💾 Archived View for spam.works › mirrors › textfiles › hacking › tcsb.05 captured on 2023-11-14 at 09:58:42.
⬅️ Previous capture (2023-06-14)
-=-=-=-=-=-=-
_______________________________________________________________________________ An Introduction to Packet Switched Networks Part I Written by Blade Runner on 08/20/88 A Telecom Computer Security Bulletin File _______________________________________________________________________________ 1. GENERALITIES The growth of data transmission services present more problems due to several types of protocols, either in asyncronous or syncronous ways, and it needs higher speeds that can allow a faster service. To guarantee a service with these characteristics it is helpful to work on lines, making them less afflicted from line noise, and on data, with the adding of redundancy codes for data correction procedures; we also have to find a solution that can allow the use of all protocols, either asyncronous or syncronous, on the same physical media in order to use the same line for both means. At that, we must allow the capability to optimize data transmission systems, by arise the connections wires between two points, so the safety of the system, in it's globality from computer to terminals, will be augmented and made as best is possible. The International Standard Organization (ISO) has studied a way that works with all connection needs between computers and terminals, building a model to refer that can be used as common mind to develop branch reagles. The ISO's model is OSI Architecture (Open System Interconnection), where "Open" means that system is open to other systems that have well fixed standards. In that architecture a data transmission system, meant as globality from computer to transmission line, is sub-divided into seven levels, each one is doing a colloquial protocol with an analogous level that look for interconnection between the two, following a logical wire equal to this which is shown in the following scheme: A B +----------+ +----------+ | 7 |< ---------------------- >| 7 | |----------| |----------| | 6 |< ---------------------- >| 6 | |----------| |----------| | 5 |< ---------------------- >| 5 | |----------| |----------| | 4 |< ----------------------->| 4 | |----------| +----------+ |----------| | 3 |< --- >| |< --- >| 3 | |----------| |----------| |----------| | 2 |< --- >| |< --- >| 2 | |----------| |----------| |----------| | 1 |< --- >| |< --- >| 1 | +----------+ +----------+ +----------+ | V Physical device of interconnection The seven levels are called: Application Level - 7 Greeting Level - 6 Session Level - 5 Carrying Level - 4 Network Level - 3 Line Level - 2 Physical Level - 1 The higher levels are strictly wired to the computer world and intellig- ent terminals (levels 5,6 and 7) while lower levels are wired to network interconnection problems, about transmitting devices and error correction. The physical device of interconnection between two OSI systems will provide a three-level structure, making able the structurization of a net, e.g., that of following figure: users users +-----+ | | | | | | | OP1 | | | | | | | +-----+ +------+ +------+ |____| city |<----------------------->| city | ____| A | | B |____ / +------+ +------+ \ | | \ / | | | | \ / | | | | \ / | | | | \ / | | | | \ / | | | | \ / | | | | X | | | | / \ | | | | / \ | | | | / \ | | | | / \ | | | | / \ | | | | / \ | | | +------+ +------+ | | | city |<----------------------->| city | | | | C | | D | | | +------+ +------+ | | \ / | | \ / | | \ / | | +------+ | \--------------------->| city |<-----------------/ | E |----\ +------+ +------+ | | | | OP2 | | | | +------+ users We can make the following assumptions about the above structure: a) The net is composed by a certain number of devices (in table: A, B, C, D, E), called nodes, connected between themselves at high speed so that operator "1" can connect to operator "2" by several ways, following more than 1 directive (e.g. "A, C, E" or "A, C, D, E" or "A, B, D, E") and following traditional system he can use only one way, the "A,E" connection; b) The user doesn't need more than one physical line in his "possession" when connecting (e.g. OP1 with OP2), but only of links to network (in table 1 links to the "A and E" nodes) with short wiring, that are possible with a modem at base band then at low prices. The structure that is nearest to the OSI model is called "PSS" (Packet Switching Network) and was analyzed from CCITT (International Consultative Commitee for Telephonist and Telegraphy) with the X25 recommendation. This recommendation defines the interface between DTE (Data Terminal Equipment) and DCE (Data Circuit Terminating Equipment) for terminals that work with the PSS net. The DTE is strictly known as the source (or the receiver) of data pack- ets to (or from) the network and physically can be a Host computer, a Front End Processor or an Intelligent terminal. The DCE, strictly talking, as common consent, is the device that maybe converts these packet-signals received from DTE in a way that might be transmitted on lines (e.g. the modem, the TDM, the line couplers), but in the sense used by X25, it can be assumed the means of node access or swit- ching node to which DTE is connected. The X25 recomendation is therefore the local interface between a DTE and a DCE (see next table). +----------------+ +------------------+ +-----------------+ | Computer |<-->| network |<-->| Intelligent | | | | | | terminal | | | | | | | | | | | | | | X.25 | X.75 | X.25 | The above table is composed by several blocks, which we can observe as: | Host | FEP | |<----------->|<---------->| . | | | . +-------------+------------+ . +---------------------------------+ | | | . | modem --------| | characters | X.25 |====.