llB\lc:J1UVld\l-iillJbU'Wl1b~'W ~\l1vi iu
iHh:.:uu LL~:':br1~B\l1i1 bl'1~B\l;JBiJB\ln'W~'I1'W ~aru 1:JJbL~m1j'jviHitld:,:r1Vl1.Jd:':"'ldn'W ,

~:.:1~i'lnBcib 'Wfll11'Wvi ~\lJ'WL~fl\l'1Jf)\l
bLfllLUVl b'~Hn'lIB\l Ldlvi[;JBnUS'WbVlBfb Ui'lbVlUl~:i1B:.:1 diJB\ln'Wb~U~:':
L",:nB'WnmJn11.J~\lB~lIld\l"'i11bb~mnf)fb~Ul1ifl? L~'W 1"'~B 1n~ ~lBn\iiB 1tl
Network Security ~\l1:JJ1'lib~B\l
"
bLc;i bum ~B\lviJif)\l bM1UlJrl1llJ'W1Bmb~:': 1lj~11lJfl'W h n'WBcil\1"V~\I~\l... b Ui'l b ifmb~:.:n1'l&mnd-iifll-l~
l1"J\lff~]'ddJ'W ril'WWL1\1b'W'1!Vl'lJB\l~T'n'Vll\lJil'W , dlWrUNvi~'W JlmL~drML"'W 1\l n1d
...
ojj\l b ",l-Jl:':
"
h",iBAnHlli1'l'W,1[liWMd\l
Ll~b 'W'lJru:.:b~U1n'W11bo]jmMl Lb~:.:mdBrhJ1U
1 bblJUYi 'Wd1.l
"
L~U\I~ B~N~'W h"tl11.l~:.:~nBlli1'lrJM'W
hVil 'W1.ld:': 'Vlrl1'VlU'Wf)~lJrl1d L
"
bB\l1(ii~h u ~\l'VI1\111~ :':bU'W1.ld:': bU'litibLn
_- - ._ In8]nUIUIU8U
..
IsaiJlns siJilwa
rilb ~~nT~Am~11r1'm'J'n-lA1G'l[fJ{:IJ'VIllJru"{;l ~lnrlru::::1rl1m'J:lJA1G'l[fJ{ Li'mlJ'Wb'Vlrl1'W
1~v
iJ
m::::~mJ bn~lb<ijlrlru'Vl'VI1'J~1(;lm::::1J\I ,
ihh::::G'lUnT'Hu1 'tJnld'V1'l\11'U'Vll\1~h'U 1flYim[fJ~eJ(;l~\llbvi 1l1bbrl~ l1U1nl'J~hJL\Ilfl1b
1991 i1~~U'UbU'U~U~'VI1'l'Vl'th~\ll'Ucl11'U1"l11:lJU~eJ{;lJl~
Q.o
U{;ldl~ 1'V1q!'lJD\I
Ud::::b'VI1'!1'V1fJ i1Ud::::Li'Unldru1 'UnldN~runtJnl'lUn'ln'VIn'lUbb1J1Ji\l~ln 'I ., "I SJ

e-
1'UU'l::::b 'VIfHb~::::vil\1U'l::::b 'VII'! ~ El(;lJlfJ1'U
[fJ El{;l"V'W~ ~ l'Wnl'JN n DUl:lJ El~1\1 bU'W'VI1\1 nl'J"V 1 n G'lmlJ'U~1.rfJ bb~::': mn b~fJl ntJrll1:lJU A d::::tJUrlD:IJ~lb\llDdbbt'l::::b'U(IIb m'VILi'lrlru'lJfl\lLi''VI'J~m:IJ'lnl T
Q
4€',o::{
0)
Q..'
v....
eJ1'V1b'1!'W
.."..
• • • • •
The SANS Institute (System Administration
Network Security) (www.sans.org)
ISACA (Information Systems Audit and Control Association) (www.isaca.org) ISS (Internet Security System Corp.) NFR (Network Flight Recorder) Foundstone Corporation
n.o u\l1cl1fu U d::::rn Ail ~lJ\Il 'lftJ 'lEl\l D ~1\1 bU'U
'U e n~l 'VIl\lnl'l~ln
Global Information Assurance Certification 1'U Intrusion Analyst (GCIA) .£\lbu'Un1'lftJ'lD\l

::::V!nl'JU mn us ::::JltJl"I ,, ,nl"ll'-.11'U,:.:tJtJl"I D:lJVll b\llD1
~1'W:::: Certified
til1'V1'hJ'u n1 brl'll
bb~::':fl'Ub\llEl{b U>'I iJ"V"VU'UU\l1"I\l n1!1 1 f1'W A rll11 'U1'1!lnl'J'VI1\l!ii1'W.o ,
Denial of Service
14
17 17
an'Hw::::vf.11.1"l.1£J..:Jn -a DoS Wliln-a::::1'llJ,nnnTa-un 1'¥3J~ l'J113J~'iI£J\JnT'al'¥3J~ nT~ 1ii..:llUYl-r1llI'Jlnd'luii1aJ,'i'lV..:IlIIfl(ljfJnldlJ'rnd
18 18
m •.•
unit
2 S:UUQS)i)iiUA"SI!,n~n (Int.rusion Detection S;ysteltilJ}I •.•.••.•.• A~~~.~"'''

n'¥n-a-a3JlJUb
23
Ugj L~in
(Information) (Control Signal)
23 24
iiflf'iU,YlI'l
ff'!,!'!,!lruI'11lJ~:IJ uu.f1 i£J~"l.IOl\Jn -a1i 10S
25 27 28
28 29 29
3J?'i~YlU!iPU'ilOl..:J IDS
rndl'1eJuG'lufl..:lVluViVIu 11'1 rndii~lUfldl~~"lJi'J..:Irndlbfl-al:;'I1 rnd"lh I'J IIldd'lf'ii'JlJiiflLlnj/ll1~N"lJfl..:l-:i:;lJlJiJEl-Jnuiiu ']
iiOlLSlI'il0l..:Jn'l-a1ii IDS nl-:iiSl:::d'11?1f111:IJblJu~hu1,!fll"liSl

nld>'lflU 1~5Iilluifi?i nldbfiflUifl'J NI?1'J111"llil
-
30
30 30 31
uon'
3 Ol'u1ltJ~a~,U.n:Hln:UJTCPIIP ",'" ..' ..•~.,.,." •

n -aLblN'tiU (Layering)
TCP/IP Layering Internet Address
.. ~
...
..J:
~ ,.. ~.•......•••.•
u •••••• .n.,•••••~ n ; ••••.
33
34
35 36 37 39 40 40
Encapsulation Oumultiplexing Port Number Reserved Port
IP Header IP Routing
42 .45
~tJmruvnoii1ubi1l1lb".l{n Vllilnmd'j/'j'W!il'W'1Jfl-J IP Routing

Subnet Addressing Subnet Mask
~ ..t
45
46 49 51 52
IP Address
1Un"5W'WbAl:t
Ethernet
bblil:t: IEEE Encapsulation
54 56
ARP Cache ARP Packet ARP Reply : ARP i\'lJfl ..n:IJlltilEl~i1v'JJEI\'l : IP Format.
56 58 58
ICMP Encapsulation ICMP Message Type
61 62 63
n'1"5t-ii,,'lu'JJ£)\'l
ICMP
UDP Header UDP Checksum
66 67 68
'JJU.,~'JJ£l\'l UDP Datagram
tCP :
Transmission Control Protocol .~ ,.., ~.,.,., ,•., ...•....

Establishment Termination UIiI:::Termination
,..•.,.,., ..,69
69 71 74 76 78
TCP Services TCP Header Connection Connection
TCP Half-Close
...tg unn Qllllul'DyaollfPit ~etS"ffe r "lL~~~~~~"'~,,"~~"'''''"'''''''''''I!o~''I!I'''I!i~I!!'~I!I~~~''IIJ~~IIJ''''lLI!l.IIJ~IIJIIJ''~.~1IJ~1Ii"""'''lL1II ac .. ftl· ....19

-0. L .•
£h:ifill"5:::nalJ'JJa\'laulllblllEl~ n'l'fri'l\'l'lu'JJa\'laillllblllEl~ n'l.l.Ja\'lm..!n'l"5~n1iln'ol'lu'JJai!,!1iI n'l"51<il'1l"5:::1vtlu·r,nnaillllblllEl.'j

_'1 ~ ~...
80
82
'f
b~~RUWbllla"5
..
85 86
l111'l1P1fl£l1il TCP/IP
89
"l1J-allPlflflei UDP ttJ-allPlflflei ICMP
90 91
-ii'i1Un'l'll":iE..:l'ilE..:lTCP/IP '111~niillnfiTwI'l11:wtJiilEll>1ilV n1".iIilElufU L1J'Wa-JV11N1:1J1".i(l1'l1~'VI:w1 ulfi fl1".i~ElUrurhm.Jl>11 "Jl:J.iI'l,Elul'l~:w'Vlnb~EI'W 1'll n1':ltI1~rua)JiJgj'ila..:l W1".id'VLi:JTVIl-J1U m,riElfld'Wfl1".i'Yl1-J1'W'llehldJ1'V1:W1V Stimulus & Response 'lID..:lLbllia::ttJ':ill11f1flQ Stimulus & Response ltJl1i\l1'W
94 94 95 96 97 97 98 99 99 101 102
TCP stimulus UDP Stimulus ICMP Stimulus
- Response - Response - Response
'l'llfI~lPl'll.l\I TCP/IP n1':iLDIPl'l'llfl~I1I (l1':iU~'I'IIfl{11I 'I'IIeyj\llV1L1)~ 111l>1vl:J.i~\lh 'V'JEl1'Iil'llf].,j'~u1JtJliiJ~n1".i 'V'JEl1'I'IViLUlPlbLU1JQl-J 'I'IIa{liliil'ulil':l1l1
106 106 109 109 110 110 111 Horse) 111 111 113 114
i111'l'l".i~'W (Trojan
rrrs
.rt
lVV 'Il''lIi1~1il'''1:1il'l'\lfl':lI1lL'I'\IflL'''1::':i::::1J1J
..;
bbUI'lElEl1~"1l (Back Orifice) 'VI1E1bbUI'lVlEl{ (BackDoor)
fi1':i::i bl'l':i1::::l1LLWn bilflllPlllW~1':lru1'1'11i1{I1I«t;;
IP Address IP Address IP Address I"1d )Ja'~qJ'lIfl\l
(l':iruWbffH fl1'V1wl'l'\l':ib'l'flbutl1b::i{n tia\l'lul-:r IP Address luLb,,~:l.Jl"1d1:I.JtJlilfllPl.nll
118 120 123 123
MTU (Maximum Path MTU Fragmentation
Transmission
Unit)
126 127 129 129 130 132 134 135
"lru"mu&1'llfl-JLLvJ".inbl-J'W~ c1I1flV1\ln1".ibLvJ,nb:W'W~ Fragmentation Stateful Don't and Security
Inspection
Fragment
.,~
.'
.'
.,>,~"
~ .
"
-----
.. , ---
!Ir~ ~~ ~ -------"
------~
--
una 15 i\1S1iUUlftllllUiut1Ul
n1':iS1';r1VtUAL!j1n
OteCOlrlnaIISslInce)m .•.•••••
Li31n
131
138 138
............•..•...•.............•...................................................................................•
<jlu·m1m'lWi.;;jii€l~tULil~
.................................................................................................. 138 (ifl€l~h..JnTj""lbml:::Vi.......................... n1':iSI':iJ'~ . 138 140 . . . . .. . 141 141 142 142
l~R91
nl'l"«bbn'lJ'I'l€l1(P1 m ";i«bbnuoii ell;:!~d:::l.i u m v.I R LI'I-TIU fll;:!~"'j :::UUtJ:!.l u&\ m 'l" TCP Sequence to
rn "'j,Hb nuoii
nT'JiilrnJCll:!.J
nT'~ST';jJV b ,;vEl'l'l1bbEl'l'l'l'laLIPI;rUb'il'l'l1::: fll'j"l"J'VI1 bLi'Jv.lv.lRLA'l1Ub\Jv.ll:::b"Jl:::"J-J nl'l"g;i1'l'l'\'l'll hJ'l"b\m:!.JLLUAB€l~iN'lJ'l1~€lbbUl'll'lfJ{
143
143 143
Individual Broadcast Subnet Address
Host Ping (Ping Sweep) Ping Ping
147 149 151 153 154 156 157 159
Broadcast
Mask Request
UDP Echo Service Trace route
llund I
offU(PIBUnT'Jvll-.:11'W'lJ€l\l1tJ'l"Lbn'l":!.J Trace route

nTj"'ii"J:I,IJl~1J.Nm'1':is'1'ii'l"'b-ih~bHllu
1~1 allnUWilSI TC.P•..•.•.,

1fi
!jij Connect Request
,.,•.•.,.~•.,••.,•..•.••• ~••~
~.~.~.~~ •••~
~.,
,.161
161 162 164 165
fl'l'13.JS'1f1Q,!1leJ..:In1':iRbbnU'I'IeJ,!jA
SYN Scan iilbbnUv.lfJ1(P1b~E1'{j'i11!liil!i9d:hl13J1!.J:j:jbbfJv.lv.lRbfl'1i''Wfl:::hfJ~iJ1\l

iii bbnUv.lfJ1(P1 bvJ€l~u'il1m'll(l'liJl\l1'WLi1~bi3{n:iJ
bbfJv.lv.lR ,1'l'1i''U-vi~iiI"n'Wa'W
1"1
165 166 168 169 169
1fi 1fi
!jij !jfi
FIN SCAN SYN/FIN Scan Xmas Scan Null Scan (Concealment Technique)
b'VIf'luf'lmio''I'I':i'1..:1n1':iRbbnU
170 171 173
Tiny Fragmented Packets Scanning with decoy address
Basic
UDP Scanning
176 178
Trace Route Scan
unn
19 auounu,:uuI.lUuoms (OS DetermiJnation

Impossible TCP Flags fill OS Fingerprint " Queso Scan Nmap Scan " "" .."" "
Scan)
" " .." "
~."
"
,.n
~ ,.,.,.,~ •• •••~~~ "." .." ""
119
181 183 185
unn
20 Denial of: Servic,es Atla,ck

Anomalous Packet " ""."" " " .." " " Ping Flood Attack SVN Flood Attack Land Attack .."."."." " " """"""
,.,
"" ,, " "" .."."." " " "
,..,
".""
,
"" .."" "
, 189
190 "" ..191
" ..""."" ..""
"
"." .." .."
"".""
"
"
"
193 196
trmetru:::m, h:w&i
Teardrop Attack " " " " "."" .."" " " " " " " " " " "
196
198 199
Smurf Attack
anl--lru:::"lJlh'lm,1'l:IJei
Ping Of Death Attack Tribe Flood Network " Diagnostic Port Attack " .." "." " " " "" .." " " " " " " " " " " " " " " " "
200
202 204 207
m,l-7iu:::im'
trnl--lru:::nl,1'l:w&i
UDP Bomb ICMP Source Quench Attack Winfreeze Fragmented IGMP Attack Attack " " " " " " " " " " " "" " " " " " " " " " "" " " "" "" " " " " " " " "
207 208
211 ".213 214 ".216 217 "" ..".219
ICMP Timestamp Jolt " "
unn~21
IP Address Sp,oQ.fing;
IP Duplicating Active " " " IP spoofing "
"""
" "
~
"."." " " " " "
'.'.,
" " " "."" " " "
,'" ..•..•..•.. 221'

" " ".,,222 223 ".""" ..225 .. .. 226
Initial Sequence Number Remote IP Address

J ."'l
Prediction
spoofing
-=~ .... l!.rr"'1I~ ~. ~ urm 2.r:: HIIJJa,C((lng:,.a,UOilulunUUnalilillnlfl •••••.•.•.••••••.•.••••••. ,.,. ,•••. •

TCP Connection Connection flll Application " Session .." " " " " " " " " " Identification "." ..""
u •••••••••
, ••••••
, ••
, ••
,229
" """ .." " ",,
230 231 233 233
-iul1lflun."l~Jbt~I"l
Gathering Interception
"
"
"".""
"
__
".."" .."" "

__
"""""."" ..""
__
"
,,
__
Information
233 234 234 235
Denial of Services ACK Storm __ ARP Spoofing
__
·~~-.
~~ ~": '.~
-
''''' ....... ~:
-
-,
-:~ ..
-
'
------
unl 23 ilas:uu naUUa.,llil

Ifu~nfll:t-J (Threat) ."." 'l:::(ilunlWll'V1 ,:::(ilu L il~ Li1'n
(Protecting; the n~etworlts) m~ .. '~' ••••••••••••• ','"

" "."." " "."." "."." ,,,.,,, ,, ".".""." " ".""." " "." " "."., " .. " ". ' "." , "." " "."
., ..
~.,~.231
238
".""."." ..238 ". " "." " 238 "." 238
" ". "" "'."." "" ""."
". ""." ". "".""
• :::(ilu bLeJ'V1'V1 ~ bl'1'JJU " "." ..". .:::(ilu ~
11
:
" "." "." "."."

"
"
"."
" ".,,, ,,.,, ,,

"" ".""
,
"
"
239 240 240 240 241 242
Confidentiality ff~l".!nm:lJ
& Privacy Violation
nl'uEh'ln'Ul!il~~filnl.n'l:::<J1U'lJEhl1i1)~~ n1.u1)-:lnU!ild~nl'jL'lJ1Tyl~'lJ1)~~ nl,UEl-:lnu l(;ll'Jnl'L<1il.'I1~l

