The History Of The Routing Information Protocol

Published Date: 02 Nov 2017

This report is a detailed analysis of the network pictured below incorporating the chain of events initiated when the laptop browser is aimed at an address corresponding to a page on the web server. In splitting up the diagram into manageable links the group were able to explore the various protocols used between each connection and identify the different layers of the Open Systems Interconnect model which were affected by the transmission sequence. Pinpointing the security mechanisms in place throughout the system was also a priority,

Link 1 analysis

Wireless access provides a number of advantages when used in a network. The main advantage being mobility, Mobility is an advantage because it allows users to access data that is stored centrally, therefore increasing productivity within the workplace because the user is mobile. Another advantage of using wireless access within a network is the flexibility on offer. Flexibility for wireless systems means having no cables and no re-cabling. Wireless systems allow for small grouped networks in order to move between offices and meetings easily, Flexibility is also created due to the fact that expanding your network can be easy because the medium is already everywhere in the place of work therefore reducing time and expenses wiring cables. Throughout the first section of this report we will examine the fundamentals of wireless system and the process of creating a wireless signal between a laptop and a wireless access point. The following section will also examine the use of Wi-Fi Protected Access version 2 security protocol in a wireless system.

Firstly we will assess the hardware needed for connecting a laptop to a wireless access point. The first piece of equipment needed is a laptop computer. A laptop computer is simply a computer which is small and light enough to be mobile. This computer will often have a built in wireless network interface card, this has the ability to connect to a network wirelessly. The second piece of hardware we will use is a wireless access point. Wireless access points provide the means for a wireless system to connect to a wired network, they act as bridges between wireless and wired networks. Wireless access points therefore need to have two network interfaces, one which understands the 802.11 standard and another to connect to a wired network.

Secondly we explain the architecture of 802.11 and describe the process of implementing the wireless access point. IEEE 802.11 is focused on the two lowest layers of the OSI model because they feature both physical and data link elements. The data-link component is a set of rules to determine how to access the medium and send data, but the details of transmission and reception are left to the Physical layer. The table below shows where the 802.11 function operates in relation to the OSI model.

Data link layer

802.11 standard

MAC

Physical layer

Physical layer convergence procedure

Physical medium dependant.

All components of the 802.11 architecture are either the media access control layer (sublayer of the data-link layer) or the physical layer.

The MAC is a set of rules in order to send data and access the medium. The MAC frame comes in the format shown in the following table.

MAC Header

2

2

6

6

6

6

2

0-2312

Frame control

Duration/ID

Address1

Address2

Address3

Sequence control

Address4

Frame body

The numbers in the table represent the number of bits for each field. The frame control field contains the control information in order for the other fields to process the MAC frame. The duration field shows the time remaining that is needed to receive the next MAC frame. The address fields will depend on the type of MAC frame as to what address they will hold. Destination Address (DA).  Source Address (SA). Receiver Address (RA). And the Transmitter Address (TA).  The sequence control field has to components one that deals with the sequence number and the other for fragment number. The frame body field contains the data sent. The frame check sequence field verifies whether or not any errors occurred during transmission.

802.11 splits the elements of the physical layer into two parts, the first being physical layer convergence procedure and physical medium dependant. Matthew Gast in his book 802.11 wireless networks defines the physical layer convergence procedure as "the glue between the frames of the MAC and the radio transmissions in the air."

The physical layer convergence procedure is the method of preparing the MAC frame to be sent across a wireless connection. The header for the PLCP includes the signal, service length and CRC fields. There are two different forms of PLCP frames, these being short and long frames. The following image found on page 195 in the book 802.11 wireless networks by Matthew Gast shows the format of both the short and long frames for PLCP. PLCP is used for both frequency hopping protocols and direct sequence modulation. The PLCP for the DS PHY adds a six field header to frames it receives. For FH PHY the PLCP adds a five frame header to the frame is receives from the MAC.

The physical medium dependant is responsible for sending RF signals to other wireless stations. PMD also has a frequency hopping physical medium dependant. For 2mbps speed PMD the PLCP is added and transmitted at 1mbps, in the PLCP header the PSF field dictates the speed the signal has to be transmitted. Requirements restrict all PMDs to a signal rate of 1 MHz Two bits per signal creates a signal rate of 2.0 mbps at 1 million symbols per second. How if the data rate is poor then firmware that supports PMD will fall back to 1.0mbps. Like PLCP, PMD also works with DS PHY. Once again the PLCP preamble and header are sent at 1.0mbps using DBPSK, this means it is more tolerable to sound and multipath interference. After the PLCP header is finished PMD switches to DQPSK to provide 2.0 mbps service. Most implementations can also fall back to 1.0mbps if the data is poor.

Before having access to information and resources we have to tell windows exactly where to find this data.

The following are steps involved to connect to a wireless access point.

1. Attach the two antennae to the back of the machine.

2. Attach the power supply to the back and plug in the power supply to a wall socket.

3. Attach a Category 5 Ethernet cable with RJ45 connectors to the back of the device.

4. Attach the other end of the Ethernet cable to your laptop’s Ethernet card.

5. Verify the connection is working by viewing the port lights on the front of the access point.

Configuring Windows XP Professional clients.

Windows XP is designed to work with wireless networking. We will need to establish a connection with that access point. The following steps are the process to connect to a wireless network:

1. First step is to right click the network connection in the system tray in order to view available wireless networks.

2. From the Wireless Network Connection dialog box, select the connection which is the network you want to connect to.

3. Right click the connection and enter properties.

4. We are using WPAv2, therefore in the association tab we choose WPA2 for the network authentication which will only be present if we have a network adapter and driver to support WPA2. 5. Enter your security key.