======|----> -----z----<---| | | generator | generator | . | | node | | | | . | |_______| |-------------+------------+ . +---------------------------------| | . | | DTE . | |<--------------->.<--------------------------------->| | | |<--------------------------------------------------->| | | We can see in "table 2" wires in the network domain are marked as X.75. The CCITT has issued this X.75 recomendation (control procedures for transit calls or terminals and data transfer systems on international calls between PSS networks) that usually is used only for international calls but can be used in country calls for interconnection between nodes. The X.25 recomendation is not valid to simple terminals (start-stop) and ACPs (Packet Adapter-Concentrator or PAD) that can be connected to public data networks. Standards for these devices are regulated by X.3 recommendation (Protocol converters/adapters), X.28 (DTE/DCE Interface for start-stop terminals who logon to ACP on a structured network in national places) and X.29 (exchange procedure for information control and data between ACP and X.25 terminal or other ACP). 2. X.25 STRUCTURE In the "X.25 Interface", three levels are defined. Each level procedure uses functions offered by the other level as soon under, but they dont care how the lowest level is to be implemented. This is so that a particular can be implemented in any of several levels, so long as it will obtain the final results. In addition, the X.25 recommendation will specify protocols and rules that will decide the information exchange between simiar levels in DTE and DCE, which can be understood from the next table: | DTE | |<------------------------>| | | --------+-------+-------+-------+ | +-------+-------+-------+ . | level | level | level | | | level | level | level | . | 3 | 2 | 1 |--|->==<---| 1 | 2 | 3 | --------+-------+-------+-------+ | +-------+-------+-------+ | | | | X.21 | | | | | | | bis | | | | | | |<---->| | | | | |<--------------------------------->| | | | HLDC Connection | | |<------------------------------------------------->| | Packet level X.25 |<------------------------------------------------------------... Talking protocol Every level will accumulate information from the lower level and it will add a header with eventual redundancy codes before to make the information transmitted through present the interface from the lowest level using a step by step structure as shown in the next table (block 1 is inserted into block 1 and so on). LEVEL 1 Physical Interface: this defines the electric and physical characteristics of the interface going on the used line or switched line into network. Voltage tensions, connectors used, and transmission methods are defined in level 1. The most important characteristic of this level is that it supplies a point-to-point transmission, full-duplex, for digital transmission. LEVEL 2 Access to connection procedure: (LAP = Link Access Procedure or LAPB = Line Access Procedure Balanced). This level will specify a control procedure on data to correct mistakes due to physical level. It includes control methods of Network Congestions during the DTE and DCE exchange. This uses the media known as HDLC protocol (High Level Data Link Control defined from ISO as the header building as an activation procedure of the connection. +---------------+ | message with | | destination | +---------------+ | | packet level | V +-------+----------------+ | packet| | | header| | | start | | +-------+----------------+ | | connection level | V +--------+------------------------+---------+ | HLDC | . CRC | | header | information . | | start | . | +--------+------------------------+---------+ | | | V +--------+-------------------------------------------+------+........ | | | | next | flag | | flag | header | | | | +--------+-------------------------------------------+------+........ | | | V +-------------------------------------------------------------------+ | | | bit string | | | +-------------------------------------------------------------------+ LEVEL 3 Packet Level: this level is the higest and specifies the way that information are packet structured and the procedure in which to proceed with connections. It has the function to Concentrator because it can mult- iplex a number of logical channels into a unique physical channel, mixing packets coming from differents channels. Each logical channel has an independent control regarding packets and has a CRC for each channel. Virtual circuits The Third level has virtual channels, that are bi-directional associat- ions between two DTE; via these associations packets are exchanged. It is like, via the several nodes in the network, a dedicated link betw- ween the two DTE. These virtual circuits maybe temporary, and in this case they are called "switched Virtual Circuits" (SVC) or fixed, called "Permanent Switched Circuits" (PVC). 