UVl1Jl'1'1'11.h1
~~~ vvv
1 ~.v filULL1)'V1'V1flbl'l'lJ''U
bil!ili ifn
(filtering) packet..
u.:::~u
Firewall
U'&'I:: Router lunTm'm-.:l ,
244 247
Denial of Service :::lfluEI\lnu Ping Flood :::lflnl.U1)-:lrlU ifluEl-:ln'U iflu1);Jn'U iflu,h'lnu ifluEl-:lnu SYN Flood
" "
247 248 250 250 251
Smurf Attack. Tribe Flood Network Diagnostic Fragmented Port Attack IGMP attack attack "
ICMP Timestamp
252 252
rrrs
DoS bb1J1Ja'U1 Land Attack. Teardrop Teardrop Attack Land Attack Attack. Ping Of Death Attack, " "." UDP Bomb, Winfreeze "
252 253 253 254
nl"aihNnu
DoS ti)':lUnl':i(1l"a'J'iI,;Hlutl!U'l'll\1 L~l1)f................... ,
nl,UEl-:lrl'U lfil~L.1
255 255 255 255
nl"JUEI\ln'Ulfilulyjfl1)fl~ Unauthorized IP Spoofing Access & Session Hijacking . Network. Host, Application Scanning
Reconaisance
256
nlRWllD
n. Etherne,t & I,EEE8Q2.2/80·23 Encapsulation .•.,•.••.•.•..•..,•.•......,.•259 .. ~

~~ •••.••..••• ..~ ~.~ ....••..•..',"',',','" .•.,., .,
',0,.' ~." ~.,••••
RlftWUln II reP/IP Hea,der'

ARP Packet IP Header tCMP Message UDP Header TCP Header Format
260
260 260 260 261 261
811W Uln 11.ltU1UI:ilUwi)in Ui)ilIliIsllnsu[nSilud11l,

abU, ..• ~•..• "'."'.•..•. ,..•.
••.•','" '.''.'•...•.•.,.,.••.••... , .
o "'
, ••
262 2,66
21"9,
R1o.W 11,tUitU tClI,Wi)sni11unulblu ••~._. Ullil' l ,.~.,.•.•.•..•..•..••••• ,
--
,••••
,.,
•••
III ••••
II
••
III ...
"
III III ., ...
"'.
III~.
'"
..
~~.
~"'.~.~
......
III '"
"'.
III III '"
III III,"
"'
..
III ..
III III III III '"
III III III III '"
III III ••
, ••••••
III III '"
III III III '"
III III '"
"'
••
"'
••
III III, ••
TCPIIP Securi~
1 ujJru:;«r~n rll&,..] ~'UlJi'Unu rrn til W1~'U 1'I'1JJ'lI b1U1'll'V1fl'1 EJ\I v1uv11tJ l.Jii'Tw ~'UlJi'UnlJlJ~n1'
'U1'U1'll'11V1~NWI~U:l.!11 Vi1'.1i..]1UlJUElU lMD11UI'! ~Ul!I!JG'l1~1'bI[i)1'j"..]ilil'!tJv1~V1 , ,OJ
N~W§W'llD
'iJ \J
u1JJWlD\I'V'llJtJ ~nlJ 2-3 i'1'UG'll~l,bI

'U
1'!\i1 bbriD'Ubl'!D11 l'!rh ~l.J\I'NtJ lJ~jjVlWltJ'Vli'1tJ~'lIl)..] u ltJ'mmm~fl1bv:lu..]

c4I
G'l1l"]~l'lrilblJU~'U~lUVlDmnnU(i]l'llVibbUNbb~1'1 mn~11.J'I1nElUb"m1bUM Ni'1'U1~nnU~1n~U

~ "l.I
n~lub11u~'I'11bl'il'b'~bv:lU..]-1h~~'U j:jNI'1UN~'I'11"] n1'~[iJmtJ~tJN11'l1a"]~u'b'6G'llm,tlblJ'UhJ1~VlnV1

~ 't:j
1JJi1-V[iJ4ln[iJ'lJD..j'~U~'Vll"]D nmE) J h
~\I'Ir1 ~ b1~I'l1D..jlliI'l11!ls:lDU
b~Ub11~U
V1 ,n~
\lVlna VI"]~11bUUhJ ,
~, unwnu bl'l~tJ'U'lJl)..]m.fi'U'lNu~~"] 1,..,qJ'lItJ\Iil'U lMtJ1bU(i] ElW(;I1)1bU(i] 1JJi11nfl" hjj:j1n~

"lJ
bU(;Ibi{n~fi'n'Vlm~tJ~ hHlb1~1
'iJ
lu..]l'lu,7(..]Ian b1h~lun'U
luIsn bbYi..]ilW(;IE)'hU(i]
hmb'l1"] iil'll a..]
ClJ
1JJj:j,~u~'Vl1"]
'Vlna~I\1§l"1~11b1(;1alJG'l'UEl-.l1~1uvl'UYi ,
CI
D'Ubl'lEl1bU(;I~UtJ~(;I~ElVI bliil1 bUVIW1tJU1U NI'l'U1'!\ dh 1li1~V1m 1 iill -nEl~iil~ln~11.J~""1i'i1 ~'UHU'll'l&i G'l1~lJbI~U""11~lJ'WDtlbi91El11UI'l bWl.J..],r"]iil..]1ultl,juiil~Hib1iil1b~U\l , 1 1'lfVl l.JlIH6ttib1iill'1uilllii91niiElT'Ib~U'Vll"]
'l "lJ
1 u1Yit;im1u1'lfVl
1lil~Yfl1uhmb'l·i-JhbuD{G'lbli'lf
~ Ii
bbt;iV11V1ii~UH6~Tl\lfl ~~,j'urJtJ~:i"l~..] b~111 1.1 bbN..]ilV~l mG'l~a ~ U 1:1 6 blJ 'U,7(..]o:u N 11,,] u ~ ~ N Nvh~IU
<J
1u bliillb~
ulnu bG'll.Ja bi'Ubbi:iuml'U hlUEJ1N btJ'll V1v\~'U1:I61liifl11\1~\lfll.J iil"11\1li,n"il lJJ ltl
iil"11"]'ll'~'lI'U v\G'lUVI uuu ciunulli(i] u , ~uH6

,
Ien bb 'I1\11'-l11mlJ'U"il1\1'1UUln.yj'l~bbEJnil'Ubi91a{bUi9IaDn'Jln
til::: 30 'il-UU'I:::~(ijn11ili!i1flrJl"]
"
b~
Ubl~l dl",,1uN$ia-.l1Uiib:J.J~lU
'iJ
1''I1'Um~
1)iil nfiLJJ:i"l l
fl'Ub!i1f:l'hU(;I Amazon.Com 'J~ilrJm.Jl'1'1u'lla..]liiln'l'1lnli'lrl'llnilub(i]a{bU(ij 1i'ltJ-.l1th um:J.J~U1111 Elnfll.1 'I..IlJ1jjl'l1W1u1~'Vl'l'1c1\1 bvhJ'u
",
Yahoo! l'-l\lblJ'Ul~
builmii'1'u'VI\l,J'lI1N ilu b(ija{ bi'll'l~..] iI..] j:jb1U1"IlVi dl'111U Kt 'I1qJ~I'la UN~hultJ r-h'W:J.J1 b 1 uu b11:::
ltJ
bd u~'ll'~
usz b~l.Jb~ui!rm~ nu tJl.Jbvj tJblJ'UG'l~1'71n'VI~tJ.ffil~1n1'~'U '1 'iJ:nn

1.1 tJ1Vl:::
iil
is t;il"] '1U1'U lV1'J:::

blJucilU,..,n..]
b,..,ii1Jl~..]il1Vi~V1'V'lfi"(i1Y1~"] b-nl1li'Jlnm 'I1~EJi:im:::Yf..JnlJl.h::::lJiil'lll u
lvwJ1EJ j:jblu hViv\blJ(i11Yiu~n1.1lJ'V>I't.TuM~a(i1 24 ill:IJ..J ~'UHti u ~:::Isn rii1UlJ I'l fl n""~1 n""~1 mnAu8'U blflil~ bU(i]dJ'Wv\
bb~\lb1Un1EJYlI'lU mNI'-l'WYfl1li u(1j'l'1ln'J::: ih usu bUvrrlJ bN~arllY11UM1~Ubl'lmb~::: " ", 'lJEl..JJJ'U .....
"
,f-'
" . .
.'
• :
.""~,, .
__ '
'JJl1rl'l11'11fl\lll~n 1\1rrnuau 1hi~'I1~UrlUb lnflfb~~ dJ'W~~'\.Hrl!J'IlEl-JrlUY\'l hJmn~'U , ~l\l'lln~
, , _'~'~
___
,'__
:c'
dJUl~fl\l"llEl\lrl'W 1U la((n~ii(7111lJ nl"i'VI1\lt1hu
'VIJjEl'Wb~m'1i'WnlJ 4-5 nl"HiilltJviEl-J1J-Jl
1J~ U~l
I'l\l'l:: bt1El\l'llnEiub~El{bU~ dJ'W~'jjl'Wlb\! flt'ln
flU b~'W~'WY\'ll1imn~'W{hEl\l rltmvhb~El{
'lIblJElfa b1i'lljj~n~El\l b-W!J\lbb~rl~n l~~~mh\ltJ1:';
"lIm-W!J\lbb~biJ(»1J'l11b'ljEJf£'U~1'VIff\l'llmr'W b'VI~1'Uhn~~\1W'Ul1J-Jl~
bUiI::::flt'ln
lfl'l'l::fll(»~\'I'.hj_h::::
b'VIl'1lVI J'II€hl b,1'1 ::::mElnl a '! tJell'Wn'U ,!Wl
~ au 1lJ'Iil11'l 'l11"lJ El\lusn m Elflll\llJ'U 'VI'Iht'lii\l"lJfl \I'VI \I ~ Elyj~-W'll !Jl'U ~'Ill11h'WY\'ll U dJu~\I~bn(»~Ubbllil bblll::::e)til"i'lfll1~Mil
bb'U11i1~'1::::b~~£'Wb~El!J1'YI1Elbi'liim'l1iBb1ll':uml~~-Jl'V1qj "
'IIEl\lB'UlMElf but'llMin~Ell1i '1Ifl\l«\lfl~an~Ell1i
1~11 b'l1'1:;'I'r'j'El~'YI1Ell:1-int'l1~ 'VInl'U't1B'UlMEl'h Ut'l~-JllJl'1ib~El\lbb1iL'm , 1Un11bb'Il'VI i~\I'YI~El'Un11'l11Ml'V1u h fi\l uiimJn ltJ
b!Jl1'I1'U"lIEl-J mJjrll1~'jjlUlb\!
t1\1~l\1~\I'VI1(»1 'WEllb.nEl~vil\llnfiln ~Ubfl!J'I'Uil(i)fflii~~l
t1\1:iB1U bU(il use b!Jll'l1'U"lIEl\lb 'llt1\l'!\llb'll'VInlJfl'I,HbtJfiln'Yl'i,h~ Y1'1::::mA'!Jbblll:;
,"
bl'll'VI
«nl'U'VIii\lvnm"llll'Vl~ltfU'I::ltil£'Ubbfil:;:I1fl11~'I'l~Elm~~~ dJ'U'I1\l11i'l'l~m.jtllJ l'l1llJElfmi..l'll
bMlJ 1M1'Ulfilmbvi-JfI11~ El::1'lmnn11n1'l
bblll::::vnm"lJll'hl'1:;bMlJ 1til bblll:;b1!'JU1~'1:;vh
"
'lln~lU"lIEl-JB'Ub(ilElfb
u(o)~-JEl~lJ'W l1i1 l~rlflfil
"
TCP/IP e)uJmJbbJu
I'l\l b'l'l'll:;iil~fll(»nl'j(u
11 B'UbtilE:J'1b :;'lJ!'J1!'JiK1l1iY\'11I1ln UM'I 1w'Ihv'l~u (ill fl1'lElElnlblJU"lIEl-JltJ'l ltilI'1ElIll~-Jiilci1:11 fl1d1nHlfl11~ 1illlfl(»Jl!JEl ~l-J bbtiW'VIWl u Ill:;a l-J1Jd ru'l'l El~'1::::dEl\l1lJfl1d~ml'l'l-1im.JlIl1 UV!n amUfl1'lru
"
"
1W
bdEl\lu "i'n
tfufl1'lElEln
uuu l1i'llwirlEllll
usz nl'lfl~'I'l~
b~Utli''1U1oii\ll'W1t1i-1il~1i'l:; b'VI El\l'VItll !J\I1U1Ulfl'l\lfl1'l 1'1'lJ lub~€J bVll'llu hfl1J-J~J..J'1(7l€JU<1 II I
b~~~U"lJEl\laYl1~El b~1nltf'W11UlJl11J'l'lfil'l(7l:l-i\l'VI~1!Jrl\la(i)bb~1 ~ '1 't II qJ II hibbtil1'1:; 10Ji U1~'Yl1El1:1-i1fl'lblllV'I:;~(i)(i\l ,11
b~El-J1'l11J.Ji..llllEl(i).ti!J b~fliTUb~J.J:Jjb1ll'ntJ'iml\lfh~l.J:i1 eia b~l-J bblll:;b ~~v!(7lfw-J1-1l1'W\lIU~l'UmU 1U1-J
ti~ll-Jb~Ell-J~ml'l~El"Ih!J 1ifl'l'lEllJflfil~ b rJ\l"51'1'l~lJ (i)11(»v llJ:i111'l'l' l~vru -w auu 1Li1'l1mnnl11emllilU u ti'UEl'W11~"hum
"
, 1~nll\1"l111-J£unl1
b(;1;!Jl-JiK1flU LVlflf
dl til nfl'lEllJ
1'l1ll:I.J , l1i~1111l n'l'l1El:I.JnU l~atli'~
l~atli' bat! bb~l UU'l'ln~lU"lI
El-Jl1i'llVlflElLil~ b ~l-J'Il nnl':i'VI(i)Lilfl-JL 'Yhtfu
1ci1i1n1d1i1lJi..ld\l bbLil:;~\1WU1'l'1l-J-1r-J&i'(»bb1illl-JltJ'l' lMI'lElLil1ifaEl(7ll'llliEl-JtllJ , bL~i:J qJ'VI1Yl1il1'Jfl~l\l b1JUi:J \!'YI11 ! b U'l':;&i'lJlrl"i'\I a-'j'l\l
nldbMU 1t'l bbLil:; Vd'YlLillt!'lJEl\l flU It'l flf but'lnm:I.J bb
i1\1jjEn'Vbbn1"ll1ci1~h~1151\'1blllv(;1'llJ 1(7l~b'lI1J\lfl\ll-ii1tJ'l'lt'lflElIll €l~ b 'I1fl\l1Vil~~uwu-n€llJn'l'l~El-Jl
TCP/IP b"jl~-J1t1i~u'Iil1'l1fl\lbb1'JnbnElf
bblll:;lJil l bbu11t'b.Jl1'V::
"
tiwt1
useumn
,,
b-nll1i1J\lbut'l L ~Hn~111i
LiI\'IIIl\l 'YI~mbt.!11il'l-J~'1 ::::1inuEl\l L-Wt'l Llfn-1r-J'YI III1 V 1if"j€lI'lWU'I1nJltJl'1nl'llJ.J'1JEl\lbb~mnElfl~Elrh-J , ~U b ofi\l llJl1'1:; b1JU'YIti1V\ll'W~ b~:I.J 1tJ~1 EJ, a(7lVEl(7le)'1v,1V::::VI-JEl-Jrl nl'l'UI'1il El bVll"Tl VlEJmh-Jll-Jlfl'l'lffl~~Yl1€l1Elih~:J..J 'YI1fll1lJ1H'Vl b€lnrru
~'l1~ 1t1imnnl1\1lJ1id:;l-Jlru1i'l:; IPlnl'lll-Jb 'YI~ltil~ ,
~1-J1:1-iEl1'1dfl\'l~U'Ilnli'!J
L -w V-Jbb(l]'V :;l-J1nil' fl V~l\1 flU,!'Wb fl\l
1Ul~€l'lln~lU"lI Yin1"jlJ1fl1d~l\1<1~fl1 I
""
..
€l\lflUbt'lElf L-W tilillt1i iln Lilln1'Unld1nHII'l11:I.Ji..llllfl A'tIdln~lud dJI
(»Jltll1mn'l'lfl
bb~l 1'YIUllll V vm 1,m(;j'~ 't
b1J'WiKl-lllJ brl~ElU'I::::1Il'1:I.J1'ltwh"j-J€lVEl~1\ltJLiI€l(7lJlV l~ ", Ut'ln~1\1n'Ub vil1\'1un~El

'IJ
ElVlJU BU Lt'l€l{ b U(;1~-JEl ~1uaml:::Vil~
"ElVlJUfll1:I.J b~!J-J" 'I:; l~V-Jl-Jl n'YI1El
il' fl ~tfu£'WEl8'IJ nu rll1l.J bVl1V:l.JW1Ell-J :;rl11l-JW VltJll-J 1U n1'l1i11Ji..j"j\l bbrn 'lJ-nElUn'l'l~fl\l-1r\l'YIllllt!"II€l\l bbLii , l ~1'lJEl-J1~atli'tf'U '1 nl'lVEll-J1U Al1l-J1Il':; \'11nsein !Je)ULLlIl'U:l.JVlI'1'1'l'l'U"lI El-JBULt'lElf b U(;1~-J El-JV :l.Jtu ~ a
II.
1'l11J.J ~!J\IbbLil:;-nu n'l'l~il\l-1r\l'YI Lill t1~:l.Jl'1'l El:I.Ju~i1 b a 1 n
t~,~~1J1J
tce/»
N~~\lm.J1'W1'111:J..11l-hJ':l:;mV1LYl1tT'W'5,j"~:;~mmflvl1':l.JVI'W1~m.h.Ji.l\llJ
'iJ 'lJ
NVi1:lJLI'1~l'lJ1b~tl\l':l11
'iJ 'il
~1'W1'111:J..1l.l~tl~fi'~:J..I1ri tl'Wn\J bbi11:JJ1t1i~\ltl~1 'Wm1:J.J ll-hh::::lJ1'Vl bb(;]nem bDm 'VI~tl blltl\l"<ll n A11:J..11.J1 ~ ~ 'VI~tl11:lJb 'YilVl'W'lltl\Jl'l'WLD\I a1'V1l'lJ N~1UI'W1t1ibtl1 ~\I~;~'V
b'VI dtl
h1i'1'~"<l:::tJ-:rlJl.l'i\l1 Vi~~'W
L~\Jv.J~ L~~A1~1'VI1\JLbvl 1 ViVl'W btl\Jlilfl dJ'W au bEl\J ~ b'VIi1a'W~\J b1U~lJ
::::J..I1'V1fla'WLVlEl1btJVltT'W ~.J~tl\li1~\J~
~El\JYh b fi:J..Ib~:J..I~~ml'W1'llflmh
b~tl11f)1'V'V :::'li1~ 1 'I11.JmA':l'l'jlJ b'I1wliEllJ flW~D\J:J..Ilflm ~~a
tiL 'W ~ 1~a(ii'llil\J
fl1':l1.l':l1 n:O~'W'lltl\J unn bflEl1~ b~VI'iEl 19l b'ih 11.l!J\J':l:::lJlJA a:J..I'l'l1bl'ltl1v11\Ji bb~:::blluN~\J1U'lla\l5'VQ~~::: El1"<l"<l:::ijG'hul.lnmJu1\1
LL~11"1':lbG'l1~::::J..Ia\li1flun~u11.l!J\Ja1b'VIl'l~'Vnn '
b'1J1b'VIG'lltTU1.'l'l:J..11'l1.l b'V1:::~hu fl1':lDEl.J n'W~ ~ lIi1'l1tJ1l-li.l1:J..11':lfl'Yl1 1ti1ri1 b1'1 bbiJifll"l~\I
vm
miill'l'i:J..Il9l1 b'I'j'i1:::1"111:J..1l-l\lliu1Ufl1':l~U'VI1-nlllJn'Y'l~ll\l'lJa\l'i:;lJU ~ ,
"
'VI1n1.Ji1~\l1l9llJfl'Y'l1fl.J
b'I'j'il:;th:::~lJ
n1':lru1l'ltlu\J
ba'l! b'Y'l':l1:::':llfl~lU5u1.Jliul'1\1'lla\J':l:::lJu
b'Y'l':l1:::1fi~l9l~ bbVlflvll\J unn bfla1~\I'VIrl1 tI b'ihm1(1i 'VI1fl1l-li1
~luLlIu~\I~ 1Ufl1':llJfl':lfl
lYn"l:::i1mJ1u~h
bb~fHfla1'V::: H'lifl\l'Yll\11'11u
,,
iifllJn'Y'l1fl\ltL~flbnfl1"<l:::i.l1m'imh~1~Li'h'VIJJ1~
1'11'V1t1lilvll.J1U1(1iflci1\11 'i ,
~ 11fhu 1 'I1qj b~:J..I ~U':l:::lJlJ 1l9ltlfl1'l111\11U bb~:::wOOJu11t1 b~fltl'1'Y'l11l:J..InlJ fl1':l 111\11u~ilJlIllu :J..I1n~u b~ a ~ '1 ~1.l':l::: ~'V&Il1'Y'l:J..l1 fl~U b~ fl tI '1 'VI n bllu b~l'll fl \J b1lJ hVi 1 "llfltTuni:lfl1':ll.ll'ul.l':l\l
n b~:J..I~u 11il tI f11'i bllu

~~u bl.l~~U
i:l i1 "1~""!
b1lJb1H'I'hlfl1ll'i'i:J..Il9l1
b.Qfl'VI11'11thau 1"l:J..Ilfl~U
t1~lJl.l'i\ltJa ,
'V1nW11.'l'1iyMlJ b'Y'l'V bllmbtll"l fl1'i~'W'VI11ifl:J..I~
Vi 'l'h 1lJ
b'I'j'V 1~~ltllJnlJN
~b1i1:!J1b~tI:J..I'1J:J..Imn~'W
1
~lJ1fl1'i~uimfl~'W
:i1fl1':lvl1V1:::dJ~'W~:I.J1lln 1\J~ bhffu
:i1~u~lba'Wtl'lJ1~
i!fl1'ibn1Jb~'Wflau1iil'l1
bl.l~mml.lt'l\l1~e1V1'i1b
'Vm~Elil~b1i1'1J:J..I:J..I1n~'Wn'Vhfl1':l'lJm~
Vi1'VIqj~u
i:lb1l1'1'Jblfl1mfl
~'W bvi:J..IbblJui9l1Iiltti'lqi~u
bvi:J..I.... "1ill""! bblilil~fHdlJ'VI'w\l1'11:J..1~"<l:::bvi:J..I1"l11:J..1l.l~tll9lfi'~'lJtl\JLilJhVi u h1i~Hitlci
bl"l~~fl\la1'l1'VVl11iiflUnW1tl\l'lla\lb'Yl1"l1 1.l11u~fl1':l:i1El~1ub ilJ h"':J..I1m'l'i~\I fl1'itl-rlJtI'i\l(1i1u'l1"bJ'1hmfi:J..I~I'H , umn , 1l'l~ bb!:lmntl{~m~'V::: ,
"
h bbt'l:::bbt'i1'l11(1i'VI~fl 1l-ltlcil\11
"
1.J11'V::: LlI'WaubVla1bulil
biu b-1i1vJblfl{
'i:::lJlJ b'Y'l'i1:::
'i 1'1\1f)1'V'V:::iju1\1bb(;]1:JJmn
'iVl 1.J'.d1t1 1 Vii1I"1Ubii1:J..11'lJ:J..Imn~'W 'V'Wfl11'V:::ij bilJ 1n~'ln'W 1l9l'W
bvi\lr1l9lb~l:::'i:::lJlJ b'l'iiJ\l1:JJil b~m.! bb~:::tf'WE:J1~'Vh1 Vimtlfl1~ 1t?iVllJ'Vll'Wfi\l
1'111:J..1t1 a lilfi'iJn'W ritlU~"<l::: i.l1mn'W 11.l ill TCP/IP 1:JJ1t?i an tl P.J n bblJlJ:J..I11 Vill t'l a 1ilfi't1U n'VI1D tl1'V'V::: b~~fl111.JtI 1ifllJn'l'\l~il\l'llfl\J TCP/IP bll'W~1n'W~11t11
"
~ a Iilfi'~ bt'lu n111t?i
-ntlI"l1'l'i:::l\1'l1tl\lN1l1bbliltlci1.J1l9l
"
Ubb1l9l1\1'lJEl\l bb!:lfHm)1
bbvlnttlJ 1.J1ti1bll'W~'Il'i1u'l1~mllu 1(ill"lflt'l1t1111tT'WbbVlnvll\1
nu V:htl'VIit\lflm'J1b.yjm..h11111i1Vibnl9l1.l'l:::1t1'lJ'l1~i.ll9l ~~ bYim.I11t1riflnlu ~\I'VIih~-J

'lI
"
a1"<l'V:::bllub 'I'\I':l1:::dJ1'V1m~'lJtl\ln1TW111.l'i
'VI~fl'Vl111'J:; 1t1'lfii'"11n~~~i1tl
bbvlanN1t1'11it\JAmnbViil'Vl11iillJn'Vdil\l~\J'I'!m!J ~n11 bfltl hfl~.Jfltl\J

'i
~"
1.JlJ'i1'Vun'WN~H\ll'Wn
(il111111.l N~l"ltl urie nl'WiPI tl ~ b'V1:::'i:::lJU nl"lflvl.l'llJll':l\l
b'lliPIWl'ln1'ilJ n':lfl1t1 b~a ~i

'i "I
~\I
1.l':l1 nn'Iil1I"in'W~\I'1Jfl\lN1 ~ ~ 'lJfl\l (ilUbfl\l b~UlJ1 nrrh
b11tl.J'V1n5""1Q1~:-;111W'lJ tl\J uzm
~ "ii~Vln
bliUb 'VIdtl bbrl:::uen bflfl1tl cib~:J..Itl ut'l:::l1"n'V :::~l9l11 bllu~\I~ ~
bntn~'W
tn tl1~i.llm'i
ml1 b'.dutTu1t1i
!7\1u Vi~""I1\1bll'WbW':ll:; 1"l11:J..1~11J.JYlTVI'W b
"
(i\l bbii11 TCP/IP tTu 1l-lijfl11:J..111t'lfll9lfi'~~
b~ ~\I'I'\Itl bb~ b11M.J1~ij'll1\1
b~tln~U~~n11m
'VIl9l bb'VIU fl1'i b~~'W1~'V :::tlci nlJl1'WtlU1\1l.l sa tnfi'mi 1'1::: bll'Wu 'W1'1l1\1l.l'i:::{lth:::'W a:J..I~ Vib':l1i.l1:J..11':lfl111 1.l'i:::1t1'lJii'Vlm 'Vl1"l1'W h1i1t?i:J..I1n~U
"
"
""I1.JflU11.l':l1V1flflt'lfl1'V'V::: l:JJtlt'lal9lfi't1
"
bb~tf'Wii1t?i'l1:J..11~fll1:!J_'h
1 : TCP/IP Securify •
·c€~,;·
, .\W:"
'~.
-
,
•" --f.,.
iTu1lJffll-.Jl'Hl1..J-llJl.h'.l1 'I1iil'llll-.J1..JmJfili1mnM~u 1a1 'VIlniiI'l11l-.J Lih 1'l~ 'ilhJ'.l'l'Hlnflll-.JT'gIU-lllll"i\l , ,

"'l1n:lluVi1lJll~f1fili1uih Viiil'l11 l-.J1..J fili1Ubvil-.J~um 1u-Kuv1 bViU\I'V'I f11"J 1Vill~n111JU €iu LMiJ'lbUM aa f1~f1 bflufll Vinu«t if ,,~::: hlbuMbNwlimJn'V'l1f1\11ViueJn bnfl1tIll-.Jlli1..J·;dtJ'lfU1~i-.:hU'1 ii N~fili1ru'l'l:j..nnl-.Jl\'.Jv1ii,J'l'V1'1il tJmlL UVifl'.ll'l~lM iifl'd'V'll'lru~1..J'1U1Ulm bVi €I 'I :::'lh 1.1 b1JU'VI 1JUl'll bb~:::'1h mll 1Vl1:::UU 1'1 €I l-.JWlbMfl1iil'1'nJ..Ju iilfll'li1UJ..Jlf1~U 1..Jl:::l'l'ln ~fI..J b ffld'WfilUf1 bVlU\Ibbvl":lm~u l'W'.J1mu 1lJuflm~f1£f1'V11J..J1 ~hnun'l:::-ru1..Jl:::nUl'lruil1l'j bbll,mn1\1lunl"'lUfI\lnUtltJl'lf11'l1l-.JJi\l'VIiill , u1l'lm1M 1u~ffl Uvl'I i\l 1 bb~liTufllmlmbi'i1 h':l1-J
"
"
"
"
lUJilUI'l11l-.J 'lI1Ji~lU b'liU
tTU'VI~i1 bb~l(;1niil\l1'V11i11J\ll1 b"'il~f1-Jilil\lnuil:-;
ii su n 'V'I1il-J'lJiI\I bil'V'l'W~l'liU bbiil:~'V1"iru1 LVi\'.J..J b b bbl'llW"i:::~lJbU(;Ib11n'llfl'.lBU bfilfl1bUl'l bbi;ih 11 q)''I1v1 1'l1"J'V:::'\.hm'lllJfililfi

€I
"
bbiil::: I::: 1 "ifiilflul'l n I'll l-.J 'WLb 'VI1f1lJtTu € n 'Ii 1
"-lUUb ":il~;f1U\l';h
..
TC P/IP
iHiOUnfol5il\larh,'11'i...?"
Denial of Service
dJu vi (I) 1:::'VI n nu~"hflul'l u
I'lm.JW1 b(l)i1fMl\1'1'l1f1\1bwmnfl1tTu usz nd:::'VllJMili'l11l-.J b~mj'u'IlfI..J«t
'i 't
n 1'l1l-.Jv1imiuu i
'!.I
BU bMfl1 bU(;I'I1nn111Jf11ndh
'I
'I
1U1J..Jd:lJ lJ
ff\l(}JiNVibn1il1'l11l-.Jflu'VI1UfI~l\1mnJi\lMfI"J:::1J1Jvi(l)n l1JUb'VI~f1 1 b
U{1J1l"J\I'l:::lJlJ1m~lf111J..J1..JiNflfili1UlJUbl'l~hl'Ihu1 'I1mf1~ub'Vh vll\l1 ilir..JfI..JflU'll n[) 1 YlUV)n1u VII
"
oEU'lJ~lU I'luvh Isn n'.l bbiill'1::: l:ifll1l-.J'V'Itn tJ1:lJil 1Nnu bbiN:::
11 bbM11U\l1'Un1"'lrlf1'lJmn'llfl\l
'lJ "I "l
bl'lJ1'1l''11
1M E.I ~hu N1 i-v::: biilb'l111'l11l-.J bflm·'I1EJv1 nfil~U'lln unn bmrltTuil bQ'V'Il::: 111v1unn bn€l1 1'VIlli b 1 fflm"'lm~1il1f1filNl'U'l:::lJ'lJ1nHlI'l11J..JU~€lIil.llmiilm1(l1
-"
bLfl:::'Vllnl"Jun1'I1
'lIlJ..JU
111\'.J 'U'l:::DlJ b'VhtTu (;I'lllJ bMv1LbeJmnflfif\l1lJiillm"HlNlu1:::lJU1nHlI'l11J..Juiil€llilflu b
'VI1m-llflltJiifl:lJfl " biill-.Jl1(l1 Ii
'VIl-.J1JI'l11l-.Jll'l:::lJlJ'IlfI-J b'lliJ\lI'l\lU flfll'l.llUfl8 ~ub1JUl"n1J..J dh hv1nnJifl\ll Vl8\lfl'1U'VIi1'.liil'1'VItlJ t ~ " mruvi unn bnB1l:i1'l11l-.Jlh:::iiI \I~'V :::Vll\"l11:IJ b~U'\IIltJ'Vlnf11tJ lu1:::ulJ lbC;\iJ'V'IUUnl"'lm~;-ll'llB-J , blsn bnfl1tTu 1(l1'l181 U'liflU b'llt'llU"I 1 n1'l11J..JJi f1\lnl1v1'1:::lJ mn1:1JlJ 11iltJllJ1(l1t1JflU
ill1(;Itu
blJU
b'l'm::: lu 'l:::U:::'VI ~-Jrrnu ,rnn di11u1 ~ 'l~UlJvll\1 '1tTu l1Ju~\lv1ul'n~unl1 b~ l-.J , mn 'V1m&\J..Jv1fl'lm'lm~Iil'lfllil biil1ul~1:WEJ1mvuun bllJ~l\l'T llilmQ'V'Il::: bllJ 1'1l''I1v1i\"llB-Jl1 b1JU
rnstimrnuilwuru:
dJ1'V1:IJ1U'lIfI-Jusn
tn Bfvll\1litJ11JU1-J1:::U1Jtnb'lfll1:IJU ,
sa filflu n'U'lIu 1U 1'VIlli 1i\l;-l11Vim:::1J1'U nl'l ~ bb!'lmr\fJ1fl'1'U'I4i1\l~-J14ub'VI1ulJ\Hi€ln1u ,
"
vil'll::: bii1ff"J:::UD b'VI~lii(l11 U1TIlliil-.J18f1J..J'V::: ' Hi1:w1ciiNfl5nM fl11.l
"
b~f1nl'l'V'l\'.JlUl:lJ l'V1:::bii111lmu lutTmu'U 1u1Jimn
dJl'14J..J1EJ1lJl'I1fl'l:1J1dn;-ll\11U 1cif fi\lbbiill Ni:'l'i11n1111riiln1utTU€l1'i1"1::: 1lJfl«tlill(l11uu1::: lu'l.i\Jbfluli (l)1l-.Jbil1'VI:lJ1uy)rlnnfln1'Ufll'V'i1:::1:w fl1J..Jl <H11Viu,n1'l11il vlflNb1iuu€imt'lfl1l b~tJlnumdvi bbeJmnBfbfl\lllJiillJ..J1;n
"
"
b'1hluJl1u 1u"'l:::ulJ 1(l1nt:WiillJ..J11r1QnQltJU'l::: lu'lnl'i11niifll;Jiil '-V~f1~m~u..Jv1ii11l-.Jl1[l
"
Ut'l1(l1bfltJ bbiil::: lu'lIru:::
rnu 1U'lIB-J biu 1 'j'jYi1~ blM~\l'VIi1\1v1uElmna1UIlI'l\l1ai-rlJll1nm:::;-llnl".iiil'll
1~ulllJ..JlD 1'j'jVliJnb'1'VIq)1aiail u!J:iJB'IlfI\I(;IUbil\l b
I.
''lI1~::1J1J
Tep/IP
n'l'lUD\lIl'WI'1'Ww\l1l-Jl VlI'1 btl'WbUl'Vll-l'ltJ'lJe},] l'lnnriDn1'W,rUn n n 'OJ rmumn

'I 'I
'l:'; vl11~tJ'ln~\lnl
'lJ
1 n'l'lU fl\l 1l'W 1ilJ~n'l'll-l'ln
b&U~n 1'1.'llJ 11'lviblU 1"lil1U\lfl\lbUI'l-rlJt1t-E"I'ln~1 '!J
l~nUf1::;li1'l'ln'W'lbVliiNm
vifl'fl n btl~tJU bfl'iifl'WI'l'llJiIlD\lI'Il-Jvi'WDn"l'ln"l::; b~D b-firuG'ln~'l b-]'l!.J1 bdhl'l'W~ bbN\ll-l'lnfl'l-;;J-;;J::; btiU bb~nbm]'n\i1~1m'li'Wfl'W ~hl'l ~llf1n ~\I,r'W(I].'llJ b~~U..jI'l\lbYhJ~n1.;;1lJ,r'W~fll-J b~U\ln11QnriDm'W 1...;w'W
Denial of service 'I4~fl DoS b~l-Jdju~'N'nn'WD~'l\lbb'V'l1'14~'lUfh~DbllJhl1~\I'I
b'liU Yahoo, Ebay, Amazon, CNN Clnbb~mnflf[-;;Jl-Jm
"
"
VllbvibllJhl1(;]'l\l'lb'l4G'iTiiWJl'lbl1
lJ~n'l'l 1tlil'lJru::;bbf1::;dJ'U'li'l1~fl~'ln'W 'l41ml'l~fl'lhtJ) 1~a'll-l1'ltlb
1tJ~111iln
DoS '14m U11,.1n 'l'1'11 vid:::lJlJ (l'Ifll-Jvh b(l]fl{bbf1:::1 1 b 1l'lUn'l'lhl-J~,r'W"I::;vl'lb VI1'1 'll-l fl''l !.J11n b 'Wn'l'lbl1 1 b-B\I 11'lu m:::1JdU mJ'lJ [)\I'l euu
VllJ1n1'l 1~fl'll-JtJn~
U1n11'lJfl\l LilTvimtlf1 fl1il\l1tlvhm
n-;;J'W (i,jvlll VI'l::;lJlJ,r'W'I4t1flbVlu1n1'ltil\l1tJ1fltl~u ,
n'l'l~ D'l~'V11bl11'l11l-l iIl'll-l'l. fl'lJ[)\I.::;UlJ 1il1'l ~11il\l,r'Wfl1 AWllDlJ n'V'l1D\IU1il::;'li[)\ll'l\l~ii bU'l'l4l-l'lutT'WbD\I .::;lJlJ bl'l1viiiD~b Uhn,r'WM'l\lniilt11qtJ'l::;iIl\l#l .:::lJu,x'Wum.J 1aJiitJ'l::; lu'llu bllJb'D-Jv.Jnfl1mU\llJdl1b"lifl{ b-riD lV1lJ1n1.
"
b'V'l'n:::ti'l'l::;lJlJ hJiilJ~m'lbI'l1 n'l'llJ~n1.M1fln'l'j"G'l'\I-][)l-J1il"lln
~lfl ~'l\lb'li'W ti'l bl'lii bllJ b-B~l'Jnfl~ f11b'l1iibl-J~b-B{vJn[){
mllJ~n'l'j"Mfln1.-rlJ-G'l'\I"II'l'l1mtJ,xubfl\l
"
-;;J::;
b~'W 1~1'lb 'lli1l1l.,mn biJtJ';du'1fu-;;Jlm:::lJlJ
1~n-;;J'lnnl'llJ~n1.~.::;lJlJ,x'Wl1lVlmtTubfl\l
n'l'llJ~m.~
1~-rlJ btl'WN1il-;;J'lnn'l'lvl'l\l'lU'lJfl\l bbD'V'l'V'l ~ bl'l1fuvivll\l'l'WflU ~\lu'W~\I b-B{l'Jb1 fl{ use ltJ. bbml-lvil'lfl tl1U u~m.~~\l11'11il rrrs ~Dfl'wilEl~
'lJ 'iJ
b[)'W#i1'mlllJn'l.rll\1'lUfl~'l\l
iIlfll'll'lil[)\I'lJ[)\I[)\I~tJ'l::; nfllJM'l\l11~11~:; n~"I:'; ~fl\lvll\11'Wtl'l:;fl'I'W b'll-;;J:;iIllm'lm
"
btl'W~I{1'l u 1{ 11l-ln'W D~1\1 1t1n bllJbW~
a, b'11(1] b~H bbG'l:';U~~UbAtJlilfl\l~1'Wl'Wm n

'1 'I 'lJ
tln(ilfl\lfl'J..J1Jdru'VlnG'l'l'W cl''l'l4-ru 1'Ul-Jj.Jj.Jfl\l'lJ NbiJEm 1aJ'Vl'l'lU"l1nllvi fl\l b Vimus 1'l\lc.J illJ'WmJ1-;;Jfl b(;] f1::;I'1~ 1 b \lJ'W ~fl\l ~hu m :::1JdUrrrsus 1l1wvi b.lvll n'l'llJ'l11Gfb llJ'lJfl\lbllJ hl1v1~\lEltJb
:.;offul'lElUJ..Jnl-Jl U 1il)\I~'Wt1I'Wl 'l(i\l l [ m
-;;J'lml'l~fl\lI'lElj.JWl b(l]fl~'lJEl\lb.l-;;J::;nn1il'\I~hu 1tlEJ\l1l-Jb~l-J ~1'Wfl'1t1 1 YldAWl1 N1U'llJ..JiIllt11'Vl'lAwl1
"
"
U[) bl-J~m~\I'Yil\11tliin.y;n
Is n'l4it\l1'l11n',hviilm.JG'l
"" ,
Nl'WNb VllJ1nl''iBlJbtllfl1b
tlG'll tI'Vll\1 usz bllJ 1 "lil1tJ1il1 U'Vll\1Vlln'l'j" uil tilI'l11:J..i'l4m Ubbil1d\l'lifll-JG'l bllJ bW~tllfllJ-rlJ n ~lJm U\I bl'l~D-Jl'lfll-JW1b(;1fl{v11h'W'lJfl\lb 'l11~,xu-;;J::;(ilfl\l b1iI'l11l-JWUlt11l-J!.J1n b~tI-J1 'l bb(;] bit [)\I"l1 nb'VlI'll U1 til11 1(ii~l'l.J'W1nl1'11iil1tlmn m.tl.:::m 1ilc.J til'lifll-Jf1blJU
'U
"
Utll Nl'Wfl'lU bl'lbil1il'l::;'I411\1tJ'l::; b'Vlf'!bbf1:::Nl'WbI'l1fl'1i1UUlJ1aJr:hu1tl-;;Ju(i\l
"
~"h'W'lh\l'lJfl\lm'li4l-JG'lnl'lG'lnl'l Gnu 1tl bbi41 use fl~b 'W.::;~lJ~n1'l$fla1'j"
Iila U1\1ii b1il'~U11l1'V'l-;;J'UN1 '1i~11tl

"
"
bbf1::;
fl'lm'lflb
'1i\l1lJb 'Vll'll'U
l1'l::;~U iIl\lb'l4G'i1d
"
nlJ'ii1 (l]tl'l:.;"h1'W 1ai vl'll Vlm:::1J11,Jnl1Jl\ln

"
G'il1vi1'l11 U\IU'l n'lllJ'1iflUJ'Wdl
"
b1~ tilG'il\11tJ1~~m 1aJ tnn
bbG'l:::n1il'lU blJ'Wb~~\ltlnWiviNb'1i~fl bel11 T'ldffl\lb Ii'Il1J.j1'l1~ml\111bllJ U-;;J-;;JU'W'I41nbllJ'{j'Vlll'1'1bul'llV1lJ~n1'l H\llti1~J'W 1 , 1\i1n~m:.; btlub~[)-Jbbtltiln~\lnl1 11\1 bbiibVll'll'W lINl1~::;~l'l.J'Wln'l1'11ih fl'1'lbbl'i1 'I4'Wnbb~l bbM bbM~::: 'I4'U b l'liiih~u~ , m.1"';vll\I
iJ-J1U 1~fl~bfl'l-Jfl
"'lJ
nG'il1ADNbiJfl'WbC;]fl'hi1tll~11tJ:il btl'Wtln Wim.i'lb1il':J..iEl'Vln 1'W n1ill bbM'I41n 1l-lff'lj.Jl'lCl bU~lVilJ~n1.
l'1f~uuii'WbVlfl~b Utll"l:::ill 1 l-Jl,blb VilJ1m'l1~flUl\1 1l-lb'lib~El-Juilsn
1tlflUl-J1 'lnVl'll-J 'V11[)"l::;:ilm.flflnbblJlJ:iJfl\lnUfl~l\1~~ run run tI~~::;'l'h b Vi'l::;lJU1l-J1il'1m'ltlb VllJ1n1'l 1~ bit fl\l~ln
'l'W'V11mh\l'l'WNI'lWtil'lI'l'll fl\lG'l'l'Wtl'l:; nau G'l'1'W bl'ldlU 'l4it\lb 'W.::;UU ~\I,xu 1I'ltl1il'1'W q!un b'l1
I'lfll-JWl b(;1fl1~\lfl''W bbG'l:;a.J\I~'Wvi-;;J::;vl'lbVl'l::;lJlJy'f'l\ll'W fl bilD'I1tJ11'Wl'W~iIll'l bbtil::: 1~~ bVlffl:1J1'j"m~flflD , , 1~niiib~V\l 100% Yi1il'1'l , : TCP/IP Security
.1
~,,<. '#~
--
I ,.
. .
---
"\>.:.~~.~~
."
~'~'~'
,
-
---
~-
-_
--
~,!
'"~
---
.
'
" --
--
1 U'1Jru~~~TWVl\!-Jijfl'wVi'V'l ~lmj.Jvh n~u:n~u'l"J1'.I1~l:I.Ji'lnlf1i'11-Jb'lhlb~mnU~"I:-;'I'h ,
I'll b1U1 'liVlWlm<Hl1
VilJ1rnl1$i~Vi~~
uwil'in~·1'l..IVI\!-J h:IJ~ uuu
1 Vil:-;UlJVI~I'I'VhJ1Ur;N 1 ,
V11~tYUMtlf111
Denial of Service (DoS) blJunl1h:IJCI1~j::J1\11~lh~GiI-JI"1'V1~n~flvi11Vidhllj:IJ181~Gill:IJ11f11Vi U1n11V1~fl1~1V1r:noii1$ifuu1n11"11n'Vlf'V'lmmVi~tl-Jn111~ 'IJ bill b~~'jI\lbl€)~D:'.J~lnVi"l~.fl{j"rilfhu nl:-:vh1~8('11-Jnub~~vJblil1 bbG'l:::~1b~~'V'hI8~b8-J
'IJ
1~~~"l'W 1V1rumd l"I:lJiI1uuu ~
DoS wi€)
1I'lVi'l:-:1~fll~11l-J
b~~'VI181I'1tJ\11d-J b'Wl1:-:md h:I.JCI1El1"1"1:::

""
bbliivJ1(11fuNG'lm:-:'Vlu"l:-;dJultll~~-JN~b~vnbih:lJ1('1~b1ubMvJbl€)1Ju ul'i~a1~4!~fl1~lJU 1mJ11:IJ'I::: llJGil1m1Cl1V1u1n111~ bbthl8u--i1mlh:I.J&i
1.h:-: bflvrdG'll:IJ11f1m:-;vll
'lJ1n11N
l(l\'llJ 81 n bi!8-J"l1 nllJl1b U1:::UU b{i1 wi1-Jfi:ij~ ~Un'W"i8-J:IJ1n:l-J1 uVib1Ju~~tiilu b1111'liVl,rWr\lfl\l~fJ\lf11d (inn nllfll1l-JtJ bV1
~
1 'I11'1:IJ&f1~1u'Ilru:::b&i81nunT"jiJil-Jnunm:::y'h1~l'ie:J'l..dh\l1'.l1Mm1l1(i1Vi
~
bih'lJ:l.Jil1.h\l111i1 b~1 bbG'l :::iiI~ ~n
man
tJ~W{i1 fll1mr:::
q
GilDWI,nm1n"l:::UU D U
fl1.JG'l:-;~lUbiil:IJD 1W1UGil'lU ~ bl1ruD1"1'1:::i:J£J\ih ~ h11F111 DoS t!uijb-WtJ'Jn1di"l\lifil:I.Jt'll'iild..nmj1-J'Vh:IJViu'VI~D u Uwi'l1-J'1bb~--Jn11 Dos ij:lJ1nmuGil11~~lfi 1~11
Flooding Network bilD-J'I1ndJulfi~blJ1.JVit1m,JYifi('1
ms
DDS
n~€JwmjBm'U ';VI'fJ?1.Jd:;uU1f'Ul,;ln'Yi1 ..J1'UMj;J13JI1n~lJ';";hi?EJ?iJlvJifj;J13J '

b'liU ~~G'nf.lbr1biJiil L'liunTlv1l1'r1 tJ\i1bl"1~D\I VI~il1ul:::~1Hil(llbl{n OS bnWlfl11 crash C'11tJifibWllfi'VI\!\j 'VI~El1Ul:-;~'lJ~U'1
"I:';blJ1.J'Vl1-Jf11~m'I"J l:::~U1:::1J1JtlBD'~f11d
b'liU Flooding Vl181u b'llU
Database VI~€JbbEl'W'I"J~ bl"1-E'U bb'l1UEl1.J111~11'V11nm:::'1'1lci'1 b~"il1U1:::~U 1I'ln(ll1~ 1i-J "Id~iil1:1J1dblbojj-J1U1C'1 bbliib~D'Wl'lti\ln11 'IJ n~11i;i\lmd DoS 1I'lf.lbbelmnEl1uil'lu'l1UDU11n11
l~U1J~-J'Yl:I.J~n
DoS Vi'l:.:t'l"1d-J11b1n1:-;'V1l1~,ru"il:-; b11~n'l::1~
&rD-JHb'l'lI"1t1l"1bbt'l:::vrnM~'I'll\1~lUIi'18~l'llbM81
bbGil:';blJum1h:IJ~"il1mfl~mhmYhtTu
DoS 1W1tJiE'Vl1-Jn1Wl1V>lbV>ld1:.;1~~Dl1dJ'Ull~~n~l:IJ~bn~"I1nmJnbn81bb~i1rJ1\lb~ , DoS b 1U hrv'l(i]l\1'11I'lmilWl:': bl1J1<1jVlViij'l)Ull'lb 'VII1iLb~:::ilo/lmiiltJ\ltTun dJu bmhtTuwi1-J~-J'VlU:I.J'VI1f!1~ , If!ln1d:-;1J'lJ 1tllbbmm:IJf)1 ij'Vlf'W mm bbiil:-;N'l11U1ill
'1:-;111tJLb~,ml
1"111:I.JVl1'1'l1!:Jci'lV1''r'lJ mlmnfJ1mjV>lDl"111 bl"1~fJ\l1iibl"1~iI\IilfJ1m'l'l~W1m,JYrr-J m1'Vl1-J~lUb'VlI"1t1I"1Bn:I.J1nmtJ "hn~
..
b'W11::: bl1J h~
i'l~-J1iPllnlb~~mhtJ
"
VI1n btJ~t.J'lJn1J bbllmntl~~i:Jb
w8-JJhl"11.Jb&i!:J1 il'Vlf'W tJ1nltlV8rl1\1 DoS bb~:-;fnl:IJ'W~ltJ1~
m"l"l:-;ilbbfi1:IJb~:lJliim'lhSUb(llD'hU(ll~lb&\~l
n'lJ1tJdlbndl-J~1ojjrl1
"
iJ U1-J1~:i1~~1.Jt'l"1'l 'VI1n usn
Lnf)~rllci'l
b~"l"l:': dJu WilD1.Jn11Wt'l"'1'l11'111:I.J bil~ tJ1;)Gil11'l'Il8\1~lbiJ\I~ 1U'Vln'1~lU ,
"
G'l'1d-J11Cl tl1<1jU:::bl1J h~b'VI~ht!u~:n1"111~b'VIiltlF1'"h b
biil:Wtl1.Jn'lJ1"ill~i:J bW~\lij\i1 b~Wl
b-WV-.l Liii!:Jl LLwiG'l'1:I.J11f1Lm'liu:.;ntl\lvrV>l~ij"",1tl:I.Ji,11"V>l1 , b~~ U'Vln'1~lU m1 DoS 1~U~lU
1~
dJ1V1:1-J1tJ bwmnD~
1V1qj"l~D1AtJ"iitl'lJn'I"J~D-.l buGiI'lutJ1~ntlU'IliI\l1:-:1J1J
'V:-;vllrl1d lvd-J1I11~mQW1:'; b"ll:-;"I-J1tlir\l'V\i10fJ1.J b 'VI~ltTU GiI'-.lVJiiI,b 'r1d:-;1JlJ~\lVI:IJ\i1~\I'Vll:il1!:Jf'l\l~1 ~ltJ , b'Vlfl'l1l"1'VIiiiT~lbtl-J~rl11 Vl1J1-J1"1 bllJ 1 'li~niii~t'l"Gil1tJGiI-J1tJ1~tJNij€)'IlD-J b f-J unn bniJ1"11nm1 hd-JiiitihtJ
••
&~'1~lI:UlJ
Tep/IP
_, . ,ill· 1-' II :," r aJlllfftl.n~ JlIUililD1S DoS

...
I
.:!. ~'I
«n'Hru::;~11t1'11ihlnl'j"
DoS ~~nl'j1Jmh~~E1
~E1VWltJll-Jri8m'W 1ViN1oii\Jl'W~rln~D\Jt?l1~ bAU 1oii<illn~~{vJnil{~lVlil"nl'j"~l\1'1 "b'li'W
t1n&i'1lD\!l'iHvJblD{J'W 1lJ~lm'j"C11i1J~n1'j"~M'W~il\l
'I'htl1bil~H1~m'h:IJ (Network
" OJ
Flooding) nl'j"VW1Vl~'Vh1VibUMbi{m~~1t1~i1v &ihl

"
-ifil:J.J~vi1lJ dJ'WtI 'j"::; lV'll'uviD r:J1~ 1~ V b1JlV1:J.J1Vb Vl tJ\J1Vi-ifill-J~vi1oii\ll'WM1~t1n fi'll-J1'j"mi \l ~·h'W111u\l~'W'Vl1\J bb~::;tl flltJVll\l 1A~ bEl'W~tllillV'Vll\lvil\JM\lA\I·l'h.n'W
-1i\l1'Wn'j"ruil~\I b1lfvJ b1Dftil'WVl1\J bb~::;
1iJi(i]1~tI n&i ~b(i)'liD\l'Vl1'Jnl'j"amn'iMtI(i]~'W
-1t\JNlilff~Yil Vnl'j" 1Viu1nTHblil::; rrn 1oiiU~nl'j"'1I8\J bMvJb lil{ bblildAfl bil'W~n'V::;vll1lJ , ~lb1'V,r'Wbfl\J • Gifiln1~~D~1'iv1a1~ m~lblJ~bil{vJ
"
11
l18fb vimll-ifD~lill-Jl
ill iHN'i:::uu
b'li'W 1'WblU hVi'V::; ~8\!'1hnl'j"fil'W-ifm.J
blUi 1l{vJ b1 D{ VI~8 ~1~1 iu ~ bil{vJ b1 fJ'f-1t\lfll'V'V dl nl11J 8\1 n'Wvi u tiu 'VI'W ihh 1 nl'j" h:J.J ~'1 ~ b-iim.J ~ fl'J::;Vl11\l bMvJ n8f~\ll'ilVi1lJ
"
bLff~\J1J'Wb 'I'I<iIu 'Vl'W~ lUb min bnD {'V::;vll nl'J hl-J~
"
lil'V1n
"
ffll-Jl.rl
&8 ffl'Jn'W
U '1'111Vi
bllJ1MvJnflfllJlil"lmlmi1'W-ifD~lil1ubbm~\JNlil1iJi
1iJi1'Wvilil"~'ll-J~\lmTVrlV1Vl~vll1Vinl'b~l-J~'Wml&fllil"ldd::;'VI11\Jbrl~8\1 , 1t1~lVrl11l-JVln~llJ1n • n1'i,yfil'il11\1:ij111~Htln&ihju~n1"al~ (Connection)
"
use bl1JhVin'tlJlil"1J..J1'C11VilJ~m'j" 2 bA~fl\lbU'W
11 fl8~1::::'VI11\1 b11J b1l{vJb18fnlJ(i]'Wbfl\J
"
b'li'Wnl"il'j
V1 Vl:J.J ff11\Jn1,b-ii
•
8mi €I
'IJ
1Vil-JlnYiff~ -1i\l'VIlnJ::::lJuvirin
DoS J'W:iHj(1]~l n~'1IE1\Jnl·.ib-iiil~ ~ €I n'l::; llJfflm"iC11Viu~nl1r:JH'tJ

111 VVI«\11~ b11fl\l'll n b ~{v-h"wfliJi1oii'Vl'r'l'lVl n, 1t11Jimlflllb
-iiDl-Jvifltlflfl~J'W'I'W'VIlJ~ b'li'W nll:W
"
n~Yi bih~11'W
1'W'VIfllvnlru'J::;:wn11
Hvl'~"'1'1 Vl111'1lil\J ~oii~l'1 "
b1ilm~1l-J
Iurrn h:J..J~~ltJ
1tl,bbnl:J..J'lJ'W1(i]b~nvig\JbblilnbnM1'Wfll"ihl-J~1t1u\ldh'VIJ..J1v'I'I~i1l-J'1n'W
U'WbM'V'Jb1 €I
'YI~D H~'W~~~rl';1'W1'W:J..Jln
11 'WillI
bnuiitJ:I.I flYi'lJ ll-Jv:J..Jl'v'll1 Vib'd8vi1J'Wb~{vJ Ldfl{ b'YI~fl
hi m
llWilvi 'V::; ll\Jl'W 1~ v
dJ'W~'W 'YI~fl1 'W1J1"f1f\JNWlJiI\lnl':im::;vllul\Jfl~1\J(i)i11J1mlvi:wmjn lll':ihl.J~1~b'li'Wn'W
"
ffl:IJ1'Jrl'l11l-J11111Vi bA~Nlilb~:nD'W
rm 1tJmh\l~'Wb1l\J
DoS lillJ..J11C1vi'V::;vll1 Vibrl~E1\1AD:J..JW1bV1fl{vi dJ'Wb1Jl'Y1:IJ1V'lJ1~flll&i~~fl"lln oii"bbti'WD'W'hfll'im::;'Vlli?l\ln~11'i)::;~\lNG'lb&VVllV1~fl~1\l1'Y1qj'VIlill\l
bUV1 ~:Hll b
'VI1m1Jl'Y1J..J1~
tT'WdJ'Wg1'W~:Wml:J..J~1~q)
b'li'W bA~fl\Jbil{vJ b1i11'vidJ'W,\,l'Wl1~:J..Jbw'V'lJ8\1 b11Jl"1il1EiAil~ b~E1h mn
'YItJ\11vll\11'WL'l\l1t1 ::;vll1 Vif'ln ~'i11aJ~1J..J11rl bb n'l 1::;b1ill.JAfl~'W~h1~
"
n\J bbiil1 bM'V'JblD{~l~'W'J::;U\lA\I
lil'1l.J11rlvll\l1'W1iJin'tlJilu':i::::IV"1itJ Nlilnl::;'V1U'lJiI\J1l11~n OJ (bM~nil{ DoS tTuVllnnl1 h:l.J~1~Nfl1'W'i::;i?l1JA11m'Wbb , l\lvh'1Mfl l:':UU
bUl'lb1fn, bbDl'jW~bAi'W) 1~Vll~'1::;vll\11'W1~u':i::;~'VIB.rnl'j(;hnllAdl:l.JdJ'W'i)~\Jbafl\l'i)ln au su i1\Jvi a nl"i DoS 1~ V~l::;UlJ bil\! n13J~1 l-J11rluij isn 1~ «n'Hru:::: n-rs 1 : TCP/IP Security •
'I::::~il\J b&V bllill1uM
(ilillJ fIIUtJ,nhu
1rHl.i'Ol:::~U il~n1J5m~ru:::'1Jil,mTJ 11lmh.1Ju
h~~Ju
'J111mnnllll
h~Wi«:lJtlYlit'Jt'l
b~l-J~ih:::
'111lV1I:::uudJutl:WVf1I'l'JIIEJtflllll'1hnu •
1.h::::lJlrul"iliJ1~
bTI-J '7i-J'Ol:::t'l'.Jt'J1jH'Il1:IJb~EJl'I1 lVinuLi,n'OltJ Ul\l EJ
Li,n91lJU BU bl'lil1 bU(;l..)lU lU:lJ1n~!pm

~
l-JflUiil\i1'11fl.J liln'Ol~U a UnlJ 1'l11:lJ t'l'1;J.i11r1 u lllil

~ q ~
u~nTJ'1JtJ.Jblu1'1J~ 1'l1«\I'ilfl'Vlnllu hYi
\l11flUl\lb'liU 100
Amazon.com, Buy.com, Ebay.com j)ln'Olb'Jlll;,hdtJu1~bl\l'n:::
bllEJ1bobUM YnmilJh'll1~r;;jlmimlJtfl1V1lJ1nlI1~11Jh£.lt'l"lb'Jlllil1tflFi(i]1~
1
•
Vi
"
lfWUtJ:lJ dJu 'VI1EJW:::'1J tJ\I~ln'Ol bt'lEJVi b~ £.11 'Jill mU1 EJlJl'l11 mi':J £.IVII£.I nrrnnn ' 'V1 €ll'Ol'V::: ln~b~f.I\lnu nlJnJru~b'j"l
bb!>iiTIII 1 ur'ih'Ol :::u\ltnn I
"
DoS nUl"nl~
bi':J 'JIIlEJ'1Jfl\l'l:::UlJ en uiln ~ bb~' Nill5l\1J5 U
bM€linn DoS Nt'l5V'1fi€ll'Ol'Ol:::mil€lwnu~€1
bbt'l:::!>il\1nU:IJ1n b'liU niru~bilbM€libi':J£.J'Vh\llU b'j"lblil€lfl~fII1:lJl'lnff\l~-hum~mnlilvlfl11l1Ji
1~1Ji
llli bblll'1J1jl'JII~lJb 11b(i][]'f~ b~EJJU'Ih1Ji~lumn n5lJ~'WciflltnV'lb~l-J
'"
bVhJ\lbbvi'l11bI1b(i]81(i111'J11~m bU~£.Im:Jnmjl\lFi'Ol:::
i:l'Ol>tutnf.JW8 nii'u b.Qi'l\ll-Jl'Vlnlll'l b'llbMEJfl~'1h.nUb.Q€I\I'Ollnm'j"
"
Uvlnllbbn1'1.1dTI'Ifunllnn
hl-J~'1.Ifl\l unn bntJi DoS Jh£.liE1tflbb,'h
"
DoS 1lJ~l£.lb'liU,x'W
(i]
b.Qfl\l'Vlnlll'
DoS ,xudJu 1Jil1
11 1.1ltfl~ b11 iI\ll~r;;jl:lJ1lnMI1'Oll\llJ
mdbU~f.Jmdlb(i]€IflJ.i"hA(i11il1~81'VbbniJClJ'Jlll
1Ji 'Jill n1J.iijI'l11l-J~'b W£.I\ll\I8n £.I1mi8lll'~\l1lJ uiliJuJ'YIl'llnm'JCln lJ~nl,'Jllln
blU 1'1JViJu'VIEJ~rvh,'llu"i'lnlU ,
" "
bbt'l'::: Ull ']j"r;;jbl1'Wnllru b'liU,xW b
use bIt'l1~H1 "
Ulll'J
DoS n:ijm'Ol1l1::: b:iju1Ji bV'ld1:::I'l\l1~ihlU 1'1J'II1tfl~91:::j:JN1'iiBtfl'llUI'l€lEl 'JB1'li
bbt'l:::tJ\l1J.iilll:IJ1dn'JIIlm\llJ~J\lnU\l11
bil\llJi
l(i]EJ.yfl11lm1hj.J~bbl.lU 1J~nl'JluEiub(i]BibU(i]~bbMnlih\lnu
DoS 'Ol:::ahUbbUl.I~'Jllt'lln'YIilllEl bbt'l:::j:JblJl'J11:IJ1£.11um,l91~Ml'i€lmi ~umjnlJllbbembnd~uV'lu'lifl\lll\l1Ulll'l191l-J&i'Vlnm'lJ~m,
"
Ltfl~j:Jmj Uvlbd18191"';lbbUn5m!lru:::'1Jil,ml'Jl'Oll-J~B€ln
"
"
1JidJu
3 1h::: bf\Yl~U"ilU(if\ld
•
•
..
m, 1'li-J1UYlfV'l£.lln,~j:J,,)lntfl91uvh
1 Vi'1Jll'lbbl'lillU bb1:'l:::.:i1011llJt'l'lm,nL'li\llUYlfl\lEllm
,:llJi
b'liU HibbUu#li(i]TI91'W'JIIl-JI'l, Hirh5\l1unl'J1.l'l::::lJlt'lt'JSl'1J€I\I
"
CPU
9lubnurh5\l
bl1:'l::: bl'I~ill\l€l~:::1uui:::j.JJ1:'lt'Jillll\11l'1Ja~u 1~ vllt'llt.J 11'l1,lt'l"11\1'1J8\l1iB~1:'lal,"r;;jub "i'l1"T~'1::: 1i1LUn1'JlJ~nl'l vllt'll t.JYll\lm t.Jm'I'J'JII1€lJltfllll.l1:'l\l€I\1I'lU,::: n €IlJ'1J€l-JUlil biin b LYi1J~m,\'Ill-Jlln~1Ji dJUlilV'll:::iTIll 'mfi\l b1JU~\I~l\IU 1Jimn~a~
1 U ill[]1l\1Vi1lJt'l'1 l-JliCl VlBElL

"
~ilm'lhl-JM"i'l-rl\lEJlm~ij
1 WYh1iil~€l1ull91:::
..)lntflL U'J:::lJU LVi1lJbVl£.l\lV'li'l~~:::VilJ~nT:i l~ l
nlsluillunSWSlnSiluillulwsilwarianlsusnlS
1'18:IJvh b~1il{bbiil:::Ulil bi{nl'il\1 b bVl~lJu1Jibbri bblJu~i(i]t'1Jil\lbu(i]liin,
nJi€l.Jn1'l'll1V'1 Ulnd~lW1U'Jllct\l
m.htJI'l11l-J~1.
b~EJ1iIL Um,v11\11U blt'll'1Jfl\l
Ylfl\l tnrn
~U~lJU~flln,
CPU 1Unl'l
U'J::::IJ1t'l Nill (CPU

. • '''I1~::1l1J
Time), 11'1'J\lsf'h\l'iiill-Jill,
"
1'll1:lJ1:iIl!-J1,n1 Un11b-1iil:IJ~ElfllJI'1Ell-J-Wlb(l1i'libl'1~~N
TepliP
~'W1 us :::VI{YHrln"HLl ~ flm.J~'W1~ thVl{ul'nurl3,J

q:
b''.ilill'il'il :::iln l~ii\l
b'li'W 'l'H~"\I\ll'W 'V'Ivh brl~il\l1Huilln11'! 1

1.1
ilru'YIJlii1 'Wnl'lvll\11'W
q ~
L(Y)[J~11tl Ufll'Vl{l'I ~J1n'l b'YIril'd 'il:::n nes n uuu in111u~m'l,yj blilfClnililn bbUU:J.Jlb>'iEl111~lm'lClU~m'lnl'H~[Jn(ilb iUb l'I'O)
tl~:l.J1ru L'YI~~'l:::~u'YI,j\l ~\li:'N1Vi10,000
b'li'Wb lUb'Hw
",
rlt\l \l:Jill'W1Vi, bUl.llblfn~SJ:L'U'W#il(Y)5
64 Kbps '\I:::~l:1.11,n111'U~nl'llfi~rhV!{'U Hi\l1'W1'Wl:::~'UVi1~bn'Ww,i1tl~mru
tl1:::~'VlBml'lnl'lv11\l1'WL'l(y)~1L'l\l:I.Jln
" ff\lG'!(Y),yjrll(y)fll'lru11U~Tt'l{l'I[Jln'l<5\1'il:::ih ",
r:rt1i 500
rl'Wl'I~f)3,Jfl'W dJ'W~'W ,j''W'YImUD\l'il:::~fJ\lSJtl~mrunl'l
Vl [J\ll'lf)
dl'Y1{Unl'l
'YIlntl~:l.J1runl'l1'ii\ll'Wa\lfl'hdufl:J.J'il:::vll111
DoS tl'l:::bJl'Vl.cr'il:::flll'1u.:ziW;Jlfl\ilmril.crmbiJ'W
"
bl'l~f)\li1fl L\il[Jfll'l'jlW'-W1J.Jv11111V1{l'Irnm'll1\ilbbl'l~'W~\l1,yjSJnl'l 'il:::n'l:::v11~lbil\l

'!J
H\ll'W'\I~\lb~[J\I
L~mJmJ l~wm'il3,J~
wl'lf)'W'YI,j\lbiJ'Wr:rtoE uae 1'ii'Vl{l'I[Jln1b'VIrilt1'W'OJ'W'YIl-J(y) ltlbffmfl\l
"
Network Connectivity
1'Wm'l~fli.~l'l~l D\lUnl'1fl
Network
[JLtlj Llilrlf)~ TCP /1 P t1'W'Vl{l'IUlfl11lUl\l'YI,j\lViSJ~lfl\il
bb\l:Jl~rifl [J:fJrl'Wr11il\l
Connectivity
bl'l'l1:::L1J'i Llill'lElfil TCP/I P nl'Y1'W[il1Yidi'lJlb~:::'il\il~lam'W:::mj
~[il\l:J1l1:'::'YI'-h.:l b-ll{'V'Iblilf bb1:'dl'lfN L1l'Wttlimj 1'IL'l1l(Y) LlfNl'il'W nl1fl1'l~\ilviEl
"
~1l ffl'l'O):::U~~\l fl"Cl1'W:':: fl1'l
&1\ilI'i1lj:::'VI11\1b~fy.,lnf)fbb~:::11'1~bEl'W&i
1 rit1'W"I:'::b~[Jnll
'il:::1oE'V){wmflj"VI'\Jd[J1'I113,J~11 'Wfl1jbn'Ub'{h 1 'lbb~:::1oE,1L'l1 CPU 1'Wfl1jtlj:::m~NfN flU bb~~:::j:::'U'UtliitJMfl1j bbtliii-.:l'il::: Himn'VI~mJmJ1lul{Jl j~'Wnl'l{j\il.hfl\ilvi
"
1 Connection
'li\lbbl'i~::: Connection b'{hl jt1'WiT'Wmj

'!J
u '\J'WEl'W1l~ril1~ril'Y1,j-J
Connection IP ~\lt1'W
l..h:'::flfJ'Ullu ltl'lLlill'lilfN TCP/IP 1(Y) "1::: bb8nfll'l~ 8

"
t1'W1l'l{qjllil1Yifl"lm'lCl~Elffl'lfl'Wl~'VII~mJ11l'W'YIm81
Elii!1'lElEl n'ill nn'Wiill'Wfl1'l'lil'OJljru
1,yj'YI3,J18b~'lI'Vwflil LbL'l:::"VI:J.Jl m~'lI

, I
b~fy.,l nilf'i\lElu1'W~m'W:::,yjW1El3,J,yj'il::: 111U~fl1jbb1il:::bil(?) Connection bi11m 1(y)81~SJfl1'l"liljl'il ssu fl1'lh3,J &i~18
1"V1~1111l'U'Vln<lfl1j1El\l'llil,yj:fJ
'O)(?)Qb dJ'W"I(?)Dil'WViClmh11..J11J1 msl 'ilJ..J&i il\l~ u
'"
Syn Flood 1'1 Dnl'lVi usn bnilfl'l8181l-Ja\lffqj
qjlru ltl U\lb1:h'YI:IJ181(Y)8
tl':::'YI,j\l11'O):::'lIilv11fl1'lb~1l3,Jviillil13,J ltl'lLlilrlilL'l
TCP ~1llilil'U{Ur11'IJil
Ltl'lLlilrl a fl TCP 'li\l1,m#i~111tl'il:::~\lfl'l:::v11lilll-J,yjj:'::'U LL~:::~lilLlil~mJ'YI'\J18rnl3,J.;'1";1'W1'W"VI,j\l
,1'W
b>'iil1-li1'Wfl1jb~ilmiEl v11111b'fif'V'l lilf b b1 (Half-Open) 'OJ 11..J
t1'W'T bbl'lbb!'lnbfl1lfil'il:::v11fl1ja-JffqjbjJlill'IJil (ifil\l~(Y)!Ilj'l'YI'\J1 [Jrll1l-J;;Jl dJ'W~l'Wd'Wmn

b V;1l'lil\l{U
L~ill-JvlilmflUl\lvlf)b.j1l\l1'W~1'Wd'Wmn
fl1'l'llilfl1'lb~ill-Jviil'YIt'lilfl1Vi1~:n1'W('h
'iI
'OJ'W b'YI~fl ~ bVl8\lW1lv1'OJ::: 1 bil(>}fl1j b~ilJ..Jvlil1.il'Y1{1Jr:rtii~11tlVi b'iilmYi"VI~\ll~ '

DDS lfl.cr'il:::1'iib'VlY'1UI'I'lIil\l11..J'lllilrlil1il1'W'l:::~ubulilblfn
ii\lbbiil1n1j
~~vim'OJl-J&iiil~v11il:::
'iI
1'1
n'U~Ulilbl1flbbU'W(i)1(>}5bLvlilUl\11(>} 'Vl1'VWlfl1v1rlfl1'ii'YIJ..JM ltl~1l'YI'\J1[JY'111l-J~1 use
b~1'V'1 bIf)1Li'Jl'Y13,J18 .r'Wbb~(y)\l111L'14'Wl1fi-.:l bb!'lflbnflf'V:.::ii bb1J'W#il(>}gv1~l bti'W ill'il'il::: b~m.Jt;i1ll-Jl bb3J 'illflnlj'YIl-J'W 13,Jb~3,JbbU'U Dial up bb~nil11"l8"1(>}btl'l1:::'Ul\1'l1il-:J'l:::UU , b'li'Wn'W ~\lQ nl'lvi u !'lflbnilfii uen bn1lf b~ flnlflv1 mm:.:: ffl-Jnalm'lblv111
bbu'W(i)l~§ ~1 "VI1 n 1'ii b'VlI'IUl'11Jl\l1l Ul\lU il3,Jl~tJ\l
"
1'IN'lb'lI~b'1lilf'llil\l
bbL'l:::v11fl1'lhlJ&i111d'i(>}NSll~ bfl (Y) bbvi'VIln N~
Vi rrn
1 'OJ-J&it1'W l d'i(>}Y'1113,J biilu'YI181(il f)cil\13,J'YI11'!1~
1:
TCPliP
Security
.1
.,:~. .
.
, .:
.,>.: ~
--
-.
"~
0("
~.
-
....
-
..
---
---
-.'
,
---
--
---
1u
hhl(i)fl8
~ TCP/IP i:Jn1'l1.J~n-rH~n'1'V1~lVilV1\l~ill·kv:i
81oE(i)'l1'"lNillJJ:::l.JlJ~~~:::
1V1
'iJil:J..JfiI'1·nnYl'ilTlru1lJ~nldb
llJilnTl-rm::flflllmJ~ill'lf(v1(i)'11lJiinw41n(i)~oElJ~m'l
"
'I"1G'il,rUil~l\1i;'l::: b~hJI'l bb~1'il:':\'\IlJlllJ~md~\)YI:J..Jl'lbU'l..mTl1
'I1lJ~nTl1I'lv
bbfil:::Yi~hR'l!fif)lJ~m'lb'VIG'il,r'W~lJ..J1'lfl WV\lEllA'm'lliPlUi'lnl'l
'lhn HhlJ'Wbl"l~f)\)~f) lUnl'l h:J..J~i)(;11uiT~ bbri~l bil{V>lb lil{bf)\J 1~ bb~mnf)'h

1.l1il8:J..JIP Address bVlv\Ib~m.'imJbbfil:::bi-lflnHlJ~nl'lv1l'V1:J..J1:::N:J..J
~il1V>1blil{n~1J..J1'lflflnh:J..Jml~
"
tlllm!1\Jv1d1U \'\I8{(i)v1dJ(i)1'111J~nl'lil~
lv'i'lil'l~f)
rrn hl-Jm~1VlJ~m'l
Echo ~'lbUUlJ~nldill'\JojJf)l-JfilV11al11J:lJl'11n
(TCP Port 7) n~l.Jll.lif\l~iIl'\l1Ii'wrmh:J..IM'"I:::1-11lJ1m'l 1I'lvi)(i) 1uiT&hiu
"
Echo ~l:J..InlJ
1J~n1'l~U'1v1'1:::;iIl'\l'l1m,jfilf)ilnm il ~1\1Hi(i)illJn'Wbil\ltn
Chargen, Time u 1;'1:::; 1V1lJ~n1'lB(;11'WiT~~\I~i1\1 "h rnu 1'Wb1 1;'11 U"Jl (i)b~1v1lJ~n1"Jb 'VIG'i111vl1\11UnUbEl-J B bbVlmn(i)IDai(;1f)lJ 11.l:lJ1'l:::Yll1\l bbfil:::dj8fi-J'1(i)'VIi1\)v1bTI1V>1mrfhJ ,
V 1 'l..lbil{vJb lil{b~Vlnu
1(i) VB(;11uiT&l b£1V>1 b1il{n'il:::(J lJ1n1"J 2 €l~lvd
'"I'Wl~H:hlfil1bU:~:::'Vl1',t11mml1.l11i-J1Uil~l\1~U
"
n&ivb1fi11~\lYl:lJ(i) hhvj€l.)(i)n1'lnlJ
nT'.il'il:J..J&i1um&df)wvh1YibiPl~fl\lbMV>lb1flidhvlmVYlV(i)n1"J'Il1\l1'WbVliJvbiPl~il\Jb~V1 , Yllnilm'l1.l1mJ1\1b lJ~n1'l echo usz VlV\I bam.'iilv nl'l h:lJ &iall V b'VII'lUfld'l:::~1:lJ1'lfl'll11 chargen EJ~ "J1:lJ~\Ib1j(i)b'HmblJ'WtfilIi'lTI
'!J
bbvi
tfliliV>lb lil{~\I'VI:lJ(i)~liJ(i) 1 '11
l-nBUb .Qil\l'"llnm"Jtln
v
h:lJM
rrn Hi\ll8lJb 'VIG'i1,rU'"I:.:vi'lbuuvi8 hh~mJ'1'"1Unl1'l:':lJlJ"r\lYll-JI'l'il:::'I"1V(i)
"
vh:lJVlull.lJilVbb-Wnb11(i)ffitii(i)EJlJnultJ
,
Yl1\11'WfiI\J bbfil:':uen bnil1 bVlus bbviG'i\l Vln bn(i)'lJEJ\lnl'll '"I:lJm1Ufl'r\l bb ~(i) b'VIilm..m1'l~ li'l'lJU1U bvh,r'W u 'In 'VI~\I'illmrU'l:':lJlJn'"l:':bojJ1i1l''"I(i)'lIil-Jm'lYll1illV(i)UbEl\lJilU'Vl1\'\1mm'1J8\1(i)Ubf)\I
",
mS1UiJ1Ulluuajai
b.Q8\l'"l1 mLlJ'W1'11(i)TI J'W'Vlf'Wrn n"J~ il1i (i)~ln (i)l-J1n~ ~(i) LLfiI d :::-'lIVlt)tllllv'iTITvl ~Ii'l n ~11fiil1 U , , '1Jru:.:~ CPU bvi:IJfl11:IJb11:lJ1nnll \IIEl hJ 10 bvh1'W 3
li YI'l..i1Vf111:lJ~lil'l11'11~mb1il:::1lJ1i1iVl41nIi'lBn
~(i) bdEl bU~VlJ bYiVlJ nlJ1.l~m ru~ ~11u~'Wbt>l81bU(i) bbt'l:::1JJD~1 U~tl1'W'V\'"I::: ~f)~11nU DoS U'l:':b[l'Vldill-Jl~\)bbvi~iTmbln'1
1J
bb\llbblJ'W1'11 VlTIn~lJ blJUVl1W Uln'l~
b~d-.I;U 8 V1\1 b~8\11il~
TI~
bvi:IJ;U 'l1:lJ~\l41U1'W lemtfibbt'l:::-1J~m'll'i1\1'1~bVil-J;UD~1\l'l1(i)b rrrs Ju DoS bvj€lYll1 tlbbtJutfilVln"llil\l b
u~bl1mrU~(i)1il\l
nl'l
1~
bbvi
n iT\! iPl\lbUU lfi~
bU'Wnl"J DoS v1~U:l1U~~(i)bbfil:::-n'l:::Yll1Jf1(i)V~lEJ
ci\l f,.JfiI b€iVYI1tJlt1i f}~ bI"l:lJl unn bnf}{ ~1:lJ1"Jfl11i bblJUWll (i)B'1JD\lbU(i) bl1n"r\l'VI:J..I(i)v1il i
Dtil~ 1'W'1Jru:::~vl1nl'llvl-J~Jilvnl'lill'\lojJ8l-J1il41UJUl-J'VIlffl~ ~lm"Jm~(i)'lil(i)~lUbU~b~Hn
"
"
ltJlal
"
11.l~ bU(i)bl{mlh'VIl-JltJ'luojJill-J~~U
"
llJ
~1 b'VI(i)~Yl11'11nl"J DDS lJUbb1Jutfil(ilB'1J€l\l

9
bUt>lbl{niTn
bUU11.l€lti1\11al NfiI,rm.Q8\l:lJl'"11n 1YiojJD:lJi;'l~l:1J1161
bUt>lblin dJufil'W~tJ1nbbrinl"JiJ€l\ln'W &m;l1"J 1alotil\111(i) b~1~~(i)

9
'VIi'i1~"lI8\1bUt>l bl1nAmI1UltJI'l11l-J~:':(i)dn
bUt>lblinilnSl1mlilV:lJ1n~'l:,:vl1m'l(>l'l1~~DlJf1dl:J..161niliil\JYI~ilfll1:IJ
"
"
b'VI:lJ1:::-1iI:lJ'1J 8\1'iJil:J..Ifil~~1'W 11.l:IJ1 &)\I,r'WLdilil n1'l h:lJ ~ Ln(i);U~d
"
VW(i) l{mbfil :::OU ndru~l-J b
'1~
••
&'il~ltllll
Tep/IP
ti!m ~tl:lJmhru~ 'iJ
:J~'Vl'il1J ~d v'1h:h-iim.m~Tw
'QJ
l1.Un fl'V1L 'ihm;!u
dJu rrrs h:lJ~
fllln'iruvlntl
<:f ,
~1\l1J\l
I'1\lEI1U1 V1'111:lJff::;~nnrll:lJllnli'i~u-iifl:lJ nT'i h:lJ~ bbuudi1~~uu nld'lJV1Vnld rm h:lJ~
"
~ bl1~l;!U'vil:lJ bU(i]b~Hn111l1:lJl'l
1(ii:ilYrCilJUlnl'i 1U'Vll\1b'VlI'1UI'I'Wtlff:lJI'1Tl" anvmms u ~lvm'l1'ii-iifl'IJn'W~fl\l'lJfl\l111'l1(i]1'1f)~LL~1
1-ihVlI'IUI'1'lJfl\l
(Amplification)
nl'ih:lJ~'·nni1~lv~~'W1f):lJ'1nUb~Vn'-h
DoS nUn1'ivll\llU'lJf)\l1tl'lbbn'l:lJl.h:;bilVlih1Vl'i~U
:ilnl'lll-r'IJ1l'l\l1Yii'J
Distributed Denial of Service ~\ldJUnI'lNff:lJNfflU
(Trojan Hourse) 1~mbllmm){<j:;1l~mJ
111d bbn'l":lJih 1 V1d~U1tJVIl1!'l~H'1ti!1\l'1Yifl ~1 U iiUb(i]f)1 bU(i] YimnYi ffl'l l1'il1Yi'lJ f)\l1tl'l unru 1'Vl'i~U 1 bi1~l;!U~tl
11 fnYi"J:; h:lJ
'V:;vlln1'l
DoS 1tlu\l biJli1mmYlV\l<jl'lb~Vl(i]l:lJnTl«\ln1'l~lny;jUVl'll'IJl'I:lJ
"
[;i uen bnfl{ bYlV\luti! Gil \I ffrurullli'VlnfIUEJl'll'IJ

"" .... 'iJ
1'1:lJ 1111J\lbl'1~fl\lanth vYif) ~~,£U b(i]tl1 bU(i] cu

'i 'l.I
'"
b~f)n\l 1111J\l bU(i]bi1n 1~ uYiiil'(i] ,
-7i\l!i111'l bbn'i:lJih 1'Yld~UB~ #flEl~l\lnl'i
"
~lmrUVl
n bl'1~fl\lih:;'Vhn1;fi\l
V b~:lJ111 ~lV
bbwn di(i]~lU1U:lJln
biJl'l,!:lJ1V'W1fl:lJ'1nU~ubluu!ili~TIbiJl'Vf:lJl
u wmn(i] bi1~Tdbbiil:;i1V~vll\llU ,
Ping Flood tTUbrN
DoS dli1'~'1JbU(i]bi1mb'IJu!ili~TIyj1<Ynnu~1~bbrii~ -u
nlsld~lunSUl81nsdu,
El~l\1.yjl~n ~111
U (i]f)U~U
11'Vl-r'W~n mYi1-E1 U rm 1Vi'IJ~n1'lJu:il
m nm
v unn bn B1Ell"J"J:;
b~Elnh:lJ&i111u\lVl-r'Wvln'i 1!i1'1Yiff1l-J1;m-iilliIl1[1i b'liU • nI;fi\l

.:... e-
e-mail ~lU1U:lJ1n111u\lb:lJ~d11Yhlf){bViEl1Vib:lJ~b.i11.V.Jb1B{1-E\llUbdflYiuu
:::.
~ffn'lUi1l-J!i1bbiil:;'l:;'IJ'IJ'Vl\li1:lJ~n~:::i1~I'lVll\11U • nl'lfl\liPll'l1fl1l1:lJlru:lJln 1U'lJru:::Ju!i
co:
-:v"lnIilYi'V:::1Yi'IJ1n1'lbY1V-J 10,000 session 'W1mJnU
m-E~lulumn rll ~\l b1J(i]i1ih biu b'W'II'lB~" Cllff:lJ:lJIi'il1 bi'IJ b1J{'i'Jblil1:ilii!i1 " "
bb~'bblJmnfl1vlln1;ff\liPll'lJEl
111u\I V1lJb'lif'V'JblEl{b ViD1Vib1J{vJb1fl{vh,numTn
tl'i::;i1ihil
'I1~i1n111n\l 50,000 session bl'IJb1J{'i'Jb1fl{;!uii~:::1~ffll-J1;b11Yi'IJ1nl'l1[1ib~V • n1'lfl-J1'i'J~-iiEl:lJ~~lU1U:J..J1n~u111111u m'ivll-Jlu •
"
FTP Server bViB1YlbM'i'Jblflfl~!iYil1\11u
nI;fi\lffl'1~1l!il'!J1llmh-Jv1L1J1'i'J ffI'1111!il,rUvll-Jlu[1il 'Vl1'WVlm 1U'l:::'lJu111il~1\l1aH~u
bli1{f'll:lJl'lblll'l::::lJ1SlN~
Hi111u-J b1J{'i'Jblil{ 11'lvYi 1Vib1J{vJ b1 El1vll\llUbbSl::: 1-E 1i1qj~bSl:::[1ieJ\I CPU Hi
v~l'lll'l::: ff\I ~ bYlV-Jil ~11l b~ V1Mil
"
nf'l«\l\llU
1Ylb1J1'i'Jblil1Vhm'lffui11iifl~~'11fl~lu'iiil\lL'l'1lUl~
Time U1U:J..J1fl'1 .JlnUl1~lVI'1~\lmh1!iim~1.l1l
'I'h1Vi~-li1'i'Jb1El1vll\llU~u1lJiu btJU'V~ bll;l:::]J1-Jti!ilfll''ibln

DoS
'I::: ~-t1ul1'Vl-r'W VlnJYi~l
btJU1 u n1'l'IJ~nl'lVln"lIUI'l~lU
i-J~u dTVlfu
uen LnEl1Yi'li'lUlqJ bb~l'V:; 1-EblSl1 bwv~1lJUluiiffl~1'l~ibl'1;1:::i11(iil1Vl1'Wv;n; ~\I~ b~l'lJiI-J~ iu 1'1j'Yi'l:::~El\lvllMD
1(i]Yi
ffl:lJ1'JbI DoS 1[1i\ilVbb~:::ffml'VlifN~Yif!~ ~1 uunrm
fll"i{?)l'l-J 1')~\l1'111~
ffl:lJTm 1um";! 1Yl'IJ1n1'lbbSl:::fl1; 1-E'Vl-r'WVln'l" 11bVieJm'lu~n1'l1 1
Vi!ill'l:::~'VlB.rn'W~§I~ 1t9W'WVlrJl:lJ , bbSl:::'ll~b ~1 n\l bb~ll'V:::
DoS yj mJ-J:lJ1nur:l('ii~11tlbV;El'V:::f'll:lJ1'l(l-r'IJiJil1[1iil~1\l(ln~D\l ~ ~
Yir)m.~-iil-J tn n ~bti!nbtJU ~1l~1 btJUB ~11l ~\l rn Iildli11U e:JYi~ I'l'l:::1Yi'IJ~n l'l'IJU D1.HWI El1bU WI
"
1 : TCP/IP Security
.11
?ti
_'f. .
I
-
·~ .
.,
•
>
,
~.,-
.-.--1.:
-~-~~-~~------------
~
bbtil::bb'W?iPlllJ,1f\I'l'1lih'l DoS Nfilni:'::YllJbbfil:'::
bihJl'lTVi1~'l.J'mr1tl111'Wl.JYl'Vi 1 dbii'WnT~m·Hn!.J1Vibo;;'Wm~nl1\l1 rm DoS b~fl1Vi~fll'Wi11"111J,1~'WbiPlmbfil::d-J~hlbo;;'Wm~'1:J..J'1IihlWi:'::'l.J?'Wnli

"
bYll'lii I'lYt uen in H.ft
11 1 ~ fl1'l.J~:::mill fi\l bd fl'VI1Yll\l~1'W bVll'lii 1'l'Vi 'W1.J'Vl b~1::
~ n1tl1'W nli
1 J,I ~ bb~til::: "J
uuu b~fl1 Vitil"ld-Jl,bl(i1,l~~lJblfil:::'VITVn,n'Jfl\ln'W 1~
• &V,t'iifll1J
replIP
S:UUnSlDDUn1SUnSn
.. ..
Intrusion Detection ~flm:;'UT\ml"i<$lu'WnUiil:;I?]El'Uiil'Wfl.Jfifln~n"i"il-J~bfi~;ff'Wl'WbUl?]bi~n

~lJ\l11tJ wifl"i:;'UtJl"lfl~vh
"
bwm1' iil:;'VIf~ EJlm~ fl ~lJ'Wbtil?]bi1'ml'W u
blJ'Un"i:;'U1'Unl"iI?l"id~~lJm"ilJn"inbbiil:;nl"inElnl'U~bi'ilil;ff'UlJ'UbI'11El'.lhmr'Ubfl.J ,,
'1'11mn nflTI'U1 EJ 1'WmHl~l
EJ '1
riA B
~.J~'U Intrusion
Detection System (IDS) n~El "i:::lJlJ~lh::: Intrusion Detection

r.h'W LU:ln
nEllJtlil
V~l1'lil bb1~Lbiil:::'lfm'J ~ Ud~Nl'Vlf'U'ihVI'l:h~ blJ'U us :::~'l~m"imJ 1u EWiJ Em~~
~\I btl1tJU bG'lii1)'WV1~I'I1)tJVl"il~I?]"ilI'1l1:l..l
1u,U~b i1'nl1tiliil.J~V
"
Uiil:::l1~\lN~Un~'VI1B 1~ U(;lb'i1'n 'Ubbl'liil:::l'W~'Uii')l'Wl'WtTlJ ldJtil'U
n~m"il-Jfil\l'1~bnli1;ff'Ufl~UUb :l.J1El~U'U U(;l b b i1'nl-JlnmEJ 'IJ U~nl"ifil\l
:ilo1ifl:l..liil~~\l~l'U ltl
'IJ
'11J'W8'Ub(;lfl1'b (;l~ b U ".illoii\l 1'WmJ'VI nl'W~'Wfil\l 'IJ ,
nEllAV bU(;l b'i1'n
blJ'U'1Ifl\l'VI1\l1'Un1".i~Eliill'lvr\l~'W 1ifl~iil-rlJ-iil'\ln\H) ~l\l~'VIlrrliil
1lJil"i):::blJ'Ubi~~1~V1U Uiil:;n1"i'l'll\ll'U
Bbl-J~ bbiil:::5'U'1lJ~m"ib'VIt'i1t1'Yhl'14:il
1'ULbl'l1;'l:::"i:;WllJ'lJEl\l bUMbl1'n biilbVEl1!!l1\lnnEJ 1 '11 bnli1
-iJfl~1;'ln'UblJ'W<$l'Ul'\.J;j.,l1n b'1l'Wm".i1JjD~1'11iilv1
(broadcast), rrn
query -iJEJ~iil fi~m"i:I.Jb'l'lt'ili1

~l"i-iJEll-Jf;illtli1~ Vnl"i