6. Click on connect to enter network.

Security using WPAv2

My connection between laptop and access point will be authenticated using WPAv2. WPA2 is available to all Microsoft operating systems more recent than windows XP service pack 3, however, in windows XP service pack 2 in order to make sure your machine is compatible with WPA2 you should install the windows update "KB893357" available from the Microsoft website. Wi-Fi protected access version 2 formally replaces wired equivalent privacy and is a more secure authentication protocol than the first version of Wi-Fi protected access. There are three features of wpa2, the first being WPA2 authentication. WPA2 authentication happens in two phases, both defined as Microsoft TechNet as "the first is an open system authentication and the second uses 802.1X and an Extensible Authentication Protocol (EAP) authentication method." With the use of remote authentication dial-in user service or radius then WPA2 uses a preshared key. The second feature is the WPA2 key management; this means WPA2 requires the assurance of a mutual pairwaise master key based on the EAP or PSK authentication processes and the calculation of these pairwise keys through a four way handshake. The third feature of WPA2 is the advanced encryption standard, WPA2 supports the advanced encryption standard. This is done by using the advanced encryption standard counter mode; this is a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key. The following diagram shows the process involved in the 4-way handshake.

This image shows the process of the four-way handshake. This shows the authentication process between a laptop and the wireless access point.

phase1: The wireless access point sends the laptop or station (STA) a nonce value in order to be able to create the PTK

phase2: The laptop or STA sends its on nonce value called snonce in order for the wireless access point to create the PTK as well as its message integrity code.

phase3: the wireless access point sends the group temporal key or the GTK as well as its own message integrity code.

Phase4: The laptop sends confirmation to the access point.

Link 2 Analysis

Routing Information Protocol

Detailed in June 1988 by the Internet Engineering Task Force (IETF) Request For Comments (RFC) document numbered 1058, the Routing Information Protocol (RIP) is based upon the Bellman-Ford algorithm which is classed as a distance vector algorithm. It was designed for use as an Internal Gateway Protocol (IGP) within an autonomous system. Each network contained within the system has a designated gateway appropriately numbered utilizing Internet Protocol (IP) addressing. Any IP datagram received by the gateway addressed for a host upon its own network is routed straight to the intended destination. Similarly if the datagram is destined for an IP address on a neighboring network directly connected to the gateway it is forwarded to the relevant location. However, should the IP be out with the reach of the gateway, it is the datagram is passed to a gateway nearer the desired location. The jump from one gateway to another is regarded as a metric and RIP restricts the total number possible within a single autonomous to fifteen. In order to establish and retain the path to a specific network, each gateway or router advertises all directly connected to its interfaces. These advertisements are distributed at timed intervals approximately 30 seconds apart to all neighboring routers. This information is retained in a routing table in each router, so that an IP request can be checked for validity. This version of RIP was also limited to certain classes of IP address within a system as every network had to employ the same structure in order for the protocol to succeed.

RIP version 2 launched in 1993 and featured the ability to include a subnet mask in each routing update, this permitted the use of variable length subnet masks thus the address blocks used in the IP addressing scheme could be of any length. This enabled networks using different classes of IP address to communicate in a method known as Classless Inter Domain Routing (CIDR). Another significant change to this version was the delivery system of a routing update. The broadcast operation previously applied would send a copy to every connected device regardless of requirement. A multicast option now offered the capacity to forward an update to specified routers throughout the system, therefore reducing system traffic.

PPP ENCAPSULATION

Point to Point Protocol (PPP) enables datagrams of multiple protocols are correctly transported from one network i-node directly to another. The protocol contains three major elements, an encapsulation mechanism in which to carry the data, a Link Configuration Protocol (LCP) responsible for the creation of a connection between the two points, and a number of Network Control Protocols (NCP) designed to integrate various network layer protocols.

The encapsulation procedure requires the use of frames which are split into three different compartments. The initial segment usually one or two octets long indicates which type of protocol is held within the adjacent information field. This information section holds the datagram that is being transmitted. An additional fragment is inserted for padding in order to facilitate transmission.

The establishment of a link between the two points requires both parties to exchange LCP packets in order to build and examine the relationship that has been created. A number of states are involved in this process, an initial Dead stage indicates that the physical connection is not yet ready for service, when this has been confirmed an Establish phase is initiated which instigates the trade of configuration packets between the points. Approval of this transaction leads to an Open state allowing the Authentication procedure to commence. Verification methods such as Password Authentication Protocol (PAP) or Challenge Handshake Authentication Protocol (CHAP) are required to be implemented before any data is passed along the connection.

Upon climax of the Link configuration the formation of the Network Protocols can be activated. During this period the status of the link can be either opened or closed, but only at an open state will data be transferred on the link.

+------+ +-----------+ +--------------+

| | UP | | OPENED | | SUCCESS/NONE

| Dead |------->| Establish |---------->| Authenticate |--+

| | | | | | |

+------+ +-----------+ +--------------+ |

^ | | |

| FAIL | FAIL | |

+<--------------+ +----------+ |

| | |

| +-----------+ | +---------+ |

| DOWN | | | CLOSING | | |

+------------| Terminate |<---+<----------| Network |<-+

| | | |

+-----------+ +---------+

W.SIMPSON, REQUEST FOR COMMENTS NO. 1661, JULY 1994

CHAP

Challenge Handshake Authentication Protocol (CHAP) is integrated into the Point to Point Protocol (PPP) authentication process. Once a link has been confirmed between two points a challenge message is passed from one host to the other. A response is issued including a number which has been determined using a one way hash function. Should the value correspond to a similar calculation at the initiation point then the host is verified and communication can begin, however the absence of this value would cause the link to be terminated. This process is repeated after random periods of time to ensure continual authentication.

References