3. LEVEL 1 - Physical interfacing This level is specified from physical characteristics of CCITT X.21 recommendation (physical interface between DTE and DCE; for asychronous operations on data) and X.21bis (data network usage for designed terminals to interface with syncronous modems of series V) used in a provisory way to afford to use modems actually on market. Upon mentioned recomandations are not depending on the transmission device as they provide that DCE (modem or line coupler) will be the part that takes care of the line technology. The X.21 CCITT recomandation declares: - Physical characteristics about the interface, the type of connectors and the wire assignment (X.24, 8 ways, 15 pin); - electrical characteristics of signals (X.26 and X.27 CCITT characteristics as EIA RS 423 and RS 422 respectively); - the serial asyncronous transmission; - wires that must be point-to-point, working in full-duplex (from that we can understand we cannot work in a multi-point structure); - the necessary procedures to afford a switched connection; - the necessary procedures to afford a dedicated connection. The level 1 will consider only first 4 points suggested from X.21, all others are of level 3. Table 6 shows the circuitry, for functions exchange, provided from the X.24 recommendation of CCITT. This interface is absolutely transparent to data transfers thanks to special C and I lines that are used to determine if the data on T and R lines are controls signals or data signals. The X.21 recommendation is supplied for interfacing devices at digital level, so it is difficult to use for moment, the temporarly is used the X.21bis recommendation that is compatible with actual series V modems. Electrical characteristics about iterfacing circuitery for speeds less than 20 kbit/s are conform to V.28 recomandation of CCITT that use a 25 pins connector with pins as standard from ISO with scheme # 2110 or with X.26 recomandation that provide a 37 pins connector with ISO standard scheme at # 4902. It is up to the local administrators to choose the con- nector types and the interfacing type to offer as part of their service. user Network |<--------------------------------------->|<---------------> +-------------+ +--------------+ | +---------------+ | |<-(T) xmit data->| | | | | | |<-(C) control--->| |-|->| | | DTE |<-(R) rec'd data>| DCE | | | node | | |<-(I) info------>| | | | | | |<-(S) time base->| |<|--| | | | | | | | | +-------------+ | +--------------+ | +---------------+ | --------------------- Interfacing point To obtain speeds in exceess of 20 kbit/s the electrical characteristics are following what is provided by the V.35 recommendation that uses 34 pin connectors as ISO standard draw #2593. The table's indicating interfacing circuits considered by X.21bis recommendation. Interface Circuit Description 102 Signal ground 103 Send data 104 Received data 105 Transmission request 106 Ready to transmit 107 DCE Ready 108/2 DTE Ready 109 Carrier detector 114 Time base for transmission 115 Time base for receiving 140 Loop remote probe 141 Local loop probe 142 Running test 4. LEVEL 2 - Link procedures This level is a "point-to-point" link, and is normally known as the "frame level" or "header level". It follows terminologies and is under options specified from ISO HLDC protocol. 4.1 Level 2 functions Level 2 transforms to a physical circuit than can be affected by errors in a logical connection between DTE and the network, a link that can be understood as released from an error happening: this defines a correction level based on automatic request about echoing as data is not considered as transmitted since an error is received or a receive confirm has been received. Only fully completed data are accepted from receiver. In addition, this level will provide the ways for the recognizing of a start and end header, the error recognizes about a bit (via a CRC computation) and the loss of header (by count headers). Basic directives of the system will provide: - the "bit oriented" and no "char oriented" structure: this means that information may be contained also in only one bit, and we are released from a certain bit multiple as in the "character oriented way" in which the information (character is linked to a table (e.g. ASCII 7 bit). - the existence of CRC ad each end of header and sequential numbering of headers. - the correction of error by the re-transmition of data. - the primary and secondary station definition without any particular priority of the start of transmission. - complete full duplex. The wire specific at level 2 are the point-longs : 1) the structure of header: meant as format of header, then as length, as CRC computation point, as sincronicity character; 2) procedure elements: allowed commands, answers and actions that must be taken following the cases: these operations follow the HDLC; 3) class of long procedure: the HDLC will provide a certain number of cases about the