dJu 1tl EJ t!l\liil"l,h biill.JEJ iil Blil n iill1~ V~ Nt oii1aJ'VI"illJ Nt 1i~ li1 :;mlUl>J iil'lJD\l nl'l&fl l-J1)\l ~1'W ua WW~ bl'1-5W 'Yh~u b'l1'W'I:::1'h:il
'IJ
""
1'l'W iil'\l~ bl-J l-Jl nlii a bdEl~ ~h'W1u"iU n"i:I.JUj::: um ~

'IJ
"
bl-J ~1'11;'l bBwil 'VI~El~ii Dl.Jiil~ blJU HTM L 1~~ iim.J1;'l~:il1lt!mn:I.J~v'U~btilil sr ~ L 'ifn~'U
EJ~l'Ubl'U1J"il1 b'lfBf dJu$i'W tilW'Il"inn

'QJ
1'14~~:::~Uil
Nl'VI1UNt 4i1li1v~11tl~:::iilll-Jl".it:l~ 'll
1~~
V ~l'UbbElWW~bl'1-5'W~
..r~m".ib ~EJ.J~'W '11~tJ bQW1::: bbiil:;bbElW~~bl'li'W~'W '1n~ ::::ij~u bbuu1iEJ\jiil bilWl::: Nl'V1flJ 1'iinlJ ltl".ibbnJ:J.J 'lJD\l Vl'W bfl\l b 'Yh~'W W'Il"in.!l bbfiEl !1\l1~ t
0/) fll.J ~ 1li1~fu
WI\111unl".ib l1'U-iJmJiiH.hu bbEJWW~l'1'11'w'itdJ1Wi'VIm1'l11:I.J11~~\l'1buhiJEl :J.JiilUU b V bbl'ldJ'WbW'l:;<]~<$;n~'lJEl\lLbElWW~bl'li'W~iillmjflbbt'l~.Jl'14b~ulWib'Vh~'W "
"
L'ih l-Jl bbwi :n1'1i'lJEl\lM'Ubfl.Jn ~::: biilEJ b&tJ laJu
ll-Jl bnU'VI1ElUl m
bUlilbi1'nih'Yllvhl1'W
n"i:::'U1'Unl"i&fliill".io/)
1):1..1 til?l biin~u ~1'Wb

'IJ
uwi iil::: ~htJ~::: ~EJ~l"in'W 1~ tI~luo1iEJ~ iilVilv11lJ

"
b'Yh~u 1aJ:i'hifl.J'VI1.J~'W~~:::&flff\lnulWi
bbiil:::n~m"il-J'VInfl~1\l~~:::bnli1;ffu~'UntliEJ.Jml"YvbuwHi1n ,
blJ'W'VI1\l~·h'Uo/)mJiil'1l-Jn'W laJl1O/)fll-Jiil~'WblJ'Ultl b~EllVlt:lU".i:::iil".J~~
"
"
UaC1UlnF1 (Information)
-li~~UbVlRdJu-lim.J~Yhh:;m-J1'11'J.1':J.Jub'6~1:J.JTmflJ~Al1~'Vimtl'Il~\lN~iii\lHi1:IJ1T'V:;~til'\.!
'lJ 'i 'U 'lJ '3J
stlunu 1~ b'lhi ~lsml'

~
-lieJA11d-J 'llll1l'l'Hni'HA~
'U
DU1'1'11 b~tI-J Yi~Dll'llnn
n1'lru~u~~ub'6
~l~Tm
,-7111 'l1t1i -li~ i:iI'\.! bV1R~~~ ~l'lnUlJ'U

'U ~
U~ b~Hmi\,Hll'l'l:;
"
bAti ~ til U'lll bblJlJ~'\.! W1-Jiiill-lil-J ~U n
bl~flnbll~tI'\.! 1'J.1'Dtl1u'lll'Ilil\l-71m.Ji'l8 b~n'Vl'lilill'1~b viill'J.1'm1m'lfl~iIlim1(l; ~ v iU bblJlJ~\lb~~finA{\I
""
bbi'l:;b~B~j'flJll~lt1'Vll-J 1(l;
~
flJ-li a d-Jl fi b~ nVi'l ~ilA ~ b'Vi 1,x'\.! bl~l n'V:; '111n 5llJ b-li1 Pin, :;lJ1'W nT'J bbllfl-Jn 5llJIII dJuon eJ~U L f iii VIA1 U
"
'"
iilitJMiliiliil'WbVl
~-.j 1'l1Bti1
'3J
A b'Viii 1 t1'l:; l:IJ:I1ll,:; 1tJ"lJ,rbb~::: 1jJmlmifl~i11'111~'V!mtl i

,
su 1~ 1tiivnn 1:IJ1tiiflm1l1llLltJ
'U
U'lll bllJlJ~fln~fl']
'3J 'lJ
b'liUYI1mhliil:J.J ~J11~ri1tJ 1ll bblli'l-JdJ'W

'lJ
onflrll1:J.Jn"V:::D1U 1jJ~b ~fl-J YI~fl'V!l m.hifld-Jfl'II
W1\l,xUolJil L au VlI'i~\l'V:; ~ Ehl fi fllJ rn :::lJ1U nTJ' u lliil-JieJd-J~ br;u.J r:J~'Vl1'V!iJ ~ uil iil-Ji D:J.Jiln 5llJ~l d'iu a '1.1 1 i :u
!iJ 'lJ
""
fl-Jl~tJ\l1ll bbtJ~\I n 5llJ dJ'Wl11~ n"l:; 1:IJ~1:J.J1'flI'11t1i
"
iai:ilubVlIi'f,x'Wn~flbbfl~~~bl'1iu
'lJ 'i1 "l.I
b'li'WlJil1b'1:ffl{~'Vl1'V!iJ1~bbll~-J-i1m;j~~flf-J~:J.J~-Jm~
"l.I
-i1~~ml-J Lbfl:; 1(l;
b1'1tJ\l1'J.1'n5llJl.,neJtJ'1 bblJlJ~{1n~fl\ltll'l-JnlJ~r:Jci\l~fl-JnTm~:;c1t'iiiil1:J.J1'lm-i111"l-i1fliil'Wb'VlI'i,xU unl '1.1 u tiUElUl1 n'Vn'l'ld-J~H1ll bvi rJn1'l~fliil1'l-i1eJ ~'WLV1A,xudJun"ln'l'ld-J'Vi5ln~
bn(;1'l1u 1(;1V H
bUMblfn bUU~fl n~l-J 1Unl'liii\l -i1fliilubVlAcT'W"l:;~'Wmj nlJnl'lM lll, l~Afl
~hU-i1fl~'Wb 'VlA'llnWlUVl1-J llliJ\lllfl1t1V11-J
1(;1V~iUbblJlJnl'lflJci
i'lifr oj{(un1iflJim'l''W
FTP
"
niil\l bb~:;-lifl rl1'V!U(;1'I1fl\l~\l1:'l'fl\lO:htJ'V!~fllll, lMiPlfl~~1 'iill'u bil\l ~-J bVlA'l:; btJuttJ'll~

1'1 fli'l~flV1 'W'l:;W1lJiil-J1~blJu~Wn
"
\I
"
"
"
nu[ii b'liU
HTTP
bUUnTl'iii-J-i1asu b'Vll'ilU5l nb'ru:::~ bUU1~ bllflf bVi niii-J1:'l'll-JT'HI'L111ll Lbi;'l'~\lNf,I buuiflA11~Yi1mlltl1~
11'1~bflutoiY1bUUlJ'l11b'1:ft)'fnlJb-1H'V'J blflf SMTP, POP 1oj{(Wn1i'llJ bb~:;iii\l"V ' (;1'V!:J.J 11.18b~nVl,flill'1~'V1 n ~N \l$1U'Vl1-J iJ-J III m'lD-J"lI,mmtJlJUb1H'V'JL1flflll;'lltJVl1-J \~hflti1-J-i11\1$1UtJn'l1um~El bliuff\lL'IltJbvifl1'J.1'~..rn lll'l l\>ll'lfliil~Hi~lYiflJ~Eliill'lolJfl~~nU
" 'u
"
1'I11:'l'l:J.JTm~fl1:'l'l'ln'Wlt1i,:;w'll\l
fi-J
bb~11~ll bblJlJ'IlEl-Jll'llWll'lfl iil"l:::bb(ijn~1\ln'WLb{'i1(;lQll'l:::iil\l~L Yii'1ElUf1U ~fl111iflmUb Vlrl"lln$1U'Vl1\1 t
IIIv\lll
iill 1.1'1'11\1l'jtJ\I bb!iiolJEl bVI rlY1 b au Pi\lbU'WI'lU :;ll'l:; bllVlnu bvh,xu I;'l
~ \I ~1 ~ rvY1"l:;111'11 b ~U
n~a
n'l m,l-J~
'.liflJ -Pi\111fli fl G1U 'Vll'l,xu 'l:; bUU n"l n'l'll-JY1:I1fl'Utll'll tJ b
c;t1 lbl;'l:;flnl1:'l'Y1"l:; bbll'm1i~lJ-ri\l-i1fliil'WL'VlrlbU'Wn1ilJmn l , (un biunl'llJn'ln

9 ,
1m:;~lJ
Ltl~bl{nJ'Wflrll1:W
bllu lll1J1c;t1 bllu
1u,::: W1lJ bEl~~ ~ bAiu biilL~Elf~ EllA~-i1fllJm'l b
~fl\11u'l:::W1lJbb El~~ ~bl'liu
'lifl\l'V11\l1un1ib111PiJ:;lJlJ ~til\1 hn~ld-Jnl'llJ

,
n'ln'l:;~lJ
9
"
b'CiU CGI-Attack,
Buffer Overflow <E\I"l:;nri111i\l1u1fln1G1!iifllll

~
bbfl~~~ bl'l'lfU Pil'W1'IHlj JiEl\lfllAV bVI I'lil 1'l1U'l:;~lJVW(j] Lifn11:J.JJ11~ IDS lt1ihJtJln) b~'ll:::11fliilUb 'Vlrl,xu'V:;~n..rli\nl' blf.l:-;~li\~llbblJlJ 1(;1v(i'h
bb~:::Sll:J.J1iflWl'll'l~lJJil~ \>l,\1nlJY1~ ~-J fi fl\lnl,
LbEl~'\J\j~hl'l'ifu Al1:J.J b~tJ'YlltJ~ bn(;1~'L!"llnnl'lflJPi\lolJfll-Jiil"l:;:I1 bvil,xu
LWtJ-J'Vll1 'I1iflG1U b'VlAJUN(;1~f,l1~ 1:IJ
b'iiu 11fll'llld-J 1'W'V IilYil-J1 tJfl"l'1"l::iilu 1:IJ~ b~fl\l L 11El\l'V1nnl'lvll\ll'W'IlEl\l
••
t~I~::llU
TCP/IP
SMTP N(i1l'j~l(i1 (~\l dJu lt11aif.lln 'VI1m'h u Vl3JiimJ~iil~1U-iil'\lt1bV
LiiB\l'Vln lt1i" l\i1l'lfl~:ih:,:uuli1i"1'VNiluoJiilN(i1l'jiill(i1'l!il\liimJiilElti)
FTP ,Tu 1aJ~3J1J"JrubbVl3Jb'VI~l,T'U1'flaJNl3JTH1'l111t11 oii\llulIlil1ai :vllJ'U ~ Nl'J-i1fl~'WL 'VI '1i'jEt'W\il'JltJ~lMil 1 1lilNU L'VI1'11Ii1tJ~1iTu
t'fl L'VI\ilt'flf1ill~vh 1 Vln"l mi"3Jnli"~fl , ~
LeJ\lll~11:!-iNl3Jl'JLliil'\l ~iil1t1(OllUPll-Jbbiil~~\lnTH)tlmru1(i111'WbilIi1L
l1n 1$1 bLiil~~1iieJ~u L'VII'1LeJ\lnfln
"
~(i1Jtl uuuvm
lt1i" l\i1 Plfl iilLbiil:': bfl'W'W~bl'l"J3''W L n til\l Lii3J\l1(i1 tin b1'W~1 blfll'j'W~ LPI"J3'Ubil\l:i'lilqJ'VI11dJ
'1.1
ffl:IJ11 f1~(i1nl1 nuii mJiil1aimh\l
nn~ fl\i t'11'W 'VIninl'Wl~v'iiEl~U 1

'U ""
b'VI '11.11-if bViflnTm n'm,Tu v::: tileJ-J 11 'I

'I
illI'1VEl\lI'1t1'J:.:nflu~wtI'J:.:n€lllt1hu~\l'V:::~l-JmruL'liu Attack, Buffer Overflow, Unix-Special 'lJEl\l~-iibfl\l ~ L'liw Wl'Hu(i11t1'Jbbn'Jl-J
Character Vulnerable) 'VI1fllaJnfllAvnl'JlaJ'J:.:iT(i1'J:::l\l Java
"
€llAv'iiBN(i1l'jiill(i1'l!fl\lbbBl'j'I~~bl'l"J3'W
(CGI-
Virus, Back Orifice ~bLUU:lJ1nU'V(i1'V1:mtJ 'VI1flnli"1U
Script 'VI1El ActiveX r-hU1J111b'llfl{!r'mlaJ'J:.:iT(i1i":,:1\l 1(i1u~11tJ IDS 'VddJl'14f111l-Jiil'W hlllfln'Vm'J:IJ~vlJ'W lt1bViElnl'Jfll-f1\l-i1Elff'W b'VI 1'1:IJ1 mIn
b'W'Jl::: \illlJViltll n ~11:IJ11 U \iInu tilu f\ il iiil~U b'VI1'1,T'W ~El\l ~ nu ni" emu v::: iilll-Jl'l"fib'iillvVdEl'VI11(l) tI'l:':l-Jl~VJ~N\I:lJl "
(iI\I,TU'VIln"l:':1'14 IDS ~13J1'Hllbfl'Jl:::YiiiElff'WL'VI1'11tllnv:::til[)\I Hinl~\l1'Wnl'l HibViElnl'lUn'ln ,
"
n1'~ uil iil\l'iitJl-Jiiltll1 V~\l'V:':
"
n nm.hnuoiim'luL'VIl'1laJN1:1J1'lf1
l(l)mmIn
rm Hinl~\lnl'J bLiil:::
tI'J:.:miil f11'W 'VIrult1 bvitll bPi'll :.:Yi-ii€l 'VIl'1llJ'lil'V:.: dJumi"\iI'1"l~Un11Umn~i'jtl1:':~'VIijm'V'l 1~ ffUb ,, 1(i1Unl'J\iI'J1"lffElU u 'V'l'VI l'iHU'1J€l,l'li€lff'Ub 'VI1'1'.h\il1\1nu~moJru:':Ult'f\!
1:!-iLn(i1t11:':11'J'lJU u Iii 'VI n'V:.:vh flU 'V1\l1 L'Jln Nl:IJ1'JfI \iI'J1"l~Unl'J'V'l tn I'Jl:IJfI\I-iiEl~'W b'Vl1'1~lJ\l11 f.llt1i 1 , ffU'VI1€1 ] l(i11)~11t1 bbG~h IDS h rum n l:JJlt1i€l€ln bLUUl-JlL~ a (;I"J1'Viil'flU'iifl:IJiil1'W~moJru:.:ti 'Wfl n''l1 n,TuiiEl~'W b'Vl1'1~~€lNljn'Wn:i'ltJi:lJ1 uae Pl11mi1 fl'\I rrn Hi IDS bYifl\il11 "l'l'111U'iiBl-Jiil'J~lKud"l
"
bbiil:.:1ih..h:.:1V'1Ju1t1ilaJb~l-J~ b'liwnl'J14i 1'11'J f\[)U[)nvln"l:::~U
IDS bYiEl\il'J1'V~U Virus lJUbill'1bl1nnm'V'V:::hl1tll~iilLvll~

,
"
:':,),ll
lVitl'J:':~'VlBfI1'W'1Iil\!
IDS ~liil\l
bffl' laJlt1i bL~l i)\lVH;l€Il'J')'h1 'I4\i1'Jl'V~Un1'Jumn ,
1 'W'J:::#Iu bil\ilbl{n~u6?
1aJ1tll
€in~hv bl'j'l"1:::iT1 bbliib~hJb1iill1t11 bR'Jl:::'I1iifl aiu 'Vl1'1:IJlnbflUlt1
aryrylrunlUf!U (Control Signal)

oJil3J iild1W ~ btiU ff ill ill 1 rurnu t
'lJ '" ....
Pll-J,ruil \Pll1:IJ~h
'I
Piill III €In1'J~

...
ElNl'J'iiEl:IJ iil:IJ1 n bVfn:.: dJu f11'W

qJ
1'I'W\l'll€l\l1t1'Jl\i1R€lSl ~-ii~11tl"l:':
'l:::lKUth.li'V:::dJ'W~~(i1nl'lffqJq)lruW'1n'QltlLnElU'VI:IJ(i1
"
laJl"ifl vmEl rna bn v11iEl\lnlJd1Ud
b'l'J11:::niil1n'llEl\lnl'J~flt'fl'Jl 2 tI'J:':n1j~El
'W
'VIiJl~'1Ifl\liifl:IJSl~l'Wd"l:.::i:ifl~
RJUlJu5iJnJ:mssutl..,oaya
Liifl\l"llnnl'J~[)1iI1'J'V:::~eJ\l1-1iL'il\i1b l1m'l:IJnU #I\lJ'W~\lvh 1'14oJieJ:lJiillaJl1'V:::bU'I..Ifl1ubtlEl'VI1 ~
'lJ El\liifl fl''Wb us :':1f1'W'l!€I\l «ill...... 1 fl..lPl1U\Pl:IJn'V:.: 'Vl1'1 ill (liEl\innd\l'l1:IJ lt1lihvn'W II 'LI
Isu 1 Ult1j
l\i1l'lfliil'V :':'J:':U 1 '14~" lt1
li-'111f1U l(i1 bU'W~1W'lJ[)\lffruilllruV'11URl-J , ~~ fl1U~ buuffq) qJlruI'l1U"ll-J
dl'W 1\i1LU'I..IiiElN'Wb 'Vl1'1ii\l'V:': LbU\l"h(illJn1'JfI"l(i1V

WVlu?Ji)f
Iilrieu
L~vnll
(header) bb~l~"]~\ldlU~bdfl'iifl:IJ~\ill:IJ
l(iltJ~11t1n1jbbu\lbbtJnj::;'VIll\l
b!](i1 brrHJ1nlJ Data "l:':14i1'l11:IJV11'l!fl\l1i€l:IJiilbU'WM1r11'V1U(i1 b!l(ilb(i1tl1
thu
1'V1 ).j'V b :.::i'l1"l11:IJ 11f1.J'Vi 'VI1mn n:i'lR113J V111aJR\l~ nV:::i'jn11'J:':1i 1'Wb!]1'1 fli bfl\l11 M1 iTubEl\!i'j V bl'1
'I
"
R113JV11 b,),11 j 1 'Wb!l(ilb(i1fl1"l::;il~1'W~RflVWlUI'l:IJ 1

"I::: t'fl:1J1'lf1fu
nl'J~flt'fl'JoJifl:IJSl~\I'VI3J(i1flti
i.J
'iJ
n1'J~~hV111-i1El:IJiil
'iI
ue :::'111oVfl:IJiill tll-ii1t1i a til\l n n ~tl\lJu
~"
v::: (liEl"] ell'W'iifl:IJiil"ll n b;'I(i1 L(i1B1:IJltl 'J:': nElua11v
2 : "alt1JU(PJ"'d'l~Ufl1'nln1n (Intrusion Detection System) _.
'.~'
~
l!HlJ'-I1 €lUl\1
l~lH)
':U
l"llUflT73JlrI7'flfhJ1im.JCI
olfm.J~Vil!HlJ€l€ln'-Jl€l m:::~l?ln'l:::"Il~
Eh\l (1n~€l\l, q;.
""
~D'I11nN1lJ laJVlJ1lJ'hliD:J.J~~rrm.J
rJ7ti11J"llfl.J1ifJ3JCI 1 'WlJ1\1trn'Mrudim.J~Dl"1"1:::
'U 'iJ
"
~T1b'l'l1hn"l::: laJ~l'-Jl'HHlDI?l
blfl:::;;)l dJ'W(i;f)\I 'ih '-J1U".i:::n€llJ'i'wn'W
1 mJ
b~fJ ll1~\I'I4'-JI?l~'-J1J".iru
"
'141mh ~lJ'II€l\l
lU".i 11'!~€lt'l TCP/IP "I:::U'i:::nfJlJ~l~liilU'IlfJ\l1ff,!!qJlru~llJ~'-J:lJln'-l1~ 'I'h'l4'l:llv1~llJ~l.Jlbfl:::U'i:::~lU\llUlurm~D~l'iiiD'-Jt'l~\lbb~l'W'l:::~lJ~l\1~!ilfiD
lu~n'1
bt'lWD1 l~f)
'"
Link Layer: Internet Layer: Transport Layer:
PPP Header, Ethernet Header IP Header TCP Header, UDP Header
'14 vi bbfl:::mll.J iil"1l-Jl'l(llunl'i~llJVl1l.J'Ilf),l'1hmfli;1'1uv1D ih
"
ul 'WWI?lbl?lD{b'I4~ld ~1:J.J1".i(1'11l
"
iil'W ltii"lln".il~fl:':lB~!il'IlD\lbb~fl:::1ll".i
11?lI'lDfllU'lJ'VI~Ellu
nlsSiJiJlulliilLlnsru1U1untjsnns:nlnlSaSliJlfUiJaEiliJla
UDn"lln"l:::1'l1lJrll.Jn1".i1lJi;1'-JolfEll-Jgl bbih olfDl-Jgl'lJl\1"ljijl?ll'WlJ1\llu, llil~Dfl U\liil"1:1.J1".i(1$\I\ll'W
, " -u
1 YiDumru1'Wb Ulil bl1nvll\11U
l~
b"Ii'Wnl".iff\llYil ".ilbI'!D{lU~~Ub~'W'vl1\lolfDl-Jfl,
"
nl'lI?l'l1"1ffDlJ~mu:::
'Ilf)\ll~~~u~l
~vn\l,
nl'i1il'i1"1 ssu
b~'W'VI1\1 l~'W'lJEl\lolfm.Jfl dJutli'W nTl$\I\ll'W1Jl\1DU1\1eJ1"1liiD\I n\l bbif11 iff,!!qJ1 rub Ylrll,rU bbf.l:;-oIlnl?lnm:J.J ~\I
mr1V'14 ~1 u rh $\lU,::: n ElUnu flU1\1 ~D!il rI ~D\I~\I'V::: l~ Nfl5~ i5vi~:J.J\l'iru ff1:J.Jl".invll1Yibnl?l~11

<&-
:J.JlU~ ~UUUt'l\lnlJm'lvll\11'Wflun,cu1tiibVl ,
"l '1J ... ... 'I
f.hl b~nUD~
~l#lruv1"1:::~l 'l1b'I1UI'l CU~:J..IU~'IlD\lolfD'-J~lh:::bll'VIffru rulCU~1lJ~:J.JdfifJ iifl:J..I~JJltii dJ'W~\lVibb~n'Vlnn'W ll'!v~ub dJUbi'lV\I ~ \lv1 b~'W'Vl1\1ll'!vDll"1v Nfl n".i:::VllJ~flnU ti'lU1~1'l11:J..1~:.:wm olfeJl-J vi bllurh$\I ~
1 V!1il'l:::VI-wn11 bUI?lb~HnnlJ
"
11\1 ~fl bUI'!bifnJJ1"IidJ'Wbbl'i'Vll\1~hU'lJEl\liiD:J..It'l dJ'W$fln~l\1
bUvllifn
~\I iil"fl\l~\lvll'11Ulv1ffDl'!I'l~fl\ln'Wbbfl:::~ bll'WUI'l bi'l V\I~fJmnJv\
"
bb~:::olf J~:iJl"Ii m
"
1 YiolfD'-J~bl'l~EluVi1ul~bYhtT'W
"
b'l4rlld-.y::: bb~l'!\ll 'l1bl1'Wll bUlil bifnj'jl~
bbfil'IIG'l1l1~ n 1'lvll\11U ll'! V rl1ff\lVi bb"'\1flv1 Ull'!
"
bb~l uinelama bU(i)bifnfll'V(1
"
vii fl'-JflVib~'W'VI1\1 h'W ~1l1'W ifl~ ~

"
"
n~1?l bbUfl\l bbfl:::
baD\I'Vlnnl'il'!eJlJ~'WEl\l~fJrh«\lVil~1'1J'lJ€I\lDumru1 , :i:l'i'lJlb1JlJbbfl:::b~fJ'W 'Wnl".iVlflU~'Wfl\lDiJl\1im"lUVll:J.Jvi'i:::lJ 1'lJ1 bn"I?l~UDUVI~fll?lbl~I'V1nl'lf\lVi1~f'lJffrurulcu 'lIfJ\lI'i'l$ ~1tii"i1rh«\ll~ ~u 11?l ~ N1il'l41El N~ v
U bUlil bifnJ'W'V::: bllu lull?l vfllill Ul1M 11?l u lu lu'i l1ilI'lEJ~ n'l'lIil€llJiil"UEJ\I b'l4rll.Q'V:::
bbfl:':DumrubYl~I,runbJffl'-Jl'i(1bbUnbbu:::1V1(1U'i::;G'I\I#i v\ &il#lru~fJ n"l nd"l'-J L~rll.Q bn~ w ~\I
dJurl1 $,nJIl &1:L;:::1'11 $\lll?l :lI'Wrh «\I~lJ\I~l~ ,
ill'li b~1)\I uilanrn n1 u'lJru:::v1 N1ilti\l mJ'I4Ul ~m.JVJl bI'!Elf'IlD\I(7]'WbfJ\I 1115\11il bl'l~fl\l'Ilfl\ll'!'WbEJ\Ibillnl'! U~::; o/iD:J..I~ luflubVlfl1
"
""
uaseuu 1lJ'Vll1lJ"IUnll'V::: "

"
bn!il VJ f.lm:':'VllJ~EJnl".irll\11'W'lJ l)\ll:::lJlJ bb~h byhtTu
I'lU,r'WilUl\1fl::: b~ ~!illl'!un1'iG'lbbnu~EJfl'!
"
bUI'!EJU lub l~IL~hnnunlJv1
"
bb~mnd1(»rlln11~".il'Vt'l"DlJll1U bbG'l:::'WV1~I:J..1"1::: bih:lJllub~~fJ\I
1 U bl'l~EJ\I'IlfJ\lN1il ll'!uv1N1ilJJltiiflJ~fi\l~\I
"
"
Nl?llln &1 bG'lU bbifbb~1l ElV m 'ivi ".i:::UlJ~EJ:lJVJ1bVI {Iil au su iJ\I ~ill'i $ \Ill'! U~ N1il1aJla;11J~ti U bEJ\Ib1I'W~ \IVi a 1 vll1l1n 1'l b'Vl:':".i:::lJlJ'II D\Iu ~ n in EJ b'l4iiEJ'W fl'! unu&1 n 1 ".il-l 1 1 A'V'i'i6~l-J'W'M6un'11'Wil Ell'VVI~\l11Ji1~ v,h V
"lJ ~ q "I q '!.I
"
"
"
"
I.
'WEln"llnn1'l(7]fllJ~Ufl\l~ undnYliEJriEJn1'WLb~l
DI'll «\lun~I'!I'-J~n1Y1'W1?l1 'W l~I'lEJ1:'l~\lflll.Jl".in~mll:J.J1 lu'i urn ".ivll\11U'II EJ\lfJUmrub UVIbi{nnu\l(1n
HI urm
ii1llJnvdD\ll
lildJ'W'liEJ\I'Vll\11'Wnl".i
'<1~~
TCP/IP
••
un,n~nvnJ'Vl,j\l
'l 9
~11'J
b'1iu:jh'l11;'1~UBci1 umJmru.fi\lffl:1Jl·H1~\I\ll'Will1n,nh
9..1 ~
'VlG'l1\1\.j l1Vll\llU 1$1 1 b~ElU1'I1~nmm.J1l'J~

~\I
mnnlTvi1l1,
~ .
1(>1I'lB~fll'Vl'UIil 1IiltlEll~~::; d'l'Wl'lll~ 1:IJt>Y-J h'1JiI\I~ N~(>1 'i1~iI,::;tIUl1DD'&in1'Ell~~::;

. .... ..... . ~ "LI
VII'J(;J'I'll\ll'Wb~fl1~~1J mru rulrul'llU~~V11:IJ1:'l"~u,ru bbl?lnl'il\lrl'W1tl mm:'::i'wul\lllJ
dJwFI'W 'WEln"lln.Qv\lil
1l1"J1(>11'1 iIt'l1:IJ1~ rllVl'W \i1 btnb'cu::: m,'I'll ,11 U11' ~\lJ'Wf)l1mrub'l'i
m~l :::1'l1JlhJ bbl'l:::ul\lcilUn~ml11ti1ihJ1::: 1'I13-J1"Hll'l'\lN~m:::'YlUvlEl bill'l b''l{n 1$imn
j;l:'::'liilt'l~\ll'lBUI'I'WB\lvlfl~l
b'Vl G'l1.Q
1t1'lim 'W'Vm1lJ ~1~ b'li'Wfl'W (fi-J bbii'J:::1lJm nun "vl n
~1 tI b'Vl~~ ffqr'lll ru\"nu~~ 3-Jlnnl1-liil~~~ .QdlmJ~\I~u ~ EInl,l dl'W 1 VlqI'J:'::3~rut'll-JD'~-lif).Q~)
"
dJ'W1ifll'l'Wb'YlA) bb~:'::1:'l"lm1Cll1'l1111oii1r1d'il?llt1l~\l111:':: 11'J'lJubbj;l:':: 'Yl'jo} bb1lmnEl{ 1 (.fill b'Yl~rwI'11rrn u b'11 :::1:::UU1'W1:::~U bil(>1b:'Hn dIU 1 VI qI'l\lilll'i'rl'1.fEl\l'VI1\l 'Vl'Wl~'Vl~nvr'W~l'W'1JD\l IDS n l-Jbil'W£I'WWllJu ,n .fi\llBl'l'l1'J<ij1J ,dil unn 6nilftiidl'WddJ'WbI'l~B\ll.'h11'Wnl'ml:::':'::uu
bl'l11 :::'I1V'ln~ n'l'lWIID\l1i fl1;j~tl,:.:: bfl'YlmqJqJl rul'll1J~

'1 "q .... 'u "lJ
u 'WlTW3-J'IlB\lnl1lJmn
1W1I'J d1'W1 'Vlrun" :::I?I~ Ul'1?I bfim,'I1 B\l1i 83-Jfl bbf'l:::l'll~\lrlil'WW3-JD
1iEl~ fl~ b'lll-JEI\l b'l4'W 1$l1t'l1'J~h'W bbElV'lV'lbl'l.ff'WJ'W'J:'::&W1JEl~fl~~1J d\l n'W!?l1l-1U ~ n&i!;1 ~il\ll'll3-J n " "" lu"i 1(;11'1 1'l'VI l1'l::: rrrs b'I/'J'J1:::VIln ~ i'h'W 1(11G'll'W'Vlii\l'llil\l1J EI~ flJlHn t'l Nt'lV'lfll t'l 1:IJ bu'WltlIi11~ D ,n ~ 1l1'J LIi1I'1 Ifll:IJ11'J::; E bil'W~ bfl ru il ft\i1
-Ii ElJJflJU n'J::: on WI~iJl1ff\l111 'Vl1fJ1iil3-JflUl\l fJVl\1~fi\l bbii11":':: ~ ~ ~

1(;1I'1E1fl bflb!.J8{fil\l briD1r1m'l~Dl'll'l 1U3-J~3-JB\I'lI8\lr:rtii\ll'Wbb~1
'I '1J '1..1
bil'WiiD3-Jfl~f1n~D\ll1n~
I'13-JU'lru n"l:'::1:JJClmi-J11um 1l1.1tii1;li1U1

'i.I 'iJ 'i.I
"
"
bbvld'j'Wnfl1nm'l~1Jd\ln'WbEl\l'llfJ\llu'l
ii\lmdVll\ll'W~n'jo}ru:.::.;r,mfiTd
Ul'J::; ~n~il\l
b V'l'll
::;iiil1;jG'l1:JJ b~I'Jl1iil"r\1:JJUl"I ::;$iil-Jd"m 1r1~ -n1~'V'Jub11'W bbrolEl81"1W1 biil h1 'Wb~EI\I~'WMfJ nSlm"i~roI1\llU'Wb vhl1m 1\i1bn\i1~'W V\lilil::; 1 1~flmnml'J~bn~~'WU'Wb b'l11(iJ ~V1b'll bEl\l1:IJ'h"i1'\I bbii11,,:-;,j'\lil U(>1b~nYim -nb11'Wbb~::;~'lJ~ l ~\li'W lYir:rt 'ii1:JJ~'I4~ il(;1bl~nVl~iI:biim:'::~\I fl 1(iJI'J bQV'll:::1 'W
~\lJ'W~\I~1'11JyhI'111l-l iJ1~V1~1~l'Il1l-J111~iln'ilm"i~ UUbI'l~El\lI'lB3-JVJ';mlil~'lIil\l
Ju ,ilUb ,,;j1'J\liiil'W~Clnrh'l1'WWl1'WbbB'l/'JV'lfll'Iiu111 ,
bbilll?l\lvlEl:rt-nbvhJ'W r
o nU'l::;nl1'Vl,j-J
fiD fl11 ~ EIill1 "i'llil-J1'lill-JVJl b(;1i1,J'Wil'l::;uu~nb'l
"
ci'VltJl bl'1~El\lIi1 G'lil\i1 blG'llnIi11l-J
iP111~11flill,tnw,hm
'l:::~U
~U(;1 ~i~mmI'JEl~
vnn Hi":)l'U(iJI3-J&ivJfl(;1(;]1W1I'J 1:IJilm'l11~ubbvl\lbil'W'l'lbf!'jo}bb~lbb'VI1J'J::; 1:lJiIllm'ln
tJEI,:lfl'WWlllil\l"lnnl1~t'lr;1D"lnN0'W ~ 1~ b~~ Ail11'1'lEltJln<il::;d-J'iim.JflmVll 'l'1~iI-J'lIEl\l' ·nnI'l1l.J11n ~ '1111 1$i~'WVi1(iJI'J~bd1"r1~m~~\l1:IJ1t1l ~\I~b 11v1l1t1ln bbFlb~Bn11,,:::'I11iiil3-J(;1J'W 1111-E\ll'WVl1fJ 1:JJ Vlln l:IJlri~\l~ ~ D-J m'lnt'l1Dtl4i'-JltJ
'I'll fll11'l1~\lYi
~ EI\lfll1n'l111uH-Jl'W
bbvlEl81-JtJ ill'JYifflil~f)\I-ruiiil3-Jj;l
9 "
"
biil mrlEl'W bl'l~B u 'Yl'WYi,,::; ill13-J1'In biililfl1U bQV'lI:.::1i 3-JG'l~~ E)\I m'l bbG'l::: 8~ 1:JJ1Uii El~G'l~'WlV11:JJ~ D-J fll'l ~ 1~.fi\llbFl~ t'l8i1'Wdb ~tlll'llil b&iI'Jln I'Ilm'ln'l111u1 'ii1'Wrrn DoS bl'1~El\ll'lill-JVJlbli1il1"vi'11111t1l~uV1 Vllmtl1I'JU'l:::UU'Vl1DI'1f)l,l'vh 1:'l"ll.Jl'ln b1ili1Elfl1;limh\l b(;1fJ{'lIfJ\Ib'll bl'lilfl'Wlil'Wtl1'W nSl::; bil'Wtl1'WV11:IJilu'l::;(>1 Ylfll'1U 11 bU'Wb~l'l1il\lUl'W bl'li 'l:'::U'lJl1DD'&1fll'J use b,f)V'lV'l~'I'l.ffu 1 Ubl'l~il\l'llil\l,
",
bbG'ldiil~(;1~~€l1:'l"l"ill13-J11J'W bUI¥I l{nn"l:-; bil'WbVI.)jEl'WI'1'Wb~'Wn'W'Wvi'11ubiiDtl1U 1:IJi'ltJ"i::;(ii1Wj~il U b v ~ ~ 1il\l'Wilflill'.l1 n'J:':: b"ih~.J11'W1Jl'W blii'W b111m 1aili11 snln &1'~1'l1El\ltI1UJ'W:!1'i1tJ1Yi blii'Wd-JlI'1ElUI13-J'Yl b nau
9
~ b1ilm brifl1 r1'Yl'lIU11bll'WI'1'UYi~8\1m,WiWlvlfl$ill'J'V!iil1:IJ nan 111 Vllfl1'1in'J:'::b~iI b1iqJb"ihmill'U'VI'Wl~IU
mn 1:IJ1'1iI"l'W'vi&1(;Jliltl~1~n1JDn1r1b'll1nbtu ,1iivJ b18'
b'1iuViln ,bilV'l'V'J~ bl'1.ff'W'lJEl\lb 'llilva'I/'Jl:'::b~~
2 : "lI~lIl1lP1"1d'l~lIn"'''1'l!n'f1 (Intrusion Detection System) _ •
"
_.
' ' .~ t:~[ftJ:

• ••
"--;"~'
.... ,~.,I:'.~
!
": .~ ••r .J';-~,.- _ .. (_
~
b~l'1JEhlii1u (ii.,jMmlJ~l']{~b
-- -
--
--
1a1) ii"l:::£)u&iLliaufubU'Wl:::l.nl!l1tJ"n~ru6(
Vibihm b'Vh'!u mn 1>"11:
Vl1alh1J'Jl!IltJ"iHruun"l:::1:iJG'lU'V1Ul~h1.J llJ11>"I U'!U"I::: dJu~u&i'V!1a lal&i Yl1a dJuN'Illmhvi~u~fJ1" .,::: V'ihlJl N~lhw ni?lllJ a ~1-Jhntilll-J L~l'lJa\liilU'YI~-J~.,::: 'YI~abLiir1d:::~-Jl~>"IuVl1alLlia-JnTman onrun 1tJnvhllJ1~
"
1lJG'lllJl'JClYlll-J llJ1 YI>"IU~Ub~'Wdhm 1~ boih:J.Jl1'WiillJb~I'lJa-JiilunLlit)\I~E11.J tililrJ~.,jl'Wni?l1aJ 1Vi&i~&()11~ rJ llJ1~ ,
"
lal111~'J"::;
&aUbI1lJ'Yl n~~-J 1tl Ci\l bLii11.,::; d'ju~lJb~lJ"1~'W en 1.Jl:J.J boiilm.Jl UkJ.Jlflntil , 1~ 1.J 1'W 1 mu ~u a'W'W~ L~i'W~1 ViU~n1T'I::: n nil t) n uuu aJl bVi alJ~nl'i ~ "
'J::;u l~'J:::l\lf)::;
nl~-J
1 'J
btJ1UDLG'!~D'W>"I'W~a\l1~n1uuJ&i 1r1":lboiil~l~iil'Wn'W 1lJS1b1~11tl'Vh\llu~'W
1.JltJl~ 1ViD~m":lmh-JG'I~,
~r,nr'W'YI1n11"1":l.,:::ni'WLbn~\I b~l'1JfNiil'W nVll 1~1altJln
b~U .'li'W d-Jrl'Wboiil1tJ1'Wiil'WVl b&iU1
vr~m.JrlUYImUrl'W'IlJb~l'1Jfhliil'W 1'Wiil'Wbb~'Wa b~I'lJa\liilUm~il::: bdEl bba'W'W ~b~i'W llJ1aiblnmm
(bVltJD1MDn1":l Ping Flood), a-JI"I'Wb1hm
hn1lJi?lDlJtl~El1.J 1Vil"lDUI'11i?1aDLrlfl (Syn Flood), a-Jrl'W'YI~l1.J"1 uuusn 1Y1":l:::iTrJ"l:::1-J b~a\lAT1~11~t)()1i1u 'VI1nblnriElnlUmn"1"1'W llJ
bbDlJm'YIl b~1'lJD\liillJb YiDfllJ11b ~1'lJEl-Jiil'W uu&iLlit)UfDrl'WtJ":l::; bI1'Yl1 (Port Scann ing) dJ'Wliiu 'VI'W
" l;iIlm"JClfD~il1~n'il::;mJ~vll-Jl'W1'Wvit'l()1 , ,
b~l'lJa-Jiilu
"
'YI1m111tJU":l::;UDdJ'Ww;Jauiil'Wbb~1
IDS n'il::;dJubl;iljj0'WfJ1lJfnl!llm"lruvh'Yl'ul~LiJuN'lil1.J ., . ," LUfl.,j'illnL~1'lJil.,jiilU'l::;·lh'WlqJbU'Wl:::L~a\lm":llJ1m":lbv111X'W n~11~El IDS 'V:::'lilU
LG'!~~'iI~~01.J~1'W.Q1Vibb'lJ-J b'J\lm n~'W l()11.J'VlltilldJ'WU1~~'ll'1'Wlru ~ b 1'Wnl"l1 'l"I'Jl:::Vlrl'W&-ilU boiilElDn1~ U , (iJ'\Iln~nl!llli::;'1JEl\lrl'W'!'W"1 us ::;~~n'Wfl~ n'i'J~'1Jil\l'V'll n 5'Wn'Wlt'l'VI~0'W1nri a mu LiJu mJ1 \I~ 'YI1n11"1":l
" " °1
jjl'lq~m"J~
MEl-JG'I-Jlffun'il:::~1J'JlJ-Jl'W1Vib~l'lJil\liil'W'Yl'ilDYf'WVl bda 1~flJdl1.J\ll'Wbbl41'i1 ::;~1 b'l1'Wn1'i t
El~1\11":l~E11tl,!'Wn tliil\I'W'ITillilfl nVl bb~a ~I\liJ El1.Jvi n btlU m":li] 0-Jn'Wil1.J~1\1'V1iJl G'llm":lblfD~ii\l G'!(iJ
"
n1'i'WtJ1fJ1~lJmn'YI~E1riEln-J'W 1'WYlUVlvi'YIi?1m":lrubn~~'W a~l\1 hiitilll-J b

'I "'I 'I
IDS "::;lbfl":ll:::Vinl'JlJmn
"I
"I
'illn~nl!lru:::'Wbfll!lbbfl::;wq&in'l'WbVhJ''W
...
~\lmElmf'T'vi'il::;":lltJ-Jl'Wf;j~Wtill~
'I "I
(False Positive) YIlnn1"J

'I 'I
1-11-Jl'WtJn~U\l biiru1111nl4 b~tJ\Inu'W '1~ n'l'il-J rrnurrsn
n., :::"JlU-Jl'W11 dJ'Wb'li'Wb&i tJlrlUnI":lDmn
1cii
fi\luiJ11
IDS '1:::~w;nmnl-Jl'itlaJlmVitJ\l1~nil1'libl'l~f)\I;Jmhb~'1":ltJvi'l:::G'lll-Jl'iCli?l'Jl'i1~Dm'ilJmn
"
,,
1~ClnM0-J~\lYll-J~
1 ,1'I":lI::;l1bYl1"I'l1flvi1 'Wrrmmen ' , a~I\1~
"
UEln"nn.Q
IDS ~\I dJ'WbWtJ-Jbfl1El\l;JaviVil1 Ylb":lltildl'i1~D 1 (if bv11t!'W bb(;innvi'il:::
Ut'l:::m u 'Wl'Yll\1iJm rl'Wt!'W.,:::tliEl-J 1-11fl'W ~:i:l1"l11aJ,!ciil'Wbi?I bi1'n dJu U "

IDS lJ1dJ'Wcm 1U'Yll\li]El\ln'W 1~"~\I
~\I"I:::t'llaJl"JCl';lbbumbfl:::~Al1l-J~\I~i?I"l1'i1~1J'I1n
nlSOrlUClUi)i)nunnulo
'iI~\I'1 bb~1n1":li bfl":l1:::Vlnl":l1Jn1nJ''W 'VI1nLiJ'W~,~Ul'lilqJ~:i:l1'l11l-J~>"I11aJ ,oii11'1~1'W bum i{n bbt'l::: 1tl":l1~I"I€H'HU'WtJ~l\1~n'il:::i'A'il:::11'1ai1~1J1l1AtJ 'Vllnl''J~~ Lrl~1l\l;JEl bVltJ\Ib~nuiltJ b'li1'!'W ~a 1-11brl~E1\1;J0 .iilJD'WVin-li1ll-Jf'1~\I'YIl-J~~~nl":l~Elt'lI'irl'WDUb
ibrl'il:::'YI'LrJtJ'Wq~n"J":ll.J us :::rl11l-Jlffl-J~lJj5 n"1:::iillmdCl'YII~\lN~tJn~vi ~nHru:::til\ln~11'i1:::n":i:::'1h

• • '~1:'ii~lJlJ
"
Ui?I. i1'n bb~1t.hoiiill-Jf'1Vl1~h 'YI~I'!'Wl-J1 "
bn~~'W1~ u~ nI":ll brl":lI:::li1'W
1ciin~ a b~tJla1 bn~ bmrnl":lru1tl ,
bb~l bi1D\I"11nm":l1 bA":lI:::Vi.,:::,u'W1111U
rep lIP
{fm~ru::.:~iblPl'Jl::.:Vi1lEl~fj~El'WVI{f\ll~1'Ilm'JfI'l::.:m::.:'Vhl~mllJV1
."
7i\l IDS 'l::':'1i1t1bbnl'lJ1ImJnvdEl..:l bbf'l::':'li1rJ1'11vllrn'Jbbnh b~V\lbl~ lwr
1lJ~"llJ'd
LW'J1::': IDS 1'Il:l.Jl'JflVI":jl'"1.)U lJ1Yr'WVlvijJl"ll1:IJN(;1Un~bn(i)~lJ
flU'Vil..:1V1 fl1'lvll\11'W~lJ~llJ'lJEl\l
IDS 'l:::l'VI~EllJnUrn'llllPl'l1::.:Vi~V1l1(;1VI"I'W
IDS J'W
vl1\11'W1(ilm)1'l1 'W11~bbf'l::':vll\11 'WEI (ilf'lEl(il If'l11lJjJ'VI~Vl ~\l1'Ill-!1'lfi ViElU1'I'Wf)\I E1~\I N (ill.ln ~lwr'J1Vl L Y b ~ 11
wh
7i\l{h 1 '111"1 U:l.J111\1Vi'll'l')U rflJ..iffl:lJ1'lflvll1J1>'1 sa WI 1t'l1 b
nlSUiJ1URllUSUi)i)nlS)IRS1:ri ....
"IlflV11wrmhlm1l1\1MlJ rnd~tJ1'Il'loJ:imJ fl·1J'Yi"l:::1'l'l1"1~U~\lNI'l1.lfl~Ut'l:::LWnUtJ:::n"lflnj.JL'VI~1J'WElElfl'"l1fl 'W'lU ~ use LoJ:illv1 ~ LhUU'lIEI\lfl1d~El1'l1' bUWlJEI-J Un7!FlJr::nn--rnln1n (Intrusion lh:::nEl1Jnu
b 'VliPlUFI bf.l:::niill1l1 b
" f'l I'll
J..J1.l &i1(llJ'W'l::: ';;E1\1illREJI'l11J.1oJl'Wlru n
iJEll,;liilLbiil:::fll'l..j
fl1n
dJ lJ EI~h-JM 11'W~ en1n~:::~~1
Analyst) 1i-J ~ b1im'lJl'l,!
1U1:::~uvi"'l :::vll-JIU b'1l'Wdt~i11J..i:l.J1mrn i15fl1'J(il'J1"l~1J
'W
nl1l..j fllflVl1E1 riEln1'W J'W lJi~ aru 1~'W~ nllJ
bbiil::.:i61"111 :::VI~I bU'WME1-J"I[ (;Ill-!1Vi (;).JlJI
1'IElVlFlmEJ\I nlJ'5"\l'"l:::(;11'.l"'l~'lJJ1El~1\ljJl.ld::: fl'Vl~VJf'l7i..:l1 l 'W(;,hlJ.1v:i L oJjrJl'lJlblJ bEl-JnEJ1"l"'l:::vl11J11lJ &i bvb
'"
IDS 1111..J1drl'1l, EJ J UU\I bU1Jl1d:::'lJtJ,l'W nlbfldl:::Vlf'l\llJimfl 11 bUlJfl1d*~1 bu(;n'Hn uii1V1.r(;1 Ln'lJiJEll,;liil~l.l bb'lJUbmh.11lJ
1(ilEJ'VIlfl~'l1.Jbb1JlJWbi~md:l.J
IDS b~tJ b~Eliln"ln1'l:I.J(i]\I
""
bb'l1'll(il
nG'il1LnVl~lJ1lJ
IDS ni'lI~1dfl(il'l'lWulJ1fl'WVi
~ 'l'J
bbf'l:::b~E1v1iUW'lJ'l1.lbbUiJ1'l'1dJM[i1bnuf.l\l1'W IDS fln vll1Vi
IDS l1'lilEllJil1QllJiPl11:IJ~
'Wnl1l
blPl'l1:::Virn'Jun1nlJiMl
'I "I 'lJ
d.&
"
'W'J::.:(i]'lJ'l'I'i:t\l us ::.:ilVlFllll-!1'I1l-J1'JfI n'l::: bD\I VII nil flI1U1d\l~fl'J<lI:;jI'W

9.0 't 'I ~
b ~:l.J~'W b~D V'1(;11 :lJtJ~:lJlru'1lD\I'l.l 'l.I
bb'lJUvi biiUEl ~llJ :;jllJFI1I:I.J~~lJ '1J

'I
iPlll:IJ~'Wt'll
'lJ
IDS lJi~hbG~:::ti1IDS
11.l11i1'W'l(ilvib'VIl-J1:::1'I:lJbb~1 flI'l'lJfldnVi1lJl'1lL'VlI'l'~1Pl1'V1lJG'i11'1Vl IDS ltJ1Ji f1\1i'WdbL~lbbii11'l:::lUlJ IDS ll'lJ'lJj)'l'l~(ilI'1n
"l~\l'1nbb'VI'lJ'l:::1:JJllII:IJ1'lm~(il":j€l(il1ll1V(;II ~~11~~1J.1I,n~lnfll1N1J~'VIld'l:::UU~111.ll~tJ5n
"
i.11V1~utTnl blPld1:::Vi~~~l b~Elil IDS "l:::vl11 VillJJi€l\l'l1l-J'VIii1W:::1..:1'V1~-J 1'I1:I.JI'lrlVi'l1"l.r'lJ1Ji~IV'1nG:nl-J1'lfl(il'1'lW'lJ1$i1l¥1V bii€l\l Jiu lWitud::: coliJ'!1ij\lll1il:::uiic b1JIJ"lT:dJiwEI 1lI:l.J I'll'l IDS mh.'lii€lv
lW'lI:::fl1'l1Jfl'lfl~ , ,
<I
IDS n'1l1iJn~'Wfl'lil\l"1i€J:j.J~
lU(;IL1{fl'lJ€I-..1~offtll"1:nn1'liJD-..1n'Wfl1dUn1nDr!Lulh
'lJ 'I 'l
l1i'J{l E1~&"jl1 '1lLI'l~€I\lilElvi"l :::iJ €I11 n'Wfll'lU rnn 1ViL'VIm::':1lI~n'lJfl1'l 1ii\lllJ

1.11'1l:JJ~lJ.11dfliJO\ln'W
1l¥1v l'iilwfmfuf (firewall) EJr!I\11'lnl¥ll~ la1[(ilV 8l'11'WiJ~ 'V:::Ji EJ-JEJ1 Rvv:i~'lJ'Vll'ld:::1JU rll'VI'W(ilno
'lJ
5nl.l'l:::nWI'1~\I
'f1\lbbii"l:::ilfl1'l~\ln!lvib'VI:IJI:::1'I:IJ:Lmlnfll:I.J
bb~fl!l b'VIrhJlJ
rneurrm lJi ,,
flldU~'l'II'l 1 VJ{l €I1il&"vi~ nl'll'l"l:::il rn 'll'l'll 'V1'1e:JUliflU'VItt-J (Audit)
Uiil::.:n1'J'Vl(;1 eu rm b'V 'l euu (Penetration Test) bVimU'Wfl1'llllfl'lJ'VII'W 'l:::'lJ'lJD fll"lf\l'VIi!\l s 1::: IDS fl"l:I.JI'lmi1vlJimn ~i1v1E~1\l'1 1(ilV~Vl~\I IDS ll'VI~-..111i'J{l€1~&" bbiil:::vlIfl1'l'VI(il~€I'lJb'lI:::'l:;U'lJ bb1il:::Vllflil UWmnfll(ilt',h'W
~
LViDVlll'l::::i:j b'VlI"I'WA",vi III1 J.J1'lm"ll::: ~h'Wl1i'J{lEl~61M1-J L
b'li11tJ1Ji IDS ii"l:::(;I'l1'lW'lJ
"
vlI1ViN'lJ~'VII'l'l:::'lJ'lJ~lm'lfll.l~utl'l\lnJllM(;InlJmn~'W
'iI q ~
'
.. . -~~.
,~,
,~ •• ~
-
~
:'.
• '.
:o:J "
-
•• ~.
i\',mii
~l\l'VIiil
IDS ~dhh:::1I'1'l1U~il'Uoill\ll.nn
lWnl"l"'lh1'1 1mmr:mJUfl£Jli1.r11'1
bbill:::nl"l"l~il'Ulll'1
blc;ifiiioilmfil'lilf.i'VIfl11'11.l"J:::n1'J~\l~~'1:::'l.h 11.l1o}1'1:::Liia\lli1'i:::'VIun 1i
"
"
nlsa:liJoAJ1UIOUibuUAAa ..
li1a\l"J1n
IDS ~~'Wl(i1'W'11nnl'l"'lhiim.Jfl~\l'VIJ.Jli1ii~mI1'inWn'vhnl'i1ll"l'i1:::'I1
L 'VIiih,r'W'1::: Lii il\l 1"l1al.JI"lWl-J ii\loil €Il-Jfllf 11 11~ii nl'i ~ mn, Nli1lln~'VI~a hi,r'Un'1:.:Lii~\le:l1'W'ii;l-Jfl~\l'VIl.Jli1~11'1 1J.i11-v:::dJ'UnlJv1il\lLl1J, ~a~l'io)fal.JliI ~h'Wl'W~l1{n 1tiHi1'W'Vll\l~ ~D\ln1'~'l'1~il1J
.."
~\loilm.Jfl
nWll1l.Jti n ~ bbfl:::rn 'iii '1 :::'l'l 'i11Y;11~ fll1l.J
"
nlJli111'U'L'VIWli1o)fal.Jfl,nl,LL'lj'Vlfll'lfl'U,
"
~\l,r'U hh1"J:::~n-vnJ'J:J.J 1li1'1~ bnli1-1i'W 1'Ub'uwlb11n
"
n"J:::w1:J.J11lJlJmDli1e:l1'W 1Ji<iJ1n IDS If'W'YI:J.J11'11''111l.J11 liI"ll.J1'l"mh IDS
"
1iliifh.
ih:J.J~ bbfl:::n~nJ'J:J.J~'U'1i1
Nli1lVi£Jfl::: L~li1€Sl'lE1;'l'TU1Jl"Il"lill1Ji nl,Vh\ll'U'lIil\l , ue :::~n~1J ~1J.i'Vl'r.,j~~fl€l
"
IDS Lll~l'I1JLw~€I'WmJ~!Ii'l"J1'OJ
1'W'VIJ.!U1'WLLfl:::LViilnl"l"t1
!li'l'l'OJ~\l~a.,j'vhnlJ~nV1\111'1'«l'lYi'lJa\l'Vlnfl'U~a
"
I'll'VlJ~Y.WYiriiln1'W'lj11U1'U
""
f.i1'U'VIJ.iUl'w,r'U ~\lD1<iJ-V:::~L~I'I\1'Y1ii\ll 'W~'Ui1 dJ'U 1.J1\1Vl nl'il1:i1 1"l'W~ n'W\ll"lll:J.J tt1J'lJa\l
"
~~11'1 LLc;i!li'Tn-v ~'Vh'VIii 1Yi~ n'W\ln'OJ "lJ :':~1"l11l.Jtt1J'lJihll"l'U '1'1au n "lI ~ ~ 'Vlnfl'WD1"J"J:::dj'WEl'W~'ll'1n'"hn1'i 1li1UN~1I'1rian1'Wfi d'J'W 1~
"
~\l,r'Un1JU1
IDS l.J1~li1~\l1'Ul Uli1L~Hn'OJ:::~£J.,j1~11Jn1,a'Wir~'OJ1n'VnJ1I'1\11'UDf.i1\1lJnJia\l
Ua1 bv11,r'W Lbill:::~'I'11'V1ii1i11 'U~l'Wt1-v:;Jiil\l
dJ'U~VllJi11Jm1l.J 1111\1
hbLilI:::iiI"l11l.J11JNli1"IHl1JiI"\l1'U l
il~::HnHi,ru"J:; L
"
dJu
"
El'Uv1-v:.: 1J.iill:::l~ li1~'VlEd1'U1Jl"Il"lfl'lJa\l1"l'U~'U LbilI:::~ln b 11'Uoilfll.J ilI1li1 '1fi~:; Mil\llaJ bDli1lN1'I'ii .Jill L 'VI~"1,r'U m
"
LLri1J I"ll"lfl ~'U 1li1l'1rf11ll LL~lnl'J~li1~\I • all nJru~~ll.J1'ilJe:ll'U'iim.JilI'lJ '1 ~ 'iJ o)fi),Yhl.JElU~l.JJi'U'11'U'U 11'11J11'11n~11"l11l.J1.I ilItlli1tll'l LflUVlllihn ttn~ru:::t11'11nc;iDm".liJD\lnU
tl\l~~U1JUb 'iJ
~\I~dj'Uo)fmt\l
Ln~~Dnl'J-n''j:::'I'111 U
11...1'1'11\1 LYlI"IUIP1 \l,rU'Vl'li11'1\llU 1li1l'1rf111.l~\lMD\lrl1'V1Uli1LiI'Uo)fmlf1l.J ~ 1'U
1...1 11'11J11'1V'l11l.JUilIflli1.r11'1 LLilI:::~1J'VIilI\l1Yl~~1'V111JNvifl:;L:j:jli11uiu,'Ubb'i\l
"
nlsoau[diio[uUo
IDS v1:i141'V1U Du1'UVltJ\I~Wlli1'1 :::i1li1'l'U'VIii\l~l r1' 'lilil"l:J.J1".lrlrl1'V1Uli1 11'1 n1J~h L '111...1 rnsa U1\l
'YIii\ltJU1\11li1Lda(;l,l'1l'l1Jn1'i1Jmn ~
"
N1
"
'I
billi1,;ffu L"liU ri\l"Jli1'V1:J.J1I'1b&ltl'U~li1bbl;'l':;lJlJ, b~l'In1V11'1~~li11l.J~1, 'lJ 'lJ q
ri\l¥l 1 «\l11.1 v\l1 'I'J{1 a ill ~ LviD41n ~ nl".l L oilltlil n'lJD\lo]J ill LLfl:;~ \l ~lffqjv1 ~li1ii\lm'V-v::: D~ l'Vlqj'YIwl\lc;im~l"lJa\ll~fifia n1,hl.J~n~1J1tJv\l~'U1i1LUli1"lJil\lnl'i~n1n
Li\I Nill Lfi 1'1 11'1 'VI
(counter attack) 1li11'1v1
IDS btl\lfi"J:;~~nlTIrn".i hl.J~ bLlJ1Jc;il\l'11iif)f.iLb~l ~'liJ1"lib~D\l1'I1m~UbLc;iaU1\l1~~'OJ:::'Vhnl,hl.J~~~U

~N~~~\llYm~l.JL~l.Jril'Uii1r1'LLri
"
IDS 6~i:'lf)~'VIii\ln1J~li1ml15'11
i1r1'c;itlmn1JLL!:lmntl{bmJViLJil'll
" Ln€J{
Nli1LLilI':':1J1J1J1\llil'l'Um'V~Nnw:.:
LlIW1,r'U 1VhH'l11J 41 'V::: (ll1lJ~ 1'I11'11l.J:J.J1'iiil\l 1:': fin 1 u (;Il(f] a(;llV1u(f]DV1u l.lwali1tlumn-1iu LLfl:-:biitl11'V11nrl1'V1U~ lvin1".i
""
"
1 '1use
~li111 LlIm:::liI"l.J bb~ln1Jnl'J
1'1l.J~ nttlJ 1u V\I usn
bilu'U 11'11Jll'1nl".l1n~1V'l11l.Jll
flilli1f(1'I bL1Jl.J
In.J ~ n~1J LiI'U11.ltlf.il\1El(;l1 ulY~

"
LL~lU1~ :;'1'111 r1'
1U~1~U~b~I'I1J~\l1J 11"1,'1:-: 11.1~11 IDS tl1-v'V:::rl1tt\lc;i€Jmaf.in1JLL!:lmnil1~l'l1'l11'11l.J
LLtJ1Jo)f1l.J1 L 1'U,:':1J1JDf.i1\llil"li1rl1tt\l LbW:::ti~1J(;I1ViD1n~lil1 L 'I 'lI
"
r1'uen Lnfl11Jmm oil1:lJ11 UrtL 11n 1(ll 'Ub q 'I
••
~~1::9W1J
rep/IP
L 'W Isnu ~-.liPlll:J.,Jdj'W'I~-.l bL~ln1~!ilV'l~'W'hN1V'1 d:j'WbbM LnfJ'hllhJ'llV'lb'l'Wil1cif'vl1 1~V'lrJ~ltl bb~::: L'WmmJWnV'lb

~1
nTl~rlTv!'WV'l1Vi IDS 'V11nT'l(ll~u1~n5u hJ1'WVI'Wmv1tJiHjEl:J.,J~bVlrJ\li-hd.j'W 5\l"1:::'V11 LVib'l1 mil rJ 1tJd'j'Wb:"mn~1YiiPl~tJ
"
J'W 'W~nVln"l:::1dJ'1ilrJ 1 VibU(l1 bl1'n'1lEl\l b'ltli;'lElV'lihJbb~l h:J.,JM~~'Wb~mEl-.l tJnwhmh-.l!Pll1:J.,Jb~mnm'1i'W
•
+
nT:ilbiPl'I:::Vi~V'I'l/'ji;'lIV'1 b'ill l'I'lln"lm'l:IJYi hl-JMn5uhJ1'WVI'WVl mrudNu~~'VItn'l:::r1n

'iI If "iI
bnV'l'll'Wbll'Wn1,umnbbf'l::: ,, h:IJM'Iln
IDS nvll bU'Wn1'l

'l..J
IDS 'lIEl-.lb"nlv1tJVlldJ7b~~\lLV'I'1
n1'l~'hI'l11:::Virln&iEl-.lbb(9] LV1'J~'1IEl-.l~'W'VI1-.lbll'WbwV1bV'l,~tlf'lEll-J bb~V1 mru,1'1'l1n IDS 1dJij nf'l1n L'Wn1,G'lElU'VI1'WbbElV'l bV1,G'lYiijtl1:::~'Vlilm'V'l Ell"11:lJiillm'lrl
'11 El\lfi1,1"1:IJ MbbVi"l~\lJ'WdJ'W'vn'I'I'W usz
"
uunuue 1~11&i'W'VI1-.l
b~~rvhn1'J h:IJMn5lJ ltlnElw<v:::ilLi1!illn1'lYi
bb Vi"l~-.l bb~:::b'I'I!fJn1'Jru'l:::bf'll"htJ~-.l'll'W'I'Ilnm)V'I bl'1'JiilYiummmJ'Wbll'W'1Ifl-.l'l1'LiltJ-.ll'W 'VI1\ll'ldll-JJt'WI'l\l'l11fl'l'l'Li d 1'J\l1'W'VI1\l'VI'l11'l "1;'l:::b~ElJ'WNV'I bf'l,:::lJ1JEl1"1'1::: b (ll1:::'I11.Jn 11 1~ IDS Mlb~rJdm"l'l:::V11 1Vib'1l1MEl-.lb-lh ltl'WEl'WL'Wl'JnmntJA'W b'VIl'lill'ln1''Jtl!;'lEll-JbbElV'l bWl'J~ 5n1-lru:::dm<i'bll'Wn1,1h.dJil • nl'Jlbl'l'll
1:1 nif 'IJ
'IJ
""
IDS '1Iil\lb111tlh:lJMNil'W8n'VIil(i\'I'l'd\l1~bll'WEl~1\l~
"
:::VlbbElV'l bWl'J~~rl n~El\l bb1;'l:::nl,h:I.J~ nwu ltln(ll,\lltl

,
V\lbbelmnEl{El~l-.l
El-.l(l1l:lJ~Mfl\lnT:i
bbtil.J ~Vilcif n vvhJ-.l Ell VV :::'1'1'1 Ll1ueru nEl1'1'1lVl.1'l1ll-J'I/'jsn rJll-Jltl f t

l-'l:lJ
051'l1ru:::Vl'h,x'W an ldJwlwnv:::'I'IllEn51J:lJ11 bU'Wnl,trlrJ ~-.lri'll'l

qJ~
bbG'l:::1:lJ bnVlNG'l1V11G'ltlWtJn~nn"l::: b
,1ViiJ1'111l-J,WbbJ'>lmn~'Wb vil,xu ,'

ldJllL'Wmru1V'1 ~\lvi'{h'Wv:::v11 lfi~viG'lV1
'I
~vll'111.~ilYiciflUI'111:IJtl PI ElVli1rJ bbG'l::: ~U~'I'Il'l,:::1J1J !Pll,V::: (ll, :::'I1'I.T n1 i1 Vi'l-.l'l'l'Wn A iJ

'11 'i 'I
'Vhu 1lJ:iJi)'VIBf.lbfl1-lvi"l::: Iilnsu 1~NlJmnlV'1tJm,h:IJ~n5lJ
?'iml1,:::UlJ 1Vibb 'l-.lJt'WI'l-.l bf'l:::UG'lElVli1rJYiiilV1b ~-.lbb b vhJ'I.J tT'W?'iElUt'1u'l:::(lllhw 1Vibb 'Li'W(ll'1'llil'J1El~I\l 1W1mJ uae 1'11\lI'Wb'VhYi<Slbll'WNl'WNYim:::'V11NV'Ib'l'li;;hJwli'l1d'V:::u~EltJ 1VidJ'W 1tl(llll-Jnll'V1mmbPl::: n':::1J1'I.Jn11~~fj11:J.,J'V:::~Yi~t'1 b Wl1:::n11(llElU l~m,n':::vllvi
"
'"
~t'1nn'l1:IJlt1cifl[jlEvi~Wln[)'I'ImrJ"I:::
'I'll 1'14b11nPllmu'W<SlbG'lultl~'-m L'WYiiilt'l ,
nlSliirlufiaWClWalCl
-1iEldEll"11dJ1'll-1im~uvidlf1ru'1lEl\ln111'11IDS 'VI5nmdl bI'l'n:cV!nTJUn"m'lJil\l ,, IDS 1cif~ mh\lVllcifn~11
'VI1nN1-ilill"nl:IJ.n'I.Jn11H-.lI'Wvi~'l/'jmbi"l:::dllh
'""
bb~":dh\l ~'WMilElI~"I
:cijfi~nnl.Jtlnffl
'VI~1rJil~I\lYi:iJ5n1-lru::: 1nfh~fJ-.l'VI~mJl-.lAf-.lb'VIjjElw'f1Jn1d'V'lml'Jl:IJUmn , nnrll'1'1'W(i\L'I4(ll11'V<11Jn'Vndl:lJU,::: bf1Vl~\lmhl 'I1'wlvi'll El-.ltl nl 11'111 :::ViYi'l :Cvllnl'&U f.l bflH~n'l:::
"
bb~l n"l :::ijn1db~i1'W L'WVI'WfiYil'ldl"l'V'lU bbfl:::bll'W nli'lf\l'VI.a\lll El~h\l h IDS ~~nril'V1'Wt'11Vi:iJ1i'l11:I.J bU'W 11
I , 1f\lbb'Li'WEl'Wl1'V11nDS 1~
~w-1iiJ:IJ~WiI'W~'W'1:!.J1tld::: nsu n1,iik5tJ8
'V'l'lfflnl1l.J\K\ln~11~(ll11"1'V'llJtf'Wbll'Wn111,!n1n'VI~Ell:lJ
iii 1:J.,J1'rl (lljl'1~U'I/'j'l&1mdJJY!~lrt\lJ'W
"
lWim n bll'WwbA1-I
tillmh\lb'll'W '111 (llb1{n&l\ln~11 miJ
IDS 1~~nril'11'WV11111 bdEllM1J Ping Packet "I1nbbDt'1bt'1d~b~:IJ&1W1(9]fl11'W bU'Wb l'I bi1'nY!H-.ll'W l(i1ull'lln,'J:::U1J U bbPl::::iJn1,'VIt'1ii1EllJn11Ping ila tI'1n
10 bb~nbn(llI11rJ1'W 30 1'W1V11Vib~mxi1bu'Wnl1V>1tJ1tJ1l-Jh:lJ&11(i1fJb'VII'1UA Ping Flood bll'WM'W rJ1"1"1:C'V11 IDS bMElUmJbb llJ(llPlEi(i11P111l'1U 1Vi 6 ldJ1Wiiln11lJmnY!bb Vi'V~\l "V ,,
2 : "at:U:UiJl~"l·r~iJfl1"a1,!fl1fl(Intrusion Detection System) •
",'
"..
..... _
"
:~
I~
-.
1.
'
"
.
______
'l.-:-~·'_.,
\,
rrn b~h)'ul(i)EJii1$'iiifl11umm~\ltT'U
81'1'1:;(i) b 'YIiiEJ'U 1:JJ \INfl L~m'l1 mJd:; rrn 1(i)bbfl:;l-h ":h ~
'I:; if (i)1.h::1 EJ'li'l1 bi1iiEJ$'i'dEJi1VflT'l:;Vl1 L

bb~'d'Li"i,lJ'lI1~'Il8\1l-J'UB6ii q
v,
bb 'U'd U:I.J<iJ:; (1:;UiWI'l8 ~\ll 'YIi.'hQ 'YI1nl1n1'

,
I'll N(i)bbG;r~:;uuiil"l'd1~~'U()h'lfl8(i1 "'!J
"
mn
bbl'l1 'U1"l'd1~b1J 'U"l1\1
b~El'Ubb~11:JJiifl1,umn'l1\1 q q
UtJEJA1\1dh Al1l-Jlll
b1iElnEl'lIEl\l IDS n"l:;G'!(i)G'l\l~ll-J~l#1u
kbG'l:::b§:JEliiA'd1lJ'VW1EJ1l-J1I nln'V1-Jn'V:; q q
1:JJ1til1V1Y111lJf>i'U b vl1~A'd"i bl(1::;1:JJ1tii'Yl1Vl1-JiJEJ-Jn'Um.h-Jl 'YIm:::G'll-J ,r'U~E1 IDS '1:::mn mtJ'Ub~n b~EJ\I bln:;Yi blG'!1'Y1l-J1lJ1 b'ii1l-J1"11vn1:JJiim(i)1uVl\l
OJ
(i)bN'U '1El1'Y"I~ b Elt111tJ\I&in-.I1n1,1:JJl1 I OS b~EJ 'VI§:J

"I
bG'!EJbl'ln1,ii b
IDS El~l'Uj:::U1J 1(i)EJ:JJ1$'i'111mllflJLbl'l\lmhvlVlm:::ffl-J 1
bbG'!:::b~mr'Ul1 IDS i>:rl~ljrl
"1:;1'1 lm:; u 1 (i) ,:; 1\1bbG'!:; e bn1J'YI~n~l'Ul'll\1 '1111'I1tT'U"I:;vh 1'I1~1Ji'VI1,j:::1J1J,j\l'UEl'U bl"l~vrl-r(i)1'Un1jll~u&1v1'Uf'I\I 'UEJn"llm1n1"ill~EJtJ dJ'Ufl1jUmn'Y1\1 'I 'I tJ1"1'1:::fivi'U'Ylci8'UEJ1'Unl1n1,Uflvn'U 1V1 IDS ijnldL~fl'U
1'1 Lbf'l:;Y1f'11W'l11l-J
IDS 1tii
1'U,:;#I1Jlln&iVil:JJii
El~l\11:JJb'Ylm:;ffl-J'Y:::'Vl1 'I1bn(i)'iiEllJG'l1 'UffnBru:::~
bbf'l:;n1db~ eu N(i)'V'H;o!1(i1 Nffl-Jll'Ufl ci fl1'YVl1 'I1n1"i b~fl'UYi b1J'U'lIiJ\I'Y1vrlnnsu 1tl bLG'l:; 'iJ 'i..I
"
tnn ~ fl n1jiffv m ~ EJ ~l-Jl1 unn in iJ1Yil11'111l-J 'l1l-Jljbi'Y:::v1v1fl\llEl EJ'lJfl\l su ,mn ~1 G m , iI1"1"1:::iiLVlEJ\I 2-31iJ\lj8EJbvl1tT'UYi ll'Ublln1Jn1"i(i1"il'1~1J~'U1EimrlJ~'U
11bVl1J\ll~nUiJ EJ
'IJ
IDS G'llm,rlt'llww1J1tii
~m.jmflmaff\l~'Y:;nnl-JiJ\lbf'ltJ
'IJ
'YI1n1fl\l'iJEJb'Yl~Td'bin'1111tlNal-J 1tl1(i1EJJiim(i11'11Al1l-Jfl'Uh h
'IJ
OJ
IDS btJ'UbA~fl\lii
mil ~b\J 1'Um

'U 'lJ
,-rfll~lAl1l-Jtl
~ El(il.!lEJ Lihlb i{ n vl1'YlU 1~1'Ub'1i\l1n 1'U

~ 9
(Proactive) al l-J1, J;I'VI1 NlfIbbf'l,:::lJmn l-J1jrlUf)\lll'U.!lEJ rI n rl1~ 1Ji~1\l'VIih rifl'U Yirrrsu q mn'Y::: bnli) 1V1
~'U 'l1~flriiJ'UYifl111Jmn'Y:::nj:::'1h1Jid1b~'V , q 'l.wn,nnd
IDS tJ\lfllmlrl'1ilEJ1'Ufl1,bn1J'YIffn"l1'UVll\1
..
iJ b~nVllElilri
tf'lliJ\ln1,lJ
n,nYi bn(i1~'U ffll-Jl,bi'1111t11oii1 'Umji

,
LI'111:;'I1LLf'I:;~1I~'UNn':::vll1til1
q "
J11EJ'VIff\lbbl'l~\ld
v
IDS iil'li:I"]~f)\lijm)(i)1'UJT&1YiiNll-Jl'b1~lJfl1"i1Jmn1~m.h\lbinwiJ\I
n11'1111tl1TI\l1'U'V:::~fl\lalI"lEJflllmil d1~Vf\l Wif)\I l11'lEJ f n1j111j\l1m~1 q 'U8n'nnd srm
1'1 bblil:::n11tJ11J bbl'l\lElU1\1rlnVla\l

.
1;0
'U
btlfl1L'llU())
u lil~ lil"il"1 ssun ~ 1iI~1baJJB OJ
'"
L'VIm::: ffl-Jn1J~\I Ul(i1~Bl-J
IDS bEJ\lnn~\I'iif)&i Ufl:;'iimlilEJ 1'Ur;l1 biJ\I~\lNYi'Y:::'1111tl1TIV;\I'Y:::JiiJ\I~':;'VI'wn 1V1' OJ

(ilb~B nu I"]r1~lmYinI"l11l-J11"]11l-J'lh'U
U1;'1 :::~fl\l'i'l'Vl1ru1l'l
"iJ ~
I'll btJ'UN(il us
"
lru ue ~l1rllll-JflJ
NlfI'liiJ1J~ b 'VIm :;al-J

'I
b,:;jmtJ'U nl'lU
f) \I ll'U ii1 "11 IDS n n'1111tl1 -li1'UVl1\1Yi N (i)bbf'l::: 1\1 lil11 EJM Arl f'I~'U £N nu
'I.J
l-J1nnl1"1:::1~'Unl1UiJ\ln'U"i:::UU~B~(i1'UbiJ\I
• t'i/1~ItIJll
replIP
. .. -. ... Al1USIUiliJnU ... ID8l0U TCpnp

•
.
ltl".il(;1~f)f;'l TCP/IP bUU'lJ~'lJtl\lltl".il(;1~flf;'l~:i1nl".i~til.I'W1mvr,HbtiilJ

II
1960 1~fJ:i11~l(1tl".i~iii\l~
,
1 Viiiil:!-Jl".itl1-1l'~mll".i~l
n~u'Vll\l,jhl-J
b'lJtllbl-rn 1tl V\ltlf;'ll ~'Vll\l1~
us :::ffl:!-Jl".i(1'V11 b~U'Il1\l~'ii:::
~\l
iJfl:!-Jf;'l1tl1~btl\llvWD(;11uif&l ~ A\l'VIl b~U'Vll"~"
~"bbi1111u".i:::'VI111l'Vl1"EJ1~'ii~r.hubtJtllbl{n~i1ilru'V111tl".i ~ 1~ 1 U".i:::rJ::: b~l-J(!lultl".i ltllfltlf;'l.QHl'nu 90 '5'\I:i1nl".itllm1if1'W'Vll\1Li".ii'i~ ,

<V
ll'lAtlf;'lnv\l 1 Ul\l bbA1J1 bbf;'l~bUU
Nl'u:1ifl~ f;'l1tl1Viri\ltlf;'llrJ'Vll\1~U
bQ~l~".il'jjnl".iUfl~iiimU~m~l'lJfl"ml-J~m ~~ b~l-J~U'lJD" 8'Wbtllflf btJtll1Uil~~D'W

It 'I
~U1'W'1i'NlJ
f.Jl-Jfl~111.l".i:::l&l1~fJ~1'W 1 'VIru'lJfl\lltld ltllflDf;'l.QA\li1mJ1 U'VI'lr"~D o:u '~ TCP/IP Qi1nl".if)Dnbb1J1Jl-J1dJul1(;'l1'W1U '" ,
~ bR~lojjD\ln1JiiubtllD{b
tJtll41Ul'W:J.J1n'VIf;'llrJ b~l-J uih nfl..:l'lJBilurulMf1l::: 11' bYltl1Vib1h~'iiI''Jl.J\I'VIl-J1~
"lJB\I'VIl1..:1~BQD1Jill~mJl\1".iI:U1'~~u "lln~n~11miJl\l~U~~bl1'W1~11 1960 n:Wnl".i 1'ii1tltlf1Jtl".i\l1tlmh~B~'1bYlD , ~
bb(;'l:::vr"uvilJ
~'W bb(;jmh\lhnMll-Jltl".ilMiP1Bf;'l.Qnv\lfl\l:i1'ii(>]1Jn'V>l~fl..:liim..J1nl-Jl~
:w1~:i1f.J(;'lm~'Vlm'Wbb '1..:1vb1'111 n 1 'Wl-J-Jl-JEJ\l'lJ \ll1n A m.J'vh bMDf[~ uYfl1tl b D , ,l D'W'Vld\lEJl'Wl11'V>1'lJD\l1J'l'1(>]lb'VI6'l1unn bnDf~"'VIfll , N~U lMtJbQ~l:::m'l1'Vl-J~bb1J1J uYi'VI~UU 1 v'il f)1J n~1f)" DDS JU~IUbbM1'ii'iifl1Jn'V>l~tl"'lJB" n&l~'l'hlUYfl1tlDl"l
1Viiiill-J1".itl1-1l'..:I1U1~'VIf;'lln'VIf;'llmbfl::::i1tl".i~~'Vli5111'V>1l-J1n ~\l'i)~1Jn'V>l1D\lb'VI~h.Q1Jl..:1~1'Wn , uein 51Jnf1l1tJ bUU bl"l~D\l:i1f) b'VI6'll.Qm 1 if1 urm
1 ~J,J~
"
TCP/IP bb'V11J~"~'W
m".i~m~nltl'llM uen bnElfbb(;'l~iJf)\ln'W~1 MD
~Dmjt'll:!-Jtl
1l-J boW U"'V>IBYi"l:::Vl1 1M b'Vl1Vi'U nfllB'lJD" ltl'1l!1lA Elf1l

'J
bfN1~ #I"J'WN..:IYim41
bU'W~B\I~nl!lll"ll1Jl'inu~ 1tln1Jlfjn~'l1'ii"1'W
iJEl1Jn'V>l~B"'lJf)" ltl".llMI"lBf;'l~ElD~ 1 ".i :i1f.J(;'lm:::'Vl1JilVl..:11 bb(;'l:::iiil~m(1iJB\lnU\9l1bB\l1~tlVl,,1 'J DV1"hnI?l1l-Jrifl'WYi'i):::~m~lb~EJ\l
IDS b'l'1.s1b1J'W(1iEl"b~J.J(!l'W~nl!l11tl".lltllI"lD(;'l TCP/IP BV1"
f;'l~ bBfJA~ tll'Wb~UriElU
bYiflb1J'W~'W::i:1U 'Wf11TVl1Alll.J b'ill
h b.QD'VI1Yi:i1f111J.Ji1J'iiDU 1 umu'VI5..:11(if
,
--
._.
•~ ---
~~
.e~~ -------_--
"'..,.-'rll
.~",
.II.'
------
---------
TCP/IP dJU'1J~'1Ifl-l11.h1MI"lf)~~lh:::m:l'lJJi1vhb1MI'lE!~UmJVI~ltJJll Vllh~lubbvilll::;iuVl1El '1IEl-ln1".i$m'rl'l
hmlvi~:::Jl':111'V:::yh
billbtJEl{ (layer) i-lflJNVl'1lEl1.l bb~::;bblJ~iPll1'-J'VI:l-J1 tJ'lJf)-l'lifl:l-J~ 1Ubbvi~::;d:::(illJ TCP/IP bbU-lElflm1J'U4 bIllWE1{(iI-l'ltl ~
-7i\l hUl1'W'lllJbb~h
"
zliff
Application
3.1 Transport
TCPI/P Layer
Network
Link
Vll:h Vi flJl:J..1 N~'jjEl1JUvilll::;billbtlfl1il(i'j'-lU fl.l
Link Layer lmlllb~Jf){d'V:::d:iu~hli1~dblf)1~Yh-l1'Ufl~l.IU'l:::1J'lJtlBtr~fnHbvi~::;".i:::1J1J Y]lV1t'h~flJNVl'1lE!lJ 1un1".iflJa\l'iim.j~~-lbb(i)'l:::(i'j'lJn1Wll'W,

'U
tl'runl1rul
.". .....
'l'Jiil1
'Vu(i,ml'l
bbtl1.'l1'l11:J..1'Vln".i:::(i'j'1.I tl'runnru
~ ~
1'l/'Jvh'VublJU'lifl:J..I lII'Vll-liPl fll-J'I'll brm{

'iJ
1tl'l1tn iPlflIII .i::-fllJd b'1i'l.-! "
Ethernet bb~::-SLIP (Serial Line Internet Protocol)
2 3
Net~ork
Layer flJti~'1lf)1J 1'\.Jn1dflH1-l'liEJ:l-J~lub tit'lb l{n t'I-lMfl'lim.mltl'Vufi-l'VVlVll-nti

~ 'iJ q
tlmtJ'Vll-l1tld1AI'lE!~d::;(i'j'1Jd Transport
lLiiuri IP, ICMP, IGMP

'iJ
Layer fuN~'1lE!1.I1'\.JnwrlJa.,j'liD:W1.'ld::;Vlll-lbl"l~D\I'VIt1\1(Host) ltliJ\I~fl1!'!~(;]

'iJ
Vlt1\1 bb1.'l:::'V:::t'i\l'li E!:J..I1.'l~U VI Appl ication Layer ltl1
'Ill ltlHi\llUM
'iJ
E! mtl".i1A\PlEl1.'l~~Vl ul u D
'iJ
bflbmr~di'iEl TCP bb~::: UDP i\lil#lfl1:lru::: l1..!nT'Jfut'i\l'liE1lJfl~bb!l1flvil-lnumJn ltl
Application
q
Layer blJUU;'lbtll'}{VibbEl'l'fW~biPli'm~tJfl Hi1tld1VlI"lE!1.'l'l::;#(1J~1\l11.'l\lltl bViE!
lVlfltl".i::;a-l~bb(;lflvil\1n1..! b'1iU FTP (File Transfer Protocol)
Telnet HTTP (Hypertext Transfer Protocol) dJu 1tl'l1I.iliPlfllll~oEfuci\l'limJ~b

'iJ
1U b'W'V
'l::;Vlll\11J'Jl1 b"ljEJ{ bfl::-11.1 b b dHvJ b lEl1 POP (Post Office Protocol) 1oEG1WrUM11U1VI~Vlfibl-J~'VlmlJ~ b 'B{'II'l n fl1 ml1.yhl'l~fl\l b:J..I5LI'lflbElU(ii (PC) "lIEl\l~ii
"
I.
'''11~t1J1J
TCPliP
TCP
d
,;u
d"
UDP
rVHHlh.J'YJil:lHl 'WllJil'lVl'WalmlJf11'.l'VllI'l11:J..J L'YJ1 , 'il'1!~ ~

0 ""' 0
1'x
"
"1
Ith IVll'lill."lTCP/IP
nil'W'Vl'il:::I'ill::"flnt:l'l'.l1~i:1::lil ~Vl U
,d..
..
...
lJ'Vlvlil'bJ'!'W 'YJililTIlJlt1~mHU:;;'YJil'l TCP
1Ij;j:;;UDP'V'ltlft'lI'YJ1HI'ld
rep
IlJ'Wlu'.llVll'ltl"fl~~lJU'.l::tl'Wf11'.l~lJ-ci.:j'lj'il:IJj;j'.l:::'Yrh:J ~u v'W';hil~ il:IJ'fl'il1 n ~Ui'll'l'il hH1Yl mh1l9illU'i IVll'lil"flilfll."l1n1ufmVl'.l1'il'iJtllJ ftqjtyltll VltllJ~u:h~il:IJ Ill."I:: i:1tl'l
elil ~'lum
tI'Vl1'l1m·Jil m n~ il:IJl."I~'lUm tlvmn'il::il
U1:11tli'll'l ml1 mfl1l-lilat:lJqjlruVlillJ~lJnllft~'111~tl:IJi:11l-lti1um l~iln1ilu'i TCP IVll'ltl i:1d1Uf11'irmi'l~il:IJi;1 m::m'Wf11'i~'Wvu
tii'll'! ~'!'!Ulltl'V'lVli1II'1-E''W~ilI'l11:l.J"~1~qj~1 fll'.l~1J!;h~tllJ1:1d lil'! dJ'W~~'lJlt1'YJil'llu'l" IVlY'lil"fl

'u "
~IYi'Wlll."l:::'hiil1Y'1':i:J..J1u'li'loij'W1~ IVl'n:::1ufll'.l1l1'llU'YJil'll'lil:J..J'i'l1IVlili
vhmle:il'WI'l'l'il::'Vl':illJlI-a111~m.Jl."I
Vjflllh5 nEl'.l-a1uiifl11:J..Jth~
W11'1l ml'.ll~ fJ1 ~mvh 1'111U'iUm:J..Jlll'11'WN~Vl !;1l~~'l'11:J..J M~'WVi ~'l'!'W!! ilVlVli!j!1'l-E'U~':)'IIl'illJY'l11:J..J ~ f.\j'l'W ~ al ~ Vld IlJ'We ~1'! ~~'l'l1um Iftil fl'lil'l.h I~ I'l~Hl
qjTI ~l'l ri'ltl1 ~ lIi;1::mh'l
1'1'11 IVitmfl'W
1'Wfll'.l~il1;n'.ltlu
flT:i~~ illJ i;1'lJ1~~·q ~'111il ~ 1il1u Ill!1V1 tI'l
rcr
IlJu~l'Wd'Wm
n ihen
illJ tllJ f1ld~
Iih IVll'ltl"fl
UDP
'l'W'lJtll:;;~
TCP ,!'WtlUlJ'WW Ltltli'lJil'l
"
IP t'li:'1l:J..Jl'it:l~ml.:J~tl:J..J"fl'lu1~'Vln~1'W ll:lflnlmtl1JlaiiilUl~il~liliin
"
lll:l:::1'i1Iil.:J~M liY'Wq'lll~!Vl'lf'lJil'll;]llt9tl~~i1fllJ'W
f.iUlVlil1Iil~1'J fl1'Wd Iil'l
res
iim'i~uci'l~m;!j;j'l~ilUl.:J\lfl~il'lVjf1ilVl
"
UvlVjnilUl'1'l'Wh1fld'll-ll1il:;;1'l'l~mm
v
~'l~ TCP
~tl'l
IIj;jn'hJtllJ f1l'i~lJU'.l:;;fl'W~il:J..Jl:l~tl
Ian
ili I~~~ I~:J..J~'W'h111 'l'W1I4'lJil'!1'l11:J..J fJl1'11il,:]~tl:J..Jl:l!I"fl:;;1'l11:J..JilJitl'W

j;j
'l'Wfl1'i~i1 il'll'l il tIVlillJ~lJ fl'WVj I'lt'l'l'l1 'll1U'.l:: ft'VlTIi11Vl;1~ l:l.:J'bJ 1'I.J'ilVll'lil n i al:J..Jl'it:l~1J!;i'l~B:J..J"fl'.l::"d1'l1~{1Vl1~ 1'lI'Wnu !!Vl1l-liifll'i~lJU'i:;;n'Wfll'.l~lJ
\I
UDP M I~1:J..Jlu fil

'U
vll f.\jmtl
'lJ 'I
~ il
ci'l~tl:J..J"fl'11:J..Jl fll'.l1:1'liiTI:J..J1.lVl tlti'l flY'lt.:J
'il::1l-ll1 f11'l"Vl'l"1'il{1DlJ ~uiJu11~il:I;!j;j~.:Jum
tlVl1'l'l1~il'1l-l fl1'.llft en 'li1U'.llVll'lil"fld'il:;;~'WD ~n'iJ lIil'V'l'Vlilll'l-E'wlJ'W
~~l l'UUfll 'iVl'i1'il"iJillJ V'WVUn'Wlil'! '111n ~ tl'lf11'iVl'i1'il asu n'll1~lJ ft'lii tll.J i;1EJUUUrvi:J..J 1~:J..J~ IlJw'lIud
11ii lIilWwilll'l&UlJ1,nJ'i::
iiil:J..Ji;1 MtlUl'lii'I.J'i:::ilVllimwn
"
ltl'Vltllll'il:: 1:lJ~1 !lJu~'il::;)il'!ii l'i'ltl'!Wil U-a1
f1l'i~lJU'.l:;;nu~il:J..J"fl ill'il'il :;;'(Jil IVltI'l'll1"51mmlu
"
!'I'.IJ1:;; -ft'l
"
"
1U'li~'lI1J\l1th11'lI'lil(;il , ~l\11 'i1:l.Jr1UL1JU'liIil"lJD\ITCP/IP ,
TCP/IP
t1'i::nDlJ~h
tI1u'i 1M I'lil (;iI'YI (;ill!.J~1'Vll\11'W~1:l.JnU 1Ul(;il b!.JEl{
Ib(;ildj'YIi.hVibbMn~l\1nUilDn
1t1 mwVi
3.2 b!(;iI"~\llv1d1Ufi\l1t1'i 1(ilI'l€l(;il1'Wbb~fl::bi;HtI€l~Vib~il
1i\l~1'11~n 1u.rnwMil 'Vll'11U1Vi~~ tn'i us ::I'l1U I'IlJn1"J1'uii!\loiJD:J..J(;iI1 Yi:l1 ,~
rc= .
UDP:
D ~1 UVl'il'W a'l.JiJ'fMlfil Wil{ ~
baOtl'.l1l1'Vlllfl::b11iloil1t1( D~1 'Wmlufltl ~ r1U1I~1aJl:in il~(il b(;il b!.Jil{ Yll'YIihVi~(flnl"Jbb(;il:: 1'l11JI'l:l.Jtn'i1'u ii!\lTIil:l.Jl I'liu I~tll f ,~
sln nl'.l1'uii!\lf]l:i
bao tI'l.fl1'Vlblfl:: b11€l il1Ji 1t>l!.JtIiii il!.J'YIihVid'i Vlr1lJ o
Ibil'Vl'V'l~ bfl'ii'u b(;il b!.Jil~liJUNvll'Y1U1ViD ~
u 'IIlU
"'~~ .•
,~ ---~-~~-
'~
~~~:'!
--
---
--
---
tuft
3.2
Application
!flw'llf'll'iJ.,'J
fur (lJIflflfWh.,'Ji
hJ'ij(jJ TCPI/P
Suite
Transport
Network
Link
Media IP
mjh!bUl'H11m~lbEJi)'f
"
dj'W11.h1l'lAfl~'I'l~n1'Wnl'J~mnJ'.iim.JG'I
"
~,JnG'l1mhAru~
'Vh1Vi'.iifll;jmnmJmA~f)'wVi1tJir..J1.Jlill~V11..J1[i\MflhJJ1l'lfW~
IP ii'bfl..J
ICMP
(Internet Control Message Protocol) D~1'WbUl'lb11mi"lW€l{

1Vim';lvh..JllJ'lJD..J IP 1Vi~l-JlmU
vll'1'lUl~b&~:J.J
Al1l-JNl'l'V'ilillI?11Viw1 IP bbl'l1wIJ1..j1€1n1f1bbfl'VII'V'i~bAilJbi"lLVEl{fh~~nH ICMP 11'l~l'l,\lb~flHlh:: 1~'ll,r"llnAl1l-Ji;'l'lmdbl'lJfl\l
"
1l'l~"I:.;djlJ 1tJ'J1l'lI'1El~~Aiw1ii'l'1jT.lfll';lbL1Il::bb~..J
ICMP ~hm'1l'Wn'W
IGMP:
(Internet Group Management
Protocol) fl~1lJLUIilL1{mG'lLVfl{
nT~ci\l UDP l'llMlUnJl-J hJiJ\ln~l-J'1J€1\l1flflWi Yl1€11flflWimn~I&fl'V111Bl-Jn'W
"
VhYlUl~lJ
ARP :
(Address Reservation Protocol) El~1lJ~\lflbi"lLVEl{ 'VhVIU1~btJ~~W';l:';Yl11..J

bbEll?lb(iJda~ffir,w
IP 1VidJWbbElIl1LVI,fI'lJEhlNetwork Interface
RARP:
(Reverse ARP) DEi1lJ~\lflL1IlLtI€I{L'1llJn'W bLl?ivll'1'lUl~n~'IJn'WnlJ ARP Afl

bll~~lJ'::'Ydl\lbb€ll?lbmfl'lJEl\l
"
Network Interface 1VidJlJbb€ll?lbVld&~'li1l'l~
IP
Internet Add.ress
'VI njiu bl'W; L 'V'J'll~1?i tiuu BlJ bl'lD{L Ul'l'\l :,;M€I-Jl1'1'l:J.JlL1Il'll1l'J:';q}1P11~€I1oift lJn1d~flfll' El€l b
"
'.ii€ll;jlil b~~n11 Ylmmfol'llq}l'WllJ
Internet Address 'I'l~€Ib~~nEi€l·rh 32 lll'l
IP Address 1V1~ril
IP Address ;1"l::dJlJ
~..Jbbl?i bb1ll::rr'W
bbl?ibb'Vl'W~'V:.;ri'lY1lJVl1Vibfol'lJ~..:J 1l1'Il!lJb1nu'lJl?imiifl..:JnlJhJ 32
o - 232 il"i:.;1-E1l5mdbbD\lYlmm1ll'llti1'\ln~11€1DmtJlJn~:J.J'lJ€I\lW'lJ'll'W1V1 bbl?ifol:';'lJWI[i\l~"lfiti1'lDt.il-JL'1l'W 192.168.13.204 , q
"
8 U(ilq}l'Wl'W 4
'IJfI
'Ufln"l'ln.alw
IP Address tTwJ\lr1nuu-.5f)f)ndJ'U
bUMb11n (Network ID) u~:::a'J'U~dJ"mf)l'lb\i1"jt'1'lleN1~ff~
"
2 a'J'U~fl
a'J'U~dJ"Hbfl\i1b\i1'H1'llf)\I
(Host ID) l1\1iim,J~1'Ua'J'U.a"l:::Clnl]
ii'l'YI-ru ~'U'Vm&'U'Yn.'l'llfl\l I P 1'U1l'l"j~"I:::'lJ'Uiii\lii m,J~'1'ln ~'U'vn\l1 if(i\l1J~l t1Vl'l\lflU'l\lCl n~fl\l
"
"
"
"
b~flblJ'Un'l"jfh'VI'U\i1'l.1'U'l\i1'l.1fl\lbUMbl{niil'Y1-ru Address 1'Ubbll1~:::"li'J\lElflmlJ'UblJ'Ul'lrnff
IP Address ~'l\l'1
W1\1tT'U~\lijnTl~\i1 IP IP
(class) [;J'l\l111'U"I'ln A (i\l E bvlfl'l::1M'Yhn'l"j~l'lff"j"j
Address lMflU'l\l b'YIa.JI::: Pl:IJllU'l.I'U'lI'l'llfl\lbUMb l{n