classes and procedures of link following the configuration type and operating way; the X.25 recomandation uses two classes of link procedures (see table 7): - simmetric, usually called LAP (link access procedure), - balanced, usually called LAPB (link access procedure balanced). +----------------+ +-------------------+ | primary source | | receiver | | A |-->OO OO-->| A | +----------------+< >OO----------------OO +-------------------+ X \ / / \ X +----------------+ OO----------------OO< >+-------------------+ | receiver | OO OO<_ | primary source | | B |<_/ \| B | +----------------+ +-------------------+ Simmetric LAP configuration DTE DCE +----------------------------+ +-----------------------------+ | source | | | | receiver | | | primary or | | primary or | | | | secondary |====>| secondary | | |-------------| combinator | | combinator|---------------| | receiver | | | | source | | | |<====| | | +----------------------------+ +-----------------------------+ Balanced LAPB configuration In the first case the running can be compared with half-duplex running, in the mean that initialization is done before in a way and then in the other, before an error the channel can be re-initialized without other aid. This can cause, in some operating conditions, malfunctioning phenomena (see table 8). The LAPB procedure will have none of these malfunctions because only with a command will these do the re-initialization to both sides. The B station will re-initialize, but primary station A can not perceive therefore it has not requested no one correct recognizing of secondary station. In this way we obtain a reset of counters only in one way. Instant 1,2 Normal Running /---------- ---------------\ | | | +-----------+ Information +------------+ | | | Primary A |---------------------------------->| Secondary | | |--| |<----------------------------------| A |--| | +-----------+ Correct receiving +------------+ | | | | | | | | | | +-----------+ Information +------------+ | | | Secondary |---------------------------------->| Primary B | | \--| B |<----------------------------------| |--/ +-----------+ Correct receiving +------------+ Instant 3,4 Abnormal Running /---------- -----------------\ | | | +-----------+ Don't transmit +------------+ | | | Primary A |---------------------------------->| Secondary | | |--| |<----------------------------------| A |--| | +-----------+ +------------+ | | | | | | | | | | +-----------+ Reset (due to line error) +------------+ | | | Secondary |---------------------------------->| Primary B | | \--| B |<----------------------------------| |--/ +-----------+ Confirm +------------+ 4.2 Header Structure In the next table his supplies the Header structure. 8 bit 8 bit 8 bit variable => 0 16 bit 8 bit +----------+----------+----------+-------......---+-----------+----------+ | Flag | Address | Control | Information | CRC Code | Flag | | 01111110 | | | (data or ctrl) | | 01111110 | +----------+----------+----------+-------......---+-----------+----------+ | Header start | | |<------------------->| | | | | Stored bits | |<------------------------------------------------>| | | The above table shows that the information field provides a variable length but that length can't be a 8 multiple. The Flag sequence (01111110) defines header boundaries and it can be used to close a header and open another. The same is also used as a syncro character and can be put a on line when no one information header is yet present. A header is not recognized it it does not have at its start and at its end flag sequence, and if within there are not at least 32 bits present (8 for address, 8 for control and 16 as CRC). The address was originally used from HLDC as an addressing function in case of "multiple-point" wiring. The X.25 recomandation will provide that the address function is used only to be able to distinguish commands and replies in both ways. Its function is rendondancy, because there exists some control bits to that specific function, but it can be used for addit- ional researching of errors. Therefore it can distinguish data flow in both ways and it can then recognize immediately some line loops. Two are recognized addresses A = 00000011 will determine commands header from DCE to DTE and answer headers from DTE to DCE. B = 00000001 will determine commands header from DTE to DCE and answer headers from DCE to DTE. The CONTROL field will identify headers and contain the count of them. Three header types can be sended in line: 1) Information headers (I): are there who contains usefull data; 2) Supervision headers (S): are there only for control, used e.g. to confirm a right receive, or for temporary hold of transmission; 3) Numbered headers (N): used e.g. as initialization of connection or as closer ot connection: they have not CRC sequences, because they transfer a know information, and did not provide neither an header count. The format about control field will identify these three headers as shown in next table: Thus concludes the Part 1 of the TCSB Introduction to Packet Switched Networks. Now go grab a hold of Part 2 and learn something. _______________________________________________________________________________ $