7 bits 24 bits
tUYI 3.3
Class A
netid 14 bits
hosnd
16 bits hostid
rnnivuu«
Ufll1i!Mg<I~1UflJ flfllg<l(fh~7 Class C 1 Class B 1
I I
I I
0
netid
I
8 bits hostid
21 bits 1
I
o
netid 28 bits
Class D
1 11
11
multicast group ID 28 bits
Class
I1I1I
Class
A B C D E
Reserved For future use
Range
0.0.0.0 - 127.255.255.255 128.0.0.0 - 191.255.255.255 192.0.0.0-223.255.255.255 224.0.0.0.0 240.0.0.0 - 239.255.255.255 - 255.255.255.255
nT1 Encapsulate ~El n'l1'l.hiif):IJ~~~f)\ln'lliii\la.J1111:::
'll f)\l1lJ1 1Ml'lf)~ 1\i1t1ii f)a.Jt'lGi'J'U~ dJ'U iii'J'UI'I'JUI'l:IJtT'U'i)::: nm,lim 9.J

'QJ 'I
"
nfllJ"j'Ja.J lluii fla.J~~ blJ'Uiii'J'UI'I'JU 1'Ia.J
". 111'Ua'J'U 'I1'J'l.Ifl\lllfla.J ~ b~tJnl'l

'l.J
IlWIlVl€J{ (header) l1\11'U1l'll-r1Jllfla.J ~tT'UN~~\Jll fl:IJt'l"l::1M-rU b!:J1'l bl'lEl{riEl'U'11 ntT'Uihh
bblJrm~:::'Yl';l'lUl11lf):lJ1il~Ml).JmtT'U~5m~ru:::flUl\11
"
"
"
L!'l\i1 \i1lfllJ Lf
'l.Ifl\l1lJ111?lI'lfl~iii'JU 1'Vlqj'l:::lJl::: nflUM'J tJllm;jt'l'Vl5n~ii'l~qj'l.lfl\l :lJlf1fl bLf)I'lL\i1"j/il'MUV1'l\l, bbfl\i1bl'l"jfflJ~'ltJ'Vl'l\l, 1'l'J'llJtJTlllfl:IJiIl, 11\1~\I~"I::: ~ EJ\lbU'ULif bl1'U'11\i1 Mfl "I:::~iiil~t'lii'lr1qj
"
'''I:::1M~\i1n111MflEjl\1ClnMfl\l
h11 11?lI'lf)iIl~'Yhn'l"j Encapsulate 1'11Mlll'i)afl1J1'I1'l).J~\i1'INm\i1iiEl:IJt'l
"
m tJ1 'LH!:J\i1 b\i1fl{
bU1In:::1lJ"j 1I?lAf)~~'l'ilrn1
"
L'YhtT'U W11mh\lb"li'U 1111 Encapsulate 'llf)\I Ethernet n"l:::~nl"j1:::U b~l'lbl'lfl{b'vhtTu "I:::1JJijn1"jlJ"j"j"l
IP address t'l\l:lJ'lL'U Ethernet Header MltJbbll1m.h\lL\i1 b'l"l"jl:::
Encapsulate l-i'l
"
Ethernet address iIl\lL'U
{~~~
.
_-_-~-
.~
~
1tHflb!Jfl1'lJB-J Ethernet "I~llJ~~n
v
_-
-----~
IP Address 1'I~B111~l"Il1J"l'-J 11'l'1'lJeN IP ("I~-l'1 bb1!h Ethernet 1'l1iii1bLndmB-l IP "I~nn~rh;hdJ'W"iim..jfilnfJ'W ~ ~
1dJ1Jil!J1hh1im..J~~"I~ci,nf'WdJul1hlL1lI"lB~fl~h) ~ ~ b~!Jln'W&l1'1-ru Ethernet bvhoJ'W
User Data
tINt 3.5
tns Encapsulation
1ifJl;!mhuii!'1Ifi{} fUr f/?ll"lfi!'lumfl::; ;r::;i1u
a-
User data
ITep header
..,.._ -
Application TCP Segment
data -
J
--flo'
liP
header
JrcP
headerl
Application dab;! -
J
.....:
.+--- - -
IP datagram
Appl icatio n data
j.--- - - - - - 1 U nl11ml-J'if
"
Ethernet
Frame
----"1
Ethernet
fJ:i.Jiil.TU 'if fJ:i.Jiil~flJa-ln'W"l1-J'11J'W

'iJ
bWL1l bl1n.T'W"I ~tld~ nfJ1JJil!J
2 sll'WfifJ
'ifil:i.Ji1l'i11-l 1J"iifl:i.Ji1l'lJfl-l n lu",i1l?1l'lilfil bU~!J1J b~Sl il'Wn1"Ja\i'i1I'lYlJ.l1 !Jll\i"l:':: Wi fl\ltl"i:':: nil1J!iil!J b.Q€l1'l11:i.J 1'W "lI?IYI:i.Jl!J bi1l b ~'IJ'fl-J"lI?I1'I:i.Jl!J~b.]!JU ~il b€l-Jb'IN"JldJ.J1'11 b'Jl"'1~a\lli111'l"J
'iJ
"
"
V
'lJ
&11?1 1?I:i.J1l J1Sl bb~"I(;]1'I'-Jl!Jfl ~h-Jb~ !Jl1tl "il!lruvnl'l\l Mfl-lell'W us r
n1"J Encapsulate nAfln1'Jb€ll'i1(;]'YlJ.l1!J:!.J1 1d'1l€l-J,rUbfl-J l\i1!J"lIfJ-J 11?1f1fJt'nr'W 1 1tl"i 1I'lfl€li1lih:.:: 1ci 1 '1l1l-l rJl Encapsulate
"'I:':: tl~!JU b'YlSl€lu"iim;ifil~1oE1 'Wnl'Jf1Jd-J'lim;ji1l'lJ€l-l1tl"J b 'ifmH)l~fJ-Ja-l~l'W'Yl~l!J

"
biilb!Jfl1 .)lUl'W'1lfJ\I
..
n"'l:.::nn 1cibvil-.JYlfill!Jiul'llmhv11Jnld
'iJ 'iJ 'U
,rWll-l
Ji'-l.T'WrJlbdl'1:.::d..:l"iiil'-JfiI~l'W1u'J 11?1f1ilfilrc= 'limJfilb"iln"l:;~n ~hJi'1J~ 1. '1leN
1d'1lll\l1?11'-Jci'1v1UJi'..:Id
rcr
ci'1Ji'1J~ 2. '1l1l-l IP ci'lJi'uVl 3. 1m-l Ethernet bbfil:,::Nl!J~f1J'ifrmfiln"l:;tilil-lbbn:;:'lJ'fJ-lflfJnI?11:i.JrllJi'1J OJ '1:'::b'lil'lfil-l IP bbn:'::'IJil-l IP <'):;b"lfl'lfEl\l rrn ~l~lnl'J Segment l\i1!JMfJ-Jun:'::'lJ'fJ-J Ethernet rinu bb~l
rc=
bbn:'::'lfiJ\I rc= n'l:;:b"lfl'lill:i.Jiil~(i1iJ-ln1"i
"
Encapsulate 1'Wbb~i1l:'::"J:.::Ji'un'l:.::j:jn1"ib~!JnTIiJl-.JfiI~EI~1u'lfEl-l bbL1ln~l..Jn'Wfllln 1tl "iiiJ:i.JfiI

'tI !i.I 'lI
Encapsulate b1!J1J1fl!J
(1a'1lfl-JlJC'lNi1n)
bb~1"11n
rc=
d-J11.lu-J
IP b1!Jnl1
TCP
1U"i:;:(;)1J IP n"l:':: ~i111 TCP Segment bi'Ju'liiJ:i.Ji1lf(-l'lj(;1 b~fJ1U"ill.JnU
"
IP Header ~-l1tl
U\lbfilb!JiJ{ Datalink "I:'::b1tlnll
IP Datagram IP Datagram :i.Jl1d'lfehl 'lJ'Wll'l'lJll~"iilll;j~f( . m:i.JC'lb'Jl
1'W1:.::Ji'1J Datalink b~fld\lfil-l1tl"l:.::th
I.
"'I:;b1!Jnl1
~~1~g,1111
Ethernet Frame
rep liP
'V1mtlOJ::: b'I4'Wl1lJ1\1l"lf\lllm.Jfl ~"lli1€l t.ib'WU\I ~1l'Il€l U u~nl1v1 b 1~'V::: i1l1€ll.J;'1J €l\l b!l~ b~€l{'1J€l\lltl,i:vH'HJ
blTv:::ci\lllmJ
flltlfi\ltlfl1uYl1\1 ~'11~1''lJ
'1J €l\l'1J1qjv1 ml €l\11'VIq,ivi€l'VIfll tI'l3\.J ~b~'W€l~i1~1 tl 111\11'W€ll'V'V:::i1bVl tI\ltJB I'Iln ~~ (i) u Yl\l~~ til btiwllu fl 1i\l fhuu 1tl1~ 1J1\1I'l{\l010J'V:::~ ~U ~tl~€l\l U~ n1'v1~
"
fl b~l::: WiVlltl~l U~~J.J€l b'li'Wb~ !J1nlJv1~l\1l'1f\l
tl':::'VIiT~'lf€l\m~'VVl'VIJ.J1t1 13Jfi\l 1i1'V11'lJ 'Wn1'l~Elfl"1'l1l0~fll3Ji1'liB\l0J~\li 1
"
B\l1fl''lifl\l'VIfll uiu
u ~,fl' \lli\l~'VIJ.J1 tI~ nl1 1Y1~tJ~El\l ~~~'VI1''WU1n'l~ b,j El\l'V1n'VI n u Vl n btl~ ,
b'l1 ~'Wbtl ~i1\11tlMii bbUU~11?l5~ b,1 iI1 'V H\l1'W 1~13J b~J.Jtl"l:::f{'VIBm'WbYl1~l'll'
i1Tv iff\lbn~ 1~~lUil11
'W'1Jru:::ffil.Jb~J.J~i1nlJtJ'Wb~B{ bi1~~, ,1 n1,1'lJ fl'\l1Ii1~fl 56 Kbps tI5(Y1
bb~1'l11J.Jb~'~bd11?l1,'W1'V1flI?l1vJ~fi\l1Jifl"\lfl"Vl~lnl1,r'W~.nn
", "
b'liu 30 Kbps fl"lb'VI(Y1rh,jEl\lmOJ1nm,~
jj b!ll?lbI?lB1''1J El\lltl"lli11l'l a fldllJflt.l nlJlIill.JflOJ~\lEl t.i Jil tI
"
"
VI11YI~i1~b~tI bblJ'W~i I?lfiltlcil'W'VItl\l b~i1 n1,d
tUVl 3.6
rns
Demultiplex
1f'iJ'JfI#Mfw,n
ConnEthernet frame
demultiplexing 1VlOi(l,ln destination port number tu TCP or UDP header
demultiplexing
lGlO~'lnll~11hlVlA~"
tu IP header
<)
1'Wvh-l1i1Yi~,h'Wm1~mlTlfi\ln1' VElt.J'VIir\l'1JD\ln1' Encapsulation Encapsulation ltlbb~l tr'Wbfl\l YI1nn':::1J1t.Jn1'l 'liEl\lVifl:::i'W(Y11lJbflb!JEJ1'Yi fl'\lltl 111, Demultiplexing
d.emultiPleXing LGlW~'ln frame type tu Ethernet header
Demultiplexing
~Elnd:::1J1t.Jm'l
Encapsulation
~Dn1,thllm;lfllJ11fl' Nun 1fl''li€l\ll.J1i1t.i1\1
tlfiEln1,1'mm\lllfll.Jfl~i1\9i
ilwlll'l
IV
b~D'Vhm,un:::i1i1nVifl:::.gU(Y11J.J
J{ Q,.."j
tv
bfl btlfl{'V'Wfi\l bfl bUfl{lJt.Jfl"I?l~D bbfl'W'Wf'i bl"lit.J bfl btlEl{ ~\llJi ,

v
"
'1Jfl~flbUElI"l11J.J'V'l\li'VI(llfl\lm'~D~l,nt.J 1 urrn Demultiplexing
.:4
,r'Wbb~lil:::bi.'l lJiI{'V:::thllflJ.J1.'lm'l'lJ.Jnu b
b'li'W 1 bvJ'l'J.J1u1:::.;rU Ethernet, 1 Datagram 1u'l':::.;rlJ IP Lbfl::: 1 Segment 1Ud:::.;rlJ TCP 1'iJbb~1.'l::: mUfl1n'V:::vhn1'l'f1ElVl b rm
'l.
"
1 YlrldlJ(Y11lJ'1Jt.J1\9iYitiiil\ln1'l
bbfl:::
b!l\9ibl?lil{ 1i\l btl~UlJ b~i1i1U'liB\lilEln bbfhfl'\I~El.7J'W ltlu'WbflbuEl1Yifl'\I

'lI
1i\l1'WYifl"\9i bmtlfl1fl'vl'vl1un'V::: 1JifmQvn:::-l1flJ.JflbYl1,rU '9
bbfl:::b!l\9ibVlEl1r;]m1ElI'lDDn ltJ'VIlJl?l
-\1
"
~. ,~
"";i'
~.•. ~-~~--Ol', -~ ':'1:1: ...
.
---
~ ~--
rrn
Demultiplex lliil~ Encapsulate dJu~\ll'inulbfl~"HJ(;1I'1~D\ln'U 1riH.m~,
DtJn-.mr~'\I:::&mnnJ'w
lil(;ll ~'}fn1ai'\l:::$itl\lii~\li'il'U~vll'l'IU1~~\I~EN dlm11n userrn
Oemultiplexing l£t''U(;lfl'U~1'1J1imJiiI'\Iln
Encapsulate l£tU(;ltlU~'l:::l'hn1'~\l1im.Jiilmn'U'VlnbmrJfl1'1Itl.JLtJ,1(;lfltl1il
"
"'
"
'\Ilnbiil brJtl1~ bb1il'(j1\1l'UJll'V'J~ 3.1 '\I::: d1'Ul1liilbUfl11JU~(j1'lJfl\l

9
TCP/IP ~ iJ lbflV'!'Y'! lAi'U ~ 'linblJ'WL'1'V:::~D\lWl'Wbmm)'Hj'n UllflVfV'i~ bAiu(l]l\1n
It'll1Jil1 ~\ll1'ri\l~ lll'l:::W1J.J1,riff\lln(ii b'V'J,1:::bbiJVmi'i bAiubiillUfl1'\1:::l"mJ1J tiitl\ln1'11J~\l1iiJt;jiilW1'W "J~\I~Hi\ll'Ull"l"liT'U

9
b'l1'U 1Jil11iflJ.Jt'l~\lluJ\>1'l'ln'1b
"' 9
AiillJ0'\I'YIlJfiI J(,l\r'W'V:::bilfiliJ:::1,~'U'hi:i'YIt'll , bAi'U:lJ1n
TCP/IP bb(l]iiI::: blil'V'J'V'Ji;)bfli'W'\I:::W1J.Jllri uunuue 1Jimh\l

'l.I
h 1 'UA'l1:IJL1Ju
"iI
biJ\lniimjlJ1n~iibbtl'V'J'V'J~
n-h
1 lbtl'V'J'V'J~ll'liu~vl1.JlumjmrJ
1'W
bl'1~iJ\lb~Uln'W
b'lf'Wl'Wb0J3{'VhliJ1bl"J~iJ\lb~VliJ1'\1'l:::blJ'U0'\I
FTP server, Web server bbt'l::: Mail b'li'W NetBios
server 'Ufln'l1ndtl1'l'V:::i:in1'1J~n1'~U'11J'W biJwi'i'W
TCP/IP ~'lfiJ'Utl~lfi1V~bl1ilTi,)1~'Vll11J
'V'JiJ{t'l (port) 'I::: blJ'Ui:Jtl)'YI1'11iJ,wi'lmlJ1il\1~U
1uhl1 Lt'll'lfliil TCP/IP 1Ji~mltl
nbl1J1J lViii
'YIJ.JllJbiil'llVW1t'lfnJ1'WWfilbfilfl1 lVifll:::1Jl1'1iilJ.Jiilb'1:Jn blJ'UL'1ihu'W'lltl.JbbiJ'V'JWi'ibl'li'WiJ:::1, 1'U1~flL'1tT'U u iJ'V'J'V'J i;)bl"liu bbl'it'l:::!fl1~1 Vi1J1n1 ,iJ u1 'Ull"l~ fl.,j I'i 1\1 'I:::i'YI:IJ1Ul1:il'llV'J 1 (;llh:::~1!fl1 i ' iJ l~tlm.h1im.Jiilm lnl'l'Sl'U HTIP 1Jillrl
"
'"'
"
Hill
bUU'llEhl bbElW'V'Ji;)bl'1i'W(;l'WbD.,j'YI~il1~ 'I1:1J1miil'll'V'JiJ11'l~b ,11~nll'U~ lUU'lliJ\I
"
lVitl'l ~ W1m,bl uae Hd'Ju
'V'Jfl11'l 20,21
FTP. Wil11'l 23 Telnet, 'V'Jtl1(;l 25 SMTP, WEl1(;l 30
"
bU'WJiU ~1'1111JdlU1:iI:::b8Ufill1'V'J1!J'l(ii \>1~1'Y11'1JbbiJ'V'J'V'Ji'iblP1iu 1 1fi1liJ(;1\>11alt'Wm!PlYJ'U1nvhm~l.I
"
1(;1rJvf',1t1'11l.1 Ubfl'lJ'V'Jfl1\?1'1 1 :::i:ifll1lJ ~lf1qJ r'f1J~\I'lJtl\ll0J31vJb1 iJ1 lvhtTu ~\I bofi{vJb, El1'\1:::Ji D\lI"JDlJ'JEl1'1Jm,~ bl"ll W~ (Req uest) 'I11tl'IJElt1J1J~m''V1
ltlD\I'I1n bbiJ'V'J·'V'J i'i bl"li'W n11"lfllElUL'1~'V'J lf\?llfi:IJ E b'V'J'Jl::: 1i'V'JiJ1(ii
bfl:IJEl ~:h'W1 'U~\l1Afl bEl'WL'1bEJ,l'YImV l1:il'll'V'JEl1(ii 1lJ~llU'WMil\lllJ'W'YImUbfl'll~fillV!fllbb1:il:::fl\l~ '11m m1:il'll'V'JD{(?]'1::;buum'1fl':J.Jbiil'll~Um Hi'I"1,l,

9
(Ephemeral Port) Llf'l:::"l:::ilm,L1rm
1'11:JJ'l'\nl'lt\l~iln1'Jt1Jri.,j1iiJl.I1:iIL'ljl'liu
9 "
(session) l'11lJ
Reserved Port
1 u,:::1J1JtJiJ1J~m, Unix iim,iiI'\I,'U'V'JEl11i11Jl\1m,U 1-10231M 111 Vi~1'1111J1 'V'Jdl'lj1il'~:lJfl'V&vhf!,!oj'lliJ\I bl~~h'Yl''r1J Windows NT :n1aiiil,11'W11 Super user L'VhJ.\.!~1'I1:J.Jl'blH'V'JiJ1Iill'W'lil\1
LL(l]ilUl\11fil1'W1Jl\1l'1t\l'l11n'Yh'UNEil'W'V'J1Jl'1l11 Unix Reserved Port n1Vib1il1'\11Jil1'11lJ1UD.,j'V'JiJ1(;l ~ 1 ~1023 UULiJ\I 0'\1 TCP Lbfl::: UDP (l]1.,jn11i\llU'V'JiJ1\?11'Utrnl!lru::: L~Vlr'fU~El H,:::1J ,Lltl'V'JW~Ll"liu 'YImmf'l'll VJD'~(;l~l'Il:IJ1,b1d:::1J 1M'I::: b~'WoJiEllJt'l'IJUlfil 16
1i\llU 1M~\l~U =
"
Ulil
UU'I1l.11V 1"l11Whb 'J11'11l.l1'r1:lJVJtl1(ii~W1l.11'Cl !fl\lJ'U~lUl'U'V'JiJ1(ii~\I'I1l.1fi1dfl1m'rll:1i\llUl'U
65535
'V'JiJ1(iilUU(l]fl:::1tJ,1(iil'liJfl
brl~D\lb'n1aib~ilH1t1'L(;lADt'l
TCP/IP ~iJ 128 K ,!ULEl.,j LfilmlJ'W'IJiJ\I TCP
64 K llfl:':'1J£J\I UDP
I.
fln 64 K fi1'11f1Jn1,rl1'Y1'Ufil'V'JiJ1fillYiiJ1i1'Un1'Jt1Jt'I.,j1iiJl.Ifl'l:::mhlfi.,jiJU1\1ii1~lflUfil1U1J'l'\(l]D1t1
'''I1~W1J
Tep/IP
"
IP • • Internet Proto
IP dJ'W11.J'llMrlElflVlvl1V1i1TVi1'lJJlTl:':: l'WB'WbMtl{bU(l1 hhl(l1rltl(;'l~1-J'11'W ~-J~'W bi1E1-J'lln~\11u'Jl(l1rlEli'l

'1-
1'Wfl1'l'l.hl1eJ~f11t1N'>ltr-J'l(j1V1mv1.Jf11V'VI1-J
'"
llJl1~1(j1'1
TCP/IP Suite ~\! TCP, UDP, !CMP ~l\!iHlEl-JmAV':l:-:'lJ'lJd ~~fl~'l:-:

'IJ
IP di1nlil1fl~I'IE1'W'1h.,jQf11\?11'WnT~Vllb~'W'VI1-J'lJ'WN\l~m.Jf1
q "lJ
'liiln u 'liflVll'1lil\lVll-J l1.JiT\!'l(ijVl:lJ1V'VInVll\l~dJ'W l1Jltll lu'll(l1rlaf'l~'W~il~ 1'lJlll,:-;1J1(iJ1111'Wfll''i'Vl11EN..]olJm,n'l11J1J\1-<il(iJVI:J.J1tJ8n

'IJ ,
bi'lbVil{iil-J'll'Wl1J bi'lVhi~El-J ;u
"
'lJElbVltJ-Jbbl'lb(il~v:l.JolJmJf'll Vibiil~'liil'l'l'II'JbbtiilN"]
1Vi IP n'Wtl'Wh1$ill ff"]bbiil1
IP 'iJ:-;VW1Vl:l.Jfl~1-J~(iJ1'\11:l.Jiillm'lCl~'J:-:Vll'Yll-J1t11Viff\l'l(iJVI:l.J1v1Vi'l\l1$i IP ';J:-;dJ'Wlt1'll(ill'l€H'l~b~Ul'1flqJ 1'Wfll'l'1l'Wg\loJjil~f'l1t11ai1flf'l'1 bb(;ini1'l(l1aiflUfiil IP
dJu 11J, l(l1rlElIiI~ unreliable "1iI:-; connection less (b1J~VlJbiiliiil'Wbllu'l:::lJ1J'1J'WIiI'\I~ilUlqJ'll(l1b'h bbMllJ1'lJ1.J'l:.::n'Wl1oJjfl~(;'l'l:-;ff\l1.JlillU'VIl-JVl1il1aJ) b(;'lbUfl{~u~Hi IP dJ'W~lN\liim.jlil-;Jl
'IJ
fll'l~
IP iloJjE1~flV 2 JJ'l:-:fll'ld
t'i-J,ru l1.J'llMrlflf1 bVlEl1Vinl'l
dJ'W$iEl-JVlIVl'W'VI1-J1unl,t'l(l1iiEltl\iw
bVl~ldlil\l11J
1'lJ N\l'iJil~f1 ii biil~ mJll'II'J bbf1:-: ~ilfifl1$i b ,x'W btl\! fll'lN\liiEl:l.J1;'l $ilV
-1r-JnAil'l:-: Wi El-Ji1flf'l1fl1 'Wfll1f'lJ1.J'l:-: rl'Wfll'lf'lJ N-J'iJfl~ f1Bfli'W b'l1<J1WW l'IJEl-J b~VlJ1ElU

&1 (l1
bW(il:l.Jli bb~TI.1l11JmjEl'W 1'WJi11.J'lHrutJ 1(l1UN1U 1 VlnJbb~l'lJ'lH 11J1HrutJn'l:-:vh'Vl'l.'il~fl~1\liil~.h

~ ~ '1'1 'l.I '1 9 ~
"
IP bU1U'lJ biiliiEl'Wfl11g\l'lWlVl:l.J1Uvi'111J~
biil:l.JE1
Am.h'i1(l1V1:l.Jlv~ilEl~g\l11J(l1l:l.J'liEl-J'VI1\1 hJ"V'Wf.1\11J1;'llU'VI1\l iil:l.JEll(l1v 1 t!'lY'UiilWlVllV'lJ'lH1u'llolruiin'i1:-: b 'I11'i1(l1VlmV 1U~th'Ubfl'1l~(ill:l.J":IVlth'lifl-J ~lVfl11'1'11\l1'W1.JnWi"l(;lVl:l.Jlvtil'iJ:-:ri\ljJfllV'VI1-J U ii11VVlI-J bllu1u1a; bbGhlVl~il'Wf1\l1u1 UJi1'lJ'l(l1Vl:l.J11J'lJil-.l tHu 'it-J'l::: b~'Wll
biil:l.JeJbb(l1"(Eln1iil~'V:-; i(ilEltllil'l'Jf!'I'111Vi'i)!?1V1:l.J1V d 1aJn\l , IP fifl
"
"
Vl1E1bbiim:::vf'-J'l(l1Vl:J.J1 V ff-J1Jii11VVlI\l bbfh bbM1lJi1f!'Wf'lJ11J UG'leJ 1Vi'V1-J~I\lfl ~1 u V
~1u'V(l1V1:l.JlVnbiJ'W1$1 'l\?1t'hflqJYivn~lfl~1-Jfll'lN\I'i)!?1V1mVbtl~V'lJb'V\V'lJn'lJfll11'if[t1'llMl"1eJiiI
"
NN..]1lJfll'J'VI1I'lJ~Hn'W:-;
"
fll'lN
\I TIEl\ll'lU
b8\11l'111 (l1 1;'l\l tiilolJmmYiN \l11J ff..]u 1;'lIVVll\1Vl~fl1lJ llJi1fl1'l nu

'IJ
n l'l1:l.J 'it\l fll'l~uv'W.r'WdJ'W1if
~UV'W(l18'lJn~'lJ'lln
IP 11n-J'I'I~fl1aJn\ltliillVVll\1
(1-Jbbiil11t'lVN1'W1mlJ
buhl1m,-j1;'l'i):-:N\ln\lJJfllVVll\1 mh\l1lJi1
\l1;l'! fIill b'II'J'll :::rlU !i'i\lolJ ~ ;'l"V::: El:l.J 1$i1lJ~~,,]'El ( ~
d:J 1'I'I:l.J1EJ
iholJm.)!;'l ~
n\ltl !;'llV'IIl1\1n'il:-:1~~Dal1n'W(;i
D fil Pi-J aJ n\ln'V:-: 1tlrttl'l'11fl ~l-J ~'W $ifl\l1fl Nl'1'11'lJWlll-J'I'I:l.J1 V'l1\1 '1 1 1lJ
TIEl\l unreliable bb(;'l:-;connection less 1'WUJTID\l IP AEl
.d ,
. ili." .
,
..
.. --t"".• ~
,
"
~ .
-,. ~ l .)0. : • '" ~ •
,.'{ ,
-~ .,:~-.~
."
"':.,
,.
-
4..~'
~ --
- ----
'.
, ,'",. !~ :.~ ...'t:~. .. ..
',.-"
-,
~~~
; ..
·;Fd
~
- --
..~
_..
--
---
Unreliable
~lVtl11ltl"jll'lI'lEliil
IP LIJ\!l'Jnf'lln 1'Un1"jvnL~'U'Vll\H~'U'lJEI\!-nm.Jf'l
1'Ufl1"jci\!-nmm
'IJ
ll'1 V"l ::;'I'W11.mJH'nf'l1m'V\~ltT'U

tl~l
1tlfi\!tlf'llV'Vl1\!
1","l\! 1~ LLM1~iinl'~l'ld'1"lfHl1.r,h
"
(routing) 1tlU\!tliil1V'Vl1\!
tJ'Vl1\11~1'u-nm.Jf'l'V\1E11~ 1nn1"jbL%\!n~uiiLv:ltJ\! 1'Un'Jru~jj1:lru'V\1 bnl'l';'U"j::;'V\'hlnTH~'U'l'n\! n~
"
b'1f'Ub"j1L~IEI{i:ii:lru'V\1, vnL~'U'Vl1\!1~1~ ~ ~d.J'V\1E11~ 1i\l

'IJ
n"l::;loii ICMP d\!'1iElI'l11J.!n~um1'11~ff\l'Vld'lU 'IJ
.i)i\lB1'V'V::;fi\!
'IJ
i11~ ~\!J''U'Yn
"
n d\!~l
V IP LL~11a.iiifl1"jl'lElun
~UJ.!ln €l1"1'V::;bU'U ltll~11-n1JJ.!
iil1i.J
tlf>lltJ'Vll.JlJ~l\!fl'J.!lJ"jru
'V\11J11oJim.Jr;,ltl1~fi\lbbMd\l error message n~uJ.!11:J.11~
"
Connedionless
'V\~ltJfi\! n1"j~~all1flil\!
IP 'V::;~iiam'U::;b l
'YIiiEl'Unl"j L~€l~MlJn'U"j::;'YI11.J~'U'Vl1.Jn1Jtlf>llV'Vl1\!
1l'ltJ'I'i'11tl
1.mWl"l::;:i1n1d'b~IJJ.!~lJn'U 1~J'W'V:::~IJ.J'Yi'1mh\ll
'IJ
d' El'Utl1U "jn('l'l?ln'V::;~IJ\I blJ1fl1tJm LL
bfim.J~1J1'11fi\ln'WrilJ'U 'YI~\I'iJ1n,r'Un~\I"l::;fl1:J.J1d'rl1'1Jg\!im.Jf>l1!ii l'1r;,ill'll'ld'lU lVl~fl1tJU\lMIJIJ~

'IJ
LLiil::: "j1n('l'lmd' r:l1'ud\lo1JlJJ.! b iiln'U

"
1~
L d'11J1"J'V:::MlJfl1tJ~h\l11il1~
IJtJ1nfl'\I'1iEJ:J.JfH~ill"jn'Y1'11~"y'U.yj1il'Y11'U
"
1tld'1l'l1'l1Jr;,"j::;~U IP bb~l ff11J~MElfi\ln'U~11J'W'YImtJfi\ln1"jLfilJ~~mL1J1JiilEJ~l'1iil (VJ~I'1r;,) LLMfl1"jUlJn11
1:J.i1'1f('l'11J"J~\l1
'IJ
~IJ\I'Vhn1"jME:lfn1J1'Y1:J.ivlnl'1'¥\!~'V::;1'1Jt'i\l'1iIJJ.!iil IP vn~lbLnJ:J.J b~lJff\lbff~"lMIJ11Lfl'~'Vbbf>l::;'V11fl1'i 1
CIIJVlff1tJIJIJn 1'W"j::;~1J IP n"J::;~~n-n€Jd.Jf>lLv:l1J\I 'UVll~l bbfldJ.!L~tJlL'YhtT'U 'V::;1:J.1~~nl'll~l bLm~ bbM1

'IJ
'IJ
IP jjfl1d'bfilJ~MmLUlJ
connectionless
l1'UfiEJ'YI1n1'uL'i\lo1JlJd.Jf'lNl'W 'V::; IP
"
'IJ
§'U~d\!ri€J'U'YIU1'Y11E1l'l1~m m"jfi"l~
LLf>I::;"l::; 1a.i~11Vl1$i1LLflJ:J.JbbMf>I::;5'U:iJl'I'n~a~~'UM'U'YI1EJ 1:J.1E1~1\1
IP ~8\1'1'11Vi1i1b~"l?iE) Yl1md'M8ff1tJ 1tlU\ltlf>ll1.J'Vl1\! 1'111~bbfhci\!o1JlJd.Jiill'llcihbLn'i~J'U ltl 1 'IJ
"
1Vifi\lbb~lnClIJl'liil'11.J1J8n dJ'U8~1\!ih~EJ1J ltl 1J1'iJ"J::;iinJru~Vl b'Vli:i8'Ul1 Vl1~1 urnu ME)flJru'1JE)\!
"
IP i'ln1"j~E) iil'l"jE)~l\1~1J Lil €l\l Lb~::;:fl1'l11~aJ.!~'Ufjr1'UJ:::'YI11\1

~i'l m"jn'i::;"J11J'1i8~iilIJEJmU'U'YIiil1tJbL -wmnl'l bLf>I::: L~IJ
'IJ
Fragmentation
u V1" n bnl'l d \! (;\ltliil1VY11\!

MIJ ltl)
LL~l"J ::;~IJ\lthm"jll-J
r1'W I'lf\l'YIii\! l'l1l-J~1 tl1U ('V::: Jnm V~::; b8tJVll'UllJ ms 8n I
~\! bb('l'Vl\!11 IP 1.l1"J::::flm1l-Jal-J~'U£n'W1::;'YI11\1(;l1~lbbn"jd.J
u Vi~'V~\I
bb~11'l11J.!~~~'Ufj 1'UVl1~1 urnu
~\!n~11:n1'li1'l11J.!a~~'Ufjn'U'l:::'YI11\!Vl1~1
bbnJ~UMB~l\! lVl dJ'W1'I11~~~~'U£mtJ
b&i n'ULbMrl'IJ nm::;'V11.J1J1J m n"J1nn'U bLiil::'\..hn~1Jm'll~n'U n1"j'\..hi8J.!f>ll'l1~1
1'YIa.i1 dJ'WVll $11 '11 bbnJd.J &itJl b L 'Vli'lIJ1"!b~~ ~1'1f
bbm~~'W~l
bfilJ:J.J lEJ\I"jl~r1'UbbMIJ~1\11Vl oJi€l~iil'YIl!\!l'll~l
"
umu 1:J.1'1i'1 dJ'U~"l::;Wi8\!
d\!bVltJ\!l'lf\!b~1Jl
'YI1nI'l11J.!1J11Li'i'Unl1~"J::;t'i\ll~'UbLMiil::;l'If\lJ'W
l'I1Wi1Lbm~iil'lm"j(]~'V::;Lbti\l~8tJ
bvi€l1'11'1J'W11?l'1J8\!Lb-Wmnl'lii'1J'W1Vlb'YIm:::ffd.J 1~
~nni11'1'o1~ 4,1 bbfll'l\!1ViCi\! IP Header '1J'U1(9)'1J8\! Header lVltJtln&i"l:::l'J'1J1..n~ 201Ull1 IP [Jml'Ul'Wmru~i'lm"jbVim&i~IJIJ1.Ji'W1J'U
IP Header "J1nm'l'ol"J::;bLflVl\lbtJ'U'ViIJ'Wf>I::; ij~ M8 32
1UM 1VltJn1'iff\!o1JlJl-Jf>I"J::; u ~ b1tJ\!~ltl1U 1'I111JWI"jnri8'Ubb~1~81.Jl'l1l-J~11J lUll1rIl'l1tl fflU1'Wb~(9)bl'l€l{iiI'l11~'YIl-J1tJ~\!n
L'l'l'Y1~uiB~~ bLMiil::; ~
II.
'''J1~:;jj11
repliP
zllYi 4, 1
lP Header
4-bit version
14-bit headerl length
8-bit type of service 3-bit flags
16 bit total length (in bytes)
16 bit identification
8 bit time to live (TTL)
13-bit fragment
offset
8 bit protocol
16 bit header checksum
32-bit source IP address
32-bit destination
IP address
option
(if any)
~ ~
data
TCPIiP
iJlil.
4-7 Header
I'llllJrJll"lJEh'll1'lt'H.Vlfl1
1(p]1n~i'111lril1lJ i:lflmJi'WI'i11tJfiTt..nj'V:::
btl'W 5 20 1t1#1'
Length
YllJlfJfllllJ'l11'l11J.lEl1111m.Ji'li:l"lJ'W1Vl
"
5*32
Ufl
Yl~mvhnu
iJlil 8-15 Type of Service (TOS) delay, Maximize Throughput: Maximize reliability, Minimize Monetary cost lVlD Hhtl'WM11i"off1Vfb'lbf1iJ'MVl~'Wh
lWnTH~EJn
b,1 #l'iiDl;l i'l bbM~:::(in $11b1n'llJ mjl" 1 'lnf11J.lil'V'1u'W llJi:l n1'l'thfil'W-d 11l1oE"1'WLbMmh" 1Vl Ulil 16-31 Total length blJ'WVJlIl(ilYiuflnVl'1..,!1'W1u#I'".r"YllJVl'1lD" Ul'l'lJfI"VJ~~-dmrVl"11'lJ'Wl(;WmJ.lfJll'liEll;l~'1Ifl\l 'lJ'W1Vl1Wi~,,~Vl 6553511J#I' IP Datagram (ij'lEJ'lJ'W1Vl 16 IP VllW11bbn'llJ'V:::ij
11\1 bbirl1b'l1'V:::fl'1J.lTlTlfi\l'lifllJi'lb'W 11J(iI LbMb~El1iElJ.llllri nci\llll\llll 'I'll m 'lci"
",
off'WEl~n1J'1I'W1Vl'1lD" MTU 1VlEJ,tl11lbbih
"
"
1 Vllriilbbn'llJ 1Wi~\lfl'(p]11\1 65535
I"Ir,,~:::51211JWi1'W
, ,
'V~.,j
il~&i bblll:::U ilvr)'j~ bl'l'B''W billbElil ,cil'W bYlillil'iJ:::ftl
""
billbtm1'fll\1 n'V't'rln u 'l'hn blJ'W(iIriau
",
~"
"
"
fl\l'li f1lJi'l
1 Vllliiluml-J
VJ~ri1-ddJ'WVJlIl(ilYi<JlblJ'WYi'V:::WiEl"
'l:::U llt'W'VInVll$11bbn'i'3.J iJGl32-47 Identification iJlil 48-50 m'lan iJlO11-63 5 Fragment offset
bVlfl'lh 1Vffl'lm'lrirlilVl'lim.Ji'lilDm.n1M
"
dJ'WVlm Elblll'll'1lD\l (»1 Wi urrs l-JYifl" 1'Wm ruYi~ rmm 1 bbn'i'l-J bblll:::'t.l1n ~1Jl-Jl'nl-Jn'W 1YllJ" :::i1(ij'll:l.J1'VlnVll
:::'11El'1ll" VllM1f W11 rnu u l&imn'W
"
1ii1'WnTlnlYl'WVll'1lbbYlU"'llD"'liDl;l~
b'W 1 [illWilbbm:I.JYi~mbVhmJ.l'W#I'
nff1JJ.l1M D b~fJ"n'W b'W1'11 bb'VIU"'ll€J,,'li€JJ.li;.rYirln~il\l
"
"
4 ; IP ; Internet
protocol_.
"':.1aI';\<'>--
-,,~
- --
---
--
fi~ 64-71
Live (TTL)
Time To
djuYJI'l~Yinl'f1Wil~lU1W'lt-l~\I~l'IYi(il1~lbbnJlJd'V:::rlnbdl~ 'lI ,
'lI
(route)
bViau a-l n'Wii1'I1l'11 t1llbbnJl.JC1L n 'il1'i11l1l'1 U l~:wYi ~'W'fl"?I t1l1VI'llli'fl"l.Jl1ti1 \ 'lJtJ\l IP Yi'Y:::~m'ill'i1llL~a:'1'vUnlT"I::;1i\lllmv'VI1~ ~\l1U~l\1l'lt\len'Y
'Y:::iJ\I'VIlbi!i'W'I1l-l1~1~ TIL 'Y:::dJuWll1J€ln~l'W1'Wff\l'fl"t'I"lJEl-ln1'iLdlWi
",
'Vllnl1~1'Wl'Wl'lt\lYi\?llt1l1LLnJlJClm'ill'i1llb'l'hn1J
v
TIL LL~l!J\ll~1i\l
tJ~lU'VI1\l n1'I1Yll n1dVl1Elllt?l1 ~1 LbnJlJd1f\l Lb~l LL n~1J:I.J1 ~\I !J\lIilU'I11\1
":h
Time out ~am.Jt?lb1mri€l'W ~,:nitUn1dL'llWiN1UL'ilblil€li
1 I'lt\l
~1 TIL 'Y:::~t?lt'l\l 1 'Vl1m~€l~l
TIL 'fl1il~\I'Y'Wff\l Ob~€l1l'1"fft?l\l11
l'Illillbbml.J,xu1'11~bmmtJbL~lLL~:::'Y:::1~f.lm'llWiiin~€l11.J 'lI
fi~ 72-79
Protocol
mh.'l~1t1lnrlTJ11.Jbb~1-1h-l~u":hirh.bll'lfltJl'l~mJ'VI~lvWllYienAv lWn1''lJu~-l'iim
r
IP
"lJ
. J1'l!K\I,_T,.lbvlD,:::1J h'iim.JI'lYi IP ril~-lt'i\lD~ddJU'lJD\I q 'iJ 'U b'liU TCP, UDP, ICMP bUUlIU
11.J'illilflD'fl8:::hn~a-l'i::;1J11h"rVJt'l~d ,
ii~ 80-95
checker
Header
LU'W &l'WIil'il'Y ffEl1Jl'llll.J f.lnIilEl\l"lJEl\loflm.J'fl1 Le1t?l U L\?I€I{ ViDu€l\ln'W rm L
ii1'li-li€ll;j'fl~\I'Vll.Jt'l1'WlilllillLLn'i3.J
N t'I~~l\?11'Wm'i~\loiiDl.J~ "
~\l'Y:::iJ €I\lnu b~'l'n:::ofl€ll.J~ 1'Wb~Vl Iil€l1L L yh,x'W
"
ii~ 96-127
IP Address
Source
~€l IP Address "lI€l\lN~\lofla3.J~\?lllillLLml.J

'lI "
fi~ 128-163
Destination IP Address IP Header bU'W~lual~ruYi~Iil'1J€l\l IP Iill1ilLLWH.J
ri€luYiL'l1'Y:::Anl!ll1'i\l'litJ\l11\lLb'fl::: Lb~l'Yln,x'WL:W€lbl1'Wm'lhl.J~ r1lwil-l'111.lbLwi~::;VJI'l~'/JtJ\l IP
'Y(i)1.Jn'jld€l\l'lJ~}..'JP ~lLiJ'W~€I'.'Ibofll1~m''l'l'h\l1'WtJnti1''l1El\l IP L~uritJU I , Yi,:::W11JIP n'Y:::'fl"ll.J1'lblUfl-ln'WLb~:;L ofll1<iJn1'lh3.J&iJ'W 1t1l1~vlmrn
Header ~1'WbU'Wn'fllnYiI'l11JI'l3.Jm'lbA'W'VI1-l"lJa\lVll111 bbn".il.J11.l'VI1\ln~1Jn1.lb~m11m Hitlt'lll'1fl€l1"l ,

"l:;n'fllU bU1.lbl'l~8\1:i'1f11'Wm'iun'in 1t1l , [l1'j11jYi 4.1 ~\I bWt'I\l t'il'WllJ":::nfl1J'lJ€I\l alEl\lHill,:; nuu 1Un1dl bl'l'll:::Yin1J"1Jn'lnbfflJa
J":::W11J~1\l'11'W b'ijcPlb lin
'f1~mntilNl'lnd:;'VI1JwimUl'VlmV
..
IP Header ,x1.l<iJ::: biJ'W~U~l'W bb~:::al~t1..!Yi~VlYi"l:;

r11wil\1'1YiEl~1'Wb~VlbVl€l1f11'Y"l:::~\l N'flYidlt?l~'W1U
"
1~ W1\lJuunlbl'l'il:::'I1Yi~l'll''Y:::''lVl~l
IP
Header 1Vi1al"l:; LiJ'Wll'i:::lU'lJ,r€l~l\lmnwi€lm'il
bl'l,l:::'I1!1ifl 11l
'VllmJfJ'l..m~1J1tJ1U1J'I1Yi 2 iI\lnrll11'i\ln"lnd'il.JYibiJ'WiffrunJ1rurn1J~1l.Jbl~1 ~~ , d'Juiffrurulllil'll1JfllJll'J:::lil'l1'f1if\l ~ , 'f1~n~ Bl'll1Jfll.J nW:{1J-~\lofl€lffU
IP Header nU1J
bbSl::::W'Vl'W1Yi
b'dfl\l~ln
IP Header lliltlWlllEl\l:nlalbiJ'W'iiflff'Wl'l1rl
b'l1f'!~dl3.J a ~1t..!t'll~1
Lbn,lJJu
IP Header "l:-; n nH'hJ1unl'i
"
Demultiplexing
biJ'W'f1~n LViavhn1dffnVlb€l1ofl€lffUb'VIAD€ln~ln
IP VllWl1bbn'Jl-.Jn1'it'i\liffqJqJllli
Al1JI'll.JYi eJ l'I~Sl1Vl b 'liUn1diJoflm.J~1Jl-lW'flM , ~ 'f1~El Demultiplexer
'Wb~Vl t'lfl1biJUr11Yi ~ t'lllnti1 fJ1"lYll1 ffillJ" bbnJlJf.l€lt'ldl1 ~ b
"lJa\lM1Jvll\11utllilb~f11.l1"l1lb~:;'VltJt?lYll\l11.l1al
"
• tl';J1~1t1J1J
TCP/JP
lWflml::;l.ln~
"i1w~I?1(;]1.J'11t!b!'J~ b~fl{~::;~nrh'l1t!ti1~t!
1 t!.fft!ti1fl'W"lIfh.'lnT'i Encapsulate
bt1fl.J~lmoi11 t!'I1~1 ~ '1W~ Wi b1Jw:.Ji'l~lnn1"jr11'W 1 rumn ti1'lJfl\l-llm.J'l U~::;V\liiU1.J 1'11~dj'WlIllI1l11~flfl1J i 1"l11:IJrJn~fl\l'lJfl\l-llmJi'l~h~
'l'nnn1"jvll.J1'W"llfl.J 1tl'lbbm:IJb-1i1"il1Gi1Vl~fl Encapsulator
"
"
n"j::;mt!nl''il'l1'W1rubbi'l::;n1'11'Wti11'111t!brll'1 b~fl{-d~::; dJ'Wlu1~~elti11 'W~~ dJu1l.l[)~l\1r1naifl-Jbb~l
"
rJn~fl.Jti1"j.Jti11:IJ 1u"J1ti1l"lfli'lbGil:IJfl ru~1'111'Wb!J~bti1€l{N~tln~,r'WiiI"l11:IJblJt! m
"
1'i11'Wbrlti1 ti1fl1~:': b
"
11.l1JimJ 2 mru~fl
Encapsulator 'Vh,'ll'UNVl'W~lVl Dl.lmru&€lfll"J ,
bt1fl.J~ln
Encapsulator
n~[)hhbbn"jaJN\lfl~nU
"
r;il'Y111Jmru~blJ'WDtln"iru ,
TCP/IP vrl11.l'YI~Dm~~:.:dJt!
TCP Stack
"
1'W"i:::1J1JuliU~n1"i 1'Wmru~ bil'Wb"'~fl-JI"lDm~h b~lfl{ ~.J 11.l"jbbn"j:IJ b'YIl;'hflnm€lnll;f~~::; n ru ij~'WaJ1fl~l\11l-l"Jfl1J"'f11J bLi'l::; 1'W1Jl\1nlru fl1~~::;l'll'Wl ruiPil b!'Jti1~ D1"Nti1'W lt1f b i'l1~ ...
• n1'a~~
hlRfil'viN~'W~l~~"
l'Ubo~bl'lil~bvJm.j~~lu
-llflaJi'lvh'Wn"i:::u'":lt!n1"i -u n,::;1J1'Wnl"j
Encapsulate »11:IJUnM bb~~:':b'V~'W1u"ibbmaJblliml~1.J
1'Wmruflurlmnfl1v::;
ll-llJifl'\I IP
bl1Nmnti1~'WaJ1 bfl.J 11'1~~ii1ifl:IJi'l1 'Wb!J~ b~€l{dJ'WiPil NI'1uils n'"llnl.ln~h Demultiplexing
"
vlfl'l11\l(}.i[;l
Tv!
'llfl.JN11Jvil.Jl'WN~l.ln&iltl~lm~aJ
"
I Routing P
IP Routing dj'Wm::;1J1'Wnl"j~'W'I11 tli'l1~'Vl1.J 1~~vht!n1"ifl'\l(;]fl'lJD\lfllln"iru Wh1ifll;jWvdi\ltli'll~'Vll\1 ni'llnr;il~qJ~vi11 b~ml1\11'Wn1"ifl'\I vh'W-llflaJi'l~ln
,...
IP ~mJ1t!b{1l?1b:Hn~\lv::;'lhmlt!vil'11ul~fl'\I~fl-llDaJi'lltl~t!
"
~t!'Vl1.J luv.J~'I1aJl
"
Vi
IP b:Ut! 11'i" I?1Aflwffl'Y1'rU'llt!Gi.Jiifll;ji'l111 iT\lilln'1~1 u 11 IP :ilm::;lJJWm IP Routing dbD.J ~\lV\i.llGil'W
hnut!il'Wbl?lfl{l'WI?I~&1~GII~, 1'W"llru:::fl~fln1"j'vi
h~
GII~'lJfl\l IP Routing ~fln1"JV\t1f'W'Vl1.J bW:::1.li'l1~V11\1'lJfl.Jnl"i&€lGil11,r'W b 1t!lJ1.J1fln1G11(;]1.JnmJn'WbbGII'W
"
lnfl
~GII~-llDaJi'lnfil:IJ1"irJ~\I n.Jn'Wlt1f1u;lG'll el'W"il ti1 bU'W~i.lleJl'I~'''j b~,
lnti1~t! ltli'l11n laJml.l"j1ti1I"l[)i'l IP ~'ll1~'lI'WGi\liDaJG'l1111J'Wll"l~[)'li1fJfl~1\liilh::;~'VlJjm'W m:::U1'Wn1"J
n1'~flffl1-llf):lJi'llb(;]i'l::;rl'r.J
"
-llf)aJi'lv::;JiD\lb~t!V11\lvh'W 1A"J\l'lil~el'Wfl~1Ji1J-Ef)'WaJ1nm~
"
bb~1'W
"
iJ 11"l'i"\I'lil~ilt!
ll?l[)1 1uti1I"l\lll-lfl1'"1 nldl'lh 1vn\l
IP Routing ~:::'ll1~ 1Y1b"ilb-ll1hl'lruGilaJU~'lJe1\1~'Wbti1[)'!ilUti11tlid'j'W[)~l\1&1 n'i":::1J1t!n1d , bbi'l~1ti1~l-J'WDflaJl'lJ"i 1t!Dt!~v::; 1 Y1m:~rmn'J

. ..::...,_."
'1.1
0 ..,. I"J I <:IJ "'"
"
IP Routing ijltli~nD[)ml1J1Jmmh.J'1l1qJUI;'l1ti1
I
1u
n11'lJ'Wfi.J'Ile1l;jG'lVI~nnl"j'W'W~lW'lJ€l\l IP Routing b"iaJ~'Wti11~'llflnlVl'Wti1'Y1b"j~1J.J1~ti1.J'W
'V
IV
Jf
iltJnsnimlilUi U11I1Sn
w
-.)'lllt!nl~lu'W Host
2 u"j::;b.fl'Vlfif) lrlfil?1 bUt!Dl.l n"iru~vl1V1ulvi1lfn1
b'11 ti1-iie1:IJ1;'l1 'WmrubU'WNGi\l VI~e1v11'l1U1~-r1J
'"
...
1iflaJi'l11.l1-E.J1'W 1'Wfl"jrub:U'WN11J nl"j&€lffll-llflaJi'l1ti1'1'1dlil.J
1rlff~U1J\l1~fftilbGllaJe1 ci'lVl11J IP Packet bb~11i€l~i'l1t!l~~bti1€l1~1.l"ilnDe1~1'W
'"
'"
"
dJ'Wn1,~mn'i"'Jln
VJ§l1?1 Source Address bbi'l::: Destination Address '1i\ll~tJnl1
IP Address
~:::blJ'W'I1m~ bl;'l'll1:::1J!il1bb'l1i.l.J'lJe1\l1rlGlltiliXt!V11\1 1!'Jfi~1li'l1~'Vll\lb 'I'i1J'W bbiil::: ,
4 : IP : Internet protocol ••
Router
L11b(Plil{d~hjiltJWH1rG'i'1r1fJJmh.,jd\l~hl'l'hJ IP ~"1::;'Vh 1Vim"j'lJw~\l'iim.Jb'HlJw , ~ ~ il~l\ll;'l"l-Jmru ~ b bi{nVl\1\1 U(Pl b'iilcihwlW b11b(Plil{'VhvI'Ul~WnT;l~\l~hwojjill-J~"IlnbU(Plbi{m'l'd\lhliT\lDn ~
hI
iii bbVI'l1\l'lJtl\l b11b(Plil'h::;mJl w"J(91~1iil:J.J b Mil1::;wh\l

'U ,
G'lil\lb L U(Pli{n
~hU'iiflrllV1W(Pl"lJil\l IP oiitl:J.J~"J::;~\l1uD\lnw1(91uM".l\l'iil:J.JdjVlbi{n1jJ
1&1"J::;~il\Iil1«m "jlb(Plil{dJWN'VhVl'th~fl\l~hw'iifll-J~
"
"
1u1 Vi ~\l,rWbUMLi{n'llfl\l
IP ff\lLbi.l:n1&1Miln\lnw 1w'Vll\lmUJll'WbbMfiG'llm".ln~ilG'l1".lnW 1cli1(;1UillRU b".ll btilfl{dJwLil1 b1ifll-JU".l::; Q!lWboiil&l1Unw rim.JyjV::;flTIU1Un~1m,jil\ltiiW'llfl\ln"i::;1J1wm"i 'r'Iit\lyjb~u1'iiil\lnUn"i::;1J1'Wnl"id'WilblJ'Uff\l b t1fl\lvlnv::;ij IP Routing 'llfltlTI1Jluff\l"hwG'i'1r1'1Jiln~1'U
b'lltJbV;fl'Yh~11mojjl
1"11'Ub~il\l"lJfl\l
IP Routing b1iiUr1ilW
msn ~11 ff\llw~1Wd'WtlG'l:l.J~1"it!U~ tl Network ("ilU~::; bDU(91"J::; tlTI1J1U 1Wfl1UMfl1tJ) bUMbi{n1uY1dv::;n~11fi\!bQ'Wl::;bUMLi{n1wFl11:l.J'r'I:l.J11'J'lJil\l IP (IP Network) b'Vhttu 1jJ"i1:l.Jfi\lbU(ilbi{mJ"j::;bll'Vl~W
Network
1u
IP tt'Wv::;nm"i"j::;U'r'I:J..Jlm~'lltJ"i::;.sl , L(91U IP lw VI'Il\l'lJfl\l
1!lG'l;]l(91u '.11 Address bllim::;Ul'llbbVIti\l'llil\ll~hJ'Vll\lbb~::;U~lU'Vll\l 1 IP , Address ,rWWEJnvln"J::;"j::;Ul'll bL'r'I'Il\!'llfl\lL!lG'lt'1uih
iT\! Hh::;Ul'llbb
bil(Plbi{nffi!lG'lt'1,r'Ub1imJMEJ~~&l1U ~\lffitJ"il(;1~EJ~ IP ijn"i::;~1'Wn1"iyjv::;bbun Vim Ub~'lJlld::;~h~1'lJEJ\ll!'!G'lt'1 ::;'lJEJ\l i{nmJ n"nnn'W b'i'im'h 1Viflu n".lru us bUMb ,k\!VI~l UG'll:l.J1"im'ivT'H1.n 'WVlw~11v::::~\l'i1m.J~~lMum,r'W 1tJ1'W~r1'Vl1\l1(Pl 1&11
"
"
EJ~l\lhfiMll-J bittl\l"Jln
IP tt'UblJ'W lMFlil~~E1~1 'WbSl ltJ"i bUEJ{QI\lV::;~fl\lillRUm"ivll\llW~
G'lfl(;IFlJiEl\ln'W'lJfl\lltJ"i 1MFlfl Sl~ a ~1WbSl bUEI{~lnll
~EJ~~~ ~mh'r'lw(91~u btl\l bb~::;EJ1v ~ uutul IN\l1~(;Iu:01&1 fl~(91nUEJUfldru'Vll\1 UllTV'l bbMEI "i nl ~ m ~1\l1
"
t?11 I'J
'r'Im mIN'll billlib i{fl'lJ fl\l IP bU'WI'i1Y1UW b
"
"
"
fi 1lI1:l.Jfll"ifllV1WMVI:l.J1UbSl"lJU (Pl L bi{n'lJf:J\l b~bUil{~l\1~hm'1i'Wnu

'U
IP fi.sl bUW~il\lG'l ill'lFl~ E1\11J'VIl-J1U btiM b n bSl'lJ i{n'llfl..:J Link b~bUEI{'ii::;b1iEJ:J.JMEJ
t!W'Y!mUFll1:l.Jl1i'i\lbbi.ll11Ub~WEJ{~~lfll1b'1iw
"
ff..:Jn'WEJ~l\1G'l:l.Jmru Miilijn1"irll'r'1'Wl'Il'll'lJfl\l u 'Vll\1nffunufi\l mJnfll"irlTI'IW(PlI'll
IP bUMbi1n 1jJnfl~EJ\lfiv:::: ljJG'l1:l.Jl"iCl~EJG'l1"j1~ 1'W
IP LUllIbi{n~nfl~fl\l
"i::::~U Link Layer fi1jJG'l1:l.J1dn~E1G'lTl1~1L'1i'Wn'W
"
bbM bUMb i{fl1jJG'llmdn~E1~n"iii\lnu
1~'U
Hann,swu~,uuall
IP Routing
IP Routing
[08111 Default Router
fld::::1J1Wfl1"i IP Routing b~:J.J~'W~1UVlffn~'W:llW~1~G'lff1J'TIu'.11flWbbSl::;L'lh 1"11~1lJUlfl~El

~yJiit4.2 mdf)!'iltl~!~'fI,lJi'ifJ
U!J!Jyi?llil'fl"ji1l
Q
•
--
--
EJ
g
Host B
. Host A
'i1l~rl"1ll~U'Vll\llb~::;tJSllU'Vll\1Milii\lnu1~mlll"j\lb'1iwfll"ib~m.JMElbbUUv(91Mil"l(91 (Plll-J~U"ilfln
"
::J
1wm'V'l~ 4.2 IP iJEI:l.Jiil'r'l~fl(Pll~lblfl"j:l.Jtt'Wv::::nfl~\l1uiT\l1!!G'l~USllU'Vll\1l(91UllI"i\l
"
••
'~1~:t1JlJ
repliP
2 3 4
fil1!'1~~~'W'Vll-Jlbi'l:-;tliill~Vll\J~ilb~m-l~1~D~1'WbuMb1im~~1fl'W
b'li'W 0bljf){bilM'VI~a
1'Vlb~'W1..J W1-JbbWM-JL'WtlTVfV1 IP I'n$hUml-Jn'V:::rlnff-JhJilI11!'1iilr;]tlfll~'Vll\J1\1]W'I'J\J 4,3 ~ t'h1JJdj'W1tlM1J.Joi1D~

qJ
1 usr
2 IP Wl~lblmJ.J'1:-;blnff-J1tli1\1~y,jai'l~bd1lLilEl{
qJ
lvi8vllm'Jri\l
~EloiiElJ.Ji'l1tli1\1tli'llfJ'VI1\1~El1tl b~8b'JlbLil8fla1r1J IP t,nJilbbml-J"nn1iD 3 bbfi1(iJ'll'ViilD1J(1J 'VIln'V'J1J111!'1~~tJi;'llfJVll\J~El
'ilJ.Jmi1J'WbilM bl{m~fJ1n'Wn1Jb
'il~n'Wilr;;j\lWll~hun'l-J1tJ~b'JlblilEl{~h\ii81tl
"
'l1 llilEl1Lr1'vllnTl'ri\JWlllihUndl-J
"
1tJm,m~tT'W
mn 1:!.i1~\ii€l IP
bbfl:::ntr1J1tJ~'t1WnD'WL'Woi1D 2L'VIJJ 'V'i.Jnll
luff
'i'
4.3
nTl'i'tJi'll,jU q.,... ~ r
~u"wnn'Ywl'iJ
(Shared network)
&l~ ~g
Host A
.......t ~ l...;;d
tr ...
Ml ~l bbndlJ'V::: btfi'W'VI1-Jn-J1l i'll~'VI111'V1~El'VIlJ(1J fllL 'Wnl'Jri\l b1
. ...
Host B
:i7:wlu
li1
~
Host C
tuff
4.4
tn :rtlm'i 1:r:i'~u'i1-1
2lumf5fn
Network A
Network B
'VI1nbill'lbi{niiLfhN
2 bilLilbi{nb'VI:il1l'WL'WtlTIN~
4.4 :ild\lu\l6bI'i&'i'\I'J€lfil~l".illLil€l1nfl-J'V::: 11nnfl\J'V::: 1:!.iU\J~lnmntTmbi;'l:-; ,
bW~-J'V'JeJ biil:::nl".ivll\11'W L1.1 nl".i ri\J IP (1Jl$illbn'll-Joiilm:::'VIll\JbilMb b V"hllll'W hJLilllJoK'WLileJ'Wo]Jl\l(;]'W'VIInrff-Jlnl'l'V:-; b~'W'il~1l 2 ~\I~D
".il birleJ1beJ\ltT'W'V:-;ilLuMbi1n~~eJ\I~(1Jr;iD(iil~
Network A bbi'l::: Network B .fl\Ji:j'ViI'l'Vll\Jn1".ibfl~€I'W~'lJD\Joi1€1l-Ji'lbVhJ"""~'W'VIl\I"~Vl hJllll i'll U'VI1-J'lJeJ\l-lieJ:IJfl'V:::1tl~1\1]'VIln:w1'1iil u1'W bilLill i{m~
i1l".illirleJ{b 'i'lu\I~'Jl&'im
"
I'nJh bbn".i~~-J'VI~l'In Jia 11 ~ltJ b".il bMil{il U ff\J oi11l-J ULilll{n b 1 fl.r\ll~unll
1 elmJ (hop) btl~~1Jbiil:ilDtJ'i:::U::: 1tJnlJ'b~'W'VI1\J'lJD\JiieJ:J.Jiil 1 !'IeJllnn\ll!'1iil~lliillV'Vll-J
"
ml'l~1JJ Ail-Jvll nl'llbl'lJ'1
"
dU(1J '1 m'J~ (Onliil bbm:;.mnri\l
"
Ul n'Wlbilh
~1mh-J(jnJilbbm:J.Jbtfi'W'VlWvlnl!'1iil~AtJ'Vn-JbW~\l b'Jllirldii:ill'i'lU\lff\l11lbbiil:-;ff\lnfrm:-;'VI11\J
m'Jri\J\iiEJoi1EJl-Jiill(iJu
qJ
"
'Vlnm'V'J
"
Network A flU Network B bvhtT'W bbliivnm:::u:::'VI1-J
4 : IP : Internet Protocol _ •
ti\l1~t'l'\ihJ~11.J'Vll\1'1:;Wlthlb~t.rvnnnnn--h
1 ~mJ bb~1 b'll bl'lfl1n'l:;'I'11\11UV\ll.JlniuoVm.lllUb'IN'l1:; ,
y'
'I:; jj dll'l bi1 n ~U '1ViLaJ1v1 fl:J.J§jfl1Vll.Jl'l'l\l bb~:; WI fl\lci \I'iJfll.J iil r-hu b11 bl'lfl1'1'1~11.J u iil:;:W'VIe iu b~ ( clh
bWU'Vll\1YiVllW11 LLn'l:J.J1II1:J.J1'lm~t.l'vn\l1tl1v1 1?1\1,rUnl'lfl\l(§jflVllv11 bLn'l:J.J'1Jfl\l bl'lfl1~\i dJui1'1~l.J b 11
I'hilqjhlnl'lri'1'V1Ul'ltl1:;~'VlEJl1'IN'lJfl\i
EV# .~
IP Routing
ntJ"I'JIflJ.Jfilfln1.J'll'i)"
..,
4.5
n1'lb~U'Vll\1'1Jfl\il'llW11 bbn'l:J.J ll'll.Jn'l:;munl'l
IP routing ,rU'I'11\11UflVUU~t.J'inU'lJfl\ln1'lci\l
on fllJ
Lvh,ru
"
iilViiil:; mnJ (hop-by-hop)
fi fl b'l1 bl'lflf
"
bfl\l"l:;1'll\ilUll'll.J~~ ifnYi(§jf]
'I'I1nhlllWitliilll.J'Vllllil1WiflV1UbU!iH
b£fl:J.Jflvn",:;'I'11n1'liil'\I'iim-liil(§jfl hJBn~mJl
"
n bU'IN1:;blJl'l bifnYi
(§jrlfl V nucli'l Lfl\l
..
"
...
Vlbbn
b'll b>'lfl1c1i'l(§jfl hJci\l(§jfl bLiil:;nfl11~:J.J l'l'l'l1l1Yi(§jflvl1W11bLn1~,ru bb~db'IN'll:; ci\l;fl'iifll.J~ Lbill iil'1'IH:;l1\111iilll.J'Vll\i'l'l~fl1lJ,rudJuBnb~tl\l'l'lti\l il-.y:;ci\I(§j fll'll~h
1tl b~l.JU~tll.J
bLiil:;b'llbl'ltlfcli'l~U'1VitlV'l:;'VI11\1'Vll\1nb'liunu ...
\bn'l:lJ1tl b ~tll.J '1b 'liu,ru Viiil:;!:l fltlVi iil:; ~tlll-.yu ni l'iJ::;l1\1tliilll.J'Vll\1'1'1~ fl'l'll.Jl'l b iill d
b~tllYind::;1Jdum'l 'llfl\l L'llb>'ltlft Vim nllum111
IP Routing ~1 Luu 1tlflVl\1:wtl';dl''VlEfl1'IN~\I:nm'l'

fifl lun'lrilffi!:llllWitliilll.J'Vl1\i:i11v1tlvl
~l.Jl'nl:J.J 1II1:J.J1'Jfl mJnucli'l btl-.l,rU
bb'Vluvi'iJ:;1'll nl'lci\l~fl'iJfll.Jiil1tliJ\I~WEJiilWib lliilll.J'Vll\111fl (1ii-41U lu!mtll vYill'l LL~1~\I'I'11nl'liil'\l~ml1v11
"
'l1 bl'ltl1..r\i'l'l:J.JVl ill VlL'l1 bl'lfl1'1'11n1'lW"Il'Jrul bLm:l-JlrU1tlv-.l b 'Jlbl?1EJ1viflvlnMu
"
U bUl'l b ifnYi(§jfl
"
LUl'lL %n
"
ufll'lci\i'iim-liilUmJvillll'l)
"
, "
b ~tlnW~i~\loJl
bUUWlf]\I:w'iimm 1'11 b,ncli'l b'll b(ll l 111 b il(ll L t ifn
'"
b il(llL i{n,ruYiiil'l'l
...
lVlI'l1'l-.y::;ci\l'iifll.Jiil1tlv-Jb'llbl'lflftVl tl'l:;nflUv111.JiiD:Wiil~\id
"
iifl:wm'l'l~ld'iJ:;biluEJ1.J1u!11iiJ!nlfliV
"
(Routing Table) 1i\l-.y:;
"
IP Address of
next-hop router;
'I'I:lJll.Jn\l IP Address 'lJD\ib'llLj}1fl1c1i'd~uVi(§jD1VlEll'l'l\lflVUU
"
Flags: Address bb~:; Next-hop router Interface;

'I'I:lJl Elti\l BULl'lfl1L vJ"1l'lJeN L(IlDfYi'iJ:;WlD\ll iiL ~D fl1'lci\i L'l1 m~l L~fl b'l1 Ll'lf)1il b'llWi~\iL'Vl bbflJ:lJDfln111 n'l:;1nU nl'll u n1'lVi"'i:;ci\l~ Dl'lIW11 Lbn'l:J.J<nnb'll bl'lD1 lJcIi'\ld
blj iil LL~l
cli'1'VI\1\11tl V\icli'llii Elltl"l :;W1fl\l'llliim.Jiil ...
hu 'llWi~\I
L bliiil1tl'hl.J'~-.yl'lrul(ih 'Vl
• £'il1~:::1J1J
tcr/»
~'WVll'ii€llJ~1'Wm#i~-lb'llbU~bviEl'Vn le1Sl#i1J~iV'VI1-l'7JEl-lvrl~h
IP Address iiI'11-ln'W'l'JElffinu
IP Address '7JEl-l
bbm:lJ Vlin'I'Ju-:1iElj.J~vt-ln~111 ViN-lhlif-l bbElvrbvr'JSlii'l:;UDcilu
VJ~#i'7JEl-l Next-hop router Y1'WVi m1lJ'l'Juoiim.J~ 1ViVI1(;]il1'W-1iElii2 w
"
,"
"
f1'W'VI11 'Ub'n#i~-l b'lldj~bviilVll 1J~IV'Ill-l
bi1(?JbinuElvrbl'l'iSliil'1'l-lnu i
bill'1biimbElvrbM'iSl'7JEl-l le1Sl~
'VIln'I'JUoVEl:lJ~vt-lnsh11 ViN\l11Jif-l bbilVlbVl'iSlii'i:;uavl
router Y1'UVivnn 1lJ'I'lu1iEl:lJ1.'l1Vivl1t'iEl1'U'lJaii 3
"
,"
'UVJ1:'l~'7JEl-lNext-hop
"
~'UVll1 'Ub'il~~-l
b'll bDG'lbviEl'VIl'lJ f):lJG'llIVnI'iii'i:::Uli
"
"default"
bb~:':1 'I1N-l~El11J if-l
bbElV1bV1'lSlii'i:::1JEl~1'UVJ1.'l#i'7JEl-l Next-hap n 'l :':1J1'U nl'iii ll'i:.:a'YlBm'I'JiiG'lV1 n ~ 11
router
mih :.:vh
1 Vinl1~
-l ~ a-1i El:lJ1.'l J'Wl1Jl'U Vi rI'Vl1-lii bVl:lJ1:': Sl:lJ u 1:'l:':j d i
l1'lfl"~'VI~Elbil (?J ifn b1:'l 1'U b'il~~\1 b'Yll"J 1.'l U~lVll~h b EJ b 'l'nn b"Jl bl'lai bbfi1:'l:':~l~l-lnij
'"
1V1VEllr1EJoVEl:lJG'liirl1WUM11'riEl'Ubbill1'7Ja\l b'Jl bl'lrJ1 oJ-l'l'l1n llJ'l'Ju-1i€l:lJG'liil'l'l-ln'lJ bLm:lJii-l:.: n nN-l11J if-l ~vJ El1.'l#i bl'1Elf bSl:lJEl (il\ltT'U b"Jl
"
"
b"J1W1~-lb'VI dj1.'liibln~El.,j bbill1 (1}1~1 bbm:lJ n<J:':ri n~JfiD l1Jb~ElEJ'1<J'Uii.,j
"
1J1:'lIEJ'VI1J 'UiiSl(1} D1<J"l:':~loJiTI1~Ell:JJi11h:.:a'YlBJl1'I'JU1Jut'in'I'JfJ 1 , "l:': bl1'U1alll b'Ji blllilfl:JJ~1 bUWilDJ bnu bdl~J
"
1oJi-ll'U 1al
"
b'VI U1.'l'7J ,WI dj(?J bi1nVl~El'Vl ,n '11e1Sl~ L fJJ'Il
l'
~J'VI:lJV1 U(;]"l:':fJlr1Vm'im:::"llvn'U"1J€l-loJiDm~ 1iB:JJfl1 Vitln~ElJ 'li!J

'i.I
-1iEl:lJ1:'ln"l:':Sll:lJ1'iri b&'i'W'Ill...J fiJ1J1.'ll tJ'Vl1J lal tlll Vb'VI?JilbEl...J111 'I1bi1(?J ( 'V bifnSll:lJl'lri
'I
"
1 ui 'l1 b(?Jilf'VIn'l~1'lJ'Wb ill'1 bifn bbG'l:':bb{;]1;'l:.:~hn~-l(;]El
'7JV1!.n 'iIi:lJb~j.JElEln l1Jlalb~Dv
'11VlVhj41nVlbb1.'l:.:1lJ~
ElJVhm'ibbn1'7J
1r1",jJSl~IJ"1JfJJ
bill'1b ifn
b~:JJ
ii'Wbl'1ilfb ill'1~...Jbb~"1JmVrI",jDUI'I1;'l:lJ , l1.'lnltllilUl\1'J1Mb ~1 El~lJhn(9n:JJ IP Routing hwm",j1ib'il~~...JVI'lbD1.'lbU'Ufl"J:;1J1'Um'i~'U:p'Ub'VhJ'W bdm,h
:lJll 'ii...Jl'U'I~...Jl 'UD'U billElf bu(?J1i...JijdJ'U ilil'U 11'lfl"~ bbfl:':'VI Vusu bill'1 bifn n"l :;i1rll1:lJ ciJ tnn bb~:':fl5u m iu'iiEl'U"l'Wbn'WnlT'J:':
1oJim'lb
'il~~J
bbUUu'J'J:JJM11tll ~...J41 bU'U~El-lijn'J:':1J1'Um'Jii~1J'J:.:a'VlBm'I'J IP Routing iiSl5uiu'iiD'WfJElmn'VIflltJ~1JbbUUb"1i'U RIP,
nllilbb~:;ijnl'J~~'Uln'J:;'lJ1'Unlj OSPF. BGP bU'U~'U
Sub net Addressing

1'Ul'lEl'Ub~:JJff'U1oJi11J'Jll1lI'lElfl bilm ifn TCP/IP J'WnI'HbU\I IP Address fJDmU'UbbElMbM'lfl'IJEl-l {;]mnij (netid) bb~:':bbfJV1bVl'JiiI'7JfJ...J1em~(hostid) bU'Ul1J11l1j.Jn~mii'i:;'lJ'7Jil...Jbb{;]fl:':l'li.'llSl , netid b~:JJ~'WiimviEl'iJ:.:l~oJiJl'U A bbfl:':l'lfllfl B J'Ui1m'i~Mfl"'J'J~1'UiibU'U Nbfl'U€llViiin1dbbU\lbill1lb%mJmJJl1v1'Ubbt'i1:'l:': acil-lij1Jl:.:a'llBm'I'JiiaV1 IP Address
"
Hi
bl1ElJ"llnl'Wl'lfll1il"
hostid 1'W 1l:Jfl"(P)ttll
ut'i1;'l:':bilMbifmu'U41'Ul'Ul-Jln :lJlnr;;-l 224_2 ~16,777,21411'la~ 11'lfl~tllfl"\lNV1~-l
~El1'Ubill'lbifnl'li.'llSl
A bb(;]fl::;bUV1bifnJ'W~n:lJldriii41'Ul'U
bb1.'l:.:dlVl1'ul'Ubbt'ifl:':bUmifn'7JEl-ll'lfllfl" l1'liil~ ~-lmlii~:.:th
C J'U1,nm'Jbli141'Ul'U
",
216_2
~ 65,534
IP Address m 1'iifJtl1\l'X1fi...Jll''Umtln1fl" fl"'uBEJ:JJlnii'iJ :;ihill'lllfn 1Vll 'U1flni1
bU'U11Jlriivln:lJl
n ~\ll'Iflla
A bbfl:':l'li.'llfl' B b'l'l'il:.:mEln1
-lTI.J1'U11'lNWimnmu'7J'UiV1ll''UElcimv1'Ubill'lLlfmffi1J1 Lill'! Lifn'7J[)"]I'I~lfl"
(il\lJ'U IP Address ~~Miilll1Y111Jl'Ubb~i.'l:; ~'U1tll
b'VIGhd~-l{ln l.E1:JJVl:lJ(ilbbfl:.:1:JJSll:lJ1'Jmll11Jl-E1J'J:.:bV'1lUii
"
"
---9
~. .
"
. "'1(~ .,.~" ..
-~----~-~~~ ---
- ---
----
_._---_.
nT'ivh
Subnet fieJnTmu,nw(ilbl1mjmJm1.l1'Ubw(ilbl1mIj5m~Ell'f1bbMf1::':bu(ilbi1njhJ'l
..
rwl'vi
b'Vfl.n::':~l-Jnl.llJ~ •.nruleli1l~~:fjmj
id bbPl::.:bi'J'UNetwork id fimb'Vlu~'l::.:l'f1l'il
,
'"
lCi11.1 1i'Vf5nmd"b&imnl.lnld"'l11
IP Address lJlmmtnmdJ'U
Host
Host id dJ'Ul'ilBi1Id"::.:km(;"] 1 'l'Uii-Jrlli11-Ji1ICiI nvhnTl
",
<JCilmll-J'lIil-J Host id b'VI~lth.!ElElndJ'Un~l-J'llil-JbW(;lbi1n~mJ mbb1.lnililmU'Ui1Iil-J~1'Ufiil \llU Subnet-id
fiEl'l11I'hl'U~lu~dJ'U
Host id b~l-J
bbfl:::dJ'U Host id l'14aJ ~-J'iI:::'V111Vi1Nlmd"!.l<JCiI~d",nl,lii
IP Address 1alil~l\1b'Vfm:-;1Nl-Jn1Jm,j:j[J~'"I~\l'lJil-J11"lG'H;'lt1.JbbMPl::':bU(ilbiin
~!..I# 4.6
IP Address lUI'J~I<'i B Class B
"
14 bits
8 bits
8 bits
11
Li'f'iJl'lIn1:i' Subnet
Jl1'{11~
netid subnetid hostid 0 ~~~----------------~----------~----------~
4.6 bbi1lCil-Jn1'l<JCilbbD\I IP Address 'lIil\ll"liilli11 B ElElmllUbU"Ib:HmjEl1.l~11.1ii5 ~ Pl'1'U~
Subnetting lCi11mu\l~U 'll'Ul(;1 8 i'J(il
dJ'U'lJ
El\l hostid b~l-J Ela mu'U 8 1J(il
2 Pl'lu
1(;1mU'U'lIeJ\l
subnetid
uae
hostid l'Vfl.J~i'l'll'Ul(;1b~mNb'Vf~mvbJ
Class B
b~l-J 'VI5,mld Subnet 16,382 65,532
1A1'i1.,'}V/4.7 r.J~n:r::!'JJJr;if)~T!J?!.J'1If)~mj::'1IUlm'll'iJ~!ilt?wlfmihJon subnet
4,161.028
254
Nt'l'Vil~fiil'llUl(;1'l1El'lbW(il b~l-J bll'U 4,161,028 (16,382 'illn 65,532 b'I4~mVl1.l\l

*
bi{n'l::':b~nSl,m1.'l::::fjq)'1'U1Ul-Jln~U 254) bbiil::: 'U'lJru::':bfl1.l1nwh'U1U mil\lhnl'll;..Jnld"
'Vlm&i;..J 16,382 bUM bifnn 1mH~:1'UbbMPl:::bU(il bi1n'il::':iilCilSl\l
254 1M#!
Subnet tTu1J.hhd'Jw¥lil\li'l'll'U1WlIil-J
subnet id i'l\l~1'l11.1(;]lWlJil
11.)
.~1J'hljl'ld":::1.I1.1fllm'l!.lU11.1b1.l~1.Iu 1al(illl-J1'111l-Jb'Vfm::':i1IlJ'liil\lnl'lHi 1IlllJl'lbln'l::.:vh 1t1i1Ci11.1nl"i bU\I b
-J1U b'IfU ill'l''1 :-;i'l-.J'l'W 1'WbU!ilbi1niJ tJ ~fl\l u Pl:::-.J'l'Ul'U leJ'(;'j~lJ1n~'Un 'll'Ul(;1'llEl\l subnet id use host id 1'VflJ(il1lJ~&iil-Jnld" 'Uiln'illnn1d"~1illlJ1'l(llii
IP Address 1alm.h\li'l1.l'l::.:fi'VlTIJll'{llbbfh n~11fifl
-7rilfiElnEl~I-J'Vfd-J'lIeJ\I
nl'~ Subnet ~il'If11.l1Vi1.l"i:::~'VlTI[l1'j<\jnl'~El1ll1d"~~'U~11.1 U'l::': bfl'Vlil nl'll ifmd"~Elal'l
n'l:::1.I1'Unld"'lIEl-J TCP/IP 1Jl-J
bb1J1.I1.I'ltl~1'l11il#! (broadcast) ~\IJ\.J'VflmU'UbWl'lb:.Jfnl"liilli11
b~ ElVIl nl'l~ili1l1"im::':'J1 A £\lffim-rWllt1ifi\l
v1utJ-.lVl,n '7
n
1~i1I~~El~1'Ubu~bi{m~1.Iln'U n1'l~ilNld"al11.lii51.1'lil
"
16 ~lu1m~~bbi'h
(;I1'1l
fl~ bbM 1'1{-.l'J::': U'Un1d"m::':'il11.l1]eJ l-Jfl11.1 bi'l~eJ-J~U '1-.J'I'Ul'Um Pl::': b iJ\I l-J1.I ~il~l\l n
uar
1 if uuu ctlitflB;..JlnlJl1.l ;..J111filt'lvt,1t.J~\1 bU (;I bi1"n fl\l Niiln ,:-;Vl1J;tln1d"~i11Nl,m
~-.l bbPl::':
111n bUMbi1"m.l'l::.: bllWdQ n 'llJ~!il1.l b'Vll'1ill"l~eJ11'11.1I"i'll 1.111.1 q) q) 1 ru;iiil-J'ill nrrmnn n ff Smurf (CiIl.1'Vl~20) bb~ln:fjlEl nli1llJln~nld"~Eli1l1d"TIEllJfl1l11.11UbUM
>J "
Cil1'11 b 'll'W i1I~ ~1-J
bi1'n'il::: buu5~'{II1!il1alil
'llCii b11'i11nnl'lQ
nhl-J~
b~ 1.I-J Yln bn MbWi ~i1Eln uuu bU(il b:.J1"nfflu 1'Vf4i~\Iarn'il:::'I4~ n b~ 1.I\lnl'l u 1.11
ElElnbbl.l1.l1VibUl'lbi1"nil'll'Ultfl111ru
~bflU11.1 bUihl'llnl"ll1Jl'llJ ,
1t1i~\I1J1n bbiil::.::i1U'l::,:N'VlTIm'{ll(,h ii5n11 ,
Subnet ~-Jbll'UPl'l'U~QmllmHlun1d"i1ilmbl.ll.lb~lJil 1!il1.ly(11ubb~lb'llarn'J::':'{IIl.Ibl1'Un1'l Pl'lulm"1i biieJ-J'Jlnl'l1.'lli1l Subnet Nl1111.1 IP Address 1UI"l~li1l B bt'i'muu
B ii~'Hf\ll'WnUbb'{ll111Pll~
fllUI'111l1i11 A 'l:-;'{II1.I1rii1dJumJum~d"1:::i'l~1al
••
t~1~:lJlJ
tcr/«
'lJfl\ll u{;Il11n 1lJ1 V!qjf)ybb~l

9 ~
<5\1fl"ll-l11mbU\l~mJf)f)n 1tJ1(ilan 1lJmmTn
fl~l\1 hnr;n:w
IP Address
'Vlnl"HNlfl"~l'Ubbc;ifl"l:w1"jt:1t:1ntllm Subnet 1~h~\I~'U
Subnet Mask:
V!lnn~11(i\ln11 subnet lb~1~f)l-l'V:;~fl\lnt'l11(i\l nlru~d'i'Un1"ifhv!'U{;l Subnet Mask ~1~ n11~:jhQvn:; IP Address bWfJ\lf)~l\1b~fJl,r'U netid bbG'l:;hostid t'm.J~",j:;u1'Ul'liillfl"c;il\1'1 , IP Address ~\ln~11fl~1'U'lil\11[9j ~
d
,r'Ub".i1ni.'l'1:Wl",jnmlU'hrll~\laf)\l1~1lJmmTn il~1'Ul'liilla1[9j
~
1~WW'Vl"jrul11 netid use
v!~\I'Vln,r'Unal:Wl",jmbVn
hostid 1~'Vlnm"ibtJi~ud'itJunu:w1{;J",j~1'U
" '1Jf)\lI'li.'l1~HmhtJ'U
b\c;ib~EJ!jn1",jbbtJ\lbUl?lb{n~mJ l[9j~nTJ l netid usz hostid 1~Bn~f)1tJ bbiil:;ii1~jHmr\lrlu 1'Un11'Vl1rll'Vln Mask tJWf)\I Subnet Mask dJ'U~lbiil'lJ'1J'Wl[1) 32 u{;lbvllnu
subnet bb~l ~f):W 1lJal&Jl"irl11flEm",j'iil\1~ilJbViEJm
b1!f)\I'Vln subnet ,r'Uall-ll",jt:1rllv!'U(1j1,;([[9jfJ~f)ilmbuubUt'lbl{mEJ\I b~EJ1Vfal:w1"iml1&Jl11f Subnet
bb~mil\11[9j (i1..j,r'W<5\1~idJ'W~fl\liim"j",j:;Urll1{;l"hV!'ct\l11 , IP Address 1~11dJ'W
hostid, netid bbiil:; subnet id bbiil:;rll,r'Wn~f)
IP Address vllV!1l1~"i:;lJV!:w1~biil'1J'1Jil\l , Subnet Mask 'V::;f)~1'U ~
host id blG'l:; net id + subnet id '1Jf)\l1~aM"_r'U nl",jrllV!'UWlrll'lJEJ\I ltJ bblJm~ rnnu IP Address
"
~EJvllnTHbU\I
Subnet Mask EJEJm1J'Wbiil'lJ16 Ul?l'<$l'Wl'U 4 "1J'[9j
tii'lmh\l'1Jfl\l
Subnet Mask b'liU
FF.FF.FF.OO
(Hex)
255.255.255.0
(Dec)
IP Address bal-lf) btlf)\I'11n IP Routing
rll Subnet Mask .Q'V:;~f)\lnl'Vl'U[9j11U'UYJnl~GH;;rlrlUnlJrll 11l"il{;ll'lfliil IP '<$lb1JU~f)\l11frll'i1ltJl'i'l'Ulrurll f)~l\111n{;l1:Wrll
net;d 'li\l'<$1:tJ'Uf)~l\1~\l1'Un".i::;m'Um",j
Subnet Mask .Q'V:::1lJClmi\l1tJnlJ
1"11Subnet Mask :lJl'Vhn1"iVll\11'll:U(;]l'lla{;J{nU ld, netid f)f)n:w11~{;ltJ1E~\I,j'
"
IP [9jlL~hbbn".i:IJ(il·:W It!t'lWi~\I'Vliillt1i.'l'l:Wl'',jCltll host id, subnet
IP Address n'1:::ii11:Wl1Clmrll
Netid+subnetid t;T:.)E)~.i1\)
[IP address] AND [Subnet Mask]
Hostid = [IP Address] AND (NOT ([Subnet Mask])) IP Address = 192.168.15.20 Netid = 192.168.15.20 Hostid = 192.168.15.20
Subnet Mask
255.255.255.0 0.0.0.20
Subnet mask
AND 255.255.255.0 AND (0.0.0.255)
= 192.168.15.0
=
'VliEJ'\fiIWI~lfJ11(il11 "Netid
dJu
N'JU
"
lliia
IP Address
fif'Juri(i}1Jn1JiJliI'11f)v riiJrhdJu
riil!"]')
Hostid
#if) IP Address ~huri(i}<Nn1J
Subnet mask
0" lYUbEJ.J
'\": "
v
.' h.
--
" -_
/tt~\;\
--
--- --
--
--
WI.,jtT'WVl'\1'J:::~nbGllHdl'WtJn~lnnTHhvl'W~
IP Address Vibln~ihHU;;;'
Subnet Mask Mh'iG'l~tJ IP Routing b'li'Wb~~nn'W nTlflTl'I'WL'll"ll §i\lt\Jiil1Yim'J~tJGll"JoiitJ'l-Jiil'lJtJ>I IP l:JJal'l-Jl'jTI<J:::m:::vhl~l'li'Wn'W
Subnet Mask NL'l'V'lG'llL'l~m,j~:::
"
nl"Jnl'VI'W~~l
"
rI\lbbiil'll'lJtJoJ
IP Address j:j'll'U1L'l 32 iJ(ll~1..hJ..l1H\11'Wl~n'l~\l
lu,ifln'JruvhAb'dJ'W IP btJ\l
imJml'WYilJ-JEl1'l'LhAlb'1'1t'll11mnll'1'U~llJ'Wrll oJl1ti1 ii\ll'Wb ~ tJl(llrll.J"J:::a\1fi~'Wbbill
IP Address lal 'li\lrll~1'W11'1qJ"l:::dj'Urll~ b'I'It'llJ'Ul-J1 1 ii\11'U l~Ein
mii~\1i1tJ1"loJlI"l1
"
WloJ"JltJiil::: lEitJ~~ tJ
h)11
1111-1111111-111111-1_'111111111111
o 'VlnUIll , o 'VlnUIil ,
...
'
W Address
1:JJi'J 1:JJi'J
o 'VlnUM , Host id
_ lal
l:JJlal hl1Ji
1al 1~ 1:JJ1&1 1:JJ1&1 1:JJ1&1 1:JJ1J1

d,uf1.Jnni1w'l'Il!f
. btJWlbl'ln'U 127 1 'VlnuWI ,
ct
.coII''I<
1l-ii'J 1:JJi'J l:JJil

Subnet id
tJ::;1 ".iffl&1 1 'VlnUM ,
1~ 1al 1&1 1&1

lal
bbtJlil lil'iil"~Jl1 uttJ 1m'l'II1Iil'U b btJ\1 (Ioopback address) lJ'ltJfilI'11iil"II1W.'V'l1:::Jl1u1'UbVhtT'Ubbv1"1:::1:JJiii\1\litJ 111 tJoJmVln,ntJ'U
~ ~ Q.C'.:Ii
Net id Net id
1 'VlnuWI , 1 'VlnuWI ,
'lJ1tJ(lll'lla~(;lUIiI'l\ll11i1\1bil{ilb lin~,::;1J
1tJ ,
net id
Subnet id Net id 1 'V.]nul'l 1 'll.!nuWI lJ",jtJ(;li"l11i1~(iluVl'l\ll11i1\lbilMblfntlmrvlnbil(llblfn , Jl1t1ttJbillilblfn~,::;1J1tJ

iW)'j"l-sri
Net id
4.8 IP Address
m"Jl\1~
4.8 bW~\I IP Address 1Jl\1Al~m111J'l1(lll'1tJiiloJl11.l1iib~tJl(llm.h:::Sl"\1fi~'W
"
bbW::: 3 C>'IlfitJ
miil:JJGlll-J1'Jmlll-J1nll'1'W"HiJ'UbbtJ~l~'JGl'lJtJ\l1®"fl~ai
"
1~!J~1'U 1 'I'InJrll~j:j1irul'll"l:::lhVl~hl
127
l'Il-J1tJrI\1 Loopback Address fitJ§i>lnir1Jb1ilY11~lbtJ\I 'I'Il-J1tJ~\l1[J~l'1VJnt;hl'Udli1lbl~nd 'I'Im1JrI-J M16ilm11mtJ-J IP Address "ioJA1,'i{:::YI~m~tI\1n1'Jnl'11'W>'lAl (AtJn1'JmElL'lrll~l'1"rtJbtJ-J)
'VolnD~
o flnDUI ,
Net id uae
WI\nftJb~E1ilEl-JntJiJq)Yll'l1tJ\lfll"jnlY1tJ(;wi1 Host id filmQl'lJWloJflt'l11b~tJ
••
~~1~:1J1J
rep/IP
ARP : Address Reselution PI
~ln
IP ~L·.i11~Rn~1~J11u'lJ'Ylr1E1U'Vl'lhdf'HU~l.n'T~5u'Vl'd\l~dlr1ru'lJEI'Il IP ~E1nn IP . -,
" 'lJ 'iJ 'I IlJ 'i.I
Datagram ~:; IilEl'llj:;'lJUEI lLVlj~'lJEI'Il~a'll V ut'l:;e)'f1J ~Bj:;'lJ~U'Yll'1l bbt'l:;l1!in b v'Yl1\1'lJEI'Iloiim..Jt'ljlVl ill b LQvn:;lul:;#i'u An~l IP fhliue)u1l'Vlln~'Il~1'11E1'1l IP Address l~nnIilEl'lln~:;wmnll~
LL~fll'Vlf1Jn1j
IP l'111'in-ff'llb~EI'V:;boElh'Ylnnt'lln'lJEI'Ilmjvh.llu'lJEI'IlT~P/IP ,
.Tu
"hLliu~EI\lRn~lt'l:;bBVVl
bLt'l:;1'in~'Illl1n1l1:;#i''lJIP IP 'V:;N'Iloiim..Jfl~'Ill111~.Tu.J'lLliu~B'Ila'll~'IlhJlm:;#i'u Link Layer ~EI <J Ethernet r1BU bbfl:;lUj:; #i''lJEthernet ttu VmnJB'Il IP Datagram ~\I'Vll..J LU'UbL~Ethernet 1'111 Frame'Vl-G'Il Frame bb'WUBU1lEthernet ll-iJ~n Source Address, Destination Address 'V'Ilmh1'il.. riln1jVi
1V111u
l:;#i'U IP ~'IlIilEl\l:i:ifll:;lJ1Un1j~'Vi'11~j:;#i''lJ Link Layer nm:;#('lJ IP :W~11l..Jffl..J~U;5L~mJ 1~ 1v\lnu ARP (Address Resolution Protocol) dJum:;'lJ1Un1jLl1~VUI'11j:;Yl1l\1 IP 111dJu
Ethernet Address ('Vl1BVi b"J11~nnU lullEl MAC Address ~mbBVlbV11~Vll\1FJ11l'l bLJ'hJil\lEll1mru b'liUnl1Vl LAN) IP Address <J.TuLliuL-r1V\I~E1~~~LbEll'l LV1j~ViNH'nl'VlUl'l,rm.J11'11fllYlf~ 1FJ~!il <J #i''J lV1#i'l'Vl-G\l fll'V'V:;Ll1~VUI'11 btJUblElV1bV1j~~UL~B h'Vl~ilmh\ll IP Address ~!1lnb-r1V\lLL~'l'h 1~1l-i~1l..Jljn~E1G'1111ai lL~b~E11!1lm'ii~\l1'11 lai[1n~EI\l lFJG'I()].Tun IP <J " "":::n5Ul..Jl~E1G'1111~~nr1~\I mj~il~ljoEEll..Jfl1(11'11~illl..J1Uj:;#i''lJ ~'HtJ'UbV;JtJ\I~.Illl:;'Yl1\1fltJ~~flVi IP <J 1aJl'Il U~1 ~1\1n'lJ1U ,:.;#i'u B Lfi il1 b-W 1i,:1tJ11jru 'Yl 1f11 Vl'V:';1'Vl:1J1 u Lfl'lJ1b:;-;,llirl l'I i ,n ,w (Ethernet Address) 1i'llbtJULt'l'1lVil:::1JMV1I~hmjn'lJBl1mruttu1bUULfl'lJ'lJUll'l 48 1J(II(61'lJ()]) 'V:';~ll..Jll[1:i:i jri1~ V11l..JVim-i1~E1'1lnlj mJ~\l1'11 ~
'"
1'11ViLL(IInl'il\1nU = 248 1(11
281,474,976,710,656
1"11 Ul'l:.;mJmru Ethernet 'Yln~uVi~~(II~UlJllu ,
Ien l'lJc1'V:::ldJ:il Ethernet

'lJEll~l{!m:;1J1un1j Ufl:::Lll'lJU
" ,¥
Address vioJlnULflV
r1iluVi"":';Rm~1l1tJfi\lm:::1J1unljlunljLtJ~uu Encapsulation vm
IP Address n'lJBLlitJ1bUt>lbLill'lbVl,~Ju'V~
IP bUU Ethernet LWEJr1ilU 'V:;'l'hl~~ll..Jljmoiilhl(11~lU
Ethernet IIa: IEEE Encapsutation

5 LfiE)'hil(?11m.n'fl1thu./l£Jii-J~1i,l)j~1'Wnl''J~E1
Digital Equipment. iEm'lbihfi\liiEJ~f.lbbUU .n\l'Vll 1Vi~tJmruu'W Intel bb~::; Xerox LtJ'W~ll'lj!l'W~11fdTY'l-r1Jnlj'r1J~\:l'iiEll;l~1J'W
..
G'l"lj1fEJ~~~ L~£J LL'I'f'i1'WU19821~W1J~~Yl
"
lJ'IN
hw 111
E1:l;j ~
"
CSMAlCD (Carrier Sense Multiple Access with Collision Detection) lJ'IN fl"lm'l~ 1-Efl"l£1-r1J-ci\lNqJQJlru'h~n'W bb~::;('Bb'Vliimrh)7uci-J-ii
vr:ifl~n'W1(i1ciilw'l11~b~1
10 Mbits/Sec
1~fJiibbEl~b~'m1'WnT:id::;uLii'Wm..J~tJ1;'l1£J'VI1'] 1'Wn1j-ruci\l , IEEE 1ciib~mb'Vdmr>!j21'W'lJEI\lbUr>!bi{n~:ilnl'H-iilii-J
'lJ'Wl~ 48 iJr>! 'VIg\l'llmr'W1~'Wl'Wlilmu'W o)fD~~~h£11E CSMNCD
"
bb(il::;:ilflruf'1:I.JU~b'VI:ilD'WflU Ethernet 'IJ'W:l.Jl E1 ~
IEEE 802.3 ili IEEE 802.4 IEEE 802.5 IEEE 802.2 fJthJhnr>!l~ Ethernet l.h::;nDU~ b~fJ:iln1jjl~n'W'lJfl\I:l.Jll'lj!l'W IEEE 802.3 mil::; 802.2 'V1l1Vi1f1"iJah.J'lJD\I bb1J1Jb~mimJ1flll:Wln True Ethernet (~""Jlnlll'V>1 rll'VIf1Jbfl~D'lh£1 Token Ring CSMNCD
Frame t'il-J""Jln'lJEJIl True Ethernet 5.1) bbMb~€I1-Yi TCP/IP
'VI~fJ Ethernet
~llfl\lal~1"i~1ii\ll'W1(i1~..J1J'W
bbfl::; IEEE 802
"
~..J:ilm'J1.l7lJd..Jll'l'J!il'WU1Jfh'W 1'Wnl'l't..h TCP/IP 11.l111..JI'Wnu~\I2 :w11'l'l:lI'W11ii 1~E.J'1iBU..Jr11J 1'W nl'lb-lfm.Jt'ifJ TCP/IP 1m;l"MnlJ0 blW{bU(9]bflbD~ use 11f\ll'W1(i1~\lG'lD..JmM'l!1'W~D
1
2
""J::;LiiEJ\lG'l"lm'l~ci..J~f1JbbVJmn(9]l'l1~ RFC 894 (Ethernet)
Encapsulation
Hi
f11'l""J:-;f'11~I'lnciJ~f1JbbVJmn(i1 R.FC 1042 (IEEE 802) 1'LJbUl'lbi{m&i£1ln'W bb~::;l}Jlil~n'W nu RFC 894 1M
EJ1"l"l::;lillmj!;1ci..J-f1J-iiEJ~ii'l1(iiMl£1 RFC 1042 'VI1nl11~i;'lMi;'llm'!;1ci..Jfu-ii€l~(;'llM~\I bblJ1J~f1RFC 894 bb~::; 1042 l'il option
"
~iPrmu'W default
~f1 RFC 894
"
hr1&i~1f€ITll'V1'W~ RFC894 nu RFC1 042 ~1(i1oJf~bbiJ\lnu'I'll lVi1l.lj 1>'1r11l~ IP &lm'l li1..J1'W1(i1~..J :w1(i1'::i1U ~[i)rllAq}lUn1' 2 IEEE 802 ~1lmj'l::;ml..Jlu , Encapsulate [i)l(iilbbm~'lJ1l\l IP ~\l1JU Ethernet
o bb~::;
field type 'lJ~N Ethernet
Frame bb~tillbb'VI'll\l'lJ€I..J field "'::;bb>'lmi1J €I~1'W
n'W 1[i)£1RFC 894 "l:::1111lJWiV1 2.-13 bU'lJ 1
Iu Wi~,::;mn1(;1'lJ€I..J 11.l'l1(i1f1€1~~ Encapsulate ,
"
Frame l1bU'W IP, ARP 'VIiEJ RARP bb~dl'111lJ RFC 10421'W1lJM~ 1'l11:I.J£J11'lJ0\1 thernet E Frame bbt'i(i11£1-iimhnl'1'lHl..J Ethernet
12-13 nguHhu'W~':-;1J
Frame .n..J"l:-;:il'lJ'Ul[i)l~bii'W 1500
1lJ~ (i]..Jct'Wl'il&..J&~ 1'WVJ~61dn"l::;11'1 £1\102E116 bil Ethernet Fra~e ~bih~IJ'WbU'Wn1'l Encapsulate
'I'll 1'11b'l1i;'l1:w1'lmb£1mbtdl'1"'lnVJ~Widbfl\l11
uuu 11'1tKJd
••
'~1~:lIjJ
Tep/IP
IEEE 802.2{802.3
Encapsulation
802.2 LLC
(RFC 1042)
tl1#S.1
IEEE 802 Encapsulation
802.3 MAC
802.3 MAC
Ethernet Encapsulation. (RF~ 894)
28
18
28
18
• •
'i111J~~ 12-13 ill"l1ummil
02E1 bbf{~h'l'illlJu IEEE 802 (RFC 1042) bbf{(1l\l'hdJu True Ethernet
i'h11J~~ 12-13 ill"il 0800,0806,8035
bL~l~\lf{l:l.Jl':iCl Oemultiplexing iif.)3.JiilElElmn1~El~l\lC1n~f)\I
'"
"
"'nillvr.y~bbf{(1l\l1Vld4U'hnli (1li.,j~ RFC 10421iibi1f)~L~j.J5n IP datagram
Encapsulate 'lJf)\I RFC 1042 !IIl\ln1J RFC 894 L~nUElU
811J~un1db~:J..jL!'I(1lb(1lf)11udlU'lJf)\I LLC bbiil~SNAP nElun\l
fhu1u
RFC 894 Ju1iibi1f.)~~\I'V!j.J(1l1um'1JJJ" !P datagram
n~1Jm~b~f).,j ARP !IIfJ"Vlnm,
Encapsulate ~\I 2 l1ii1"V:;b~Ull
IP Address "V~C1nN\I
El~1u IP Datagram Lbiil~L~El"V:;'1hm':id\l1u Link Layer Ju"V~tiiEl\lil~bTIEl1bU(1lLbEl(ilL(ilJfl'lJEl\l~\I ~U'Vll\1LLi.'l~l.liillU'Vll\l.yjC1n~fJ\I~\I"V~ii!1j.Jl'Cl-r1Jfi\liiEla.liil1~ m:;mUn1iLUn1i'V!l 'lJEl\lIP Address
"
" .yj':i~1Jil~\li1 •
"
MAC Address
mn
IP Address 'lJf)\l1.li.'llU'Vll\lElu1'1.,m1\flbl{m~UlnUn1J~U'Vll\llml'(l]~U'VI1\1'1~d\l-:i1Elj.Jiil
11.l1J\llrH'l'(l]l.liilltJVll\ll\flu\fl,\I vnn IP Address 'lJEl\ll.l1illU'Vll\lf.)~I'1Uiil:;bUllIL1{nnu 11fl(l] 1 w ~U'Vll\l'1~~\I-:i1f)a.liil1tJ1J\lb"blllEl{ bL!II~\I2 L~Elu1'lJ!lil\1n"V:;(ifEl\lL1.l~tJUAddress dJu IP MAC Address ~\l1"i LVltJ\lbb!llbl1'1~b~Eln 'lJf)\ll.liillU'Vll\l'V!10 IP 'lJEl\lb'llblllf)'h'vi1Ju IP
"
"
"
"
5 : ARP : Address Resolution Protocol _ •
"
~-
----- --
"':"'"'~
-
'.'."~'~
i!'.&.. .~,
-
-----
---
----~-,
----
--
ARP
~:cci\l
Ethernet Frame
~L~EJrril
ARP Request
l'lJu\lYlnLeJ~W;~mj1Jtmj('\b%n
OJ
(L~Vnl1nllmDr;]1'l1~W;)
'lJiJ 1Vif?lDU MAC Address
LVimn~11 n5um
Host
LFl~D\llr;]i1
IP Address
(iJl\lrlU~t*iiJ\lnljLLi.'l~
L~€lLfl~Wi~djUL;h'llD\l JilEJ
ARP Reply
vli1Ni'l"ilurIlJ.JrhlMu ARP Request n'V:-:t*iD\lf?liJU " ~\llur1'1r;lDun'V:ci1"r-J IP Address Lbi.'l:-:MAC Address 'lID-J(iJ't.HD\l
IP Address
MDun5u 1'lJ
L~DLeJi'l"MvlGi\lARP m:-:UlunTi
Request
lJi1u
ARP Reply
n5ul-Jl
n~:-:'VmlJ MAC Address 'lID\l

Ethernet Header Host
LE'J1!f(ii'lJ1.'ll!'JYll\llar~\llll,",l
Encapsulate
MAC Address
'i11Mmn 1dlw JultJi(-J

IP
1'\..1
uiih'l-Jg-J
IP Datagram
tJiill!'JYll\ll(i1mh\l
flnMil-J bbiil:::mj~Di'l"l'JlimJi.'l~,hw
"
"
Ethernet
luj~li1u
n'V:-:L~J.JMU;U
ARP Cache
~:-: L{1't..Illm::-:mUnll iil\lU'W
Ethernet ARP
~ "I:-:Lnl'l-TI'Wb~J.JDriiJufil'llriil bLnlJ.J'IlD-J
,
IP
"I:-:nn
LLiil:-:n'l:-:lJl'Wnlj l'lJJil!'J
MAC
ARP Request-Reply
f1~:-:liiL'1iillJ:-:!'J:-:'I1it\lb6iil:-:HbLu'W#ill'lfi' iil\l '!-Ji1nllilil

ARP
~
"
Encapsulate
'llil-J bll(;)b ~HnUl-Jdlu M1J"1-JvltUI'JJ::Yll1-J

Request
'I
V111Vi'lJJd~YlEJl1'V'11 u nll1lJN-Jfll'l
rllJ
IP Address
nuuu L1'l1!f(ii nu b
ARP
lmJVJnFl{\l
"
l1dJu
nlJ"'11'l Fl'l11 b~illVillJriiil\lvhnlJ" Lr;]EJriil'Wvl '1'nnll:i'll'il
f?lTn\ltib~£Jnl1
'lJ 'iJ
ARP Cache Cache
'V:-;vlln1JnJ::'V1EJ~bI'111!fVi
MAC
mmltJvmLeJ1!f(iiJulVi(fJ,l'1l'liiilm'll'W
Address
b~!'Jriil'l.J'h:i'l,",lbtii:IJmhb~lY1iillJJ
D~bb~lrn Vi'l111'lJHibiil tlllJ MiJ\lCllJ.JlY1lJ mn llJi1~-Jl'iil!'JCllJ.Jbb1.'l::b~mn:IJ l$lr11(fJDlJmui!l1

Cache
iTIVibnu1.'l"lu
b~DFl{-JviiJltJ"J:-:1WilJJriiD\ll,nWDn
IP Address Address
tJ~1\l-vin~'nll~\lbb()]riiul1 Ii1\1JUrh':-:Yll1\l btJ~I'IU

IP Address ARP Cache MAC-IP
dJUiiltJ~~flbbiil:':1!flJ.J1Jm'lJ~EJUbb'lJl,Nl~~wN11i nDl"J'V:::dJ'Wl'il-viNr;]'V'I1.'llVll$l
~ •
lu
ARP Cache
tll:i'lnl'l
'U
"
vlL,m(iitJiill!'JYll\l
Ii1"JUbVl'iIiJD\lflullruYild Dl'V'V::ltJ~EJ'W1'lJbl~1n1Ji
"I ~
~"i:imjr\'1Y1'W(i1D1EJ'IlD\lliiJ~iillu Yllml1.'ll~l\l
ARP Request
n~11~DliD:lJiill'\.!
bi;i!ul'lJmnm,tlJr-h::'Yll1-J
"
ARP Cache
'V::1J\lFl-Jb~il~tJ1Wi1ubli.'l1'Yli!\lb'Vi1Ju ~-J'V:;riitJ-J~n1J"'I11
'iJ
lY1lJl~D lVilMiDJ.JmJ'V'Vu'\.!btiil::;vlu~JYu-vi~Vl
'iI 't
"
MAC-IP
LI'l!'JvYll'lJmu'lJ€l"iilJ.Ji;i! lu
ARP Cache
'1:;bnlJ
11 20
ARP
Ul\1 vnm1.'lEJ";)lnJw'i11u
Request
Cache
n"l:;8niillJ~\l
tl'UYlm!'Jfi-JYllntiiD\lm,1ii~MDn'V:::MD.,jvll
lY1lJtl'ubD.,j
AftP Packet Format

t1i#5.2
ARP Packet Format
Ethernet destination addr hard sze
f+-----
Ethernet Header
••
t"l1~:t1l11
rep/IP
11)~ 0-5
Ethernet Destination Address dll'1-rU Ethernet vrlltl'l:':l'I:1J1un\l LLilI?lLl?liQ!'lJil\l1l1illUYl1\I bb~dll'1-rumru'lJil\l ARP bllil\l'JlndJunl"l"lii\l oilmJfln\l'Vln 1!H~Ji'V1il~UUbi1I?lL l'I~il'V1b i{n 1unllU"WI?lI'll l!IJi #l\lJuVlnul?l
'3..l 9 'IJ ,
'lJil\l~lil~d~\Iliiil\lb1Ju "1" ~\I'mJi?l~il FF FF FF FF FF FF 1lJ1>16-11 Ethernet Source Address dJUbbili?lbl?l'Jiil''IIil\lN'V1d\l Request Lil\l .ARP
b viil1 ,:,'t~~;H'l'V1liiil\l n1'J1?l mru G'llm'JO(1lilUn~um l?iil ~1\l Cl n?iil\l au
"
11Ji~i12-13
Ethernet Frame Type i:.:ui'i\lll.h1I?lflil1il~ Encapsulate fJu1u Ethernet
Frame d dl'VI-rU ARP 'J:;;Mil,:n1JU OX0806 11)1>114-15 Hard Type ,:;;lJlh:;;bll'Vl'lJil\l Hardware Address 'V1ARP fh~\lm~El~
"
"
"
1un".irud~E1 Ethernet Address ril'l:':~il\lb1JU 1 1'lJ1>116-17 Prot Type i:':1..J1tli1(1lflillil'V1liiEl\lnl'Jm~l'I:IJltJfl\l~E1'Jnl,m~ Address 'lJil\l11l,11?l1'lr.Ji;'w::::1'J mrudMii IP Hardware
Address 1Ul>119 1U1>120-21 Port Size i:':1..J'lJUli?l'IlEl\lbbEl~1bmQ!Lu1tl'J11n1'l1)1iI~Cl1:IJ ~ 4 dl'Y1-rU IP OP Field b1JUn111:.:uilblJU ARP '1IUI?lLIn , 1 ~ ARP Request
2 ~ ARP Reply
3 ~ RARP Request
4 ~ RARP Reply
Sender Ethernet Address l'il Ethernet Address 'lJiI\lNN\lii\l'J::::ilrilil
nu LUlul'l
6-11
"
Sender IP Address ~EIl'il IP Address 'lJEJ\lQd\l Target Ethernet Address 'l::::ll\11it'l'TI1-rU ARP Request L')'j'n:.:iJ\l1~1 (fi1ibb~1f1\11~liiEl\l'Vh ARP Request ~n}
"
"
1u~ 38-41
Target IP Address ~ilril Address
IP Address Virh~\lMil\ln11'Y11ril Ethernet
5 : ARP : Address
Resolution Protocol -
""" '::.':
... !:,'.
-
-';_",
-
~
-
., .
'VI~\l-VlniJnT'jlii\ln";j:;-V18 ~;:;1(O)f1J ARP Request
:. ';
-
--
---~
ARP Request ~\ll1.l!J\lLu~bi{mb~llm'l(9)vln&r":l'v1mj1J'Ubu~bl{n
ti i\ln'V:;111I'h1'Ul1J(9)~
'"
"
38-41 j.J1L1.l~81JLYi81Jn1J
IP Address '1IfJ\l
~'UW\l 'VIln l:iJ~".i\ln'UnfJ~b'il811:JJMeJ\lYhfJ:; LIiij.Jail Vrh~fJ1J
uli'"j'VIln'Vln11~r;H~'Yilalf1J1J".ifl
h ('h1i'U~fJ1JnV'l\ll'U1181..h~ ,
"
Lml:;LU~bl{nV'l\lMfJ\I
~ V'llN~ UhW-:fflj.J 1 ~ n'W~eJ1J) Cll~".i\l n'Wn-V:;!?1fJ1Jn~1J Lb(lj~:;Lll~8'Wl'il'llthliiflj.J~(i)\ld
ai18 ARP Reply 1~8HiL:~mn(llL~hJ'lIfl\l
ARP ~flB1Jl8(11f)'Uai'U
1 2
3
"
bll~u'Ul'il1'W
OP field vm
1 dJ'U 2 bLNl?hlllLiJ'W ARP Reply
th1'i11'W Source Address ~\I Hardware Hardware U~:; IP (LVimuunl".i~\ln~1J
use "
IP 111htlil\l1'W Target Address
0'\1
l11!J\lNlii\l ARP Request j.Jl) Ethernet Source
l.h'hHardware
L~fJiJnl".i
Address LL~:; IP Lbfl(llLh~".iff'1lfl\l!?1'WLfl\l1lii~N 1uVJ~~
Address use Sender IP Address ARP Request uiil:;ii~~\1

'iJ
ARP Reply ;!'W'VIj.J1Vrl\ln".i:;1J1'Wnl".i'VI1 IP Datagram lal
Ethernet
Address '110\1 IP Address l~Liil"~~Nj.J1J".iru ~fll1.ln~:;L~lJlii\l
"
1Unl".i
ARP Request tTu 'VIlnl:iJii1e'liil"~(II(IIfl1Jn~1Jj.Jln-V:;~fJilhi:il1eliil"~~ii Lb~:;hh1(11V'1fJiilLiilL1.Jfl{ff\l~'Ul111:iJ':h
IP
Address J'WfJr!1J'WLUI'Hi{n fflm".ibl&mn".il~ 1 Unl".iUl
TCP, UDP, ICMP ~:;hj
ARP It.J1oE\ll'UtT'U 11.l".i (11V'1fJ"iilbiilb1.JfJ{ff\l~'U 1 l1.l~:;biJ'U.:i&r~~'Wh b'li'U b~n~\?I(ljfJ, V'lflmUWliillhViln1J
mn
ARP bb~ll:JJii.:i(llfJ1J~:;vllfJ~l\lh~
"
X l'U1Vi 'VI~idl~~
"
LfJ\lil
VWl81j.Jvll
ARP 1;:JJEJ'nlffni"1'¥\l 1i\l1'Uffl'Ud~:;1:iJ(IIl1.J&rl
ARP iURllqlrlaaOJlIUilal (Pi
IP Address biJ'W,"h~€l~V'I€l~~fflj.Jl".im1.l~1.J'Wlal
Lb~:;bl'll'U€l'UailUl'lruffj.J1J~e1'UdLf)\l , nl".i1.l~fJj.J IP Address
IP (IP
Address ~L1.l~1.J'Wlf1n~fJj.Jfflm".iblllmmla;b'li'UL~Vln'W Spoofing) n bn\?l~'U1'Wn".i:;1J1'Unl".idiibf)\I ~fJj.Jl:JJm€lnlff~~:;n".i:;'Vh~\lniihllai ~1{~Lbl'fl~U\Il".i\l1'U".i:;~1J'1Iil\l mi'W€l'Uil'Vllm
".ilL~Un 1'.b11.l".i 1(11V'1f)~'U".i:;&r1J IP 1
bb(lj~:; hn\?lfJ:;1 ".i~'WCll:ilNL~U'Ul1.l".ihbn".ij.J~&i~(ljfJn1J Ethernet 1~8-:f~n
iil\l1'U Ethernet Frame l~U!?1".i\l 1i\l'VIln'Vhlf1b1nMfl\l~lj.J"ii€lfll'VI'U\?I'lIfJ\ll1.l".il~V'lfJ~n fflm".ibllliilfJj.Jhh1.l~-..l • IP 'lIfJ-..lb".illa; L'li'U
" "
Packet Format LiJUfl~l\l~LLiil:;1i;'HifJj.Jiil
"
"
(9IfJ1J ARP Reply f11U IP Address 'lIfJ-..l1~ff~~'W1Vi,ffj.Jl!J\lbbfJ\?Ib\?l"'jff'llfJ\I(9IUbfJ\I n-v:; vl11Vi"iifJ j.Jiil~1~ff~~-..l'VIiill1.J"i:;lii-..l1 y([elfl~~'UJ'U b1nlii-..lbiilj.Jl a\lle'lN~'1IeN Ln~fJ:; h~'U b".ill~ 1.J
tl('11'U31~ :biil:; l~fl~~€l~fln~-..l'VIit\ln"i:::1:JJYI".il1Jbiilui~
'"
••
'~1~~1J1I
replIP
anu
ARP
h'i'vm ,
IP Address
h..!bil~b11n~
Ethernet Address
'7Jfl-Jbl'l~fl-JVi1lJijmj~ dJunl'l
DoS
'V~-J 1Bi1'V:;ffl~1'Hl'l'h1V1n'l:::1J1Un1111JS1'-J'1imJ~~~b'VI~11~ ~ le.l~tlJJ ~llJl1rlaf)a1d • btl~EJU

ARP
vh1Vi
l~t'll snln ~ bn~
'1Jf)\lle.li;i!c;1'i11d'Jubnt'lb1~ ~-J'V:::vhll11!)~#i~u1Ubil(i1b11nlJJffllJ1drlS1'-J
DoS
oJJfllJ~dJ1ET-J n<'lnU1~ bb~:::b~fllJJ1iIlm'lrl&i[i)~ml1J b
bQ'lNl:;n1J1em#i~fl EJlU bil(Olb11mt11 EJlnU bvhli'u 1hrhlJun1'l
"
mn~ 1fJ1iI#ili'un'V :::~fl1ill'l1~

iB'VI'ii-Jb"liun'U use l'V1aJ (Hardware
Hardware
ltlfl-J'Vln
Address
"
ARP Cache
:ih:::EJ:;L1~l
Time out IP Address
n1dbtl~!'.JUlltl~-J~'1Jfl-J b~~bb(?)blJU
ihDfJ1bil(llUfJ[i)b[i)'lff b"liu1umru'l.-E btl~EJultl) bilt'lb11nfJ1'V~:::bliu~1!Jl1Vl ~1(?)1\l'11u

ARP Cache
"
IP Address
fJ1'V~:::vi'11VilaJfflm'lrl~fJ1iIl1l~il'7Jru::: bn1mlVlbVl,ffbnll11'U
btlfJ\l~lnle.lffc;1~ulu '7Jfl\l~Ulfl\l 1U'VI1-Jn~1JnU
ARP Cache
nv:::$ifl\lD'I'lb(i1'V1mh1illJD dJu"li~hl'V11\11r1~~Ualm'lrlH~-JVll::: " " n11D'lNb[i)'VIoJJmJ~1u ARP Cache '1JfJ\lbb~~:::lemtltlbvifJn11vhlVi ARP 1~11Jo]jfl~~N[i)'111i bb~:::bn[;lNflb~EJVll!'.J~ 1
"
"
5 : ARP : Address Resolution Protocol _ •
ICMP • • Message Prota
ICMP dJ'Ulu'j"ll'1r1fl~'VIa"jYiflylU~(i1t1fhl r111Jr1aJtlfl"jP l(i1mQ'Wl~nTl'rmi"j I

,
TCP/IP SUitei:i'VIiJl~&\l'lil'HI1'j"LbPl~rh5"j
'iJ
Error Message l~hv~nb'ru~t1fl"j ICMP tb~l1.X1J 1ili11mi~\l
lUbPlb1Jfl{b&1rnnlJIP Vf1mPlltlfl1Vifj"jn11 IP fimYiv1Jb'vi1TCP bb~~ UDP fllili ~uflynlJ~nb'ru~ 'lID\l Message ~ ICMP vhnTl~mn'j" UDP (ililmVftl1ilnm'l~D1ili11 ~\l.a ICMP
li
IP dJ'U\lll~'l'lifl~~b'li'Ubtfhnn1J TCP m,~
ICMP mjlUb~HtlD{b&1tnnlJ TCP bb~~ UDP)
"
nl'j" Encapsulate ICMP bb~(i1\1~\l~tJ~ 6.1 IP header ICMP Message

IP datagram
'l:::bi1U111'U~lU'lIfl\l
IP Header i1iJ'\lr1\11TIbeJ(i1b(i1fl1(i11aJun&itlfJ\I IP vhlVin~1nlunTl IP 1kvluYi dl'V1-r1JJllVlu ICMP
-r1J~\lojjDaJ~'VlnJl'Uvl1\l1uiJ\lU~lU'VI1\1fflm'j"nlinPl1m:JnMtlfl\l
Message 'l~bn1Jojjfll.H'lll~h i11'l11aJ'VIaJlt1fltJl\1hiil\1J'U'V~bbff(i1\11Ul1TVIj~ 6.2
"
"
:tuft 6.2
leMP Message
78
8-bit Type
15 16
8-bit code
31
16-blt checksum
1"l11l-J'VImtltlfl\lojjfJl;jQllu ICMP Message
iil'lVi
0-7
(llJ~Yi 0) ICMP Type bU'UilJPl~t1Ul(i1 ll(;11Jflnfi..,ju'j"~bl1mfl\l 8 ICMP ~rll~\I~Elffl'j"EltJ
"
......,~
-
1JIIItY,--------------
UGliIi
8-15 ICMP Message
UGI~ 16-31
1~uvi'lhJfll1~Ul1'lJEl\l
(1u~~ 2-3) Check sum 1oiidJu\ll1~11'"1G'1aUfll1~t:ln~El\l'lJEl\l
ICMP Message YI\lVll.j('l ICMP Message '"I~13Jfl\l.yjll'lluau ;umjnlJ&'n'l!lru~'lJa\l
Message JU'rhil~iioiif)l;lr;;l~1~VI~\ll,mnni.iaubb~1V1u
"
ICMP
ICMP Message Type

Description 0 3 0 2 3 4 5 6 7 8 9 10 11 12 13 14 15 4 5 0 1 2 3 8 9 10 0 0 0 0 0 Echo reply Destination unreachable Network unreachable Host unreachable Protocol unreachable Port unreachable Fragmentation needed but don't fragment bit set Source route failed Destination network unknown Destination host unknown Source host isolated Destination network administratively prohibited Destination host administratively prohibited Network unreachable for TOS Host unreachable for TOS Communication administratively prohibited by filtering Host precedence violation Precedence cutoff in effect Source quench Redirect Redirect for network Redirect for host Redirect for type-of-service Redirect for type-at-service Echo request Router advertisement Router Solicitation and network and host
• •
• • •
• •
• •
•
• •
•
• • •
•
• •
• • •
• '~1~::1111
replIP
Description 11 0 Time exceeded Timet-to-live Time-to-live equals equals problem: bad option missing 0 during 0 during transit reassembly
• •
12 0 1 13 14 15 16 17 18
0 0 0
Parameter IP header Required Timestamp Timestamp Information Information Address Address
request reply request(obsolete) reply (obsolete) request reply
•
•
• •
0 0
0
•
•
mask mask
/?l1'i1~;; .3 ICMP Message types 6
nls11i.,1UrJa., ICMP
• • Query HIri'I'Vl'hJi.lEllHlll-JG'!r:Jl'W:::'l:::'Vl'i1'111'W Error Hilil'Vl'hrnU\ll'WiitJNWI'VIJllllW1~dlWl~'W
6.3 v:::l'l1'Wll ICMP Message ICMP ci'l'W1'Vlf!J"I:::vlTlllih~'llU\ll'W1"l11l-Ji;Jl'l'VIJllllW1~ t!'Wfl1'l'l:::mJ1Ji~\I
'llfWll'll\1~
lnWl~'W'lJEN IP Llc;imh\l~fli1l11
hJt'lfl'W~'Wll
Wl1 IP 13Jt'llUWlllW1vl'il'!ln:::1'Wfl'lru~ IDfl'lofru:::d ICMP ICMP Message
ICMP
Message
t!'Wrll'Vl'l.'h~'llU\ll'W1"l11lJi;Jl'l'lNllll>111'W
"
bill bm)'h~EJlrl1J
IP lllll!":G'!\I
"
v:::vll'Vlih~1'Wb1;'llvtJ~b&1rJlfl1J 11.Hr\lll1111V"/ll\1fl~~
lP l'W'lJru:::b&'iulrl'WfitJ\lI'I\ltJ1l'i'u ICMP
IP dJ'Wfilci\l
"
(l'W~fl'l~ru:::dv:::l'l4'Wllfil'Vllfl
tJ~b1;'llUfl~lJ'W'lIi!hJ IP bwmdh
..
ll'ltJ&'Wdj\lLl~h 1?1-.jt!'W ICMP
JCMP Message
'l:::~fl\ll3J1,ll:IJI'l(1ci\llJi
b'VIJ'l1:::1'W'l::;l?1lJ :i1 Error IP
~-.j~fl\lfl\l:IJTl!hflT'JflJiifl:IJllllm::;l?1lJ
..
IP bW1Hfl\l) Ulll:::ri'l'VlfUflT'i"iltJ\ll'Wl'Ill:IJ
Nl'l'lNllllW1J'W ICMP v:::13J''omJ\ll'WiFllll-J Nl'lVW1W1'lJtJ\lfll"ici\liimJfll'Wfl"iru(FI1\11mi1l1d rn "i"il EJn'W i;J lllIWlVil;W~"ilU , iiEl l'l'VIJ
..
..
bYiElUEl\ln'W
Lili91iitJ~VI'VIJfllW11'Wm'lci\lICMP
Error
Message
l1:ilmtJ\I ckmidl
ICMP
lth ..j~l~I'l€ltJ
"ilEJ\ll'Wl'lll:IJN(i1'VIJlllIWl'll€l\l IP lbc;i~l ICMP 1.llll1EJ"/l1\1mJ&'i m'l~
bEl\li'hJ\lM€I\lEllI'TEJIP dJ'W~1I.hif'Wfl5u1tJiJ\I
"
ICMP
tll"lv::: l~'W'I'll·,jfl5u 13Jrl\lll1111V"/ll\1Jilm 'Vll'll(i1nufhblc;i~Elm1J'W
~\lvlm€lfl1G'!bnWl-i1'Wl~ b"li'WnT'Jv1Host A flEl\lfl1"ici-Jii€ll-JlllltJiJ\I l~'lbtJWlHi\ll'WEl~ lii'\lJ'Wb'llb\l1fl{~lv1c;iflfl~rlU (Host Unreachable) fl~1JltJiJ\I Host
..
..
..
Host
B uei Host
B 13J 1
Host
B v:::flfl\lff\l
ICMP Type
3 Code
A b,c;il"jlbl'lfl~"i::;'Vl':ll\1"/l1\1t!'W:i1l"illi1~\I,"/lbUlllVil3J Host A 1JiMltJl"liWl'W 1'Ufl'lrild
~n$1El\l'jl1l1V1ICMP
blVlflbnl'll3JG'!lm'ln~\I~€In~ullltr\l
'Vl1fl13Jniimll'Vl'WWll1'nv:::vlllV1bnVl
ICM P ~El'Un~u 11lml3Jj"lu
6 : ICMP : Internet Control Message
protocol ••
~~;
~
~~
. i,.
~~--
,_"'"
-
':
;l
2 3 4
.z;m-Jlll~ IP Address U1ll1tJ'Vll\llJJltlib<UW1:'::b'Vl:::'V\l1!'11ll'(l]~lb&itJl bb(;]b1J'WU1ll1tJ'Vll\lU1:'::btl'Vl mEl~1911ll'(l] ('Vlnel1!'11ll'tli1'Wbil~bl~n) bblll:'::~1ll~1911ll'~ (1!'11ll'~Vl1ll1tJ~l1W1m'H1U)
"
~lmbbm~'Vl'VllVlUl'Vlm~flt.mT'l'lJ·;HJ~191i;HWllEl\l ~ltiilbbn'll-l~bb~nbn~](1mbYhnbl-lU~m bvh,xu
q,.,
~,.J
.:::II
II'"
Link Layer
tJmlu~ltiilbbm~bb'in
b{jEl\l'Vln~ltiilbbnmvhlnbbl'hml-l'W~mJu ~\lJu'l11n:ni:lQJVl11un1'iaflt'l'11
"
(bb8nmdJu'l11ll1tJbb~ndl<'1
1Vlqjb~tJ\l5ub&itJl
"
'V~\l1bbfila1~m'Vln~lJilbbml-l"lJU1~ n11bb~\ln5'lJ lunI91":i'V:':: Lb~\lb~tJ\ll9f\l
b&i811lJm":ibL~\l(1lEl'lJn5'lJ'Vln bbyhn b:lJU~ ,
~nJil bbm~~ JiU'Vl1\lllJltli b<UW1:':: :'::'V !'I t'l'M ~\lJ'WbbEl~b~'it'l'1'W5mofru:.::.Qb~ b'Vl \11 m.hm 1id'J'W bbEl~b~11ll'tliU'Vl1\ln'V:.:: llJltlif'lJ
ICMP Message b'liU bbEl~b~11ll'tii'W'Vll\lb1JUAU\'J~\lVl:lJ~

'lJ
bbEl~b~'iG'lvh1Ju loop back (~\lL.z;I'111~lbEl\l)
bbEl~b~11ll'V1b1J'WmEl~191t'l'(l]'I1~mrlll~1"I1G'1~
bbfl~b~1G'1b'11r;,'Tj''V:.:: d'J'WbbEl(1lL~'i1ll'VillJltlh:'::1jil\l 1!'1G'1tli1~ 1!'11ll'(l]Vl1j\l'V~-.l1~\lJ'W ICMP ~-.lllJ Vhn11~\l
Message ltJ1Vi
sllVlf'lJdltJ1ll:::LiJtJ(1I"lJfl\l ICMP Message bb(;]lll:::'1j'W~Ju 'V:'::ElTI'lJ18I"1ru5nlofru:.:: 1~81ll:::b~8~ , Bnl9f\lb~El:n~1'W~b~tJT7jEl\ln'lJ
ICMP Jwr1'W'lJ'Vl(;]Ellu
~nw~tr~V1ril~q!"lJEl.,j
ICMP ~'V:'::~fl\l
-;J11Vi1i'W1'V~El b~mn~"iJElN~m'n~1~1n(1lI:lJ1u'i:::~tJ "iJflN~W1ll1~J'Wn ~'lJltJ'lJElmJ\l 1 !'I G'lMtii'W'YI1\1 b1ll':lJfl
IP 'V:.::iinl'i~\j
ICMP briml1G'11bYllil"lJEl\l ,
• UDP • User Datagra
UDP b'l'ju1th-1~l"lfJ6'1~U"I1'tJ'vhnA1.I ~ mJ1u
IP dJUW1'VlU~1un1d~\I-7Jm.J~
'"
Transport Layer ~m~ru~"IlfJ\I
hh1~I"lEJ~'V~~(i)nl''iI"l~\li.'l~
ff~~u£nu
1~1.I(;]1 UDP Ju~~
1 '7!(i)"Ilfl\l-7Jm,Ji.'l~b~Vnl1
datagram 1(i)1.I-7Jm.Ji.'l bb~6'1:'-:(i)l(ii1bbnd~'V::: 13Jjl1'l11~
.. tun
\"l11l--J«l--J~U£d:'-:'Vfl1\1(i)lJi1 bbn'l"l--J'V:::f.l n~(i)md 1~!:JbUd l~l"lfJ'fl~u 1UbbfJW'W~bl'l'B'Wi.'lb!:JfJ1u 'I'lU
'"
(1Ul"lllaJ1'1J1"I1fJ\I
'"
UDP
'"
UDP) bWd1:'-:
"
7.1
~----~
IP datagram ------~
UDP Encapsulation
Il<1li :-----..
UDP datagram ----JooIJ>
UDP (i)lJi1Undl--J'V:'-:f.ln Encapsulate i.'l\l1u IP (i)lWi1bbn"J~iil\lbb~(i)\l1UJl1W~ Encapsulate bUi'l 20 11J~bb'lfl'V:'-:biJU'lJEJ\I IP Header bb~:::1u1lJtil~
~ .... 'IJ 'il
"
7_11\iWb~EJ
9 'lJEJ\I IP Header 'V~WiEJ\lii

'lJ 'lJ
1'i1 = 17 iil1rJ I"lrufll,IlJ~ci'l~ru'lJEJ\l

" ,
UDP fifl~(i)"JU bblJlJ-7Jfll--J.'lEJ~1\1~1 1.11 imJ1u 'lU'II€l\l i V 13J:nn~
UDP
Datagram bb~:.-:iiI\I--r1J-7Jfll--J~'7!(i),j1 Vifi\lu~l!:J'Vll\1 bvhJu -rlJiiI\l1uWl1'lJ€l\l
In 1~'11un1d~dl"l~fllJilmj'umd
I
UDP bfl\l WI\I,xU bbEJ'W'Wf&bl'l-E'u~1'li UDP "l:::JifJ\ld:::~mfll--JfI"h
UDP dJu
1ud 1~r1ml'Vi13Jil bb'!fivdm'Wbl~::: 1lJ11JUd:::nUn1"J~\I-1'U-7Jm;l6'1 1uiil1U~-rlJU"J:'-:
(Unreliable) bbill:'-:"l:.-:Jifl\l bill"1l.Jnill1n :'-:'Vf~nb~!:J\lf11"J H UDP bWd1::: 1~ 1(i)1.I~lU 1 mjjl"lld"l:::
nUf11"J1'u iiI\l1iEJ~~ 1 U bbEJ'W'W~ rl-E'U,xUbEJ\I b~l--JEJl~!:Jvh 111 bbilW'W~ bl"l-E'u~ilI"l11l--J b bbill:::l"llld-.nlnliiEJ\I'lJil\l'.iiEJl--J~JUl"ll"J"l
.)1 bilu 1Ub~EJ\lb~i'i1.l"Jmw
bbEJW'W~ bl"l-E'u'V:::liifl\lb~m 1~11 Uf11d~(i)n1db~fI\I,jj.Jln~\I'V~vll\11U u 'Vlu1i\l"l:'-: iIl(i)il qJ'VfliiLWi bbl'ifl~l\11 dn~lj.J

'lJ "
"
"
H TCP
bbil'W'W~bl"l-E'UlJ1\1U"J::: b.fl'Vl~EJ1'J'V:::13JJiEJ.Jn1dI'l11l--J
'lJ
rlnJiEJ\I'lJEJ\l-7Jfll--JG'laJ1 mrnfiEm'V:.-: b~ fin 1mUd 1(i)l"lfli.'l,j bY;a Ell RVU"J:,-:ff'VlTI.fl1'W m'l~flb'!l'l-i1ill--JG'l b~, 1u nl11~
~.'lI
--
.
--
, ~~•• " ~".<.~ ... -?'~ ;"::~<,,....Iii:...

,~.~,~
~..., "
, '.
..
-----
---------
--
UD·' ITt eader'

<nn1l1'VfYl 7.2 'l:_;d1Ull UDP Header lciilJnTHhvlu~~ii'l~lm.h.:dlE.J'1 ~'IlUl~~'ol'In.J~ 'IlEl\lb~~b~a~bV1thj 811J~b'VhtT'W 1~mb\l'i~:_;VJii'l~~1'l11~'VImE.J~\ld
'1J~
tUYl 7.2
UDP Header
d
lu~ 0-1
2-3
Source
Port Number
'Vlmmii'l'Il'l'W'Wl"IJa'ol(ll'W'VI1'ol'V1'fl"'ol'Ila~ii'l~l(illbbn"l~'W 'VI:J.Jlm~'II'l/'jD{(il'IlD'oltJPllE.J'V11\1~'l:_;dJu~'hJ
e-
ty
,d,"b
::
Destination
Port Number
oiia:J.Jii'l~l~hbbn"l:J.J ltJH''ollu
"
1516
31 8 bytes
1---------+-----------1
16-bit UDP length
16-bit source port number
16-bit destination port number 16-bit UDPchecksum
_l_
data ( «1~)
'lJ!1i
4-5
UDP Length
dJ'WVJfl~~"l:::1J1'l11~ml'I1D\l ,
UDP !?nJilbbml-J ~E1 UDP
Header + UDP data 'II'Wl(;wh~Vl'IlD-J UDP Length
8 'VIl.J1Ut;'ol
~l~lbbn"ll .. 'd':i1LQVn:_; DP Header oii'olbvi1nlJ 81lJLlluii'l:.:1lJ:i1 UDP J U
'1J~
Data b~'W UDP Checksum ~'ol'11l-J~ tl'olUiill :i1 IP Checksum 'Vh'Vl'Wl~(Illl'lf1DlJI'l11l_J~n~D'ol'IlEl'ol UDP (;n~lbbml-J UDP 'l:::bln Encapsulate
6-7
I"Jl_JD~bU'hn(ill:J.J bb(l']IP Checksum
"
tJ~1'W IP ~l~lUml_Jbbfl:_;
"
......
'Il'W'l:::vll'Vli1TVi
bQ'Vn:_;c;rn'lf11)1J1'l11l-Jbln~El\l"IJa-J Header IP
"
bvhtTu l'llciifldtJ1Jl'lfll-J
~{J IP ~lJilbbmmb\l'iD~1-J1~
1i'W'Vll-Jlut;{J'Vlln:i1f\11~NVl'V<lPll~ 1'W~1'W IPn'l:-;1lJf11:l.11"lrlVldl1J
'IlEI-Jv1dJ'W-iial-JPl'IltJ-J (i\1~lbbnd~ IP '<YIn UDP Checksum
"
1~£.,JM1-J
~{Jvll'11iil~(il"l1'<Y'fl"E11J1'l11~rlnJiEJ-J~{J UDP UDP bEJ\l bwn(;h:l'vnn'<Yln Checksum
~l~lbbnlmbPl:::dJ'Wnflln'IlEl-J \?l"jl'ViifEJlJI'l11~rln~tJ-Jciil!J
"
IP $I{JtT'Wn1d
~Dm"lM"jl'il1iiD1J1'l11l-J~nciiD\l1'W"l:::$I1J IP Header 1flE.JHi Checksum 'lIEN IP '11~'ol'"lln'll'W~'olI"iEmvllnT.iIil"jl'<Yiifa1J1'l11:J.JrlnWiEl\l'Ila'ol UDP 1flV1~ UDP Checksum 8nV1'V1U\l
"
b~E1 ' UDP n'V::::i12 iumJu H
"
• ''iJ1~Ul1J
rep/IP
UDP Checksum
32 bit source IP address
~t!;t 7.3 WflmrL'1f'1umr

fl1U'JnJUl
32 bit destination IP address

zero la-bit protocol(17) 16-bit UDP length 16-bit destination port number
UDP pseudo header
UDP
checksum
16-bit source port number 16-bit UDP length data
UDP header
is-bit UDP checksum
-*-
I
naln 1Un1'JYllrll
l'il
pad byte (0) checksum
I
ll'iEJHi~'J1'Vt'H)1Jrnl3-J!ln(ilEl\'l~ihj
checksum ~EJ\'I IP fiEll'il
checksum vfl~'V::.;dJ'Wl'ilN~'J13-J~El\'liiEJ3-J~~'Wll'l
lb~"l::';:W'll'lu~n\?h\l'VlnmlYlll'il
'"
UDP 'V::';Ii1~l~n1Jnl"Yll
lbi:l::';bL1Ji:l\'lblJU one's compliment l.h::';nT'ifiEl
checksum ~El\l IP EJ~ 2
'"
16 i:l~~\'IYl3-J1'l
'"
1
2
~'Wll'l~iJ\I
UDP 1'l1!1hUnd3-J"l::': lJJIi1\1~biiEJ\'I'lln~'Wll'l~EJ\'IGi1u~dJ'W
Data iJl"llll~~'WUlli:l\l
l~~l3-J~'Wl~~El\l~EJ~~'l~\I
'"
fi\'lU~11'V~\l1bb~1 1Jl\1l'il1u
UDP Header 'V::.;:i1~'Wl~ Sl1Jrii bblll1'Wn1'JYlll'il checksum tTU'V::';Ul UDP Pseudo
IP Header 3-Jld13-JblJ'Wffl'WYI,j\'l~iJ\I UDP Header (b18nl1

:t
.<=Ii
I
Header) "lln'WU"l\lVllIi11
~i:lrii~
checksum l'I\1Y1~~Elnl'lYlU\I IP Header ~\lUN~\l1'Wil1Vl

7.31~bbri
:;
0<>1..,.
UDP ,h:J.Jl"lln
Source IP Address,
Destination IP Address, Zero, Protocol, UDP length ~\ldb~El1'11'ri1 UDP Checksum l&1Vl1nl'J
lIld1"li;'Hl1J,Jl1'Wff1U~clll'1rudlYl11J
UDP !1f1811Vl1n1'J11J-ff\l!ln~fl\l~\'I~Ul'Il\1
'"
bbi:l::.:1li:llU'Vl1\1
neln 1'Wnld~d1"lNEl1J
~EJNt'lVl~l{il
1{il~ checksum
~EJ\I UDP dbVim1lumd1JiJ\ln'W~iJ3-JiiI~EJ1'l'l::;~n
un1 ~Yl1El:W1i1113-J NI'lVl~11'l1::;Yll1\'1 rm

bb~bllunl':l!i'1dl'i1NiJU
ff\l usemn
bn~ bYllllrrrs ru~\ln ri111.l ii118'Vl1\1'V::; 1&1'Vl'J1u";i1:i1 ,
'"
"
b-W~\l~l1.Jb~U1b'vh,r'W 1\iW 1U~Elnl'l'lWil'I1fl\'l
UDP mnVl1Jl1
checksum Error li1'11' N1ull ~lU1'I1\1vh nld~\loDEJ3-JiiltTU ba~ bb~lJJ:w rmu ~\l n~1J11.lu\'INff\l bb~fl~1\'11",
''It'ldbEl\l~Vl1 1'11'UDP 1&1iEJ11 UDP b1l'W11.ld1l1lI'1EliilVi1lJ:Ww(1udmVlbLiiI::;bia~alJJl'iiJul&1 n1'JGi\l-1U , iiEl3-Jiilbb~~::;l'1f\'lYlln:wiiflN"'Vliill",1'Wd::';~1J ql1m::;~1J 1Uff1U~El\'l
'"
"
'"
'"
IP b'liuff\'llJJi:i\l, Yl3-J\ilb1i;11 NN\'I'l:::1&111JError Message
IP b1lU ICMP Error Message bbtlib~iJiifl3-Jiilff\'li:i\'llliillU'Vl1\1b1naiEJ\I bb~bn\il'ii£lN\il~i;11(il UDP bfl\'l n~u lJJ:Wn1'Jvwr'W'I'!1mb~\'I1r'1'Vldl1JbbMmh\l1(il checksum
"
"
"
1U1J1\1d::;'l.J1J~Ul UDP 11lHi\ll'Wfl1'i1rl1Y1'W(il1r'1
bll'W option
fim~iJn~'i1::;:W
'l'!1EllJJ:n checksum 1&11\i1UYl"r\'lNiil1'WuJl.l'J::;~'VlB.i1TIN1Unld11J-ff\'loDfl:J.Ji;1'V::,;N\I£U b~d1::;lJ.J~iJ\I bfl~bliill1'Wmdl'l'J1'VNEl1J
checksum
bbiil::;1l~m.lYlih~1umd1JEl\'ln'Wfl1l3-JN(i)~ii11(il~El\'l"iiEl3-Ji:l1'11' u11i1'WDatalink Layer biJ\I
"
"
bllU'1IEJ\I Datalink Layer i\lii1~~ii11ubb~~iJ\lmd'li1m~3-J1l'J::;~l'IBi11Vl
"
7 : UDP : User Datagram Protocol _ •
.'
-
.. ~~
-
---
- --
---
----
.
..
'" It.., ~ "'_ , , ",~.",

~ ~~..... .'
,._t"
--
\Jl
'..j;.!"'
,;
JJ
~-------
---~
n"'ldJiifJN[>l'l/'j iill[>lln[>l~'W'l/'jfJiil"J.Jf11J "'l:::".h1vh":::uu 1[>l!.JJll-JljJihiil"~!.JJm'l/'jmfl UDP i'll'l'V:::!1f~hl Enable checksum liil"d-JfJ
Jj,nT'Wn1'l1i-Jl'W
1'W'vn-.lVl'1'B~ll~h Header l~hJ 20 llJ~ lu~ fJ~l-JhiiMld-JmJ'l.h
UDP Datagram "'l:::il'lJ'W1[>ll(l1~-.l~[>ll'Vhnu 655351ml
1t'lmlU-JltJ'W
IP
ll1il:::dJ'W UDP Header iln 81u~
i'I-Jl'Vf~mhw~dJ'Wo/imJ1iIl'Vhnu
UDP lt11i-.jl'W~TU1'Vfqj"'l:;Hi'lJ'Wli?1'lJfJ-J[>llMlllnJd-J~~lfllld
"
65507 1~!.JYhlt1
1i~~lni?1'lJfJ-J UDP Datagram 'V:::l1fJ~ 2 l.h:::nlJ~fJ
"
Application:
1'Wnl"J-r1J~-J1ifJd-J1iIll(f]iiI:::f1f-J llfJW'I/'j~ll'1'2i\j"'J:::MfJ\1Y'i1n1"J'iiEl\l~'W~
'IJ
mil !.Ji'I11d-J..J'll~fJ1Ih
'VI'Wltll'llld-J"'ll
'IJ
j
nlJfu-~\l1imJ1iI1
'lJfJ-J &h llEJ'I/'j'l/'j ll'l"J!WfJ\l(l11!.J l"liu mn ~

o.dl ~
I 'l,.c I
"
'I1lVl:ln:::ffWl1JfffllW'lJEl.,j 11liil"M lbiil:::l'lruff:IJUM
tilV1U~'lJU1~
~
1 Vlqj lAu ltJn'ii :::1Ihh'fLtli-iEJ-J

.::..
'VI"J€Jn1"JJUff\l'1Jfl:J,-Jiilll(iJiiI:::rlJ-J'lJ€J\llbflWI"I1iIlr1'1.f'W'W'W'1fll'V'l:::MEJ\ln1'l iJl[ii!1fEJ\ln1Jl~:IJ~\l 81921uM : 1\iHJ~1'W1'V1qjmJ'l11 TCP/IP ltiHi-Jl'Wnm:::umJi)uM 64K ~.,j'Vh1'11 UDP fl<ln[>l'lJ'W1~ ltJ[iil EJ ~!.J 1 64K tK\ltT'W 1('1!.J v\'11tJ'lJ 'WI 1>I'lJ UDP EJ\l
i-
'i.J
1if):lJiiI~lUl'W'VI,j\ll'ViltT'W
Datagram 'ii:::~n~':Ji'hlil'Vilnu • 'lJ'Ull>1'lJE..:J Datagram IP
nTl"(f]l\lj'V:::ilnlJr11'Vf'W('I'lJ'Wl[!J']JfJ\I ('I1 t1h bbflJd-Jii\lMf)\lf)liT!.J€J~1'U tJ1!.J1EJ
IP "n!1flllmd-J1'11~lnll
IP [>llAlblm:IJBfli'WVI,j.,j~
••
&~1~~111J
repliP
TCP : Transmissio Control p ...
rep
,
bU'W1t111t'1l'l El iii vi ~l,J"Jl
n 11.l11~1'l Eliii ~'WvimhJt1\11
'WU'Vlrlil'W'Yl1.hd
'"I::: bl1'W1tilll
11.l')1~l'lm~1'W1:::Wi'u IP 'Yl~mbilnd:::~\1
UDP "J:::G'!'W1'"I-lim.JiilbVlV\I 1 ~l~lbbml-J
~.
niil1n'lJiI\l11.l')11'1I'lill!l
"J::::ih1'l11ViVl11"JSl"ElUI'l11l-Jf1n~El\lbVlEJ\lbv.'Vn:::Ml\illbbm:IJU'W1i1Ul\1b~V1 1 mJn'Y
dl Elll
bUWllmJ 'lJ iiI'llM 1'V!:lJVil:lJiiI'l11:IJ«m;r'Whl~<? q bb!ii1i1'Yl'hJ
"
b~El'Y:::'Yhm1ff\l~1W11bbml-J bb1l1l-J~'W (m1~f)Sl"11 1 I'lf\l
FlU-lim.J1il~l\ill 'iJ
~\lHIbVlEJ\I ~m iiB\ln'W Sl"l:;.n'fI

~f)
1 ~l~lbbm:IJ)
rep
bb~1'Y:::bl1'Wl1iiil:IJl!lJ\.lbiJ'W
iin1il1n 1lml1t'111'Yl!l"1lU~,Jtil1'Wff\lbbl!l:::~1'W1'u l!l"11Fl'W 1~"I1\1~..:J"I::::il nl')l!l'\l1'u"ii
bYiil1r1bb'W1"1l1~\1 2 ~\lilI"'l11:IJ'I'l~iI:IJbbiil:::
"
stream ~i1iiI'l11:IJ«l-J~'W1l
€I:IJiii bn ~~'W 'Y'W~n111'U - t'i \I'iJ El:IJl!l u ~1 ih::::iJ nl1~'W U'W
1'l11l-Jfin 1M i1\1'Vl l'lf,J'lJEl·.ml1~i1G'!11b n 'iJ 'I ~nJolf.lJ:::b'1i'W.Q m,~€Iii111ahv bUI'! b11"nt1\1Fl'W (connected)
vlEl1'1J1.l1:::Fl'W llii ~\lbiil'~El'Wl1~\I
"
i1l-Jl!lvl1'u-1!l'\lcY'Wfln ~ €I\1t'1,)\ln'W~\I 2 rhJ 'i.I ').I 2 Nl£.J~ElNl£.J1'Ubbiil:::~hvci,J1~'Yhn1'~f)iil1£.J
"
~1 £.J
rep
Vliii elM b11il1Yim,1'lJd\liiEll-Jl!l"'l'Wn1:::~..:Jn11gi€liill,)~\I'Yl:IJ~bSl"1"'l~'W~,J
"'l:::'Yhn11tJnb~nn11b~Ell-J~iI1r'Wb~£.J a11!.!nl!l1n.yjn~11t1\1iil..:J\il'W n111'ut'i\l bb~ iil:::l'lf\l 11l-J~\ln11:iJ
"
rep rep
~\l41bU'W~il\lH
IP M1W11bbndl-Jmnnl1
1 ~1~hbb1l1:IJ1'W
b~M bMEl{.yj'Yi'l\11'W«l-J~'WTIn'WbYiElI"'l1UI'l:IJn11~ElN11~\I , bbiil:::.ff'W1'! l'W1'W E n1't'I..:JYi
Nl!.!1U-~1I'.1d\l
uae 1'Wbb~iiI::: IP M1~lbbml-JYiHrl1UI'l:IJcY'Wih:::ii~\lm::: , Wi'\I'Y:::n~111[i1viil:::b~EJ[i1~i111.l
bb ti'Wil'Wbbiil:::«:IJ~'WTIn'W~1V
lCP Services
~Mb~'W1.l,:::n11dlI'1Cl1'1JB..:J 'lJEl\lm1gimn1-1t\liiI'l11:1Jb~El1iEl
rep
.yjmh1i1..:JEl~bN:lJEl~il
1'l11:IJiibl!l"~U1J11'1'lbbiil:::1'l11:IJ~nLliEl..:J iiiia~Wi'..:Jmhd~a
HiN,J
" 1'lf.lJl!l":IJ-u~Yl'VhI'll rep ,

"
"iiEl:IJ1;'lYl"l:::ciI ~·h'W \
"
rep
"'l:::flm.11:1J1 bbVlmjil £.JEl ElnbU'Wt'll'W <? r1:i:hJ'W1Mb'V!:lJl:::N:lJdl'Yl1Un11 1

I
d..:J1M!.!
rep
q
"J:::bu'Wc;hrivl1f.lJ1l1'1J'W1Mb'Vll
1('1"'l:::Y111'1in111u-ff\ll1'Wiil.l'"i::::a'Vl5Jl1'1'l
bbl!l:::
'\l1b£a1im'!\lNM "ill
1M£.J-liEl:IJiilbb~l!l:::']jMV1 mJ\lil€lnbbiil:::Y11n11d\llMEJ 'iJ 'f
rep
bbt'liil:::r-rr..:J"'l::: b~£.Jnll
tee
!"1fn!:J.JtUR t'll,JFlU
UDP Yibb€l'l'l'l'l~bl'li'W"I:::dJ'WNnTvl'WMll'lJ'W1M'lJa\liimJiilYi'"l:::ci\lii
'lJ'W1Mb'Vll1('1 bbl!l:-:1:lJiJiiEl41n~~11lJb'VhVil:lJbn'W'1i'Wl~'lJEl..:J
"
UDP m\illbb1l1:IJ
(64 K)
"
u B'I'I'I'I ~ bl'li'W ~ il..:J bU'WN,::::U'lJ'W1 M'1iil..:JiiEl:IJl!l bEl..:J~\I€ll"'l"'l:::1:lJbl1:IJ1:::N:lJd1'V!1U n11ci\l
"
"
rn~
~'I'll~wrl.;j
'
,:.:~.-~
~.
•• ' ,!
»; ~
~"i~!:""
-- -- ~--
'-'~~,
---
'<. :
--
,0'
---
-- -
--
b'li'W Vnn'lJ'Wl~b~mAwhJfl<,l:'::'Vh b1J'W«~al'W~~p
1vhJ"J:::&'VITIm~ 1Wm,a\lfHilfil']b~'1:::'V:::~f),n&~ Vl'1illnn'lJ'Wl~'lJtl\l-liD~f.ll'Y1qjbn'W IP ~1~lbbm~b~f11
overhead Llln'"l:::vh 1V1
b~f) bYimJnlJ'lJ'Wl~'lJtl,]-lim.Jfil
IP .fi\lf)~bmf1D{~1f.l\lL1I1~iill~T1b1~l'lili\lL~'W ~
bbf.l:::i'1r'Hil1V1rlnbb'l'J"Jm~'Wl'1 ~
TCP Segment
AU MSS [Maximum
Segment
Size)
t'I1'f1 YJ rt ~ ml ';i:::fl1'i'Yfrl'l~vh fl fh'lilU'i:::~'iljj
111rnHlTl'llJ
V1
TCP ''15fl b~:W';&U ~fl 11iltlv(11tJ rmrh'l1'W ~'U'Wl 1il'!Jl'l 'lifl:lHl~'tl::: fl~ f
fll':i~'1a ~ Ll.'lLtJa j~ll.'l'l
f11~,r'WiliJ'tl:TI tlftl ~ t\j ~ a ~a flG'l1'I1 'Wfll'i~a Ufl~1atJl.;j!'Ii'W
Iil bfl~ rrh~

Ethernet fllJ
H'fl~~~II'li'mmJTHli'lllJl'l~M
1'W1:::1i11JDataIink Layer ~Ll~flliil'lfl'Wilth.;j
Token ring n'tl:::il'U'Wllil'!Jm MTU (Maximum Transfer Unit) ~"]LL~flliil'1fl'W 1i1'1,r'W'I11flil1LLilWI'l~Ll'lt'W!~'W

(lI1fhl'rw\i1'!J'Wlli1'UV'l'lia:Yi1fiBl'tl'tl:::vhil11i1~r.Jl.'l~m~1:;;fllJ
Network 1I1J1J'I1rl~ nlii'l11f1 Datalink Layer
1" I" ~.?1 J{ 1" Lurt1J'W uf1'tl:::Lf1Ii1Ut\j'Yfl'IJ'W\i1

" l,d
TCP il fli1! fli1\i11hll'l11l'11,h;11Iiltl'tl::ilfl1':rM1JfIll-l'U'Wl~'1JM'liil:YCl~ Segment Size) Aa'Wm1!~ml'liJil:YCl

'lJil~
L'I1m:::"l.J~
!~1J fl':h MSS (Maximum
!iiialr1tlmEJ:vll'l\ilV1Jf1~1J1.1l!~~l't'il~1';i~~'tl:::'I'llfll1j1J1;l'l'lifl:yahJ'!J'Wllil vhfl !:lJ'WWio/l~fll~ 'YflflUCll V1'11'Hi1'W~1'llJml.J11f1'tl:;'I'l1'1~n1J :::a'll'h
MSS
1~Iil1JllJViil1'1'l1fl11bb
MSS
2 ~'l
fl~1Jm1m'W'!J'Wll'l~a\i1a1 lliluv(11lJi'l1
~1t~~'I'llfmj1Ja'l'lieJ:Yfl~tl'\.mr'!Jil~
Segment
f,hw!'I1~I~Hfl~l~l'li
t~l'hfi'1J
MSS
~\Ilflfl'lfl'W'i~~'l
MSS 'D:;;LVhfl1J'!J'WWltlfl-l MTU - IP Header - TCP Header ~'1n~fJ'!J'Wll'ltJfl-l

t11'r'lj1Jfll'ia'l IP Header, 20 l1JWtll'11j1J
MTU - 40
.r'WW'I 11ilUi'l1 default 'tl:::rvhfi'1J 536 'iml lP Datagram ~.;j'Yfl.JI'l1J:;l'VhfllJ 576 !1J\il~tJ !lJll1t11'r'1j1J TCP Data)
Local Network ('I'lllr1'lJ'Wll'l'!Jtl'l TCP Header, 536
201mlt11'Yfj'lJ
1'WnTlg\liieJ~f.lbb\lif.l:::I'1~\I'1IeJ\I TCP '"I:::ilfll"J~lJb1'fnH1a~m~tll€l1Vi€in~\I'I''!1j\wleJlJ~'W1J'W nlJ~1Jiim,J
~an
~1Jm
'111 nfi\l bJiillfl1t\'W!il~-litl~
iill 8'Wn~1Jm ~iilI'l11'V:::11-.111 U1'1l\1bbiil:::t>lEl1J~'W
bb(;] \1hjilm,[1lEl1J 8
n ~1J TCP 'V:::~El'hiim.Ji;rv1 ff\l111tT'W 11\1'lJi111J'VI1'] bfil:::'V:::vhm,a \I 1~ i b ~

"lWl £\lfilVnf.l1flih:::Yh1Vinll~1J-g\l-liD~f.lVJnl'l~\I
iiEl~f.loJl 'r'I1mmb~hnl1Wi~lii€l bb€l~~~ bl'1-E'W Nlmlnml1J1~':h-liD
~iiI 11\111f.llV1'1l\1'111D~ eJ~1-J uuu D'WLl-iilii€l~ f.l1~ 'l~ff\l L
~h'W TCP
ufhL~1'1JlmHll'W:::'1ID\lnlla\lI'l~\ltT'W
'}J
3 4
'VIn'liP\~..;ryj TCP lcH1J-limJiiI'Vln€inN\lviif\l'V:::~f)\lvhm,[1leJ1J~1J~'W8'Wn~1J

'I
l11u\lN'd']w~D
~
.fi\l'"l:::G;HWll'la8..JnlJ-liD 2 n~11~eJt\ln1~ilnl1[ilD1J~1Jn'V:::n81111f.ll1J1'11\1L~1fif1Jiim;lf.l TCP il checksum .fi\l'"l:::I'I'€l1JI'1ii1~-0'\I TCP Header bbiil::: TCP Data b~m1J'Wnll , 1JEl\ln'Wb'ii1:::[il11'ViiJ'mrhiim-liilyjili']~lJ'Wnn~tJ\I ~ ~ lcii~1Jiiil~fil~vhm'l;rn'ViilEl1Jn1J checksum '"I:::v1..J-litJ~filVilfi~1JbLf.l:::'V::: l~rllnldlilf)1J~1J-litJ~ii1J'W ~ ~ -litl~f.lJ'W b~D 1 V1'V11']~11JBiIi\lrllnl,d\l1 bbtl~~~ bl'1i'W1'1l\1~l U~ iii\I b~'WN~l'Il' bbf.l::: 1~1(iinn bbnL'lJ1::: wh \I1'11\1 'I11n TCP ~ bbG~b'lJ'ln!rhi'1iP\Jl~NI'l'I/IJiilll'lbnVl~'W TCP n~1J 11J u..JN'a..J ~tJ fif) biiJ'i1f)'W';i11~lcii~1J ~ Lbn1'1llill~bblii
t\:JJ'r'I1D'I11-liD1Jn~1tJ\lLbf.l:::~tmn~
••
£"i7~:::111l
TCP/I~
b.QfJ\I'Jln TCP fJlr1fJ IP 1'Unldci\lim.JG'l .fi\l IP bfJ\lm'J<J::;C1n <J'mb~'Wm~ bbG'l::;Vl1 lif ~ ~m -1im.JG'l~blf1lb'l'ldm~'WIIlJ'Uci\l~\l'lJG'llfJi'11\11'U~h'11JVillJ'ln(i1£h,1~ 'VIihvl"lJa\l TCP bda1u OJ ~ ~ -iifJ~ G'lvl vhn bJ..J'UMmJ'U'J::; u liifJ.Jth-1ia~G'lbb~G'l::; dl'W).J11Jd::; audlwl''U n
'iJ IU
1ifC1nliifJ\lL'I~1Jdru
'iJ V
ria'U'J::;ci.J11l1J.JApplication
Layer ~a
11J
Datagram J'Ublnd\l'1h~''W1Wi TCP vl1uifJJ..JG'l
OJ
'IJ
6 1
n1dci\l-11J-1ifJ~G'lWilfJ IP em'l::;iimruvlIP
"
.Jl~\lmhl-.y::;~fJ.Ji'1'J1U':h
d'J'U IP Datagram
~.JlbbG'l::;1~th'iifJ~tilJ'U 1111-1i\ll'W ~ l\!1rJm'jmul'l~'ii'<J::;MfJ\lmr1~

"
TCP iintil1rH'n1Jl'l~m'j1'V1til"lJfJ.J-1im.Jtil (Flow Control) rllr1lJ"lJfJ\ln1'j1ud\l~C1nMa\lbbtil::;ff~~'Wlin'W«\1

v
'IJ
'"
~\I
l'U'JJru::;b~rJln'W'iia~til~d\lJ'W'iJ::;MfJ\I
~
mr1~ IP 'VIG'l11iI1Ml bbn'j~~.J'J::;1tli-iifJ~till'l'jU«\I'V1~W' r1\1J'U ~ 1'Umd11Jiia~ G'li'11\1 ~1~1lJ~\I MfJ\Ibl'l~fJ~u'l'l b i'JfJfll<J'l'Wl'W'VI.Q\I b~fJ'H)11J-1ifJ~tilUtil:::dl1Jdl~ifJ~
'iJ '1.1
G'l..r.J'ljl"lr1fJu1'Wui'Jbi'JfJ{
q 'iI
rifJ'W~<J::;'I'l1m'j~~ b~U\I'iia~G'l l'l'jl'iJ~aUI'l11~bln~fJ\lbbfh~\Id\l~a
b'VIl'lc-J G'l n~11<J::;b'I1'W r1\1 1~11"lJ'U1\il"lJfJ\I-1ia~G'lill~Cln<J'1 ~~"lJ'Ul\il"lJfJ\I\ill(lh umu 1wr -1ifJ~l;'l~ n

~ 'lJ 'U 'lJ
"
"
1utr\lbbfJ'V'i'V'i~bl'li'W ~lU
d\lfJl'J-.y:::ii"lJ'WlIi11mU~l nfJu1 'U'VIl;'llU~ltlil bbm~n biJ'W ~\lJ'Wb ~fJiJa\l n'UnTJd.J'iifJ~G'l 1M "lJ'Ul\!11'V1qM~fJ ~l dl'Ulu'iJ'Wvh 1ifi'11\1~lU11J llJii'Vl'1-11~"m~<J'lbwu.J'V'ifJ~'Y::;dJ'Wui'Jbi'JfJ{~ b ~n'iifJ~til
IlJ
"
"
mdd\liia~G'l~\IC1n41n\!ll\il~'iJ::;fl'Ulml'l1r1vhm'jci\l'iifJ~G'llfib'l'h~r:Jlu1'u;jj
'iJ 'l.I q ..., ~
u'l'l
'" t'Vhl'~b WU\1'Wab vh'l1u
lCP Header
1'W TCP Header
'IJ
'J::;b~~M'Ul:::ll'~'VI~lmtil"lJ'V'ia{l'lM'U'Vll\1bbl;'l::;'VI~lmG'l"lJ'V'ifJ1l'l1lG'lIUi'11\1bb(f]
•
5'W~<J~\lbb~liia~G'lflndl'U'VIif\l~Hfl'Un11~fJL'll'j 'j::;uv'hm'li'Wnu
'I
~fJ IP Address
"lJfJ\lM'U'I'll\1bbG'l:::UG'llUVll.JnliifJ\I ..r\lrl<J:::fJ~lu
"IJ 'lI
bb~lfi'ln
'iJ
Encapsulate IP Address
l11'Ubl;'lb~a{'lJEl\l IP bbl;'l:::rl1'lJfJ.J Address IP
IP Header
dl'UA"lJa\l
bbG'l:::'VI~1~bG'l'lJ'V'ifJ{l'lJ'W-.y::;b~un11 "offDf'lLn(fJ (Socket)" .fi\llu
m'j~a al'jbb~G'l:::~~.J'iJ:::MfJ\!ii..r\loliB rt di l'l'lJB\lM'U'Vll\1bbl;'l :::Ul;'ll ~i'11\1iifJJ..J bin 1u ~ ~G'l~.J'iJ::; ci\l- 11J Clnvluse ~ C1nbbB'V'i'V'i~bl'li'U dlUI;'l:::LflEJV1'V1Ulvl'lJa\lbb~G'l:::Y1G'l~'U TCP Header ~ Source ii~\ld
Port Number : 'VIm~fi\I'VW1l'lffi!:laMM'U'I'll\11-li1'Unld~ElG'l'ldnU'lJfJ\lb"1Jai'Ud bbG'l::; TCP/IP -.y:; -1i'V'ifJ{l'li!lU(;lG'lfJV1l'l'jl1J 1 lViVinl'j~ElNl'j

''If'lflWUIJIWD{(fJ''
l'Ub'il~i'U I'lil
d1J\l1~~~I;'l\l lli1uvfl11J'V'ia1l'ld-.y::;biun11
't'lil1l1lVill"ltil bB'U1il L1J~il'U~l b~milnl'jl'lilut1J'iJlm (lh1'jllil"llnfil'l'l'l1-l"lJEl\l
'li~i'J blfJ~
bb,:lln lnl'lvl ci-l~l'iJln 11'ltilbfJ'Wmu if\!
b'li{'If!ll1B1) 11'lG'llEl'UIIl'V'iil1l'l'Y::;il'VImubl;'l'lJ mjUEl'UUG'l:::b1J~U\..,i 1:0 1u 'I'lnl'lf\l~iim'jb~~n1'jb~fJ~c;ifJ , nmffu'1 (ephenumeral n11~~~1'j'lJfJ\I'j::;uullilu~nTJ
1'V1~ dJ'U'V'iil1l'lvlblmiJ\!I111 'Ul::;U::; ~

port) rll~dJ'U 1111fi'lJil\l'V'iil{l'ldiT'Uil~n1J lunT'H'h'Vl't)IiI"lJEllJl'1ll'l'lJfJ\I'I"W{l'l
"
b 'VI~ld dl'W mu-.y :;iirll~m1 U'l11.J 1024-5000
"
8 ': TCP : Transmission
Control Proto~ol _
. ,,r::
· .."
••
'-+'
--
,_;,~,.,':,~-,<~~~f, _, '
--~-~
~---
-~--
Destination Port Number : Ylm!.Jfi-JVlmmfl'll'fil~1(1l1J'U
1~fl"#i1iflltJ'YI1-Jm[!i'l"#iM'U'VI1-J
~~\I nTl~(Ilvi~ ciil!.J 1(11 mTu bU~l"l:-;Vll-Jl !.Jfi-Jbb8'fi1'fi1~bl"liuv1L Vi1J~nl'l a ~lJ'W'fiI~{(I1,r'Um~mM1i WG-Jll
iii 1 !.J'Vll'l'tT'Ub~-J 'fiI El1(11ii"l:-;b ~tJn~n
m.i1-J
"dHw!]f){Wfrfm" Vlmmfl'll'filfl{(I1~b1Jl'l
H'V:-;~'UEl~n1J
bbEl'fil'fil~ bl"li'UVi1 Vi1J~nl".i 1(11tJrfl1tJ bbEl'fil'fil~ bl'1i'Wbbvi iii :-;tJ'l:: bll'Vl"I:: ii YI:l.J1tJLfl'll'filiJ'f(l1dJ'Ul.J1 (11.i!!l'WfllYl1'1J 1 'I111'1flLEl'U\ii1$ib~!.Jn ilJ~m".i " Sequence Number : blJ'W~1;l(ij~':-;1Jfi-JYll-Jlmfl'llihi'iiJ'vttoiifil\lD-J
"
1'Un1".i~El('l"l".ioJiEll-JflbLvi "
" ,
1;l::::l"lr-JbyjEllVi~-J 2 NltJ'V::::1M1J'YI".i11J(I1".i-Jn'U11dJ'U1Jm.JiiI'lIfl-J'1Jl'l 1(11 nl".i1.1111i1 i-J1 'W"l:-:1$i1:J.i1i ::::1i'Un'U bbt'!::iiL'llfl1JV\ ~n~~\1 bdfl-J"llnn1".i&ml1joJim.Jt'l~l'U
il~qJ'lIEl-J 11i".i1(1ll"lflt'l1:J.i~-J'VIvfl'U11in11oJifllJt'l1'U TCP Header ".ill-J1t.Jfi\lnTlvioJi~l-Jfl1'UbLvil;'l:::: TCP Segment
"
TCP ,r'U~-JYll::bbiil::::,hfl1JLll'U1h'W
Lb'V'l'lnbl-J'W(Il'1'Ubflb!.J~{'lIEl-JIP ~l'lI;'l\l11i vh1VioJifll-JiilblnbbD-JElElnLbiil:::: ('l'\l1tl1'U f'11JluVil:lh 1tJ\I n'U mn1lJii"ll'lEll-JD.J'lI El\loJill.J G'Hl"l:::: 1!J f
"
Ell'V'V::::rlnvhnl".i
"
""
'iJ
"
fl"ll.JT'Jmh'WoJimm
ij,)
n~u 1'VI!J1~ElVl\l fjl.J1J".irubbiil:::b1n ~ 8\1 nl"J('l'\I
oJifll-J ue :-;m'l(llElufu'l:-; I;'l
"l:::1Mms'lElVl\li;l::b8tJl'l1'U1JVlvlEl1t.J
"
1iVJ I;'ltiidbll'U~i'11J'WiJ'W·J:".:wil\l
'i.I
n'Ub~j.J fl :E\I
turf
Encapsulation
8.1
i<t------IP
datagram------~ Segment ---~
~fJ~1ffJlJfI
tee !W IP datagram o turf

rcp
8.2
t+---TCP
TCP Data
1516 1e-bit source port number 16-bit destination port number
31
Header
32-bit sequence number 32-bit acknowledge 4-bit header length 16-bit TCP Checksum option (1:11 i'l) number 16-bit windows size 16-bit urgent pointer
I
20
data (1:11 fi)
II.
'~1:"i:t1JV
repliP
Acknowledge
Number : vll'YlWl~b'li'Ub~l!nnU
Sequence Number (ihJn'U(ill\l~dJ'U nif)\I'Vln
Sequence Number '71\11m'UnT~l?1f)lJ-rlJ mill~f)
Sequence Number «t1l1'Unl,iil\lEi\lJ'UN~b~~~\I'iim.m'V::: Nril'l"'U~ b1il'lJ~'WJ..Jl ~\lltl'l'l~f)~ U1il::: UMfil'VI-rlJ ~h v~nn~l'lt'ifl eJl\lEi\ll'Unl,l?1flufub'li'Un'U
"
nlJ nl'~ahJ
"
rrn b~m . Jt'ii'lQ'l%\l1'V1JJ
"
b1J'U
"
n~l b1J'U~f)\lri'l'VI'Ul'l'YlJ.JlU b1il'lJfil'VI-rlJ 11 1 I'iT~f)~l'U
~fl'VIJ.Jlmfl'lJ«t-1i81\lEi\llWnl'il'lf)lJfui1 Number uaz Acknowledge
"
Acknowledge tln&ifh"r\ll'U
Number n Sequence
Number 'V:::~fl\lv:i'Vl'irul1.l'i:::nmJ TCP Segment l(i1
nu Flag ~.,j'V:::al~1,mbtlflQ'l11~'VIJ.JltJ'lIfl\l f)~l.,ja~\!'iru Header Length: 1m.JtJnArll1~Ull'l1f)\I ~m, TCP
Header 'V:::LvhnlJ 20 llJ~
wMh'Vl1n
Hrh
Option m'V'V:::vlllY1'l1'Ull'l'llf)\lb1.ll'lb(;lfl{tJll~'W(;ll~'iif)~fl Option J'U bbt'i"r.,j'VI~I'lLb~1'V:::1JJLii'U60 lu~ f)nrlrua:J.Ju~'lJf)\1

Ii
~
~~eNbVi~J.Jl'Vln Flag:
"
LlJ'Uiif)~1ill 'U'i:::#IlJD(;l«t id'j'U~lU
"
Segment ~ril~\I~.,jf)~tT'U
. ,,'U
~
use Hh1J'U~11'11lJl'I:J.J~\I'VI1:::nldf1JQi\l
I
A. ' . ...,.. ..... .:,;
TCP
'lIfl~1ill'lltJ
IV
I"Il1:J.J'VI:J.Jltl~\lil URG ACK
"
'lJ\I Flag 'Vl\l'Yl~\9l:J.Jf)tJ U(;J "(;Jfl:::1JIIl:J.J'1!mb1il:::~ 6
<=>I
"
bba(;l\l'.ll'iifll;!fll'UVJflWi Urgent Pointer tT'Ul.h~ll-1i\ll'U bblll'(;l,rJl'iifl:J.Jfll'UVJflWi Acknowledge
1~
"
Number '111m H!,'I1'U l(i1
DSH
LVimb~\I1ViNflJ'iif)~fl'Vl'i11Jl1m''V:::~\I'iif)~1il bbfl'l'fI"l~bl'li'U Isu b~l
"
"
"
Segment illtJiT\I
RST SYN
FIN l'ii1 'Unl'ib~:J.J ~'U'lI a &i ;ltflflnutJ flltl'Vll\l (
lid\! b Vimb~\ll
VitJfll tlVl1\1'Vl'illJl1tlAn1'iAl'lM
f)
rilwnE)oiu
Flag
Id1N'illfll'U TCP Header ,r'W'il~1.h~m)l.I~l£JWrtiilill.:].,mh\lY1'ilJthw'I'Jflrlf\l'!reJ'lf1T~-r1J~'I 'h1N-r1J'vl'nlJ~lifflJ.mllil~1-H.:'J1'w!lrl:::ifB~rl'l1il1l-l1i''l1'WI'liW Acknowledge Number

'lJ 'iI IU ~
l'W'tIru~b~tnn'Wn
m'il'il~ilifBl;!rllJl.:jWrlii~1l-l~1 1;j'WIli~J\ll£hjlJl'l'tlru::: (1lIilnilifBl;!rtfl ~lWWrlii) J1\1,r'W~\lIliB\lilFlag !~flll~'l

'i):::
1lJli'.:jl'Wl'WI?1B'Wb~~Ili'W
'tIB'lf11'i'tlB!~Bl.J~B li'W'I1~ltJ~;Jih tJ~~lJ'1l-lllifl~'l11ifBl;!rtl'WWrtr;d11.hh:::ln ~ Nrtllil"1 !l1il1lJ1~'VImtJ~dl:IJ~11'W 'lJru::~ l'il1l-l1i''Il'Wb!~1'il:::1lJiiifBl;!'i:'l ml~'il~'I~flil'lifll;! rltl ~\i11~tlfl~iLlW l;j'W'llBl;!rt~ If]~~'W!B'l iffll;jrtlwWrt ~ d'Il-l1~ ~flfil'V1'Wlill"h'H~'1mB f11rulJ'WI'hllil"1 n1~~'1l-lm~l'H1Y111il'l1:J.Jl tJ 1~ lbrl:::'illfl f11~~ TCP Header ii 'tI'WllilY1-l~ 11.11i1 J1.:jt!w~.,juiiifm.Jrll'WlJl'1VJrlii'il:::li''l1'W'VI1fl1l-lfhnlJ ifB1.J'i:'l,r'Wn'il:::f1flri.,j~.:jtlrlWll1\1 20 !~~fl ~ ~ ~
8 : TCP : Transmission
Control Protocol _
',~
-- -
-,
--
---
Window Size:
btJ'W'lI'Wl(i)'JJEI\lnTl~iJ-~-J-1i eJ:J.m EJr:J-¥U<iI::: ~ 1'WbLlii~:::A#\I~V11\1 ~h ~ ~1:1J11b\-r'!J
1~b{jEl-J~ln
1 'WnT;j-¥'!J-1im.J~,r'W VI1.,JN-¥m:JiEl\l
~(i)b(i):g1:J:l.J11t.ilEJAlla.J'h1'WnT;jvrn-1im.J~Yi:lJ1~ln
'IJ
"
"
TCP bb~:::vhnTj'
Demultiplex E1E1n:l.Jl 111nl~lJn1d(i)n~-Ji1-J'1J'Wl(i)YiVll\1~hl:Jf'!J ~lmd1:l-¥'!Jl(1f ih:::vh 1V1md~eJ~1101iEla.J~ 1.J~a.J(i)~
"
~:::Ul:::a.Jl~N~l.J~'W Checksum: Urgent Pointer: 1th:::1Jl1a.Jlm~'1J ,
~-J~:::N-JN~1V1~E1-J~-Jo1ieJa.J~ill1~1I:JA#-J
bb~:::r:hEJfmn'V
"
Sequence Number 'lJeJ-J TCP L"1lm:l.J'W~~l~(i)V1 ,
mj1'Wl'11a.J(i) Urgent
"
Option:
-1iEla.Jm~:l.Jb~a.J~-J<:j:::m.i1'W TCP Header b:iiEl:iln1d~\ll'h
" 1Jl\1eJ~l\1V1~E1-Jn1JiEla.J~b~:l.Jb&ll.J~-Jhj:il1'W "

MSS, Strict Route
"
option
TCP Header b'li'W
Con_nection
ttl;;
Connection
Establishment lI~a:'Terminati'on
10.15.14.1.500 B.3 segment 1 10.15.14.2.80
Establishment
segment 2
segment 3
rieJ'WV1 TCP '1:::~lm1r:111Jci\l'iJeJl.Jtill~<:j:::MeJ\I:ilnTl~m'lJ'Wl 1Vi:il Connection bn(i)';'WriEl'W b'lJ:gUlH~:ilfl'WrnlliieJ~lEJ'lIEI\I~-J Connection H(1f\l,1 1(i)mu(i)
"
(Establisment) 'VI~eJrnl~11\1 2 ~-J1Vib~E1l.JCi\111'W~\l1UI1(>lAEItiI
TCP l(1fnll1'W(i).ff'Wl'1E1'W 1'Wn11b~a.JMU~~1\1
1 2 3
bA~eJ\llAtilbElU~"I:::'Vhnldci\lb'JJm:J.i'W~
,
SYN Flag d:::lJ'VImmtil'll'V'lEl{l'1~LiiEl-JrnJ ,

'!J
~(i)liifl1J'WboB{wnEl{bb~:::1:::1J'V!mmiil'JJL'h(1f1J'JJEI-J-ilEla.Jiil bA~E1\1boB{vJb1eJ{dlEllM1JiieJ:l.J~b'JJma.J'W~"Iln-1iEl 11J~'Wiin
(ISN - Initial Sequence Number) ISN
1 'V'I1E1a.J~-JJ:::~11:l.Jlmtil'lJ~1(1f1J (ISN) 'lIEl-J(iJ'Wbfl\l bbiil:::bl!(>lSYN fllJ ACK Flag 2 n"l:::'Vllnl'l(i)eJ1J1'!Jn~1J 1'lJ 1f?'lEJn11
"
1 n"l:::l'1E11Jn~1Jlihurn1b~l.l~1
vi11ii
liPltilbeJ'W~b:iiflla111Jrn'l(ijeJlJn~1J"Ilmil{wbleJ{(i)1a.J-1iEl b~:J.i~l ISN 'lJEI-JbMwblE1{~'WBn
1 bbtil:::bl!liI ACK Flag
••
~'11:'i1:::lJlJ
rep/IP
b~tlr.h'wnT'jl;'l.1jl..:J connection
~ ~ v
vr..J3 .fful'ltl'l.mfh
I'ltludvr..:JlflG'lbtlU~U~:::b~{vhli1{ltl~£J'IJ connection Ju
bl;'liitlul1nldb~tl:JJ\9ltlCi..:Jnubl~h ~l:JJ1dnN..:J--r'IJilB:JJ~nu
"
1~ [;l~iI~"Iun':h'V:::iin1d£J~ ,
l~tJ 'irUl'ltlUVl..:J3 'l1Ul~f.Jnl1 "Three-ways handshakes" mw~ 8.4 "I:::lli!l~..:J1~~;(U1.tn'l!tru::: J:::1111\l1!J~~ 10.15.14.1 hostname.port "IlnWB{l'll1:l.Jlm~'lJ dJUn1dlll;'l[;l\l1'r11-t1u.ffUl'lBUnT'j 500 'Ylll1Ul~d'Jull'1i.ml'W[?)fl\l
N"~1\1 Connection
Alff\lhJv..:J1!Jl;'I[?) 10.15.14.2 Segment1 :
WB1l'l 80 '1i..:JllJUl''j'IJb~{~l')a{1L'l£J'Vlniltl~~tl~'IJ1£Jllii~..:Jd 1!Jl;'I~ 10.15.14.1 Hiwll{l'll1:l.J1mi'l'lJ 500 buull'lmBuvlwll{(OJ
1~
N\I~bl!bl!lrubVitl'lJm~:l.Jn1db~B:l.Jl'iB 1~£JnTHoll~ TCP Flag SYN ltl
V\I
10.15.14.1.500
10.15.14.2
WB{l'l'l1:JJ1mi'l'lJ 80 :iJl1:l.Jlm~'lJ Sequence bVi1n'IJ
10000 10.15.14.2.80
tuft
Connection
8.4
Establishment
segment 1
segment 2
segment 3
Segment2 :
1!JN"vl1 0.15.14.2 l~[;ltl'IJ-r'IJn1d SYN 'lJtl..:J10.15.14.1 1~£Jm1g..:J ff'ld'ldlrul'la'IJn~'IJltlir..:J1!J~[?) 10.15.14.1 l'1:lJ1tJb~'lJWiI{l'l 500
1!?lmolll'l TCP flag SYN usz ACK 1u TCP Header bbfl:::Hi l1mmi'l'lJ Sequence bvi1n'IJ 20000 bb~:::l1:lJlm~'lJ Acknowledge
11'i1n'IJ 10001 (10001-1
10000 11:l.J1tJI'l11:JJ111lJUn1d(OJEl'IJ1'IJ 10000) bli!l!?l..:J"h1!Ji!I~ bu~h 1vw
n11'I1tl'11tl-JSequence l1mm~"lJ 10.15.14.2
I'lB'IJ-rllAl'lJm~B:JJ\9lB'lJB..:J1!J1i(~10.15.14.1
"I:::HiollilrlbnllldLun1d~iI~1'1\9lil1tJ Segment3 : 1!Ji!I~ 10.15.14.1 'Ylln1duuiru1'r1 b~Bl~111n11(i]El'IJ-r'IJ"lln1,m~ 10.15.14.2
i1
'Vldl'IJ"hl(!i1'IJmdI'lEl1l111uil11~£Jmdg..:Jffbl!bl!lru
l1lB1I1tlv..:JWf}1(OJ 1!?lmolll'l TCP flag ACK Ufl:::Hil'1:JJ1miil'II 80 Acknowledge 20001 (20001-1

= 20000)
8:
Tep : Transmission
Contral Protocol _
., .
:":.,. .. t
~: • '-1. ~~
--
-r-
•~
--
"',
-
¥.
;_.
--
---
---
'Vltt\l'l1f1m::;1J1'1.JnTl~1'U1tl~\l
3 L"iim:l.J'U#ibb1lilbb~(91\lrhconnection 1~nf1~(91«\lb~VU~mJ 10.1~.14.1.500
bb~1'Vl~"]"~llmr'Ur;~l:1.11'Jn b~l-.I~il~1'J1rJi l(91~n1'J&il~Tl'I::;m.n'U-lim'lbiiM'1Iil\l ~ 10.15.14.2.80 dlWrmlf1v11flVl\lt1 b~unl1 1~~#i 10.15.14.1 l!'1~#iM'WbfJ\l11riflu "active open" Nll1'rU
~-7
dJ'U~1b~:l.Jf11'J~(91l?ifl'l::;rJifl\lbU(91'Wil-l~mtJ 1'U biJ'UN>'IillJf'l'Ufl\lfiDn1'J~(91l?ifl
15~~10.15.14.2
,r'Ub~Dfj'UtJil:l.J~(9jfiD~l[J n'l::; IiiD\lbU(91'WD-lLil b'llwl'U b~EJf111 "passive open"
"
11~\l~1 flf1WrU~ \l'iitl:l.JL'l1~U~G'l\l 'I::; rJiil\l'lhiU(ilD'U u ~f11'J11J-~\lo]Jfl:l.JG'l btl~EJU b~~ D'U f11'J '1.1
". 'l ~
nD(91~lmllEll-.l~
(;'1=1.
I
fim.Hh::;1111\l1~G'lbElu#in1J
t.
1il:l.Jmru:l.JfltJ 4 'lJ'UMEI'UI"lEl
v "
b'iH'VIlb1 E1-lElilfl11..! f11'J~Uf'lLil f11'J11J-fl\lo]Jfl:l.J Qll(91[J
0::11
'"
1 2 3 4
tt.Jft
Connection
11"lG'lLElU~v11f11'Jri\l ISN 'W~E1l-.1n1J IN ACK Flag 11..!tJ\lb'il{'VIlblflf F b'il{'VIlnflfv11f11jMflu1'u b'il{vJblflfv11f11j~\l ISN bbQl::;1J1f11011 ISN
an
1 'W~Dl-.InU ACK Flag
ISN 'I'I~fl:l.JnU FIN ACK Flag 1tla\l1~L'lbil'U#i ISN+ 1 'W1m.JnU ACK Flag server
1f'1Q1bilU~Mflu1'lJf11'J~~nl'~il~lji1i1EJ , client 8,5
termination
••
£'il1~::UU
TCP/IP
10.15.14.1.500
10.15.14.2.80
2000:12000 (0) ack 23000
tI1ff 8.6
Connection termination
Segment 1
FIN 1
Segment 2 Segment 3
Segment 4
f11~~
8.6 bbi:'l"(;h'l1\1b"}i'Um'iU~m·Hi1a:l.JliiB~fhJb~a-J:l.J1~1nm~~
'Il1-J1'U1'UbbliiG'l~ '1lnb:l.J'U~'lJEl-Jn1'iU b ,~m'i&\\1lliiillM-Jd Segment 1 : ~il{L'l'Vl:l.J1mG'l'lJ 500 1J'U1@lffr110.15.14.1 LiiEl-JnTm&\nTl~-Jo!imJG'l

, 'll
8.3 ~1:l.J1'inilfhJ1um'i
1r'in1J~ai~'VI:l.J1UbG'l'lJ 80 'lJil-J1@lff~ 10.15.14.2
~-J'Il1m'i~\I
iffL1!'ld1ru1vltJn1'lbllL'l TCP flag FIN 'lJil-J TCP b'1Jm:l.JU~1\1luij 'Vl:l.J1UbG'l'lJ sequence b'lhn1J 12000 11.lv\l15ff~ 'Vl:l.J1Ubfl'lJ80
ViU1E1!U1'j
10.15.14.2
~il{(il
(fI1rl?l{,HnlwhwtJim"lifN
UlJltJlfl"li1lJ ACK RFC 793
ACK
if
active
r1I'WuphhuflfllJnnlJrrdJ!J
FIN !'ifntlJlJfPlJ!J
"I~hJ!~i1ulmYi"llmJ1!rfV?1ffNnlfm~lf'JlJn1tar1l'W ;'JElUtfJ'13J"pf1 lJYI1vtliJ!Jingi 'lVffv
"Iln1f'ilnlUlJI?l1lJ
ACK ilJ
~luflfmUlfo1mtfo1l?lpf'ilut'ilfll?lmrL~ilJ.wi'ilJlJ'I3.j'I;mh'Jnv!!rlfln'11fN
ACK
L'ifnllJlJliltnn?l"1::l'filvi1
!';liIiI~
J" FIN ue:
FIN L LlJlJfPI 'lIn JlJ"I::l'ffJ"i1 m-l fl n rr 'iltllv!~1'l'J
~in!J"'W'f) !'ifnl'-l!JlPlrri1LLrlfln FIN
1,;i1 U'lntjlili'i"
FIN
L'ifnl'-llJfPlifdJlJrrdh !"l'hdJlJ!'ifnllJl.mvli1!!rlfln"liil"
Segment 2 : 15~~
FIN ACK L.nli/'iJ~)
10.15.14.2 1~-ruiff'ld'ld1ru~~n1dWi\1lliiil
(FIN) n'll1n1'i
L'lil1J~1J(PJUn1dd-J ACK n~u l1J~~m.J'Vl:l.J1tJbfl'lJ Acknowledge 1 b'l'ilnu 12001 b~mlium'i-rU'll'i11JmdU&\n1dd\l'jjr.J:J.Jfl'lJil-J

, 'll
1@lff~
10.15.14.1 Segment 3 : 10.15.14.1 b'7iun'U1(PJun1'iG'/\IFIN ~1U'Vl:l.J1UbG'l'lJ sequence b'l'ilnu 23000 Segment 4 : 1Ub'1Jnb:l.JUvl3 n'll1m'iL'lil1J~1Jn~ull.l~,JtJ Acknowledge b'Vhnu 23001 ACK 'Vl:l.J1Ubiil'lJ
8:
rcp : Transmission
Control Protocol.
'!
!.
y~
~ l'l'lU~-J u f'l:::11lt'f~ b11m.Jl?ianul'V1JJ f1l'lU~f1l,~(ill?iaSl:JJl'lb1m::;vh

9
/}{ ~:~ l~~t{.. .'

."
------
b"lim:JJU~biJu5u'lnJ~~Un'l::;1J1'lJnl'l~~n1'l~~l>ia'l:::'VI11-J1~~~ b~vu1a V 'I11n~a-Jn1'l"V::: ~at'fl'lnU l'V1JJii~a-J~-J«'l!'l,Il
10.15.14.2
10.15.14.2
ru bi'iaf'l"11-Jnl'l
1til~-J"ln~-J 11'l~bau~'VI~a boB{'V'I b'Ja1 bb~::;Nlm,b1U~b1f'll

9
l(i1']Jfl-Jf1l'l~(ill>iam~
rep
Ha Irt-crose 1 'I1'W 'W Vi

n1'V~nl'lb11f):J.Jl>if)1(i1U~~N~Iii\l ,
FIN ACK
biJU b~ 1:1-J u <}-J if~nr:h rJl'lit..l'VI 'llUl1"V::;1JJ ~Hi nl'l 1 a:J.JflS\111.1n bbM'1~S~"::: U-JI'l-Jf'l"l:JJllb1-:iU ~
f)an1tJ :ij1~'YImt.JI'l11:JJ11f1l'l~flNl'l":::U~fl-J,
1ifl:JJ~b;h:JJl1~finmjl>ialtJ "Vunl111lN~fin~-J'YIit-J"V:::~-J FIN ACK b.yja']Jfl1:1~f1l'l~-Jiia:JJ~b"liunu ~ ~ ~ ~ b~fl1lJ!i r:h 1:1 l~tJl::: S-JP;<;)::; f):JJ~nu,ru Manl'l b11a:JJ>i l~uM~N a ~l\l S:JJlmu s\lii la
'lJ '"
"
lU'l:::'YI11-Jv111lNtlllii-J
FIN ACK
aflnltJbb~:::u\lllJltil-:ilJ
FIN ACK
n«lJm~Ub~t.Jnl1
Half-
Close i'iflnl'lU{1l b Y1t.J\I~lU~-J1ia:JJf'l bY1t.J-J~lUb~U1bbl?iU\lI'l\lbiJ{1l~hu-:iu 11-:iuiia:JJ~
bbflWW bl'l1l'U"V::: ~ Sl:JJ1'lml11tJl1ft

'lI
" " , if biJUtJl:::lt.J'lJ',n~~u a vnu« m!fru:::']Ja-Jn1'll 1J\llU b"liUf1l1~flt'fl'l

" hJ!i1'l11:JJ<hdJulila-J
'lJ " 'lJ
i1-Jl'lruS:JJ1f~-d
iia:JJ~Ul\l1..I1::; b.n'VI1~t'ftll~vll'V1lhvifu1ia:JJ~m<;) 'l:':~1J bbflWW~bl'l1l'u (f1l11~MaU '$'\lm"il"il:::sl:JJ1'lb1vll-Jl'W1~mh-Jl?iab'ija\lbbiJl1
1~Maunu 11lNW;.yjd\liia:JJ~ 11..1

TCP/IP)
1u'l:':~lJ'vmuNtJa{Mu\lI'l\l§:jat.Jl~uf1l'l~{1lf11'l']Ja\l
TCP
~-J~u
"iI:::flu1uNb11U:::
"
Half-Close
nVll:JJ
••
&"l1~:IJ1J
rep/IP
_.. . nn:il1UUDUIIOl8 ..
Packet Sniffer
Packet Sniffer dJ'Wbl'l~€J-liimhvI1lJrn1~mh'W'iifl).J§l~~m;ll".iDEhJ'Wb'i1lilb 1i-l"i1f1).J§l'Ilfl-l N~'WVilaJL'If'Ilfl-lIil'Wlfl-l ii;rmotru::: l\iwnl,th
"
1 mA'W'I'l1u'Vi'NnlJ
"
" fll'1..1l hJL-E-ll'W Ln~ "
lAEJvnlJnl'J~nwv
"
l{m ViflLVll~).Jl
1Yl".iAlII't1~'Vi'l
bl'l~€J-l~$i€J-lnl".i 1i-l'V!;YIl1Vlbl'l~fl-l~l'lfll'l1-lmhi'Wl'11).Jl'(ll~~'Wnl' m~:::.Jn'V::: bflVli1'Wbll:J.Jmh'YI1lJnl'J~nW-l
..
~'W'Vl'Wll$ilil€JlJ~ bflVli1'W lVlEJ~ b~l'lJfl-l lmAw't1bfl-lri'hH(1)'1
1'l11:J.J;rlJ'lJ r:h U(ild-l"i11).JlaJ1T"11 nill,n ,:':vll'Ilflv ri u'li-ljj 'J fl'V'YI1E)'V1 fl-l nmh
"
U-ll'U1'l11:J.J~'WI'l-l'IIl-l-r"Q f
n>'ll:J.J 1'Wii1'Wb'Jl bfl\ln.Jn'V:': lWi~'W'll11v11'Wfl-ldmhll).Jfl1VltJ n11~nw\l1

.
YI,l'1l11V1(1)'.jn~111aJ'.hv::: bfll'l'll'U1~wN1l'l'YIifl'YI1..hthn'U 1Vln~1'Ubu'Unl'Jn".i:::vh~§l:::
"
"
bOllll::: 1'Wb~fl\l~ bAu1ii1)-lnlJnldbii€l\l
..
dlVl
~'I'lBi'W~'W"il'WLi1'UlJI'Wlfl .. , "i1 €l:J.J§l1'l11).J ~lJ'Ilfl\lr:h
bbfl:::bu'Wrn'nJ:::v11~WVlnn'VI).J1U ll'lu~m1l\l :.J
bbM 1..i'Wfl'Ul1fll1 lWim1i\l u uri N~nw\l1Wi 1'l11:J.J
lIIm ml-J 1'Wfll'~ nW\l~\liiflci fl cil\l~l-il b~:J.Jfl1 'Vl'JI'1W't1~\I bu'Urn'~fl~11~iJr111).JU~flVlJltl~1 'V:::
"
tI 1il1\1"i11).J 1 :J.Jld(l &~l\lth::: LtI'li1! 1)£h\l:J.J'YI1Al~ Hi &

~11~iJI'l11l-J51Jbbfl:::iiI'l11:J.J~h~qJ~\I
"
1al1m'Wrnl~fl'll11
"
bbfl:::.In
eiu m b~fl b'VI11'W r lflti nld~
€l~ld 1l'l El~1'W bl'l1 fl'li 1 tI b~ n'l'lderwr1 GflWi ,;i:J.J n'll'W b m
1'l11:J.J
lIImm:J.J1'Wfll,~nW\l~mh'W"i1m,JflBb~nm1)ill'l~M\lI'l\l~l'Ilill:J.Jmb~flbU'WfllIMflnJTi11aJiifll1 ~f1~11'I1ill'l1Vl1 'W lflfl11'V:::uflfll'lJltJ bbfl:::bnu311'l11:J.J51JlWi~:J.Jmru hJl1
"
1 b~:J.Jb~:J.J'l1'U:J.Jlmh\ll, mJ
n1'J~ nW\ln'V:::n n~[i!J'Wl\111).J:J.Jl ~l\1vrVlbViEll-J l<'1El a n'W 1aJ'ih
"
N~[i!J'Wl'lifl\l'l'll\lflll~mn,
"
"
n11111 u ~n bnM&ily.J by.JfI{m 11ifl~l\11WiNfll~'Vi'11 Vl1'l11).Jbjjfl~fl1 'W1'l11:J.JUflfll'lJltl'llfl\lflll ~f1~T:i 1'WJu bbtJtJab~n'Yldflilfl~fllil~l§l\l ~n'W':::'YIll\ll.r~(I]ri~ ~lm'Jn~'V:::
'lI
hJmn
'Vln~bfltl b~f111fll'~£)rl'ldd:':'YI11\l1~a(l]'V:::
bU'W~
..
"
~t)~l'Jb vh,x'U fl1'Jrun~1J bU'W1111'1".inlill).J~ -Eb'i1ll1b{n1l:J.Jn'Wn1J l.rfl'(I]']J1)\1 'Jl 1 b
uau f:ll'U"i1f1).J n 1flVl\l~ fl'Vl
lua b~nYl'Eill'l~,x'U
bUdl:.:1J1\l bu'Wa Vl\l d\l nl'J~naluii
",
b".il~fl ~l'Jn'W lf11Vl U~lUlill U r111:J.J~lJ'lIE\liit):J.Jfl~~fl n'W1'W al-JflI'l11:J.J~1J~fl "lJ
v1 'WIU uuu fl b~nYllaill'l

'iJ
"
"I.J
al:J.Jl'Jtlfl'J:::'Vi'11Wifl~l\l111fl\llfl
tI bbfl:::til
nMflfl11iJ~N n'W u 'iIln dlMaily.J by.Jfl{1n~ b~ EJ\lntJbr1~E\I~nw\ll 'Vldl'1l11V1b\'l b
ff-J bbilll'V:::
bU1t1tJflllvll\ll'W'lJEl\l
'IlfllJ b'IlMI'l11:J.JbatJ'YIlt1~ bfllil'llmln
u 'iIln dllllllily.J by.Ja{e1''Wb ,jt)\lm'Vlnnwh
1 Vlfl'Ilfl\l"i1fl).Jfl~ bU'W
I'lll :J.J~1J,x'W 1Wirl'\INflfld:::'VltJ:J.JIn rm n1,{11 VlWlJEl\lfll'J~'W 'VI'Wl~bnlil'V1 nfll,(1) nw" 'VI.iAlII't1mm!n " bllldl:::EV1\llJflU~Il~iifl).Jfl~iil'W'VI'W11
" 'U
"
'W'Vll\11 'Vl'JI'1W't1lUU"i1f1:J.Jfl~~iil'W'Vl'Wl~\I hbiJ~bNU 1lirifl''U'Vl'W1

~
\J
'U
· .....
~"'"
~
--_
-
--
--
Bn ~\lmj\lml1JrJ
~ lL~l bVi EJ\lUl'11aJ(lia\l rrrs lV1mH'l~~'W'Vrnu
lh::: nsu 1U~1 EJia~ ~,.r\l~iiI'l11:J.Jdl~q)

"
"
lb~:::1aJ il1'111:J.Jdl~q)
"
bbl'1ieJ:J.J~~~eJ~11 ilia~
"
1ub U(lll11mi'W
~'YI~1
EJ'l!DI'I~ ~ oiJ1aJU1:::1:'I\l1'1'1'::: bl~:::if):J.Jfrl"'I1aN1'W

~
btJl'IlNEJl'1mnl'lb~EJ bbl'1-41dJ'W(lifl\l~f)al1if):J.J~
9 ~
b'YI~l,x'W11JU'WbU(lll11n
b'll'W1'111:'1~h'W~N1i(lif).J bflU
OJ
dJ'W1'l11:J.J~U~~1'I lL~ fl(lif)'l'tJf)'Wif):J.J~ lil h11 'W1'I~mvh It.w1" b~fl b-ih1tJ1 i\Jl'W ,x'Wfl'l':::(lirJ\lflmi\l ~\l11JU'Wl'Ij(lll11m
"
vifl1 r1VHVV b1fli'Vhn1dI'l11"l~flU
use b~flifl:J.J~flnff\l1t1u'W
OJ OJ
bWI'!b1 im.l\J'YI:J.J 1 EJii\l14tHnm1flnnWlnfi1'W OJ ieJ:J.J~ b'YI~lJ'W ~\l1:::UU vl1\l"1'Wbb~:::il1I'1mm

1'1 am'h
1ci1llUlf)\I ~\lN1 i1~il'Vl1\J b~a n11'1~"l:::1aJ'Vhn11~El~11 OJ bU(ll b11"n b~ EJ1~'W1n~o/jl'ln1Jn11 bb~:::b~aiEl:J.Jfl

'IJ
ll'lfl1bl~:::n11~aaldiflm'l~h'W
'V11 d 'irfl:J.Jt'l1'l11:J.JfhJfl'l':::nnff\lf.J1'W 1~U'Wb U(I1b 11nmn'l'i1,x'W 1 OJ OJ
b'YI~lJ'WnnWin fil'W1~"l1 n u wn lfll'li;'!DvJ bl'Jfl1fl~mJff\l Nfll~EJ'YI1EJ:J.J1n~'Wbu'Wb\l1(ll1:J.J!il1 us :::il'YI~l EJ OJ mru~N1i1JJ~lm1t:1~1\l-nfib~EJ'hifl:J.Ji;iI~ilrJul'ihffl'lfll.JVJ1b(llfli~lUI'l11:J.J1:::bb11'11:::1\l,x'Wfln~\lhl

~ 'iJ ~ IlJ
iT\l~~'Wbbi;il:::t:lnWlmh'W1ci1 m"l'l':::~fl\l~fl'Wn~u ilflUb'irlfffleJ:J.JVJ1bl'ltJ1

'IJ
hliln~1'i1ilif):l.H'l~bUt.l.fn1:J.J~mnniimJb'Vh
"
l1vibl'ltl l1:J.J1m~'lJ
bbfhimJml1~lJ'Wnnff\l11J1J'WbW(I1
OJ OJ
blin
"
,.r\l'YImmtil'IllrI'l1bl'l"j~(iJ,
uruil, l1mm~'lJlIj:::~1!ill1h:::'lJl'lJU,
"
1Y1t'l'f,h'W. 'I'~ll1mtl1n, .
ICQ, usm, \lUl'li;iI'llEJ>:IU~,r'Vl '1~'1 ,
oX 'I :Jf ~,,".. '"0 1 ~. " " ~ •• I •• 1" ,. bUfl'Yl1b'WlJ'VIU"I:::'l!'11 b'YI'Wt:I\lfl\lflu1:::nfllJ bli;il:::n~mn11'Vl1\l1'W'lla\l bb'Wnbnl'lff'Wnbl~a111l.Jt:I\l b
n1j'l.!1allmruilLtl1i\llU , a1:J.Jl1n 1)11\l
n1:::VI1n11 1 'W~n'Mru:::WI\lmh]
a~l-.jiifl£J~G'll'll~f) ,
1VI'l'i1U1~'Vl11Ufi\l1'l11:J.J bllul1J1!ii'lltJ\l bl'll'll 'W lfl~~"l::: 1~fll1JJil:IJ1J)1dm1
use 1!ii1il'i:::'VItTnQ\lw.n:J.J~m1~flU'1Jfl\l1'l11:J.JlIi;iIfll'lnEJ 1'Wbu(lll11nVilJJ
1"11V1lu'W'lla\l'Vl1\l1'Wm1#ai;'!11~\lViLiJ'Wfl11:J.J~1Jdll'\'q)
OJ "
Iurrn
-rn'M11'l11:IJ~lJ 1 VlliJ,J LL'i1\1:J.J1n~uwhtJnm l1J1~'lJ tJ\l n1"j~1\l~::: bi11'I1'l11:IJ~U $ilull5;1rJ
Q\Ju:J1111 'Wfft111:::1Jntfia1"l"l:::man1(;'l
1JJ:J.JlmrnVi"l:::'l.!1 ffl, ~ fl:IJ"l:::~11\1
uwn lfll'lG'lDvJ bvJflfl1J~I'IJf\l b~flWlnr)l'W"iiflJ,J~'1Jfl\lN~'W bbtliflmeJmG'ld'J'W 11Jlci1 bb~:::YllnilI'l11:J.J lU'W
tl 1l'Wfl'YI:J.JUii\l1'l11:IJ b~ £J-J'llf)-.jm,&a 1
"
a~ilJs:niluuilaa(iunUJQS:
"I~\l'1bb~1~h11 Associates Sniffer ,x'WdJ'Wbl'l~El\l'YIJ,J1Ul'll\lm,~h7i\l"lI'l'VI:::lij£JuH'[(ll£J11~Hl'l Sniffer Network Analyzer /l1'!ilnDl'W'lifl:J.J~~\ll1lJ <J lLl'1b,j fl\l"lln~i'111buuvi
<J
Network -7i\lbUU l1'l11:::01'
Inc.l'\..1t'l'l11:i,i
L~a1o/i1uN~(llnru1i'lJfl\l(ll'\..lLfl\l£B
lt1jLLn1:J.J1LI'l,1:::01' bU(ll b1in LlEJnbbu:::m,1i\l1'WLU(llbl1nafln lbi;il:::bnh"iill1Jn'W~a\lVi l
1t'1 tlf)lA£J
1'111 bUI'I b11"nlJ1vll/l1jl '\..I
hJl'lllJ 111jl(lll'laG'l~i\llun'Wa~
m"lil~'W
1ut U 1'1 blin

Network
"
b~a'lllu 1'W/l1'11\llLN'\..I (ll,l'V(;'lflU b1t1n'lJl'W11U u 'W~'YIi;iI1 dJ'Wvi EJ"l'W

"
lih 1"1n'W11 ffDvJ lvJ fl1 bUU bfl~fl\li'itJViWln fil'W"iifllJ ~1J'WbWI'Ib11n ~\l'VI1 n'V::: b1EJn1Vinn(il a\l bb~l fltJn,ru1l1:::bf11'1111'l11"l:::b1un11 , Wire Tapping Device bb~b~flbuu~L"iilhn'Wlb~::: b1EJn'1J1'Wn'l.!bb'W"iYlmEJlb~1 Yl'U\l&tJb~:IJ;1n'V:::l1unrJlIn,ru'li{jl'ld11ml~bvJiJ{b'll'WL~EJ1n'W , (;'l{jl'JbvJai~"I:::all-11'f.lvll"1'\..11$iJ'\..I'V:::~fl\lilEl\lrllll:::nfl1J~U:i1'W 4 ti1'W~tJ Dl'W«q)q)lru"llm UJ)1b11m"iil
Hardware Yll-I1EJfi\l~lImrufiL~n'VI'j"ilill'l~tlil\l'1Vial:1J1jf.lWln
:J.Jl1~ us :::G'll:1J11f.l'111 q)lruVil$i ff\l ~ a1t11J"j:::m~ ..m rJBnm bu'Wifl~~'Vll-.jl'lfl:J.JVJ1 bJ)1fl-n~ «q) ilYlii1viYl~n~fl~I'I/l11 nlJ/l11-ru-iitJ~~ n1dbbn1 'lJ"iiflNt'I'Wtill t'I'lifl\lWnmnru
•• A."1~g;llll
--
1 Wl1JVl~I'\'~ b'll'W,:::f?lUu '\lWl'\..l «q) Uj:::

flllmruml'l
qnunumu
EJ~111JMi
fJb WJ)1liniJ::: b
ueul b(lla1tT'W bfl\l
rep/IP
2 3
Driver d"Jw1u'mn"J:lJd~viiJ~1\l~Y'l11JY'l:lJn11~n-iimJfl'lJB"~1{l'lbnftin:lJiiEl
ffruru1ruVi1Wi'ii1n !nfl'l
--
"
1 LLfl~l,h
u Tflu
diu dJu-7J El:lJfl~mElm11h~:lJ11il
"
N1Il1 'W~l~1Jrr~ 1tJ
Buffer b1'jUVI'li':lUi'l11:lJ~1vi1oE~n-iiEJ:lJ1Il'nnm1~n:lJ11Wi'1JfJ\I Driver 1l'lU'ii::::YhnTl~mn1J

bV;u-JilA11l lbfl::::VI:lJUb hJtJ-7JmJiil1 ~ 'Iu.]bo/hmbG'l:lJiJ b~tlii-7Jtl:lJfl1l'l'l.h1nrl~l,I1J'Wb illl] bifn 'I 'll qj;J nl[i)lb ':Itl1m bnu 1J\lD1N1N b Elf.a'V!":btJUtl11D\l1JEl G'I:lJll(1'W~'lJ n f)\ln11~n
"
n lIllnmd'lhilm;JlIl'iil
-iitl:lJlIl'lJD\lG'ltl1N1NElf,rUl1'ii:::: iil"lml1.1~n-7J El:lJ b iillWiAl1:lJ b '11 '1 b'l'll 1[i) Vll n m!":lJ1un11'!.h 11iil"\liil"~ cu 'U oiiD:lJ1illubnmtJu ltJmh\li.'i1oEl
Y]Ubblll~tiiD\lU~EluoiiD:lJlIl,ruv1\1hJ
"
UEJ:lJ'I'hY1G'1D1NbWDfl~G'l1:lJ111.1~n-7JD:lJiilYiDU1JUbil(llb 1 ifn lt1f
"
"
"
Software bYlD'l'hVlW1~~l'lnlloiiD:lJ1ilVi1M1Jboii1mll'lun11tJl~m1ilN1illll1:lJl(1ll.l1h::::G'I\l~'1JD\l
"
nll&iml1u-ii
mJ1il,ru b ilB"'ii1
Data Link Layer :E\I",,~~-iim.J1ilYi1J\l1.J1Wi~1'Wml~~iil&ib'W~n'Elb1il::::~[i)ltJbb1J1J Hfboiil1'V1~

~\lVi1t1i""~bU'W-7Jfl:lJlIlLfl'lJ~lUG'lEl\l 1l1J 1 -;)'lU1U:lJVllrl1flYi(ifEl\l:lJ1bbU1.'lA':Il:lJVI:lJ1Wl'Wfln 0
""
n-7JEl:lJ1il~uYi~mh'W~uml~,ru""
~ bu'Woii€l:lJ 'Wl::::~1J fl1 ~1 AEl
"
..
"
" "
~ nUl!":n1iVli!\l billll bifn,rU1l:lJ ~Dffl1b~D\lD~
AD-7J B:lJ1ilVi~n ~ lU:lJ l1Wi,r'WbtJ'W-ii 1.'l El:lJ 'V1nm1~
nu ElU Nr;UJu'WbUnUElUl\111'i!": LUU1Jbbiil~l~ii

1~Vll1\l1"a~[i)n1J
"
"
Eliil"11'lJ EJ\li'ln'1l "a(;]~
oE
1 1
"
rrrsuun
bwdl
btJUn11
';1 b €IUl"~"Yi'V:::: ~D\I UU
m Ui u ni:lJ t'hWr1Jl'llVlW lVi~ am
l1'liil~l'l
m1~'V!":bbtJiilY'l11:lJVI:lJ1U'lJD\I-iifl:lJmVli.'ilil1t1fn ln1JnD\loii D:lJ1il'lJU Vlru'il1 ViDu1 '1.1 1l'l1
"
" iln&i
ltJ bb1J1JYial:lJ1il.lb-iil1'iilWimn~'W
~'WA€I'V11V1i11ViA~1 A~\l 1l1Jn11~~1.'l&ibw~n'lJtJ\lltJ1 l(ilY'l€l1.'l U
"
-"
lbM'V :;:ii'iiD bblllnMl\lAD'V::::btJUn1'J~~1.'l &i b'W ni'lJtJ"-7JtJ:lJ1;'li'ln ~ '1l1'lff~l'l
",
U 1.Jiil"'W 1",,':hbtJu
'iiD:lJ1.'l'lJD\l1!'1iil"~l'l
"
'VI '\l'ii1 n'ii€l:lJfl~lUn11~~1il&i &
lWi:lJlni1DtJ'1JU1(illV1u~'WEJYIl1Ji'l11:lJ iil"lml1.11unl1~~flWib'W~ni'1JEl\llu1bbn'J:lJ,r'W ~~1Il&i bw~n'll1t1f'V'Wii\l1Ui 1l:lJ~\lVl1 niimd~ nll~Diill'J lt1f~~u ll'li'lEl1il biilbUDfviiil\lb'lfU
"
b w~
ni bbI;~ln""~EJu1'W'JtJYiG'll:lJ1il.lb-7Jlh
"" "
lWiJl U~'W bb~'V:::: h boiil
'1
VllnG'll:lJl'Jl.l
HTIP, SMTP n'V::::t'n:lJ11l.lb-iil
hlWi~ltJ~u
l'lnl1 uu n bW::::VI:lJl'lVl~'lJ€I\l m1~ €Iiil"1I'll €I\lbbM1il l ~11m (;]n'V~ b Vlu i'l11:lJ ~ B b El\l'lJ il B\l mtJ1 bLnd:lJaDvJ bWDf1Jl\ltJ1~
"
bfli'lYiWiEl\ln11~nVll-iiEl:lJ
b""l::::'l..J b'lfu(liD\ln1'J~mQyn::::n1'J
Authenticate 1'W.ff'Wl'liJ'Wn1d Login "IIEl\l TELNET bviEl'V::::'lll
"
1il1Jl\lEl ul\l1(il u bQ'W1~
1iflNH1nlJJ'I1ii1~1'W 1111 '.1i\ll'W nm"" l~a'W hVi'l::::~~flWib 'W~ni'iiB:lJ1;'l~\lVl:lJl'lmWi 1l'ltJ'V::::vhn1'J~u'I11 bbrl pattern 'lJEl\lnl'J Login bb1.'l:::: Authenticate u ~1
"
b'Vh,r'W'WEJn""lnrnl:lJiil1:lJ1df.l1umi~~fl&ibw~ni
"
Iihun 1:lJY1v11 W1Y1 bWflffl'll,11 'VI iilUvJ
lWi1il\llul
i1'W~luoiifl:lJlIl "
iilUW b WD1"1~ (ifD\lI"lDtJ~ n-7JmJ1Il~b 'ii1:IJ1 iJUl'l ~f1m 11111 VI1n'V11m1~hT~ bl1J1J1tJfl1 'Yl~fI1'V'V111 l Ylnl1'V11\llU'lW\laUW
..
Vlru'V::::iiVl\l ~
niu nl1'V11\llU
ll'l Ubnu'iifl:lJ 1il 1J~~n~1J~U:lJ1 ~~
lYl El1 14ii11:lJl11.1U1:lJ11'.1iibAdl!":Vl1
urn uVI&,,,1t1i b'W,1!":1 U nl1'V11\l1'W"IIfI\l M b'W~nivruViVilWi-r1J'iifl:lJiil1

bb1il~il f1\l"llnm'J~Biil"ld b 1Vlqj
"
"
b wdihh~
~i'lBm'W1ill'l~l1;'l\l
"
-iifl~iil,rU"" ~fI1l'1tJY'l11:lJ(;)iJ iliJ\l b b 1iEl:lJ tJ\ln'W'1Jfl\lVl1il1 1 U'1bb-wn lnlll niJ111n1Jn11~~1.'l&i b 'W~nifl'lu 'V!":fll :lJ11 1.1 'J!":'1'111 n Wi ~~~~ bw~nibbuu
Ii~iJ b~ EloiiEll-!~1 Wi -r1J:lJ1 i'l ,u

"
ill '1.1 iill-! 1J1
b~1J~ 1'Yl~~\liiI'l11:lJ~\ltJlmnn
m1wl1Nilffl'lU
"
ill ~ \l VI:lJl'l u ~ II 'I'l1,r
U n 1 'l 'V11
1'V1qj~..J'V11n1"nuoiiEl:!;llll~1J l1rifl'W
bb~l rlfl1JU1:lJl1h:::::lJ1 fl N~1urn U'VI~\I :E\l"":.:~tJl~ ~i'lBfl1'W "lIl::::1'l11:lJb~ tJ..Jil,\lmnnl1 (
9 : ~mhuii'£Il;liil~';m Pocket Sniffer ••
.. 7~
. ,,,.-_
~-
,
~ !:~.~
-
------
~l'Y1futh'l 1'li~1'W-kl1u 1 VijjYl~ni'W
~th::; nDUrr-J'YI:J.J~'lJtl-JG'l'u'I'J b'I'Jtl{\l\.JG'l'13-.11':irl&l'~ bbll1:N1~~1
n bl'l~tl-J
I'lm.dh
b~1f){~ uuu
b'l'm::; ~:nf~ bb1'f~ 'linlJflEid-lliil bl'm1 b>'itlnTi~tlfll"j'iiil:J.Jfll ~ 'WbU~ b~Hmr'W 1~ nnnan ~ m':i~tlflwl1tl~fl~fl~u1fu-1im..! us ::;jj'il!~ni'UtJ1~ ~1'W~fl'1lJ1':itl'l11d-l1 dJ'WflUvJbvJtl{
&l'~UU fl", dJ'U bntl1nlYn
fl'UvJb vJtlfl~l:!J!.Jln~",iJm. '"I::;&l~bbllG'l~bfl~tl\ll'ltll,JYl1
~ ojjbV'l~il~r1m.Jlii1 b{;lil1v\'11UvlTr'liJl~
11d-lrr",mrn
bMtl1'lJtl\lb 'YI~il1 VinG'll!.Jd-l1 dJ'WflU'V'J bvJtl1 L>'iilbbilmi1'Uiiild-lG'l'lJtl..:l N~'U 1 'U
"
bU {;lbi{n EI ~ bfll-lil bbfl:::m':i'W!.J1 !.Jl:J.Jvll1 Vibfl~iJ"'flEl:J.JYll b{;lil1'lJEl\l b 'VI~iln G'l1!.Jl.l1biJ'Ufl'u'V'JbvJtl{nlYn'"l::; dJ'UdJl'V1l.l1!.J u ':in'1'lJEl~ unn bntl1'Y1~~'"Ilm
"
iilltJ1j~I'l':iil"'bl'l~D\llcililb
1'"1 b>'iill1'"1::; 1~'I11'iim.JG'l~&ln
ti1'U 1cil'"llnffu'I'J b'l'JilfltJ dJ'Wb1J1::: ufll urrrn '"II::: biill1..lu\I bl'l~El\l~'W '1t9lil11l bf1~El\l fl Ell-Iliil b(;1iJ1 dJ'U .n{~u l{~ij Ul-J'I11l-J1 b1J'WG'l'u'I'J b 'I'Jil{lJ1n~ 'YIln:ijm{~ G'l'~ Ut9ln1lJ~1
G'l'u'I'JbvJEl1'"1::;1iil\lvll..:11'Wmju'W bfl~El\ll'1tll-JoW'1bvlEJ1bvhtl'U (
trru ruin! bbiil::;U1::;:).J1fl r-m'ii 0:lJfl~ 0 ~U'U bU(i\bi1n l(1in G'l'1 3-.111 '111l.l1vll b1J'Um.1'I'J bvJEl{l~ b'li'Ub~!.J1 n'U rl
.... .... 'lJ 'i.J
"
uTf~'U ~G'l'1d-Jl':itlvll'V1ih~~I'U
b1J'U~
b'li'WEJ1'"1'"1::;i1fl~tl-JiJtl b
buvn:::~tlilnb6lJlJWl
L>'iElLU'Ufil"ih-Jb'l'JiJf[~ tlG'l'll,Jl':if.l&l'mh'UiiD:J.Jiill~V1'WVi~
"
n1S11l1.l1UUiliC1UulluJDS
nl':i~ fl'u'I'J L'l'JEl{fl'IlJ1,Cl&l'n ~1'U'ii E1l-J 'l~El~U'UbU(i\ bl1n 1~,r'Wi1 fl'lb'VI(i\~ilAru~ G
'll 'iJ
~n'jojn!::;'lJil..:l1th 1(i\I'lElG'lflbfiil{b u(i\~H'VI~nm1m:::'"IltJ'lJtl..:l'iitll-JG'llua-JV1n Em! tJ1[lfl'~ bbt9i 'l::: G vl'1vll'Y1ii 1~~1 u'Unm'&DG'l'W1J0..:1 &ilG'l'l'~n'W,r'U l~rln~\llllv\lV1n
(;1'UbEl\! ,x'W'VIl.l1U1'l'11:lJ'h'llEll-J G'lVi u ¥I n n
"
'"
a ~ltJ
1[lfl'~~Eltl1'Wbu(i\bl{mbG'l:::
...
'"
d'1 !i1~1'li
"
l~fu'l'\I~Ell-ln'WbLG'l:':: , 1e:JWM 1i..:l'"l::':
b'YI:i1tl'Un'W bVlEN b6t9in1':i~~::':~Elfl'11n'W
1cilil~l\1tln~il..:ltl'U
~'UbEl..:l bbG'l::.:'iitll-J mb¥lmn
"
1[lfl'~ Ut9lf'l:::vld'"l:'::~0..:1jjm:'::tJ1'Wm':i~fl'1l,Jl1b1~1(1i"hiiEll-l
..
(i\ll'l:iJ1'li'lJEh'ltl1'UbD-J Vln'1 u Vl n bn~~m::;~l , 'UbU!i1bl{n
uscuu bU(;1b l1n,r'U'"I ::;i1'V1:1n!.J fl'lJ b

bbG'l::':
..
"
f'lbb¥I n bn!i11l'lbu'U'lJil..:l
1:'::Uoj{(P)b'"l'W~DMAC Address 'YI~m:S!.JnflnEl~I\1'Y1-d\i11
Ethernet Address 1i..:l'l::.:dJ'U~..:I~lJilnll
bbV1mn~:In'"lln[lI{l'lbn{1!i11 ~il\! n1,\'l'\ll Vi1[lfil"~(1)
'I'll lYifil"13-.11':i[l'::':U1cill1 bbV1nbn{;l,r'U\'l'\ll-Il 'IIn 1e:Jfl'~l'l ,
MAC Address '"I:':: U'W'YI:lJltJLfl'lJb::l'l'\lI::':~Id-J!.lI{(1)bn1Vln'1lU(1)~-1im'&Elfl'I,1(1)tJ b , fl bfiiJfbU(;1 bbG'l::': 1'W'VI1..:1 VH)'jojflbbl~hm1(1)bb'1{'I'ln'1lu!i1'l:.::1lJiJ Address '"I:::Cln ril'Y1'W(1)!i11tlvldilrJ1'U ROM '1JV\l!n{(1) u 11 bbG'l::': fl'1lJ1,mll 1lJ
1u':i 1(;1flilG'l
MAC Address ~'l'hn'W 1l'l!.Jv\''111..l MAC ~ m.HbUG'l\l1Wi11'1!.J MAC
"
'1IElvJ~ u T~ bb~l 'W~Mln1lJjj~-J ,
11'1b'VIUtll'ldll-1 fl'13-.11':itl'lJEI\ll-J'W'MEJb~Dm.j'jo}EJffl:lJl'lrlril'Y1'W(1) , ,
Address lcil :J.J'U'jo}EJn~Ell-J'"I:::all-11':im1J~u'Ubb1..lG'l..:ll(1i b'li'Un'U 1i..:l'"l:::ElTItJ1U 1'W1Eln1fl't9lEllu , n1':i 1'li..:ll'W'lJiJ\I~1{{;)bbd{"l:'::~eJ..:Ifld1J~n1J '"I::.:~nril'Y1'W{;) lVilllju&iml-J • • 1(1)':ib1 Elf'lJ eJ..:Il1{{;) u '11,r'W'11(1)!.Jun&ibb~11(1)':iblil{ [
1111 1(;1l"leJail~I-JL'iil.J\lll'l~tl MAC Address dJ'U'lJEl\l~'UbEl\lbVi1,r'U (Vil:lJ~1'W'ii0l,JaN~'W)
1YifuoJjil:J.Ja~iJ
"
1Yi~..:IoJjild-JfllI'HJ
~\I,r'WYI1 n "i11(1)':i b'1il{ (;11~'JJ n ':i:::bDU1Jb~E.J1J~EltJ use 1:!Jfl'13-.11'fll'W'11
"
H'
"" "
MAC Address '1JD\I(i\'Wbil~bVh,r'W (Yill-J1JG'lild-Jb1J'WN~'W)
Wi~ 3-.11u n
e:Jl{ (1) '1{ u~'1 bfl ~iJ\l1'l il d-JoWd{;lil1n"l :'::vll \11 'Wil ~1 'W u b
tln1Jii0:lJfl'lJiJ"'N~'W
""
1til bL~iJrJl\11 ':in(;11l-J1{;)'lL '1iJ{n bU'WboW!.J\I
"
hJ'l
IIn'll-J 1.11::::
ltl 'VlVlti\ll vi lJ'W ~ vi TVIi11~~ (Ol fj'u nTl ~il fll 111il3Jfl1'W"J:::: ~l'1lil\l !111(OlLll 1 fj'u nT~ ~U ~\lJ'W~\I iihh~fl\llbtJ~ mnn'V:::: n11'l"J~nl"l'W biitl'W1(Oldb1 fl1~m.Jl hnJll'lti 1~:i1
MAC Address
'l::::lJlJlJi]u&!nld
"
'lJfl'ihnl'llilll-JhhlMl"lilfl
9
l(OltllQ'I'n::::l'lrua3Ju&1~l'11fu'lJm.JflbQ'v\Il::::~:i1
d'J'W'lJfl\l
"
M'WbB\lJ'Wd'J'WmJfld1I'lB~l\1~\lfilVlflJ~'l1yJbWB1 b'lJl3Jl l¥l(Oltll~:i1nl,lJ(OlA'WJ'Wb:Stln'h
Vllnalm;~Nl'W'lJB'I11j.JiJll.J1Jin"l::::'VhlMlJ'lJfl3Ji'l
(Pro~~scuous Mode)
'1IEl\lI'l'W~'W~rlnn1::::"Iltlm 1¥l"WElM1 'W~&11Vl3Ji?1m"Jvll\lI'W~El'Wru·Wll'11!1l1i?11111.:rlJ'lJEl:lJrl'lJB\lN~'W

TWJiJfffje)ffTYJ3.J{iJ
biJ'W l~3Jl'l~vI~ 1Vi
~Tli?11bl'hh'W'lJfl:lJi'l~U~\l'Vl:lJ(OlU'Wl U(I]l~Hnlilm
"I:::: J'W'llB\l11'l"J Qf\ll'111I'l"Jblrl::::dJ'Wm'lf1::::bii(OloJjilu\l~u'lJEl\lll.J"Jlli1I'lEli'l'Vl1Elll-l d bbti'WEl'Wll nl,"I'lI\lI'W 1'W1'v\1'liiaI'l5a h'l:lJl'l11'W bii'W~\l~mb'V!i'l:lJ ~ ElI'l11:lJUi'lfl >'Ilftl NN~(I] ~lf>'l bbl'lvY-J'Vli'lltJ~\lN~(I]l>'1dbli)'rvil~al~l'lJ;1"1'll\ll'W lmJ~alj.Jl'lCl'Vll\ll'W
9
"
1'Wll'l~El\ll'ltmvh bt'ld'lJil\lM'Wbil\ll¥ll'lti l~a'W 1"111
1'W 1V1l-Ji?1i1'lJif.lilW lWilf~\lJiEl\lmAU ll'l;llElf 1V1~rhtl'Wl[ii ,g\l

"
1'W l'v\1'liia~Elal Vll-Jl'llJl
El1"t'1:::: 1l'ltlm,~(Olbbui'l\l'YI1miiuA'Wm
ii1'lil~fl\lr;.j1'l1~fJ bll'iiJ~l\lll'l
bbf.l:::: l~ilalj.JTmrhm.l'll
'I1,n1I'lbl Tl"l'll\ll'W 1'W lw'liiG'lI'lEla lV1l-Jl'll[iilbfll ~ hhlbn"J3JG'ln!il'l'll"J'I1G'lNl'W"Il n lyJfl{
b~il\l~'W '1n1~1'1lb 1El\ll 'YIqj ll-l 11 'Y:': biJ'W lU1bbn"J3JllI'l11:,:"HiEl~ 11ilj.Jf'! ,g\llii'W~\l~l'lll'J'W~'W lei!ll-lmn
1l-l1'1i b~€I\1Uln lU'W0 n ~illtJ i:Jl1hbbn'l3J~'Vll 1Vibl'l~€I\1I'l€l3JVIll blil €I1fi'l'll-Ji?11mnU dJ'WauwbvJfl1 bNtJu 'v\I1il~vf'1hI ll'ltJ\I bl~v1r'i/&1(fJ~\llu·mn1j.J dh1tl bba::::b11'Jn~'W:lJl'Vll\11'Wnalj.Jl,~~mjl'W'lJilj.Ja
~ '3.J
"
i'J"I"Iu'Wm1"1::::vlI1Vibl'l~B\lI'lBl-Jvhblil€lfbl'l~fl\ll!illii'WailyJ
'1Ifl\lI'l'W~'W lulJlvf'l
rnl 1::::m 1V1ti\l'WEln'Vl nitm!fru:::m'l1l'J:;"II tJ1Jil3Ji'l'IIil\lll.J'lllilI'lila bl~l ~\l~ ~ " 'Vll1 Vil:'lilvJbyJilfflll-Jl'bI~mh'W'lJElj.Ja'lJiI\l N~'W1M~Elnl'l1 'i/$fl nf11\l'll€l\l bUlill ~Hn11j.Jn'W 1~11 " " lVll'v\1hd 1OBaseT. 10Base5. 100BaseTx fil'Wlb~llbl'iloE~flnal\ll'WnldflJQ/\l1Jilj.Ji!l11Wl'W
tl'V~m:h~ru
,x'WVll-J11'J1'l11:Wlll Ulil b ~Hn €I:':bb!illJbl'l€I1~ 11i€ll-J~ Ell(Ol l'l1\ltllJ ~Eln al\l bWi U tJ1tl'W ~Ell-J ciiflJ'lJEl3J i!l 1 m:i1 nu n'Wue :;vf'l1i\ltl'W b~ Eltl":!:::n ElU b 1Jl tllJiff m~ru::::'11El\lll.J'll(;] I'lilrl bb~'v111 ViiIIilyJ bvJilftcii1 oE -liflunW1il\ll 'W~h'Wd~niil'WoJjm.Ja'lJEl" l~a(il~IfiEl a ~u'W~Elni'll\llWitJ1n'W
'lJ '"
"
"
1m'WYI'WYI 1'V:;~niil'W m
n'W~l bEl\l vct El\l"ll n
nl'~'iI:':
'lJm.Jf'!lei!11wiiil\l dl~;ff'W"'Iln 1~fl~~loE~Elnrl1\lil~1\ll(Olil

'lJ
~l\1V1ti\l ulu iII1Ubl'lblJa VI~tHrlJbWitlltl'W uuu bbrl:;&!(fJ~\l11bb~1 bbill'll
b'Vh11'W 1i\lbbi111tlI'l11m&1'J\l~\l
n~11mjNHn:i1'Vll\ll~Elni1EltJ3Jln~'VdJ€I\l
~un1rub Ul'l blin bba::::~fl'l.h;rqJqJlrul'i1\1"'1~tI'W~\lVilei!~nfliln
lJfUU1\llii'W 1l.J1Ji 1J1nVl~ElEl1"1'V::::fl\li!l\l'Vl'W m"JVI~n b§tJ\ll!il tJn1":!1l-l1-li\lI'WndJ'W~-J~ btl'W ~ ill\l ll.Jll-llcii ~\lJ'W ~1":!1 i\ll'W 11l-Jtl'W'lJil\l ~fl n f11\ltll ffqJ~l ru~\l iJ\lI'l\l:i1El~1(Ol vf'lltl u I'l\ll?i Namj ~lill3JEl r1\lbbirll'V ::::ll-lfllm,~"I'llm,&ln 1'l'W Ml In u f1:-;nl1~n iil'W'liEl~ a nu\l iil'W'lJEl3Jf1'i11m:-;tJ:::nflYll~El ~lJ'Wl:'ll ~ bWimn'Wlei! l ~ ~ bblill(Ol tJann bb~l n~n l1J'W1J:i1il'lJEl\lI'l'W -Ii bUl'll11n b~l'Jl tl'W,r'WbEl\l V11m.TlJbii'Wlftl n'il::::ltlWltl l-J1'i11n ~1 b'li'WEll'illtl'Wbvi H'W113J\ll'W'Vl:SElwtTn\lI'W 1'WU~NVllWi ~ltl'W LlJ'WLli'W
9 : ..rmh'LI~lJ\!~~-;W Packet Sniffer _.
.-.
.~
~~.£,. . -------....
_ ..,
._ .,.,,·.::rP~-'-
z1i~ 9.1
1l,"W"hflfJ"m~ !'1I'JI!.1'J1fJ"
It's not mine, ignore it.
9
•
---
---
~iJy-l!rlfJf
Host
I ~ I/~~ ! ·..,"" /~o III~ O -;:::-:::::-:-llml!lr;;;;ru~H ~b!Fl~-II': ======::::0
, ....
: III
,6st D ,# ,
Q
_
It's not mine, ignore it.
-<,0
Process
~m
To Host B
HH,h
------------~
ol
-I'
To Host B
Host
~l
Ill'
Record
~I
il
Dil'
.... :
OK, It's mine, I get it
T don't care, Get it all
Sniffer
.JJ,.
mJ 4 (i'f1(i]t)'n:J.JnULDtm"lvlbl{nhwH~1J·hwlu U[iI:;l1 " 1fJfl~8n 1'1'1'V1it..]ofi,rru111'HLm:J.J~l'l1'V1':J1~ ,Dufl"uvh Wf){ bvl f) I'1'mhuoVD:J.J [iIb~ V1J(i]D~l:J.JD ~1 'W~1JJu " "
lwmw~
9.1
1udhHl1'nl1
Host
b'11Ub~VlnU
<iJlnt11'i'F~:;UflV1..]1Vib14'Wn11Wi:;<iJlt1"1JD,,]oVD:J.J[iI~
tI
Host
A tiiD..]nl'~\l1'11
Host
B ii\l
bbVi~<iJ1\1b~El Host A ~\loVEl:J.JlilDDn111~-J Host B J'WoVfl:J.J;1Ii)m:;<iJlt1111~-J'Vln'11!lfl"~~(i]amj1JU~1J JU'l:J.J 1i\lflU'V'Jb'Vol fl{~h

• Host B
h~ b~Diliifll;F~
"
11111,1 nflffi!lfl~wil"]'1'OJ:; ill1il n1t11~\ld MAC

Address
"
bdD1~-r1Jiim..Ji;'ln<iJ:;(il'Tvflfl1J bblil:;
ihvnrhbD'Wiia:J.J[iI~~-J:J.J1'V11
au bD\In'OJ:::l'l1 mnhu
bblil:;~\I (i]a1'I1':;1Jl.Jl1iltr&i nl,l1.
::::J.Jllil~ a
"
•
•
Host C
Host D
bda 1~l'llm,(ilJl<iJiil"DU
11'!fl~~\lflD-Jii-J:ihlJlilbi{nD:;bb(i1l1b(ilDf'{h-J1'watl1u1'V1:J.J(;1tJn&i " U~l bl4U":i1hJ1'11iiD:J.J[iI"1Jtl\l(ilUbEl\l n<iJ:;1lJ au lv~<iJ:::t.hiim.Jlil

"
bmhJu111tJ':;:J.Jl[i1Nlil~'W1(;18n
Sniffer
dl'V1-rUflU'I'h 'V'JD{JuilblJ(il biiml:::bb(i1tJ b(ilDf~'Vh\ll'WDtJ1u
1iU~D 1JJiil"u lv'hiiD:J.Jlilvh-1h:J.J1JUbDu"1JD\l1~, fl"'I1wb'V'JEl{'OJ:;-ruiiD:J.JIiI~\I'VI:J.J(;1bbl1ilt.h " " 1tJ bn1J1utrw bwaf us :::~i1U'liEl:J.J bvlmll1tJl1.::::J.Jliii NlilbViD'VI1iitl:J.Jlil~ill1,:; 1mf'l1(i]D 111 iii ~ " " <iJln blJ(i1blin 1 Ut11'WJU'VIlnf'l'l1'I'J b'l'Jaffi n&i\?1 Ulih u 'VIti"]~-J mhl n<iJ:;l'l11 r1iifl:J.Jt'<~\l'VI:J.JV1 ~\l1 ~ " vn~fl~~"] 4 ~Elfll'in'W 1V1t1Nl'W~lJYi1i\llU'h:J.Jnu 1JJ11iiD:J.Jlil1V1<iJ:::tl'lnll~!YlJnfll:J.J1'11,Hln~mhu ~ ~ ~ 1WJ[I'lElf'lUV'JbWD{VlUVI1(i1Elffi1'!fl~~\l 4 1lJ.1h:; bb~:;'i:;rnv 1V1'1bliltl';i1iiEl:J.Jlil~~-J 1tJ'V:;fln~mjlu " ~ ~
"
1 'W'iijfl"~f)iil"1 'VI:J.JV1
"
••
'~,:'j:-1J1J
TCP/IP
JlEH'Illl"ll :lJEl'Ub tlEl\l:!J1'Vl11fll.fJ , u ~ :';[ii,1"1ii1'EllJ lJl tnn bil [ii b l1n ~\I:i:i1Elll1 ff'!h)EJlJln~'V:.;
n "., ci1'nelTW-liEllJ ~1~ ~l\l11Jlll~ll1''111~ilV>l
EJ rrrs ~ ~ ~\I ~DV>lbWEl{tTu ~1:IJ1 .nUEl\l FlU hi1J1f>i\lN ~lld:';VlU l~
btl El\l"ll1111l"l:i:iailw
bV>lEl1&i~tJ ~1 'U diCii bl{ntTu
'1 FlU
Cildl'V~tJlJll1EJ'UEln Vln<11B~Wi~mjlJUbilt1l , I ., vll\llU

'1J
bl'UbftEJbbt>lll'V:'; b"illltlti1jl'VffEllJ
"
bWEl{m&i~~\llu
bil [ii bl{n"l111111.
1'1'1:IJVlfll.Vll\11'U'lIEl\lbUIIl bl{nEl:'; bb~tl bt1l£J'f{'U UIIl bl{nEl:';bbCilu bti1E1{'V:';

cr.i
bl{n b~EJ1Fl'U Yl'\I.:.;~n bii1':lJEll11'Ufll.vh.n'Utln&ib

iJ 'U
hi
mJ1 'U1 'Wj:Wii1'I"lDa1 'I'I:IJ~ 'I'll n'WlJllmBa~[iivll\ll'Umjl bWEl{I"lEImbEllJih'U'1iEl:IJ~N~'U

':U 'l.l
'U1 'I'IlJ~d fil 'I1ff'UilH~J1U lJi'0''WVill

..
lBaWitT'U<1lJ1vll\11UdJ'Wffilw I tT'WnJiEl\lvllnl.ftUb~l:.;t>lElltl btlEl..j'<i)lnfll'~[ii~\lailw
bbt>lbVlEl-rtlll:ltl,:::ff\l~~ uuunu
bb~:.;1~vN:i:iEllf'l"i
Ut>ll1Lb'Ud ii:IJlll~tlj:.;a\lrl~mh\l 1
bV>lEl{tTU U'Vll\! bVll"lilri bb~lblJ'U~\I~fld:,;vll1JllJ.JEJln 1
bb(;lLlJufll.mn 1V1mh'U 1 'I'IUieNrlfl'l ~ bWfl1lJl
t>lElnT';itlljl'V anu bb~:::i:JtJ\lFl'U ~\I:Ij fllj'l11lJ 1'U'l:.;&i'u r:i14i:i:Jl'11 j:';vll fll,&i'\lmhl n ., 'V:.;rilVl'U~dJ'U-1JEl'l11lJ l'U'U 1EJlJ1EJI"l11lJtlmJVlJlEJ1~w 1o}i\llU Vllnl1fllj(;ldl'V'V'I1Jn'Vdlfll,~\l1
lJ.Jl '11th 11JJbbmlJ~\'h'l'liil~bblJUaDw
VlHtlll:IJ bb!?l 1"l11J.JbonmlCil'll €l\l Ut>lfil:'; 1\1~m E
VI~flb~EJ\lflljlo}i\ll'Ubb€l'V'l'V'l~bl"li'W~fuf>i\lonEl:IJfil1[iiEJ1J.J1Jib-liljr1a 1U'lbbm:IJbVlmiltll. 'll(;1b,l

a
FTP, 'W\lLnEl{ IRe
bml:.;iiElJ.Jiilal:!J1'l:lf.1n&i'nell'Ubb~:';biil
"
(Plain Text) b'li'U
.,
"
1"11JI ath \I
1vi;-:.;fSnEl ~ bff:IJE111iiEl:IJ~Yrfi\l ~·h'Ubiltll bl1ntT'UallJl,fJf,m&i'nDl'W .,., ., bftEJ'I'I1EJ:IJ111~~[ii~EJEl:IJf1JlJi'YIlniim.JfiltTw:Jn '11

Ii 'U
lJ1 '<i)\lU'j":'; bil'Wl"lll:IJ

....
bU(;Ibr.JEJVIllliiEllJfil~l"lll:IJlilr1rum 'lJ
n V'l1d"l:::
rllll.Ja:::1'11n~lEJ
b~EJl Vl1E1-li€l:IJ~'j"r1a~h'U l'11b~Eln 10ii .,
3 4
mnilrrrs
HlJ~fl1'j"Fl1J biu bofi{WblEl{~b~EJliiEl\lFl1Jflldb~'U
mflbU'U ltl1~Vifil[iifll'j" ~b1EJnFl'Ull
l'ii~E1ffr]dr]dlru11lJnull1iiElEJ~~1'1 'I'Ilflt.hmbtl~EJ'Unu
il'V~uu
Switched Hub (Vl1fl
Switch) :Ij'lll"lllJ.J~\I:lJln .,
Shared Hub (~1l Hub b'V'l'll:::l'U
jj'j"'j"l.J(;11) ~m"ii\ll'Ull~
"
'<i):::'lilEJfil;1V'llllJ L~EJ\I'lIEI\lfl1jf.1n#fnell'Uiill:IJfil1J1:IJln (
.,,,
Switched Hub tT'W-:ilEl:IJfil'V::: 1J.Jm:';'V1EJ ~E1"1:';~\I"IlnJi'UVll\11tlif\ltlmEJVll\1~'l:';lJb'vhtT'U
"
m n al:lJl,fJ Hi\ll'U
b~l.JV'ldl:IJUiil €lCilJlEJ'lI l\l-iJEl J i;iI1J1J11 rm € l V
.,
biil,'I1ff-iJmJ .,filriau f>i\lnl"ll,'<i) :.;thm bbt>ln'<i):'; llJal:lJl'lnf.1€lI'1'l'IXa'llEl\liimJfil
bvim'i11 Vin\l bb~11:1jctiG'llm,bl#fnell'U-iJEllJi;iI1Ji .,.,
.,
1'11b-iJ'l1"11(lltI'1EJ~lEJ
'I'Iln:ljmj~€lal.onflJ.Jfilmv .,
1'WEl\lrlml(;1m.h'UEl'Ubtll1l1bilti1
fll,'l11 b'VlV'l1'U1~~'lIEI\IVPN 111P!\I~'UlJl .,
(Virtual Private Network) in H\ll'U'l:.;'lilm~:IJ'j":::&i'lJl"lll:l.lUfilEl(;1IlEJ
9 : ~na"1'Uifl3;!~HPi"')a Packet Sniffer ••
hJumJriTI.liim..Jiil'1JB~ ~H3'1mfll~(jYh 'i"lBi!i;n1 'li~~biill~l mXn b'll~l~THI " ~ 11111hLLml-J~iJ'lln~1'1n.mnnail~LyJBfltJ1oillh:.;b'1Ju1~mnmhw L'liU

'VIln 1lJ'I"l(;1ii'Jnl1
"
Network Analyzer
m'lVi&(j'V'hvJB{fl"l~l'lrl(i)niiBlJiil~~'VIl-JflViiJo~1JULi1~
bl{n1~ 'Vll1Vi
SMTP,
L alm1tl1111iEll-J~ lil~miTll,ll'''llm11h::;mflNfllll"l'l1::;'I11'l 11
'VIfllmdl:l~ 1~11m'lm:';"Jl!'1m1H~luLi1(;1Llin'lJfl~1tJ'l1(;1l'1flfl~1~'1 FTP bvlEl"J::: 1fiVl'l11rhiJm'lloil~lubi1(;1
"
(ih~'r7JE1~btl(;1 1~ b:Hn ,ru.&l-JlJ&i
L'liU HTIP,
blin 1tJb~1Jm"j 1(;1 mn\iilm~!'I\l11
'V:::yh1Viffll,11'lrl l1iill~l~'1
~(;1m1bi1(;1blin 1~mjl~b 'VIl,n::;~j.J Vl1B1U~lU'lJil~n111oil~lubi1(;1blin(;11l-J'lil~ 'VI1BLliim:';~\lm'llL~m:,;'I1L~B(;1'l1'1@1JlILi1l'lbl1mr~l'I~vh,:nu1fil:lnj.J]_Jn~Vl1fl1~
mn l(;1iJN''tiimn bl~ll(;1iiN1oHtlo!'l mil'1u 1(;11oilb 'II ciil(;1€l1J1uVl1~VibiJu1Jj::: l!'1'1Jt1"'VI11J ru 1~
"
""
Network Debugging Tools
1UlJl~I'1~\ln11'V11fflbVl~fl11j.J~Iil1.ln~'lJ0~bbO'l"l'l"lmll'1'l1U~l\1'1
" 9
<JlbliuVi'il:::WiB~~1J~U~n~\l11.lii~bilEl1im.J~ViflJG'l'~nu'iI~~'1lJUbi!lilblinl~fl'Vl1l1bVl(;11(;1ll1j Yll\1IU'1Jfl\lLLf)'I'\I'I"l mLI'I'l1u~\l1lJall-.J11b1v11\lIU1filinJ.J1.lntii rrn 1fi bl1uiioJ.J iil~1JVif1Jci\lnU'il1\l

'!J
uut tllil ll1n'il:::th!'l1 Vin11l lI'111:::'11biil::: 'lJ1JqJ'VIlffl~11r1~1 LilUn111~£J ~1~11 (;11111G'l::: b ufi1 ~
(;11\l~£J1JqJ'VI11fil-.J1n.:gu(;1!'I1Q'I"l1::mruViiim11-11 11'l1miJ 01m:::(i)u bi1(;11linm 1~!'IliiEl~ 1 : 1'li'WiJn1jd~ojj£JlJm-h'W1~f1ElG'l~bL~lii1Jq,J'VI1 Vl1£Jn11'VHi1ff£JlJ CL A
'IlE1~
(Access Contra! List)

'!J"
L Ll'lil1 dJu~u ,1
.fi\liJrum1 '111:::ilUil'VIln1lJiJail'V>lb~ili L~8~uiim.Jiil~1J.:gumi I

~
61'111:::'11(;1
1bfll 01'V'V:::~fl\l1oJl1fllU1Uj.Jlnnl1Vi'il:::
b1n1tJ1JqJ'VI11fi
Packet Monitoring
n11~nl!llWll'1ilfl'1JEI~ 11J11(;1I'lElfl1'Wj::;lillJl{j(;111{n41l1h..!AEI~11U l
iim.JI;'lVi~mn1nu
"
£1'i\l"J:::ffll-Jl'lrI l'ih 1'11fi LLI;'l::: LiTUlll'l"l"J1\1 LLl n Lntlll-JiJ'w V b()lfl~\l'1:::dJu

'!J
bl'l~£J\liJElVi1.hbWmn(i1l-Jl blff(;1\11 i0id1'111'1131.l11UU(1]l\1'11~ Iillil~l\1b'lh.l blwmn(i1Vi1lff(i1\1 V 1'II'V1'1J..l b~l,Id.fi\l us Iil \11VibiT'llL t'lfl 'Yll'1ill'l l1& Lbn'll~l\1'1'1Jil\lusn n IlljYlI\I 1'W'lIE1~ Vl mnl'l~E1ih(IJEl1~\I Vlln'llllill1Jjbln1~1Jj::; u 1oE1um,FinMlhhl()ll'lm>l1fi~
in D{~lULb~h
b1~1~m,{ln
bJlVlilbb~l n'V!:: bA~D..jiJDVi 1lJiJ
Intrusion Detection System

'IJ 'I
1:::uum1'V~lJfl111..Jn1nMl~u.:!1'11m'il1nn11(i)nrilu
'lJ "l
iiDJ.Jiil l~ EJ\I LL~1tlUn111.l1!:: u n..1n111 LA11:::'I111.1 uuurrnu dJtll blimbu1Jb~EJG'l1'Yl~ YlI1Viffl:l.Jljb171fil1iln"ln1jJj ~
n1n b'ihnlJIll1Iilmh'l!'irilj.J~lJU
'i 'fJ
1(;1UUbtl(IJviinViiJ bbUlTWl-Jll"J::: btl'll
Other Security Tools
UDn'illnd~ilvJb'V>lD{if\lff1m1r1'l1111.ltJ1:::~nfltoJ11.l1'11\1IU1nl!ll
A11 j.J1.I D (;1ntJil£11\1 11-.:I'1I 1\1 b'li'W ~ n 1 l~DlJ'WVin~E1\11E1 tJ'lJil\lLl!'Jmnil{ ~lJ(i11l!Fll1 1oJ\ll'11 V1'wmm~iJI'1111.nil ~ qJ. V1lilffElUl'111l,1 u "j..j'1JEI~1 bb1J...1 'V>I11Diil b1J'W~'W ~
••
'~1~~1J1J
TCP/IP
'\l ::-'111 1'J1Vinl'l"lJ1'111 'i' ,ij {;I,l~n U'i'::':~'Vllhll'1'l mnll'U '11£1"nl'i'iiI'111:I.J~1'l11).J
nl'j"1nl!llI'111).J1..l
~£J1?l1l1'J nl'i' llnhi:l4!
VII dJu 1u1~ £J~ 1"l'1
utii-k"n-k,nXtJnl'i'i.11:J.J1'i'1.l'l11l-J1
1~ Vi dll?llh::-11'J"ll'U1l1i~::.:~ £I" ~"£J ~1J'U~U:;jTW

£J).J~1l1i£J~1\l ~ nl'i'iiau'V>l bW£J~'\l::.:'lill'J1 '11
all-J1'i'1.l'Vl'i'I1Jii EllV1"1"1~\l'1l£J"ii m·m us ::-all1~ n1'i'&flal'i'ii£J:I.J~ 1K({;Il'JtI'i'I~"Ilnii
"
b'ii1 hu 'fl::':~lm'i'1.l1bl'1'i'I::-'I1ii
"
'"
"
" " uil ~"ii£l).J ~Vi1~v 1 nauw b'V>l£J~ bfll?ltl'i'::': 1'J"llUJu ii~'U £J~ fllJ'VInl!l::-uae 1'111:J..1 Vi 1 all-J1'i'1.l'1l£J" Nt iib£J\l " " "
n1'i' 1~1U~tl"
Il-J~ l& 1'1'11 1'U~ mi1'Uii fl"
£Jt'i" trl'J bblPln1'i'''I::':
£I:I.Ji'l'1l£J"~UWbwB~JU
bUUn1'i' b~B'U1 Vi N1ii'i'::': ~ n W:J.J£J ,blPl
";11 nl'i'& a al 'i'1J1..1 b~{;I,11nYi{;l1 ul ~1'11 B"J..JUl!I6loJ t'il:J..11'i'1.l:J..IfJ" ,tl'W1~J'W:lJ1~ii 1'111).JtI~ B{;Illl'JfJ~1"Yi , fi{;l n1'i'Yi"iim.mmJ1 'U'i'tJbl1J1J'1I£J"~b~n'Vl'i'fJil,I'1~BW'l::.:'lill'J 111iiI'111:J.m::.:vnna::':1J11'1 1'Wn1'i'1ii"IU a n~l'Wl1l1" n1'i'Vi1oJ al:J..11'i'1.l).Jfl" btl'U1WiJ'Uvh 111l'J1n tii £In1'i'ilfl" flU 1nl!l1ii fJ:J..I rl":lEJ ~111 "11nn1'i'~l"~::': b:IJ{;I'lI ~a'U 1Wi l~'i'I::': nl'i'n'i'::':Vl1 fJ"
(1(" n ~11n
"
""
In(lj~U 11'11'JYiml"1:JJ,tl'U ,'li'U b~ I'll n'W d"ii
"
~ UP!
"
::':'i'fJ{;IYJ'W
nl'l'l11 b'Vl1'l1u 1i'l~J..Jl1ii\lIU 1nM)l'1nutll{;l).Jlnbvh
1 1 1'111:I.Jl~I'J"bbi'l::':f.oJ~m::':'Vl1J1PI£JN1iinii:J.J1n~'U
bvhJ'U i11{;l'1lfJ" l111'1"hiPl"'U b11~~fJ:J..I flU ,mYnVlln'V'I1Yll b~ B'U~l:J..1"IU 1&i::.:iil\l1,r" eJl'U'\l(IJ'Vll-J1I'J'1ID"
"
9:
IPi'mi"'luim;!<uii""JtJ
Packet Sniffer
.1
___
)&.1UlllUnlnn
lEI:
lEI:
1'W1J'VI5 (illU'Vl nd'V::: n ~"nfi\l':il !'il\l'll(i1 tJi a:J.J~ u Vlmn()1~1l1:J.J1
u~:::LEiJ(iI'lJiN n111 bf'1':il:::li'UVln bn rI~ di(il~'W b~ €),1(;1~lh:::fl"\lrl t

:J.Jl'Vlnn111oii1iJ·mnd:J.J TCPDUMP -It\l biJ'W iiAl1:J.J fl"1:J.Jl·Hl1'Wn11fi1mh'Wia:J.J~:J.J1 bn1J
hhund:J.JVivllmllVi
"
Lb~(iI\l,r'Wn1~1l1
dJ'Wfl"ilyJ L'tll fli'llil?lYlit\l

.
rfl:J.Jldbl1l1:J.J1L~ml(i11~()11:J.J b~a'Wl'1J!'il\l'lVim-ilfl"'W
:J.J1LLflt'1\llW1J'V1!'ifJ ~\l'IJfJfJfi1JltrV~fliLL:J.Ji'I'1Jfl\lnl'lLLfl"(iI\lf.J~Lb!'i~:::liJll191Aa~b'l'ifJdJ'W~'W~l'W ' 1iJ vllAl1:J.JLil h 1 'W1J'VI!'ifl1iJ~\lil
""
h1~
"
11 Ut'l:::
"
1 urrrs
b~al 'I1~1:J.Jldbl'l'ilAl1:J.JLil
hfi\lifJ:J.J~Vi1l1
[.,sIn·Daa TCPIIP
Timestamp Source Host.Port > Destination .Port Flags Beginning Sq:Ending Sq Bytes Options
r--------r"'-r"S~-2-55.L5-2-45-, 07:05:22.840000 1 hacker.com. 130221 > 1 victim.com..
1~
't.nVi :
1http 1 S 1 25552451 : 125552451(0) 1 win 5121
ifl~~ViiJ':iln~'V:::iJ':i:::nfl1J~ltJ~t'l~fi1\ld Timestamp: bW~hHl~T~ilM1JuVlmn()1d 1'W1l1. LfI'loJ'1Jfl\l1'W1Vi Source Host: Ufl"?l\l IP Address ~'W'VI1\l'lJfl\lLLVlmni'l fl"l:J.JTlmbfl"t'1\ll~biJ'W 2 U1J1J~fl IP Address ll'1tJl9ld\l b'li'Wl'W~lflrJl\l~fl 'Vl1nfl"l:J.JldbILLUf'l\l IP LiJ'W~flleJ~~~n'J::: WllflrJl\lmdVlt'1~ 2
~f)
bb~~hHiJ'W'YI't.btJ il1:J.J\l :
10.15.14.1 'I1~a
LLrf(il\lLu'Wllal!'1fl"#i b'li'W LU'WM'W
1!'!fl"~M'W'VI1\l~D hacker.com
Port :
LU'llihW!).J1EJbiil'IJ'lJEl" TCP V>l0{tll~U'Vll,,'hihJV>lEl{tl1'YlmEJbfl'lJ 1l'1 ~lmlmL~tl1..jl~ 1J~n11).Jl()ld:ilU 2 U1J1J~0 'Ylm!JLfl'lJV>l0{tlldlV1-r1JV>l0{tlliil •.J1'li LLG'l::.fimJ0\11J~md'YllnmnEJLi;'l'lJV>lflf()ltTwuu HTTP, SMTP, ECHO,
VW{tl1'11fl"1J1n1dmm~luL'liu CHARGEN bUU~'W Destination Host, Port:
L'liub&i!J1n1J Source Host, Port btl~!Ju"nn~UVll"LU'\.!
tlfll!JVll\1 Flags: Lb~l'I" TCP Flag ~mV>l~m,Jn1Jbbwmn()ld tl11;.,JTCP Flag ~iimj~B ~..jfllmdmb~WI,,('1l1~
"
S = SYN, F Beginning Sequence Number:
FIN, P
Push, U
Urgent, R
Reset
'YlmmG'l'lJ Initial Sequence Number (ISN) ~..j TCP 1'il'hmTl Y'l11Jf1;.,Jn11~D~1'J~..j 1u"J:;'Yl'h" , ~lm"JfI Ending Sequence Number: 'I1m!JLt'l'lJ ISN 1l1nn1J'lIU11'l'lJeJ"-i1D;.,Jt'l~a,,
'U
3-ways handshake Lbf~:;biiB
b.fiD).J~eJ
1~ use bb~1
b~J.Ja"o}jfl;.,Jt'l
"
bV;mu'Wn1"J1JeJn1~11
bbWmntll~'V:; ACK n~1Jm'V:;~fl,,111V1J.Jl!JLi;'l'lltl Bytes: 'lImWl'1lfl..jo}jDJ.Jfl~g..jmW~D;.,JbbWmntlltl1'\.!"J::'Yll1..j
Handshake '1I'W1W1'11B,,1imJfl'V:;LUU b~;.,JD'V'Wnl1'V:;b~;.,Jg,,1iB;.,Ji;'l 0

" 'IJ
"
3-ways
Option:
bUUl'll TCP Option vn1'l~~~U'Vll"~B·.ml11Jan 'VlnWi'10~l\1'V:;bU'Wn11bbfll'l\lL~D windows size b'vlln1J 512 l1J~
1,m~tJfll!J'Vl1\1
TCP Option 1~fhl"UI'l~1
[dsfoolla UDP
Timestamp Source Host.Port > Destination .Port
••
'</I~:J.JjJ
tcr/u:
Timestamp:
bbff!il-Jb1flTVil~~1Jbbwflbn(;)d lU1Vi, bl"l'l!l'Ilil-J1U1Vi
US!Iil-Jb1J'\,J'l1-WJEJ 'li'J1~N : ulVi :
Source Host:
bbff!il-J IP Address tIlUl'11-J'IlENbbWmnlil Sll:J,Jl'HHb'ffIil-J1~bUU 2 bb1J1J~fJ IP Address 1~W(;)1-J b'liu1utilJilE.il\1~fJ Vllm'l1:lJ11ClbbU1;il-J IP bUU~fJlel'Sl~(llii'V:; tilJilE.il\11Jdlvr!il~ 2 ~il1tm&ltlluvn\l~fJ 10.15.14.1 VI~il
bbfflil-Jbu'U'~jillm~&1 b'liU hacker.com bUUtliU
Port :
bW!il-JVI:w1 mfl'II'II fJ\I U DP 'V'lil{liltllUVl1\111 bUm'Jil{lilVl:J,J1 mfl'1J1!il ffl:J,Jl1Clbbff!il\l1t1l 2 bb1J1J~fJ VI:w1mfl'Il'V'lfJ{!ilci'1V1~1J'I'w{lilVil~1'li 1J1nT;J:J,J1!il'l:i,lU bbfl:::~fJ'Ilil\l1J1n1'lVllnVl:J,J1 EJbfl'Il'V'lfJ{!illlU bUU 'V'lfJ{(;)'1JfJ\l1J11l11:!-11!il1:i,lUb'liU ECHO, DNS bUUtIlU
Destination Host. Port : b'liub~iI:.nn1J Source Host, Port bU~tJU'llntllUVl1\1bUU UflltJVl1\1 Bytes:
Timestamp
109:35:16:37528°11
NetA.routerl > 110.15,14.11 : 1icmp
I:1 host 10.15.14.5
unreachable 1 2 'YI1il b'liu
Source Host:
bbQ!!il\l IP Address ,!iUVll\1'1Jil\lbbWmn(;) G'n:J,Jl1mwlil\ll[iiLuu bb1J1J~il IP Address l!iltJ(;)1\1 b'liU1utillmh-J~il Vlln'ffl:J,J1"H1bbUfl\l IP bUU~il1~ff~(llnv:;bbff!il\lbUU~fJ tilJilE.il\11JI'lvr!il~ 2 ~fJl~G'!~tliuVl1\1~fJ hacker.com 10.15,14,1 1~ff~ bUUtliU
ci'1'Y1~1J ICMP 1U1J1\1n'Jrubb wmn(il fJl'V'V:; t1nr11b UIil:lJ1'llm 11 b!ilfJ{ 1(ll Vll1 'I111il~fl1u-Wfl~du'nn£)buu'lJfJ\lb 'llb!ilil{U l'1U b'liU1umru
"
'lJil\l ICMP Host Unreachable bUUtIlU Destination Host: lcrnp message : b'liub&ltJln1J Source Host bU~tJU'llnalUl'11\1bUUUfllEJl'11\1 icmp bbWmn!ild ~\l1Ulbbm3-J icmp llilml!illu~~
VI:J,Jlvii-J message ~ri\lmn1J
TCPDUMP 1(llVll1l11bb'lJliI:w1vln!ill11\1'1JfJ\I
u Vl~'V1-J':i1il3-J Vb U bbWn bn !ilv::;bUU'l'iXff:w1bbfl:::tIlfJ\loWl1u bVitJ1Jn1J liI~fJ " "
10: "llh:i''lJbbrimnl'l
.11
".- ';"'!!'fl1"'~~'~'~~ =::

lI!..:"
"l't~~:
.. '
j.',,~~;
-
--
---
~)P~:~.
-
,
-
'
---
.
--
--
~h'Yl-rlJ1tJ':mn"i:J,J TCPDUMP J'Wdj'U(;)lf)~l\1'l1€J\l1tJ"ibbn"iJ..Jvnoil:J.Jl vh,:n'Wf)~lJ'U"i~lJtJtJiJumn1"i Solaris, UNIX
bVim'hn1"i'·tlJbb-Wmn~
use
Linux v(11tJ G'I1:J.J1"imllm 1oi1\l1'UbVim'inl!fln1"i n'Yli.'llEJ
'V11\11'U'lI€J\l1tJ"i1~l'lf)i.'l1~ d'i'Umh\l~ bb~~iithdEJ"lnr:J,Jlnbbl'i€Jl'J'J:;
1oii\ll'U1lJPI:;~lmTn
ii~ b'OJf)~n1"i'V11\l1'Ubbi.'l:;nl"ib:'hm~oiIf):J.Ji.'l1~D~1\l'Yl~1 ""

u-w n bll (;l:J,Jl\>11~ ~:J.Jlrun D
D'OJ'OJU'Wm un"i:J.J .'l'Uy.Jy.Jf)~~ Pll :J.JTnl.JtJ tI"i ! b
Linux use Windows iiEJPIb'l1€J~ih.lb(;lf){b 'l'JPI.yj1oii\l1'W~lEJ!.'l'1:J.J1"irl'lhm1oi1t1'l:;n8tJfllJ ~'W1'l111~!.'l'~mnn';h fl'W 1t1Ul\l 11h:bn"i:J,J TCPDUMP srm
"
"
U~\llJ'U bb (;ly.J)~:J.J'lIf)\I l'j~ f n1"ifim~l bb(;lnl'il\l
bblfl'Ylln1(11 h~w.nt!'lIf)\ln1'lfl1'UbbVlmfi(;l ,-ill
!.'l'l:J.J1"imi1:l,n 1 oil1 bl"1"il:;Yt1~~\I~'W
bbiil~~\l bbihtJbblJlJ'lIf)\l-ilf)m'l'vil~Jt!'OJ:;
bb~l llJ"h-il8:J.Jf'l';)::1~:J.J1'OJ1nPluy.Jby.Jf)fl~n
"
"
"
••
&~1:?::lJll
tcr/u:
Stimulus Be. Response
Stimulus
'VIl-J1tln-Jn1,)fl'l:::$f'U 1'U~.Q'Vtl-J1tl1i-Jn1')fl>J1im.m'Vt1€J«runJ1ruVlm~
"I 'iJ
'l~
~:::1:1m:::u(;I1:J..Ju"j 1j;!1"I€J~ 'Vt1D l llJl~'l:::u
" , , biJ 1 'Vtl-J1u ~yj8vr1>Jw~ 1 Vi b'iJl'Vtl-J1tdhJlin1~lM

~ ~ I
111u1tl'l1j;!r1€J~ luu>J 8uru1i8~iil~~>J ltJ
b'li'U fl.,j ICMP Echo, TCP SYN dJ'U~u Response mn U1:1>J 'lM 8U'lUM D'lJ€J:J..j~'VI' & ru m In.! 111 n i1!>J m D n b'lJll-J1 :J..JCiI'Vtl-J1U "I
'l!.I .... ""' 'iJ 'I 'I.i .,...
'IL'
,o::j
Ut'llU'V11>J~8bl9~8>J198:J..jVllbM8{'Vt1€J~1.lmru:'1J8>Jb'11t'ltln1'M81JrU tT'U~:::bD'Uluhu5M r1mii€J-JM'l>JnU~,:'::u l'Ulr~Ml:iJ 11hlMr1€Jt'l~bd1 Hl>J1UD~ m"l~:::
"
lwlu"j 1MI98t'l'Vt18m~'il:::
bbMn(9)1-JnU(9I1:iJU(9)iil:'::
"
~Nfi(j\ifl~ nl'lWi:'::~'Ubbt'l::: n1"jM8U-rU dJ'Unt'lln fil'U'VI,j>J~t'hl'1qJ 1WlT:i b'ill::: bolhluu-J"j:::uU ~1-J
lCi1uv\'11u Ul;'hN'toii'il::: llJ'Vl"jllJbi;'nril(j\iiltl
I'l 8:iJVh bj;!fl{'1I tl-J b'l11[i1v\'1'VtUTvi~>J n,::: [i1ubbril:'::I'l81J-r1JM rilBWI blrill ,
"
Wlb rill~l'lm.JVll 1
bM8{b ')1 (9) 8 ~n1J bi1(j\b"HntT'Ubl9~8>J a oS\Inl"j Wi::: $f'UUt'l:::M€JU1'1J1(;1 UWll , 2 mh>J:i11911:iJtill'1qJ
"
lYubB>JtTUii1[i1ria 1vibnt'l1'l11:J..Jb~m'l1ubb~mh..J
1W11U'Vll..Jmt1Jn'!.Jnl"jn"j:.::v\'l~.,j
W11flth>Jb'liu nl,Vl b'llM0..JnT'iM"jl~rwUi1!m'U:::'lI8>Jbl9~i1-Jl'lm ~(9)flDV1J'UilubI'l0{b ~ Reply n5u:J..Jl'Vt181lJ Ul'ltX'W lE~lU~i1!WlAtl 11il'lli..J 9 m:::1Jl'WnT'i~l'hi-J
-
... bI'lDibl'l~D-J l(?Jbl'l~i1\1'Vt,j>J J'l'h
ping lUU>J198:iJVllbI'lD{bl'l~8-JtT'Ubbliill>rhjJrm ~
ping vll..Jl'U.QbD'U lUW1:iJ~nl'Vt'U(i)i1u'1'U
" (i)1:IJ rll#i'U W1-JU
"
ICMP
i1V bbliil "
1 2
fl..J ICMP echo l1.lU\)bl'l~i1-Jl'lil:iJ'l'ilbMiI{
B n1')m:::v\'l#i'\lddJunTlm:::tii'Wb'l'\l'l:'::biPI~€J\I ,
b~miPI~D>Jflfl:J..j'l'ilb(ilai b~i11tH1J
B lfi-ru
ICMP echo bb~1'il:'::'Vl"jlUl11'l1:J..j1u') lMI'lBiil'lJ8\1 ICMP ICMP Reply n&1Jluu\l~h;j..Jbo)il:iJlflD
rCMP echo n"J:::MB>J(ilBu-r1Jn&1J(ii1u
"
,',
-
'iJ
''''
~.
-
---
bd~I"l~l-J'i'llb(ll~fbl"1~~oJ
A 1tiitlJ
ICMP Reply n~ul-Jlil"l:::~1aiYf'UYil1
bl"1~~\lI"l~l-J'i'llb(ll~f B
EJoJvlloJl'U~ £Jbbfl:::~ll-Jl"if1~f) ~1"i~1'Ub U(ll blfn 1~ (lllaJun&l -u 'Yl~~£in~l~£Jl\l'YltioJ ~floJnJ:;vll~f) Connection n"iru~ b"il"1:::vlln1"iNoJ-i!~l-Jfl Establishment
'iJ
~1'U TCP 1'U05'U(llfl'Ubb "imlfl~\l~b'Jl"1:::

,
b~EJrifl'U (ll1aJ~rll'Yl'UfI~~1'U 1th 1(lll"lfllll'Il~\l TCP it\l
i'U(ll~'U 1f1 EJfl:::ba EJfI~oJa
1 2
bl"l~ihll"lill-J'lIllb(lliJf A W.J SYN, ISN 1uE1oJbl'1~iJ\ll"1iJ:J.J'lIllb(llilf B b,t:jmu'Un1"ind:;tliu1'11~11
"
"I:::vllnl1'I1il~il&1"i~lEJ bl'1~~oJl'1~l-JWlb<'liJf B bdfl1M1JA'ruqJlru (ll1:J.J-i!flrll'Yl'U(ll1u1th1rJl'1flfl -i!~rll'YlU(ll TCP Maw\l SYN "Ilml'1~~\ll'1flaJ'lIllb(llflf A n"l:::ti1il\l(iHl1J1lJ
SYN + ACK vr'j'am~oJl:::1J , Sequence (f]1:J.J
~b'Yl~a!'ia 1un'V:; blJ'U1U(ll1:J.J~"i:::1J1f1EJiil:::baEJfl1u1J'n~

,
8 ElUbbfl1
'iJ
"I:::bflu 1~11n1"im:;~u b,t:jfl1ifml'hJ-f;f\l-i!Ell-Jfl"i:::wi1.J n1"in'V:::f1nrl1'YlUfi
bbiil:::n11(f]a1Jtu bU'Ub~floJun&i~''11u~ I"
rn l&il
&1 "i-i!ilaJ1lI-4'1 dJ'U~El\lii
~u 1tl it\lmI'lEJm1l'l~1J
"
hI(f]1l-Jbb!iifl:::11h 1(i1fiEllllhI N1U 1'Ylni'V:; dJuoiiflrlTvl'Wfl1 'Whh1l'lfiEllll"i:;~lJnill1oJ

1ii'IlfNNt1Jbblll:;r!iN\ll-J1rl1'YlUfi
"
2 ~\I bUU1UEJ U1\lrlntlia\l~~ilaJb~~EJoJbbfl:::~fJflfl1ilEJ\lnU"ill-Jfi\llE
"
"
"Ilm'h~£J1oJYi1~mhl1 dlflfil1aJ
i1'W(llEl'Wtli'ul1m1n"i:::tli'Wbbfl:::mll'l~1J~U~\l ,
"" ,
,
"
bUU1tl"i1l'll'1flfl il1'1id'iub ~il\l~ri~ 1 '11
bflEJ'Yl1EJ dJ'Ub~f)\ltln~'II~oJm:::1J1'Wn1"i$fllin"ioiif)l-Jfl~tl
,
bbfll b'Yll'llf1~oJii~fl b~EJloiiiJ\lnlJ

'iJ
V'll1:J.JUfl~f1ilEJ &1 b'YlM tj floJ"I1nl1m:;1J1'Wn1"inJ::: b i5lJ'WEl1'V'V:; bU~ EJU'ill nmsseu 11b~aJfl fifJ ~Yivl1nl"i
M'W bblll::: 1"i(llfl1J 1il'UEloJa'Yl1 n nl1r!itll 1111'iimh\l Nfl
Cl1l-J u:J.J1 n fllEJ bU'U'lif)\l'Vl1\l'Il~\l rm 1 'ill-J~1~ ~ oJ~ b'l ti1 1 il\l~\ll::: NTW 1 'Ylq!fJ1I'lEJ'lifJoJl1oJ bbfl:::ii au n'Vd~\l'II ~\l"i:::1J1J ~nffl
gn
1"1 l-J~'!U
u 1{
"llfl'J/'Jv1bb use 1u, 1MI'1~fl:J.JlbU'Wbfi~floJiJm~oJfiu If
Dlonalnd,un),u~aaOn8
~1'Yl11J TCP/IP bb1ill'Yl1n:ijn1"im:::Ji'W~f1n
, 'iJ
MfJ\lMl:J.J1u"i1MI'l€lfl bblih'i':::Jifl.J(llil1J1lJ
b~:J.Jil
'VI1m'h 1 'I1b-i!11'i'1!li~lEJnfi~'Yllnf1nm:J.J'il:;Ji~.J(ll~lJb&:J.J~ mdi'W~f1n~fl.J!P11l-J

~ 'iJ
1Ul 1(lll"lfl fl'V:::liiiloJ!P1fl1J11J 1Mv1r!i1lJ'il:::vl1'YlU1Yi(ll"il'V~~1J

'1..1
"
1u"i1Ml'lflfl'V:::rh'Yl'W(ll11'l1~H"I'Wl1'V11n:ijm"i b~EJoJf1nti1iJ\l(;lll-J
'iJ
hh 1(;1l"1flfl'Yl1~1.lJb'l'h'!'W 1lJ1~rhlllufl1'Wb~~\l~'Wb'liu ~(;I~lEJ'111r!i11J1.lJii'Yl'ihvi~(;I'h

" I
'iJ
tl1mru:J.J1mn'W
1tJ'Yl1~
hi,
mmi'iil.J'Yl1fl 1.lJ, bb~ln mn
"Cl1l-Jvll1l-J" 'Yl;fl "lfill:l1aJ"
:i1'Ylu1VibYlEJ\lbb!iil1 "l:I1aJfl:::h" b'liU1umruun&l

'1J
(;I~U1u 1.lJ:ijniil1n1'WnTl!P1""1~iluNm:J..J 1~mv1'I1floJm1liitu
ICMP Echo request m 1[l~A'IlEI\I bl11.lJ~1l-J1"if1(ll"il'i'iilfJU
"
bbfl:;m"i~f1m"in1Jm"iCl1l-JYiNliltln~
1ail1Nff\lii~'VlTIL~ 1tl~hEJ
1m11l'lElU'Yl1€11.lJ'Yl1fl~N\lCl1aJ.J1'1n'Umn
bn'W bb~l ~\lYi'hmv1'i):::vl11~nfi~'i':::Ji~\l(;l~un~u 1u
• ''Oj1~:'1111
repliP
b'VhJu bbt'l:-;'V::;WfthlWl€ltJn~1J , ltl'Vlnmru! tl~f1W1il~iJlriiiJe.J~1u 1tl, 1l'1l"l€l~t1llEJ

ICMP Echo reply
~\ni"w'n::;nt'lln
1U~lUnl'i-rm~11"l1l:J.J
"
~ mll;u::;a'V:::
~ "" 'il
l>il..] ti1J1'W,:::1J1Jtl~i1~nl"m~:::
bbf)'I'\I'I'l bl"li'W~1-.l 1v1iJ nt'll n r!1l'Wl"lll:wtl t'l€lWiilt! ~ lrii bbl'i('l1l1J1Wiv1 1m:::&i'uv1~p~'W b'iiU llJ1lf
TCP/IP TCP/IP
1(;w'V:::f1ut1Jll'11lfNv1iJff'Vl£1 U1::;lJ1J b'VhJu~'V:::t'nm"jrl1oii-Jl'W'VI1mnn"i'1lfl\l':::1J1J ':::1Jutlnil&lnl'liJ.JI"l\l~€l\l'Vh>llUe.J~U'W '1If)-J TCP/IP ih:::ir-Jl"l-JfI~Ut'l::: llJ~lm1mbn1'111rii~h~nl,-rm~1\'11ll-ltlt'lflWlnv t1-Jbb:ih:::uutlBiI~n1"jfll"l'V:::f1~qJll'l1lf

root
~"
TCP/IP
lbt'l:::mI'TV
TCP/IP
1Unl,~f)~11on€l:W1ll
"
'l1€l..]',h>l
~1 :J.J1'{1HJ\llU 1,,~ri'Ju lt1l bVlv.JI"lUb~ Vl U~:::llJ l'1flU1U l'mJtln~
ElUt1Jll'11lfN1lil H/-.ll'W 1,,~ ri'ulr!1 bbMJ'Wil1rii'l'111lf11:l~MJ'W~1j;Jl"jn,::;,ru
ICMP echo request
"
1rii lm;H;]'JWJ\lI"l-Jl'lfl1J11J~f1m'nJ:::~uUUU~1-J11u,:::(ilu ,
hmllJww 1'Vl1'V:::m'Vlnv11lil :i:l~'VIi'l4~fl1lJ r!111J"lifl-Jl1-Jb'iiuabfl-Jv1nmhm riil~nl'Sfbbm..!'I'lil1('1 ~lm,blm:::vh ~bbnub{jml{n
"
1oiitl,:::11J'Inl1t'1mwn bnfl1 llJll'V::: b1J'Wnl,d'WJ'VbUl'l4m1J nl,

DoS
riil~
SYN Flood, Ping Flood
b1Jwiiu 'li-J
Hillil tJ~1'J~M U'Vl1J'V ::;1lJ~l :J.JT'WUil-.lf\'WwhbENlriibill~
nlSOilUSUI ~U~i)nCllU1SnR10HU1H 10
u 'WUElUv1~lill1n1'i91ilUfU'ii':::riiil\l , b1Ju&\lv1t'l1:lJl1nl"llW1'14mtJ 1rii b'l'\l,1:::nl'li91ilU1U 1l'11'V::: rii€l\ldJulI11l-lonml1'14'W('I1W ' 1tl11l'1l"lilt'l'li-Jl~tJ bb'l'\l~bbri~lf11"HU'If'Wil~bbfil 'l41nm1i91ilUt'l'Wil-Jl"lllil'l4:w1tJ 1:J.J1riim"jWilt'l11Sfil\l'VI1\lfi'ii':::1:J.JbnWl~'WbI'l11:::1"lV11UJ~b~€I-J unn bnil1~-.l::;il1A~m,1 ' h \l1ilU-rlJ'lIil-.lbUTVi:J.J1V lWiilm'Wm"WJl'il\lj:w1 1oE1lfb1J'Wtl1::: 18'lJ'w
"
"
b\'1,1::;~n11
t1\luiJNv1'V:::141tl1:::1EJ'If11'Vlnn11l'1f1U1U 1w1m~ru:::ulfi$f€l-JiJI"l11:J.J bonlh1'W 11 (;1 I"lilt'lb1J'W 1tl €I~1\l~ bblll:::ri€luoJ11\l1ll::: EJWIb'l'\l11:::riiEl-Jml1Jl1n11n1:::riiuUflt'l:::'lJ'Ulil'V::: b~ , dhl1l..n EJil~h\ll ,ill\l nl,l'IilUfu usn in fI{~\l'l4~l EJ 'Wnl11lflrii:J.Jl'li\lonmJ 1 l1J'W'iiil-J'Vl1\lVi1:J.J:i1 n1,1mI1I"l11:J.J1.J 'WVlJ'Wl hJmn
i.I . .... . . .. _.
"
1rii1lJ nl"jl'l €IU1u'nn :::$i'Wbblll:::

-q
bbl'it'l:::bbU1J:i11"l11l-l'l4:w1 tm~l-.l 11 bb~il1riibilUl"l'n:Wiill:lJl1bl'1lil\l lIlv1dl~t1J'1I il\l bU 1'I4:J.J EJ Ii) :::'I'\IU 1 lriil1n11n1

.
1 b~'l:::Vi liJ'iYlm EJ~'Vl~il ~ l'il\! '1'1:::L1Jui'W('ItJu~ dl ~ Q.!'1Iil\luen In El{i'il'W1YlnJ';l L1JU~il\l1 13 b'11111:::

f1 il(;lnEJ
1 'Wi:l'V~i1'W l~~El>l:J:j ll'il-J'1v1l mU ml~ €

,
n1n l'ii'l :::1:::UUlrii
:i1Nv.J~l'I1tldbbnll-l~'1h'Vl'Wl~m::riiubblll:::1LA'1:::~buTI'\mEJ
1lfn11bli)1:;1:::UUbblll:::dlll'VbU1'14mU~-JEJ1mJ€lEJlIl\! 1'Wl'I1,1\lv1·11.1 b'l1'Wl1n11fl\l

TCP
"
u 'I'\I~l1~lt!iJ!.ili'l hJ "lilt!
"
'"I::; bbt'llil-J~lil!.il\ln111bA1l:::~'Vlnm1m:::~'Wbblll:::~1(>lmlruv.J1Il1'1€lU1U
1'W lrii
mrul'il\l'1v1'1::: 1rii",llmUlm.nEJ
'li\!~lm1mhwl'IlV1EJ~1Il1lfd'i(iltl,:::
1EJ'If'lhnn~'W 1rii 'Vln~lil!.il\1'ii':::
l1.JV-.lbU1'14mEJb'WU-Jbb Vlnbfil'lb~EJ1LvhJ'Wfilll'lm1t1mllJ'.1iil~t'l'1lil\ldJl'l4:J.J1EJ
'WiliilJ..Jl'lld 1(iluv1bihYlmEJ 1:J.Jiill:J.Jl1{1'V:::'VIgjm~EJ\lm11lfonil:J.J1Il1tllriiLbl'iil~1\l11'l
"
11 : Stimulus & Response _.
"f
'_ '. .,;, -----1~~~~, --
---
n1'391£11Jofui'i
fl1l"frh~:::l~iu
~-l TCP SVN 'I'lf)'f(;J 80 TCP SYN, ACK 2.1!n;j~dh'VIl..n8:OlleJ'I'lw~lrliul'111JinT~t(;J81oE'V'l1){(;J lil1)-l"lln:OnT~(;J1)1J11J"inn'V'lf)1(i)80 3 ~'Wih~!1'l.rilt!'lfl'~dh'l'lm8vil-l1\.!Lih...ll11Jl'iHvlnfJ{ (lileJ.J"Ilmi1Jl-BivlblfJftllW1)1(;J RST 1. l!'191~d:hmJ1uvil-ll'Wmj 801Un111'111Jin11) 80
2. lmil~d:h'VIl-J181lJiill1)'I'l'W~lrli'W llilvil-l1'W~'WeJ{(i) 80 ICMP Host Unreachable 1. tM~dJl'1'1:1J181lJvil-ll'W iJlilll'1~iNmj
"
"
n,soausuri,HuCl151unsaunaunmSau ••
'1If)-ln1"J~fJ9Il'
q .... 'l.J
10
1'l11~mn~1)-l 1'l11j.J:iJw~!J1m'l'lbb~:;lh:;~'VlTImw
c1ilVblh'VImu'lJEhllu"Jl(i)l'lfJ~l'WdJf)\I(ih...l~il
C;)-l~UL~eJ'W 1'll'i11)rll'V1'W(;Jtlil\l1~1:;1J , ' 11~'Un bUUltl bVifJ1lJ1':iJ'1(i)bllh:;1il'j~c;)jn~11 ,

'lJ
"
'Vm;fll'lrumjVi'Vilni:JnI1~ilffld~bln~1)j(;llj,Jltl11(i)l'lfl~ ff::;lilln 111V11n1,~f)ffl1c1il ~:;bt;lI'Jl'Ulh'Wd !Jl'llll.,HlnJif)-l ~
I"lfJlJ~ll(i)fl·rVyj 2 ~-l'ij::;~il\lfl'1'U1I'JmllJ
i:Jis rim 111 'Wbbf'l:;tl"l'dl'VlTIt11'Wff-lffll1 bb!iittl"l' t(;Jl'lf)~lmr1J ~~ ttl"il(i)l'lfJ~ bb~l"1:;~(;Jn1"iliiilltlfl~l-l
'I'Ilni:Jn11~E1al,~1:JJbln~il\l(i)llJ
rll''r1'Wlil 'U~(i)Vishl'lbJJ utyjnV\lI'l-lb'Vi~flb~fl'U 111 1'lJ~'U'1~nlJlnm8ffitl11(i)l"lfJ~ TCP rll'VI'Ulilll1t'i\l SYN l'Wlililu Connection Establishment
"
1"l' ilTv'V:;i:J
llJ1~b:;~:iJC;)lfl~1\1 b'Ii'W
bbf'l::;t'i.J FIN
Iuasu
Connection
Termination b11lJ'l1'1'11n:iJn1"it'i\l TCP Viii~\I SVN 'V:;(i)fllJ11Jil~l-l 11
use
FIN 'V'l1ill-Jn'U'V:;bnlilil:;11i'U N11J«rurulnJ
"
--
u oJ 'UfJ'U11 n11t'i \I~qj qjl nJ'VI~il'i1fl~ f'l1(i)1ViN(i)'ilil nl'ViU(i)1Uttl "i lill'l1)~~'Uil ffllJl"Jbl m::;'l'11 ' l 1J11'Unl1vil.Jl'Utln~ b'J3'W'Vilnl'lnJ'V::;id\l-nfJlJiijV·h'U , " bbl'imh~lJ11 TCP I'lnJfll'V'ij:;b~!.Jn , API (Application
'II
Program Interface) 'Vi~El Socket l-JlvhI11'Ubbf'l:;~b'Vi~fJ API b'I'I~l,l'l.!mtl~(i)nl"i-nm.Jfll'U'::;c;)lJ ~l\1bf)-l 111bln~fl\l(;llj,J ltl"il(i)l'lil~ API 'Vi~fl Socket b'Vi~l,l'l.!rhiJ'Ultl1bbmlJ'lJU(i)'Vi,j\l l81)1~1\1 b'vh,l'l.! mnuen '11c1i1(i) 1.](i)"i\l b'Iiun'l.! bnfl-fmtl'lumj,JVivl1
"
~'V11'1'1'Wl~~lil'l::;lii81J':iJ'm.jf'l b~lfl\lltlil\lfltlmru1'Wb~ L
'"
'V!ih~~\ln~ll
nffllJl1r1g\l-nilj.J~
'II
ltlil,mtlmruliil.J
,
ii..1 bl:Wm'ij~:::(if1)\liiI'l11j.J11'l.!
b"l'li'11lJl1blci\l-nfllJf'lltlil\l ltl11(ilI'l1)lilb'l'l:iJfl'U~ Socket
b~fl\lJl1BI'l:;C;)1J~lLbf'l:;!'J1i(ilLb liiil\1nlilllJ Device lc1i 'il1)j,J~~id\lmlJ<llliJ'UlJieJ\I
Ul'iilliJ'l.!~\lVivil1(ii
uae dlfl
V11 ojjfllJflill'V~:;iib~eJ'l.! l'lJ'Vi~fl flag ViutlflnU"J::;'Viflll11bblil:; :JJfflj.Jl'lbl~(iln1'j'c1i181tl"J l(i)l'leJlilv(1'11tl 1 n bUU1(ii bb~:;'V(i)dbfl\l~'I'h 111-nfJlJlilVigl11tliI-lUlill tJ'Vl\11J 1\I1"l{\IVIInll,jil~l Ub~eJ'U l ' l'lJun~Vi'j':;lJ 1 i1 u
q 'IJ 'iJ "l
"
bu'Uojj1)lJ~Viblnrll'Viu(il11bl~11u
"
"
"
"
1tl'l1(ill'liJ~
HlJ-nfl j.Jf'lfl1"J'V:;llJi'lllJl"i
11 'lJ
n~(il f111-nfJlJlil1c1imh\lbl n Iii il\l bb~:;'ilm')flb 'Vif'il~'Un"J:;

'I.J 'iI 'iI
lbU,ffJl1'W bU'Wbl"1~fl\liiill urnshj.J~l~
fl~l\1l'J3'l.!1JU Windows NT Vibl"1mn(i)i1qj'VilU~\ll'1blf'l:;i'U
II·
'V1)~'I'l1'Vi~1)Blue Screen VI'Wl1b~fl~nhj.J&1(ii11.J1Ed
L~1:-1::1J1J
repliP
Il'SllhqlJ,ftuWi,UDil
'I'll
Stimulus at Response ldlJiill!J

n'il::: ihr:hn'il n'j'J:J..J~"::: n ~11 viB11.l,j dJ-wl.l'J::: lEJ'1:I1.Jnl"l..J'iI::: i{1nLii8\llTn h bmV1'BbWUnUrrw~lu
n'ilflddJ.J~rlElb Vibn~l.ld::: lEJ'lj'wnur1u~lutl8mb~:::rlElbVibn~ e:111hhll.lb ft u'VI1\1v1Nf?lbB\I'l'\lrlElb Vibn~N~b~tI

'1.1
"
b'l'jdl:::
dJu
b'VIqJ
'VI1n l~J.JEl\li:i\l
i:l'l'~UV,J~fld:::V1'uvimJI"lr1f.1 If?lEJ:J..JEJ\I bQ'Vn:::~\lYil~1lJ'I'lnm:::lJ1Un1dnlTlJl1 , mh\ll dn(lllJ.Jrl~umjnlJmd

'3J
dJUl.ld::: lu'/lu
'3.J
bWU\lbbl1l
b'ii\llU'lJEl\le:11'ii·:hv::-111
J.Ju11.lbo1Jnw 11.lbUill"T'Vll\1b~
'VI~El~~~nnu If?ltl,,r111.l11n1dNbbnU m.:::~'Wbihmntllu~n'Bru:::vil\1'1 dh'Vl:!.jlt1btJ~bViu1n1dD:::1.Ul\l

Request
b'liu'lNElf(llNbbnU bill'lbiimmnu
~Elmd~\liffq)q)lrull.l
TCP
b'liU'VIln dJ'\.mld'l'jElf(llfHbnUrlvhl~r,mn1dd-J dJuLilu 'VI1mh.-,f'UburIb11n1llbbnuii1f?l!'J'V11n1diii\l

ICMP Echo Reply
SYN 11.liJ..J
'Vln'1'INElf(ll'lJfhl dJl'V1J.J1 U bb-fhn1d(iiEllJ1'Un5lJm'lJ 11.liJ\I'VIn ,

IP
El\lbbl11~:::'I'j l1(11'i1::'1'11bViiffut1'B!llUl~1111'1111tli" E :
ICMP Echo
b'Ubu(iib11mTubb~:::f\EltImd(llEl'U
'u
n~'U:J..JT'V1llbbl1li:'!:::IP
rlV'JiI'I':::vh 1Vivldl'U larllffi"N~f?lv1btJf?llojj\lluEltl1 n1ddld1'1' biJl'V1mtll~!'Jl'llir'WbD-Jb6~llT'U
'Ubilfilbi1n1Jl\1 l~lldJ'U
tI:::In
br1~El-JijEJl.ln&1"r111.lv1'1htllViil"!lnd'VI~El ~ us :::1II1m1b1 Wli:lq)>1111l1\1 '11~ 'U1:::.;rU
~U1'V1'1dd:::'U'UNlmdblfil11'i1Ni1'lJl1'1111~ 11l1\111~'ill m::: '
wd\l htJ1~qj'1 dJ'U LiiEl\ll11fild1'1'ffEl'Uffi1'1111tli"J'U""J~\I b 'li'U'VIlnLilEl\ln1d'VIdlU1111'!N tli"lllilltJ'VI1\1vh.nu '1 l.ln&1'V1~i11~rlil1'i1'i1:::H11.J1 bbn1:J..J PING bvlEl'VIt'lNEl'lJ1?lVI~f1vl1nLiiil\lnl1'V111'Ul1b:J..J~ bMwb lfl1LiJI?l lVi'U~mli1tJVI~Ell~rl'VI1?l1llD'U 11?ltlnT1 Nm'w:::v1dJ'W'iI,\l1 'U'lJru::.:J'W ifim,bb§l::': bl'1~fl\liJiI b'VIt'h,j,,:::111l111ft ~'UilE.inlJN1 ii Vllnm,dl'·T'VJ'U
TELNET
"
ltJ iJ\I 'INDftll 25rl'l:::'VI11'U lLiilJ.JtI1n bb~:::1~iifl:J..Ji:'! VidJull·:dtl'/lUVI~il1'V1'BJurl n&1 bbl1lVlln1'iill.ldl11'i1
"
"
" 11'1NWI'lI EJ\IN~Url'il::: bV'Wn1'J§l::: bjjf?l~V1B'1:JB\I N~U 'VI n b1.l1EJlJ1[1111W1 1 dJ'Wll1u bbG~i1rl'V::: bNiiEJUU1Uv1 dJu " " 1~ii{11i1'U'lIflu1i1?l 'Ur1f1§lfl1 UU fl nv1 N1U11.lm ~ll.11'bliiifl\)n li' fl\l b-Elm ~,1, ssu1'WU1U1M u 'VI'U'VIn
'1lElnvm:J..J:J..J lV1t1~b..ijl'l1B\lUl'Wfl1'i1'::: ldJ~(ih bbi;'l:::ii\lul1':::~1'l11V1~iii1'W 1'V1ninEJ1nv191:::'VI~m~tJ\llM
'I 'I 'lJ '9..J ....
"
bv'UnTm"i:::vhvifllviilWifilub1NrldJ'W~\ItJ
n1'J'lIlf?ln§llnM1UI'111:J..Jll§lilVlJ111v1m rl(llll.11Liivllm,dl"i1'l
f;j
u,:;-~'lJ 111'J1t91r1i1§l bUUn11bUt'l1fln1111 1ViN~UVI~B 11"l1'1 b1ll1 '1'111 Viriml§l::: dJI?l~'VIfi'1I€I\I~~u 1'WbU(IIb i{nLiil!'Jn11
d:Jl'V1mtl(fjl\1'1flVl\1
"
unu 1f?ltIhi1Mu fl'Will~1I?lbnf?l~'W lu VI§llm:::~lJ u UUilU l1n1'J1II bbnujj1~'Vhf1uI?l11u , Ni:'!m :::'VIlJ l?l'1l'imiJl'V1;j.jltJ 1'WYluYi bbvi.V,J~ 5YilJi'illn rrnsunu bUU~\I~5'W~111 tI~\lnl1 b ~~ ~\lv1f11"jfill:::'VIlTnM€I
D 'WT!'JYin'B:::r111:J..JiU i
"
us :::a\l
nldv1bbvn bnEl{1II1:J..Jl1bl b,)l::: biil111iJ\I,:::u'lJ'lID\I

'I
~ t'f(il~i1'i1::: til €I\I:lJii €I:J..J §l'llEl\l bVIdil:J..Jl n~i1 t'f:J..J111nld r
u [1n in fl1ti a 1.1 ,1 tilT nv1,::.: 1II1:J..J1 b"'ill:;-N1'Wseu Ufn'BlI'111:J..Jll iililt'l J1t1'l1iI\l bVIdill iKtl?lU sn ldJ:lJii fl:J..J Gil'1lfl\l
1 ill Ui:'!:::br1~€l\liJiI~iI 1II:J..Jr11'l iI~'W VI1, f?lElil'W 1'l1 a \Ibil1V1 m b~

e, 'iI
,-:r
b'VIdEllmJu'iI :::W1fl\l
1.1
bb§l:::~ §l'1~ ill

EIr
"
b'ill :::1:::1J'UJU '1~\I'iI::: (;)1 bUU n1"i lwr dl b5'i1
"
.;r\lJum
:::lJ1Un111 Vil~:J..J1~\lii Ell-Jlil'l':::b1Jum :::lJ1U n1d Wiu'1'11 \I1'111:J..J~til 111:1.11 nl"i b'ill::: EJ U d'.11'V1m U~htllTI11l1\11t!'WbEl-.:l m1iJ€l\lnU~n m[1111~'1IEl\lb"il1111mlbl Qnabbn'W lLii
11 : Stimulus & Response _.
. "i:-:'U'UrlRfln11dl11'V
~"
-~
---
---
--
---
--
l\il ~~l~Ci \I bbiill hihidJu
nl':lU El\1nUnl 'H"Il::: b'ihd-Jll~ ~m\1 lUn11b"l1:::1:::UlJfI\I~U
bbMrhXlJll LiJu nl':lDEl\lnU
~ il
1l"l:::~Vlfj[11'woii\l"l:::'li';JU lyb:::~lJ,"m:lJ~ln
"
bb1il:::1il~l"lll:lJ b~~\11Yi-wmJ1il\11~
1'W mi"l::: bU'W \1~'ll\il b"IU 'll El\lnl1Ul 'il ~ msri Elmu n1':lYll\l 1'W'llfl\1dhVl:lJl~ 1'WLi'i(;lb l{n
m:::m'Wn11i1l111
ii1'WVll\l~ N\il bb1il:-;taJ bn\?111':l::: 1~'lJ,r

leJfI~'YI~ElmJmru , bb1il::: bc-.J bil~ ~ n1':l'lll\?1n~ 1n~huI"l11:lJ
(Denial of Services) fll"lbU'Wn1':lrlElnlU
l\?1mhu 1'YIqJ'l:::fl1l'hJl'lll:lJlJn'W~fl\l'llfl\lm:::uTWnllii\"jbfl\1 Eln"ll n'l
ll~ fl(tJJl~bU'WiJ"I<ij ~~lili'ltl)~U
:::'1'111 m!lfl(P]
~ fl\1li1fllJ~UnlJmlm:::~'WbblJlJ{9]1\l1
'ilm.J1illYibbrluen bnfl'h~ElCinflbbnUbb~l
ml\9lEllJ~U'1Jfl\l1"'r;H~111l1bU'W~\1ViI"l111l'YI:lJ1~bb~:::V:'W'YI:lJ1ufi\111l11lJ 1~ 1~vn.m(p]!T\1I'l\1'Vll\11U l~n~El\1 I'lEllJVln'il'lf.,j~:i:l n11m:::~'W l:JJ'hmlm:::Mu,!'W"I::: CI

q 'I
"
"
~'VhLVibb~d\lnll'!'W1ifiEll!lflMtaJilVl1\1
bViElll1lCilJ':i:::fI\1 ~El:::
~
b~Eln~"I:::1aJ\9lfllJ~lJ
11 bb~::::lJl"11nYil'VI'W
1udJfl\l'VI~.,j ui'll"1 :::~El\11-E
bii El\1 "I1nnTJI'lEllJ~lJ bu'Wm:::u':m nll'Y1ii\l'lJEl\l n11~El fll':l'il fll;j1il WI\1'!Ub~Ell!JfI #ll~~U n11 m:::MU l:JJil"l::: , bU'Wuuu 1l1l n11"1::: g\1trru~onru V1ElU~Un~u l11l~'!u ~
Vl1'W~lm~ b~~l-iiEl\l1 Ul:::UU 111bViflnll.a"folflfl:lJl"lll
D\1bbiill Ell"1"1::: HVl~"foI~1n1111 bYl~\I';l'Wl'W 1:JJ
:lJln b~ElbYi~lJnU'VI~"foI~lnl,;r\1'VI:lJl1l~:i:l bb1il:::~'Ull~:lJlruVl~"foI~Jlm bYl~\1 b~nu8u~nn -u l-ii111'Vll1 Yi1 U flJl11:::11 n Wi bi'llNL-ii1:JJ'VI11lJbb1il::: b 1:JJ1~~u N1ilnl::: VlU"I 1 nm:::munl1.a
" V1flU~lJnl'jn'j:::~'Wl'W1l1:lJ1MJ'YI1~11ilVl~"foItJ1n'j~:i:l8~nEl1'l"l:::ClnH1Vi'YIl-l11l1tJ1~b'li'Wnu , " " ~nt;iJEl~l\lb'li'W nl1\9lEllJ-rlJb~8:i:ln1dn'j:::~'W~1~ rc> SYN l"'1i!~'l:::\ilEl\1HVl~'Wmnd ,

bmh.abViEld8\11Un1dm:::~'Wbb1il:::b\9l1m.J~lbf).,jb~8"1:::b~:lJ'VllnTJ&8f111 (~lb1il'llfl:lJ:lJWi) , • CPU Time h1i!l'l"l:::MEl\1Hr\'1~\1\11U'll8\l 1/5,000 1'W1Yi • CPU 111d'lmhml1bI"l11:::'I1Lb'Wmnl'l.j'
bi'W bbM'YIln~El.,j'Vllnl1
Memory l"'1i!~"I:::~fl\l<ij\?1Q1'jd'YI1.ilU1"l11:lJ.Jl b~EldEl1lJn1d~El1i!Tl~"1 :::bnl1l~'W 1024 1lJ~
Bandwidth 'l:,-:MEl.,j HbblJu~ll1lmll !T\I~g\l
512 llJ~Uml~\1trtl)q)lru
ACK b~fl\9lfllJ~u111
"
"I1nM1El~1\1Vl1'WUln'jvnoiioih\lMUlil'Y1-rlJnl'j\9lfllJ1Unl'm'J:::~U'llEl\l oii\1 b~nU8umnlil'VI-rlJ
rc=
SYN 1 bb-wmnVl
l"1i!~~'Vll'Y1U 1~ bUUbll1'V>l18-fl 'WiJ"I'il1J'WbbM-t1fl\l'illn l!'1f1MtaJfll:lJl1n.Jln\?1 b L ,
111:lJlru SYN bb-wmnVl~'il:::b-iil:lJl!T\lI'l'Wbfl\l1~ ~\I'!un:i:l1flmflvn!lfl(p]"I:::1Mu
rcr-
SYN bbwmnVl
111mru:lJ'VI1Al1il boihm bbf'l::: l!'1f1~bfl\lri1aJfll:lJl1n'VllEl::: 1'j1~~hJnilml"fo1tJ1m:lJ\9l8U1m'Wfi\1~1i!l'1 bYil~Vl1'VHJ 1 n'J'il :::flll-l1'j n1"li1111~ "'1l n~'8 ~l\1-iil\l WlU 'VI1 nl!lfl(p]WI\1n~l'd 1cHlJ
rep
SYN
bbYlmn\9l11~mru 5,000 bLWmnl1lJl1U •
Iu
1 1'WTVil1U'il:::'Vll1YiLill1lNf;lm:::'V1UMflVl1"fo1mmi'iEl CPU "I:::1:JJfll:lJl'jn111
CPU Time 'il:::Cinloii111 100 % 'VI:lJl~l"Ill:lJll1'W1U1Yi'!U l.b~m1ilN1il\llU~U
"
1~
• •
•• L1ll1:';l:IJ1l
Memory serm l'l1111~\1~U 5 Mbytes
"
Bandwidth 'il~ClnH111 2.5 Mbyte/s 'VI18b'Vl1nU 10 Mbitls
"
icr/»
1~fl'~iil\1~lJLtif)1Mum"Jn"J:::~'U~\lniill1 ,
nij~m'Viv1~rJ\lv11\11'UrJ~l\1'V1tTnLLPI:::v1l\1l'U~'U1~ f)~ LLPI::: lllnf) v1'U1:'Tl11w«i'l4'u~m"J 1~'71dJ1~ \Jv1fl'~ o;u 'iJ I It 11uiJ\I dJl'V1:!J1V,r'U
0111 PI\lmnl'V'Wii\loff'Uv1<]~~l
n~'lJf)\I'Vlf'Vi tnn"J~ij
L'VlI'1UI'ln1"JrirJn1'U l!'J&vl dhyu.J11J 1~1Jn1"J~ \I Lb Vln bn (llU~mru~nn L~vwh
Flooding fif)'V:::1'l~11JnUn1"Jv1l1'14'buAbl~n,rmil:!JYl'U
1u~':w bbVlnbnAYi1lJdJ'WUI":::l1J'lJU NPln"J:::Y1u!iif)lill1m'l'MilV
1~ v~11u'V:::~\I ~·mn"J:::Y1u!iif)bi1{i]L i~n bU'UD'Wliluu ''In ul'ini'j1lJuf)vv1ff\l L'li'Wn'W~~~nn'Ul~v~11ufif)
SYN Flooding Ping Flooding

b D\I'Vl nrrrsrne
"
\i
t1i'U PI::: 1I"(llf)U1U b 11'W 'W ff1 'VIit\l'lJEl\lml"~ Elfl'l "Jii f):!J~ 'i\l ,11'W ~ €l\l tn n~'V::: b ,u n ~ bt:j'WjjLL{i]n!iil\1
OJ
iJ€l\ln'WA'Wb€l-.ljj1'14'(ln l'Vl-J&i bW"Jl:::'hm1 l'V:!J~ bL~:::m"J~Elfl'11"Un~lJ1\1I'1~\I~fl~1-.lt:j1 n'W ~\I,r'U$\lv1~~@~'l
:::'1'11 1Vib"Jlffl:!Jl1"lliJ€l\ln'Ut111
bEl-.l 1WififiEl 'V:::t1if)\lijI'111:!J~bbPl:::biil hn1"J
"
A€lU1U n1"Jn"J:::~lJllll:!JtJn~ 'i
L~EJriEl'WEl1'V'V:::v11l'14'L "Jl'Vl<nu 1Will~1'W l~ih\lv1dl~ru .. ..
~1'U l~ih\lv1
~l bU'U~D\ll ii~\lriD vi] fl\ln'UA1:!J1'111:!Jb'VI:!Jl::: t'l'l-J b'Vi"Jl:::nl"JiJ fl\l nuv1:.nn bllUlU'VI~fl'lJ1~1'111:!Jb iill 'I b V\I'ViElEll"J<iJ:::v11l Vi Vi".i:::uUfl1'V'V::: lJfl'1).J1"J1l~f)~1"J'VI~D1'14'u~n1"J1Willll:!JUn~mWi 1
rep stimulus
DElnhl
- Response
"
n1".in"J:::~'Udl'Vlfu
TCP J'WiHi€l:j.mdl~ru~~fl\l"J:::ul'Un1"Jn"J:::Jfu~fl
'iJ....
"I
'I
IP Address
LbPl:::
'VIl-JlVL~'lJ'Vifl~AtJ~l V'Vll\1 1'W &[111 :::tJn~ b1flU 1'111 'Wn1"JAfl1J1U 1 U bb!ii~::: smu m".im:::t1iufflm"Jf:I'Vh1~{i]V~lVbYiV\lLbI'i1ii~1«\I ,
m"Jru'OJ:::Lblll l'il\1 n'U n
Telnet 1tJv\I IP Address n1J'VI:!J1VbPl'lJ

b1rJU 1'lJ~-.ld
wfl{l'Iv1Jffl\l n1"JLb~:::ff\l bnlll N~n1"Jl'liJ1Jf1J\ln:!J i
bb\ll~:::
nsn1if 1
1umrudL
fiJifdlfhnu181iJallfusnlsuuwasnns:q
"Jl&1:!Jl"J1lI'1l{i]'VImVn1"JlllElU1lHln
'il
boi!{y,jb1Elfl~
'lJ
bW".il :::n".i:::lJ1Un1"Jfl'11\1 t 2 ~-.l'OJ:::dJ'W\il\ld
Connection 'lIf)\I TCP 'V:::Lff1'V~'U1Wimjl\1fl':!JlJ"Jru l~viif):!J~ml"~a&l"J~\I
Stimuli Response
client.com 2774653900
: 25001 > server. com. tel net S 2774653900 (0) win 8760 <MSS1460> (OF) S 2500700000 client.com.25001
server.com.telnet>
2500700000 (0) ack 2774653901 win 1024 <MSS1460>

'Vln"JtJ bbUU'lIiJ\lm".il'lf)1Jf1J\lIl:!JUn~ n'OJ:::vh 1ViL"Jl'Vl"J1U1tiil1ijn1"jbU~ bViiJ\lI".il'V~11 1Vi1J~m"Jv1w€l~lllv1
"j:::U'VI~El ;fjdLtJU~'U~l'U'lJfl\ln1"J'I'llWa~lllffbbn'U~\I 1lJ
,..
"
Host biJl'V1:!Jl1JJU1~bil{i] 1'14'
U~n1"J~Wf)~!ill{i]Ul\1 vW{\lI1Viu~m"Ja~
l\l1EJ'v11n1dm:::t1iti{i]l:!J~".i:::u , iiil\1M'U 1 ,
'VIlni'Jn1"JAflU~Ubbt'l'{i]\l11:ijn11"bU~
11 :
Stimulus & Response ••
~.~~. ,&_:}-' • ~ ~
-~~~-~.~
.,i' . .;+;;~
,
,:"L:~ •"
0; ','
--,~ i~~.'~::~::'_:'7?~<:
,~
fIo.""",", ...:_
",J
.:m:-~'~
~Itr:~
, ,
" ~~
. .'
~~------
nsrun 2
Stimuli Response
fi1i1tilli'JIfU1Sll.iliJalliusnlsuuWiJsans:q
client.com : 25001 > server.com.telnet client.com.25001 :S R 0:0 (0) Ack 2759957870 : 2759957870 (0) WIN 8760 <MSS1460> (DF) server.com.telnet> 2759957871 WIN 0
n1"ru~ 2 ~~Jn1"ru~ m 11~n~u1~flnl'J

SYN :lJ1 SYN
Host
tJ~lU'VI1\1vl1\l1'W€i~bb~1l.JHibtl[1l1Yi1J~m1"1J'W'jIIjfl{M~~mWlJml-J
b{hmu.,j'l'lJfl~MVillJdJ(iJ1'11u~n1J~EJ b~ilb'i11cii-run1'i(?Jil1Jniff1J~il
"
Host
'V:::vhn1J(?JEJ1Jntr1J111u.,j~~ n'V:::ml1J1ciiVi'WVil1
"Host
"
$hUn1'i~.,j
Reset Flag
ntru111bVifl~Mn11"M(iJMmr'WVi b~flll~bmli~~MMMflb-ihmii1Yi:i:l
Reset Flag
m'iM(iJMm1i1j.Jl~'l'IJil'mi
'l'll\11'iWY bbl?i1aJl lu~nl''i~'jIIjfl{M,r'W'' Y
nsrun 3
Stimul i Response
fi1i1tillalSnli)ltiiJa8uUliimJsn
client.com.25001> 2759957870 router.com> unreachable server.com.telnet : S 2759957870 (0) WIN 8760 <MSS 1460> client.com: ICMP : host server.com
..
3 blJ'Wn"iru~1eJmMll ~18'Vll\1 hJiimjumil(i1 bi{n EJ1"1'V::: lJ'Wb'l'lJ'il:.:tI(iJ brl~fl.,jfl ~ b ~ ~ 1aJ1lilMElb1ilnu bil(F]bi~n l'l~ilciilml'l(?J ,1(iJ1lbb~1 bb(i11!JtilM~\lnj;hJ1aJtill'-Jl,lJ~mn'inlJlil(i1b lin 1cii ~ltJ
TCP
nlru~
'V:::b'l1'Wl1n1'iMflU-ru<,;':M1.,jnu1'timru~
ICMP Unreadable (ICMP Type IP
2 mrii'dffqJqnruVilcii1lJMfluniffu'V:::1l-J1'1i 3
Code 1)
TCP
bbM'V:::dJu b~btJfl1'1Jfl.,j
~~l~\ll1.JbbPl:~~\I
IP
ICMP
"li.,jblJ'Wnfl1nrn'imlJrl'-Jrn'i~.j~mJlu , " bl~nbnMiinffumnblJm'ilbMfl1 (router.com) "li\lVl1

IP Datagram
Ylih~(i11'-J~nl'''1'W(i1111'ti
bbfll:::bdfl router llJf'l1m'irl~.,j

Message
111U\l
server.com
~~EJ
il~nuM'Wbfl.,j 1cii %.,j~.,j ICMP w
I'lflunfful-JliJ-JJi'W'VI1.,j 1Yl'Vl,lU
nsrun 4
Control List)
fi1i1tiLla18n1i)l1nUaanlJ1oslslloas
<u
mruii~fl1!Jf'lMilil~'V~\l 111,.n!Jf'I;tv!
Admin
bb~:~Elfl ~nlJ bil(i1bi1n bbMb'i1bMfl1a1'V"I:::nl'VI'U(iJ

'U
ACL (Access
f'lll-Jl'ilJ 1YllJ~nTl'l'lJ f)i(i11(i11Iillil\l'id~~\lnTlw.JU\"l~ 1J.J'YlJ1lJbbfll:::llJJifl.,jm,

server.com.telnet.S
, 1Yin1';i~flm1"i
~1'ti
fl1U'W flnf'llm1"~'l'll 'jIIjfl{(i1~'W~ System

Sti mul i Response
~h'tib1"1bMaflu U\lllPl1 tJ'Vl1.,j~1'W'l'IJfl{(?Jl(i11ciilh-J b~a1JEJ.,jn'WnlJM~MfI
client.com.25001> 2759957870
2759957870 :
(0) WIN 8760 <MSS 1460> : icmp : server.com unreadable
router.com > client.com admin prohibited filter
ffqJqJ1ru~(F]fl1J-rlJni!hJd..nn-HiHi<,;':::dJ'ti
(ICMP Type 3 Code 10)
ICMP
5nL'1i'Wn'Wbb~
Message
1'W
ICMP 'iJ:::
~l-Jn'ti 1~tJ'V::: blJ'tim1"bb~.,j1'W'Vl1"lUl1b1"1b(F]El·~·bJ€i'Wru1A , ~ 1YiM~~€i n1J1m~MtJ mUl'l1.,j 1'W'l'IJfl~(?J!K.,jn~ll
••
'1iI1:t';1:IJlJ
rep/IP
nsciifl 5
"Ilf1nJruii
~\lI'h11tl~1..]1
faadllif18nliJgnuaanaJ8lS1/DaSlla:lsltnas1ulliiJnau
4 J\.!Niivllf1l"j'INmm~'Vl!n~EJ1J 1 m.HU1(ii1milb£)!nb~'iflU§l:::VW{(iitl::: ,
"
bti(iillfnn"l:::'Vl111J 1kilb 11l(iitl{Ml1'VI'U 1~iln11
11 1~1il"] (il"]~ubvltliJtl..]nuil1'11ojjf)l'Il1:!.rvi(iiil1J
..jf1'lruvi'Vllm'i1J~f)n
TCP Segment 11bb§l:::
f)f)mn'Vl n b 11 b!ll a{fll,.mn
1Vii aJ.J~lIia r:11:!Jlh:::G'l'..]~~hl'111111i1l1:::1U"lj'u1~ b11 b(iiEl{a..] l~(ii1JiEl nil
"I::;1Vilb~..]1iElI'l11J.Jn51J1tJir..]$1U'Vll~'VI1tl1:!J mrudbih 1:!Ju~..]1im'nlJ.J 11'l'I n5lJ 1tJEJ..]$1u'Vll..] Stimuli Response 1un'lruii f11'i~..]1im.m~h14 client.com.25001> nothing
server.com.telnet.S
2759957870 ..
2759987870 (0) WIN 8760 <MSS 1460)
5 iinl'l(iif)1J1'm:::1:!Jb1'Ju1tJ(iil~1imhvI'IJ(i\~..]114
IP use
TCP b'IN'll:::1~vtJn~ ICMP (il-:l~14
'VI1f1 1:!Jl1m'll'lEl1J1'1J
"
IP 1:!J1T"l:::bnl'lf):::hffun(;11J.J'i':':~f)\lilm1u~..]n5lJmEJ-:I~U'Yl1-:11liHJ
1(ii'l1Vifl'14'I1H::i1141~1111§llV'Vll..]il~tJn'lru1m::flI'111~tJm)(i\.nVf)y bbvlm'lVil:!Jilm'l(iiEllJ11J
fll'i''i'::: b1JU
l11 b(iiEl{virll'VI14(ii ACL 'VI1flfn·i)'i' :::L1/14W{1E1~&n L1/14 Wi LLvlfi\lLbiJl1~vihl-J&i~1J.J11b11'11I'lbI'l1 1 1 tltJmrutJ~l ,

V '1'1 I..]1~
1(il'lL~Vn'1h 1Yi1lJG'l'1J.J1'lbl'Vl'll1J ~11tJ~lV'Vll..]ilm1 1
rll'V114(>l1'111~tJ~EJ(j].nVf)~1-:11'l 1:!JG'l'1l-J1'lbl'Vl'lI1J1~-hvinnlJ~ilnJu~\I
'VI1EJbil'V'l1:::'lNrJ{!Ilii-:l"l:::'Vl11Yi~iNbaVb1L'n1tJi.'4114'VId-:lbvlmhm'll'l'l1v@1JtJmV'Yll..]Ji1vlTI~uEln
"
Lti(;1Ll{n 'VI1E1 il'IN1::: L 1"'fl'1il
UDP Stimulus· Response nsciiif

1
bl!f)-:lvln
faadlilalliusmsuu UDP wasans:q

UDP 1lJ:iHml1'VIu(il1uhhl!1lI'1£)f!l111Vi(;1EJlJmh-:lh1un1ruiJn~
~\I~14EJ~n1J -u
Uf)'IN'IN~bli'1iUb~ bVEJ{;i..]dJ14N~(>lf1l'l 1unl''J(iif)1J1lJ
'Yl(>lG'l'EJ1Jn1Jlbtl'IN'V'I~bl'1i14vibtJ(>l1i\lI141JU UDP EJyriEJ DNS Stimuli Response 1UM1D~I..]d client.com.2540 > server.com.domain : 43005 + (31) DF
"
bl~:::UUEJ14n14 b£)\1~"] 2 ~\I f1l'l'Yl(j]~El1J<.l,,]MEI"]
server.com.domain > client.com 25040.43005 1/0/0 (193) DF

DNS Server 1~(il£)1Jf1l'ln1:::~U'Vln client (illlJoff14(ilEJU~ DNS Server
rlT1114l'llEl-:l iElfl-:lbn(;1rimh'VI1lJ
UDP bb~lvrlnilnTm'l:':~14U~JaiEl"]f11'J'Vl'illJl1bb~~:':'lNEI{(ii'V:':
(ilD1J~14D"]£)~l\11 'l n$1£)..]ffm::fl1mlV~:::bElV(il"1JEl"] bb~f!l:::bbil'V'l'IN~bfli14 EJ~l..]1 'lnl'lll-J'VIlnMEJ"]f11'l 1t1 m:::M14lWt!..] bvl£) '11mllJl1:!Jb1f)'IN'IN~LIi'l05uLi'J(>l1'I11J~f111ii'INf){(fl~u'VI~a 1lJ~14 €mv:.:1lJ'Il1 b1JU~EI-:I 1 , 'Vl".ll1JmJi"lJEl1 ilW us lbvll-n{W bJ El11'1E1lJn 1Jmn bwV"]'V'I£)iiv~vh 1Yi'Yl'l11J Ji Y 5 1
nslfifl 2
Stimuli Response
faaa1ulilausmsuu UDP wasans:q

server.com.domain : 43005 + (31) DF
!
client.com.25040> server.com>
client.cm
icmp : client.com udp port domain unreachable

TCP
f11'l(ii£)1JNUD..]1umrudv~~I..]nlJ
'iJ
1[91V114
TCP ~14mruYillJ:!Jf11'llJ~f11Jii'V'lil{(ilJ14
TCP 'V:.:dJur:1vi(;1D1Jni!l1Jl-JlbEl-:lWilV Reset Flag bvlDVf1b~nf1l1&iV1l1iiJ bb~aTI111J UDP f11'j'(fliJ1J
ni!l1J'V:::~lvln
lCMP Type 3 Code 3 Port unreachable
b~mtJ~V1JbViV1Jf11'l{ilil1Jn51J'i:::'VIil"]
11 : Stimulus & Response _ •

TCP Ip

Uploaded by

Copyright:

Available Formats

TCP Ip

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

TCP Ip

Uploaded by

Copyright:

Available Formats

-

.... lsao lns S08wa

• nfil1nnl'J'Vhnw'llD-J11.1'J1V1l"1flfl TCP/IP, UDP, ICMP, ARP LLfil~~'W1 • ~~€lfl'W~mmLne],1111m ,

Network & Port scan,

Fragmented Packet, DoS / DDoS, Trojan / BackOrifice, etc.

(Firewall) bbfil~ Router

iiiJ U D iJi)Iu sIn n iJa II a :5id iJi) liu

b1il\llm Project Editor lAti

1\1~'V'l1il al.JbrhJ'J~ ~\lb1il\l~(;11 , hl'ili'W .;l1r'(;1

13J':h 1'W11.l J1J 1(;11 'Wiln"nn"l:::1Ill1'1Jfl'WqJll'l biJ'W1illtJ~n'I::m15m~1liJln'Vll\11J~';'Vlbv11,x'W m

wi u1il::: 'VI:!.Jl1.J bl'l~il\l n1'J~

f\l~'V'l1il 2544, 288 'VI'lh I. .:EDb~D-.l.

b"ll:::'J:::1J1JTCP/IP.-- m\lb'VlW't 1tJ'Jli'W, 1. hh1MI'lD1il'lh1.J\ll'WI'I~l.JVllbMfl~ 004.62 ISBN: 974-7822-679

iiilUiJl'luililiJlln laUlJiJil [USlUU

D' nil' lin liiuui

u ~:':S'WbVl 1 b VlbU '111'11 VilJi'1Jr111lJ~'W BU 'W B bb[;Jn~uin:JJl,nmrn~

~h\lnl1\l'lJl1\l 1nnT'J it\l

:i1",tT\lffB-;jl'W1tUJ1nBfilJ1£Jfi\lnTl1o]ju~n1d~1\l1 Yll\ll'W'lJB\ld:':lJU nl~\ln~l

bb~:':~\li1B £J~\l1tlB nvi~:':'WVlfi\l1 'Wu-im dVlu ~'nl!llr111l-ltl~

1~1111 'Wbb~~ :;1'W,j\Jd:':UU

b UVlbifn'I!B\l~\lB\l~mbBn'1!'Wbb~:':'\-4'l.h£J\ll'Wdl'1!n1d di111.lih\lr111l-J~U ltlul\1

1'W1.l'l":':b'Vlrl1 nunn unn bnf)1~lnlJl-l1V1'llf)\l

b'W~\ll'1dllJ 1'1!bU[)1 LVl£J biJVlQlnlin1m-iil11.llb111'll-ii[)~~ c;il\1~lrJc;il\l ~~\l1

b'Wb 1'1!'I'l'llB\lc:J1UVld\l-iillJbU'Wl1b~'W ~\l1vi iu

iHh:.:uu LL~:':br1~B\l1i1 bl'1~B\l;JBiJB\ln'W~'I1'W ~aru 1:JJbL~m1j'jviHitld:,:r1Vl1.Jd:':"'ldn'W ,

bLfllLUVl b'~Hn'lIB\l Ldlvi[;JBnUS'WbVlBfb Ui'lbVlUl~:i1B:.:1 diJB\ln'Wb~U~:':

L",:nB'WnmJn11.J~\lB~lIld\l"'i11bb~mnf)fb~Ul1ifl? L~'W 1"'~B 1n~ ~lBn\iiB 1tl

Network Security ~\l1:JJ1'lib~B\l

bLc;i bum ~B\lviJif)\l bM1UlJrl1llJ'W1Bmb~:': 1lj~11lJfl'W h n'WBcil\1"V~\I~\l... b Ui'l b ifmb~:.:n1'l&mnd-iifll-l~

l1"J\lff~]'ddJ'W ril'WWL1\1b'W'1!Vl'lJB\l~T'n'Vll\lJil'W , dlWrUNvi~'W JlmL~drML"'W 1\l n1d

Ll~b 'W'lJru:.:b~U1n'W11bo]jmMl Lb~:.:mdBrhJ1U

L~U\I~ B~N~'W h"tl11.l~:.:~nBlli1'lrJM'W

hVil 'W1.ld:': 'Vlrl1'VlU'Wf)~lJrl1d L

bB\l1(ii~h u ~\l'VI1\111~ :':bU'W1.ld:': bU'litibLn

ihh::::G'lUnT'Hu1 'tJnld'V1'l\11'U'Vll\1~h'U 1flYim[fJ~eJ(;l~\llbvi 1l1bbrl~ l1U1nl'J~hJL\Ilfl1b

Ud::::b'VI1'!1'V1fJ i1Ud::::Li'Unldru1 'UnldN~runtJnl'lUn'ln'VIn'lUbb1J1Ji\l~ln 'I ., "I SJ

1'UU'l::::b 'VIfHb~::::vil\1U'l::::b 'VII'! ~ El(;lJlfJ1'U

The SANS Institute (System Administration

Network Security) (www.sans.org)

'U e n~l 'VIl\lnl'l~ln

Global Information Assurance Certification 1'U Intrusion Analyst (GCIA) .£\lbu'Un1'lftJ'lD\l

bb~::':fl'Ub\llEl{b U>'I iJ"V"VU'UU\l1"I\l n1!1 1 f1'W A rll11 'U1'1!lnl'J'VI1\l!ii1'W.o ,

an'Hw::::vf.11.1"l.1£J..:Jn -a DoS Wliln-a::::1'llJ,nnnTa-un 1'¥3J~ l'J113J~'iI£J\JnT'al'¥3J~ nT~ 1ii..:llUYl-r1llI'Jlnd'luii1aJ,'i'lV..:IlIIfl(ljfJnldlJ'rnd

2 S:UUQS)i)iiUA"SI!,n~n (Int.rusion Detection S;ysteltilJ}I •.•.••.•.• A~~~.~"'''

ff'!,!'!,!lruI'11lJ~:IJ uu.f1 i£J~"l.IOl\Jn -a1i 10S

rndl'1eJuG'lufl..:lVluViVIu 11'1 rndii~lUfldl~~"lJi'J..:Irndlbfl-al:;'I1 rnd"lh I'J IIldd'lf'ii'JlJiiflLlnj/ll1~N"lJfl..:l-:i:;lJlJiJEl-Jnuiiu ']

iiOlLSlI'il0l..:Jn'l-a1ii IDS nl-:iiSl:::d'11?1f111:IJblJu~hu1,!fll"liSl

3 Ol'u1ltJ~a~,U.n:Hln:UJTCPIIP ",'" ..' ..•~.,.,." •

u •••••• .n.,•••••~ n ; ••••.

Encapsulation Oumultiplexing Port Number Reserved Port

~tJmruvnoii1ubi1l1lb".l{n Vllilnmd'j/'j'W!il'W'1Jfl-J IP Routing

bblil:t: IEEE Encapsulation

ICMP Encapsulation ICMP Message Type

UDP Header UDP Checksum

'JJU.,~'JJ£l\'l UDP Datagram

Transmission Control Protocol .~ ,.., ~.,.,., ,•., ...•....

TCP Services TCP Header Connection Connection

...tg unn Qllllul'DyaollfPit ~etS"ffe r "lL~~~~~~"'~,,"~~"'''''"'''''''''''I!o~''I!I'''I!i~I!!'~I!I~~~''IIJ~~IIJ''''lLI!l.IIJ~IIJIIJ''~.~1IJ~1Ii"""'''lL1II ac .. ftl· ....19

£h:ifill"5:::nalJ'JJa\'laulllblllEl~ n'l'fri'l\'l'lu'JJa\'laillllblllEl~ n'l.l.Ja\'lm..!n'l"5~n1iln'ol'lu'JJai!,!1iI n'l"51<il'1l"5:::1vtlu·r,nnaillllblllEl.'j

• nfil1nnl'J'Vhnw'llD-J11.1'J1V1l"1flfl TCP/IP, UDP, ICMP, ARP LLfil'W1 • €lfl'W~mmLne],1111m ,

...tg unn Qllllul'DyaollfPit ~etS"ffe r "lL~~~~~~"'~,,"~~"'''''"'''''''''''I!o~''I!I'''I!i~I!!'~I!I~''IIJIIJ''''lLI!l.IIJ~IIJIIJ''~.~1IJ~1Ii"""'''lL1II ac .. ftl· ....19

nl'uEh'ln'Ul!ilfilnl.n'l:::<J1U'lJEhl1i1) n1.u1)-:lnU!ild~nl'jL'lJ1Tyl~'lJ1)~~ nl,UEl-:lnu l(;ll'Jnl'L<1il.'I1~l